Updated: 21 hours ago
Written by Cyber Pop-up on behalf of Veriato
The “Dark Web” is often portrayed as a gloomy realm of internet land where you can find criminals and offenders lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Furthermore, the continuous embracement of remote work has led to an unexpected shift in the way the dark web is being used today. Without awareness and understanding of these concepts, it’s impossible to prepare for the looming threats that this obscure area of the net introduces to enterprises.
Level setting on the current remote work landscape
The global pandemic has changed the way organizations and businesses once operated. The rapid shift to remote work brought on tons of security challenges for all types of businesses. Due to the overwhelming increase in remote work, many organizations were not equipped with the right tools and security measures leaving them entirely helpless and at the mercy of the threat actors.
According to a survey conducted by Owl Labs, when the Covid-19 pandemic was at its peak, more than 70% of employees were working from home. Another survey by OpenVPN found that 90% of remote workers were not secure. As per keeper.io “Cybersecurity in the Remote Work era Global risk report”, organizational security postures saw a drastic decline during the pandemic due to remote work.
The most common cybersecurity risks associated with remote work environments include but are not limited to malware & phishing attacks, Virtual Private Networks (VPN) attacks, Insider Threats, shadow IT device threats, home Wi-Fi security, lack of visibility, accidental data exposure, and more.
The sudden rise in remote work since 2020 has overwhelmed the IT teams responsible for cybersecurity. Now, in addition to regular technical infrastructure support for the organization, they also need to support remote work-related issues. The rise of remote work coupled with overwhelmed IT teams increases the human error factor. Adversaries leverage such situations to exploit vulnerabilities at large.
Scott Ikeda quotes in the CPO Magazine, “71% of organizations are very concerned about remote workers being the cause of a data breach, and unsurprisingly the biggest concerns are the state of their personal devices and their physical security practices. A whopping 42% of organizations are reporting that they simply do not know how to defend against cyber-attacks that are aimed at remote workers. 31% say they are not requiring remote workers to use authentication methods, and only 35% require multi-factor authentication.”
Level setting on the current Insider Threat landscape
An Insider Threat is a security risk that originates from within the organization. It includes employees, third-party contractors, former employees, and consultants who have access to the company’s resources, network infrastructure, and IT practices. An insider threat is capable of compromising an organization’s confidential data, information systems, networks, critical assets by using different attack vectors.
The intent of an insider threat is not always malicious. In fact, insider threat incidents are more likely to happen due to the carelessness of employees. According to a Forrester research report, in 2021, 33% of cybersecurity incidents will happen due to insider threats. In addition, according to the 2020 Cost of Insider Threat report by the Ponemon Institute, 62% of the incidents are due to negligent insiders, 23% due to criminal insiders, and 14% due to credential insiders. Similarly, the cost incurred by an organization due to a negligent insider is 4.58 million, more than other insiders on the category list. The world has seen a 47% increase in cybersecurity incidents caused by the insider threat.
Example insider cybersecurity incidents
Some notable cybersecurity incidents which were caused due to insider threats:
Gregory Chung, a former Chinese-born engineer at Boeing was charged with economic espionage. He used his security clearance to smuggle Boeing trade secrets to China. He was sentenced to 15 years of imprisonment.
Twitter faced an insider attack in 2020, where attackers used social engineering and spear-phishing attacks to compromise high-profile Twitter accounts. Scammers used their profile to promote bitcoin scams. Twitter’s forensic investigations revealed one of their admin team member accounts was compromised exposing access to admin account tools. The adversaries were able to use spear-phishing techniques to get hold of the account, which later used tactics that enabled them to take over high profile users’ accounts such as those of Bill Gates, Barack Obama, etc. and run the bitcoin scam.
Level setting on the current state of the dark web
In simple terms, the dark web is a part of the internet that is not indexed by search engines. The dark web also cannot be accessed by a normal browser. It requires the use of a special browser, for example, the Tor browser (The Onion Router).
Using the dark web, users can get access to information that is not publicly available on the surface web - the part of the internet that is used by people daily. This provides users with anonymity and privacy as it’s difficult to trace someone’s digital footprint once they are on the dark web.
Though the Dark Web provides extreme privacy and protection against surveillance from various governments, it is also known as the cyber “black market”. Sophisticated criminals and malicious threat actors use this marketplace to traffic illicit drugs, child pornography, counterfeit bills, stolen credit card numbers, weapons, stolen Netflix subscriptions, and even an organization’s sensitive/critical data. People can also hire a hitman for assassination or recruit skilled hackers to hack systems or networks. The bottom line is that it can get pretty dark in there, hence the name.
According to a survey conducted by Precise Security, in 2019, more than 30% of North Americans used the dark web regularly.
Where remote workers exist, insider threats and the dark web intersect
Growing insider threat trends in the remote era reveal the high-risk organizations now face. The dark web has played a crucial part in this evolution both in providing attackers with access to recruit insiders, as well as, empowering them to run lucrative garage sales with stolen data.
External attackers breach companies and sell data on the dark web, commit fraud, and more
It’s not uncommon to learn of an organization’s critical data which includes confidential data, financial data, and trade secrets being sold on the dark web marketplace. During the global pandemic, adversaries have exploited vulnerabilities in remote working environments by using techniques such as phishing, clickjacking, ransomware attacks, malware/virus injections, social engineering attacks, and more to gain access to this data for sale. They also use this data for organizational identify theft and fraud.
Malicious insiders auction off data on the dark web
Poor working culture and employee morale in organizations may lead a disgruntled employee to sell company data or even hire a skilled hacker to break into the company’s private network and cause severe disruptions.
Malicious actors are hiring your employees through the dark web
Attackers need a way into your organization. What better way to do that than to make a friend on the inside? Cybercriminals have turned to the dark web to recruit employees within organizations they are targeting. Conversely, malicious employees are offering to sell out their employers to attackers on the dark web as well.
Curious, non-malicious insiders expose organizations to dark web vulnerabilities
Many people also use the dark web for anonymity and privacy and do not know the potential negative implications of doing so carelessly. While connected to the enterprise network remotely they might access the dark web and unwillingly expose the organization’s sensitive data.
Remote workers may use their home network Wi-Fi to connect the comp