Utilising the deep and dark web for effective cybersecurity

Cyber threat actors have recently executed a few well-publicised attacks on financial organisations, one example of this being the ‘WannaCry’ ransomware attack. These attacks clearly pose a significant corporate risk, especially at a time now when regulators are stepping up and imposing harsher penalties on banks that suffer breaches. Following these recent attacks and harsher regulatory penalties, the issue of cybersecurity is gaining a greater presence both in the boardroom and in the minds of C-Suite executives.

That’s good news. Yet prioritisation is only part of the story. Understanding is also important; heeding the right advice and implementing the right defence will be crucial to helping financial organisations combat the threats they face in a cyber world. Part of this involves understanding the deep and dark web.

What is the deep and dark web?

The dark web refers specifically to a collection of websites that exist on an encrypted network; they cannot be found via traditional search engines or visited using traditional browsers. The deep web meanwhile refers to all web pages that search engines cannot find.

The role of the deep and dark web in threats targeting financial organisations

The main threats posed by the deep and dark web can be broken down into three primary concerns:

  1. It allows the sharing of best practices

Wherever people congregate, they talk. Although cyber-criminals like to compete, they also often share best practices. This information-sharing is why the deep and dark web facilitates so many of the dangerous threats targeting businesses. There is an interconnected, agile nature to the cyber-criminal ecosystem, and regardless of their language, skills, location or affiliation, cyber-criminal groups tend to share a strong desire to reap the benefits of cross-community collaboration, information sharing, and even mentorship.

  1. It provides a way to sell and monetise criminal gains

The deep and dark web is home to many illicit marketplaces that enable cyber-criminals to monetise the crimes they commit. Often the exchange is data for financial remuneration like Bitcoin but it can take on a wide variety of forms. At its simplest, however, the deep and dark web facilitates an underground economy for cyber-criminals.

  1. It acts as a network and communications portal

The deep and dark web is ripe with illicit marketplaces and forums that serve as anonymous places in which cyber-criminals, terrorists, and other malicious actors often communicate and collaborate. As new forums and marketplaces emerge, some may decline whereas others continue to attract new members.

What are the threats financial organisations face?

Financial organisations face a myriad of threats, some of which include: corporate data theft, credit card fraud, corporate insider threat, emerging malware and emerging fraud techniques.

Emerging malware, like all of these types of threats, is prevalent on the dark and deep web. Malware is malicious software specifically designed to disrupt, damage, or gain unauthorised access to a computer system. As cyber attackers of all forms seek to stay ahead of security measures aimed to defend financial institutions, the malware they deploy continues to evolve. There is a constant cat and mouse game as cyber attackers’ innovation tests organisations’ defines. Analysing the deep and dark web enables those tasked with defending networks and data to gain an advantage by helping them to mitigate emerging malware and other evolving threats.

Threats can also be internal. How does a financial organisation stop an employee from selling confidential, highly valuable data? Unfortunately, some employees are willing to do this for a variety of reasons. It has happened in the past, and there is no shortage of buyers for this information on the deep and dark web. As this insider threat activity is illegal and poses substantial risks to organisation’s and their stakeholders, having visibility into the areas from which many of these threats emerge – the deep and dark web – is crucial.

How can these threats be countered?

The number one way to mitigate the risk emanating from adversaries who are utilising the deep and dark web is to understand and effectively monitor their activity in that space. If you know what your adversary will do before he or she does, then you can act to mitigate the threat and implement the defences needed to guard against an attack.

Linguistic and cultural expertise is also vital to using the deep and dark web for defensive purposes. Understanding how criminals speak and the true meaning behind their interactions is crucial; the most successful analysts have spent years immersed in the deep and dark web working to acquire and hone their skills.

Outside of the deep and dark web, there are a number of actions financial organisations can take to address threats proactively and bolster their security. I would advise strongly that CISO and CIOs implement robust systems to ensure that people, processes and technology all are up-to-date and aligned. Defence requires constant vigilance and agility.

Practically speaking, using two-factor authentication, patching and updating software regularly, maintaining firewalls, changing default passwords, raising employee awareness of cybersecurity best practices and creating off-the-grid-backups will all help in protecting an organisation from the many threats they face.

Those who seek to attack financial organisations are using the deep and dark web to coordinate their attacks. A successful attack is extremely likely to enable them to achieve their goal, whether that be financial, notoriety and prestige within their community and amongst their peers or something else. Conversely, for the financial organisation failure to defend against an attack could be very costly. As such, it is vital to monitor the deep and dark web as part of a comprehensive and ever-evolving cybersecurity strategy.

121 views

Related reading