As Cybersecurity Awareness Month comes to a close, week 4’s theme is “Cybersecurity First.” While we’ve spent the last month focused on how to infuse cybersecurity into employee training programs, career trajectories and general awareness, the value and importance of cybersecurity does not end on October 31st. As we look ahead, security teams need to be mindful of how to keep cybersecurity front of mind across the organization. This all comes down to focus.
There are many areas of focus for cybersecurity, but one area in particular that frequently attracts more fear than fact is the dark web. Security teams are left to grapple with how to effectively monitor the dark web and leverage dark web intelligence in a meaningful way. Beyond the fear mongering TV ads asking “is your information exposed on the dark web?” there is legitimate intelligence that can be gathered on the dark web. By focusing on what matters, security teams can prioritize their cybersecurity efforts on those networks. In this post, we’ll debunk a few myths of the dark web in order to help teams determine where to prioritize.
Myth #1: The Dark Web is Massive
One of the biggest misconceptions of the dark web is that it is a massive underground network of endless sites, forums and chatrooms, unable to be completely monitored by the average security team. In actuality, the dark web is not as large as it appears. As James Carnall, VP of Services puts it, “there are more seats in the Rose Bowl than there are sites on the dark web.”
When it comes to monitoring the dark web, it’s less about size and more about accessibility. While there are a finite number of dark web forums and sites, access to those sites can be harder to come by. Working with a trusted partner like the ZeroFox Dark Ops team provides you with exclusive access to dark web intelligence on networks you might not otherwise reach. The intelligence gathered there could mean gaining early warning into potential attack planning or breaches.
Myth #2: The Dark Web is Chaotic
The public image of the dark web is often one of hackers in hoodies in their basements. It’s often thought to be without any real structure or organization, where bad actors are free to steal and scam. In reality, however, the dark web has become much more sophisticated in recent years. Olga Polishchuk notes that the dark web is actually “a very well organized, structured ecosystem.”
The dark web functions much like a real-world economy, with buyers and sellers and actors specializing in specific services. This includes everything from initial access brokers to those actors actually waging attacks. Understanding the ecosystem behind the dark web enables security teams to anticipate the steps an actor might take.
Myth #3: Bad Actors on the Dark Web Work in Silos
A final myth preventing security teams from focusing on what matters on the dark web is closely tied to its structured, almost capitalistic nature. There is often a misunderstanding that bad actors work as lone wolves to plan and conduct attacks. In actuality, actors are communicating with one another throughout the phases of an attack, whether to exchange goods and services or share tips. What ZeroFox threat researchers have found however, is that the concept of “No Honor Among Thieves” is well at play on the dark web. Bad actors are willing to burn one another in order to profit or get ahead.
By monitoring the communications between actors, security teams are able to understand the way they operate. As Zack Allen puts it, “this type of intelligence is really important for security teams because it can give insight into who these people are, what they are doing and how we can adjust our security postures to defend against these attacks.”
Monitoring dark web chatter for mentions of your brand, executives or other assets is an excellent way to stay ahead of potential threats. It also enables security teams to speak the language of the attacker more effectively.
Putting Dark Web Monitoring and Cybersecurity First
As Cybersecurity Awareness Month comes to a close and you consider how to implement the best practices shared throughout the last 30 days, prioritizing where to focus in places like the dark web is critical. When done correctly, dark web intelligence offers security teams an inside look into an attacker’s methods of planning and attack execution and allows for a more proactive means of protecting the organization as a whole.