In the wake of seemingly constant high profile breaches, organizations are taking precautions to protect against cyberattacks, including raising security budgets and educating employees. However, the cost of a breach can be enough to significantly harm a company’s finances and reputation: The average total cost of a data breach is $3.86 million, according to a recent Ponemon Institute report.
The ongoing risk of attack has led some organizations to seek new ways to proactively monitor the Dark Web for lost or stolen data, according to a Wednesday report from Terbium Labs.
Here are 10 activities taking place on the Dark Web that organizations should take note of to protect their data, according to the report.
SEE: Intrusion detection policy (Tech Pro Research)
1. Doxing of a company VIP
Dark Web and clear web sites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent, the report said. There is often a motivation behind these posts, such as political beliefs, hacktivism, vigilantism, or vandalism. For example, the executive of a wealth management firm was included in a large-scale dox as the result of their political contributions, the report noted.
2. Full PANs, BINs, and payment cards for sale
The economy for payment cards on the Dark Web is strong, with a single card costing between $5 and $20. Sellers update markets with new cards regularly–sometimes even daily, the report said. And business and platinum cards will net criminals a higher price than average cards.
3. Guides for opening fraudulent accounts
On the Dark Web, you can find guides for sale that contain detailed, step-by-step instructions on how to exploit or defraud an organization, the report said. The guide serves two purposes: Criminals learn how to break into a company’s systems and processes, and the company’s brand name is promoted to criminals as a result of the listing. For example, when a major US bank changed security policies, criminals updated guides with techniques to get around those changes.
4. Proprietary source code
A leak of source code can allow competing companies to steal intellectual property, and also allow hackers to review the code for potential vulnerabilities to be exploited, according to the report. Leaks of source code from tech giants will make the news, but source code from others is regularly leaked on sites like Github and Pastebin, as developers seek advice and input from others, the report noted.
SEE: Incident response policy (Tech Pro Research)
5. Dump of a database
Third-party breaches can put organizations at risk by revealing employee credentials that can unlock other accounts or provide information for phishing attacks. For example, if criminals can post an internal database, it reveals private contracts or partnerships between organizations, and employee locations.
6. Template to impersonate a customer account
The Dark Web is full of account templates that allow hackers to pose as customers of financial institutions, telecommunications companies, and other service providers, the report noted. These templates are then used to solicit loans, open accounts, or as part of a broader scheme for identity theft or fraud.
7. Connections between employees and illicit content
Posts doxing individuals who engage in illegal activities on the Dark Web, such as child exploitation, can draw undue negative attention to their employers or affiliated organizations. For example, one post listed the full contact information for a tech company that accidentally provided tech support to a child exploitation site.
8. W2s and tax-fraud documents
Each year before tax season, there is a rush of Dark Web activity to gather compromised identity information and file fraudulent tax returns before the actual taxpayer can do so, the report said. This tax fraud is enabled by the sale of W2s and other tax fraud-specific documents, which can be tied back to the employers where those documents came from originally.
SEE: SQL injection attacks: A cheat sheet for business pros (TechRepublic)
9. Secure access and specialty passes
While most of the materials on the Dark Web are for generalized personal information, vendors sometimes offer special access materials, ranging from amusement park tickets to military IDs. For example, one Dark Web market offered physical press passes designed to help cybercriminals pass as journalists at events, the report found.
10. Inexpert Dark Web searching
Despite the need to keep tabs on Dark Web activity, security vendors can accidentally expose an organization to harm by searching for information related to the company on the Dark Web. For example, one vendor searched for a CISO’s name so many times on a now-defunct Dark Web search engine that the name made it to the front page of the site under “trending,” the report noted.