The “Surface Web” consists of websites accessible with a standard web browser and that can be discovered via a search engine like Google. Corporations often consider the “Surface Web” first when dealing with cybersecurity issues, but this is just a small fraction of the Internet’s total reach.
Most of the Internet consists of the Deep Web: web pages that cannot be found with a search engine. The Deep Web includes everything from your messages on social media to corporate Intranet pages. Within this category, you also have the Dark Web: sites requiring special tools or web browsers to view, providing greater anonymity.
Due to its aura of exclusivity and emphasis on privacy, the Dark Web has become a refuge for cybercriminals. Marketplaces exist on the Dark Web marketplaces where users can buy and sell a wide range of illicit goods and services.
As a kind of cyber “Wild West,” the Dark Web represents a significant threat to businesses of all sizes and industries. In this article, we’ll go look at six threats that the Dark Web poses to corporations.
6 Dark Web Threats Companies Need to Know
It’s important to highlight that despite its name, the Dark Web is not only used for cybercrime. Individuals such as whistleblowers and those subject to government persecution, for example, may legitimately use the Dark Web to protect their identity.
Nevertheless, the sites where illegal transactions are allowed to flourish constitute potential Dark Web threats for corporations. Below, we’ll discuss 6 threats of the Dark Web for any business.
1. Breaches of personal data
As one of the most common types of cyber attacks, data breaches are also one of the most lucrative for criminals. Attackers are motivated by the substantial profits that they can fetch from selling personal data records.
In July 2022, for example, a hacker made a post on a Dark Web forum advertising the personal records of 69 million users of the gaming website Neopets. The breach, including email addresses and passwords, was being sold in Bitcoin for roughly $100,000 USD.
Data breaches are a major Dark Web threat for corporations because their impact can be catastrophic. According to IBM, the average cost of a data breach in the United States is now over $9 million. Not only must businesses spend valuable time and effort recovering from the attack, they can also suffer long-term reputational damage and even financial penalties for putting users’ data at risk.
2. Payment card fraud
Payment cards are a particularly valuable form of personal data—valuable enough to make card fraud its own Dark Web threat for corporations. When users make a purchase online using stolen payment card details, financial institutions and merchants must suffer the penalties. According to the December 2021 Nilson Report, credit card issuers were responsible for 88 percent of losses due to fraud, with merchants responsible for covering the remaining 12 percent.
The Dark Web is host to untold millions of stolen payment card numbers that are available for anyone willing to pay for them. In October 2022, for example, the Dark Web marketplace BidenCash released over 1.2 million credit cards for free as an advertisement for their website. While many of the records have been recycled from previous leaks, others appear to be fresh and genuine.
3. Theft of intellectual property
Intellectual property (IP) theft is a serious concern for any business, but especially companies that are startups or breaking into new markets. Stealing intellectual property robs creators of their hard work and businesses of their profits.
Unfortunately, the Dark Web is a haven for IP theft. With just a few clicks, users can download digital products from a number of Dark Web piracy sites. This includes everything from books, movies, and video games to software and even academic research articles (via the controversial website Sci-Hub).
Counterfeit items, too, are a major source of IP theft on the Dark Web. The types of counterfeit goods available on the Dark Web include clothes and accessories, electronics, jewelry and watches, and even pharmaceuticals. According to Europol, counterfeit products make up roughly 2 percent of listings on Dark Web marketplaces.
4. Hacking services for hire
In years past, corporations could take comfort in the fact that would-be attackers needed advanced technical skills in order to breach their defenses. However, this is no longer the case. Many hackers now sell their services on the Dark Web, enabling anyone with enough money to launch an assault on specific targets.
According to the consumer website Comparitech, Dark Web hackers now offer a smorgasbord of attacks at relatively affordable prices. The most expensive form of hack is one with a personal target (e.g. defamation or financial disruption), with an average cost of $551 USD.
Other common services include website hacks, breaking into computers or phones, and hijacking social media or email accounts. At 29 percent, social media attacks were the most frequently advertised hacking service on the Dark Web, followed by computer and phone break-ins at 15 percent.
5. Ransomware kits
Hackers for hire on the Dark Web have made it easier than ever to launch a cyber attack—but they’re far from the only Dark Web threat for corporations. So-called “ransomware as a service” kits give buyers the power to execute their own targeted malware infection, extorting businesses for ransom before they can unlock their own computers and files.
According to Cybersecurity Ventures, the use of ransomware as a service grew by nearly 200 percent in 2020 alone. The cheapest ransomware kit is available for less than $100, while the most expensive one (for Maze ransomware) will set you back $84,000. Research suggests that a wide variety of actors are interested in ransomware as a service, from individuals seeking financial gain to state-affiliated cybercriminals.
6. Industrial espionage
Perhaps the gravest Dark Web threat for corporations is that of industrial espionage: spying on a company to steal its trade secrets, often for the benefit of a competitor. A new Dark Web platform called Industrial Spy, launched in 2022, encourages employees and other insiders to sell access to any confidential business information in their possession.
The Industrial Spy marketplace reportedly contains everything from free data to “premium” packages costing millions of dollars. The contents of these packages may include computer files, manufacturing diagrams, financial reports, client databases, and much more.
Here’s what all businesses should know about the 6 biggest Dark Web threats for corporations:
Data breaches can expose sensitive personal information at great cost to companies.
Payment card fraud causes businesses to suffer major financial losses.
Intellectual property theft results in lost profits for the IP owners.
Hacking services for hire make it easier to launch an attack.
Ransomware kits place malware in the hands of the masses.
Industrial espionage puts the security of your trade secrets at risk.
Need to defend your company against the threats of the Dark Web? FYEO offers a number of identity and domain intelligence tools to help strengthen your cybersecurity posture. In particular, FYEO maintains a database of more than 23 billion leaked credentials, plaintext passwords, and phone numbers—one of the largest in the world. When sensitive data is posted on the Dark Web, we send an alert to the affected users so that they can move to protect their private information.