What Criminals Do with Your Data on the Dark Web
Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
If you want to scare the heck out of yourself, read this report from VPNoverview on typical “dark web” data theft sites, including the cost for compromised data such as PayPal transfers, bank cards, and full identities.
Don’t bother wondering whether criminals are buying and selling your firm’s data on the dark web.
Assume they are.
The dark web is a sublayer of the internet that isn’t visible to standard web browsers such as Google and Bing.
It can be worth the expense to confirm this via a dark web scanning service. But scanning doesn’t directly protect your data – it’s valuable only as one tool for improving your staff’s overall cyber-hygiene.
Cyber-thieves will always target financial services companies. And the risk is increasing substantially for this industry.
Among the top cyber-crime trends for 2020 forecast by the cybersecurity authority, Kaspersky, is increased targeting of financial services, including investment apps, mobile banking, financial data processing systems, and other fintech/banking services.
Inevitably, a good portion of data that thieves harvest will be peddled on the dark web.
Where your data goes on the dark web
Unlike the regular web, a.k.a. the “surface web,” dark web sites aren’t indexed by these search engines, so it’s difficult or impossible to trace traffic and/or transactions back to a specific user.
Although the dark web is used for some legitimate purposes, its anonymity makes it a magnet for illegal endeavors, such as selling stolen data. Typical dark web hubs of criminal activity include:
- Hacker community forums and chatrooms where cyber-thieves trade tools and methods used to steal data, and to report software vulnerabilities;
- Data auction sites or “bazaars”;
- Peer-to-peer file sharing networks for exchanging stolen data; and
- Command-and-control servers that harvest data through malware and botnets.