Digital Bigfoot and the Dark Web

DB and the Dark Web-1

At this point we all know Digital Bigfoot (a.k.a. threat actor, hacker, cybercriminal) exists. We hear the news every day about another data breach. But there are still people out there who think their business isn't a target. Trust us, Digital Bigfoot is out there lurking, salivating over any juicy data he can steal and sell. And one of the main marketplaces for our digital villain? The dark web. (Cue villainous laughter.)

But I'm not a target.

As a small or medium business you may be thinking, but there's meatier prey out there! There are lots of other businesses with more valuable stuff! Though we hear a lot about the big companies with the huge data breaches, according to the Verizon DBIR (Data Breach Investigation Report), 43% of the breaches in 2018 happened to SMBs. Why? Because Digital Bigfoot, let's call him DB for short, finds it easier to go after the smaller guy in the Birkenstocks cooking a hotdog on the campfire than the Iron Man finalist with the latest Hoka trail runners on an early morning 12-mile warm up. In other words, its easier to go after the small business that doesn't have the strength or resources than a Fortune 500 with the big budget for the latest technology and the A-team of security ops employees.

Though you may not have as much to protect as a corporation, DB assumes that the data you do have isn't protected well. And because there are lots of businesses like this, he can find many victims and the bounty can add up quickly. It's a quantity over quality game. As Mike Christman, FBI Cybercrime Unit, in an interview with CBS 60 Minutes, said, "I think everyone should expect to be attacked."

He waits for you to make a wrong move.

Its the email from your internet provider saying you have no access to your email until you re-enter your user name and password. A lot of people, even the smart ones, fall for this. And these scams aren't going away. Per Mimecast's recent Email Security Risk Assessment (ESRA) Report, email delivered with malicious URLs has increased by more than 125 percent in comparison to the previous quarter’s results. Mimecast detected 463,546 malicious URLs contained in the 28,407,664 emails delivered were deemed “safe” by an organization’s existing email security system, averaging to one malicious URL in every 61 emails.

And there are other ways for DB to get what he wants.

It's not just a human error that allows a cybercriminal into your data. Vulnerabilities in the network or apps can be exploited, for example. (See our quick overview of the 2019 Verizon DBIR.) Also, finding user names and passwords online can be pretty easy. And its a bonus when someone uses the same credentials for multiple accounts. [Check to see if your email account has been hacked.] Its also worth mentioning that DB's attack approach is usually not smash and grab. He can get in and siphon a little bit of precious information over time and the business may not notice for months or even years.

The dark web: the back-alley cyber marketplace. 

So what does DB do with these credit card numbers, email logins, and lab results? And how much is the data worth? A good portion of the bounty is sold on the dark web, a part of the internet that isn't indexed by mainstream search engines. There are actually dark web search engines to help find dark web sites, though the space is known for being chaotic and unorganized, as you might expect with a high number of anonymous, criminal scammers. According to Experian, a social security number or a non-financial institution login can go for as little as one dollar on the dark web. But the value goes up significantly from there. A drivers license: 20 dollars. Credit or debit card number: up to $110. Online payment services login: up to $200. The most valuable? Medical records can go for $1,000 and passports up to $2,000. This personal data is purchased as a one-off, in batches, or in bundles (where those slick sellers package together various types of data). 

Digital Bigfoot is constantly attacking businesses, big and small. SMBs must protect their networks and data to avoid being the next victim... before its too late. (Uh oh, here comes the villainous laughter again.)


Listen to us on the Cylance InSecurity podcast about hunting the Digital Bigfoot!

If you'd like more information about Rocus CyberFusion®, a U.S. patent pending process that was designed to have the same effectiveness as our biggest enterprise cybersecurity platforms but at a cost that a small business can afford, contact Rocus Networks today to set up a 30-day trial.