What is the Dark Web?
The Dark Web is a sublayer of the Internet that is hidden from conventional search engines like Google, BING, or Yahoo. It consists of databases and private academic government networks. The Dark Web makes up most of the Internet that does not reach the surface-level user. It is estimated to be 550 times larger than the Surface web, and growing. Because you can operate anonymously, the Dark Web holds a wealth of stolen data and illegal activity.
Assessing Digital Risk
Compromised credentials have become more and more common, however the danger of these exposures go beyond any one individual. The majority of breaches are happening because of a credential that has been exposed, and all it takes is one employee to potentially give away the keys to your entire network.
The threat to your business does not necessarily lie within the physical confines of your business. Your employees are creating accounts on several different types of 3rd party websites. They are using their work email addresses and often the same password, or possibly a variation of a password for these accounts. Once the 3rd party site is breached, cyber criminals are able to test passwords that they obtain on other more dangerous websites.
Our Solution: Dark Web ID’s
Dark Web ID’s are designed to detect stolen email addresses and passwords using 24/7/365 surveillance of stolen credentials and other personally identifiable information. This surveillance monitors and executes 10,000 refined queries daily over:
- 500 Distinct Internet relay chatroom channels.
- 600,000 private websites.
- 600 Twitter feeds.
Dark Web ID’s leverage a combination of human and artificial intelligence that scours:
- Criminal chat rooms
- Bulletin Boards
- Peer-to-Peer Networks
- Private Networks
- Black Market Sites
Why use Dark Web ID?
- The National Institute of Standards and Technology (NIST) recommends changing passwords when a compromise occurs.
- With DarkWebID, you know about the data leak before a compromise occurs to your system.
- Without DarkWebID, you would only know about the leak when a data breach results in theft.
- Knowing ahead of time allows you to change passwords and prevent a costly compromise of your system.
Getting Started With Dark Web ID’s
In order for us to effectively monitor your data for potential compromises or leaks, we would require a list of the following information:
- Domains: @(DomainName).com, .org, .net, etc
- External IP Addresses
- Personal Email Addresses: (name)@yahoo, gmail, hotmail, etc .com
A Dark Web Breach has occurred, now what?
When any account is found to have been compromised, you will want to immediately update the password(s) for the account(s) that have been flagged and anywhere else the password is used.
- Nearly 40% of Americans replicate the same or very similar passwords for each service that they use.
- Even if a breach is older, check to make sure that your current password is not a deviation of the breached password.
- Have a password policy that changes passwords at a frequency faster than it would take to hack – the longer the password, the less frequently you would need to have users change it.
Implement multi-factor authentication as a way to maintain security when a password breach occurs.
Start awareness and user education training to prevent users from falling victim to phishing attacks.
Engage cybersecurity experts to monitor for breaches and perform a best practice assessment.
What information does Magna5 report after a breach?
- Report Date
- Date Added
- Date Found
- Email Domain / IP Address
- Password compromised
- Type of compromise
- PII Hit
- Date Added: When the Domain / IP / Personal Address was added.
- Date Found: Date the compromise was reported or identified.
- Compromise Type: The type of exploit used to extract or steal the data.
- Accidental Exposure – the compromise of data is attributed to an unintentional disclosure by non-malicious actors on a web page, social media, or peer-to-peer site.
- Bot – the compromise of data is attributed to botnet activity.
- Breach – this data was compromised as part of a organization’s data breach.
- Data Dump – a consolidated collection of new and/or previously compromised credentials were made available for bulk consumption.
- Dox – the data was disclosed as a part of a Doxing effort. Doxing is the research, collection and broadcast of private or personally identifiable information (PII) about an individual or organization. Doxing may be carried out for various reasons, including extortion, coercion, inflicting harm, harassment, and online shaming.
- Keylogged / Phished – the compromise of data is attributed to entering into a phishing website or extracted through software designed to surreptitiously harvest personally identifiable information (PII)
- Not Disclosed – the corresponding metadata associated with the collected information is currently insufficient to accurately attribute to a specific compromise type.
- Sample – the data was disclosed is a subset of a larger dataset disclosed by an individual or organization to prove its validity of an exploit / breach.
- Tested – the data was legally tested to determine if it is live/active data.
- Source Type: The location where the exploited data was discovered.
- Asprox – the IP address has been identified as associated with the Asprox botnet, also known by its aliases Badsrc and Aseljo, and is mostly involved in phishing scams and performing SQL injections into websites in order to spread malware
- C2 Server – the IP address has been identified as being associated with a Command-and-control (C2) Server. Command-and-control servers are used by attackers to maintain communications with compromised endpoints within a targeted network. These compromised endpoints collectively are referred to as a botnet. This is achieved through infecting endpoints with malware. Botnets are leveraged by attackers to conduct malicious activity (send spam, distribute malware, etc.) without the knowledge of the system owner.
- Chat Room – this data was discovered in a hidden Dark Web internet relay chatroom (IRC).
- Cutwail – the IP address has been identified as associated with the Cutwail botnet and is mostly involved in sending spam e-mails. The bot is typically installed on infected machines by a Trojan component called Pushdo. It affects computers running Microsoft Windows.
- File Sharing – the IP address has been identified as associated with malicious file sharing activities.
- ID Theft Forum – this data was discovered being exchanged on a dark web forum or community associated with ID theft activities.
- P2P File – this data was discovered as part of a file being exchanged through a peer-to-peer file sharing service or network.
- Public Web Site – this data was discovered on a publicly-accessible web forum or data dump site.
- Social Media – this data was discovered being shared as a post on a social media platform.
- Webpage – this data was discovered on a hacker website or data dump site.
- Zero Access – the IP address has been identified as associated with the Zero Access botnet. At the time of discovery, the ZeroAccess rootkit responsible for the botnet’s spread is estimated to have been present on at least 9 million systems (2012).
- Origin: The named website compromised in a cyber incident.
- Website Populated – The name of the website is known, and the impacted organization has publicly acknowledged a cyber incident.
- Anonymized / Not Disclosed – The name of the site compromised is not known, or the organization has not publicly acknowledged a cyber incident.
- Status: Configured to individual records.
- “In Progress”