The Risks of Not Keeping an Eye on the Dark Web

Risks of the dark web

The dark web is an obfuscated part of the internet that is prolifically used by cybercriminals to communicate between one another, plan their attacks, and buy, sell, and build the tools they need to execute them. This activity is known as the “pre-attack” phase of a cybersecurity incident: the actions that cybercriminals undertake before they launch their campaign against an organization and breach their network.

It stands to reason that the presence of this pre-attack activity against a specific organization would mean they have an increased likelihood of being the victim of a cybersecurity incident. In a 2024 report from Searchlight Cyber and Marsh McLennan Cyber Risk Intelligence Centre, it was deemed that any mention of an organization on the dark web increases the likelihood of them being a victim of a cyberattack. The increase of risk starts at 1.29x for mentions on dark web pages, up to 2.56x for when users have been compromised.

So, if an organization isn’t continuously monitoring threats from the dark web, what are some of the risks?

Leaked credentials and compromised users

If your organization has a compromised user, you are 2.56x more likely to suffer a cyberattack than those organizations who don’t.

Compromised users are those employees whose account has been accessed by an unauthorized person, such as a cybercriminal, using the employees login details that are available on the dark web. Login credentials are available on the dark web through a number of ways including stolen data for an organization, infostealer infections, and credentials being reused for other services that have been breached.

Being aware of leaked credentials and compromised users on the dark web is important especially when it comes to cybersecurity because it can lead to further cyberattacks, theft of intellectual property, financial fraud, and reputational damage.

Using dark web monitoring tools and being alerted to leaked employee credentials on the dark web can help organizations identify if their data has been compromised, allowing them to take action and make timely adjustments to their cybersecurity infrastructure.

Dark web marketplace listings

If an organization is mentioned in dark web marketplace listing, they are 2.41x more likely to be the victim of a cyberattack.

One of the biggest dark web risks an organization can face is being named on dark web marketplaces. If a business has been mentioned on a marketplace it’s a signal that a cyberattack has already happened. Organizational information that is for sale on the dark web could be the likes of financial information, HR documents, intellectual property, and customer information.

Without monitoring these risks, organizations will be unaware their data is for sale on the dark web and that cybercriminals are exploiting their security weaknesses. Being blind to this activity delays the ability to respond to the threat and put the necessary cybersecurity processes in place.

Outgoing dark web traffic

If an organization has outgoing dark web traffic, they are 2.11x more likely to suffer a cyberattack at a later date.

Outgoing dark web traffic occurs when traffic from within an organization’s network connects to the dark web. A sudden surge in traffic from an organization’s network to the dark web is a strong signal that the business may soon be under attack. 

Dark web monitoring tools allow organizations to spot malicious activity such as large downloads from your dark web traffic logs. Security teams can then correlate these anomalies with other malicious activity, such as pseudonym posting and criminal activity timelines – allowing organizations to look for indicators of breach, so they can take action long before attackers get anywhere near your network.

The significance of spotting early signs of a cyberattack

Dark web intelligence plays an important role in preempting cyberattacks by identifying early signs of malicious activity. The first step all organizations should take to spot the early signs of their exposure and potential cyberattacks is to collect dark web intelligence. Cybersecurity teams can only take mitigating actions to reduce dark web risks if they can identify where on the dark web they are being targeted. Understanding their points of exposure and mitigating their cybersecurity risk will help organizations minimize the financial, reputational, and legal impact of cyberattacks.

Use case: Real life example of dark web threats

How did identifying leaked credentials on the dark web prevent future infiltration and cyberattacks for a professional services firm?

In January 2024, a professional services firm used the external attack surface management (EASM) capability in the Searchlight Cyber dark web monitoring platform to map their external attack surface and pull together an inventory of their digital assets, including IPs, domains and subdomains and identify any vulnerabilities, misconfigurations, and exposed credentials.

Using the tool allowed the firm to identify a data breach that hadn’t been identified with their other cybersecurity tools: leaked credentials related to one of the organization’s branches that were available for sale on a dark web forum. Identifying the leaked credentials immediately allowed the organization to implement mitigation efforts, such as password changes and additional security for the impacted staff members – who were all based in the same regional office.

With the ability to see which of the team’s credentials had been compromised, the security team took action to remove the malware from all of the infected devices before any other cybersecurity incidents could occur.

The organization also used this incident to inform other cybersecurity procedures, including employee training and the creation of a central repository for trusted applications to avoid other instances of malicious software being downloaded by employees.

Without the intelligence on the infostealer infection, the malware would have laid dormant within the devices and more credentials could have been harvested in the future.

Mitigate the risk of the dark web

In this blog, we have covered just three of the risks the dark web poses to organizations, but there are many more including Telegram listings, forum listings, and incoming dark web traffic. If you’d like to learn more about how being mentioned on these communication channels and dark web sites can increase the chance of a cyberattack, download our report “The Correlation Between Dark Web Exposure and Cybersecurity Risk” or request your free Dark Web Risk Report, to understand your company’s dark web exposure.

Monitoring for threats such as compromised users, dark web market listings, and outgoing dark web traffic allows organizations to take proactive measures to strengthen their defenses. This approach not only mitigates potential risks but also enhances an organization’s overall security posture and resilience, allowing businesses to stay ahead of dark web criminals. Dark web intelligence acts as an early warning system for identifying and preventing cyberattacks before they escalate.