Cybercrime is costing the global economy as much as some $600 billion per year — about 0.8 percent of global GDP, despite the efforts of the U.S. government and law enforcement agencies worldwide.
Over the next five years, security industry experts suggest that companies around the world could incur more than $5.2 trillion in additional costs and lost revenue due to cyber-attacks.
Where do these cyber-attacks come from? It turns out that the majority of modern cyber-criminal activity is concentrated in the dark web, a rapidly growing shadow segment of the internet. The dark web encompasses those parts of the web where visitors deliberately go to take advantage of mechanisms designed to ensure anonymity and privacy, while they communicate in secret and traffic in illicit goods, services and information.
What if it were possible to shed light on these dark spaces? If we could explore the dark web more easily, it would be much more difficult for threat actors to remain undetected. Both enterprises and law enforcement agencies alike would be able to combat cybercrime and investigate threat actors far more effectively.
The dark web has existed since the earliest days of the web, and over the years, it has evolved significantly both in scale and sophistication. Tor and other well-known tools for anonymization were early technologies on which cyber-criminals relied. Over time, they began using instant messaging (IM) and other alternative digital channels to hide their communications.
As new networks and tools for encryption and identity masking came into being, it became ever more challenging to identify the actors engaging in these communities.
The dark web contains innumerable hidden marketplaces, communities, groups and forums in which the participants in the dark web conduct transactions that they would not want viewed in the light of day — from trafficking in child pornography and weapons to counterfeit money, drugs and illegal pharmacy. Here, one can acquire tools for malware and ransomware distribution, even stolen data that can affect national security.
According to various research efforts, the dark web is teeming with tens of thousands of actors, including organized crime groups, cyber-criminals, hacktivists and nation-states that view the dark web as a valuable resource for recruitment and intelligence acquisition. Terrorist organizations comprise one of the most high-risk categories of threat actors on the dark web. These groups are using the dark web not just to distribute extremist content, but also to communicate with their members using secure and encrypted communications channels.
The total volume of dark web data in circulation can be measured in petabytes (PBs) — and that doesn’t even count the replicated data on dark web mirror sites. The data is highly dynamic, too, as many of the underground communities themselves will appear suddenly, disappear as suddenly, and later appear again. To analyze and store that much dynamic data in a retrospective form requires the application of advanced big data and data science technologies, and the absence of such technologies in the past accounts for previous failures to shed any real light on the dark web. We have known about the dark web for years — but only now do researchers have the tools to do more than guess about its extent.
This brings us to enterprises wanting the ability to track the closed communities of the dark web, understand how adversaries operate and differentiate rumor from reality. CISOs and CSOs want to see what is being said about their own company because understanding the actual risks originating from the dark web may help them to implement proper mitigation measures. Dark web monitoring is a vital component of cyber threat intelligence.
Accurate feedback requires detailed context, because the dark web is a really ‘messy’ place with professional cyber-criminals and nation-state actors using it as one of their sources and playgrounds for further operations and recruitment of hackers.
Professional dark web monitoring tools enable research of dark web communities to help security professionals gain visibility underground into the latest trends such as new tools available for rent or for sale, tradecraft used by different threat actors, leaked information and data breaches and underground economy trends.
It also is important to understand that dark web monitoring is a vital piece of the puzzle in the enterprise risk management process. Some businesses may have a limited footprint or, for whatever reason, are not so attractive to dark web cyber-criminals but could be a valuable target for nation-state actors. That’s why security professionals need to combine multiple methods to acquire comprehensive intelligence coming from multiple sources including dark web.
The dark web is a completely uncontrolled and unregulated cross-border ecosystem. It poses a problem whose scale is growing rapidly due to issues having to do with cross-border legislation as well as technical barriers affecting law enforcement. This gives cyber-criminals a great deal of freedom to perform illegal activities in cyberspace that affect all elements of our society.
Despite several successful operations involving law enforcement and private-public partnership efforts that have resulted in the takedown of a number of underground communities and marketplaces, the dark web continues to evolve and expand.
But I see that changing. As companies harness the power of Artificial Intelligence, Big Data and data science, the dark places in the dark web are finding themselves exposed to light. We will get to a point — in the not too distant future — where we can see the texts, images and attached binary files that are flowing through the dark web. Also, we’ll be able to associate a particular threat actor with their real identity. The dark web represents a massive amount of data to capture, index and organize, but when that happens, when that data becomes actionable, then we open a new era in the investigation and disruption of complex cybercrime.