For several months, we have seen an increase in the number of cyber-attacks within the French cyber ecosystem, particularly among local authorities (Seine Maritime, city of Caen), companies (MBDA, Orange Cyber Defence, ALTICE, etc.) or even the public sector, illustrated by the attack on the hospital in Corbeil-Essonnes.
Guillaume Poupard, Director of the French National Agency for Information Systems Security (ANSSI), pointed out during his Senate hearing at the beginning of October 2022 that “threats are becoming more stable, but on a high level (…) as shown by the exponential growth in the number of reports processed by the ANSSI”. Indeed, Gatewatcher identifies different types of threats such as malware, Trojans, phishing, etc., most of which are characterised by the data theft and sale on the dark web.
So what is the Dark Web?
We could use the analogy often used to define the world wide web and its hidden side, the dark web. Indeed, the web could be structured like an iceberg: the surface web would thus represent the emerged part, which only represents 10% of the world web; and conversely, the deep web, the hidden part of the iceberg.
The deep web refers to “all websites and pages that are not listed on the Internet“, such as pages and databases that are only intended for a certain group of people belonging to an organization (pages blocked by a password, bank accounts, back-office, data fragments, dynamic pages or pages that are inaccessible via the site’s tree structure, etc). The deep web is by far the largest part of the internet. It has been estimated that it represents between 90% and 95% of the entire global web. However, it is important to distinguish the deep web from the dark web.
The dark web includes “all sites and pages accessible only through certain protocols1, configurations or networks”. Only accessible through specific web browsers such as Tor (the anagram of “The Onion Router”), Freenet or I2P, the dark web is considered a part of the deep web, but much more complex to access. URLs are usually made up of a random mixture of letters and numbers and end in .onion. For example, the address of the DuckDuckGo search engine looks like this: http://3g2upl4pq6kufc4m.onion. In addition, the URLs of dark web sites change regularly. This is an unregulated part of the internet where no government, organization or company is responsible or even able to enforce rules.
The dark web, an Ali Baba’s cave.
These sites, forums and marketplaces sell all kinds of legal items (phones, televisions, connected objects, etc.) for much less than on traditional websites. But unfortunately, most of the time, illegal items are more often searched: drugs, weapons, fake identities, credit cards, and any other type of data …. Indeed, there are many black markets, fraudulent websites, email services, forums, botnets, cryptocurrencies etc.
What is most worrying is that we can find large amounts of personal data stolen during cyber-attacks on private or public organizations. For example, after the attack on the hospital in Corbeil-Essonnes, it is known that a lot of data is available for sale on several marketplaces on the dark web. More or less sensitive data is exchanged, such as names, email addresses and telephone numbers, which many companies already possess; but also personal data: date of birth, postal address, gender, login and associated password, identity card, social security number, health data, banking information (bank details, customer numbers, card numbers, etc.) which can be sold for $1 to $4, depending upon their relevance.
Hackers’ imaginations know no bounds.
Thus, people with bad intentions can easily buy a list of 100 or more contacts with all of the above information for about $400.
Let’s imagine what can be done with all this information … In most cases, these databases will be used for other attacks such as phishing, targeted attacks against a bigger fish.
Unfortunately, there is not much we can do if our data ends up on the dark web. Therefore, it is important to be careful about whom you share your data with, knowingly or unknowingly, and which ones. Above all, remember to protect your network with detection solutions that will give you real-time, 360° visibility over the entire network.
1. Defining as the set of agreements necessary for remote entities to cooperate, in particular to establish and maintain information exchanges between them.
Author:
Channel & Partnership Manager