How to keep your data off the Dark Web

Image: wildpixel, Getty Images/iStockphoto

Data is simply a blistery commodity connected the Dark Web wherever radical bargain and merchantability delicate information, overmuch of it stolen done web breaches. Usernames, passwords, relationship numbers, fiscal records, recognition paper details, aesculapian records—all of these are up for grabs. And with today's savvy cyberattacks, it's not a substance of "if" but "when" your enactment whitethorn endure a breach. A study released Tuesday by information supplier Bitglass looks astatine however stolen information winds up connected the Dark Web and offers proposal connected what you tin bash to amended support yourself and your organization.

SEE: Ebook: IT leader's usher to the Dark Web (TechRepublic Premium)

To compile the 2021 variation of its "Where's Your Data?" report, Bitglass created a fig of fake relationship usernames, emails and passwords purportedly compromised done the RockYou2021 password compilation leak and a caller LinkedIn scraped information incident.

Bitglass researchers posted links to the phony information connected the Dark Web arsenic a mode to springiness buyers entree to the networks of antithetic organizations. To way the travel of the fake information and spot however it was used, the researchers embedded the files with watermarking technology.

Based connected its tracking, Bitglass discovered that the stolen information had a wider scope and moved much rapidly than successful the past. The phony information was viewed much than 13,200 times versus conscionable 1,100 times during a akin experimentation successful 2015. Previously, the stolen information took 12 days to scope 1,100 nexus views. In 2021, it took little than 24 hours to deed that number.

Cybercriminals are astir anxious to drawback information from retail companies and authorities agencies, according to the research. Among the apical 3 categories, retail information accounted for 60% of the views connected Dark Web, pirated contented accounted for 13% and gaming information for 12%. Drilling down further, retail information accounted for 37% of the Dark Web clicks, authorities information for 32% and pirated contented for 10%.

"Gaining entree to ample retailers' networks remains a apical precedence for galore cybercriminals wishing to deploy ransomware and extort payouts from ample and profitable organizations," Mike Schuricht, person of the Bitglass Threat Research Group, said successful a property release. "Similarly, involvement successful the U.S. authorities accusation is apt either from state-sponsored hackers oregon autarkic hackers looking to merchantability this accusation to federation states." 

SEE: What your idiosyncratic individuality and information are worthy connected the Dark Web (TechRepublic)

The breached information traveled farther astir the satellite than successful the past arsenic it was downloaded by criminals crossed 5 antithetic continents. But the U.S. accounted for the highest percent (35%) of radical who opened the breached data. Other countries wherever a important fig of radical accessed the information were Kenya (33%), Romania (10%), China (8%) and Sweden (4%).

The tools utilized by cybercriminals to download stolen information person changed. In 2015, nary virtual machines were utilized to entree the data. In 2021, respective tools were used, including Amazon Web Services and Google Cloud Platform. Further, the fig of radical utilizing anonymous VPNs and proxies to entree the Dark Web successful the 2021 experimentation changeable up to 93% versus 67% successful 2015.

"In comparing the results of this latest experimentation to that of 2015, it is wide that information connected the Dark Web is spreading farther, faster," Schuricht said. "Not lone that, but cybercriminals are getting amended astatine covering their tracks and taking steps to evade instrumentality enforcement efforts to prosecute cybercrime. Unfortunately, organizations' cybersecurity efforts to support information person not kept pace, arsenic evident by the continuous onslaught of headlines reporting connected the latest information breaches."

To forestall your organization's information from falling into the incorrect hands and being traded connected the Dark Web, Bitglass offered the pursuing six tips:

1. Implement a Zero Trust framework.
2. Ensure that your information extortion extends to immoderate instrumentality nary substance its determination and not conscionable connected the interior firm network.
3. Establish processes to way the determination and entree of your information and idiosyncratic credentials.
4. Set up grooming and different initiatives to assistance employees larn and signifier bully cybersecurity hygiene.
5. Block SaaS app logins and entree attempts with a cloud entree information broker (CASB). This volition forestall enactment from unfamiliar and suspicious locations.
6. Create a information strategy autarkic of your underlying operating system.

Also see

• How your stolen information ends up connected the acheronian web marketplace (TechRepublic)
• How overmuch is your info worthy connected the Dark Web? For Americans, it's conscionable $8 (TechRepublic)
• Starting astatine $40, hackers tin onslaught your concern with services bought connected the acheronian web (TechRepublic)
  
• How the acheronian web and cryptocurrency assistance the propagation of cybercrime (TechRepublic)
• Checklist: Securing integer information (TechRepublic Premium)
  
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)