13 May
2019

Protecting your brand in the depths of the dark web

MarkMonitor

As the cyberthreat landscape develops at pace, the impact on brand protection is increasing dramatically. As a result, the lines between brand protection and cybersecurity are blurring. Brands are increasingly identifying the need for an all-encompassing protection strategy that keeps organisations safe from the numerous threats that they face on multiple fronts. From counterfeit products and phishing to brand and domain infringement, cybersquatting and outright fraud, organisations and brand protection professionals have their work cut out for them.

Fraudsters, cybercriminals and other adversaries that engage in brand abuse are also becoming more sophisticated in the methods that they use to dupe consumers, dodge authorities and take advantage of legitimate brands. This means that infringement and brand abuse are on the rise, driven by the pervasiveness of social media, the popularity of the Internet and advances in technology.

Sketching out the threat landscape

For brands, the consequences can be severe: damage to reputation, loss of revenue and, perhaps most importantly, negative impact on customer trust. To put that into perspective, according to cnbc.com the cost of cybercrime in 2018 was as high as $600 billion. However, counterfeiting affects not only the brands in question, but also the wider economy. According to the EU Intellectual Property Office, in the European Union, for example, €60 billion is lost each year across the region as a result of counterfeiting, equating to 7.5% of total sales. In addition, 434,000 jobs are lost because of counterfeit products flooding the market.

One of the main challenges in online brand protection is the fact that the threats come from multiple locations. But one area that is of particular concern to brands is the dark web.

Into the depths of the dark web

The dark web is the collection of websites and content that exists on dark nets – overlay networks whose internet protocol addresses are completely hidden. As a result, both publishers and visitors to dark websites are entirely anonymous. Access to dark web content can be achieved only by using special software such as Tor or alternatives like Freenet, Invisible Internet Project and Tails. Tor is free to download and use, and it enables anonymous access and communication within the dark net. Today, more than 2 million people access dark web content via Tor daily.

It is not, however, used exclusively for criminal activities. It is often used by strong privacy advocates, such as journalists or law enforcement agencies, that may be searching for dangerous or sensitive information and do not want their online activity tracked.

All about anonymity

It is the anonymity of the dark web that makes it so appealing to criminals. In addition to offering people a place to buy guns, drugs and other illegal goods, as well as to launder money, it is also where cybercriminals sell private data (eg, login credentials, banking and credit card information), intellectual property and launch full-on cyberattacks, including data breaches and distributed denial-of-service attacks.

Cybercriminals also offer their services for hire and even provide tutorials on codebreaking and how to infiltrate corporate networks. Cybercrime itself has become a service that is offered pervasively across the dark web.

With cryptocurrency used as the preferred currency, every transaction between buyer and seller can be conducted anonymously, which ensures that buyers and sellers cannot be tracked.

Europol is taking this threat seriously. In 2018 the organisation set up a dedicated dark web team to tackle the problem. It is a coordinated effort to tackle crime on the dark web working with law enforcement agencies across EU member countries, third parties and other organisations, including Eurojust, an EU agency that deals with judicial cooperation in criminal matters. The team’s aim is to reduce the size of the underground economy of the dark web and “deliver a complete, coordinated approach: sharing information, providing operational support and expertise in different crime areas and the development of tools, tactics, and techniques to conduct dark web investigations and identify top threats and targets. The team also aims to enhance joint technical and investigative actions, organise training and capacity-building initiatives, together with prevention and awareness-raising campaigns – a 360° strategy against criminality on the dark web”.

A recent investigation by the Independent newspaper in the United Kingdom gives a deeper understanding of the threat that the dark web poses. According to the title’s findings, the stolen identities of UK residents are available to buy on the dark web for as little as £10. This includes names, addresses, online passwords and bank details. It is not just a hypothetical example; a hacker in the United Kingdom was recently jailed for 10 years following a crime spree in which he used cyberattacks to steal consumer data (email addresses) from retail brands. He then used a phishing scam to extract personal details from the consumers, which he went on to sell on the dark web.

While the dark web presents a threat to both brands and consumers, brands need to be better informed of the risks and what they need to implement in terms of protection strategies. In this way, they are helping to safeguard both themselves and their customers. Brands recognise they need to be thinking about it but do not know how or where to start.

Understanding the risks to your organisation

The existence of the deep web and dark web is not new to businesses, but in recent years, fraudsters and cybercriminals have been honing their tactics in these hidden digital channels to strike at their prey more effectively. They can also minimise the risk of their being caught. Moreover, as more and more users get to grips with learning to use Tor to access and navigate the dark web, the more difficult it is to identify a single user and track down cybercriminals.

When it comes to protection, most organisations have implemented stringent security protocols to safeguard their IT infrastructure. However, these conventional security measures are designed to protect data and assets inside the firewall, not outside. Targeted attacks like business email spoofing (BES) – where an internal employee receives an email purportedly from a corporate executive or the IT team requesting login or password information – are difficult to detect with traditional email security. Much like a consumer phishing or malware scam, BES attacks use sophisticated social engineering tactics to compromise login information. These credentials are then distributed on the dark web, sold on to criminals, and can precipitate a full-scale cyberattack and data breach.

In the end, the most vulnerable points of access to any network are individuals, such as consumers and employees. According to IBM’s X-Force Threat Intelligence Index 2018, human error is the cause of most cyberattacks. It is reportedly the reason behind the staggering 424% increase in the number of cyberattacks between 2016 and 2017.

Even knowledgeable users may be duped by a BES or phishing attack. The more people that have access to a network, the more potential lapses may occur and the risk increases. Companies that have large partners, distributors or affiliate organisations have a larger problem, as they allow access to a greater number of individuals. The sharing of confidential data on paste sites can also become a target for theft or misuse. No amount of IT security will prevent a backdoor attack on the infrastructure where an individual unwittingly surrenders the key.

Consumers may similarly be duped by brand-associated social engineering attacks, unknowingly revealing personal or financial information that can be sold on criminal dark web networks. Cybercriminals move silently and quickly to exploit the valuable data before the user becomes aware. Monitoring potential threats in the deep web and dark web gives you the intelligence to take appropriate action. Cybercriminals often communicate and interact via private, cybercriminal social media forums and chat rooms and, in some cases, threat actors even boast or congratulate each other after successful attacks, which can be tracked and monitored. Threat intelligence empowers a brand to act by allocating the right security resources before an attack or the data to connect the dots between threat actors to prevent future attacks.

In other cases, the damage of a data breach (eg, stolen credit card numbers) can be mitigated by working with financial institutions to cancel the cards before they can be used fraudulently. The stakes for companies are high. Cyberattacks that propagate in the dark web pose a significant threat to proprietary corporate information, trade secrets, employee network access credentials and consumer financial and personal information. It falls to organisations and their security operations centres to identify the activity in order to limit financial liability to the company and irreparable damage to the brand.

Protecting your brand in the dark web

Monitor threats across multiple cybercrime zones

IT security teams should ensure that they are monitoring as many digital segments as possible where cybercrime frequently takes place. These include not only deep web and dark web sites, but also other digital channels where fraudster-to-fraudster interactions occur (eg, social networks, internet relay chat and chat sites, as well as data paste sites). Companies must also take an effective defensive posture, developing advanced alerts before, during or after an attack occurs, ultimately providing the vital intelligence needed to take appropriate action.

Find efficient ways to infiltrate criminal networks

Some organisations might be tempted to try their hand at infiltrating cyberthreats in the dark web themselves. In order to do so, however, they must first go through the painstaking process of scouring the dark web and trying to access cybercriminal hangouts manually to detect and identify threats. They must then find a way to build trust with hackers and fraudsters over time. Even a large team of security analysts cannot sufficiently achieve the coverage needed for any measurable success. Such attempts are labour-intensive, time-consuming and by no means scalable as a reliable security strategy. It is better to employ an automated approach that leverages smart technology to achieve network penetration faster and in a more coordinated fashion.

Make education and awareness a priority

Education should focus on two distinct audiences to raise awareness of threats before they can impact on your company. Customer outreach is critical, in particular for companies in financial services, healthcare and other industries where users access and exchange personal or financial information. Online consumers must be regularly reminded of the dangers of phishing scams and social engineering attacks, and that they should never provide personal information unless on the verified banking, healthcare or partner site. Similarly, internal employees and business partner employees are increasingly being targeted for attack through BES and other spear phishing attacks. Human resources and payroll professionals are becoming common targets for these corporate-focused attacks because of the access that they have to employee and other sensitive company information. Employees who commonly receive requests from senior executives may be particularly vulnerable to these types of attack. Internal education for the entire company and the partner channel can go a long way to mitigating the potential for attack and serious data breach.

Comment

The cyberthreat landscape continues to evolve, shaped by advances in technology and the cybercriminals’ appetite to find new ways to capitalise on these changes.

Cybercriminals and the methods that they use are becoming increasingly sophisticated and, as a result, it is more and more difficult to keep secure. Brands recognise the severity of the threat and the ways in which it impacts on their business, reputation and customers. Even as cybersecurity and brand protection coalesce, organisations must ensure that they cover all their bases, including channels like the dark web. While there may be challenges, it is important that brands understand the scale of the threat that the dark web poses and the best ways in which to mitigate the risk and keep themselves and their customers safe.

MarkMonitor

Friars House

160 Blackfriars Road

London SE1 8EZ

United Kingdom

Tel +44 1978 528 370

Fax +44 870 487 8977

Web https://www.markmonitor.com/

Chrissie Jamieson

Vice president

[email protected]

With a career spanning more than 20 years, Chrissie Jamieson is a highly experienced strategic marketer with a strong focus in the business intelligence, brand protection and domain sector. As senior director for MarkMonitor – a brand of Clarivate Analytics – she is responsible for strategy, direction and lead generation and also manages the marketing communications, global public relations and thought leadership programmes.

Over the past decade, she has been key in developing the MarkMonitor brand internationally. She previously worked in major technology businesses, such as Information Builders.

Ms Jamieson is a fellow of the Chartered Management Institute. She holds a degree in marketing and business administration from Hertfordshire University and a postgraduate degree in strategic management from Hertfordshire Business School.