It is always easier to destroy than it is to build, easier to harm than to heal. It will always be easier for attackers to burrow themselves into the criminal underground and from there carefully and precisely worm their way past enterprise defenses, ultimately taking root next to data stores and syphoning off valuable information until they grow fat with the financial benefits of their labors.
The enterprise is in an arms race with cyber criminals. Organizations must constantly build up defenses in an attempt to maintain the status quo if not shift the balance of power in their favor.
CSO explores the deep web, dwell time, and their roles in the balance of power in cybersecurity, pointing up defensive moves such as employing hackers and improving the effectiveness of employee education about social engineering / phishing in order to better arm personnel.
The realm and purpose of the darker side of the deep web
Owners of sites in the deep web do not index their web properties in directories and search engines for any of a number of reasons including security or privacy. Criminal hackers with forums on the deep web avoid web crawling bots and spiders in order to minimize awareness of their nefarious operations. (People often ambiguously refer to this portion of the deep web as the dark web. This can create confusion as the dark web typically refers to darknets.)
Criminal hackers use the deep web to enable hidden conversations and to conduct trade in defensible malware. “Attackers use the deep web for anonymized communications that they encrypt over web protocols and for trade in rootkits that they use for nuisance attacks to serve as smoke screens that cover real attacks,” says Professor James Hendler, Director of the Institute for Data Exploration and Applications, Rensselaer Polytechnic Institute (RPI).
Cyber hoodlums orchestrate the real attacks using threats such as the latest exploits, APT approaches, and zero-days, which they keep close to their chest while enterprises still have no defense against them. “The current state-of-the-art happens off the deep web because attackers are not willing to share that information. Ransomware for example is extremely sophisticated and these criminals go to great lengths to obscure its source,” says Hendler.
The deep web is also a place for attackers to shop for compromised information about people including their routines and credentials. “Criminal hackers conduct trade in data about who uses what bank, for example, and how their emails typically appear so they can spoof that person not only at that bank but wherever they use the same username and password,” explains Hendler.
While an attacker has only to find one flaw to gain entry, the security pros must know, close, and protect every vulnerability.
Sign up for CIO Asia eNewsletters.