Dark web threats – and what to do about them

  Read time : 5 mins       Added:  14/09/2020

Share:   LinkedIn     Twitter     Facebook     Share via email     Copy link to clipboardLink copied to clipboard

The dark web poses a threat to businesses, with criminals using it to launch cyber attacks and sell stolen business and customer data. Understanding how criminals operate in this hidden ecosystem, and the steps you can take to protect yourself from them, can help you keep your business safe.

What exactly is the dark web?

The internet is made up of 3 parts:

The surface web, also called the clear web, clearnet or visible web, is the part of the internet indexed by traditional search engines like Google.

The deep web: like the dark web, this is a part of the internet that’s not indexed by traditional search engines. It’s often confused with the dark web, but it’s not the same. The content on the deep web is mainly harmless. It contains things like library catalogues, company intranets and content that’s behind log-ins – including the content of online banking accounts and personal email accounts. Private or commercial information that’s password protected, in other words.

The dark web: the dark web is part of the deep web, but as its name suggests, it’s hidden. You can’t get to it using a conventional web browser like Google Chrome or Mozilla. It’s only accessible via a browser specifically designed for the purpose, such as the Tor browser (Tor is an acronym of The Onion Router, a reference to onion-like levels of encryption). Using the dark web is not illegal in itself, but there’s a lot of harmful content on it – it’s estimated that around 60% of it is illicit. This includes compromised data, the sale of which is the second or third biggest category in dark web markets, according to Europol.

However, although much of the material on the dark web is illicit, this isn’t the case with all of it. The BBC for example, has a presence on the dark web, enabling people living in repressive regimes to access their content without fear of discovery.

How does the dark web work?

The advantage that the dark web has for criminals is that it’s completely anonymous. Search engines can’t detect the browsers used to access it, and those who publish material on it are also anonymous because of encryption.

This makes it a meeting place for organised criminal gangs who use forums on the dark web to communicate with each other, sharing techniques and services, including encryption, counter anti-virus and renting servers to host criminal activity.

Crypto currency, such as Bitcoin, enables payments to be made on the dark web anonymously.

What threats does the dark web present to businesses?

The sale of ransomware and malware: there were over 4 million ransomware attacks in the UK in the months up to July 2020. These happen when malware inadvertently downloaded onto a computer encrypts the victim’s files. Ransomware attackers then demand payment for restoring access. Ransomware attacks can be devasting for businesses – one of the most infamous was WannaCry in 2017, which reportedly cost the NHS £92 million.

Shipping giant A.P. Moller-Maersk, which moves freight round the world, suffered losses of between USD200-300 million in the NotPetya malware attack which rendered apps, laptops and servers useless. The damage took less than 10 minutes to spread through the company.

Ransomware packages are sold on the dark web, including custom-built models and even ransomware-as-a-service subscription packages, enabling non-technical criminals to launch attacks on businesses.

The sale of business data: if your business is hacked and your data stolen, it may well end up for sale on the dark web. Hackers also sell access to breached company databases, leaving them open to the theft of anything from financial information to employees’ personal details.

As well as being hugely damaging reputationally for companies, data breaches can be very expensive. The Information Commissioner’s Office (ICO) fined DSG Retail Limited £500,000 in January 2020 after a point of sale computer system was compromised by a cyber attack, affecting some 14 million people.

Understand the financial implications of a cyber attack on your business

The sale of credit card details from businesses: it’s estimated that data from some 23 million credit cards is for sale on the dark web. This may have come from various sources, including online stores checkout processes. It’s not just consumers’ cards that are targeted – company credit cards face all the same vulnerabilities. Marketplaces called Automated Vending Carts (AVCs) are used to sell credit card details without the buyer and seller needing to interact.

Protecting your business against dark web threats

There are dark web monitoring tools available that scan the dark web – or the bits of it they can reach – and alert you if your stolen data ends up there. However, this will only let you know about an attack that’s already happened. It can be far more effective to understand the cyber threats your business may face, and take steps to keep your data safe in the first place.

Taking proactive action to avoid cyber-attacks will reduce your business’s vulnerability. Understanding what the motives might be for attacking your business will help you protect your business.

Giles Taylor, Head of Data & Cyber Security, Lloyds Bank Commercial Banking

These are some of the steps businesses can take.

Cyber security awareness training

This is essential. Many cyber attacks are carried out using phishing – emails containing malware that, once in your system, can launch ransomware or steal information. Everyone in your company needs to know how to recognise malware – not just the IT department.

Password protocols

As well as using sophisticated passwords that change regularly, businesses should make use of two-factor authentication: a combination of passwords and a second factor, like a token or fingerprint.

Guidelines of employee internet use and email protocols

Employees can inadvertently compromise business cyber security by using the internet on work computers for personal use, so it’s important to have guidelines on what they can and can’t access. Any policy may also include rules on plugging employees’ personal devices into company computers. Having guidelines around emails – warning against clicking on links, for example – may also help protect your business.

Virtual private networks (VPNs)

A VPN hides your location and internet activity, so cyber criminals can’t access it.

Taking these precautions, keeping firewalls up to date, and regularly checking for security vulnerabilities will help keep your data safe from dark web threats.

Limiting the financial impact of a dark web attack on your business

Cyber attacks can be costly – not just in terms of cash flow and operational impact, but also because of customer churn and reputational damage. A well-rehearsed cyber response plan, a facility to contact customers in the event of a breach and a separate cyber insurance policy can all help mitigate impacts on costs.

Related links

Important legal information

The products and services outlined on this site may be offered by legal entities from across Lloyds Banking Group, including Lloyds Bank plc and Lloyds Bank Corporate Markets plc. Lloyds Bank plc and Lloyds Bank Corporate Markets plc are separate legal entities within the Lloyds Banking Group.

Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service. Please note that any data sent via e-mail is not secure and may be read by others.

Lloyds Bank is a trading name of Lloyds Bank plc, Bank of Scotland plc and Lloyds Bank Corporate Markets plc. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no.2065. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Lloyds Bank Corporate Markets plc. Registered office 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 10399850. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 119278, 169628 and 763256 respectively.

Eligible deposits with us are protected by the Financial Services Compensation Scheme (FSCS). We are covered by the Financial Ombudsman Service (FOS). Please note that due to FSCS and FOS eligibility criteria not all business customers will be covered.

Lloyds Banking Group includes companies using brands including Lloyds Bank, Halifax and Bank of Scotland and their associated companies. More information on Lloyds Banking Group can be found at www.lloydsbankinggroup.com

While all reasonable care has been taken to ensure that the information provided is correct, no liability is accepted by Lloyds Bank for any loss or damage caused to any person relying on any statement or omission. This is for information only and should not be relied upon as offering advice for any set of circumstances. Specific advice should always be sought in each instance.