Contemporary movies are filled with high-stakes cybercrime, where a lovable criminal syndicate breaks into a company’s systems to help wreak havoc on the true villains of the film, all the while exposing the company’s dirty laundry. Naturally, this idea can be frightening for any business, whether or not they have any dirty laundry to air out—after all, nobody wants a ruined reputation—and is unfortunately less and less of a fantasy all the time.
This is directly due to the idea of a hacking gig economy, and how the Dark Web can be used to support it.
What is a Gig Economy?
Before we get too far into the weeds as we discuss the Dark Web, let’s make sure we’re on the same page in terms of the “gig economy.” The gig economy basically describes the prevalence of people working in part-time positions on a temporary basis or as independent contractors, either as a means of supplementing their existing income or as their primary source of it. This environment has been supported in its growth by the capabilities of the Internet—particularly within the younger generations in urban areas.
This new economy has proved beneficial for both the members of the workforce that are a part of it, and the businesses that enlist their services. These businesses have a much larger pool of resources to draw upon without the long-term commitment of a full-time hire, while workers can more easily supplement their increasingly flexible lifestyle with this kind of work.
Of course, a lot of drawbacks have come with this new method of work as well, but that’s something we’ll have to get into later. For now, we just need to focus on the idea that more people are seeking out work opportunities in a less traditional format (as well as businesses increasingly seeking out people to fill these temporary roles) and are using the Internet as a means of doing so.
Unfortunately, this trend also includes cybercriminals, and those businesses who want to take advantage of their illicit services. These parties accomplish this by taking their intentions to the Dark Web.
Understanding the Dark Web
Admittedly, the term “Dark Web” may not be familiar to everyone, so it may be helpful to look at how the Internet is functionally constructed. The Internet of today is made up of three distinct parts:
- The Surface Web: The Surface Web is the part of the Internet that most people are familiar with and associate with the Internet in general. Composed of all websites and pages that have been indexed by a search engine (and can therefore be found through these search engines), the surface web is anything that is openly accessible via the Internet.
- The Deep Web: The Deep Web includes all the pages that require a login or payment before they can be accessed, along with a user’s data on a website or platform. This data is not indexed, meaning that search engines cannot crawl or index it. This is what makes up most of the Internet today.
- The Dark Web: The Dark Web is the portion of the Internet that is inaccessible to a typical browser, only available via the Tor browser. As such, activity here cannot be traced or tracked, making the experience anonymous—and therefore, ideal for cybercriminal activity (amongst many other uses, of course). Due to its anonymity, the Dark Web operates on secrecy and cryptocurrency.
This last point is what allows the Dark Web to give cybercriminals the utility that it does as a means of selling their services to those seeking it out. By anonymizing all browsing and even hiding payments behind the encryption of cryptocurrencies, the Dark Web gives this illicit economy the perfect environment in which to thrive.
Let’s explore how such a transaction could take shape:
Examining a Dark Web Gig
Let’s assume for a moment that you have a serious enemy, whether it's one of your competitors, an old employee who left on bad terms, or a former client with a serious grudge. What can this enemy of yours do?
If they have the knowledge of how to do so, someone seeking to hurt your company could access the Dark Web and seek out a hacker’s services on one of the many forums that the Dark Web hosts, offering some financial payout in exchange for your website being taken down. Maybe they’d offer a thousand dollars or so, and a hacker with some time could take them up on that offer.
This isn’t a hypothetical situation—Dark Web forums have seen more than eight million users send over 80 million messages seeking out the services of a hacker, with hackers using the forums to promote their own services. Generally speaking, these posts break down as follows:
- 90 percent of these posts are from those seeking out hacking and cyberattack services
- 7 percent of these posts are from hackers seeking out jobs
- 2 percent of these posts are meant to encourage the sale of hacking tools
- 1 percent of these posts are to encourage people to network with each other
As you might imagine, the number of people actively using these platforms leads to many very specific services available.
The Value of Data on the Dark Web
Of course, we should discuss how much a cybercriminal could potentially make, if only selling data that they have stolen. After hacking a database, a hacker could potentially sell its contents for $20,000—about a rate of $50 for about 1,000 entries.
The Risk This Presents to Your Business
Small-to-medium-sized businesses are under a somewhat ambiguous level of threat from the Dark Web, specifically where data theft and distribution are concerned. To many, the Dark Web remains a sort of computer horror story.
However, as the Dark Web comes more into the public consciousness, its already-considerable risks will only grow… and again, it isn’t as though it isn’t already being used to distribute stolen data, be it sensitive information or access credentials or what have you. There’s a non-zero chance that some of your data is already put up for sale on some Dark Web site.
To minimize this risk moving forward, there are a few safeguards that you need to adopt as a standard procedure:
Security
If there’s a way that someone can use some vulnerability to access a business’ resources, whether they’re hosted online or on your network, they will. Ensuring that everything is reinforced against these threats will help to minimize the chance of their success.
Team Awareness
A big part of avoiding phishing is for your team to be able to see it coming. Training your team members to identify and properly mitigate the threats that they will face—and they will face them at some point—will be crucial to protecting your business.
Due Diligence
Finally, all the best practices that you expect your team to uphold all must remain in play, as hackers actively seek out companies with lacking security to target. Don’t give them the opportunity.
XFER is here to help. Reach out to us at 734-927-6666 / 800-GET-XFER to learn more.
Comments