In today’s threat surface there are multiple ways to know that your company has been hacked. Typically, this is done through your basic security program, information from outside the company or proactive detection of leaks from the Internet.
In some cases, there is a need to analyze not only a surface web but also information on the deep web and, in case of extremely sensitive data, also in the dark web.
The Dark Web is the part of the web which is typically accessible only through anonymization networks such as Tor or I2P.
Typically it is difficult to detect the real address of the web service and the real IP address of clients.
BY KNOWING THAT THIS TYPE OF DATA IS AVAILABLE ON THE DARK WEB, YOU CAN:
- Realize that the attack happened and enact Incident Response immediately
- Minimize damage by knowing what data was stolen
- Identify the perpetrator and potentially start a criminal case.
- Detection of Dark Web details conducted by operatives on various Dark Web portals, where they look for data which interests them.
In most cases the leak or data is offered on one or multiple forums on the dark markets. When they are offered the operatives try to have access to them (if it is ordered by the client, they can be also bought) and then provided to the client…