Tapping the Dark Web to Bolster Cybersecurity and Thwart Cyberattacks
Josh Horwitz, a Software Entrepreneur and Executive, built a highly successful customer engagement software company and sold it. What was his next move? He dove into the dark web and—working with a couple other entrepreneurs—launched a fast-growth cybersecurity startup called Enzoic. The company is focused on stopping bad actors from exploiting compromised passwords.
Compromised passwords frequently are a point of entry when cybercriminals and rogue nation-states gain access to networks, applications, and sensitive content. In a recent Kitecast episode, Horwitz discussed how Enzoic is transforming password security by mining the dark web, empowering organizations and users to know if passwords have been compromised and prompting them to update them.
Stolen and Hacked Credentials Pose a Significant Cyber Risk
According to Verizon’s 2022 Data Breach Investigations Report (DBIR), the number of data breaches continue to increase every year. There were 5,212 breaches reported in 2022, compared to 1,935 breaches reported in 2017. Stolen credentials are by far the most common entry point, accounting for nearly 50% of all reported incidents. In the DBIR report, cybercriminals use stolen credentials in many types of cyberattacks, the three most common being:
- Password Spraying Attacks: Attackers try a few commonly used passwords against a wide selection of accounts, relying on the fact that many users choose the same weak and common passwords.
- Brute Force Attacks: Cybercriminals use software to attempt as many guesses as possible, using cracking dictionaries as the basis of their data.
- Credential Stuffing Attacks: Using stolen sets of full credentials, hackers plug a user’s data into additional accounts to try to access them.
Shining a Light on the Dark Web and Cybersecurity
The dark web is an online network that can be accessed using the Tor Browser, which helps to keep users anonymous by having layers of encryption. It was originally set up with the intention to protect individual privacy rights, and is home to legitimate activities led by journalists, political whistleblowers, and security specialists, as well as bad actors, including cybercriminals and rogue nation-states. However, the dark web is also used for illegal activities such as the theft and re-selling of user credentials and personal data.
A recent report from Digital Shadows estimates that over 15 billion stolen credentials are available on criminal marketplaces on the dark web. This information can be used for financial gain, identity theft, ransom, account takeover, insurance fraud, and the disruption of business.
Law enforcement is more prepared to confront physical crime than IT, security, and risk management leaders are prepared to protect against cyberattacks. Organizations need to take practical measures to protect against stolen credentials, such as screening on an ongoing basis. By comparing employee passwords against a blacklist, companies can prevent the effects of data breaches.
Other measures companies can take to protect against cyberattacks using the Dark Web include two-factor authentication and multi-factor authentication (MFA). These processes provide additional layers of security on top of username and password combinations, making it more difficult for hackers to gain access to accounts. Companies should also ensure employees are educated on how to protect their personal data and make sure their employees keep their passwords secure.
The dark web is a complex and ever-evolving landscape, and as such, it constantly presents cyber challenges. Companies need to monitor their online environments and take proactive steps to protect against stolen credentials. By implementing measures such as credential screening and multi-factor authentication, organizations can prevent hackers from accessing their accounts, protecting against the potential fallout of a data breach.
Monitoring Compromised Credentials From Reported Breaches and the Dark Web
Monitoring compromised credentials is a critical practice for companies today. According to the 2022 DBIR, compromised credentials were involved in over 80% of cyberattacks. It is essential to implement a strategy that detects and prevents the use of stolen credentials by hackers. Companies should make sure that their passwords are complex and regularly updated, and that policies are in place to prevent password reuse. Organizations should also be aware of the data available on the dark web and use it as a defense tool. By consistently scanning for compromised credentials and blacklisting them, companies can prevent these stolen credentials from being used to access their systems. With the proper monitoring and security in place, companies can better protect against malicious actors who seek to exploit their systems.
Horwitz argues that monitoring of compromised credentials is paramount to adequately protect businesses from the threat of cyberattack. Companies must closely monitor the dark web for any appearance of credential breaches, and when found, take necessary steps to make sure those credentials are not being used in their networks or systems. It is also important for organizations to make sure their employees practice good password security by using strong, unique passwords for each account, and avoiding password reuse.
Managing Sensitive Content Communications Privacy and Compliance Risk
The Kiteworks Private Content Network offers a comprehensive approach to sensitive content communications risk management. The content-defined zero trust employs least-privilege access and always-on monitoring. Policy-driven governance using cybersecurity frameworks ensures regulatory compliance that includes a syslog metadata that can be shared with security operations center (SOC) capabilities like security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools. For least-privilege access, Kiteworks uses multi-factor authentication to control access to sensitive content communications and collaboration.
Kiteworks unifies security and compliance risk management in the Private Content Network for consolidated tracking, control, and security of private data. In addition to adhering to cybersecurity frameworks like the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), FedRAMP Authorized for Moderate Level Impact, Cybersecurity Maturity Model Certification (CMMC), FIPS 140-2, ISO 27001, or SOC 2, Kiteworks enables customers to comply with data privacy regulations such as the European Union’s General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and the Health Insurance Portability and Accountability Act (HIPAA).
Thousands of global organizations rely on the Kiteworks Private Content Network to address these privacy and compliance challenges—unifying, tracking, controlling, and securing sensitive content communications. Schedule a custom demo to see how the Kiteworks Private Content Network can enable you to manage governance and security risk.
Additional Resources