What is the Dark Web and Why is it a Threat to Your Portfolio Companies?

Introduction 

Businesses face numerous cyber threats, and dark web monitoring is a critical, yet often overlooked, component in protecting business interests. For portfolio companies within private equity firms, understanding the dark web’s significance is essential. It is a breeding ground for illicit activities, including the sale of stolen data, intellectual property, and confidential business information. Ignoring these threats can lead to severe financial losses, reputational damage, and regulatory penalties. This blog explores the dark web, its uses, and the substantial risks it poses to your portfolio companies. By understanding this hidden part of the internet, your portfolio companies can take proactive measures to protect their digital assets and ensure business security.

 What is the Dark Web? The internet hosts millions of web pages, databases, and servers that are active 24/7. The “visible” internet, or surface web, includes websites easily accessible through search engines like Google and Yahoo. However, this visible layer is just a small fraction of the entire internet. Beneath it lies the deep web and the dark web. Experts estimate that 96% of the internet is hidden. The deep web compromises 90% of this hidden portion, while the dark web makes up the remaining 6%.

Watch our quick video to learn about the dangers of the dark web.

What are the Dark Web, Deep Web, and Surface Web? 

Surface Web Explained 

The surface web is the visible and easily accessible part of the internet, making up less than 4% of the total web. It includes websites that standard browsers like Google Chrome can find. These sites typically end with “.com” or “.org” and are accessible through visible links.

Deep Web Explained 

The deep web lies beneath the surface and is not indexed by search engines. It includes all content not accessible through standard search engines, such as email services, databases, private intranets, and the dark web.

While the deep web and dark web are often conflated, they are distinct. Much of the deep web is legal and secure, including sensitive financial and medical data, among other protected content. Accessing the deep web is part of everyday internet use, including password-protected pages and those deliberately excluded from search engine indexes.

The Dark Web Explained 

The dark web is a hidden section of the internet, consisting of a network of encrypted sites intentionally concealed from public view. Unlike the surface web, it is not indexed by search engines and can only be accessed with specialised software like the Tor network.

Often associated with criminal activities, the dark web facilitates anonymous communication and transactions, posing significant threats to portfolio companies. Cybercriminals exploit its anonymity to trade stolen data, malware, and hacking tools.

Key features of the dark web include:

• Lack of indexing by standard search engines like Google
• Utilisation of a randomised network infrastructure for virtual traffic tunnels
• Inaccessibility via traditional browsers due to unique registry operators and enhanced network security measures

 What Is The Dark Web Used For? 

The dark web’s anonymity attracts cybercriminals. Users on the dark web engage in activities such as trading stolen credit card numbers, personal information, streaming service credentials, illegal content, counterfeit currency, and tools for cybercrimes like ransomware attacks. Cryptocurrencies, such as Bitcoin, are often used for anonymous transactions.

Despite its notorious reputation, the dark web is not inherently illegal and serves legitimate purposes. It provides a communication platform in restricted environments and supports political activists and journalists. Additionally, it hosts unique content, including banned literature and discussion forums.

Law enforcement agencies and cyber threat intelligence specialists use the dark web to gather intelligence on cyber threats and illegal activities. Their efforts are crucial in protecting organisations, including your portfolio companies, from cyber threats and criminal activities.

Why Does the Dark Web Pose a Threat to Portfolio Companies?

The dark web serves as a marketplace for cybercriminals to trade stolen data, allowing them to profit from their illicit activities. Portfolio companies under private equity firms are particularly attractive due to the valuable information they store, such as customer, financial, and employee records. These companies often span various industries, each with its own set of cyber security challenges and risks. The pie chart below, sourced from Kroll’s Data Breach Outlook 2024 report, illustrates the widespread occurrence of data breaches across all industries.

In recent years, cyberattacks against organisations have surged, with portfolio companies increasingly becoming attractive targets. Notably, certain types of attacks, such as social engineering attacks like phishing, are more frequently directed at these organisations.

Portfolio companies face heightened vulnerability to data breaches due to several factors:

• Limited Cyber Security Budgets: Constrained budgets make it challenging to implement robust security measures
• Lack of Cyber Security Expertise: Smaller companies may not have dedicated cyber security teams, leading to gaps in their security posture
• High Value of Data: They hold valuable data, including intellectual property and proprietary business information, which are lucrative targets for cybercriminals
• Supply Chain Vulnerabilities: Being part of a larger network, portfolio companies can be targeted as entry points to compromise the entire supply chain
• Regulatory Compliance: Failure to comply with cyber security regulations can result in significant penalties and damage to reputation, making vigilance crucial

Once cybercriminals compromise and trade their business information on the dark web, it becomes susceptible to identity theft, fraud, and other criminal activities. Furthermore, portfolio companies may lack awareness of the risks associated with the dark web, exacerbating their susceptibility to attacks.

How Does the Dark Web Contribute to Data Breaches?  

The dark web serves as a marketplace for stolen data, where cybercriminals trade valuable information such as credit card details and login credentials. This data is often acquired through phishing scams, malware attacks, and brute force tactics. The anonymity of the dark web allows cybercriminals to evade detection and enforcement efforts. This makes it a haven for illicit activities.

A significant portion of data stolen during security breaches eventually finds its way onto the dark web. This data is available for purchase at remarkably low prices, as demonstrated by the Privacy Sharks Dark Web Price Index 2024.

The accessibility and affordability of sensitive data on the dark web highlight its significant role in facilitating data breaches and cybercrime. For portfolio companies, this means that once their data is compromised, it can quickly be sold and exploited by malicious actors. This highlights the importance of robust cyber security measures and continuous monitoring to protect valuable business information.

Examples of Data Breaches on the Dark Web 

These real-life instances highlight the substantial risks of data breaches and the urgent need for proactive measures to protect sensitive information and minimise potential damages.

“Mother of All Breaches,” January 2024 

Impact: 26 Billion Records 

In January 2024, a security researcher, Bob Diachenko, discovered a massive database containing 26 billion leaked records, affecting millions or even billions of individuals. Dubbed the “Mother of All Breaches,” this incident is believed to be the largest breach in history.

The dataset includes information from various global social media platforms and online services. The database comprises re-indexed leaks, breaches, and privately sold databases. Notable contributors include Tencent, Weibo, MySpace, and X, alongside organisations like Adobe, Dropbox, LinkedIn, and Telegram, among others.

Researchers suspect that an initial access broker compiled the data from multiple sources to profit on the dark web. Cybercriminals could use this data for various malicious activities, including identity theft, phishing, and business email compromise. For portfolio companies, this breach highlights the importance of securing all digital assets and monitoring for potential data leaks.

LinkedIn, June 2021 

Impact: 700 million users 

In June 2021, data associated with 700 million LinkedIn users was posted on a dark web forum, affecting over 90% of its user base. A hacker named “God User” used data scraping techniques to exploit LinkedIn’s API. This resulted in the exposure of email addresses, phone numbers, geolocation records, genders, and other social media details.

While LinkedIn argued that no sensitive personal data was exposed, the incident violated its terms of service. The leaked data provided malicious actors with ample information to execute convincing social engineering attacks. Portfolio companies must be careful about the data they share on professional networks. They should also inform their employees about the risks associated with data scraping and social engineering.

Take Action To Protect Your Business Data 

The dark web is a serious and growing threat to private equity firms and their portfolio companies. It is a hub for illicit activities that can severely impact your business and clients. Ignoring this threat is not an option. Strengthen your cyber defences now by incorporating dark web monitoring into your cyber security strategy.

Our services simplify the process with seamless integration, continuous monitoring, and real-time alerts. We detect and prevent breaches before they occur, protecting your portfolio companies and securing your data. Contact us today to get started.