While COVID-19 has played into the hands of cybercriminals. People work remotely and spend more time on devices; commerce has transitioned to online, and it is easy to choose convenience over security.
There is a lot of information going around about the types of scams and breaches. Today, we want to look at where your data goes when it gets stolen. Notice it says “when” – not “if”. Every cyber security professional will agree that if you use the Internet, some form of your data has most likely been stolen, and if it has not, it will be. Those data breaches you read about every day. The Dark Web is where most of that data ends up. Yours, too! So, you may hear about xyz breach, but let’s face it, while it’s a bit creepy, most of us don’t feel any repercussions from it. Your bank account is not immediately robbed, and nobody shows up at your doorstep. So, all of it seems a bit far away and intangible. The problem is it is not – most of us just don’t see the connection between that data breach and other things that may end up happening months later. So, what exactly is the Dark Web?
The Dark Web is a section of the Internet that is “hidden” through encryption and other means to guarantee the anonymity of users. You usually need specific software or authorization to access the sites and content and search engines usually don’t index them. So, naturally, it’s a perfect place for illegal activity and trade. How does your stuff end up on the Dark Web?
If you have been part of the many, many, many, many data breaches, chances are your information may be offered up for sale on the Dark Web. If you haven’t yet, you will at some point. Cybercriminals buy that data to launch wide-cast phishing and social engineering attacks, or access email and other accounts directly. Think about it: if they have access to your email account, how much information is in there that can be used as bait to you or someone you know to gain further information? The software makes it easy to filter the data for stuff that is very specific and can be used to send emails that sound familiar enough for someone to click on something they shouldn’t or enter passwords. And if they’re sending out 50,000, a handful of “Gotchas” is enough. The worst part about it is that most of the time we don’t even notice that something has happened. Until accounting wires money to what turns out to be a false account, your customer’s data shows up on the Dark Web or you get a ransom email.
There’s even a business model offered on the Dark Web – Ransomware as a Service! DarkSide, for example offers RaaS to clients for a 25% take of the ransom up to $500k and 10% above that. Anyone who tries to join the DarkSide RaaS group must pass an interview, and if they succeed, they are provided with a control panel for selecting their ransomware build, managing their victims and contacting support. Scary Stuff! So, what can you do?
The obvious, but effective answer is to always be vigilant and suspicious with any online activity (that’s email and social media too!). But there are also some tools that can help protect you and check on your data.
- Stay educated. Even if you’re NOT a cybersecurity professional, you should stay on top of the most common ways to get to you. You can follow national companies like Cyberventures.com or your local provider for a more regional take. Check out our bog on The #1 Threat Right Now and How Not to Fall For It
- Get a professional password app – for your personal use AND your business. That makes sure you’re not re-using old passwords and change them on a regular basis. There are free ones for personal use, but it’s also worth investing the reasonable cost for this added layer of security. Here are the top 5 password apps for 2021: Consumer Advocate - Best Password Apps 2021
- Check this free site out: https://haveibeenpwned.com/ - it’s a site that shows you whether an email address has been part of any data breaches. You can try as many addresses as you like and get more info on the kind of breach. I found that mine was part of some 3rd party services that I didn’t recognize but were affiliated with some other services I use.
- Talk to your IT provider. Dark Web Monitoring will continuously scan the dark web for your email address and alert you when it shows up. Nex-Tech’s Cybersecurity Profile solution includes that and even goes a step further, assigning risk profiles to users on your network depending on their activity and offering end user training. All of that for $20/month/user – worth the sleep at night? Let’s chat!
Final words to the wise. Stay vigilant.
#Partner with Nex-Tech because We Do I.T.
The team at Nex-Tech wants to make our patch more secure! Why? Because you’re our friends and neighbors. Contact us at 877.625.7872, or via email at firstname.lastname@example.org.