When you hear "Dark Web," you might think of data breaches, hackers releasing millions of passwords, or stolen credit card information. However, the Dark Web is more than just a repository for illicit data; and it’s not the only place on the web threatening your cybersecurity.
Not only do threat actors continue to become more sophisticated, but their activities extend beyond the Dark Web itself. The threat landscape has evolved beyond the traditional Dark Web, with attackers using new avenues like Telegram and Discord. Financial institutions like credit unions must proactively review these emerging threats and invest in appropriate monitoring solutions tailored to their size and needs.
Let’s do a quick recap of what the Dark Web is, before diving into where criminal activity is happening online, how to minimize risk, and how to determine if you have the appropriate resources to monitor these threats in-house.
The 3 levels of the web
- Surface Web — accessible content indexed by standard search engines. This is the web you see every day.
- Deep Web — password-protected content, such as your email account or private databases, that isn't indexed by search engines. Most people spend some time on the Deep Web each day.
- Dark Web — a hidden part of the internet, accessible only through specific software like TOR, and used for anonymous communication and illicit activities.
Criminal activity online is getting more advanced, but it doesn’t only happen on the Dark Web
On one hand, Dark Web activities are becoming more sophisticated, with threats like ransomware-as-a-service, advanced phishing kits, and insider information trading all posing significant risks to financial institutions.
Platforms on the Dark Web sell everything from stolen financial data and banking trojans to ATM skimming devices, making it essential for credit unions to fortify their monitoring and security measures.
However, criminal activity is not just confined to the Dark Web. The Surface Web and Deep Web also harbor significant threats. Social media platforms, public forums, and paste sites are common venues for leaking stolen data and coordinating attacks.
Consider some popular tools that criminals leverage these days:
- Telegram — originally a simple messaging platform, it has also become popular for illegal ecommerce due to its encryption and large user base.
- Discord — known for gaming-related communications, it's now also a hub for phishing and malware distribution.
- I2P (Invisible Internet Project) — focuses on anonymous communication, allowing access to services not visible on the Surface or Deep Web.
Similarly, "Pig Butchering" scams, often conducted through a range of platforms from Facebook and LinkedIn to dating apps like Tinder, have caused $75 billion in losses since 2020. Victims are typically 30-49 years old and highly educated.
Surface Web threats
- Data breaches: initial disclosures often occur on public websites and forums before moving to the Dark Web.
- Phishing attacks: emails and websites designed to steal login credentials and financial information are often hosted on the Surface Web.
- Social engineering: attackers use social media to gather information and launch targeted attacks.
Deep Web threats
- Password-protected forums: these can be used to share stolen information and coordinate attacks without being indexed by search engines.
- Encrypted communications: tools like encrypted email services facilitate criminal coordination.
The overlapping nature of threats
Many threats span multiple layers of the web. For instance, data stolen in a breach (disclosed on the Surface Web) might be sold on the Dark Web, with coordination happening via encrypted Deep Web channels.
How can you minimize risk?
All credit unions have a responsibility to cover the basics, and the FFIEC provides feedback on what that means. Your organization should take advantage of the FFIEC Cybersecurity Assessment Tool, which helps identify and measure cybersecurity risks across several domains:
- Cyber risk management and oversight (implementing frameworks and policies to manage cybersecurity risks effectively)
- Threat intelligence and collaboration (gathering and sharing information on threats with peers and stakeholders)
- Cybersecurity controls (deploying measures to protect systems and data from cyber threats)
- External dependency management (assessing and managing risks related to third-party vendors and partners)
- Cyber incident management and resilience (developing plans and capabilities to respond to and recover from cyber incidents)
How much should your organization be handling in-house?
Different sized companies will have different capabilities, and safety measures like Dark Web monitoring can be expensive to handle internally for smaller orgs. So what kind of preparation should you be doing, based on the size of your security team?
Small teams (0-1 cybersecurity employees)
For minimal cybersecurity staff, establish foundational measures:
- Third-party services: monitor employee emails on the Dark Web and use MSSPs for security operations.
- Threat intelligence feeds: use native feeds from existing security tools and subscribe to FFIEC resources to stay informed.
- Basic practices: educate staff on common threats and develop simple incident response plans.
Medium-sized teams (1-3 cybersecurity employees)
For teams with a few cybersecurity employees, you should aim to step up your security measures:
- Advanced third-party services: monitor the Dark Web for threats related to members and employees.
- Education and incident response: educate workforce on global trends and create detailed incident runbooks.
- Internal processes: conduct regular threat assessments and join information-sharing forums.
Larger teams (4+ cybersecurity employees)
For larger teams, work to build robust, in-house capabilities:
- In-house monitoring: develop infrastructure to monitor Deep and Dark Web activities, including vendors.
- Integration and automation: integrate threat intelligence into business processes and use automation tools.
- Training and collaboration: continuously educate employees, define policies and KPIs, and foster cross-department collaboration.
- Proactive sharing: participate in information-sharing communities and maintain robust communication channels.
It’s never one-and-done
No matter your credit union's size, you should continually develop your internal expertise, because threat actors won’t be resting. This is why we always tell our clients that cybersecurity is a marathon, not a sprint.
By staying vigilant and proactive, your company can better protect itself against sophisticated threats, whether they’re lurking on the Dark Web or elsewhere.
To stay up to date on the latest insights across IT, cybersecurity, business operations, and more, sign up for the Katalyst newsletter today.