We’ve all seen advertisements for the websites that offer to connect you with the professionals ready to help you with a specialized task around your home, from repair work to childcare to cleaning services. Unfortunately, cybercriminals have adopted a similar tactic to help market their services, leading to the creation of a sort of hackers’ gig economy on the Dark Web.
Let’s dig into what this is, and how you can minimize the risks it could pose to your business.
First Off, Defining the Gig Economy
The gig economy is the environment that many find themselves operating in now, where part-time and temporary positions as an independent contractor are commonly used to supplement or replace the more traditional workplace as a source of income—where the “side hustle” is normalized. The Internet has greatly facilitated the development of this economy, particularly amongst younger workers in the cities.
The gig economy presents benefits to the workforce and to businesses alike. The workers have gained the means to enjoy their increasingly flexible lifestyle, while businesses can now take on resources as they are needed without the long-term (and often financially prohibitive) commitment an additional full-time hire would impose.
While the gig economy isn’t without its drawbacks, our focus here is primarily the concept that the Internet has allowed more people to find the opportunity to work in a non-traditional way… and businesses are certainly taking advantage of these capabilities as well.
Unfortunately, this doesn’t exclude cybercriminals—or, for that matter, the businesses who resort to hiring them—who do so by taking advantage of the Dark Web.
Some Clarification About the Dark Web
We’re aware that many people may not be familiar with the term “Dark Web” beyond the references to it they may have heard in news headlines. To bring you up to speed, let’s go over the basics of how the Internet itself is built:
The Internet has three parts:
- The Surface Web: This is the part of the Internet that the average user thinks of when they think of the Internet. Made up of any webpages and sites that a search engine has indexed (and can therefore find), the surface web is often where a person’s consideration of the Internet ends.
- The Deep Web: If a page requires a user to log in or make a payment before navigating to it, or if it holds a user’s information on a website or platform, it is part of the Deep Web. Making up the majority of the modern Internet, this part of the web is not indexed by search engines, meaning that it can’t be navigated to as a search result.
- The Dark Web: The Dark Web is another section of the Internet that search engines cannot touch, and actually requires a specialized browser to be used. Any activity on the Dark Web is untraceable, making it completely anonymous. This makes the Dark Web a great resource for refugees, journalists, and yes, cybercriminals. While all activity is anonymous, cryptocurrency enables the Dark Web to support transactions between two parties.
This last point is why the Dark Web is so commonly associated with cybercriminal activity.
The anonymity of the Dark Web enables cybercriminals to use it as a means of selling their services without identifying themselves, hiding their identities and obscuring payments behind encryption. As a result, a new gig economy has risen on the Dark Web where cybercriminal acts can be bought and sold.
Let’s look at a hypothetical example of such a transaction:
A Sample Dark Web Gig
Say for a moment that your business has someone who wishes ill upon it, whether that’s a competitor of yours, or a former client with a grudge, or even a former employee with an axe to grind. If they had the motivation and the know-how required to do so, this enemy could anonymously go on the Dark Web and hire a cybercriminal to attack your business in exchange for a sum of money.
There are entire forums on the Dark Web where hackers will offer their services for a price and potential clients seek out an attacker to carry out some misdeed. Crunching the numbers, these forums have seen over 80 million messages sent by more than eight million users, breaking down like this:
- 90 percent of these posts are from those seeking out hacking and cyberattack services
- 7 percent of these posts are from hackers seeking out jobs
- 2 percent of these posts are meant to encourage the sale of hacking tools
- 1 percent of these posts are to encourage people to network with each other
How Much is Data Worth?
Of course, we should also mention that a hacker who has stolen data can find the Dark Web quite lucrative. A hacked database could potentially be sold for $20,000, every 1,000 entries netting them $50.
Why Your Business Could Be at Risk
In fairness, the average small or even medium-sized business likely isn’t at much of a threat from such activities on the Dark Web… for now. As more and more people become aware of it and become familiar with the technologies needed to use it, the practical threat it poses will only grow.
That said, it isn’t as though it isn’t being used now to distribute stolen data and access credentials. Your data and information could very well be present on the Dark Web right now, for sale to any who might want it.
As time goes on, businesses will need to adopt safeguards and integrate them into their standard procedures:
Generally Improved Security
If there is a vulnerability on your business’ network or exposing your data in some way, the safe assumption is that a cybercriminal will take advantage of it at some point. Keeping your security comprehensively updated will help to resist these attacks when they ultimately come.
Team Awareness
Some threats, like phishing, rely on your team to miss them to take effect. By training your team to be able to identify and mitigate these attacks, you can help keep your business safe from these efforts.
Diligence
Last—but certainly not least—you and your team need to keep all the best practices that will help protect your business against the threats that cybercriminals pose in mind, always. This will help to eliminate much of the opportunity that cybercriminals would otherwise have.
The team here at Lantek is here to assist you with all of this. To find out how, give us a call at (610) 683-6883 today.