The dark web is a bustling place, and many people from many walks of life utilize it daily. Some people use the dark web for legitimate purposes, like journalists in countries with strict censorship laws, government and military agencies or cybersecurity researchers. Only approximately 6.7% of global users use the dark web for illicit activities such as sharing malware, distributing child abuse content, or selling illegal substances or weapons. Of course, many regular dark web users sell dangerous, stolen or illicit items and are also engaged in cybercrime. Learning more about who uses the dark web can help security professionals better defend businesses against threats.

• What does the dark web look like these days?

The internet as we know it has three distinct layers, and the dark web is by far the smallest:

The surface web is what most of us access in our regular, day-to-day activities. It is available to the general public using standard search engines. The shopping sites, social media platforms, streaming services, news organizations and other websites people commonly visit are on the surface web. It can be accessed using standard web browsers without particular configuration, such as Mozilla Firefox, Microsoft Edge and Google Chrome. The surface web seems vast, but it is, in fact, just about 4% of the overall web.

The deep web is the most significant portion of the net. It is not indexed or searchable by ordinary search engines. Accessing these websites or services requires a specific URL or IP address. Some sites are part of the deep web because they block search engines from identifying them or do not use common top-level domains (TLD). Areas on the deep web are often used to store data and content in databases supporting services like social media sites, insurance companies or banks. The deep web is 400 to 500 times the size of the surface web.

The dark web is a less accessible subset of the deep web that relies on peer-to-peer connections. Specialized software or tools are required to access the dark web. The Tor browser is the most widely used method of accessing the dark web, but other communications platforms like Signal can also be used. The unclear web percentage in the total space of the deep web is approximately 0.01%.

• What are the most popular ways for dark web users to log on?

Over two million users access the Tor platform daily. While many use it for legitimate purposes, like getting around censorship, many others use Tor for nefarious purposes. One-quarter of the world’s population has used the Tor browser to connect to the dark web at some point. Tor users connect to the dark web in two ways:

1. Bridge: A bridge is a private server in the Tor network that can access blocked clients, often in combination with pluggable transports, that registers itself with the bridge authority. This connection method is usually chosen in countries that regulate or suppress internet access. The three countries from which users most frequently connect to Tor this way are Iran, Russia and the United States.
2. Relay: A relay is a publicly listed server in the Tor network that forwards traffic on behalf of clients and registers itself with the directory authorities. This is the most common way for someone to connect to Tor.

• How can I protect my organization from dark web threats?

It pays for businesses to take wise precautions against dark web threats. Fortunately, mitigating unclear web risk is easy and affordable thanks to dark web monitoring. It’s an essential part of any organization’s defensive strategy because it enables IT teams to find out about their users’ compromised credentials quickly (before dark web users who are cybercriminals do). With dark web threat intelligence, IT professionals gain an edge against dark web exposure threats that helps them act to protect the organization immediately, reducing its chance of a cyberattack. A dark web monitoring solution can monitor credentials in various configurations typically customized to fit your organization’s needs.

Common types of credentials that can be monitored include:

• Employee credentials
• Privileged user credentials
• Personal credentials
• Domains
• IP addresses
• Sensitive personal email addresses of executives
• Privileged users’ email addresses

Source: ID Agent