Dark web monitoring may seem like it’s just good for one thing. However, that’s not the case. Dark web monitoring is a tool that businesses can utilize to gain intelligence and insight into other problems within an organization quickly by alerting security personnel to credential compromises, a potential early indicator of the presence of a malicious insider. More than 60% of cyberattacks are attributed to insiders. It’s important to understand the nuts and bolts of dark web monitoring to see how it can be a powerful safeguard against cybersecurity dangers like malicious insider threats.

What is Dark Web Monitoring?

Dark web monitoring is the process of searching for, tracking, and verifying certain information on the dark web. This can be done using a combination of human analysts and specialized software that analyzes data that is harvested in the places on the dark web where information is trafficked.

Why Should Organizations Be Concerned About Dark Web Exposure? 

An organization’s dark web exposure is an indicator of potential vulnerabilities that cybercriminals will be more than happy to exploit. Data about people and organizations on the dark web is the fuel that powers cyberattacks.

Where are Data Like Credentials Available on the Dark Web? 

Information like user records, personally identifying information, and credentials can be found in many locations on the dark web and other cybercriminal hangouts including:

• Hidden chat rooms
• Unindexed sites
• Private websites
• P2P (peer-to-peer) networks
• IRC (internet relay chat) channels
• Black market sites
• Botnets
• Torrents
• Chat channels in apps like Telegram
• Message boards/Forums
• Discord servers

What Can Dark Web Monitoring Do for My Organization?

Dark web monitoring is an essential part of any organization’s defensive strategy because it enables IT, teams, to find out about their users’ compromised credentials quickly. That gives them the edge that they need to act to protect the organization immediately, reducing its chance of a cyberattack. A dark web monitoring solution can keep an eye on credentials in a variety of configurations that can typically be customized to fit your organization’s needs. Common types of credentials that can be monitored include:

• Employee credentials
• Privileged user credentials
• Personal credentials
• Domains
• IP addresses
• Sensitive personal email addresses of executives
• Privileged users’ email addresses

Data is a hot commodity in dark web markets and employees have access to plenty of it. Bad actors especially value credentials because it gives them an easy way to conduct operations against businesses. Credentials are worth their weight in gold and the more privileged a credential is, the more it’s worth. Just one legitimate privileged credential can sell for $120,000. That can be a temptation that’s impossible for an employee to resist. An estimated 70% of malicious insider breaches are financially motivated, chiefly through employees selling credentials or access to systems and data on the dark web.

Malicious insiders can come from anywhere within an organization and they’re typically very careful to remain elusive. After all, nobody wants to get caught. There are some commonalities in the departments that are most likely to be targets of or impacted by malicious insider activity.

The Top Departments for Malicious Insiders to Target  

Finance	41%
Customer Success	35%
Research and Development (33%)	33%

Source: Swiss Cybersecurity Forum

Source: Id Agent