Organizations fear targeted attacks, where the threat actors actively pursue and compromise the computational infrastructure while remaining undetected. There is a large and highly active underground community on the hidden networks that offer illegal services. For example, botnets are available for rent, allowing anyone with malicious intents to launch cyberattacks at will. Moreover, zero-day exploits are available on the darknet markets for sale. These are regarded as the most challenging threats as their attack vectors and prevention methods are unknown.
“This cyberwar will be a continuous marathon war that will only compound and hyper-evolve in stealth, sophistication and easy entry due to the accelerated evolution of “as a service” attack strategies for sale on the dark web.” ― James Scott, Senior Fellow, Institute for Critical Infrastructure Technology
So what’s the dark web and why do malicious entities choose it for their business? Let’s explore the reasons.
The deep web is part of the Internet that is not indexed by traditional search engines, such as Google. These include dynamic pages and blocked websites. The domain names of such sites are not managed by the Internet Corporation for Assigned Names and Numbers (ICANN).
The dark web is further, a deeper part of the deep web. Darknet websites are accessed through anonymous networks such as Tor (Onion Router). The darknet users cannot be tracked, as they remain anonymous due to the layered encryption system. The currency used in these businesses is crypto-currency (based on a decentralized blockchain system), making the transactions untraceable. These are the reasons why the dark web is an attractive place for many malicious activities.
There are numerous malicious businesses running on the dark web. These include drug dealing, illegal weapon sales, child pornography, counterfeit goods, assassination/abduction services, selling/dumping stolen data, EaaS, and hacking services.
Absolute anonymity and untraceable financial transactions - this combination seems to be an ideal recipe for the growth of malicious businesses. However, there are a few ways to find and stop these entities.
Offensive Security Measures
Government and law enforcement agencies have been using offensive security measures to counter malicious dark web markets. For example, back in 2014, the Federal Bureau of Investigation (FBI) de-anonymized Tor servers. Here are the details of the attack according to the Tor security advisory:
“On July 4 2014 we found a group of relays that we assume were trying to de-anonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.
The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.”
It is apparent from this announcement that the FBI quietly kept track of the anonymized entities for about five months! This helped the FBI in taking down the Silk Road 2.0 - one of the most malicious dark web markets at that time.
Blockchain & Crypto-currency Regulation
The standardization and regulation of blockchain and cryptocurrencies is still a work in process. Through proper standardization, authorities can control illegal activities such as money laundering and malicious businesses on the dark web.
OSINT, AI, and Proactive Cyber Threat Intelligence
Open Source Intelligence (OSINT) is the practice of gaining intelligence and insights from the public data available on the network, via social media, blogs, forums, websites, and online markets. It provides strategic and context-aware intelligence that can help immensely in decision making against cyber risks. Such threat intelligence platforms crawl through the dark web and locate highly critical cyber threats (such as zero-day exploits) using machine learning and data mining techniques. So with the help of AI and OSINT, we can actually find zero-day attack before day zero!
The data captured from darknet markets contain a large amount of unstructured data (text and images) on a huge variety of dark web products. Hence, finding cyber threat-related product offerings is mainly a text mining problem. OSINT is now being adopted as an integral part of modern cyber threat intelligence systems.
Wrapping up, the trend of ‘threat as a service’ demands proactive countermeasures. These include AI aided cyber threat intelligence, adoption of effective standardization for cryptocurrencies & blockchain, and offensive security mechanisms.