Has Your Data Been Leaked to the Dark Web?

source:  cyberdefensemagazine.com

The part of the internet not indexed by search engines is referred to as the Dark Web. The Dark Web is however frequently misunderstood. The Dark Web is a network of forums, websites, and communication tools like email. What differentiates the Dark Web from the traditional internet is that users are required to run a suite of tools such as the Tor browser that assists in hiding web traffic. The Tor browser routes a web page request through a series of proxy servers operated by thousands of volunteers around the globe that renders an IP address untraceable.

The Dark Web is used for both illegal and respected activities. Criminals exploit the Dark Web’s anonymity to sell drugs and guns. Organizations like Facebook and the United Nations use the Dark Web to protect political and religious dissidents in oppressive nations. Legitimate actors like law enforcement organizations, cryptologists, and journalists also use the Dark Web to be anonymous or investigate illegal activities.

A 2019 study, Into the Web of Profit, conducted by Dr. Michael McGuires at the University of Surrey, shows that the number of Dark Web listings that could harm an enterprise has risen by 20% since 2016. Of all listings (excluding those selling drugs), 60% could potentially harm enterprises.

On the Dark Web, one can purchase personnel information such as names, addresses, phone numbers, tax ids, credit card numbers, log-in ids, passwords, and hacked Netflix accounts. Software that hackers use to break into workstations and servers are also for sale. Some of the darker items for sale include guns, drugs, counterfeit money, and Hackers that can be hired to perform cyber-attacks.

For example for $500 the credentials to a $50,000 bank account can be purchased. Or for $500 one can buy prepaid debit cards having a $2,500 balance. A lifetime Netflix premium account goes for $6.

In a recent 2020 report by the security company ImmuniWeb they report that 97% of the leading cybersecurity companies had data leaks or security incidents exposed of the Dark Web. They found over 4,000 incidents of stolen confidential data exposed on the Dark Web per cybersecurity company. Half the Dark Web exposed data was plaintext credentials such as financial and personal information.

A large number of these data leaks were attributed to cybersecurity company third party suppliers or sub-contractors. Some of these data breaches occurred as recently as August 2020.

Even cybersecurity companies are not immune to Data Breaches (e.g. caused by Zero Day attacks and other methods). The ImmuniWeb report covered almost 400 cybersecurity companies in the USA, Canada, UK, Ireland, Germany, France, Czech Republic, Israel, Japan, Russia and India. Cybersecurity companies in the US suffered the highest incidents, followed by the UK and Canada, then Ireland, Japan, Germany, Israel, the Czech Republic, Russia, and Slovakia.

Today’s mega Data Breaches are now costing companies $392 to recover from.

How to Stop Confidential Database Data from Being Ransomed or Sold on the Dark Web?

Confidential database data includes credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security, and public utility data. This data is almost always stored in Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server and Sybase databases. Once inside the security perimeter (e.g. via a Zero Day attack) a Hacker or Rogue Insider can use commonly installed database utilities to steal confidential database data.

Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from a network tap or proxy server with no impact on the database server. This SQL activity is very predictable. Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or SQL commands that run millions of times a day.

Advanced SQL Behavioral Analysis of Database Query and SQL Activity Prevents Data Breaches

Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database activity is. Then from a network tap or proxy server, the database query and SQL activity can be non-intrusively monitored in real-time and non-normal SQL activity immediately identified. These approaches are inexpensive to set up. Now nonnormal database SQL activity from Hackers or Rogue Insiders can be detected in a few milliseconds. The Hacker or Rogue Insider database session can be immediately terminated and the Security Team notified so that confidential database data is not ransomed or sold on the Dark Web.

Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to 10,000 unique SQL queries sent to a database. This type of data protection can detect never before observed query activity, queries sent from a never observed IP address, and queries sending more data to an IP address than the query has ever sent before. This allows real-time detection of Hackers and Rogue Insiders attempting to steal confidential database data. Once detected the security team can be notified within a few milliseconds so that an embarrassing and costly data breach is prevented.