What is dark web monitoring?

Dark web monitoring refers to the process of scanning and analyzing the hidden parts of the internet, primarily the dark web, for illicit activities or exposure of data. The dark web, part of the deep web, is intentionally hidden and requires special tools like Tor to access. While not exactly illegal, it is home to various illegal activities, like the sale of drugs, weapons, counterfeit documents, and stolen personal data. 

An International Conference 11th Edition conference paper provides, “Internet can be summed up in the metaphor of the iceberg: an emerging part, accessible to all, in which web pages are indexed by conventional search engines such as Google or Yahoo, this is the surface web; and a submerged part, where a minimum of computer knowledge are needed to get there because these sites are not referenced by traditional search engines, this is the deep web.”

Dark web monitoring software typically scours the dark web for compromised data through methods like data scraping, keyword analysis, and machine learning algorithms to detect and categorize potential threats.

How it works 

1. To monitor the dark web, specialized tools, like the Tor network, are used to access sites with a “.onion” domain, which are not indexed by traditional search engines. 
2. Automated software tools called “crawlers” are deployed to navigate dark websites. The crawlers collect data from hidden services or dark web sites like web crawlers index content on the surface web. 
3. The crawlers extract relevant content, like keywords, phrases, or specific data from the dark websites they scan. 
4. Once data is extracted, it’s categorized into predefined topics or risks. For example, the content could be classified into categories like illicit drug trade, stolen data, hacking tools, or fraud. 
5. Beyond text content, monitoring tools may analyze the structure of the dark web sites, including how they are set up, the links between pages, and patterns in site behavior (like frequent changes in URLs). 
   
   

Why email systems are targeted in cyberattacks

The email systems of healthcare organizations contain high-value data, specifically protected health information (PHI). Since these organizations are heavily reliant on their email systems for day-to-day operations, attackers know that shutting down these systems can cause disruptions, forcing organizations to pay ransom to regain access. These providers often face tight deadlines for patient care that increase the chances that they would pay quickly to avoid being operationally paralyzed. 

Threat actors, not commonly known for their sense of honor, often accept the ransom and still sell the data on the dark web. This data can be sold multiple times and used for illicit activities that negatively impact patients' lives. The allure of this quick profit funds a cycle of cyberattacks that often lead organizations beholden to the will of repeated attacks from the same groups or individuals.

Related: HIPAA Compliant Email: The Definitive Guide

FAQs

What is an unsecured email? 

An unsecured email is one that doesn’t use encryption to protect its contents. When you send an unsecured email, it can be interpreted or read by hackers while traveling over the internet. 

What is a cyberattack?

When hackers or cybercriminals try to steal, damage, or disrupt data or computer systems.  

What are organization networks?

Organization networks are the systems that connect all the computers, devices, and servers in a company.