Often described as a sort of "parallel universe" and with traits often closer to science fiction than to its real dimension, the Dark Web represents a fundamental dimension for those working in cyber-security. But what exactly is the Dark Web?
Many people confuse it with the Deep Web, that part of the Internet composed by servers and devices connected to the net that are not indexed by search engines. In reality, the Dark Web is something different: in addition to not being reachable through the normal channels used by most people (browsers and search engines), the Dark Web is characterized by the presence of additional barriers to access. It can be particular software like Tor, or access systems that foresee the use of credentials that can be provided only by those who manage the "hidden" sites.
What can be found in the Dark Web?
Within the Dark Web one finds a bit of everything: from relatively legitimate sites and blogs, such as those of associations and activists who prefer to stay out of the spotlight, to forums and online markets dealing with decidedly illegal topics and products. If the media attention for the Dark Web is often focused on arms and drugs trafficking, the interest of security experts for the "Internet slums" is motivated by the fact that cyber criminals use it intensively. On the one hand, the Dark Web is an ideal place to sell and buy hacking tools, illegal services and malware. On the other hand, it offers an ecosystem that allows them to cash in on the proceeds of illegal actions, for example through the sale of entire sets of stolen credentials, credit card data, and sensitive information.
In the dark web there is also malware as a service
One of the growing phenomena in recent years is the development of the cybercrime model inspired by the "as a service" formula, through which hackers offer their services through a real supply chain that makes it even easier to carry out cyber attacks on individuals and companies. In specialized markets and forums you can find a bit of everything: from the possibility to request targeted DDoS attacks to the rental of entire botnets that can be used for the most disparate purposes such as sending spam and phishing campaigns. The only limit is represented by the imagination of cybercriminals, who in recent times have also come up with decidedly original formulas, such as making ransomware available through a sort of partnership that allows the proceeds to be split 50-50 between those who provide the malware code and those who distribute it. One of the consequences of this system is that cyber criminals no longer need to have great technical knowledge: it only takes a few hundred dollars to get sophisticated malware that can be used easily even by those who can't write a single line of code.
How to monitor dark web sites
In this context, monitoring the Dark Web provides security experts with invaluable information that allows them to identify new threats that are appearing on the scene and detect trends within the hacker community. Infiltrating the markets and the forums can allow to understand with a certain advance what is going to happen and, in some cases, it also allows to identify the preparatory phases of a targeted attack. In fact, hackers also use the Dark Web to collect the information necessary to plan their actions. Identifying a hacker who shows too much "interest" in a specific company or particular tools can allow a targeted attack to be nipped in the bud.