Insider Risk

Serious About Insider Threats? Start Paying Attention to the Dark Web

By Veriato Team

Insiders keen on making money from the valuable data your organization holds need only use a TOR browser to connect with buyers, hackers, and everyone else who doesn’t have your organizations best interest at heart.

Employees can pose an insider threat to the organization in a variety of ways. At the end of the day, with 76% of data breaches being financially motivated, the primary goal of malicious insiders is usually to monetize data, credentials or access.

So, where does an employee with access to, say, credit card numbers or personally identifiable information (PII) go to sell it?  It’s not like you can just search “who wants to buy 10,000 credit card numbers?”

Or can you?

The web as we know it is actually divided into a few parts. There’s the clear web. It’s the part that’s publicly indexed and searched that you use every day. Then there’s the deep web – this is the part that’s not indexed.  Even your company has a server or two that isn’t indexed by the search engines, but is connected to the Internet – those are all part of the deep web.

Lastly, there’s the dark web. This is a very small part of the web that is only accessible using a special browser called TOR (The Onion Router). This browser connects you to an underground world of websites where just about everything that is considered bad in this world is for sale.

Employees can take advantage of the Dark Web basically in four ways:

  1. Sell Data – There’s plenty an employee can sell on the Dark Web: company secrets, credit card data, PII (such as social security numbers), and more.
  2. Sell Credentials – Hackers are constantly seeking access to any company’s network (even yours). No matter the company, there are still ways to make money by moving laterally within a network until access to systems that interact with money (e.g., payroll, accounts payable, etc.) is attained. Even the smallest business with a network has access to thousands of dollars.
  3. Be Solicited – While collusion only makes up 2% of all data breaches, there are those on the Dark Web that aren’t interested in doing the internal digging themselves, but will solicit the help of an insider, working together to steal valuable information.
  4. Transfer Data – the TOR browser can be used to send files, making it a less obvious way to exfiltrate data from the organization.

Organizations serious about protecting against insider threats – as well as detecting them when they happen – should consider a layered security approach that includes the following:

  • Block endpoint-based VPNs – Most Dark Web experts will tell you to use a VPN to anonymize your endpoint as the source of traffic.Employees desiring to go on the Dark Web may use a VPN to obfuscate their use of the TOR browser.
  • Block the TOR Browser – Application whitelisting may be useful to keep TOR from being run.
  • Monitor Employee Activity – The use of Employee Monitoring Software that watches for application use, network traffic, site names, and other indicators of Dark Web activity will help to detect when employees begin to dabble in the Dark Web.

There’s no guarantee that malicious insiders will use the Dark Web, but it’s important to educate yourself on how the Dark Web can play a role in insider threats. By putting security controls in place, you can lower the risk of the use of the Dark Web by employees when on corporate endpoints.

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...