Insider Risk

Serious About Insider Threats? Start Paying Attention to the Dark Web

By Veriato Team

Insiders keen on making money from the valuable data your organization holds need only use a TOR browser to connect with buyers, hackers, and everyone else who doesn’t have your organizations best interest at heart.

Employees can pose an insider threat to the organization in a variety of ways. At the end of the day, with 76% of data breaches being financially motivated, the primary goal of malicious insiders is usually to monetize data, credentials or access.

So, where does an employee with access to, say, credit card numbers or personally identifiable information (PII) go to sell it?  It’s not like you can just search “who wants to buy 10,000 credit card numbers?”

Or can you?

The web as we know it is actually divided into a few parts. There’s the clear web. It’s the part that’s publicly indexed and searched that you use every day. Then there’s the deep web – this is the part that’s not indexed.  Even your company has a server or two that isn’t indexed by the search engines, but is connected to the Internet – those are all part of the deep web.

Lastly, there’s the dark web. This is a very small part of the web that is only accessible using a special browser called TOR (The Onion Router). This browser connects you to an underground world of websites where just about everything that is considered bad in this world is for sale.

Employees can take advantage of the Dark Web basically in four ways:

  1. Sell Data – There’s plenty an employee can sell on the Dark Web: company secrets, credit card data, PII (such as social security numbers), and more.
  2. Sell Credentials – Hackers are constantly seeking access to any company’s network (even yours). No matter the company, there are still ways to make money by moving laterally within a network until access to systems that interact with money (e.g., payroll, accounts payable, etc.) is attained. Even the smallest business with a network has access to thousands of dollars.
  3. Be Solicited – While collusion only makes up 2% of all data breaches, there are those on the Dark Web that aren’t interested in doing the internal digging themselves, but will solicit the help of an insider, working together to steal valuable information.
  4. Transfer Data – the TOR browser can be used to send files, making it a less obvious way to exfiltrate data from the organization.

Organizations serious about protecting against insider threats – as well as detecting them when they happen – should consider a layered security approach that includes the following:

  • Block endpoint-based VPNs – Most Dark Web experts will tell you to use a VPN to anonymize your endpoint as the source of traffic.Employees desiring to go on the Dark Web may use a VPN to obfuscate their use of the TOR browser.
  • Block the TOR Browser – Application whitelisting may be useful to keep TOR from being run.
  • Monitor Employee Activity – The use of Employee Monitoring Software that watches for application use, network traffic, site names, and other indicators of Dark Web activity will help to detect when employees begin to dabble in the Dark Web.

There’s no guarantee that malicious insiders will use the Dark Web, but it’s important to educate yourself on how the Dark Web can play a role in insider threats. By putting security controls in place, you can lower the risk of the use of the Dark Web by employees when on corporate endpoints.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our...

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...