Insider Risk

Serious About Insider Threats? Start Paying Attention to the Dark Web

By Veriato Team

Insiders keen on making money from the valuable data your organization holds need only use a TOR browser to connect with buyers, hackers, and everyone else who doesn’t have your organizations best interest at heart.

Employees can pose an insider threat to the organization in a variety of ways. At the end of the day, with 76% of data breaches being financially motivated, the primary goal of malicious insiders is usually to monetize data, credentials or access.

So, where does an employee with access to, say, credit card numbers or personally identifiable information (PII) go to sell it?  It’s not like you can just search “who wants to buy 10,000 credit card numbers?”

Or can you?

The web as we know it is actually divided into a few parts. There’s the clear web. It’s the part that’s publicly indexed and searched that you use every day. Then there’s the deep web – this is the part that’s not indexed.  Even your company has a server or two that isn’t indexed by the search engines, but is connected to the Internet – those are all part of the deep web.

Lastly, there’s the dark web. This is a very small part of the web that is only accessible using a special browser called TOR (The Onion Router). This browser connects you to an underground world of websites where just about everything that is considered bad in this world is for sale.

Employees can take advantage of the Dark Web basically in four ways:

  1. Sell Data – There’s plenty an employee can sell on the Dark Web: company secrets, credit card data, PII (such as social security numbers), and more.
  2. Sell Credentials – Hackers are constantly seeking access to any company’s network (even yours). No matter the company, there are still ways to make money by moving laterally within a network until access to systems that interact with money (e.g., payroll, accounts payable, etc.) is attained. Even the smallest business with a network has access to thousands of dollars.
  3. Be Solicited – While collusion only makes up 2% of all data breaches, there are those on the Dark Web that aren’t interested in doing the internal digging themselves, but will solicit the help of an insider, working together to steal valuable information.
  4. Transfer Data – the TOR browser can be used to send files, making it a less obvious way to exfiltrate data from the organization.

Organizations serious about protecting against insider threats – as well as detecting them when they happen – should consider a layered security approach that includes the following:

  • Block endpoint-based VPNs – Most Dark Web experts will tell you to use a VPN to anonymize your endpoint as the source of traffic.Employees desiring to go on the Dark Web may use a VPN to obfuscate their use of the TOR browser.
  • Block the TOR Browser – Application whitelisting may be useful to keep TOR from being run.
  • Monitor Employee Activity – The use of Employee Monitoring Software that watches for application use, network traffic, site names, and other indicators of Dark Web activity will help to detect when employees begin to dabble in the Dark Web.

There’s no guarantee that malicious insiders will use the Dark Web, but it’s important to educate yourself on how the Dark Web can play a role in insider threats. By putting security controls in place, you can lower the risk of the use of the Dark Web by employees when on corporate endpoints.

How to Rebrand
“Bossware”at Your

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida. Risus

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Employee Monitoring Resources

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...

When To be Suspicious About Work-From-Home Employees (or Not)

When To be Suspicious About Work-From-Home Employees (or Not)

Perhaps someone doesn’t answer a Slack message as quickly as they should, or they have long hours blocked on their calendar. Maybe someone doesn’t seem motivated during team meetings or they are slow to complete work. While research has shown that overall,...

Avoid These Employee Monitoring Blunders

Avoid These Employee Monitoring Blunders

In September 2021, 45% of full-time employees were still working remotely, and the trend is hard to reverse. People like the freedom of working from home. Without a commute, they save time. Without a boss looming in the background, they can multi-task at home. And,...