Gareth Owenson, a 41-year-old co-founder of Searchlight Cyber, an organization based in Portsmouth, focuses on the intricacies of the dark web. Establishing the company in 2017 alongside Ben Jones, they aimed to enhance the capacities of law enforcement and businesses in combating cybercrime. Recognizing the potential of their technology, American private equity firms have invested in Searchlight, including a recent investment from Charlesbank Capital Partners in January. The firm has expanded to encompass 70 employees across the UK, Europe, and the US. Owenson highlights that the dark web is evolving into a comprehensive platform for cybercriminals, providing them with essential information and tools to infiltrate organizations.

The concept of the dark web has existed for roughly 20 years, initially gaining minimal attention as it served as an anonymous network used primarily by journalists in repressive environments. Over the years, it evolved significantly, especially after 2010, when individuals began leveraging its networks to sell illicit goods, including drugs, utilizing anonymous payment methods like Bitcoin. Today, dark web marketplaces have proliferated, facilitating numerous criminal endeavors.

Owenson remarks that the dark web now boasts a complex environment, enabling malicious actors to operate with a sense of security. While apprehensions do occur, this realm offers a degree of shield for those involved in illegal activities.

Why Businesses Should Take the Dark Web Seriously

Traditionally, businesses have approached cybersecurity defensively—scanning emails for threats and implementing firewalls to block intrusions. However, by the time an intrusion attempt targets a business, the threat actor has typically already begun probing its vulnerabilities. Consider ransomware scenarios where companies’ files are encrypted, with demands for substantial ransoms to regain access. Such attacks involve multiple preceding stages long before they engage with a corporate network.

The dark web is a marketplace where cybercriminals can obtain “breach credentials”—usernames and passwords compromised from other sources. Cybercriminals can enter a domain name to retrieve information on breached accounts, predominantly linked to employees’ credentials used across various services.

Subsequently, other malicious actors purchase these credentials to test their effectiveness, ultimately packaging and reselling them to ransomware groups. These groups, armed with the credentials, can then infiltrate corporate networks, often acquiring ransomware to facilitate their attacks.

Early Detection: A Key to Preventing Cyber Attacks

Once a cyber intruder possesses valid credentials—akin to having a physical key to the front door—protecting the network becomes significantly challenging. Many organizations fall victim to breaches when targeted by skilled and determined attackers.

However, monitoring dark web activities can serve as an early detection mechanism, allowing businesses to take proactive measures against sophisticated threats.

Organizations may consider employing analysts to scout for potential threats. In Searchlight’s case, they utilize software to identify these risks automatically. Their research team investigates high-risk entities and conditions, gathering data to enhance cybersecurity measures.

Clients of Searchlight can specify networks they wish to protect, and the team employs their comprehensive data to scan for threat indicators, categorizing and flagging pertinent information. Automation accelerates the alerting process, benefiting clients.

Understanding the Short Timeframes of Dark Web Risks

Notably, the timeframe between compromised credentials appearing on the dark web and a subsequent ransomware incident occurring at a company is strikingly brief, averaging about six to eight weeks.

Ransomware activity remains rampant, with many threat actors exhibiting persistence rather than advanced technical skills. Small to medium-sized enterprises are not insulated from these threats, as these gangs often pursue a wide spectrum of potential victims.

A surprising aspect involves the negotiations between ransomware groups and targeted organizations. Often, these groups enter discussions equipped with intricate knowledge, pointing out companies’ financial capabilities to demand larger ransoms than initially claimed.

Increasing Malware Threats

With malware, the risks escalate further; once a machine is compromised, it can glean stored passwords from browsers in vast quantities. Concealment of malicious software from antivirus solutions is becoming increasingly straightforward, with various tools available on the dark web to obscure such activities.

Recommended Strategies for Businesses

To effectively counteract these threats, organizations ought to establish automated systems that promptly reset accounts upon detecting breaches of usernames and passwords. This compression of response time increases defenses against malicious actors.

Regular data backups are also crucial. Businesses heavily rely on digital information, such as client databases and intellectual property. Ransomware attacks can result in irreversible data loss if robust backup solutions are absent. Implementing daily backups, along with offsite solutions disconnected from primary systems, is advisable given that many ransomware groups target and destroy backups before initiating attacks.

Finally, practicing good password management is vital. This means avoiding easily guessable information, instead opting for strong, complex passwords, combined with two-factor authentication, to further safeguard against unauthorized access.

Collectively, these strategies form a solid defense against an increasingly hostile cybersecurity landscape.

Gareth Owenson shared these insights with Richard Tyler, editor of a leading enterprise network publication.