Dark Web Exposure and Phishing Detection Test

Dark Web was originally referred to the TOR network and resources located there being accessible only with special client-side software. Modern notion of Dark Web is, however, much broader and includes various underground marketplaces and hacking forums accessible with a standard web browser. Dark Web definition may also encompass IRC and Telegram channels known for offering or trading stolen credentials and data.

Some companies may also refer to various paste websites, like Pastebin, social media or even code repositories, like GitHub, when talking about monitoring of stolen credentials within the context of Dark Web surveillance. Borders of the modern Dark Web constantly fluctuate, some illicit resources emerge, while others disappear.

Dark Web monitoring is a service, usually provided by cybersecurity companies or law enforcement agencies, for organizations and individuals to notify them about any sensitive, confidential or offending information available on the Dark Web. Timely notification enables swift reaction to the incident, accelerates investigation, and usually reduces the negative economic and reputational consequences of a data breach, leak or intrusion. Organizations may check the scale and risks of their Dark Web exposure for free via ImmuniWeb Community Edition.

It depends on the specific segments of the Dark Web ecosystem and ultimate goals of such monitoring. Many resources in the Dark Web, such as underground marketplaces or hacking forums, are purposely made publicly accessible to ensure unhindered and free trade of stolen or illicit goods. Such resources can be monitored by different services offered by cybersecurity companies.

Contrariwise, some of the resources falling under the definition of Dark Web, are invitation-only and are maintained in the highest secrecy. Usually, experienced cybercriminals and nation-state hackers create dedicated servers, oftentimes hosted in legitimate AWS or Google Cloud, to ensure privacy of their negotiations and illicit transactions. All such communications are strongly encrypted, and even a breach or takeover of the server will unlikely provide any actionable information to the investigators.

Four such cases, unless you have requisite resources and capacity to infiltrate into the cyber gang, you will unlikely be able to monitor this shadow segment of the Dark Web. Most of the findings, however, are accessible in those areas of the Dark Web that can be successfully monitored to timely react on data leaks and security breaches.

Phishing is a well-known computer attack targeting individual and corporate users with key purpose to steal their data or compromise their systems. Phishing is often dependent on social engineering that exploits human inattentiveness, emotions or fatigue. Usually, attackers use email pretending to come from an authority, colleague or an acquaintance, and asking to open a web link or run an attachment to the email.

Frequently, the web page or attach will contain malware, such as spyware or ransomware, aimed to backdoor victim’s device or computer. Alternatively, a website may usurp one’s identity, for instance, pretending to be a bank website, and asking to login with victim’s credentials. Upon login, the victim is redirected to the legitimate website, while login and password are stolen by the attackers.

Phishing attacks targeting mobile users is also prevalent, where variants will attempt to use channels such as SMS or messenger apps, or voicemail in order to perform similar attacks as above or vocally deceiving a victim.

To run phishing campaigns, attackers usually deliver a specially created content to their victims by email, or other channels of communications including SMS or WhatsApp. Once a victim clicks on the malicious link or download attachment from the malicious email, its computer or mobile device will likely be infected with a Trojan horse or ransomware. Occasionally, a website or email may just lure victim into providing sensitive information such as logins or passwords from e-banking to later disembowel victims’ accounts.

Usually, phishing link opens a fraudulent website imitating and pretending to be a governmental authority, banking institution or a well-known enterprise. Once victim opens the phishing website, his or her computer (or mobile device) will likely be hacked and backdoored to steal valuable data or use the compromised device in DDoS attacks or large-scale spam campaigns. In other cases, phishing website may be harmless and merely requests victims’ credentials (e.g. login and password from e-banking) to be entered under a pretext of security verification by the bank. Once victim provides the credentials, attackers will gain access to victim’s account.

Most of the phishing websites aim to steal someone’s credentials, spread malware or commit other criminally punishable actions, and are thus illegal by the very purpose of their existence and nature of operation. The phishing website per se, however, is not necessarily illegal, for instance, it may be used by security teams or cybersecurity service providers to train employees on the dangers of phishing and raise security awareness. However, any usage of phishing website against innocent victims and/or with the purpose to defraud, will likely constitute a serious computer crime offense in all civilized countries.

Phishing almost always implicates human carelessness, inattentiveness or lack of security training. Therefore, continuous security awareness and training are essential to educate your employees about the dangers of phishing and interrelated cyber threats. Security training shall be rewarding and involve gamification to ensure highest participation and best outcomes.

Secondly, a set of internal security mechanisms is to be installed, including spam filtering systems with AI and heuristic capacities to reliably detect and remove phishing emails. Importantly, fighting phishing shall be an ongoing and continuously improved process, not a one-shot exercise conducted annually.

Cybersquatting is unethical, and often illegal, practice to register domain names that included registered trademarks or brand names belonging to third parties without their permission. Cybersquatting may be comparatively innocent, for example, when a car dealer creates a domain name, containing a well-known car brand that it lawfully sells, to attract more customers.

More reprehensible variation of cybersquatting may include multiple domain names registration for all known car brands even those that it does not sell or repair. Finally, cybercriminals may leverage cybersquatting tactics to impersonate banks, healthcare providers or governmental authorities and lure inattentive website visitors into sharing their confidential information.

Differently from typosquatting, that exploits mistakes and typos our fingers accidentally make while typing a URL, cybersquatting primarily exploits visual deception to attract visitors to their websites.

Typically, users received a web link pointing to a cybersquatted domain by email, SMS or WhatsApp. They may also find the website in Google search results when looking for a specific company or branded service. The cybersquatted website has a URL with express mention of a known brand or trademark, aiming to falsely create an association with the brand or even impersonate it. Inattentive victims usually don’t see the difference, especially if the website design is aptly copy-pasted from the original one. In many countries, cybersquatting is unlawful and may even be punishable by the enacted criminal law.

It largely depends on the integrity of circumstances, but most of the cybersquatting cases likely violate some of the intellectual property laws or even fall within the purview of criminal law. Cybersecurity is, however, not always illegal. For instance, if a car dealer promotes a couple of domain names containing variations of the car brand within the country of its authorized territory of sales, such a case will unlikely trigger serious legal ramifications. Contrariwise, if a competitor purposefully and with intent to harm creates domain names, exploiting your brand, to deceive and steal your leads or clients, such acts may be even criminally punishable under certain circumstances.

Continuous monitoring of the existing and newly created domain names is essential to keep an eye on unlawful cybersquatting activity. Once a cybersquatting domain is spotted, and you believe that it violates your intellectual property rights or is prohibited by the applicable unfair competition laws, you or your attorney should contact the domain name registrar and request to unregister the domain name. Separately, and after receiving a competent legal advice from a licensed law firm, you may also file a legal action against the wrongdoer asking for damages.