Are you concerned about your firm's cybersecurity?

bobaguard-suite-logo

The Dark Web Grows Darker: Why Your Firm’s Confidential Data are Bigger Targets Than Ever

A British court found a jealous 26-year-old woman guilty of soliciting the murder of a second woman for trying to steal her man. Seems the convicted felon had gone onto the dark web in search of a hitman she could hire to bump off the love rival—and she might have gotten away with it too if not for those meddling kids and their dog, er, I mean, if not for the nosing around of an investigative journalist.

Assassins are just one of many evil services and commodities purchasable on the dark web—a secretive place inside the internet that’s the cyber-equivalent of a creepy, rundown alley in the wrong part of town. Except it’s a lot bigger than an alley. By some estimates, the dark web occupies nearly one-half of the real estate making up the ether.

Yet despite its vastness, you can’t reach the dark web using Safari or Chrome or whatever other conventional browser you’ve loaded onto your system. You can only access the dark web via special browsers and search engines made expressly for that purpose.

Anything and everything

Once you find your way to the dark web, you can openly buy—or sell—stuff that the law-abiding are forbidden to possess. Things like narcotics, counterfeit money, pirated videos, military-grade weapons, and anything and everything else.

But perhaps the item most plentiful on the dark web is stolen info. And, if that’s Number One on the sales charts, then Number Two is the tools needed to steal that info in the first place.

Recently, for example, you could purchase a jumbo convenience-sized package of stolen personal information—23 terabytes of names, addresses, phone numbers, medical records, financial details, employment histories, and nationally issued identity data from over 1 billion people—for around $200,000 (payable in the form of 10 bitcoin).

Not all stolen info (or info theft tools, for that matter) command such a princely sum. Most of what’s offered on the dark web are dirt cheap. HP Wolf Security in July issued a study of dark web marketplaces that analyzed approximately 33,000 active sites and forums. They discovered that 76 percent of malware products and 91 percent of exploits were listed for sale at under $10 (the average cost of compromised Remote Desktop Protocol credentials, as just one example, was a mere $5).

For wanna-be cybercrooks, “[t]he barrier to entry is so low that almost anyone can be[come] a threat actor,” wrote one-time hacker and now HP Wolf Security Advisory Board member Michael (MafiaBoy) Calce in his commentary on the shocking report. Translation: the enticement to join the legion of dark web malefactors is becoming ever-more alluring, which means you can look forward to more bad guys lurking in the shadows and waiting for their chance to pounce on you.

Scary findings

According to the HP Wolf Security report, few of those getting into cybercrime have any special skills with computer programming (as you’d imagine hackers must in order to pull off the kinds of spectacular data breaches making the news these days).

Such skills aren’t needed because, as the report points out, dark web vendors are selling “plug and play” malware kits, MaaS (malware as a service) apps, and even tutorials/mentoring services.

And believe it or not, what makes the dark web go ‘round is trust. I know, trust, among thieves. LOL. But it’s true.

From the report:

“Much like the legitimate online retail world, trust underpins cybercriminal commerce between buyers and sellers. [Seventy-seven percent] of cybercriminal marketplaces analyzed require a vendor bond—a license to sell—which can cost up to $3,000. [Eighty-five percent] of these marketplaces use escrow payments, and 92% offer dispute resolution services. Every marketplace analyzed provides vendor feedback scores.”

Yet another scary finding: “Cybercriminals are focusing on exploiting known bugs in popular software that will allow them to get a foothold and take control of systems.”

HP Wolf Security also looked at what’s headed your way in the near future. Brace yourself.

  • Cybercriminals will spend more time scoping out your potential value as a data-breach target. They’ll do this in order to make sure that, when they strike against you, the juice is genuinely worth the squeeze. Based on the fact that you’re a law firm, yeah, absolutely the fruits will be worth the effort.
  • Artificial intelligence will be utilized more extensively to make attacks against your systems more efficient. Like everyone else, cybercrooks like to work smarter not harder.
  • The more you embrace digital transformation, the more vulnerable you make yourself to cyberattacks. For example, you open potential new avenues of assault each time you connect equipment to the Internet of Things (IoT), such as your office’s smart thermostat, overhead lights, and parking lot surveillance cameras.

All of this will happen against a backdrop of booming cybercrime. HP Wolf Security notes that data theft cost all businesses (not just law firms) nearly $7 billion in 2021 alone. Since 2008, the incidence of breaches has risen more than 200 percent and shows no sign of slowing.

Is your data on the dark web?

By some estimates, more than 15 billion stolen passwords, emails, and other pieces of sensitive information are floating around just within hacker forums on the dark web.

Unless you employ a service to continually scan the dark web in search of your data or those which belong to your clients, you probably won’t have a clue that any of the personal info and details you’re charged with safeguarding are being peddled within that illicit marketplace.

The thing about dark web scanning, though, is you can’t arrange for it to be performed on a one-time basis and then expect to breathe a sigh of relief if nothing is found. You have to scan constantly because you never know when your confidential data are going to wind up on the dark web.

If you discover that your credentials have landed there, you should immediately reset your personal firm-wide user logins and passwords. You should also activate multifactor authorization (MFA), get yourself and your team trained in being cybersecurity conscious, learn how not to be suckered by phishing emails, and of course, initiate continuous dark web scanning.

Find out if your firm’s user credentials are on the dark web—we’re offering a free scan of the dark web as a public service to help you take the first crucial steps in fighting back. Click here for details.

Comments are closed.

Want to receive more
Stupid Simple Security Tips?
Sign up below.

FREE CHECKLIST

The Security Checklist for Busy Lawyers

The Security Checklist for Busy Lawyers