Jul 20, 2021

Cybersecurity expertise for managing directors. Part 2 – Darknet dangers!

Reports on hacker attacks are starting to make it into main news bulletins with criminals becoming ever more professional and targeted in their attacks, true to the motto “the greater the damage, the higher the ransom”. Ransomware attacks which see data being stolen and encrypted are commonplace and when people question where these attacks are launched from, discussions seem to focus on the darknet.

written by

Managing Director

E-Mail: martin.seeger@bechtle.com

The darknet is an invisible and anonymous network within the internet. Here, communications cannot be traced back to users without an awful lot of effort and it’s this anonymity that makes prosecution nigh on impossible and illegal activity oh so simple. This has led to a flourishing criminal community being established, from where members launch well-organised and planned cyberattacks on businesses and organisations of all shapes and sizes,

a fact underscored by a recent story about a district in Saxony-Anhalt declaring Germany’s first cyberattack-related disaster after parts of its administration were completely paralysed for two weeks. According to the Chaos Computer Club, the stolen data is already circulating the darknet, where criminals can buy, view and edit it and cause even greater damage.

The risk of an SME falling victim to such an attack has gone up considerably over the last few years and there doesn’t seem to be an end in sight. A better understanding of the darknet is, therefore, crucial to facilitate risk management.

What is the darknet?

The darknet is built on the Tor network, which according to Wikipedia, is used by some 2 million people every single day. This network doesn’t have a readable list of web addresses, but it does have Wiki pages and search engines that we know from the normal internet. In contrast to the standard browsers, Tor uses onion routing, in which data traffic is encrypted and routed around the world through several servers. All Tor network domains end with “.onion”—an appropriate term because the multiple layers of an onion represent the layers of encryption and privacy.

As with most technology, Tor is neither good nor bad. It is essentially to allow people to act with a certain level of anonymity and for journalists and those living under a dictatorship, the darknet can be incredibly useful for enabling free speech. At the end of the day, it’s all about how it is used. One thing is certain, In the USA, Germany and Russia, it is more often than not a launchpad for criminal activity.

Serious impact – Disrupted business, lost data,...

Cybercrime as a Service offers on the darknet are the reason behind the recent increase in threats faced by businesses. You are never too far away from illegal activity on the darknet and almost anyone can find and request illegal services or get their hands on some stolen goods with just a few clicks and without any special knowledge. While that is a criminal offence, it is much more difficult to track activity on the darknet because of the way it is structured.

Criminals will often use, for example, encryption trojans that encrypt a company’s most important asset—its data. A ransom is demanded and the data sold on to the highest bidder later on. The impact on affected businesses can be huge—expensive downtime, reconfiguration of the IT infrastructure, irrevocably lost data and stolen sensitive information.

How can you protect yourself?

The most important questions you have to ask yourself are how you can protect yourself against such catastrophic attacks and how you can minimise the danger posed by the darknet. Managing directors need to consider the following four points:

  • Make IT security your number one priority both from a defence and legal perspective. (We’ll cover that more in the next blog)
  • Find yourself an IT security specialist. The time of treating the subject as trivial is over. Work with them closely and treat them as your equals, no matter if they are in-house or external
  • Don’t wait to see what happens. You need to take action today to get your IT security up to the cutting edge.
  • Make sure you have an up-to-date backup that is separate from your network and make sure that it cannot be compromised during an attack.

IT security is by no means simple, but it is absolutely crucial for all companies and organisations. Most importantly, stay on the ball. In business and with this blog. We have plenty of fascinating insights to offer including the business potential that IT security offers your company.

Share article

Published on Jul 20, 2021.