You may have seen some headlines in the news recently regarding multiple 数据泄露 of companies such as Leicestershire City Council, 苏格兰国民健康保险制度, AT&T和boAT,导致数百万客户的数据在暗网上泄露. But what exactly is the Dark Web, and how does it function in today’s interconnected world?
在这篇文章中,我们将进入这个数字狂野西部的深处. 就像过去无法无天的边疆, the Dark Web is a digital landscape where anonymity and illicit activities thrive beyond the reach of many authorities. We explore what the Dark Web is, its role in cyber crime, and recent reports on data leaks. 除了, we cover measures that organisations can take to prevent their most sensitive assets from ending up for sale on the Dark Web.
什么是暗网?
的 Dark Web is a hidden part of the internet that operates outside the bounds of conventional search engines and requires specialised software, 配置, 或访问授权.
而暗网是许多合法公司的家, 它还包含留言板, 网上毒品交易市场, 以及被盗的财务和私人数据. Transactions within this economy are often made with cryptocurrency and are completely anonymous.
暗网因其作为非法活动中心的角色而臭名昭著, 为从事网络犯罪的用户提供匿名服务, 数据泄露, 还有其他邪恶的行为. It facilitates a vast market for stolen data, compromised credentials, and hacked accounts. With corporate credit cards, criminals can cause financial damage and make unauthorised purchases. 这种风险不仅仅是信用卡被盗造成的经济损失, 有了员工的详细信息,犯罪分子可以发动更复杂、更有针对性的攻击. 网络钓鱼攻击是网络犯罪分子最常用的攻击方法之一, 并且可能成为对您的组织进一步妥协的切入点.
暗网不仅仅是被盗凭据, it also harbours platforms where individuals can hire hackers for various malicious purposes, 从发动网络攻击到从事间谍活动. 如果你能想象得到,它可能就在暗网上.
Recent reports from sources like CSO Online and the University of Surrey underscore the growing prevalence of cyber criminal activities on the Dark Web, 对企业和个人构成重大威胁.
暗网风险:利用人工智能提高网络安全
随着人工智能(AI)对我们生活各个方面的影响越来越大, 它对网络安全的深远影响是不可否认的.
Discover how AI is revolutionising traditional cyber security measures and shaping the landscape of cyber security strategies and practices. 阅读白皮书 or watch the panel discussion below >
暗网上最近的漏洞
Recent 数据泄露 have highlighted the growing market for stolen data and credentials on the Dark Web.
莱斯特市议会
的 英国广播公司 reported that a ransomware group called INC Ransom has claimed responsibility for a cyber attack that has left 莱斯特市议会 with data leaked on the Dark Web. 大量的个人信息已经被上传, 已经有25份文件确认发布, 下载量至少有120次. 的 report also indicates that one theory is that the stolen data will be sold to criminals making fake passports.
苏格兰国民健康保险制度
INC勒索软件组织还声称对另一起大型数据盗窃事件负责, with 苏格兰国民健康保险制度 announcing the theft and public release of sensitive data on the Dark Web. 的 attack exposed patient records and confidential information on the Dark Web as evidence of the successful breach, 网络犯罪集团发出了赎金要求, 威胁要在网上公布全部3tb的被盗数据, 除非他们的要求得到满足. (来源: CPO杂志)
船
商业内幕 报告了一起涉及船的事件, 印度消费电子品牌, 其中数据约为7.五百万客户的信息在暗网上泄露了. 根据福布斯印度的一份报告, 泄露的数据包括姓名等敏感信息, 电子邮件地址, 还有电话号码, 这引发了人们对潜在身份盗窃和欺诈的担忧.
AT&T
在另一起令人震惊的事件中 英国广播公司7300万现任或前任AT的个人资料&T客户已在网上泄露. 的数据, 包括地址, 社会安全号码, 和密码, 是在暗网上发布的吗, 引发了对潜在滥用的担忧. AT&T已经开始调查这个漏洞, 尽管他们还没有发现数据被盗的证据. 作为预防措施, the company has reset customers’ passcodes and urged them to monitor their account activity and credit reports. 泄露的数据可以追溯到2019年或更早,包括7年或更长时间的信息.600万现有客户和65.400万前账户持有人. 虽然财务信息不包括在泄漏中, 详细信息,如全名, 电子邮件地址, 出生日期也被泄露了.
如何保护你的资料
如果你的数据上了暗网, 迅速采取行动评估风险并减轻潜在损害至关重要. 但是你怎么知道你的数据是否在那里? 暗网监控 allows you to monitor any instances of your organisation’s data on the dark web and receive proactive notifications if any information from your domain is found. 平台引擎监视隐藏的聊天室, 私人网站, P2P网络, IRC频道和成千上万的僵尸网络.
Continually scanning Dark Web databases for your company’s domain-specific data means you can act quickly if your sensitive information is made available on the Dark Web. 智能算法, 从海量的信息中筛选, 准确识别公司数据的任何实例. 当检测到这种潜在威胁时, 它提供实时警报, 使您能够立即采取行动保护您的业务.
很少有组织拥有合适的工具, 人, and processes in-house to manage their security program around-the-clock while proactively defending against new and emerging threats. 因此,组织应该这样做 考虑进行评估 他们的网络安全态势,以找出弱点. 另一个 consideration is implementing advanced technologies for threat detection or partnering with a Managed Security Services Provider (MSSP) for services such as Managed Detection and Response (MDR).
总之
在当今的数字环境中,暗网仍然是一个巨大的挑战, 成为网络罪犯利用漏洞和交易被盗数据的避风港. 的 recent 数据泄露 reveal the sheer scale of data that is vulnerable to being exposed on this digital black market, and underlines the importance of implementing robust cyber security controls and strategies.
通过主动和定期评估他们的财产的脆弱性, 实现健壮的检测和响应能力, 持续监控暗网通道中任何暴露的数据或凭证, 培养一种网络意识和警惕的文化, organisations can better protect themselves and their informational assets against the ever-present threats posed by the Dark Web.
迈出改善网络安全状况的第一步, 看看你和你的组织应该关注的10个关键领域, 由NCSC指导支持. 与CyberLab专家预约免费的30分钟指导姿势评估.
