Articles

DeepWeb DarkWeb – What does information security need to know about it?

By January 16, 2023 No Comments

São Paulo/SP – January 16, 2023. DeepWeb DarkWeb – A DeepWeb is an umbrella term for parts of the internet not fully accessible using standard search engines. THE DarkWeb, in turn, it also has content that is not indexed by search engines.

*By Roberto Santana

THE DeepWeb is an umbrella term for parts of the internet not fully accessible using standard search engines. In its content, it can contain everything that is not findable through Google, for example. It is estimated to be hundreds of times larger than the visible internet, called “Surface"

Generally speaking, the DeepWeb gathers everything that is protected by some type of password or access. All information that is not public but needs to be accessed online by someone – like the content of an email, for example.

THE DarkWeb, in turn, it also has content that is not indexed by search engines, but its behavior works in a way that in addition to the sites not being indexed, they can only be accessed through specific browsers.

These browsers use encryption to send information across a network linked to multiple servers. Think of them as a path: each server is one of the destinations for information. In the common network, a server needs to know where the information came from and where it is going. At DarkWeb, this information is not revealed: a server does not know where that data came from.

With this, total anonymity is practically “guaranteed” (There are caveats, since there are ways to track actions in the DarkWeb, in order to identify criminals, for example).

Therefore, the DarkWeb is commonly associated with illegal activities such as drug trafficking sites (the most famous was the Silk Road. His owner was eventually arrested and sentenced to life in prison with no chance of parole)

Now that we know what the DeepWeb DarkWeb, we will understand how Information Security can be related to this type of “internet”.

More than 500,000 email accounts were exposed in October 2018. Brazil is the 5th country with the most information leaks, with 25,000 data breached. Malicious actors aim to make money by selling this data.

With this, an organization should be concerned with ensuring that its users, whether customers or employees, do not have leaked corporate accounts being sold or published on the DarkWeb, mainly companies that deal with personal/sensitive data.

Due to the new data protection laws (GDPR / LGPD), allowing this data to be exposed may even be considered a judicial infraction.

The monitoring of DarkWeb works based on keywords searched in specific engines, which will search for the company name, domains, products. When a relevant record is found, alerts are issued so that the organization can take preventive measures, such as changing passwords for leaked users.

Also, these locations are great places to find vulnerabilities still unknown and their possible methods of attack. By monitoring the DarkWeb, users can gain the advantage of knowing where are the holdings before they become widespread threats.

— Roberto Santana is Senior Cyber Security Consultant at [SAFEWAY]

 

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!