Stop Punching in the Dark

Written by

As cybercrime rapidly evolves, so do the tools and techniques used to uncover these activities, from intruder detection systems to threat intelligence and machine learning capabilities. However, keeping pace with ever-changing threat actors is no small order. The FBI’s 2019 Internet Crime Report confirmed $3.5 billion in losses to victims in 2019 (up from $2.7 billion in 2018, and $1.4 billion the year prior).

There’s so much data out there, circulating in open sources, and yet so little visibility regarding how to leverage it; especially inside the dark web. This blind spot is not only going unaddressed, it’s getting bigger and bigger. My firm’s 2020 Identity Breach Report notes that 18.7 billion raw identity records are circulating in underground communities, and there’s been a 67% increase in clear text passwords found on the dark web in 2019 as compared to 2018.

Cyber-criminals are rereleasing big combo packages with aggregated credentials gathered from newer breaches, meaning billions of email addresses or usernames associated with clear-text passwords recirculate in underground communities.

The data is increasingly accessible for identity-based attacks, such as account takeover or business email compromise. Simply put, the dark web is now easier to access, easier to interact with and increasingly sophisticated. Through the surface, social and dark web, threat actors are weaponizing blueprints of our digital identities. 

Looking ahead, these increases in cybercrime won’t go away in our post-COVID world. According to IBM, it’s estimated that it takes an average of 200 days to identify a breach. Meltdown, Spectre, the NASA hack, to name a few, all went undetected for years. In modern cyber warfare, why settle for a few thousand dollars of ransomware booty when you could remain undetected and bleed accounts dry for years? A good cyber-criminal knows to stay hidden before, during and after breaking-and-entering to maximize their gains.


Financially, the business costs of breaches are well documented, but you are opening your company up to new reputational damage if you are not using all of the powers at your disposal to protect company and customer data. Monitoring your digital exposure on both the surface and dark webs is now more important than ever.

What’s more, many companies and governments alike lack a comprehensive enforcement strategy based on pursuing threat actors and their network on the dark web. Through identity attribution, you have the power to take a more proactive approach and unmask your adversaries. You can’t have defence without offence. This simple injunction has been overlooked in information security for too long.

By embracing the dark web and proactively listening into it, you can start pushing the boundary wall outwards, covering more ground and increasing your control over what goes on externally. Threats will always exist, and cyber-criminals will continuously come up with new and improved ways to attack and compromise you and your ecosystem personally and professionally.

Likewise, we will have the tools to evolve and mirror these threats, but that is only if we mirror the threats in every sense, and treat them as three-dimensional organisms with intentions, networks and growth plans. Like you, cyber threats are a business, and you are in direct competition. You only hurt your business by keeping yourself in the dark.

What’s hot on Infosecurity Magazine?