What is Dark Web Monitoring?

Monitoring the dark web is fast becoming a reflex for CISO leaders.

Phishing, data breaches, cyberattacks, identity theft, compromised credentials, scams, ransomware…the list of illegal activities are endless in the pits of the dark and deep web.

In this guide, we’ll dive into many aspects of dark web monitoring, a critical component of any cybersecurity strategy.

Dark web monitoring is one of those topics that can be both very expansive and very complex. In this guide, which is part one of our five part series, we’ll cover some of the basics, including our most commonly asked questions about the dark web like what are the core differences between monitoring the deep web, the dark web and the shadow web, the most common threats and five recommendations to follow when selecting a dark web monitoring tool.

If you’ve wondered what new threats and vulnerabilities lie ahead as cyber threats become more sophisticated, you can skip to our two dark web threats to be aware of in 2024.

But first let’s dive into your most commonly asked questions.

Your cybersecurity dark web F.A.Q’s

1: What is dark web monitoring?

You’ve heard the tales of ransoms being demanded or else confidential information is exposed on the dark web, with wide ranging victims from the U.S. treasury to Magic Circle law firms in the U.K. with untarnished reputations for protecting confidential client data.

The dark web is of course a hidden and secretive part of the internet that is not accessible through regular search engines. It requires specific software, configurations, or authorization to access it. It is strongly associated with illegal activities, such as the sale of stolen data, drugs, weapons, and hacking tools.

Monitoring the dark web is a complex task due to its ever changing state of flux and the large amount of misinformation or “fake news” that is consistently shared within it.

Dark web monitoring entails actively searching, scanning, and collecting data from dark web sources to identify potential cybersecurity threats and stolen information.

In short it stops “cyberquakes” from erupting.

2: What is the difference between the deep web vs. the dark web vs. the shadow web?

This is a very frequently asked question as this cybercrime landscape evolves.

  • The deep web

The deep web is the portion of the internet that is not indexed by SERPs, and includes content that is behind paywalls, password-protected databases, or non-indexed sites like private email accounts, phone numbers or or bank account numbers.

  • The dark web

The dark web as a subset of the deep web but specifically refers to websites that are intentionally hidden and require specific software, such as Tor, to access and anonymize users’ identities and activities, making it challenging to track them (and criminal activity). The dark web often includes illegal activities and content, including drug sales, weapons, human trafficking and stolen data.

  • The shadow web

Shadow IT refers to the use of software, applications, or devices within an organization without the authorization or knowledge of IT management. Employees often turn to shadow IT to increase productivity, circumvent the time-consuming process involved in migrating to new platforms, and address other organizational needs. We cover it more in depth over on this dedicated blog.

3: What is a dark web monitoring alert?

A dark web monitoring alert is a notification generated when a dark web monitoring service identifies a match between monitored data and information found on the dark web, for example, keywords identified with your business emerge on the dark web before an M & A merger take place.

These alerts sum up details about the compromised data involved in this data breach. They are critical to serve as an early warning system to help CISOs and SOC teams remediate fast.

4: What are the biggest risks today if my company is exposed on the dark and deep web?

Here are four core risks we flag once your company has been exposed.

This is a non-exhaustive list:

  • Malicious actors share or sell fraud schemes impacting your company
  • Hackers target your business e.g. by leaking confidential data like business credit cards
  • Cybercriminals share details on how to scam your customers.
  • Hackers share or sell confidential information or PII

5: What are some emerging Cybersecurity dark web threats I need to be aware of?

Expansive, anonymized and vast- the dark web has evolved into a marketplace for hackers in the belly of the internet.

The main takeaway for monitoring the dark web in 2024 is to see hacking as an evolving business model, with the dark web as its marketplace.

Cyberattacks and strategies that are fleshed out in dark web forums and chat rooms are constantly changing.

Here are three new threats to monitor in 2024:

1: Infostealers

An information stealer, known as an “infostealer” or “stealer,” is a form of malware, often identified as a Trojan virus. This malicious software is adept at camouflaging itself and extracting sensitive information. Its primary objective is to gather your personal data from any compromised computer. It is a simple but effective way for hackers to find everything from your bank account numbers to professional compromised credentials.

We recommend reading up on how infostealers have evolved an increasingly popular dark web threat.

2: AI and LLMs

Generative AI and machine learning-empowered systems are an increasing risk leveraged by cybercriminals for phishing and other social engineering scams.

The National Cyber Security Center reported in August that AI LLM’s or Large Language models still “inherently cannot distinguish between an instruction and data provided to help complete the instruction. In one example, the prompt used to create an organisation’s LLM-powered chatbot (with appropriate coaxing from a hostile user) was subverted to cause the chatbot to state upsetting or embarrassing things.”

3: Evolving Phishing attacks at work

According to a recent release from the National Security Agency, social engineering is an evolving threat, particularly at work. Eric Chudow, NSA’s Cybersecurity System Threats & Vulnerability Analysis Subject Matter Expert reported that malicious actors are “…finding it easier to deceive people who have transitioned to hybrid work environments and have fewer-face-to-face interactions.”

By now you might be wondering how these threats and more can be entirely monitored given their evolution?

6: How does CybelAngel monitor the dark web?

Here at CybelAngel we monitor the dark web by delving deep into closed communities, granting our clients access to hackers’ networks while saving up to 6 months of infiltration time. We guarantee zero false positives.

We sift through over 11 million posts and discussions (in over 200 langauges) in every nook and cranny on dark web forums, chat rooms and encrypted social media communities.

We also offers on-demand investigations to pinpoint potential threats or provide context for existing ones.

Take a complimentary exposure scan (with results in 72 hours) to see it for yourself.

We also have some guidance for CISOs who are reviewing dark web monitoring services.

Here is a quick roundup of what we recommend.

Our top 5 recommendations when selecting a dark web monitoring tool

How do you select the best cybersecurity dark web monitoring tool? Aside from reviewing peer threat intelligence guides and client reviews, we recommend reviewing the following:

1: Languages covered

Are you adequately covered with your preferred dark web monitoring tool? We recommend covering your company’s risk base throughly with as many options available to you as possible. If your company is trading in multiple locations with multiple languages, you’ll want to use a tool that provides the broadest coverage in these regions.

For example, at CybelAngel we cover 200+ languages with our dark web monitoring tool.

2: Infiltrate unreachable forums

Can you understand the full threat landscape that exists on the dark web without understanding how forums and communities work and evolve their strategies?

In short, no.

Therefore we strongly recommend in selecting a provider who can allow you to infiltrate in full deep and dark web forums.

You cannot monitor the dark web without this core component.

You may still have extensive questions about how you find them and what are the best choices for your business. The best dark web monitoring tools will monitor everything and beyond what you should be monitoring especially on encrypted channels like Discord, Telegram and IRCs.

3: Selling, selling, sold…your sensitive information

When selecting a dark monitoring tool provider you’ll need to consider how quickly you are informed when hackers share or sell confidential information or PII.

Make a comparison between all tools to see what type of information is shared, who confirms it (for example, is there a human verifying issues) and if you receive any samples of exposed data.

The old adage that knowledge is power is never more evident than in a crisis.

4: Crunch time requires a human touch

Nothing replaces a high level human touch.

If your company falls victim to a cyberattack, like a severe data breach, in a period of high stress you’ll want to have a dark web monitoring service that succinctly debriefs you and your SOC team of how critical and severe this threat level is.

That is why we recommend selecting a dark monitoring tool who also provide a human analyst to grade your threat intelligence. They work efficiently and accurately to shape a clearcut report that also allows you to plan your response plan to remediate immediately.

Here at CybelAngel we don’t do false positives, period. Our analysts accompany you to you avoid wasting precious resources on your side. We don’t believe in sharing irrelevant reports, but instead, in sharing verified and concise threat report data that is always verified by you in-house analyst.

5: A short and sweet setup

Should peace of mind take eons to achieve?

We don’t agree, especially when it comes to cybersecurity malicious actors.

We therefore recommend a short and sharp setup time, at CybelAngel, we wrap up our setup in under two hours, so you can focus on more important CISO needs.

Our recap of dark web monitoring tools

We hope that part one of our dark monitoring series was helpful.

Follow our five part dark web series on our socials as we take a look at dark web vulnerabilities to monitor.

Read the rest of the blogs in this series: