® 
Dark Web
Definition
The dark web is a hidden part of the internet accessible only through special software like Tor. It is notorious as a marketplace for stolen data, malware, and other illegal activities.
The dark web is a hidden part of the internet accessible only through special anonymisation software such as Tor (The Onion Router). The dark web is notorious as a marketplace for stolen data, malware, hacking tools and other illegal services, but also serves as a platform for free speech in repressive regimes. Chainalysis estimates the value of dark web transactions in 2023 at over $1.7 billion.
How does the dark web work?
The dark web is a sublayer of the deep web, the part of the internet not indexed by search engines. While the deep web also includes regular non-indexed content such as email accounts and internal corporate systems, the dark web is specifically designed for anonymity. Tor networks route traffic through multiple encrypted relays, hiding both user and server locations. Dark web websites use .onion domains accessible only via Tor. Alternative dark web networks include I2P and Freenet.
Relevance to cybersecurity
The dark web is an active ecosystem for cybercrime. Stolen credentials are traded in bulk, often within hours of a data breach. Ransomware groups publish stolen corporate data on dark web leak sites as leverage. Exploit kits and zero-day vulnerabilities are offered for sale. Cybercriminals offer Ransomware-as-a-Service, DDoS-for-hire and hacking services. Dark web forums serve as knowledge platforms where attackers share TTPs.
Impact on organisations
Dark web monitoring is essential for proactive security. When stolen employee credentials appear on the dark web, the organisation must immediately reset passwords before attackers use them. Leak site monitoring detects whether confidential corporate data has been published following an attack. Threat intelligence from the dark web provides early warnings of planned attacks or campaigns. NIS2 requires organisations to implement adequate threat monitoring.
Protection
Implement dark web monitoring as part of the threat intelligence programme. Automate credential leak detection via specialised platforms. Combine dark web monitoring with incident response processes for rapid action when leaks are discovered. Train employees in password hygiene and unique passwords per service.
How DEFION helps
DEFION provides dark web monitoring as part of Managed Threat Intelligence. The team monitors dark web marketplaces, forums and leak sites for mentions of the organisation, leaked credentials and other threat indicators.