Customer portal
Category

The Dark Web

"The
Opinion, The Dark Web, Tips

How Does the Dark Web Work? An In-Depth Guide (2021)

This is the authoritative 2021 guide to the Dark Web

If you are looking to understand:

  • The Dark Web basics
  • Where did the Dark Web come from?
  • What’s driving the growth of the Dark Web?
  • What activities take place on the Dark Web?
  • Which Dark Web threats can impact my organisation?
  • How to protect organisations from Dark Web activity?
  • What does Dark Web Monitoring do?

Then this guide will provide you with all of the answers you need.

Chapter 1: The Dark Web basics

What is the Dark Web? 

The Dark Web is a peer-to-peer interconnected network of computers that use the Tor Protocol, commonly known as the Tor browser.

Tor uses the top-level domain .onion which takes its name from the method of routing the Tor network’s users.

Anonymity is maintained by building a circuit each time a user tries to connect to a certain .onion domain.

The circuit becomes a multi-layered encryption chain, with each layer unwrapping the next one until it gets to its destination. Hence the reference to an onion.

This method ensures that the relaying nodes on the network between sender and recipient never know who the other one is. They only know the next layer as they unwrap it.

It provides 100% anonymity whilst on the network.

The Dark Web is essentially the containing of that encrypted traffic within the Dark Web itself.

Is the Dark Web 100% anonymous?

There are only 2 places where you can breach Dark Web anonymity.

Either the client end before you transmit data onto the Tor network or via the other end using an Open Relay.

Anyone can download and install an Open Relay and capture information then pass it out onto the internet if the data hasn’t been sufficiently secured within itself.

Chapter 2: Where did the Dark Web come from?

The Tor Project is an open-source foundation that was started as a US Navy research project.

It was originally part of the National Security Agency, a national-level intelligence agency of the United States Department of Defense.

It’s likely that it predates its official launch by a number of years.

The early development of the .onion protocol was designed to allow spies to communicate with each other and contact their commanders via the internet in as safe and secure a manner as possible.

For it to work properly, they needed a sufficient number of nodes in order to allow traffic to pass anonymously.

Too few nodes would simply allow adversaries to intercept and attack their encrypted data.

So (the story goes) the Tor Project was started as a free open source project to encourage widespread use.

It has become increasingly popular over the years and undergone a number of significant iterations since its release in 2002.

Chapter 3: What’s driving the growth of the Dark Web?

The Tor Project quickly gained users thanks to its advanced anonymity properties.

Let’s face it, you build a road and people are going to start driving on it.

Yet here’s the thing:

There are numerous key global events that have seen spikes in growth of Tor.

These include the following:

  • Government clampdowns on file sharing following successful lobbying by Hollywood and the music industry forcing ISPs to block access to torrent hosting websites
  • Key political moments such the Arab Spring in 2010

Meanwhile, various Hacking Communities began using it because it became the ‘cool thing’ to do.

Chapter 4: What activities take place on the Dark Web?

Most of the activity taking place on the Dark Web is as dull and trivial as the rest of the Internet.

In truth, for all its negative connotations the Dark Web shouldn’t be something to be afraid of.

Of the 95,317 sites we currently track, less than 5% are flagged as having potentially abusive content on them.

However:

There is also a significant amount of fraud taking place here, along with a percentage sharing abusive content.

The biggest threat to organisations comes in the form of Ransomware.

What is Ransomware?

Ransomware is the process of hackers encrypting and stealing sensitive company and customer data then ransoming it back to the organisation for profit.

Let’s look at this in more detail in the next chapter.

Chapter 5: Which Dark Web threats could impact my organisation?

In June 2017, the chief technology and information officer for Maersk, a Danish shipping and logistics giant, returned from his honeymoon to discover that the company has suffered a major malware attack.

The attack on its IT systems was so bad that the company was virtually unable to operate, even to the point that its ship’s captains were forced to navigate the globe using paper and pen.

4 years later and the company is still remediating, estimated costs to date are as much as £300 million.

No one is sure whether this attack was Ransomware gone wrong (no public request for payment has been made) but the damage to its business continues to be felt to this day.

The different types of Dark Web attack

The Dark Web enables hackers to remain anonymous whilst providing them with a marketplace to force you as the victim to pay to have your data decrypted.

It gives them a foothold, a place where they can publicly advertise to the world all of the organisations they have hacked.

This data often includes intellectual property, financial information, and customer data and is usually placed on the Dark Web and made free to download until the organisation pays to have it removed.

These are very professional operations with call centers, helplines, and live-chats. Some of them even provide a ‘Get 1 File for Free’ service to prove that the decryption works.

Human Driven Ransomware

This term describes when a group of hackers come together and plan an attack. This would often involve them having a good look around your network before they begin encrypting specific files and servers.

They typically look to exploit vulnerabilities in your network and appear to be reasonably agnostic when it comes to sectors and industries.

Victims could be a dental surgery or multinational aerospace company. The primary motivation is getting you to pay for your encryption keys.

Another way into your systems is via ‘phishing’.

This could involve an IT employee’s credentials are stolen and where the company doesn’t have sufficient protection to prevent the hackers from gaining access to the system.

Ransomware Trends

Ransomware is developing and maturing into a more industrialised activity, with a much greater trend towards automation.

A lot of Ransomware programmes will automatically send your encryption keys off to an onion domain that is spun up just for you, gaining access through something as simple as a Word or Excel document that executes a Macro in the background.

The Macro will then automatically begin to encrypt your data and spin it out onto the Dark Web.

Apart from disabling Macros, patching applications to keep things up-to-date, not opening docs you aren’t sure about and using good security software there isn’t much more you can do.

At present we are aware of between 26-30 active ransomware groups.

If you find yourself on a Ransomware site, there is nothing you can really do except pay and begin remediating.

However, police forces are active on the Dark Web looking to take down operations and have had some success. Dutch police were recently so pleased to have taken down one botnet network that they even posted about it as themselves on a hackers’ forum.

Chapter 6: How to protect organisations from illegal Dark Web activity?

Protecting your organisation from hacking and Ransomware is a difficult task, especially when a concerted hacking campaign coupled with human error comes into play.

If as an IT Professional and/or diligent CTO you have done everything within your power to secure the network and Ransomware still finds its way through a lot of it will simply come down to bad luck.

Hackers work hard to ensure that they are fully undetectable and use dynamic systems that generate malicious downloads on the fly, making it difficult to defend against these types of attacks.

The priority then becomes managing the fallout and particularly the PR as best as you can.

A data breach quickly moves from being an IT problem to a business problem. If you can show that you have behaved competently and done as much as you can there is a chance to come out of it looking better.

Our Dark Web Monitoring tool supports you in this process by providing early warnings of any Dark Web activity around your brand.

SOS gives you awareness, time, and context by letting you know if your information is out there; what information that is; and who is talking about it.

Having these instant alerts can be very reassuring, giving you time to react with the full knowledge of just how big your exposure is.

Now we’d like to hear from you. Have you been affected by any of the issues raised in this guide? Do you have any concerns around data breaches and threat intelligence?

Please get in touch if you need to find out more using the contact info below. And if you’ve found this information helpful, please feel free to share it on your social networks!

"The
The Dark Web

The Latest Dark Web Statistics for 2021

Looking for new stats about the Dark Web?

This is a complete list of up-to-date Dark Web statistics for 2021.

On this page, you will find hand-picked stats by our threat intelligence experts about:

  • Most Commonly Used Languages on the Dark Web
  • Most Prolific Ransomware Groups
  • Dark Web Server Technology
  • Dark Net Web Technologies
  • Number of Open Ports
  • How many Onions are live on the Dark Web right now?
  • Average Ransomware demands per Industry
  • Number of Ransomware Attacks Happening Right Now

So, let’s take a look at these statistics in more detail.

———

Most Commonly Used Languages on the Dark Web

Below you can see the most commonly used non-English languages today, compared to 2018. 

Although English is by far the most dominant language on the dark web the language distribution across the rest of the domains has remained surprisingly stable since we began indexing in 2018.

This suggests that despite growth in recent year, the content and individuals using dark net platforms has remained the same.

  • English accounts for 98% of language on the Dark Web
  • Russian is second with 1%

Most active Ransomware groups 

Who are the most prolific Ransomware organisations on the Dark Web? How many victims are each group targeting and who is the largest Ransomware organisation? 

Ransomware activity is dominated by a small number of groups, with the top 3 below accounting for approximately 44% of all victims.

Some of these organisations operate in a surprisingly business-like way, with call centres, helplines and ‘buy-one-get-one-free’ offers all part of the operation in what must seem like a galling experience for the victims looking to get their data removed from the Dark Web.

The victims range in size from smaller SMEs to global enterprise level organisations. These groups are not picky. If they can find a vulnerability and exploit it, they will do so.

Note: These figures represent the latest snapshot of ransomware activity on the Dark Web. Hackers are actively engaged at all times and our tools detect new victims on a daily and weekly basis. 

Dark Web server technology 

Our indexing technology allows us to collect highly granular data about the Dark Web domains we find. 

Here we are able to see the predominant server technologies powering the Dark Web.

This tells us that Nginx, the popular free and open-source software released by Igor Sysoev in 2004, accounts for a whopping 91% of all Dark Web server technology. Nginx is an incredibly popular reverse proxy so it is no wonder it has a significant market share as the front for most websites on the internet and Dark web.

Some way behind Nginx at 8% we have Apache, with the rest of the pack making up the remaining 1%

Dark Net web technologies 

We also look at the different tools and techniques used in the process of communication between different devices over the dark net. 

Analysing this data lets us see not only which versions are out there, but how potentially vulnerable some of these systems actually are.

Over 95% of the Dark Web is powered by PHP, making it the most popular web framework by a long way.

From collecting web technology information like this we can gain insights into the most popular frameworks and their versions as well as understanding how up to date or not some of these websites actually are.

Number of open Ports 

As we explore the microcosm of the Dark Web our tools log the number, type, and ID of the open ports we find. 

This allows us to glean a surprising amount of information about the servers used to exploit organisations via hacking, data theft and ransomware attacks.

For example, our most recent data tells us that Port 80 accounts for 96% of those discovered on the Dark Web.

Number of Dark Web domains

How many domains are live on the Dark Web right now? 

There are over 100,000 .onion domains live on the Dark Web right now. For a live feed of current stats visit our homepage here and check out our carousel for our live Dark Web threat tracking stats.

It’s important to note that new domains pop and shut down all the time as hackers and ransomware groups spin up new sites to carry out their attacks.

This graph shows how our indexing tools are beginning to plateau as our total coverage of the dark web increases over time.

Top Ransomware stats 2021 

Ransomware attacks are on rise in 2021 and we predict that this activity will continue to grow.

Indeed, Ransomware represents criminality on a truly industrial scale with hackers targeting larger and more sophisticated organisations all the time.

The Healthcare Sector is one of the most heavily exposed with approximately 24% of all of attacks targeting healthcare organisations.

Indeed the biggest ever attack (WannaCry in 2017) badly affected the UK’s NHS (National Health Service), costing it almost £92 million. Worse still, the chaos caused by the attack shut down IT systems for days which almost certainly cost lives.

According to Cyence, the total loss caused by WannaCry was close to $4 billion worldwide.

Average cost of Ransomware

Whilst the numbers above are pretty eye-watering it is worth pointing out that the average ransomware demands are more modest.

Indeed, the average ransomware demand for an organisation is $233,217.00. However, the average cost of remediating a ransomware attack is much higher at $761,106

It’s worth noting that this figure doesn’t consider the costs associated with the average downtime caused by a ransomware attack, which currently stands at 19 working days.

Ransomware attacks happening now

On average there are 4000 Ransomware attacks worldwide each day.

This works out at an average of an attack every 11 seconds.

The most common form of Ransomware attacks occur via email, with 1 in 3000 emails passing through security filters containing some form of malware, such as Ransomware.

Want to know more? 

We’ve created a helpful guide to the dark web.

So if you are looking for more information on:

  • The Dark Web basics
  • Where did the Dark Web come from?
  • What’s driving the growth of the Dark Web?
  • What activities take place on the Dark Web?
  • Which Dark Web threats can impact my organisation?
  • How to protect organisations from Dark Web activity?
  • What does Dark Web Monitoring do?

Then this guide will provide you with all of the answers you need:

How does the Dark Web work? An in-depth guide (2021)

1 2
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound