Deep web and Dark web: what is behind the every-day internet?
People often use Deep web and Dark web interchangeably. However, they are not synonymous as they refer to two different areas of the vast digital world.
In fact, Deep web refers to the set of content on the web not indexed by common search engines. On the other hand, the Dark web is the set of publicly accessible content hosted within websites which IP address is not visible.
These two levels of the Internet hide the dangers of Cyber Risk. According to the Institute of Risk Management, ‘Cyber risk’ is any risk of financial loss, disruption or damage to the reputation of an organization from some sort of accidental (e.g. server shutdown) or malicious (e.g. theft of sensitive data) failure of its information technology systems.
The 2021 Clusit Report on ICT security in Italy and in the world, by the Italian Association for Information Security, offers a complete overview of the cyber-crime events that occurred, globally, in 2020. It also compares them with data of the previous 4 years. The study shows that cyber attacks threat any industry. In fact, the year of the pandemic recorded 1,871 serious attacks in the public domain. These are attacks that had a systemic impact on every aspect of society, politics, economics and geopolitics.
In 2020, cyber attacks around the world grew by 12% compared to the previous year. Furthermore, over the past 4 years, the growth trend has been constant, with an increase in severe attacks of 66% compared to 2017.
In particular, considering Ransomware, a type of malware that limits access to the device it infects, in 2019 cyber criminals were already using the Dark web for the so-called double extortion technique.
To understand what lies behind the dark side of the Internet and the potential dangers, it is necessary to delve into the differences between the Deep web and the Dark web.
What is Deep web?
The Deep web is the set of online resources that are not indexed by normal search engines. This means that its users are anonymous and it is not possible to track their activity.
In general, the iceberg metaphor explains well the amount of data in the Deep web. The visible part of the ice corresponds to the so-called surface web (or accessible web). This is the set of resources indexed by search engines. The submerged part represents the Deep web.
According to a research on the size of the internet carried out in 2000 by the American organization Bright Planet, the web includes over 18 million GB and 550 billion documents. But Google only indexes 2 billion of them, less than 1%.
Despite this, Domenico Laforenza, former director of the Italian Institute of Informatics and Telematics of the National Research Council (CNR) of Pisa, points out that these are rather approximate data. Indeed, there are no metrics or technologies able to accurately measure the size of the Deep Web.
We can divide the documents within the web into the following categories:
- Dynamic content: web pages which content is generated on the spot by the server;
- Pages not linked to any other web page;
- Restricted access pages: sites that require registration or that limit access to their pages by preventing search engines from accessing them;
- Script: pages that can be reached only through links in JavaScript or Flash;
- Non-text content: multimedia files, Usenet archives and non-HTML documents, in particular those not linked to textual tags;
- Illegal content banned from common search engines: child pornography or snuff sites, illegal drug and weapons trade and production sites, sites under government censorship, warez and malware sites;
- Software: an example is Tor, which allows users to anonymously access sites that use the .onion extension. Another is I2P, a free and open source software for creating an anonymous network to exchange data covered by different levels of encryption.
What is Dark web?
Dark web refers to the content of the World Wide Web found on darknets. These are virtual private networks that can only be accessed through specific software or particular network configurations.
People use darknets for several reasons:
- Dissemination of confidential information;
- Sale of illegal products;
- Cybercrime (e.g. hacking or fraud);
- Sharing of illegal files (pirated, illegal, counterfeit, etc.);
- To bypass internet censorship, content filtering systems or firewalls.
The heart of the Dark web is the Black Market. It is a real illegal market where users can buy any type of product: from drugs to medications, from false identity documents to weapons, cloned credit cards, malware and data stolen from companies, such as confidential emails and market research.
Among the main threats of the Dark web are the tools that cybercriminals use to carry out cyber attacks:
- Keylogger
- Botnet
- Ransomware
- Phishing
The fine line that divides the Deep web from the Dark web
In summary, Deep web refers only to non-indexed pages, while Dark Web refers to pages that are not indexed but also linked to illegal activities such as the buying and selling of illicit goods or services, computer crimes and leaks. Therefore, the Dark web is a subset of the Deep web and is the lower tip of the underwater part of the iceberg.
However, the hidden web includes also pages that search engines cannot find simply because they are too little relevant. Users can still access to these pages knowing their address or through links on other sites on the Deep web.
Instead, the pages on the Dark web are intentionally kept secret. They guarantee total anonymity and are beyond any control.
In addition, payments in cryptocurrencies are another feature of the Dark web. Specifically, hackers usually demand Bitcoin in exchange for the data they stole through Ransomware attacks.
How to defend against cyber threats: the solutions by Namirial
Measuring the effectiveness of security controls, identifying cyber threats and gaps in technologies are the aims of Namirial’s Cyber Assessment. This is the innovative platform that evaluates cyber threats from an external point of view without installing any software.
It is a tool that identifies where to prioritize the investments in order to protect the information system and prevent the loss of resources due to cyber attacks. In addition, Cyber Assessment helps organizations to comply with Article 32 d) of the General Data Protection Regulation (GDPR).
The platform provides two types of analysis:
- Vulnerability Assessment (VA). The Vulnerability Assessment (VA) analyzes IT systems to detect known vulnerabilities of IT infrastructures on the exposed perimeter of the network. It helps reduce the risk of cyber attacks quickly, before hackers can exploit the vulnerabilities. At the end, the platform generates a report. It contains a list of all identified vulnerabilities, their risk class and the remediation.
- Cyber Threat Assessment (CTA). The Cyber Threat Assessment (which includes the Vulnerability Assessment) detects cyber threats, incidents occurring within the organization and vulnerabilities of systems and services exposed on the public network. This type of analysis is based on external cyber intelligence techniques and does not require the installation of any software. It analyzes:
– the exposure of the attack surface;
– the technical vulnerabilities of the systems;
– data breach;
– malware infections;
– file sharing over peer-to-peer protocols and much more.
The final reports allow the company to identify and/or prevent data breaches and implement actions to mitigate the IT risk, thus safeguarding the business.
Specifically, the Cyber Threat Assessment allows to:
- Discover and remediate cyber threats from malware;
- Verify leaked credentials (data breach);
- Recognize data breaches through Deep web analysis;
- Identify dangerous and / or copyright infringing data transfers on peer-to-peer networks;
- Identify and prioritize remediation of vulnerabilities.
