dark web

The Dark Web, Deep Web, and Surface Web: Understanding the Difference

Over the past several years, cybersecurity awareness has become much more prevalent in mainstream media, and for a good reason. The uptick in stories about the latest data breaches and rampant identity theft has brought about the use of terminology that was not well-known to the general public but commonly used throughout the infosec (Information Security) community. 

To the uninformed ear, these cybersecurity terms can be confusing and sound intimidating as they are commonly used as a scare tactic to sell you a product or service. While these products and services are valuable assets to leverage, it is essential to understand precisely what these terms mean, so you can make an informed decision on the services you need to protect your organization. In this article, I want to demystify a common cybersecurity term “the Dark Web” by discussing what makes the Dark Web different from the Deep Web and Surface Web. I’ll also share what you need to do to protect yourself and your data.

How Search Engines Work

Before we talk about the Dark Web, Deep Web and Surface Web, it is important to understand search engines and how they work. For those born before 2000, navigating the internet was a bit different. Google was just starting out, and Bing hadn’t even been invented yet. While there were other search engines available, they weren’t as well-known or as useful as the ones available today. If you wanted to find something on the internet, you needed a direct link to get there, as you couldn’t just search for a topic and have a list of relevant websites show up in your browser. Sounds cumbersome, right? Well, luckily for us, Google thought the same thing and acted by creating their search engine.

Crawling and Indexing Explained

There are two terms you should be aware of regarding search engines: crawling and indexing. Without getting too in-depth, crawling is the process of scouring the web in order to upload discovered websites to an ever-growing list in a database. This process is usually programmed so that newly created websites are automatically found and added to the database. Indexing, in its basic form, is just organization. The websites in the database are reviewed and organized based on different parameters such as keywords, topics, malicious vs. non-malicious, and many others. Crawling and indexing are the core features that allow search engines to work the way they do.

If you’re a bit confused, think of it like a library. A library crawls the world to purchase books worth adding to their shelves (the database). The books are then organized (indexed) based on genre. You then query the librarian (the search engine) for the type of book you are looking for, and they know exactly where to find it.

The Difference Between the Surface Web, Dark Web, and Deep Web

Now that you understand how search engines work, let’s decipher the terminology behind the Surface Web, Dark Web and Deep Web. We’ll start with the one that everyone is familiar with, the Surface Web, otherwise known as the Open Web.

The Surface Web

The surface web is what most people use daily. It consists of publicly available websites that a search engine has indexed. You are already familiar with how it works. You enter a keyword into Google, and all of the websites related to that topic will show up. You choose a website to visit, and the data on that website will be made available to peruse at your leisure. It’s as simple as that.

The Deep Web

The Deep Web is a little different because search engines do not index websites associated with it. This is important to understand before we can explain the Dark Web. Surprisingly, most websites available on the internet today are actually a part of the Deep Web, so you’re more than likely navigating to these resources daily. Since you can’t find these websites by searching for them, how exactly do you find them? A lot of the Deep Web consists of private databases and internal networks that require specific permissions to access. You are either invited to create an account for the website or utilize proprietary software that connects directly to the resource.

Some examples of this would be checking your bank account online. While you can search for Bank of America and access their public site, you can’t directly search for your bank account, right? Therefore, when you go to Bank of America’s website, you must click on a separate link to log in and enter your credentials to access your account. You have now moved from the Surface Web to the Deep Web as your account is a part of their internal database, which cannot be found by searching on Google. Another example would be accessing email through the Outlook application or web interface. You can navigate to the Outlook website directly or install the desktop client, which is publicly available to anyone who wants to download it. But, to gain access to your account, you must enter your username and password, which transfers you directly to a Deep Web resource as your data is not accessible directly through a Google search.

The Dark Web

Last is the infamous Dark Web. The Dark Web is actually a part of the Deep Web as a whole because it consists entirely of unindexed content. However, there are significant differences between the Dark Web and the Deep Web. The differences have to do with how the Deep Web and Dark Web are accessed, the anonymity of network traffic while browsing, and the types of data/activities they are commonly used for. To access the Dark Web, you need a particular browser that is developed specifically to talk to the servers hosting Dark Web content and link all of those services together through a proxy. The most common browser in today’s world is called TOR (The Onion Router) which was developed by the United States Navy to protect state intelligence. These browsers are designed to encrypt all traffic for privacy reasons, which is why many threat actors look to this type of web navigation to carry out illegal activities.

So, what types of things can you find on the Dark Web? Unfortunately, there are many distasteful themes, but for the purpose of helping you understand how to protect your data, I want to focus on the stolen credentials that are available for sale on the Dark Web. There are specific forums for the sole purpose of making money off of your stolen data. From usernames and passwords to credit cards and social security numbers, it all has a price, and people are willing to pay.

Protecting Your Data from the Dark Web

So, how do we stop your data from being sold on the Dark Web? Unfortunately, unless you work for a government agency with authority to decommission the websites hosting these forums, there isn’t much you can do to stop this data from being sold. Most people who aren’t in the infosec community won’t even be aware that their data is compromised.

That’s why you need to take a preventative approach. Awareness is key. That’s where Dark Web monitoring solutions come in. These solutions are designed to monitor the Dark Web and alert you to compromised credentials and stolen data. Knowing which credentials are compromised enables you to get ahead of the problem and take the appropriate action(s) to mitigate the risk.

Using identity theft protection through a third-party or your bank of choice can also play a huge role in keeping your identity safe. As I said earlier, awareness is key. Understanding what and, more importantly, how the data was compromised is critical for developing processes to prevent it in the future.

Kite Technology Can Help

At Kite Technology, we take a security-first approach in everything we do. As one of few Managed IT Service Providers in the country with the CompTIA Security Trustmark+ certification, KiteTech demonstrates our commitment to following security best practices and adhering to industry-recognized security standards and measures.

Our clients can focus on their business with peace of mind–knowing that we employ industry best practices and tools to keep their business systems and data safe and secure. To learn more about KiteTech’s Managed IT and Security Services, please reach out to schedule a conversation. We’d love the opportunity to talk with you and learn how we can help you protect your organization.

Dillon Fornaro

Dillon Fornaro

Security Engineer
Kite Technology Group

Zero-Day Vulnerabilities – What They Are and How to Protect Yourself

Before discussing how you can protect yourself and your organization from Zero-Day vulnerabilities, it’s helpful to understand the term vulnerability as used in the cybersecurity industry. The National Institute of Standards and Technology, commonly referred to as NIST, defines vulnerability as “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” So, anything that threat actors can exploit in your environment is considered a vulnerability, even employees. 

What is a Zero-Day Vulnerability?

Zero-Day vulnerabilities are vulnerabilities in software actively being exploited in the wild but have not yet been disclosed to the software developer, or a patch has not yet been provided to fix the issue. These vulnerabilities are usually kept secret by threat actors and sold on the Dark web for a hefty price. Depending on how much damage this exploit would cause, they can be sold for thousands and even millions of dollars. 

If, at first, Zero Day vulnerabilities are widely undiscovered, how are they initially found? That’s a great question! There are many different ways that Zero Day vulnerabilities are uncovered, but some of the more common tactics are Threat Research and Vulnerability Disclosure Programs (VDPs). Not all Zero-Day vulnerabilities are found by malicious actors. There are legitimate organizations whose sole purpose is to research threat indicators in the wild and correlate them to potential vulnerabilities in the software being exploited. After confirming or even potentially confirming that a vulnerability exists, they would then reach out to the software vendor in question and disclose this information. This is usually done by following the organization’s Vulnerability Disclosure Program (VDP). These programs are designed to encourage Threat Researchers to come forth as well as anyone else who may have information regarding vulnerabilities in a software product. Most of these programs offer a monetary reward, and just like selling on the Dark web, the amount paid is substantial. These programs aren’t always available, but more organizations are adopting this tactic to fight back against the cybercrime industry. There has even been legislation adopted to push companies toward creating their own VDP. If you ever notice a software bug that you can replicate, it’s worth reporting it. You may just end up with some money in your pocket!

Protecting Your Business From Zero-Day Vulnerabilities

Unfortunately, due to the nature of the threat, we can only mitigate the risk, not completely eliminate it. But don’t worry; implementing the proper controls, processes, and procedures can significantly reduce the risk of compromise. The first step in protecting your business from Zero-Day vulnerabilities and attacks is simple patch management. Your company’s IT provider should be on top of issuing the latest updates to all of your software. Whether it’s your line of business application(s) or your computers’ operating systems, applying the latest security patches is crucial. The process for managing these updates to your company’s software should be written down in its own policy and, if possible, automated. 

Another way to protect yourself against these threats is even easier than patch management – you need to be aware of what’s going on. Researching the latest threat trends and keeping yourself up to date about active exploits will provide you with the information needed to proactively patch your systems or isolate that specific software inside your network. I recommend subscribing to a security newsletter if you aren’t actively working in the Cybersecurity industry where threat research is a part of your job. On another note, while vulnerability scanning won’t necessarily provide you with insight on Zero-Day vulnerabilities affecting your network, it does give you a clearer picture of the threat landscape of your environment. More visibility offers you greater control, and greater control gives you better protection. 

Last but not least, start depreciating your legacy software. Any applications that are no longer supported by the vendor won’t be receiving further security updates. It is extremely risky to continue utilizing end-of-life (EOL) software inside your environment, so it’s crucial to move away from these solutions as soon as possible. If your business is dependent on a product that’s in EOL and depreciating in a timely manner is not feasible, be sure to isolate any devices that contain the software from other areas of your network. Doing this will aid in preventing either malware or threat actors from moving laterally across your network in the event of a compromise. 

Vulnerabilities can be scary, especially when Zero-Days are thrown into the mix. However, with the proper security controls, processes, and procedures, you can significantly mitigate the risk to your business. If you would like to learn more about how Kite Technology’s Managed IT and Security Services can better secure your organization, please reach out to schedule a conversation. We would welcome the opportunity to discuss your company’s IT and security needs and help you develop a plan to improve your performance and security posture. 

Dillon Fornaro

Dillon Fornaro

Security Engineer
Kite Technology Group

adam atwell

Adam Atwell

Cloud solutions architect

Adam is passionate about consulting with organizations across the country to help them develop and execute a cloud adoption strategy that meets their business needs and future objectives. Adam oversees and manages our company strategy for Microsoft 365 adoption and is responsible for future growth and development inside Microsoft 365 and other cloud technologies.