Below the surface of the internet we’ve learned to be so dependent on, known as the Clear Web, lies a realm foreign to many of us. While we may have heard of the Deep and Dark Web, we may not be well versed in their day-to-day activities, or how they affect us and our work.
According to Global cybersecurity company Kasperspy, the Deep Web holds 90 percent of all websites, meaning we’re exposed to only about ten percent on the Clear Web. Despite the prejudice, for the most part, the Deep Web contains legal activity.
Going even deeper, you reach the Dark Web, a small portion of the Deep Web which Kaspersky defines as, “the hidden collective of internet sites only accessible by a specialized web browser.” It is often used for private or anonymous internet activity, both legal and illegal. Over the years the Dark Web has gained a reputation as a shady place where cyber criminals carry out intricate attacks and illegal activity thrives.
Recently, sports organisations have become common inhabitants of the Dark Web, albeit unwillingly and more often than not, unknowingly. Sports organisations are enticing targets for cyber criminals, with more than 70 percent of sports organisations surveyed by British National Cyber Security Centre, saying they experienced some sort of breach in the year prior to the survey. Their names are now also popping up as part of the chatter on the Deep and Dark Web.
Activity on the Deep and Dark Web
The Dark Web has become a paradise for attackers and criminals, a place where they can engage in various activities while remaining completely anonymous - if they choose to do so. One of the most notorious sites within the Dark Web was the Silk Road, a black market website where users could buy and sell anything, including illegal weapons, tanks and drugs. The site, dubbed the “Amazon of drug sites” by an FBI agent, brought in approximately $1B in sales.
Meanwhile the Deep and Dark Web have also become a hub for threat actors targeting sports organisations, generating revenue from attacking their brand, infrastructures and even their fans. The larger an organisation and brand, with more fans and gravitas, the more likely threat actors are to try and attack them to gain revenue.
It’s imperative for sports organisations to know that they are on the Dark and Deep Web and being targeted, says Dor Eisner, VP Business Development and Strategic Alliances at IntSights. IntSights, a market-leading, threat intelligence and protection company, monitors the Deep and Dark Web for threats and provides actionable intelligence.
“It’s not just how the threat actor can target the security or the perimeter of the organisation,” explains Eisner. “But also how the threat actor can use the brand and the fans of this organisation to manipulate and create phishing attacks, scam campaigns and fraud.”
There are countless ways for cybercriminals to target sports organisations. Threat actors use data and credential leaks to access organisations and take over accounts. Some sell attacks as a service. Others create coupon and token generators to sell fake tickets to distributors, who then sell them in cyber crime markets as secondhand tickets, eventually stealing money from fans.
Over the last year, with COVID-19 restrictions forcing fans to watch from home rather than from stadiums, Eisner and IntSights saw a rise in fake tokens and coupon generators for OTT and live streaming services. This means that while fans may be paying for these services, the payments fall into the wrong hands and rights holders are losing out on money.
Attacks can also take on a more personal form. In November 2020, on the same night Manchester United were targeted with an attack, exposed images of 100 female athletes and celebrities were stolen from their mobile phones and posted on the Dark Web. One of unnamed, British athletes had more than 100 images stolen. While it was not disclosed if the hackers were after payments, such attacks could have profound emotional as well as monetary consequences.
Deep and Dark Web crime can generate sums reaching tens of thousand of dollars to those with the malicious tools and intentions. They are the ideal spaces for cyber criminals to earn hundreds of thousands of dollars for carrying out sophisticated exploits, all while remaining anonymous.
The most valuable targets
While there are many important assets in need of protection from cyber criminals, some of the most valuable assets an organisation has are senior executives and CEOs. Their prominence and importance make them more likely to be the target of an attack.
High-scale phishing attacks targeting VIPs within companies are referred to as “whaling.” Think of it as targeting the “big fish” within organisations.
In the sports industry, the whales are even bigger. Oftentimes executives are famous personas, making it easier to create fake profiles and impersonate them, says Eisner. This could result in social engineering attacks and selling private information like social security numbers, addresses and phone numbers.
It’s critical for sports entities to understand the risks they face: who is talking about them, their employees and VIPs, and who is trying to create fraud and threat campaigns against them. The next step is creating actionable mechanisms of protection to remediate the situation in real-time.
Reconnaissance and remediation
IntSights’ technology autonomously monitors the Deep and Dark Web and helps take action once threats are detected. The company is looking to “democratise” the cyber threat intelligence market; to provide organisations without extensive security teams with “simple, easy-to-use, threat intelligence that is actionable,” and to prevent future attacks.
Their unique tech offers solutions for both reconnaissance and remediation. IntSight has the ability to monitor at scale by utilising proprietary automatic scanning and detection technology. They then stream the security process to automate remediation and take action when necessary.
“Our mission is to understand who the threat actor is, what he is trying to do, and when he is going to launch the attack,” says Eisner. “We are trying to predict what is going to happen in terms of cyber intelligence and also provide actionable intelligence to the customer.”
Prior to IntSights, most threat intelligence providers, about 90 percent of them, says Eisner, provided generic intelligence by aggregating feeds from around the world and sending them to customers. Tailored intelligence, Dark Web reconnaissance and the ability to continuously monitor the web for threats are unique to IntSights.
Once a threat has been detected, the customer is notified while also given suggestions for actions to remediate it.
If, for example, fake tickets to FC Barcelona matches are being produced and sold, IntSights is able to negotiate with threat actors to understand their motives, the scale of their activities, and, at times, to purchase the tool that is being used to create the tickets, stopping future sales. If a fake LinkedIn profile was detected, they can choose to do an external takedown and alert the executive whose profile was duplicated.
Sports organisations are tasked with protecting their infrastructures, priceless data, and incredibly valuable, human assets - their employees and athletes who are some of the most famous people in the world. They therefore must be even more conscious of the risks and threats they are facing on every corner of the web, and must have the means to act and go on the attack rather than wait to be attacked.
IntSights currently provides threat intelligence for some of the biggest companies in the world, including Amazon, Starbucks, UEFA, and many other blue chip companies.
Eisner joined Infront Lab as a panelist in our webinar, “Protect the Net: Confronting Cyber Threats in Sport” to explain more about criminal activities on the Deep and Dark Web and the steps you can take to protect your assets. You can watch the webinar here.
Want to learn more about cybersecurity and how IntSights can help you protect your organisation and assets? Reach out to us today.