MNX Solutions IT Support and Managed security presentation on the dark web and how you can protect your business

1. A Journey
Through the Dark
Web
Nick Wilkens

2. 2
About MNX
Managed IT
ServicesCybersecurity & IT Support
Cloud Hosting
Infrastructure as a Service
Business Voice
Cloud based Phone
Solution
mnxsolutions.com
mnx.io
mnxvoice.com

3. 3
Recent News

4. 4

5. 5
newsmaze.top

6. 6

7. 7

8. 8

9. 9

10. 10

11. 11

12. 12
What is the dark web?

13. 13
Surface,
deep, and
dark web

14. 14
The Dark Web
The dark web is part of the internet that isn't
visible to search engines and requires the use
of an anonymizing browser called Tor or I2P
to be accessed.

15. 15
18,188,675

16. 16
What is Tor?

17. 17
Tor
• The name is derived from an acronym for the
original software project name "The Onion
Router”
• Using Tor makes it more difficult to trace Internet
activity to the user
• Developed in mid 90’s with the purpose of
protecting U.S. intelligence communications online

18. 18

19. 19
Tor Browser
www.torproject.org

20. 20
Tor .onion addresses

21. 21
.onion (cont)
• 16- or 56-character strings
• Secure Drop: https://secrdrop5wyphb5x.onion/overview/
• Propublica:
https://p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu
5uqd.onion/

22. 22
What is I2P?

23. 23

24. 24
• Personal email with @mail.I2P addresses
• Hosting of a personal hidden service or
“eepsite” with a .I2P suffix
• File sharing via BitTorrent clients
• Encrypted cloud file storage software
• Real-time chat functions
I2P (garlic)

25. 25
Use cases (good)

26. 26
• SecureDrop is an open source whistleblower
submission system
• Safely and anonymously receive documents and tips
from sources
• Used at over 50 news organizations worldwide,
including The New York Times, The Washington
Post, ProPublica, The New Yorker, and The Intercept
secrdrop5wyphb5x.onion

27. 27

28. 28
MNX Solutions Business Voice
13
Why use Tor?

29. 29
Use cases (not so good)

30. 30
Usage Stats
Drugs, Marketplace,
Fraud, Counterfeit..

31. 31
Average price
of stolen
credentials on
the dark web
in 2019

32. 32
Dark Web Markets

33. 33

34. 34

35. 35

36. 36

37. 37

38. 38

39. 39

40. 40
Let’s take a step back
x

41. 41

42. 42

43. 43
For hackers, you could be a
tributary to a larger river.
They’re looking at you as a way
to get to somebody you work for,
someone in your family or some
organization in your network

44. 44
Ransomware Story

45. 45
Users in the U.S. open around 1 in
3 phishing emails.

46. 46
Ransomware
Email phishing
is the #1
culprit behind
ransomware
success.

47. 47

48. 48

49. 49

50. 50
Vishing Story

51. 51
What can be done?

52. 52
“If you don’t have a tool or technology that
enables protection from data loss, how will your
business survive?
Data is digital currency; it is imperative to
protect it. Everything else in security is
tangential to this critical point.” -- Forrester Consulting

53. 53
Defense
in Depth
Architecture

54. 54

55. 55
haveibeenpwned.com

56. 56
Incident Response Plan
Develop an incident response plan and assume that
cyber security incidents will occur and have a plan
on how to respond and recover from them.

57. 57
Auto Patch
It is recommended that organizations enable
automatic updates for all software and hardware
and use tools and KPI’s to report on anomalies.

58. 58
Security Awareness Training
As a first line of defense, organizations should train
employees on basic security practices. Organizations
should focus on practical and easily implementable
measures.

59. 59
Proper Backups
Your backup is only as good as your last restore test.

60. 60
Cyber Drills
Cyber response drills are as essential as fire drills.
The risk for cyber breaches can easily eclipse the risk
of other cost-crippling events like natural disasters
and fires.
Personal risk also increases for executives and
leaders who are ultimately being held responsible for
protecting their organization’s data.

61. 61
Security KPI’s
Level of preparedness: How many devices on your network are missing patches?
Unidentified devices on the internal network: How many of these devices are on your
network that probably do not meet your security standards?
Intrusion attempts: How many times have bad actors tried to breach your networks?
Days to patch: How long does it take your team to implement security patches?
Cyber security awareness training results: Trending up/down?
Percentage of backup restore tests in last 48 hours: 100%.

62. 62
Questions?