The IT Nerd

Cybersecurity experts explain why security teams are turning to the dark web to protect executives

Executives are the prime targets for cyberattacks. However, cybercrime is not the only threat lurking in the internet shadows for high-profile leaders. The dark web has become a hub for bad actors who are seeking to steal corporate leaders’ credentials for access to sensitive data and laying the groundwork for more sophisticated cyberattacks or even plotting assaults that threaten executives’ physical safety.

A study by GetApp, a business software directory, found that 72% of surveyed US executives have been targeted by cybercriminals at least once. Additionally, 69% of employees who work in companies that experienced previous attacks targeting leaders claim that cyberattacks against executives have increased.

According to Vakaris Noreika, a cybersecurity expert at NordStellar, a threat management platform, executive protection has become an even more relevant topic over the last few years. High-profile cases, such as the assassination of the UnitedHealthcare CEO Brian Thompson, have fueled existing concerns over executive safety — both online and offline.

“Corporate leaders are prime targets for cybercriminals because their credentials and personally identifiable data can grant cybercriminals access to sensitive resources or deploy sophisticated social engineering attacks to maximize the damage and profits,” says Noreika. “The dark web is filled with bad actors — many financially motivated, others driven by political or ideological goals — making it a hub for threats against executives, from cyberattacks to physical assaults.”

Growing concerns from physical security teams

According to Ron Zayas, an online privacy expert and CEO of Ironwall by Incogni, a privacy protection and data removal service, the company’s team noticed a growing interest in executive protection from businesses over the past eight months.  

“Multiple high-profile attacks, as well as abrupt political shifts that resulted from the change of administration in the U.S., have been the two main contributing factors fueling the rising interest in executive protection services,” says Zayas. “Physical security teams have shown the greatest interest. While most IT admins use dark web monitoring and consider executive protection a lower priority, physical security experts stress the need for additional measures.”

Zayas reveals that executives are frequently named as direct targets in dark web posts, with their credentials often appearing in data leaks alongside those of other employees. Some companies are explicitly targeted — bad actors disclose their aim to proactively penetrate the organization and obtain the credentials of its senior management.

“In our experience, physical security teams are most concerned about any information leaks disclosing the location of the executives because this would set the stage for a potential assault at home and away from the office,” says Zayas. “Aside from personally identifiable information leaks, they also look for any other dangerous activity posing a threat to physical security.” 

Main cyber threats targeting executives

According to Noreika, targeted cyberattacks are the most significant cybersecurity risk lurking for executives on the dark web. If a bad actor successfully obtains corporate leaders’ credentials, personally identifiable information, or other sensitive details, the likelihood of them infiltrating a company’s network, using that data to carry out more devastating attacks, or locating the executive is very high.

“In the most common cases, hackers use stolen credentials to infiltrate a network,” says Noreika. “However, they might also use personal information to launch phishing campaigns, tricking executives into downloading malware. They can also carry out business email compromise attacks, posing as corporate leaders to scam employees, partners, or vendors, or even use snippets of their voice for deepfakes. This enables them to steal company funds, fool third parties into payments, or leak sensitive data.”

Noreika explains that dark web monitoring is essential to detect these threats before they escalate. However, it’s important to note that once information is leaked on the dark web, there’s not much security teams can do to make it disappear. Companies must have a proper executive threat prevention, preparedness, and response plan to maximize the mitigation of security risks.

“Strict access controls, multi-factor authentication, proper network segmentation, and a comprehensive cybersecurity strategy are necessary to ensure that cybercriminals cannot successfully infiltrate a network. Robust physical security measures must also be in place to minimize the risk of endangerment to physical security,” says Noreika.” The response plan should contain swift step-by-step actions encompassing threat containment, incident reporting, and coordination with law enforcement and security teams to mitigate risks and ensure executive safety.”

Noreika emphasizes that cybersecurity training for corporate leaders should also be prioritized. Raising their cybersecurity awareness could significantly decrease the likelihood of their credentials or other personal data ending up in a data leak on the dark web.

ABOUT NORDSTELLAR

NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.