Table of Contents
Introduction
When most people refer to the internet, they are thinking of the Clearnet: the portion of the internet that is accessible through mainstream search engines like Google Chrome, Microsoft Bing, and Yahoo. However, the Clearnet comprises only a small fraction (5-10%) of the total web.
In this blog, we’ll shed light on the three main components of the web, including the Clearnet, the Deep Web, and the Dark Web. We’ll also explore the value the internet has brought to society, the damage DDoS attacks can inflict, and how to detect and protect against this cyber threat.
The Clearnet
The Clearnet, or Surface Web, includes websites, blogs, social media platforms, and online stores. It is the portion of the web that is open to anyone with internet connectivity. Accessible through popular search engines, it is rich with valuable information that is available for free – no passwords or subscriptions required. It is also the gateway to vital services many people take advantage of every day, including shopping, banking, entertainment, and medical care.
Deep Web
The layer just beneath the Clearnet is the Deep Web – by far the largest component of the internet, accounting for approximately 90-95% of the total web. When you go to your bank’s website, the Clearnet includes portions of the site that are accessible to everyone. But if you want to access your personal banking information which is located on the Deep Web, you need a password and probably other forms of authentication. Your email, social media pages and profiles, news service subscriptions, online courses and grades, healthcare records, and government records are also located on the Deep Web. Anything behind a paywall, or that includes information that is private to you, is on the Deep Web and requires layers of security to access.
Dark Web
There are legitimate reasons to use the Dark Web (or Darknet), which comprises approximately 4-5% of the deep web. In countries that engage in censorship, citizens use it to share information freely. It is also used for whistle-blowing and political dissidence.
However, because the Dark Web is an intentionally hidden part of the internet, requires special software to access, and provides anonymity to its users and the websites it hosts, it is mostly associated with threat actors. The Dark Web is home to a variety of content associated with illegal activity. When it comes to cybercrime, this activity includes the buying and selling of login credentials, sensitive personal information, and other data and tools that make it easier to execute cyberattacks.
Difference Between Clearnet vs Darknet
The main difference between the Clearnet and the Darknet stems from how they are accessed. The Clearnet is open to anyone with internet access and its content can be indexed by standard search engines. Simply type into a search engine whatever you’d like to access – information, news, a website, a blog. The results that the search engine shows you are available to any user, even without registration.
In contrast, the Darknet is not indexed by standard search engines. Its content is accessed via tools like The Onion Routing (TOR) project that ensures anonymous access, and Invisible Internet Project (I2P) that offers anonymous hosting of websites. Providing an “off the grid” way to share information, further strengthened with layers of encryption provided by servers throughout the world, make it virtually impossible to track geolocation and the IP addresses of their users.
Because it is public, the Clearnet is continuously monitored and indexed to control for legitimate uses and distribution of information. In contrast, because the content on the Darknet is hidden intentionally and difficult to track, it is common to find illegal content and nefarious activity. Fortunately, through undercover operations and agency collaboration, law enforcement has had significant success identifying and stopping criminal activities and bringing cybercriminals to justice. Additionally, Dark Web monitoring services are available to help you detect threats that could impact your organization and get ahead of them.
Benefits and Applications of the Clearnet and Deep Web
Fortunately, most of us are much more familiar with the many positive ways the Clearnet and Deep Web have impacted our life as we know it.
Economic Growth
The internet has helped create new industries and businesses. These include social media, streaming services, e-commerce, fintech/online banking, smart homes/businesses/cities, and more. It’s also helped improve productivity and efficiency for nearly every type of business and drive down costs.
Access to Education
The internet has made it easier for more people to access educational materials and learn more without having to be in a classroom or at the library. The internet also makes it possible to learn independently and conduct in-depth research easier and faster. Students can also benefit from personalized learning based on their skills and preferred learning styles, as well as collaboration with peers and teachers to share ideas and achieve learning goals.
Medical Care
Doctors now have instant access to updated patient records and critical information from Internet of Medical Things (IoMT) devices such as glucose monitors. Patients can also receive care via online consultations with medical professionals, including with specialists that may be located anywhere in the world.
Remote Work
The internet has made it possible for employees to work from anywhere, providing them with unprecedented flexibility. Meanwhile employers have access to a global workforce and talent pool.
Access to a Global Audience
Companies can reach potential customers anywhere in the world. Likewise, experts and educators can now offer their insights and knowledge to a much larger population than they could have reached prior to the internet.
Government Efficiency
Constituents can get answers to common questions, conduct services like car registration renewals, and even pay taxes and file for licenses within minutes, thanks to the internet.
DDoS Attacks on the Clearnet and Deep Web
Lives and livelihoods depend on the internet – specifically the Clearnet and Deep Web. But when DDoS (distributed denial-of-service) attacks disrupt or completely bring down online access to information and services, the damage is not only inconvenient – it can be devasting.
According to Verizon’s 2024 Data Breach Investigations Report, DDoS attacks are responsible for more than 50% of cyberattacks. They are designed to overwhelm a target server or network by flooding it with an excessive volume of requests. These requests could be in the form of data packets, HTTP requests, or even connection requests. The sheer volume of incoming traffic exhausts the target’s resources, leading to a breakdown in service. Increasingly, DDoS attacks are being coupled with other criminal activity such as data exfiltration and ransomware attacks which make them even more disruptive, costly, and complex to mitigate and recover from.
Some of the most famous DDoS attacks have taken down high-profile websites including Amazon, CNN, HBO, E-Trade, Twitter (now X), Reddit, Yahoo, PayPal, Netflix, and GitHub. Entire countries have been brought to a standstill due to DDoS attacks on their government websites. Additional critical infrastructure like hospitals, transportation systems, and the energy sector – and the people they serve – have also been impacted by DDoS attacks.
Protect Against DDoS Attacks
Organizations should use a combination of best practices and technology to defend against DDoS attacks and ensure service availability, including:
Employee education
Conduct regular training on the dangers of DDoS attacks and how employees can mitigate the risk of attack by using strong passwords, multi-factor authentication, and not clicking on suspicious links or attachments in emails from unknown sources.
Securing devices and software
Ensure systems and software are up to date with patches to address vulnerabilities that threat actors are known to exploit to launch DDoS attacks. Apply network segmentation to limit movement of traffic between devices and to other parts of the network. And use tools including endpoint detection and response, intrusion detection/prevention systems, and firewalls to detect and block anomalous traffic.
Establishing network redundancy and failover plans
Use load balancers and failover mechanisms that distribute traffic across different servers and cloud resources to help mitigate the impact of an attack and assist with continuity of service while IT teams investigate and respond. Additionally, leverage Content Delivery Networks (CDNs) to distribute your website’s content across multiple servers and locations. CDNs can absorb and distribute traffic, minimizing the impact of DDoS attacks on a single server.
Invest in advanced DDoS protection
The most comprehensive way to mitigate DDoS attacks is with a DDoS protection solution. The most effective solutions will allow you to maintain uninterrupted service availability even in the midst of a DDoS attack and protect you against follow-on threats including data leakage, ransom attacks, and other threats to your operations.
Closing Thoughts
The internet has brought immeasurable benefits to society and continues to grow in usage and functionality. In fact, 25% of the world’s population only knows a world with the internet. And for the rest of us, it can be difficult to imagine a world without it.
Understanding the roles and relationships between the Clearnet, Deep Web, and Dark Web helps highlight the power and complexity of this vast web of interconnectivity and shows where and how nefarious activity can creep in.
Fortunately, law enforcement and Dark Web monitoring services are extremely active in patrolling the Dark Web and rooting out cybercriminals. Additionally, there are best practices and technologies you can use to detect and prevent the risk of cyber threats, such as DDoS attacks, that threaten availability of services we rely on every day. These risk mitigation strategies include employee education, patching and segmentation, endpoint detection and intrusion prevention, firewall rules, and using an advanced DDoS protection solution coupled with intelligence to stay ahead of emerging threats. Visit our threat intelligence research center for more information on DDoS defense in depth.
