How to Monitor the Dark Net for Business Threat Intelligence

Posted on the 23 January 2018 by Darkwebnews @darkwebnews

With regards to cyber security, we all have to agree that it has to get worse before it gets any better.

Indeed, IT experts admit that it won't be possible to completely eliminate cyber threats, or at least not anytime soon.

It's evident that the white hat hackers are already having trouble and a rough time trying to make life difficult for the black hat hackers on dark web.

For instance, even after the famous shutdown of Silk Road happened after 2.5 years of operation, it was replaced shortly thereafter by "Silk Road 2.0" among other marketplaces to replace the large sites which were shut down due to simple sellout mistakes.

A cybersecurity report released by Gemalto states that from January to June 2017, there had been continuous overwhelming data breaches that negatively affected businesses such as White Lodging and Michael Stores among others.

There has also been a drastic increase in the frequency of hacking and theft of personal data, privileged user login credentials, and credit card information for future sale and dissemination in the thriving dark web marketplaces.

In these dark web markets, the price of the information depends on the access it provides, the encryption status of the data, how recently it was obtained, and the wholeness of the dataset. The more access which credentials have for a system, the more valuable they are.

Who is at Risk?

Gemalto's cybersecurity report says that many of companies' assets are at risk to criminal activities facilitated by the dark web, some of which criminals are actively vying to buy and sell.

The assets at risk include: general and specific cyber exploits and vulnerabilities; intellectual property, designs and counterfeits; financial information including credit cards and banking details; and personally identifiable information.

The Risks Posed.

Cybercrime has become a service on the dark web, allowing criminals and their customers to sell and buy data as easily as any other legitimate businesses outside of the dark web.

The use of bitcoins, not forgetting its anonymity as their currency of dark web markets, makes the illegal undertakings difficult to trace, hard to find and safe.

A study report revealed that the cybercrime industry is increasingly being preferred by criminals as it is becoming more profitable and has less risk than the infamous drug industries, thus explaining in part the recent increase in cyber-attacks.

From the report, readily available and easy to use ransomware is one factor among many that have resulted in the alarming increase in cybercrimes cases.

Coined Ransomware-as-a-Service (RaaS), it has become very easy for anyone with basic programming and computer science skills, a little knowledge on how malware works or social engineering skills to become a cybercriminal with a success story, noting that it does not require much expertise to launch these attacks.

In simple terms, the hackers only need intent or ill will and a safe, conducive environment, which is now provided by the dark web, to carry out their criminal activities. Such RaaS users are termed 'script kiddies' in the eyes of the larger hacking community.

The dark web is part of the Internet that is not indexed and hence cannot be accessed using common standard search engines like Google. Therefore, a user requires special software known as the Tor browser to access the dark web.

This specialty browser allows the users to navigate the dark web without giving away the location of the user's IP, and hence host a safe marketplace for malware, contraband, and stolen datasets.

Obtaining Cyber Intelligence.

As cybercriminals get smarter and cybersecurity systems get more complex, many enterprises are faced with difficulties in handling IT security breaches.

Gemalto's report provides insight as to what extent enterprises evaluate the risks they face on daily basis and what it means.

The report also offers professionals' views and concerns about a wide range of threats such as cloud security, mobile security, and the Internet of Things.

Hundreds of dark web index sites are available on the surface web and others can be found when exploring the dark web itself. Since most of these sites are developed to be used for illicit e-commerce business, they are easy to find and use, thereby facilitating threat intelligence collection.

Almost every business enterprise has the resources it takes to start a cheap dark web intelligence operations program within their own existing IT and cybersecurity teams.

By monitoring activities on the dark web, entities and individuals can find out what may have been stolen, could be used against them, or improve their overall security posture to close any security gaps.

When collecting threat intelligence, the information should be stored in a similar manner would be done for traditional cyber threat data.

By doing this, it will be easy to begin developing a data repository that can be obtained and used for cause analysis, predictive analysis, creating a continuously personalized risk profile, surveillance of open and restricted darknet markets, baseline risk assessment, continuous monitoring and risk mitigation recommendations among other analysis oriented towards other cybercrime and threat defense operations.

Gemalto's report advises that when mining for data intel from the dark web, it's always necessary to search for information pertaining to your entity, as it is pre-assumed that you know all of your information pertaining your employees, products, customers, and IT systems before beginning to filter through dark web data.

After searching, you'll soon find information that can have a significant, direct effect on your business such as your brand image, customer confidence, intellectual property, product development, and legal defenses among others that will help you locate the loop-holes, fill them, and hence protect yourself from being hacked if there is loose data available pertaining to your organization.

Disclaimer:

You need to enable JavaScript to vote