Why Dark Web monitoring is a critical component of threat intelligence

When it comes to effective vulnerability management, Dark Web monitoring must be taken seriously. Many companies believe that, beyond preventing employees from using it, it’s not a threat. Unfortunately, as a result, it gets treated as a secondary concern, if at all.

However, if you don’t monitor the Dark Web for cyber threat intelligence & threat information as part of your cyber intelligence initiatives, you may be missing many instances where you can spot if your company’s security has already been breached. It's an information security blind spot your business can’t afford. 

Here's how to bolster your cybersecurity defences to monitor Dark Web sites and other Dark Web sources. 

Types of Illicit Activity on the Dark Web

The types of information available across Dark Web locations are myriad. These Dark Web threats can threaten sensitive assets and significantly reduce your cyber defence posture. Let’s break down the major categories

Serious Crimes - These include guns, drugs, and child pornography. The very nature of these things alone is enough to scare any honest person from venturing onto the Dark Web simply because you don’t want to accidentally see something that you can’t unsee.

However, the same marketplaces where these things are offered also include information which your company should take very seriously.

Fraud - One of the most common items available for sale on the Dark Web is credit card numbers. These can often be purchased from Dark Sites in bulk. Other online Dark Web items include internal documents from companies; editable Photoshop files of invoices, order forms and more, which can make it very easy for people to trick companies out of everything from discounts, coupons, orders and more. False IDs are also easy to get from Dark Sites; often stolen from people taking “selfies” of themselves with their id.

Physical Goods - You can find any number of counterfeit goods on the Dark Web, beyond the usual counterfeit watches and sunglasses, to iPhones and Androids, and various tablets. These are often purchased in bulk across Dark Web sites and then sold on the Surface Web in places like Amazon. One can also easily find many prescription drugs available for sale, often the legitimate item, simply by searching “NHS”. Typically, the volume of these available suggests that the information has been gained from insiders with access to these pills.

Customer Data Breach information - Results of massive hacks are often available for sale. These could include your customers' information. It’s important to note that your customers are likely one of the weakest spots in your security system. While companies can enforce secure procedures for employees, it’s nearly impossible to do this for customers who may use the same password for many sites. All it takes is one breached site for a person to get access to company information that was not even part of the original breach.

In other words, you might not even have been hacked, yet your customers' data may still appear on the Dark Web.

Cyberattack planning - Often credentials are traded around the Dark Web prior to a breach occurring. Bad actors may share samples of information for sale to someone wishing to use this information in the future. This data can be extremely useful for IT security areas to gain an understanding if an attack is about to occur, to prevent potential losses from occurring.

Why the Dark Web is often overlooked

There are many reasons why companies don’t take the threats of the Dark Web seriously. Let’s go over them.

Not on the top of the list - If you are busy dealing with security for your company, typically concerns surround perimeter defence, and policies surrounding employee use of the internet take centre stage. The belief is that if you can keep your employees off the Dark Web, the biggest threats are reduced. The problem is that you are still at risk, even if everyone at your company behaves perfectly.

We’re not a target - Many companies feel that they are too small to be targeted, and so Dark Sites simply aren't a concern. You may have heard about big data breaches occurring at large companies; the belief is therefore that it must only be the big bait fish that are being targeted.

The truth is the matter is that medium and small-sized companies are often targeted quite simply because they are known to not have as many resources to protect themselves as larger ones.

IT and HR don’t like the idea - Letting people have access to the tools which allow access to the Dark Web makes both IT security and HR nervous. Anonymous web browsing makes companies believe that they are opening themselves up to further risk, simply by allowing employees not to be tracked, so they simply block access.

This is akin to solving a problem by sticking one’s head in the sand. Just because you don’t pay attention to the fact that something exists does not make it go away.

We have a “Dark Web person” already - Your IT department may take it seriously enough that they’ve designated a person to regularly monitor the Dark Web to look for mentions of your company so that they can take action if data appears. The belief is that since you already have someone “on it” there’s little more that can or needs to be done.

The problem is that one person attempting to monitor the entire Dark Web is extremely inefficient and likely ineffective. Marketplaces on the Dark Web typically require individual logins and may also require a referral to get access. What this means is that even if your “Dark Web person” has managed to gain access, they will be needing to continually login to each one of these sites on a regular basis. This is inefficient as a threat intelligence strategy and unlikely to be effective.

Nothing you can do - Even if your data has appeared on the Dark Web, the common belief holds that there is little that can be done to track down criminals and that threat intelligence is a waste of time. After all, it’s anonymous, and nearly impossible to track criminals down, so the Dark Web is just an unfortunate reality.

The truth is that there are plenty of things that can be done; criminals on the Dark Web are caught regularly with the right threat intelligence processes in place. Many of the biggest marketplaces such as the infamous “Silk Road” have been taken down. Also, the more you know about what data about your company is out there in various online locations, the more resources you have for fixing potential breaches.

Skurio to the Rescue

With Skurio threat intelligence, you can automate much of the process. We have access to and can regularly scan the major marketplaces for any mentions of your company, your employees, or your customer data protection.

We have methods for matching information discovered on the Dark Web against known breaches. We can provide you with the cyber threat intelligence you need to prevent the next big attack on your systems. Learn more about BreachAlert Dark Web Intelligence today.

Digital risk protection

 

Posted by Patrick Martin

 

Have your say...