There is a parallel universe in the cyber world known as the “Dark Web.” It’s a part of the Internet inaccessible via standard browsers or search engines, and it’s where cyber criminals share botnet kits, trade bitcoins, and recruit other hackers to carry out attacks. Over the years, the “Dark Web” has also provided an anonymous marketplace for criminals to sell information stolen from data breaches. An example is from 2015, when nearly 10GBs of data including account details and passwords for some 32 million users of Ashley Madison, were posted on the dark web.
To stay a step ahead of cyber criminals, organizations are beginning to monitor activity found on popular social media sites and on the dark web. In fact, the FBI frequently shares alerts based on discussions that they find in these underground sites. For instance, earlier this year, the FBI's Cyber Division issued a Private Industry Notification alerting law firms that a criminal actor had posted an advertisement over a criminal forum, asking for a technically proficient hacker to breach the networks of multiple international law firms.
Get the Data, Then What?
The question then becomes, how do you monitor the dark web? This underground network can often feel like crowded street markets, with noise coming from all sides and shiny new things to look at with every turn. However, for any IT professional tasked with protecting their network from cyber criminals, sifting through the noise can be difficult. Below are some of the key challenges and recommendations:
Actionability. Knowing that your company is brought up quite often in hacker forums doesn't do much for your security team. It usually doesn't tell you what areas of your organization to fortify, or what IT systems to monitor. Teams should consider establishing action plans and prioritize actions depending on the items found on the dark web. Try to avoid the “all hands on deck” approach; instead appoint members on your team that will investigate any suspicious activity involving your organization.
Accuracy. People often read about "anonymous sources" in news, and many times these sources are wrong or miss important details of a story. When it comes to information security, relying on anonymous sources may lead teams down rabbit holes. False positives are no laughing matter, and many times, the data coming from hacker channels has many flaws. If you or your team are monitoring activity from the dark web, you should maintain a list of key terms or phrases that may point to a potential attack. This will enable you to focus your searches and discover threats much faster.
Language. Unless somebody on your team speaks a foreign language like Russian, French, or Chinese, much of the content found on the dark web is undecipherable. If a criminal group is targeting an organization and they use hacker forums to communicate, they may not use your language. If you can't understand the content coming from the hackers, it loses most of its value. Consider using a tool that tracks discussions from the dark web, but also translates content found over these forums. This enables you to better understand the content and identify potential areas of concern.
BitSight offers you the ability to monitor the Dark Web for all companies in your portfolio. You can search for key terms and pinpoint suspicious activity mentioning your organization or your third parties. Schedule your demo today!