BitSight

A View into the Dark Web

Joel Alcon | December 22, 2016

There is a parallel universe in the cyber world known as the “Dark Web.” It’s a part of the Internet inaccessible via standard browsers or search engines, and it’s where cyber criminals share botnet kits, trade bitcoins, and recruit other hackers to carry out attacks. Over the years, the “Dark Web” has also provided an anonymous marketplace for criminals to sell information stolen from data breaches. An example is from 2015, when nearly 10GBs of data including account details and passwords for some 32 million users of Ashley Madison, were posted on the dark web.

To stay a step ahead of cyber criminals, organizations are beginning to monitor activity found on popular social media sites and on the dark web. In fact, the FBI frequently shares alerts based on discussions that they find in these underground sites. For instance, earlier this year, the FBI's Cyber Division issued a Private Industry Notification alerting law firms that a criminal actor had posted an advertisement over a criminal forum, asking for a technically proficient hacker to breach the networks of multiple international law firms.

Get the Data, Then What?Demo Request - Third Party

The question then becomes, how do you monitor the dark web? This underground network can often feel like crowded street markets, with noise coming from all sides and shiny new things to look at with every turn. However, for any IT professional tasked with protecting their network from cyber criminals, sifting through the noise can be difficult. Below are some of the key challenges and recommendations:

  • Actionability. Knowing that your company is brought up quite often in hacker forums doesn't do much for your security team. It usually doesn't tell you what areas of your organization to fortify, or what IT systems to monitor. Teams should consider establishing action plans and prioritize actions depending on the items found on the dark web. Try to avoid the “all hands on deck” approach; instead appoint members on your team that will investigate any suspicious activity involving your organization.
  • Accuracy. People often read about "anonymous sources" in news, and many times these sources are wrong or miss important details of a story. When it comes to information security, relying on anonymous sources may lead teams down rabbit holes. False positives are no laughing matter, and many times, the data coming from hacker channels has many flaws. If you or your team are monitoring activity from the dark web, you should maintain a list of key terms or phrases that may point to a potential attack. This will enable you to focus your searches and discover threats much faster.
  • Language. Unless somebody on your team speaks a foreign language like Russian, French, or Chinese, much of the content found on the dark web is undecipherable. If a criminal group is targeting an organization and they use hacker forums to communicate, they may not use your language. If you can't understand the content coming from the hackers, it loses most of its value. Consider using a tool that tracks discussions from the dark web, but also translates content found over these forums. This enables you to better understand the content and identify potential areas of concern.

BitSight offers you the ability to monitor the Dark Web for all companies in your portfolio. You can search for key terms and pinpoint suspicious activity mentioning your organization or your third parties. Schedule your demo today!

 

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...

READ MORE »

Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...

READ MORE »

Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...

READ MORE »

Subscribe to get security news and updates in your inbox.