Find Your Digital Risk

“The next best thing to knowing something, is knowing where to find it.” : Samuel Johnson.

This is quite a fitting quote from the author of A Dictionary of the English Language and equally fitting today when it comes to understanding your digital risk.

There’s a great deal of intelligence organisations can find on the deep and dark web. Credit card numbers, bank account information, patient information and intellectual property are widely known to be for sale on forums. Now some of the intelligence is more eye opening. We’re seeing W-2 forms , and employee credentials available, making any organisation ripe for tax fraud or account takeover, respectively.

One of the most popular marketplaces on the dark web for such information is AlphaBay. Not only is information related to a company’s assets available, but information about new techniques to compromise targets is for sale as well. One of the latest is a tool to bypass SMS account verification, making multi-factor authentication that relies on SMS vulnerable.

On such forums you can also find configuration files for credential stuffing tools, like Sentry MBA, that are created for account takeover of specific companies. There are dozens of marketplaces on the dark web and competition for business is steep.

In fact, some less popular market-places offer botnets devised to spam AlphaBay users with advertisements or special promotions in an attempt to entice them to switch forums. Not all dark web sources are as readily accessible as AlphaBay, of course. Some require human analyst expertise to also gain access to closed sources to get the most relevant view of the risks.

But for all the notoriety of these marketplaces, it is also important to remember that criminal activity isn’t limited to the dark web, particularly given the fact that some countries don’t extradite cyber-criminals. With minimal consequences, bad actors have no incentive to hide.

As a result, cybercrime is an Internet-wide problem, almost equally present on the deep and open web. Deer.io is a prime example. This all-in-one outsourced online shop provides hosting, design (based on WordPress-like templates) and a payment solution. Additional items for sale on the marketplace include:

• Bot-registered social media accounts (usually sold in bulk), typically with the intent of supporting social media spam and artificially increasing the popularity of other accounts/posts

• Stolen, legitimate social media accounts, which are advertised in small quantity but at higher prices compared to bot-registered accounts

• “Coupons” to services that artificially increase the popularity of social media accounts or posts

• Stolen accounts from other services including banks, payment, and gift and loyalty cards

• Dedicated servers and domain names
The point is that criminal forums exist everywhere so focusing only on the dark web won’t give you a comprehensive view of your digital risk. Furthermore, it isn’t enough to simply detect mentions of company assets and concerns. You need context behind the information you see posted to have a better understanding of the actual risk to your organization. This requires a combination of technology and people.

Automated collection technology can provide visibility into incidents with context, as they happen, wherever they happen – across the open, deep and dark web. For example, being able to see previous posts by other users on the marketplace on the same thread or post can provide a deeper understanding of how your company, employees or customers may be impacted. It can also provide an overview of the user in question, with their name, data joined, activity levels and reputation.

Data scientists and intelligence experts are able to gain access to some closed sources that collection technology alone can’t penetrate and they need to be involved in qualifying the data collected. With enhanced analytic capabilities and additional context, they can help determine the potential impact to the organisation, a possible timeline of events, and recommended action.

A comprehensive assessment of your digital risk starts with knowing where to find it. With an approach that combines technology and human experts looking across the open, deep and dark web, you can understand not only where and when you are mentioned online, but also why, by whom and the likely impact to your organisation.

This breadth and depth of coverage is essential to protect against threats associated with forums and marketplaces and, ultimately, to formulate a successful digital risk management strategy.

Security Week:

You Might Also Read:

Cybersecurity Has A Metrics Problem:

Time To Speak The Language Of Risk:

 

« Half Of US Firms Do Not Buy Cyber Insurance
British Businesses Are Unaware Of Data Protection Laws »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

ALTR

ALTR

ALTR provide software-embedded solutions for data security and privacy.

HOBI International

HOBI International

HOBI International is a leading mobile, IT and data center asset management provider with solutions for device management, reverse logistics, data erasure, refurbishment and recycling.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

SecAlliance

SecAlliance

SecAlliance is a cyber threat intelligence product and services company.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.

Northern Computer

Northern Computer

Northern Computer provides comprehensive IT solutions that streamline your operations and help you achieve your business goals.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.