Virtual, underground marketplaces operating on the Dark Web generate billions of dollars worth of illegal business – from selling drugs to stolen credit card data, to intellectual property and more. Research shows that the volume of Dark Web users surged more than 40 percent in the early months of the pandemic and an estimated $100 million in COVID-related goods and services were offered for sale, from fake vaccines to the personally identifiable information (PII) that has been stolen through COVID-themed phishing attacks.
However, the Dark Web can also be used as an effective tool for legitimate cybersecurity researchers.
We spoke with Ziv Mador, Vice President of Security Research at Trustwave SpiderLabs for this Q&A that digs into how organizations can leverage the Dark Web’s secretive communities and glean valuable information that they can use to better protect their data and strengthen their security posture.
What kind of information can be found on the Dark Web and why is it valuable?
In closed forums, information is more valuable than drugs or illegal goods. It can serve as both the currency with which forum members pay their way into the community, as well as the merchandise being bought and sold. Once one has gained access to these closed forums by sharing nefarious information, it is easy to find ads selling large volumes of PII and other sensitive data such as bank account details, login credentials and full credit card numbers with CCVs – the latter of which can sell for as little as $20 per record. Some of the information being bought and sold on the Dark Web is intentionally timed to take advantage of current events and geo-political trends.
In addition to selling stolen or leaked consumer information, Dark Web forums also serve as a marketplace for buying and selling pre-packaged cyberthreats. Forum members can purchase malware, easy-to-use keyloggers and ransomware kits that come complete with detailed instructions on how to use them. Occasionally, new zero-day exploits can even be found for sale before they have been launched in the wild, though this is less common. Still other cybercriminals on the Dark Web will sell their expertise and skills as a service, offering up information on how to exploit a particular vulnerability or execute a certain attack technique. Some specialize in credential stealing, others in social engineering methods – such as impersonating a company’s IT department and pretending to “verify” access credentials or other sensitive information from unsuspecting remote workers.
What are the security benefits to monitoring and collecting threat intelligence on the Dark Web?
By regularly monitoring the Dark Web, security professionals can gain valuable insights on emerging trends and specific threat intelligence they can use to improve their defensive techniques. They can leverage chatter on Dark Web forums as an early warning system, alerting them to new bots, viruses or malware that have appeared on the scene. This early warning gives security professionals time to harden their defenses and update their response playbooks, enabling them to mitigate the risk of the threat being used against their organization, or respond more quickly if an attack does occur.
Security professionals can also learn about new or emerging attack techniques that could be targeted at a particular vertical industry or sector. Individual organizations are rarely targeted, unless they have a particularly sought-after asset, but cybercriminals and hackers will often exploit vulnerabilities to target a particular industry. For example, knowing that healthcare systems have been overwhelmed during the pandemic, cybercriminals have actively increased their attacks targeting the industry and are sharing their techniques for executing ransomware attacks aimed at hospitals and healthcare providers. By monitoring the Dark Web, security professionals can stay ahead of the threats and better prepare their defenses.
How can organizations start utilizing the Dark Web to bolster their security posture?
Because it can take years to earn reputation on the Dark Web – not to mention a unique talent for blending into these secretive communities while walking the fine line of not aiding criminal activity – enterprise security teams may find it most practical to turn to a trusted partner or managed security services provider that is already monitoring these forums. Whether done in-house or with the help of a partner, keeping an eye on the Dark Web can prove very beneficial for cybersecurity professionals by providing actionable threat intelligence that can give them an advantage over their adversaries. As the old saying goes, “Keep your friends close, and your enemies closer.”
For more information about Trustwave SpiderLabs and our global threat intelligence capabilities, please click here.