Threat Intelligence From The Dark Web -- Security Today

Threat Intelligence From The Dark Web

The reputation of the “Dark Web” perhaps exceeds its reality

Jun 21, 2018

The reputation of the “Dark Web” perhaps exceeds its reality. Many think of it as a place for criminals to operate. If used by security teams, however, the “Dark Web” can be ripe with threat intelligence for the picking.

Note: In this article “Dark Web” refers to any collection of computers that create an internet which requires specific software, configuration, or authorization to access. For example: Tor, Riffle, FreeNet, anoNet, and ZeroNet.

The Opportunity

The “Dark Web” has many purposes, but it is indeed a place for criminals to buy, sell, and trade goods and services. This is what makes it valuable to security researchers. By exploring the “Dark Web”, security teams have the potential to collect actionable intelligence. This includes malware capabilities, new tactics, compromised technology, and the direction of future attacks.

Recently, The Security Stronghold’s team of researchers ventured into the “Dark Web” for over four months to survey ransomware capabilities for our clients. This allowed us to look at how ransomware is targeting different verticals and with what tactics. Much of what we found is already known, but some intelligence collected helped us to clearly see current capabilities and gave insight into the future direction of ransomware aimed at certain clients.

When looking at threat intelligence from a hunting perspective there are a few specific items to look for. We are going to look at features of malware and underlying tactics. Keep in mind that scouring the “Dark Web” will give you insight to much more than merely malware.

Ransomware Intelligence Gathering

For this survey we visited a variety of marketplaces and forums ranging from public to private. By interacting with developers we were able to gain insight into what the underground economy is demanding as well as capabilities of malware.

The first phase was investigating marketplaces. Our team wanted to see if there were any obvious disparities between what was being sold and what the security industry was planning to defend against. Activities in this phase of the survey included identifying marketplaces unknown to the public, creating accounts or procuring access, and interacting with sellers. Communicating with ransomware developers and sellers was essential because our team needed to ensure that the capabilities and features were legitimate.

The second phase was interacting with developers in forums. Here our team was able to interact with a developing-centered community and discover the direction of future work. Many of the developers had experience with all types of malware but it is clear that ransomware is providing the largest return on investment for these criminals at this time.

The final phase was breaking down all of the information we had gathered. We tested proof of concept, ease of use, availability, looked at how certain variations and families of ransomware would affect different industries, and much more. With this survey we were able to advise multiple clients about threats that would have not been realized had we not taken the time to threat hunt on the “Dark Web”.

Keep This In Mind

First of all, keep in mind that spending time and money by sending your security team to gather threat intelligence from the “Dark Web” is not smart if your organization does not have the resources, risk, or need to deal with complex threats.

Focus on the big wins when gathering intelligence. In the beginning much of what The Security Stronghold team spent their time on did not result in actionable intelligence. Soon, however, we realized that we should focus on the big wins. These “wins” are discoveries that will result in actionable intelligence for your organization. This intelligence will be different for every organization.

The former point brings us to our next one, only collect actionable intelligence. If you really wanted to, you could spend forever obsessing over every little find. It is only practical if you collect the intelligence which will lead to real world action. Plenty of researchers have already gathered the basic information.

Your Turn

Gathering intelligence from the “Dark Web” once to explore is something entirely different than incorporating into security events at your organization. In order to fully develop threat intelligence capabilities within your security team, you should consider the following:

Do you have a threat hunting program in place already?
Is there a need for one?
Would it be best to outsource?
Do you have the resources to effectively hunt for threats in this manner?

Going Forward

The “Dark Web” can allow your organization to gain valuable insight into threats you face, however, the most effective use of your resources may merely be to have your incident response team stay up to date with others who conduct this type of research. This type of hunting is a can be a great experience and something that properly equipped security leaders may want to consider. It allows you a look inside the mind of the attacker.

Eagle Eye Networks Releases 2025 Trends in Video Surveillance Report
11/20/2024
Genetec Expands Access Control Market Share
11/19/2024
AMAG Technology Welcomes Chris Meiter as Vice President Global Business Development Video Solutions
11/18/2024
Napco Access Pro Launches New MVP Access App
11/18/2024
Evolon and UCC Partner to Deliver Proactive Video Monitoring Solutions
11/14/2024
ASIS International, International Protective Security Board Sign Memorandum of Understanding
11/14/2024
i-PRO Launches High Zoom Bullet Camera
11/14/2024
TSA Announces Proposed Rule Requiring Establishment of Pipeline, Railroad Cyber Risk Management Programs
11/12/2024

Featured

Gaining a Competitive Edge

Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now
- Artificial Intelligence
6 Ways Security Awareness Training Empowers Human Risk Management

Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now
- Cybersecurity
The Stage is Set

The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now
- Artificial Intelligence
Access Control Technology

As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now
- Access Control

Webinars

Hanwha Vision (formerly Hanwha Techwin)

Getting Control of your Access
Eagle Eye Networks Inc, Salient Systems

Insights into the Ever Changing World of Security for 2025
BriefCam

Maximizing Your Investment: The ROI of Video Analytics

Whitepapers

BriefCam

The ROI of Video Analytics
911Cellular

A Buyer's Guide to Panic Button Systems
Allegion

The Current State of School Security

New Products

A8V MIND

Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3
Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3