Threat intelligence, shining a light on the dark web

How does Dark Web Threat Intelligence work? 

Dark Web Threat Intelligence monitors and identifies trending threats that are hidden from the public, this looks like; leveraging data insights, tracking cyber criminal activity, whilst unearthing deeper information that traditional web crawlers can not.

Thomas Murray monitors data from a wide range of sources including dark web market places and forums, social media channels, public code repositories, public cloud repositories and other closed sourced locations to provide a comprehensive service.

With this information we can offer companies a greater understanding of their digital footprint and monitor the likes of cyber criminals, agitators, and remote access brokers to help identify potential threats and offer insights, tactics and techniques to help organisations better understand the threats posed and build appropriate defence strategies.

What are the types of Dark Web threats?

There are several types of threat which are sold across the dark web by cybercriminals. It’s important that organisations have an understanding of what they need to protect themselves, their customers and their reputation against.

• Software vulnerabilities and loop holes

Information exchanges about known vulnerabilities, backend loop holes can be used to infiltrate your systems and find key information to extort.

• Ransomware actors

Ransomware actors typically leak data relating to their victims post-breach. However, this data can also include sensitive information relating to their third party suppliers and clients.

• Stolen credentials

There are whole dedicated marketplaces on the dark web for stolen credentials, allowing cybercriminals to gain access gain access to your confidential networks and systems.

• Stolen data

If your organisation has been the victim of a data breach you find that your data has been sold on the dark web, not only is this hard to recover but can cause you irreparable damage to your reputation

• Insider threats

Disgruntled employees with access can also pose a threat to you by selling on this access, credentials or data onto cyber criminals for a vast financial sum.

• Remote access brokering

A typical early stage of ransomware attacks includes access brokering where remote access is purchased before being on again to ransomware operators. 

• Accidental data leaks

Public code repositories and public cloud buckets can potentially contain sensitive data and items such as developer API keys. This information is commonly inadvertently shared online and could cause significant risk.

With so many different threats posed by the dark web it’s important for you to take the necessary steps to protect your business. To find out more, get in touch with one of our experts.