In the eyes of cybersecurity experts, patterns of dark web activity can be studied to expose all stages of attacks and risks, whether it indicates an attack in progress, an impending attack or threat.
Cyber risks factors can occur in a flash, as profit-driven cybercriminals are in a race to convert stolen data into profit in the moments following a successful data breach, often within hours and minutes of breaking into a victim’s network.
Critically, cybersafety pundits advise that the average time needed to point out a cybersecurity incident stands at about 197 days – the 2018 IBM-sponsored Cost of a Data Breach Study found that victims who contain a data breach within one month have the chance to save an average of $1 million in containment costs.
The general rule of thumb for organizations should be employment of dark web monitoring solutions built around the capability to filter key phrases, including brand and product names that may suggest company vulnerability to cyberattacks.
All in all, a number of cyber risk factors must always be reviewed as part of a context-rich threat intelligence framework to protect organizational data and its users.
The Major Risk Factors
Even as phishing and whaling campaigns have evolved to become highly destructive to victims, dark web threat intelligence can be used to assess the plethora of cyber risks an organization is exposed, thus equipping stakeholders with the much-needed information to operate safely.
Although it may appear that cybercriminals have not been orchestrating data breaches at a high rate, dark web spaces have worsened their consequences.
Personal Identifiable Information (PII) & Credential Exchange
Whenever a data breach occurs, the trade in PII and user credentials can indicate the aftermath of a cyberattack. The findings made by cybersecurity firm Recorded Future intimated that data records on the dark web can be sold for as little as $20, with most of the stolen data being sourced from attacks conducted to target massive collections of data.
The occurrence of stolen credentials and PII, including account usernames, passwords, banking information and other sensitive information, on marketplaces can offer a bearing to organizations seeking to stay clear of the massive financial losses that can be suffered following attacks.
Case in point, threat intelligence firm 4iQ discovered a huge floating database of PII with more than 1.4 billion encrypted user credentials. In cases like these, it is critical that organizations, through cyber intelligence services, establish the contextual basis of the roaming data to confirm its relevance.
Discussion about Organizations and Business Fields
A significant cyber risk factor and threat among organizations is the mention of a company’s name in dark web forum posts, paste platforms, channels and chatrooms. The risk factor extends to mentions about a company’s area of operation as far as industry specialization is concerned.
To stay safe, organizations can employ contextual analysis to figure out the potential of a threat and determine whether cybercriminals are considering an attack, or, in fact, they have already acquired stolen data.
High-discussions also extend to niche sectors that employ highly-specific technologies reserved for a boutique class of corporate actors.
Discussion about Trade Secrets
Trade secrets and competitive intelligence is an area often exploited by threat actors to realize massive economic gains through stolen data. This area offers an avenue for threat intelligence solution providers to identify the cyber risks involve to protect clients.
A specific example can be drawn from the 2018 incident involving a Russian cybercriminal attack that resulted in threat actors selling access to a law firm’s network and critical assets for a paltry $3,500.