Dark web monitoring seems to be a hot buzzword in discussions about cyberthreat intelligence (CTI) and how it helps cybersecurity strategy and operations. Indeed, dark web monitoring enables a better understanding of an attackers perspective and following their activities on dark web forums can have a great impact on cybersecurity readiness andposture.
Accurate and timely knowledge of attackers locations, tools and plans helps analysts anticipate and mitigate targeted threats, reduce risk and enhance security resilience. So why isnt dark web monitoring enough? The answer lies in both coverage and context.
When we talk about visibility beyond the organization, one needs to make sure the different layers of the web are covered. Adversaries are everywhere, and vital information can be discovered in any layer of the web. In addition, dark web monitoring alone provides threat intelligence that is siloed and out of context. In order to make informed and accuratedecisions, a CTI plan has to be both targeted, based on an organizations needs and comprehensive, with extensive source coverage to support diverse use cases.
The internet as we know it is actually the open web, or the surface web. This is the top, exposed, public layer where organizations rarely look for CTI. The other layers are the deep web and the dark web, on which some sites are accessed through the Tor browser. Monitoring the deep/dark web is the most common source of CTI. However, to ensure complete visibility beyond the organization and optimal coverage for gathering CTI, all layers of the web should be monitored. Monitoring the dark web alone leaves an organization pretty much, well, in the dark.
The Shadow Brokers is a great example of why it is important to monitor more than just the dark web. In 2016, the Shadow Brokers published several hacking tools, including many zero-day exploits, from the Equation Group, which is considered to be tied to the U.S. National Security Agency (NSA). The exploits and vulnerabilities mostly targeted enterprise firewalls, antivirus software and Microsoft products. The initial publication of the leak was through the groups Twitter account on August 13, 2016, and the references and instructions for obtaining and decrypting the tools and exploits were published on GitHub and Pastebin, both publicly accessible.
The WannaCry ransomware attack in May 2017 was also first revealed on Twitter, as were different reports on the attack.Coverage of all layers of the web is necessary, yet even with expanded monitoring of additional layers of the web, an organizations external threat intelligence picture remains incomplete and one-dimensional. There are additional threat intelligence sources to cover in order to get a complete threat intelligence view that is optimized for the needs of anorganization. These include:
The surface web for security bulletins, vulnerability DBs, IoC feeds, CERTs notifications, etc. The deep web for its hacking forums, bot markets, malware testing and black markets. The private web for closed circles, calls for action, technical discussions and target lists. The dark web for ransomware sites, exploits, zero-days, illegal trade in critical assets and sensitive data leaks. Social networks for scam reporting platforms and data sharing sites. Messaging apps for closed groups and hacktivists communication channels.
Existing cybersecurity intelligence repositories, alerts and threat feeds, finished intelligence and reports are all sources for contextual analysis and corroboration.
Validating findings with technology partner sources who use other tools and may have unique input, can shed more light on the validation or importance of findings.
When defending against cyberthreats, everything is time-sensitive and broad visibility is key, yet extensive coverage can be a double-edged sword. Gathering data from a wide array of sources will most likely result in too much data to analyze, false positives, inaccuracies, missing vital information and exhausted analysts.
Raw data only becomes valuable once it is analyzed, prioritized and turned into context-based, actionable intelligence suited to the organizations needs, assets, industry, geolocation and more.
From collection through analysis to actionable insights, a customer-centric approach ensures the entire CTI operation is designed to fit an organizations needs. Targeted CTI is defined from the start by taking a customer-centric approach to ensure resources are used optimally and the threats to an organization are revealed in a timely and accurate manner.
To ensure that collection efforts are targeted even when coverage is wide, an organization needs to define the data inputs including critical online assets, C-level executives, organizational details, IT systems and, when relevant, operational technology (OT) systems.
The more data inputs, the less noise an organizations data gathering will create. It is necessary to add a use case relevancy layer to ensure that data is not only gathered and analyzed based on inputs but also according to an organizations business needs and the potential impact specific cyberthreats have on business operations.
These will include topics such as: Fraud detection Data leaks Breach indications Vulnerability prioritization Threat actor profiling External attack surface management Digital risk protection Phishing detection Supply chain monitoring Insider threat
Security organizations focus on collecting and analyzing information to provide assessments and alerts on national and domestic threats from various malicious groups. The more accurate and targeted the intelligence, the better and faster managers can make decisions, reducing the risk to civilians and governmental personnel.
Intelligence organizations usually rely on information from a variety of sources and intelligence approaches, including: Open source intelligence (OSINT), which is information about the suspects gathered from public sources. Signals intelligence (SIGINT), which is gathered from suspects transmissions made through electronic systems. Human intelligence (HUMINT), which is intelligence gathered by and from people.
Managers can make the right decisions based on a complete intelligence outlook, due to the combination of these approaches and an analysis of the information obtained from these multiple sources within the context of the situation.
The same methodology should be applied to CTI operations. Fusing targeted data outputs from online sources, human intelligence and technology partnerships, analyzed within the context of the given situation will deliver insights that enable analysts to respond to threats in a timely manner and strengthen overall security resilience.
Original post:
Theres More to Threat Intelligence Than Dark Web Monitoring - Security Boulevard
- Tor Browser Has a New WebTunnel Feature to Avoid Censorship - How-To Geek - March 14th, 2024 [March 14th, 2024]
- The CIA Is Now Trying to Recruit Russian Spies On Telegram - TIME - May 18th, 2023 [May 18th, 2023]
- Dark Web Alerts: Identifying Criminal Data Exposure on the Dark Web - Security Boulevard - May 18th, 2023 [May 18th, 2023]
- Mullvad aces security audit with this new privacy tool - TechRadar - May 18th, 2023 [May 18th, 2023]
- Billions of Google Chrome users warned to avoid browser over red alert privacy concerns check your sett... - The US Sun - May 18th, 2023 [May 18th, 2023]
- How the decision on Space Command's home will be made - POLITICO - May 18th, 2023 [May 18th, 2023]
- Bitcoin Mixers: Clearnet vs. Darknet Which Offers Greater Anonymity? - Crypto Mode - April 27th, 2023 [April 27th, 2023]
- Matt Taibbi: Report on the Censorship-Industrial Complex - Scheerpost.com - April 27th, 2023 [April 27th, 2023]
- The Ultimate 2023 Guide to The Tor Browser Explained - Pixel Privacy - January 31st, 2023 [January 31st, 2023]
- What is Tor & How Do You Use It? Microsoft 365 - January 17th, 2023 [January 17th, 2023]
- Improving privacy when browsing web: Alternative browsers and chrome extensions - HackRead - October 19th, 2022 [October 19th, 2022]
- Tor Browser Bundle - Free download and software reviews - CNET Download - October 11th, 2022 [October 11th, 2022]
- Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship - CNBC - October 11th, 2022 [October 11th, 2022]
- This security firm claims to have the right tool for your privacy, and it's not a VPN - TechRadar - September 15th, 2022 [September 15th, 2022]
- A VPN Isn't the Only Way to Change Your IP Address - CNET - September 11th, 2022 [September 11th, 2022]
- Hi, I'll be your ransomware negotiator today but don't tell the crooks that - The Register - August 6th, 2022 [August 6th, 2022]
- Rewards for Justice Reward Offer for Information on Russian Interference in U.S. Elections - United States Department of State - Department of State - July 29th, 2022 [July 29th, 2022]
- How Tor Is Fightingand BeatingRussian Censorship - WIRED - July 29th, 2022 [July 29th, 2022]
- What Is Incognito Mode And Should You Be Using It? - Forbes - July 29th, 2022 [July 29th, 2022]
- TOR Browser - Onion VPN on the App Store - July 17th, 2022 [July 17th, 2022]
- Tor Browser now bypasses internet censorship automatically - BleepingComputer - July 17th, 2022 [July 17th, 2022]
- The dangers of the dark web: being safe online - Open Access Government - July 13th, 2022 [July 13th, 2022]
- Tor vs VPN: Which One Should You Use? - Dignited - June 30th, 2022 [June 30th, 2022]
- Rewards for Justice Offers Up to $10 Million for Information on Foreign Interference in US Elections - HS Today - HSToday - June 30th, 2022 [June 30th, 2022]
- Kremlin tightens control over Russians' online lives threatening domestic freedoms and the global internet - Jacksonville Journal-Courier - June 30th, 2022 [June 30th, 2022]
- Defence in Amanda Todd 'sextortion' trial zeroes in on missing data - The Tri-City News - June 30th, 2022 [June 30th, 2022]
- Now that 'Roe' has been overturned, it's up to the tech industry to protect our data - Fast Company - June 30th, 2022 [June 30th, 2022]
- QAnon Is Celebrating the Return of Its Leader After 18 Months of Silence - VICE - June 30th, 2022 [June 30th, 2022]
- 3 ways to find out if your passwords are being sold on the Dark Web - Komando - June 22nd, 2022 [June 22nd, 2022]
- EXPLAINER: EFCC 'Linked Naira Marley to the Dark Web'. Here's What You Need to Know About the Internet's Most Hidden Part - FIJ NG - June 11th, 2022 [June 11th, 2022]
- What is the Dark Web? - AOL - May 28th, 2022 [May 28th, 2022]
- Cookie Banners Can Be AnnoyingHere's How To Block Them - WRAL News - May 28th, 2022 [May 28th, 2022]
- DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers - The Register - May 28th, 2022 [May 28th, 2022]
- Proton VPN Secure Core: what it is and when you should use it - TechRadar - May 28th, 2022 [May 28th, 2022]
- How to Download & Install Tor Browser in Windows 10 - May 7th, 2022 [May 7th, 2022]
- How to Unblock a Webpage from Behind a Firewall - Beebom - May 7th, 2022 [May 7th, 2022]
- Download Tor Browser For Windows & MAC (Offline Installer) - May 1st, 2022 [May 1st, 2022]
- Tor Browser - Dark Web Portal Exposed | Dark Web Wiki - May 1st, 2022 [May 1st, 2022]
- Top 10 dark web links & Tor websites for 2022 - Surfshark - May 1st, 2022 [May 1st, 2022]
- How to Install the Tor Browser on a Chromebook - May 1st, 2022 [May 1st, 2022]
- How to Anonymous access to the dark web with Tor - BollyInside - May 1st, 2022 [May 1st, 2022]
- How to Change the Tor Browser Language - How-To Geek - April 29th, 2022 [April 29th, 2022]
- Bites of Life: Shining Light on the Dark Web - Macalester College The Mac Weekly - April 29th, 2022 [April 29th, 2022]
- How to protect against the weakest link in cybersecurity THE USERS - Security Boulevard - April 29th, 2022 [April 29th, 2022]
- What Is Dark Social and Why It Matters - Legal Talk Network - April 29th, 2022 [April 29th, 2022]
- IP bans - why they happen and how to prevent them - Oneindia - April 29th, 2022 [April 29th, 2022]
- Deep Web Tor Browser - Tor Links - Onion Links (2022) - April 20th, 2022 [April 20th, 2022]
- How to Install and Use the Tor Browser on Linux - April 20th, 2022 [April 20th, 2022]
- The Best VPN for Binance 2022 [How to Use Binance With a VPN] - Cloudwards - April 20th, 2022 [April 20th, 2022]
- Three tactics for security providers in the age of Dark Web collaboration - SecurityInfoWatch - April 20th, 2022 [April 20th, 2022]
- Simple way to Install Tor Browser in Rocky Linux 8 - Linux Shout - March 17th, 2022 [March 17th, 2022]
- Laptop in Veltman apartment had what appeared to be 'hate-related material': docs - Lethbridge News Now - March 17th, 2022 [March 17th, 2022]
- How to Access Blocked Websites anywhere and for Free - BollyInside - March 17th, 2022 [March 17th, 2022]
- Download Tor Browser for Mac - Free - 10.0 - Digital Trends - March 11th, 2022 [March 11th, 2022]
- Open in Tor Browser Get this Extension for Firefox (en-US) - March 11th, 2022 [March 11th, 2022]
- Use Brave Private Browsing with Tor to Hide IP Address - OSXDaily - February 21st, 2022 [February 21st, 2022]
- Are Crypto Transactions More Transparent Than Wire Transfers? - InvestingCube - February 21st, 2022 [February 21st, 2022]
- The Truth about Dark Web Is It Really Dangerous? - Crypto Mode - February 21st, 2022 [February 21st, 2022]
- Tech-Savvy Professionals Among 22 Arrested In Dark Web Narcotics Operation - NDTV - February 15th, 2022 [February 15th, 2022]
- Download Tor Browser for Windows - Free - 11.0.3 - February 1st, 2022 [February 1st, 2022]
- Tor Project heads to Russian court to appeal against censorship - The Daily Swig - February 1st, 2022 [February 1st, 2022]
- Firefox Monitor may remove personal information now from the Internet - Ghacks Technology News - December 9th, 2021 [December 9th, 2021]
- The Real Russia. Today. Reining in an unruly Communist Party Meduza - Meduza - December 9th, 2021 [December 9th, 2021]
- See the stunning mansion Josh Duggar is calling home during his child pornography trial ahead of possible... - The US Sun - December 9th, 2021 [December 9th, 2021]
- Whats the Difference Between the Deep Web and the Dark Web? - How-To Geek - December 9th, 2021 [December 9th, 2021]
- How to Access the Dark Web Complete Guide? - The Bulletin Time - December 7th, 2021 [December 7th, 2021]
- You have to work on this through the routeras options diet plan, as some items immediately restore previous setup after a forced reboot - ADOTAS - November 25th, 2021 [November 25th, 2021]
- What is Tor (Browser) & How does it work? | CyberNews - November 23rd, 2021 [November 23rd, 2021]
- Privacy-Protective Internet Browser Tor Is Running Low on Servers - Gizmodo - November 23rd, 2021 [November 23rd, 2021]
- Yes, the Internet has become safer but a VPN is still needed - TechGenix - November 19th, 2021 [November 19th, 2021]
- Scots businessman caught with the 'most serious' category of child abuse images jailed - Scottish Daily Record - November 19th, 2021 [November 19th, 2021]
- Anna and Josh Duggar welcomed daughter Madyson Lily on October 23, their 7th child * starcasm.net - Starcasm - November 17th, 2021 [November 17th, 2021]
- Tor Browser (Alpha) 11.0.9 Download | TechSpot - November 5th, 2021 [November 5th, 2021]
- US government offers $10 million bounty for information on Colonial Pipeline hackers - The Verge - November 5th, 2021 [November 5th, 2021]
- The Tor Browser: What is it and why would you use it ... - October 24th, 2021 [October 24th, 2021]
- Tor Explained: What is Tor? How Does It Work? Is It Illegal? - October 21st, 2021 [October 21st, 2021]
- Alternatives to Using a VPN That Provided Excellent Anonymity While Online - TechBullion - October 21st, 2021 [October 21st, 2021]
- Slicing open The Onion Router (Tor) with no tears - ComputerWeekly.com - October 19th, 2021 [October 19th, 2021]
- What is the dark web? - fox4kc.com - October 19th, 2021 [October 19th, 2021]
- Use of VPNs in India spiking because of blocked websites, experts say ban proposal will not help users - India Today - October 19th, 2021 [October 19th, 2021]