December 17, 2024

DarkOwl was delighted to attend the Black Hat Middle East & Africa (Black Hat MEA) conference in November. As the region’s tactical and strategic threat intelligence demands continue to grow rapidly, we take a close look at the reasons behind the sector’s buoyancy and what the success of the conference means for the Gulf’s cyber sector. 

Lindsay Whyte, Regional Director and Richard Hancock, Darknet Intelligence Analyst represented the DarkOwl team. Black Hat MEA, describes themselves as a leading cybersecurity conference and exhibition held in Riyadh, KSA. The event brings together cybersecurity professionals, cutting-edge technologies, solution providers, and decision-makers from around the world, condensing several months of networking into just three days.

Background 

Saudi Arabia is investing heavily in its cybersecurity industry as part of economic diversification and the Vision 2030 initiative. The Kingdom is funding the cybersecurity sector through several key approaches: 

• Government spending: The Saudi government allocated 2.3 billion Saudi Riyals (SAR) ($600 million) to cybersecurity in 2023 

• Market growth: The cybersecurity market in Saudi Arabia is valued at 13.3 billion ($3.5 billion) SAR. The cybersecurity sector’s total contribution to Saudi Arabia’s GDP is estimated to represent 0.81% of non-oil GDPin 2024. 

• Strategic collaborations: The National Cybersecurity Authority (NCA) is stimulating the market by encouraging innovation and supporting technology transfer. 

• Cloud security investment: 60% of Saudi enterprises are planning to increase their cloud security budget by an average of 35% in the next year. 

Increased funding in the country fosters a robust cybersecurity ecosystem, attract both local and international investments, and position Saudi Arabia as a leader in the global cybersecurity field. No wonder a Black Hat conference one hour drive into the desert attracted 10,000s of visitors! 

Theme: Collaboration 

Collaboration around tactical threat intelligence was a major theme at Black Hat MEA. 

This was encapsulated by Brett Winterford from Okta, who remarked that OpenID’s Shared Signals Framework is an encouraging step towards inter-organisational data sharing. The Shared Signal Framework (SSF) provides a secure and privacy-preserving way for organisations to share information via events. It uses a standard format for representing these events and a secure transport mechanism for sharing them. This makes it easy for organisations to integrate SSF into their existing security infrastructure and to share signals with a wide range of partners. 

Likewise, Ben Collier from Google Cloud spoke of the ‘Sectoral SOC’ model – and SOC of SOCs sitting directly above numerous sub-SOCs (be they in the same umbrella organisation, or not) responsible for threat actor analysis, EDR and creating guidance and recommendations to regulators as a single face. 

Theme: AI 

When trends towards centrally managed intelligence (as outlined above) combines with growing cloud adoption, the opportunities for effective AI use cases become apparent.  

Jennifer Ewbank, former Deputy Director of Innovation at the CIA, talked to the benefits of AI, and the possibility of AGI (‘Artificial General Intelligence’ in which machines develop near-consciousness). Kevin Jones, CISO at Bayer, spoke to the benefits of ‘SecLM’ and applying AI to data, provided robust data security, as a critical condition to seeing tangible benefits at scale. 

Theme: Threat Actors  

A central theme of Marina Fulwood’s presentation (in capacity of Head of Threat Intelligence at Unilever), was the need for proactive threat intelligence. Especially in an age of industry- and country- level exposures to Nation State actors, Ransomware groups and financially motivated Initial Access Brokers (IABs).  

As clearly illustrated by the exhibition hall at Blackhat MEA, the threat intelligence market in the Middle East is growing rapidly.  

The region has seen a significant rise in targeted cyber-attacks, particularly against critical infrastructure such as oil and gas industries. The average cost per data breach in the Middle East is $8.07 million, second only to the USA globally. Ongoing conflicts and rivalries in the region have led to an increase in state-sponsored cyber threats, additionally. 

The Evolving Darknet 

With unification and centralisation comes demands for Dark Web monitoring. Dark Web data is crucial for Security Operations Centers (SOCs): 

• Early threat detection: Dark Web intelligence allows SOCs to identify potential risks and data breaches sooner, enabling faster mitigation of threats. 

• By monitoring Dark Web activities, SOCs gain valuable insights into emerging threats, cybercriminal strategies, and tactics, techniques, and procedures (TTPs) employed by threat actors. 

• Access to Dark Web data helps SOCs understand the scope of cyber threats affecting their organization, leading to more effective incident response (IR) strategies. 

• General risk mitigation: By providing ‘atmospheric’ early warnings, SOCs extend the value of the investment to x-functional teams like StratComms, PR and the C-Suite. 

Innovation Cuts Both Ways 

Just as organisations increase their visibility over OSINT sources and dark web marketplaces as part of a maturing Threat Intelligence adoption, so too do threat actors constantly evolve their behaviour to keep private (below). 

As Threat Intelligence experts like DarkOwl index new sources of threat actor chatter, so must these actors find new ways to communicate and advertise with the widest possible reach.  

With Saudi Arabia’s 2022 Financial Sector Cyber Threat Intelligence Principles containing specific reference to Dark Web monitoring (Principle 5), we anticipate growth in Darknet intelligence and demands in a region growing in geopolitical and economic significance. 

See you at BlackHat MEA in 2025! 

---

Interested in meeting with the DarkOwl team? See where we are around the world the rest of the year here.

December 12, 2024

The recent act of targeted violence in New York against Brian Thompson, a health insurance company CEO, unfortunately highlights the need to proactively monitor the dark web and other sources for threats to high level executives.  

Individuals with grievances which can lead to targeted violence, often show signs of leakage which means attacks can be prevented. Furthermore any exposure executives may have online, including any details about their movements could be used for real world targeting. The suspected perpetrator stated he was able to conduct the attack with “basic social engineering.” The more information that threat actors can find out about an individual the more likely they are to be able to successfully target them. 

As instances of data breaches, identity theft, ransomware attacks, and other illicit activities on the dark web continue to increase, it is vital that executive protection efforts adapt to the evolving cybersecurity landscape. Gone are the days of purely physical security-focused executive protection; a comprehensive approach to risk mitigation must now account for the continued rise in cyber threats. This blog provides an overview of the potential impacts of data leaks and breaches on executive security and examines the importance of monitoring for violent rhetoric and reputational damage on the dark web.  

Data Leaks and Breaches

One of the primary threats posed to executives on the dark web are data leaks and breaches. As highlighted in DarkOwl’s “Navigating the Dark Waters of Leaks and Breaches” blog, data leaks are the “unintentional or accidental release or exposure of information,” often due to human error or faulty software. Data breaches, in contrast, are the result of a cyber attack carried out with the intention of accessing, stealing, or manipulating data. Breaches and leaks can be found across the dark web, particularly on hacking forums such as BreachForums. Data breaches continue to be on the rise, with some of the most damaging breaches this year including more than 1 billion stolen records. The persistent increase in breaches over the past few years—data breaches in the U.S. rose by 78% in 2023 compared to 2022—can be accounted for, in part, by the emergence of new ransomware gangs and the evolution of ransomware attacks.  

Given the expansive nature of many of these leaks and breaches—such as the recent 2024 National Public Data leak, which affected millions of customers—there is a possibility that executives may be impacted. The exposed data can include a variety of personally identifiable information (PII), including:

• Full name
• Job title
• Employment history
• Home address
• Phone number
• Social Security number (SSN)
• Driver’s license number
• Passport number
• Professional email address
• Personal email address
• Credit card number
• Medical records
• Social media handles/account information
• Passwords
• Cookies

Monitoring data leaks and breaches can allow for the mitigation of threats and malicious activity directed at executives. Indeed, exposed PII can be used by threat actors for a variety of illicit activities, particularly:

• Identity theft: exposed names, Social Security numbers, credit card information, and bank account numbers can be used to carry out various types of identity theft, including financial, Social Security, and medical identity theft. The identities can be used to gain benefits and commit fraud.
• Physical threats: the exposure of home addresses can turn a cyber threat into a physical security threat, as threat actors may use the information to engage in stalking, harassment, or violence. Identifying exposed PII can allow for steps to be taken preemptively to secure the executive’s home, whether through surveillance or the installation of additional security devices.
• Cyber attacks: exposed information can be used by threat actors to carry out social engineering operations such as phishing attacks. Personal and professional emails exposed in leaks and breaches can be used to more convincingly impersonate executives when sending fraudulent emails requesting access to sensitive data.
• Espionage: leaked executives’ passwords can provide threat actors with the opportunity to engage in corporate and personal espionage by gaining access to emails and internal systems. This type of unauthorized access can allow threat actors to not only steal confidential documents, but also to blackmail and extort executives.
• Doxing: PII exposed in leaks or breaches can be acquired by threat actors and used to carry out doxings—a form of cyberbullying that involves sharing an individual’s personal information. In extreme scenarios, doxings can result in death threats against the doxed individual. The dissemination of this information—specifically home addresses—may also result in instances of swatting, the act of placing hoax phone calls to emergency services to prompt the response of a Special Weapons and Tactics (SWAT) team.

Figure 1: Example: Data Leak Credit Card Exposure

Figure 2: Example: Doxing and Swatting Threat  

Threats and Reputational Damage

In addition to monitoring for data leaks and breaches for executive exposure that could result in identity theft, physical threats, targeted cyber attacks, and doxing, a comprehensive executive protection plan should also account for negative chatter on the dark web. Threatening, negative rhetoric directed at organizations and its executives is often seen across social media platforms and imageboards on the surface web, particularly on sites such as 4chan and X (formerly Twitter). Threatening language, however, can also be observed across the deep and dark web, particularly on the dark web-adjacent messaging app Telegram. In some instances, this can include death threats.

Conducting searches for violent rhetoric directed at executives on the dark web using threat detection tools can provide analysts with a more holistic understanding of the dark web threat landscape, and can allow for the identification of threat actors before they are able to carry out attacks. Monitoring the dark web and dark web-adjacent sites can also reveal instances of individuals impersonating executives by using their names or profile pictures. While this type of impersonation isn’t always directly harmful (particularly if the spoofer is posting in channels with few followers), it does have the potential to cause reputational damage depending on the type of content the individual is sharing and the extent of their reach.

Conclusion

The sheer amount of PII exposed in leaks and breaches across the dark web highlights the significance of incorporating dark web monitoring into executive protection plans. In addition to a high probability of exposure given the frequency and scale of leaks—many of which impact millions of individuals—a holistic executive protection plan can also benefit from the monitoring of dark-web adjacent platforms such as Telegram for possible threats or instances of reputation damage. Ultimately, the possibility of threatening rhetoric directed at executives as well as exposure in leaks reflects a need for executive protection to adapt to a continuously evolving threat landscape.

---

Curious how DarkOwl can help? Contact us.

December 11, 2024

As we celebrate National App Day, it’s essential to take a moment to appreciate the remarkable impact that applications have on our daily lives. From enhancing productivity to providing entertainment, apps have revolutionized the way we interact with the digital world. However, as a company operating in the darker corners of the internet, we also want to bring to light the complexities and challenges that come with this technology, especially concerning privacy and security. 

The Ubiquity of Apps 

According to Statista, as of 2023, there were over 2.9 million apps available on the Google Play Store and around 1.6 million on the Apple App Store. These applications serve various purposes—from social networking and online banking to gaming and health monitoring. As the digital landscape evolves, so do the expectations of users. There is now a greater demand for more from apps in terms of functionality and security. 

Mobile applications have become a fundamental part of our lives, allowing for seamless communication, efficient organization, and quick access to information. It should be no surprise that the convenience apps offer often come at a cost: personal data security. 

The Dark Side of Apps 

While many apps prioritize user privacy and data protection, not all do. The darknet thrives on the exploitation of vulnerabilities present in applications. Users often overlook the permissions they grant to apps, sometimes unknowingly allowing access to sensitive data like location, contacts, and even camera feeds. 

A recent report from Cybersecurity Ventures predicts that cybercrime will cost the world $10.5 trillion annually by 2025. With a significant portion of these crimes linked to insecure applications, it’s crucial for users to remain vigilant about the apps they download and use. 

Privacy Concerns and App Usage 

The rise of data breaches has made headlines in recent years, with millions of users’ data exposed due to inadequate security measures. For example, the Facebook-Cambridge Analytica scandal revealed how personal data could be misused for political gain, leading to an erosion of trust among users. 

Moreover, research from the Electronic Frontier Foundation (EFF) indicates that many popular apps track users across various platforms, creating extensive profiles that can be sold or exploited. In a world where our digital footprints are continuously monitored, understanding the privacy policies of the applications we use is paramount. 

The Role of the Dark Web 

As a company that operates within the dark web, we witness firsthand how individuals seek refuge in anonymity and privacy. Many users turn to the dark web to evade surveillance and censorship, believing they can escape the prying eyes of corporations and governments. However, this area is fraught with dangers, including scams, malware, and the risk of exposure. 

The dark web is not inherently malicious; it can serve as a platform for free speech and privacy. Still, it’s essential for users to navigate this space cautiously. Educating oneself about the potential risks and the tools available for protection—such as VPNs and encrypted communication apps—can empower users to make informed decisions. 

Empowering Users on National App Day 

On this National App Day, we encourage everyone to reflect on the applications they use and the information they share. Here are a few tips to ensure a safer app experience: 

1. Review Permissions: Always check the permissions an app requests before downloading it. If an app asks for access to data it doesn’t need to function, consider looking for alternatives. 

2. Update Regularly: Keep your apps updated to ensure you have the latest security features and patches. 

3. Use Trusted Sources: Download apps only from official app stores, as these platforms typically have measures in place to reduce the risk of malware. 

4. Educate Yourself: Stay informed about the latest security trends and understand how to protect your data. 

5. Consider Alternatives: Explore privacy-focused applications that prioritize user data protection, such as Signal for messaging or DuckDuckGo for browsing. 

Conclusion 

As we celebrate the innovations and conveniences that applications bring to our lives, it’s vital to remain aware of the associated risks, especially in a world where data privacy is constantly under threat. The dark web serves as a reminder of the importance of anonymity and security, but it also highlights the need for caution and vigilance. 

On this National App Day, let’s not only appreciate the convenience of our favorite apps but also commit to using them wisely and responsibly. The digital landscape is ever-evolving, and our approach to it must evolve as well. Stay safe, stay informed, and let’s make the most of the technology at our fingertips. 

---

Don’t miss any tips and tricks from DarkOwl. Follow us on LinkedIn.

December 05, 2024

In today’s digital landscape, organizations face an ever-evolving array of cyber threats that demand increasingly sophisticated defense strategies. While traditional security measures remain essential, forward-thinking business leaders are discovering a powerful new dimension of cybersecurity: dark web intelligence. This strategic capability provides crucial early warning signals and actionable insights that can prevent costly breaches before they occur.

The dark web has emerged as the primary marketplace where cybercriminals trade stolen data, hacking tools, and illicit services. Yet what many executives view solely as a threat represents an opportunity as well. Leading organizations are turning this challenge into a strategic advantage by leveraging dark web intelligence to strengthen their security posture and protect their assets.

Value of Dark Web Intelligence

The value proposition is clear and compelling. When corporate credentials or sensitive information surface on dark web forums, organizations typically have a brief critical window before actual breach attempts begin—a crucial period for preventative action that can mean the difference between a costly breach and a thwarted attack. Recent industry reports indicate that the average cost of a data breach now exceeds $4.5 million, but organizations that effectively utilize dark web intelligence and reset compromised credentials before exploitation see dramatic reductions in breach impact and incident response costs.

Early warning through dark web monitoring also can help organizations avoid severe regulatory penalties, including potential fines under GDPR, HIPAA, and state-level laws such as the California Consumer Privacy Act. SEC regulations now also mandate prompt disclosure of material cybersecurity incidents, with potential civil penalties for non-compliance. Early detection can help organizations address potential breaches before they trigger these costly reporting requirements.

Across sectors, the applications are profound. In financial services, some institutions continuously monitor dark web channels for stolen payment card data, compromised credentials, and emerging fraud schemes. Some healthcare providers use this intelligence to detect potential HIPAA violations before they escalate into reportable breaches and to protect critical medical device credentials. And for a number of critical infrastructure operators, dark web intelligence has become crucial as ransomware groups increasingly target essential services, requiring organizations to identify and mitigate threats before they can impact operations.

Government agencies, despite their own capabilities, should look to commercial dark web intelligence as a crucial component of national security and law enforcement operations. CISA’s threat intelligence sharing programs demonstrate the value of this approach, while the FBI and Treasury Department leverage dark web intelligence in cybercrime and financial crime investigations. Yet much remains to be done to ensure our national security agencies are truly leveraging the full insights available through deep dark web research and intelligence, since most agencies lack the personnel or technical resources to collect and analyze dark web data at scale.

Selection of Provider

The selection of a dark web intelligence provider represents an important strategic decision. There are reputable U.S.-based companies – noteworthy among them being DarkOwl – who offer these services through carefully reviewed legal and ethical frameworks. Organizations should prioritize providers with strong compliance records, ethical data collection methods, and established industry reputations. Beyond these foundational principles, it’s crucial to recognize that more comprehensive data typically yields improved insights in today’s digital threat landscape.

For maximum impact, dark web intelligence should be seamlessly integrated into existing cybersecurity and risk mitigation programs. Organizations that successfully integrate this intelligence find their threat intelligence platforms become more robust, their incident response procedures timelier, and their compliance programs more comprehensive. With an average of only about five days warning before credential exploitation attempts, security teams gain precious time to prevent rather than merely respond to threats.

Looking Ahead

Looking ahead, artificial intelligence and machine learning are revolutionizing threat detection capabilities, enabling more sophisticated analysis of dark web data and automated response protocols. However, threat actors continue to develop more sophisticated techniques, and the regulatory landscape grows increasingly complex. Organizations must stay informed about these developments to maintain effective security postures.

The reality of modern cybersecurity is clear: knowing what adversaries know about your organization isn’t merely an advantage—it’s a necessity. Forward-thinking leaders who embrace dark web intelligence position their organizations for success in an increasingly dangerous digital landscape. Whether the result is actionable intelligence or confirmation that no threats exist, the value of this visibility in today’s threat environment cannot be overstated.

---

Curious to learn more about DarkOwl? Contact us.

December 04, 2024

November 30th marked Computer Security Day, a reminder to individuals and organizations about the importance of protecting digital assets and maintaining online safety. In an era where cyber threats are increasingly sophisticated, the dark web plays a pivotal role in facilitating cybercrime. This year, let’s explore Computer Security Day through the lens of the dark web, highlighting the critical need for vigilance in a digitally interconnected world. 

Dark Web Refresher

The dark web is a part of the internet that requires specialized tools, such as TOR, to access. While it has legitimate uses, it is notorious for hosting illegal marketplaces, forums, and platforms that trade in stolen data, hacking tools, and other illicit goods. Cybercriminals leverage the dark web to: 

• Sell stolen personal information (e.g., credit card numbers, passwords, and Social Security numbers). 
• Distribute malware and ransomware. 
• Share hacking tutorials and exploit kits. 
• Launch coordinated cyber attacks against businesses and governments. 

This criminal ecosystem thrives on the vulnerabilities in computer systems, making Computer Security Day more relevant than ever. 

How the Dark Web Fuels Cybersecurity Threats 

There are many activities on the dark web which exploit computer vulnerabilities. Each of these can cause serious ramifications for organizations so it is important to monitor for these threats and ensure your systems and employees are secure. Some examples of dark web activities to be aware of on Computer Security Day and beyond.  

Data Breaches and Identity Theft 

Stolen data is a commodity on the dark web. Following a data breach, personal and financial information is often listed for sale, enabling identity theft and fraud. (All of the examples below are from DarkOwl Vision) For example: 

• Credit card details are sold for as little as $10

• Social media credentials can be bought for under $5 

Once your information is exposed on the dark web, it becomes nearly impossible to reclaim control without proactive security measures. 

Hacking Tools for Sale 

The dark web acts as a one-stop shop for cybercriminals. Tools like keyloggers, phishing kits, and zero-day exploits are readily available, lowering the barrier for entry into cybercrime. Despite some time appearing simplistic in nature, these tools and tried tested and can be very effective in allowing unsophisticated users to achieve maximum disruption.  

Ransomware as a Service (RaaS) 

Ransomware attacks, which encrypt victims’ data until a ransom is paid, are increasingly being offered as “services” on the dark web. This enables even non-technical criminals to launch devastating attacks. It is also used as a way to shame victims, posting samples of data onto Ransomware leak sites and opening organizations in the supply chain to further attacks.  

Computer Security Day: Practical Steps to Protect Yourself 

On Computer Security Day, taking proactive steps to secure your digital presence is crucial, especially given the risks posed by the dark web. Here’s how you can protect yourself and your organization: 

• Monitor the dark web for activity 
  • Monitor the dark web for your organizations assets to ensure they are not being shared without your knowledge 
  • Monitor activities of dark web actors to stay ahead of trends and activities.  

• Strengthen Your Passwords 
  • Use strong, unique passwords for every account. 
  • Enable multi-factor authentication (MFA) wherever possible. 

• Monitor Your Digital Footprint 
  • Use tools like dark web scanners to check if your data has been compromised. 
  • Regularly review online accounts for unauthorized activity. 

• Update and Patch Systems 
  • Keep your software, operating systems, and antivirus programs up to date. 
  • Apply patches to fix vulnerabilities that hackers could exploit. 

• Be Vigilant About Phishing 
  • Avoid clicking on suspicious links or downloading unknown attachments. 
  • Educate yourself on identifying phishing attempts. 

• Secure Your Network 
  • Use a virtual private network (VPN) to encrypt your internet traffic. 
  • Invest in a robust firewall to protect against unauthorized access. 

Conclusion  

Computer Security Day reminds us that cybersecurity is everyone’s responsibility. Whether you’re an individual or part of a multinational corporation, your actions can help prevent the dark web from profiting off cybercrime. This includes reporting suspicious activity, supporting ethical tech initiatives, and staying informed about emerging threats. 

While the dark web continues to challenge cybersecurity professionals, advancements in technology, collaboration between law enforcement agencies, and public awareness campaigns are critical steps toward mitigation. By taking the lessons of Computer Security Day to heart, we can create a culture of digital security that limits the power of the dark web and its associated risks. 

---

Curious about darknet data? Contact us.

December 02, 2024

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel – The Hacker News

The advanced persistent threat (APT) WIRTE, believed to be associated with the Hamas-affiliated Gaza Cyber Gang, has expanded its cyber operations to target Israeli entities. The threat actor was previously engaged in espionage operations targeting the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt. Full article here.

2. Russian Espionage Group Targets Ukrainian Military with Malware via Telegram – The Hacker News

On October 28, Google’s Threat Intelligence Group released a report exposing a suspected hybrid Russian espionage and influence operation targeting the Ukrainian military. As highlighted in the report, the campaign—being tracked as “UNC5812”—utilizes a Telegram persona named “Civil Defense” to deliver malware to its targets. The Telegram account claims to be a “provider of free software programs designed to enable potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters.” In addition to delivering malware, UNC5812 is also carrying out an influence operation intended to undermine support for Ukraine’s mobilization efforts. Read more.

3. U.S. government employee charged in leak of Israel’s plans to attack Iran – CBS News

The U.S. Department of Justice (DOJ) has charged Asif W. Rahman—who was formerly employed by the Central Intelligence Agency (CIA)—for allegedly leaking highly classified U.S. intelligence documents regarding Israel’s plans for a retaliatory strike against Iran. Rahman was charged with “two counts of illegal transmission of national defense information.” Article here.

6. Redline, Meta infostealer malware operations seized by police – Bleeping Computer

On October 28, the international law enforcement task force “Operation Magnus” disrupted the RedLine and META infostealer operations. The task force consisted of the Dutch National Police as well as authorities from the U.S., U.K., Belgium, Portugal, and Australia. As highlighted in a press release from the European Union Agency for Criminal Justice Cooperation (Eurojust), RedLine and META had targeted “millions of victims worldwide,” making them two of the most prevalent infostealers in the world. Full article.

7. Phishing emails increasingly use SVG attachments to evade detection – Bleeping Computer

Cybersecurity researchers have observed threat actors using Scalable Vector Graphics (SVG) attachments in phishing emails to evade detection. The SVG image format uses XML-based code rather than pixels to create an image; this format allows the attachments to bypass email protections and thereby distribute malware. As highlighted by BleepingComputer, threat actors are able to create SVG attachments that “not only display images but also create phishing forms to steal credentials.” Read more.

8. Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps – The Hacker News

Researchers at FortiGuard Labs have identified instances of the advanced malicious framework “Winos 4.0” being hidden in gaming-related applications. These have included “installation tools, speed boosters, and optimization utilities.” Winos 4.0 was previously observed being used in the campaigns “Void Arachne” and “Silver Fox,” as documented by Trend Micro and the KnownSec 404 Team in June. Read article.

9. US indicts Snowflake hackers who extorted $2.5 million from 3 victims – Bleeping Computer

The DOJ has announced the indictment of two suspected hackers—Connor Riley Moucka and John Erin Binns—for hijacking Snowflake cloud storage accounts to steal data. As many as 165 Snowflake customers may have been impacted by the hackers’ operations. As noted in the indictment, Moucka and Binns used stolen access credentials to gain access to the victims’ Cloud Computing Instances and to download data. Read more.

---

Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.

November 26, 2024

Unfortunately, data leaks have become a part of life, with almost all people’s data being released in a leak in some form. As more and more of our data and information is held on digital platforms, the risk of it being exposed increases. Vulnerabilities mean that both large and small companies that hold our data can be subject to a hack and data being leaked.

Although there are limited actions that can be taken to secure our data, with that responsibility falling to the companies that store our data, it is important to know what actions can be taken when data is leaked to protect people and organizations and minimize the damage.

It is important to note that once data appears on the dark web it cannot be removed, and there is no way of knowing who has access or has accessed that information. However there are actions that can be taken to mitigate risks when your data appears in one of these leaks.

Monitoring

An important first step is actually knowing that your data has been leaked whether personal information or your corporate information. It is important that you are monitoring all PII (personally identifiable information) to identify if it appears in a leak, and if it does what leak it appears in and what information has been exposed.

It is also important to confirm if the details of the leak are correct, what was the source of the leak and what types of data are exposed? Leaks are often reported in the media, by the company themselves usually for regulatory purposes or through leak monitoring services. You should identify what sensitive information has been exposed whether it be an email address or social security number. This can help you focus on securing your most at risk data.

DarkOwl Vision allows you to monitor all of your company’s assets to identify if they have appeared in a data leak. Our Leak Context feature will provide details of the leak, where it was sources and if it has been confirmed.

Figure 1: Example of Leak Context feature

Change your Passwords

If your passwords are exposed, and maybe if they aren’t, a good step to ensure your accounts are secure is to update your passwords. A company should have a good password policy that means that passwords are updated regularly. Even if it has been identified that a password hasn’t been exposed, it should still be changed immediately.

When reviewing your password policy, whether in response to a leak or as a good security practice the following things should be considered:

• Use a Strong Password – A strong and unique password should be used for each of your accounts
• Do not reuse passwords – A unique password should always be used
• Enable Two-Factor Authentication (2FA) – Where possible ensure you make use of 2FA. Authenticator apps are more secure that One Time Passwords (OTPs)
• Make use of Password Managers – PMs can ensure that you generate complex and use unique passwords.

Figure 2: Time to Crack Passwords of Varying Degrees of Character Length and Complexity

Freeze your Credit Report

Especially if a leak includes financial information, you should freeze your credit report. This is also true if sensitive information such as your social security number is exposed. It is best practice to keep your credit report frozen unless you need to use it yourself.

You should also review and monitor your bank and credit card statements to ensure no suspicious transactions take place. Any identified issues should be reported immediately.

Phishing Scams

The information which appears in leaks can be used to make phishing scams more believable. It can also be used to target individuals who may be associated with a target organization. As AI matures, it is more likely that phishing messages will become more convincing and more difficult to spot. However people should be on the lookout for the following:

• Any messages which ask for personal information
• Include attachments or links
• Urge you to take immediate action
• Ask you to make any kind of payment

If you think an email or SMS is suspicious always attempt to verify the legitimacy by contacting the alleged sender. You should do this directly not in response to the message.

Figure 3: Example of an unclaimed asset scam email claiming that the recipient was entitled to property from either inheritances, or from unallocated government holdings

Other Attack Types

While phishing attacks are the most likely threat to occur when data is leaked there are other threats that individuals should be aware of.

Variations of phishing attacks are smishing and vishing. If a phone number is leaked you may become a more likely target for these types of attacks.

As mentioned above in relation to credit freezes, if financial information is leaked you are much more likely to be a victim of financial fraud. This can happen at both the personal and organizational level so it is important to be vigilant for any changes in your finances as well as the possibility of identity theft.

If an organizations network information is exposed, such as private domains, IP addresses or admin credentials are exposed this can leave organizations more vulnerable to hacking attempts. Any data leaked relating to the organizations security or infrastructure should be immediately reported to the cyber security and incident response teams so they can take effective mitigation actions.

Security Implemented Across all Accounts

If your data is exposed, it is best practice to ensure that all of your accounts are secure, not just the one associated with the data leak. As passwords are often reused and email addresses used across multiple accounts your information could be used to target multiple accounts.

You should also check your privacy settings across all accounts, sometimes information used in phishing attacks and other social engineering attacks can be obtained through data brokers or from social media accounts. You should therefore ensure on all accounts that unnecessary access is revoked and make sure that your accounts are either private or if you need to share information make sure you know what information is being shared and limit this where possible.

Transparency

For organization that identify their information or their employees information has appeared in a leak, it is important to make sure you inform people of what data has been exposed and what implications this may have for them. It’s important to reassure clients, partners, and employees that you’re addressing the breach and safeguarding their information. Include these elements in your communication plan:

• Notify Key Stakeholders –  Share essential information with those affected, including an explanation of the breach, the data involved, and recommended steps for safeguarding their own data.
• Provide Reassurances –  Explain any steps the organization is taking to mitigate the impact, such as enhanced security measures or support resources.
• Outline Remediation Steps –  If offering credit monitoring, cybersecurity resources, or identity theft protection, make it clear how stakeholders can access these services

Incident Response for Third-Party Breaches

In some cases, it may be prudent to have a plan in place for if your organization’s data appears in third party data leak. This will not be required in every case and will depend on which leak data appears in and what data is exposed.

Responses to leaks can be part of an overall Incident Response Plan, mitigating actions that can be part of these plans when it comes to leaks are:

• Assemble a Response Team –  Bring together key internal stakeholders, including IT, legal, risk management, and PR teams.
• Engage with the Third Party –  Ensure open communication with the vendor to receive continuous updates and understand what actions they’re taking to address the breach.
• Coordinate with Legal and Compliance Teams –  Confirm the legal obligations that apply to data exposures resulting from third-party breaches, such as notifying regulatory bodies and customers.

Data Privacy Considerations

Legal and regulatory compliance is essential when dealing with third-party breaches. Ensure your response is aligned with data protection regulations that apply to your business and industry, such as GDPR, CCPA, or HIPAA. In many cases, your organization is responsible for notifying affected parties, even if the breach occurred due to a third-party vendor.

• Consult Legal and Compliance Experts –  Engage your legal team to understand notification requirements and determine if the breach must be reported to regulatory bodies.
• Document Your Response –  Maintain thorough documentation of all actions taken in response to the breach, including communications with the third party, incident assessments, and mitigation measures. This can protect your organization if regulators review your actions later.

Cyber Security Training

It is also important that organizations provide regular cyber security training to their employees to ensure that they understand how they should be protecting both their personal and corporate data. This training can also advise individuals on what action should be taken should their information be leaked and what risks they should be on the lookout for and how to mitigate them. All employees should understand how to handle corporate data securely and what to do if they notice suspicious activity.

Conclusion

While data leaks are alarming, having a plan can make a big difference in minimizing their impact. By acting quickly and taking the necessary steps to protect your or your organization’s information, you can significantly reduce the potential risks to finances and privacy.

Data breaches involving third-party vendors pose unique challenges, but with a proactive approach, organizations can mitigate the impact. By responding swiftly, communicating transparently, and strengthening security practices, organizations can protect thier data, reputation, and relationships with stakeholders

Stay vigilant, be proactive about security, and take charge of your or your organization’s digital footprint—it’s the best defense against future breaches.

---

Learn how access to darknet data can help your organization stay safe. Contact us.

November 20, 2024

As Black Friday approaches, the excitement for holiday shopping fills the fall air. Countless look forward to and save all year for the unbeatable deals, seasonal savings, and frenzied shopping experience. Yet there is a dark side of this retail bonanza which often goes unnoticed. Just as shoppers flock to stores for discounts, scammers are ready to exploit the rush. With an increase in online shopping, especially post-pandemic, the risks of falling victim to Black Friday scams have never been higher. 

The Rise of Black Friday Scams 

Black Friday, traditionally the day after Thanksgiving, marks the beginning of the holiday shopping season. It has transformed into a global phenomenon, with retailers offering massive discounts both in-store and online. According to the FBI’s internet Crime Complaint Center (IC3), reports of online fraud make a significant spike during this global phenomenon. In 2022 the IC3 reported over 800,000 complaints related to various forms of internet crime, with significant losses attributed to online Black Friday shopping scams. 

The Federal Trade Commission (FTC) noted that in 2022, Americans lost approximately $1.3 billion to online scams, with a substantial portion occurring during the holiday shopping period. As consumers scramble for the best deals, scammers capitalize on their urgency and excitement, creating the breeding ground for fraud. This number has only gone up since 2022 and FBI’s annual internet crime report indicated that in 2023 there was a 22% spike in losses from online scams. 

3 Common Types of Black Friday Scams 

Understanding the different types of common scams prevalent during Black Friday can help consumers recognize potential threats 

Phishing Emails and Fake Websites

Scammers will often send emails that appear to be from legitimate retailers, offering unbelievable deals. These emails may contain links to counterfeit websites designed to steal personal information, such as credit card numbers and login credentials. According to ProofPoint, phishing attempts increase by nearly 200% during the holiday season. Be wary of unsolicited emails, especially those urging you to click links of provide sensitive information. Go directly to the company websites and see if the deals are available there. 

Figure 1: Walmart phishing site deployed in Brazil, Source: phishtank.org

Counterfeit Products

As shoppers seek discounts, some may fall victim to fake retailers selling counterfeit goods. Whether it is electronics, clothing, or popular toys, scammers often advertise products at prices that seem too good to be true. The National Association of Secretaries of State (NASS) reports that counterfeit goods lead to billions in losses every year. This only amplifies during the high-demand season. Before making a purchase always research the seller and check for reviews before clicking that “purchase” button. 

Figure 2: Counterfeit Rolex watches for sale

Online Auction and Marketplace Scams

Platforms such as eBay and Facebook Marketplace can be breeding grounds for scams during Black Friday. Fraudsters may list items at enticing prices, only to disappear after receiving the payment. The Better Business Bureau reported a 25% increase in complaints related to online marketplace scams during the holiday season in 2023. It is pivotal to verify the credibility of sellers and if a deal seems too good to be true, it probably is. 

Figure 3: User looking to sell counterfeit gold through a verified eBay seller; Source: DarkOwl Vision

Who is Most at Risk? 

Anyone can fall victim to online scams, however certain demographics are more vulnerable than others. According to FTC, older adults are often targeted because they have less experience with online shopping and digital safety practices. The other demographic that is often targeted is young shoppers as they can be more focused on finding a good deal than watching for warning signs. Regardless of age, it is crucial for all consumers to be aware of potential scams and educate themselves on how to identify them. 

How to Avoid Black Friday Scams 

1. Verify Website Security: Always check for “https://” at the start of the URL and look for the padlock icon in the address bar before entering any personal information. These indicate that the site is secure. 

2. Research the Retailer: Prior to making a purchase from an unknown site or company, research the retailer. Look for reviews and check the Better Business Bureau for any complaints. Remember if a deal seems too good to be true it likely is so take time to ensure the legitimacy of the website and its offers.  

3. Use Secure Payment Methods: Opt for secure payment methods, such as credit cards or trusted payment services like PayPal, Venmo, or Zelle. These options often provide buyer protection in case of fraud. Avoid sending money via wire transfer or using prepaid gift cards, these are common methods scammers use to receive payments. 

4. Be Wary of Emails and Ads: Always avoid clicking on links in unsolicited emails or advertisements. Instead, navigate to the retailer’s website directly by typing the URL into your browser. Legitimate retailers will not ask for sensitive information via email. 

5. Enable Multi-Factor Authentication: For added security, enable two-factor authentication on all accounts. This adds an extra layer of protection against unauthorized access. Always take advantage of security features offered by online platforms. 

6. Stay Informed: Knowledge is power, be aware of the latest scams circulating. Websites such as IC3 and FTC regularly publish alerts and information on prevalent scams during the holiday season. Staying informed is a powerful tool in protecting yourself and your loved ones from fraud. 

While Black Friday can be an excellent opportunity for savings, it’s essential to approach it with caution. The dark web serves as a reminder of the dangers lurking in the digital space, where scammers exploit human psychology and urgency. This year for Black Friday, start by prioritizing your safety by staying informed and adopting best practices to protect your personal and financial information. By being proactive and vigilant, you can enjoy the holiday shopping experience, find some great deals, and keep the funds you don’t want to spend, safely where they belong. 

---

Don’t miss any research and tips from the DarkOwl team. Follow us on LinkedIn.

November 14, 2024

In DarkOwl’s Darknet Marketplace Snapshot blog series, our researchers provide short-form insight into a variety of darknet marketplaces: looking for trends, exploring new marketplaces, examining admin and vendor activities, and offering a host of insights into this transient and often criminal corner of the internet. This edition features Dark Empire Market. 

Don’t forget to subscribe to our blog at the bottom of this page to be notified as new blogs are published. 

Introduction

Darknet marketplaces (DNMs) are synonymous with the dark web where users can buy and sell illicit goods. It began with the Farmer’s Market, followed by the more prolific Silk Road. Ever since Silk Road was taken down by law enforcement, different markets have jostled for supremacy. As such, DNMs are some of the most recognized features of the dark web.   

Recently law enforcement has improved its ability to seize darknet marketplaces (DNMs), meaning that the vendors must migrate to new sites. There have also been several exit scams from marketplaces with the admins closing the site and taking the funds that are held in escrow.  

This is DarkOwl’s third blog in a series dedicated to reviewing the most popular darknet marketplaces (DNMs) since Kingdom, Incognito, and Bohemia marketplaces were seized by law enforcement. We will explore the various sorts of products regularly sold and well as how much the product pricing can vary within or between product categories.   

Traditional DNMs are defined as dark or deep web sites where numerous (often hundreds) vendors can sell various types of products ranging from drugs, digital goods, leaked databases, counterfeit documents, credit cards, etc. The most popular traditional DNMs that remain today are: 

1. Ares Market 
2. Archetyp Market 
3. MGM Grand Market  
4. Dark Empire Market 

DISCLAIMER: Please note that this list specifically excludes any forum that also has a marketplace section like XSS or Exploit, as well as marketplaces that specialize in one product category like digital goods on Russian Market. 

Our first two blogs focused on Ares & Dark Empire Market. Today we will review MGM Grand Market.  

 MGM Grand Market 

MGM Grand has gained more popularity as several marketplaces have shut down since 2023. According to open-source research, 10 DNMs have shut down since 2023 either due to law enforcement seizures or exit scams. The following markets are listed as having closed down in 2024.  

• Genesis Market 
• TOR Market 
• Vice City Market 
• ASAP Market 
• Tor2Door Market 
• Royal Market 
• Kingdom Market 
• Bohemia Market 
• Incognito Market 
• Nemesis Market 

MGM Grand Market originally surfaced in April 2021 and has quickly become one of the most talked about DNMs on Dread along with Archetyp Market (which we will cover in our next blog on this topic) .  

According to DarkOwl’s Vision, we have over 11,600 results pertaining to MGM Grand Market. DarkOwl first saw MGM Grand mentioned on the popular darknet hacking forum, Dread, in January 2022, when a Dread user created a post rating various vendors on the site. DarkOwl has since seen “MGM Grand” mentioned on this forum at least 364 times. Typically, Dread users discuss experiences with marketplace vendors: 

Recently DarkOwl analysts discovered a Dread user asking which DNM is best for carding or credit card fraud. One user responded, “MGM Grand is decent, but make sure it has escrow bc some vendors don’t have it enabled.”

MGM Grand Market allows transactions to be processed using only Bitcoin (BTC), which is unique. Most DNMs allow transactions in BTC as well as other cryptocurrencies such as Monero, Litecoin, Ethereum, and Dash. Additionally, DarkOwl analysts have increasingly seen other currencies like Tether also being used on the darknet.  

Homepage 

The below screenshot displays MGM Grand Market’s Homepage. MGM Grand’s site format is familiar because it resembles the format of search engines like DuckDuckGo and Google: including a search bar, popular topics, site logo, and design.  

Credentials are required to log in and view content, but the registration process is simple. It requires a username, password, pin, and completing a simple captcha. 

Underneath the search bar is an overview of MGM Grand’s most popular product categories including: 

• Fraud (2364 Listings) 
• Drugs (5599 Listings) 
• Digital Goods (2261 Listings) 
• Guides & Tutorials (2121 Listings) 
• Miscellaneous (996 Listings) 

 Currently there is a total of 13,341 product listings. The drugs section currently contains the most product listings, while Miscellaneous contains the fewest listings. 

Fraud 

The fraud category on MGM Grand Market offers a wide range of fraud products from bank accounts, credit cards, fintech accounts, leaked databases, and more. Currently there are 2364 product listings, and the below screenshot previews 3 products.  

• Verified Bank Drops, $600.00 USD 
• USA leaked CCN + personal details, $35.00 USD 
• Western Union Cashout Methodology, $3.25 USD 

Looking a step further, a review of the content on one of the posts which is advertised as, “Verified Bank Drops EU/US Crypto Exchanges Fast Delivery + Custom Name Accounts” and is for sale for $600.00. The vendor claims they are selling a “fully verified” sumup.com account with Ireland IBAN and Kraken Crypto Exchange Account info including all personal account details. This product received a 4.5 Star rating, despite showing “0 sold” at the time of review.  

This vendor further alleges they can also sell bank account details for various banks, money transfer services, and crypto currency exchanges, the below is a list of financial institutions the vendor claims to be able to provide access to.  

Drugs 

The drugs category on MGM Grand offers a wide variety of illicit narcotics and prescription drugs such as cocaine, Ritalin, Xanax, LSD, and more. Currently there are a total of 5599 drug listings on this market. The below displays a preview of these listings: 

• Speed Paste Amphetamine, $1.07 USD 
• Cocaine, $40.00 USD 
• Xanax, $1.60 USD 

Digital Goods 

The Digital Goods category has a total 2261 listings. Products range from accounts for sale, e-books, malware, RDP, gift cards, and more.  

The above screenshot previews 3 common products under the Digital Goods category including: 

• 2024 ANY COUNTRY RDP server, $35.00 USD 
• 10x Live and active socks5, $28.00 USD 
• Live RDP Remote Desktop Protocol – 2 months Access. $50.00 USD 

DarkOwl analysts selected one product (see below screenshots) to further examine. The below product is a large collection of hacking tools ranging from RATs, cracking tools, fake emails, keyloggers, VPNs, DDOS tools, etc., which the vendor, Safety1st, alleges is worth over $12,000.00 USD, but is generously offering this “mega pack” for $3.26 per each tool. According to the description this vendor has so far sold 1 product and accepts escrow. The vendor also has received a 5-star rating. 

A full list of the hacking tools available from this vendor is shown below: 

Guides & Tutorials 

“How to” guides and methodology tutorials are some of the most sold products across the darknet. There are a total of 2,122 products listed under MGM Grand’s Guides & Tutorials section. The content of these guides varies greatly from how to grow weed, how to hack a phone, how to deploy infostealer malware, how to create a counterfeit id, etc. 

The products listed in the above screenshot are: 

• The Drug Users Bible, $3.25 USD 
• Hydroponic Heroin How To Grow Opium Poppies Without Soil, $3.25 
• Buy Anonymous SIM Cards Worldwide – Anon Phone SIM Card, $3.25 

Miscellaneous 

Miscellaneous product categories exist on most DNMs, but the product listings are quite random and sometimes contain porn and other NSFW (not safe for work) content. However, MGM Grand has included counterfeit ids, money, and services under this category. There are currently a total of 966 products listed under Miscellaneous on MGM Grand Market. DarkOwl analysts have shared a preview of a few products below and their prices: 

• Updated Counterfeit Money Bible (Fake Euro & Dollar), $6.51 USD 
• Mixing Bitcoin Service – We Mix Clean Your BTC – Bitcoins Cleaning, $10.86 USD 
• Generate Unlimited Mobile Phone Numbers of Any Country, $3.26 USD 

MGM Grand Market is a popular destination for those looking to purchase fraud products, digital goods, drugs, tutorials, counterfeit ids/currency, and more. MGM Grand’s popularity is expected to continue increasing as more marketplaces shutdown either due to law enforcement seizures or exit scams. During our next blog in this series of DNM reviews we will look at Archetyp Market.  

---

Subscribe to email to receive the latest research directly into your inbox every Thursday and don’t miss our next Darknet Marketplace Snapshot.  

November 13, 2024

In the age of cybercrime, it is imperative that organizations are monitoring the dark web and dark web adjacent sites in order to identify threats and risks that may be posed to them and their organization. These risks can be reputational, financial, security related or have real world physical implications. In order to identify and combat these threats, organizations will often turn towards a Managed Service Provider to assist them. In this blog we will investigate what MSP and MSSPs should be monitoring for on behalf of their customers.  

What is an MSP/MSSP? 

A Managed Service Provider (MSP) is a company that manages a customer’s IT infrastructure and end user systems. They are usually responsible for monitoring sources and attributes which pose a threat to networks, infrastructure, security, communications and data storage. While some of these tasks will require monitoring network traffic and performance and ensuring compliance, they are also often responsible for cyber security services such as monitoring threats on the dark web.  

A Manages Security Service Provider (MSSP) is a type of MSP that focuses on security, particularly cyber security. They will monitor devices, systems, remote security operations centers (SOC). Their main focus is to protect their clients IT infrastructure from cyber threats. But increasingly they also need to protect their client’s data and how it is accessed and potentially shared.  

For all MSP and MSSP it is imperative that they monitor the dark web in order to mitigate any threats that may be posed to their clients. We will explore some of the information that is available that they should be monitoring for. 

Ransomware 

Ransomware attacks continue to increase in 2024, with most groups now releasing the data of their victims on dark web shame sites when their requested ransom is not paid. The information leaked can contain huge amounts of data from all areas of an organization.  

The leak of this data can not only cause reputational damage but can also leave the organization, their employees and organizations in their supply chain open to further attacks, depending on what information is contained in the leak.  

It is important the MSSP monitor the leak pages of all ransomware groups to identify if any of their clients have fallen victim to a ransomware attacks. However, they should also be reviewing the leaked data for any organizations that are linked to their client to ensure that none of their client’s data has been exposed. DarkOwl Vision can be used to alert MSSPs when any information relating to their client appears on a ransomware site.  

Data Leaks and Stealer Logs 

Data leaks are being released at an alarming rate and can include vast amounts of data relating to individuals and organizations. Leaks predominately will contain credentials, usually email addresses and passwords but can also include information such as Social Security Numbers, IP addresses, Physical addresses and other identifying details.  

It is important that MSSPs monitor all domains linked to a client organization to identify if any of their employees’ credentials have been leaks. Leaked credentials can be used to obtain further access to a network and so steps should be taken to ensure that the leaked password is no longer in use.  

Information in leaks can also be used to conduct social engineering attacks so MSSPs should arrange for cyber security training so employees know what to be on the lookout for. In some cases, if individuals are high profile enough leaked information could also lead to real world implications.  

Stealer logs, while not the same as leaks, also provide details of individuals credentials. Stealer logs tend to have fresher information in them due to the way that they a collected by malware so immediate steps need to be taken.  

Initial Access Brokers 

An Initial Access Broker (IAB) is an someone who specializes in gaining unauthorized access to systems or networks and then sells this access to other malicious actors.  IABs will often sell their access on the dark web through forums or marketplaces. The price for access typically varies based on the organization’s size, industry, or the level of access achieved. 

IABs will often name the sector that their victim is in but will not always advertise the true identity for fear of tipping off the victim to the vulnerability. However, they will often provide images of panels or other proof that they have access.  

It is important that MSSPs monitor all known IABs on marketplaces and forums on the dark web, as well as any other chatter around access to organizations. Particularly those in the industry of the client. DarkOwl Vision allows you to create alerts which can monitor these types of threat actors and this chatter.  

Threats 

The dark web and dark web adjacent sites, particularly Telegram are increasingly being used to spread mis- and dis-information. In some cases, this rhetoric can lead to direct threats against organizations and or individuals. Although in the majority of cases those making threats are usually “trolls” who don’t intend to follow through on their threats, some individuals share this information as part of leakage, sharing their true intentions of real threats they intend to carry out. It is therefore important that MSSPs are vigilant for these types of discussions and ensure they are able to make an assessment about the threat in conjunction with other available sources. However, this can be difficult due to the anonymous nature of the dark web. 

Threat actors can also share information about individuals on the darkweb, including their location and other sensitive information about the individual. This is generally known as a Dox, although information can be shared in other ways. A Dox of an individual can include their home address, their telephone numbers other PII and details of social media accounts. This is something that MSSPs should be extra vigilant for as can have a real-world impact.  

Assets to Search For

MSSPs should ensure that they are monitoring for as many of their client’s assets in the dark web as possible, this includes but is not limited to” 

• Email addresses 
• Domains 
• IP addresses 
• Physical addresses 
• Financial information 
• Social Security Numbers 
• Full names 

As well as assets MSSPs should monitor for attacks or chatter against the industry their clients are from as well as their geographical locations  

Conclusion 

As part of an MSSPs and MSPs role in security the IT and cyber security of a company, it is important that they are monitoring for threats and risk that is being shared and talked about on the dark web. This is the only way that they can ensure that they have insights into what activities criminals are engaging in and who they are potentially targeting.  

---

Curious how DarkOwl can help your organization? Contact Us.