The Dark Side of the Web

It may be because of the popularity of horror films, or the Oscar-bound The Revenant, but there are times when you go to the movies and sit there with your eyes covered in anticipation of something gruesome yet at the last minute separate your fingers to watch. Such has been the case with what has been called “The Dark Web” and the emergence of Dark Net Markets (DNMs). 

The latter are the illicit marketplaces for seeming all things illegal that are accessible via the Tor network. In short, legitimate businesses abhor the presence of the places where bad actors conduct what unfortunately is very robust business, and where they like to chatter.  However, they need to separate their fingers and keep their eyes open and focused.  The question is how?

The question of how to understand what is going on with the Dark Web, and use the knowledge gained, is certainly germane.  It will be a hot topic at the 2016 RSA (News - Alert) Conference in San Francisco which opens Feb. 29.  It is not only timely, but has complexities. And, if you are looking for grounding on the subject and what to do, a good place to start is two recent reports from security solutions provider Flashpoint.

2015 was a good year for the bad guys 

The first resource of note from Flashpoint is their annual research report, 2015-2016 Highlights & Trends in the Deep and Dark Web. The 30-page report looks at the growing complexity of illicit communities and the industrialization of cybercrime.  It identifies the top five high-risk threats developing in the Deep & Dark Web. The report looks at the growing complexity of illicit communities and the industrialization of cybercrime, and highlights the prolific trends that pose the greatest risk to organizations and their critical assets. 

Here are the five trends identified.

• Anyone can be a cybercriminal. The barrier to entry for would-be cybercriminals continues to lower, thanks in part to expanding toolsets.
• Get your drugs here. Drugs are more desirable and accessible through dark net markets than ever before, resulting in 50 percent of all Tor markets offering narcotics.
• The public domain is the Wild West. With conversations on encryption and privacy entering the political realm, and with no legislature or governance in place to address the use of hidden services, the uptick in Tor and I2P services will continue, as well as the exploitation of these services to conduct illicit and malicious activity.
• Not the fortune, but the fame. The politically and financially motivated actors are still a threat to all governments, organizations and individuals that don’t line up with their agenda. But another dangerous actor group flourished in 2015 – those motivated by chaos and fame. Their actions and goals are much more challenging to predict. 
• Cybercrime and terrorism without borders. The internationalization and globalization of cybercrime is inevitable.

May the Force be with you!       

All of the above is scary stuff.  In fact, the granularity of the report would make for the foundation of a nice Hollywood thriller if it were not so factually based.  Indeed, that said, what can organizations do and who can they trust to help them get the knowledge and tools they need to be proactive as well as reactive when dealing with cyber threats?

This is where the second resource comes in. It is another page-turner titled, 10 Reasons You Need Help With Deep & Dark Web Intelligence. As Flashpoint says of the just released report done by IT-Harvest, “it provides background, information, and insight as to why it is difficult and risky for companies to build the internal capability and own the responsibility of gathering meaningful data and intelligence from the Deep & Dark Web.  Successfully mining the Deep & Dark Web requires a powerful combination of human expertise and sophisticated technology built upon years of subject matter knowledge, automated data gathering, and a willingness to take calculated risks.”

Realities are “eyes wide shut” is not longer an option when it comes to keeping track of professional threat actors.  As the report explains,  “Most organizations track mentions of their key executives, products, and company via Google (News - Alert) News alerts and frequent searches of Surface Web social media and various paste and data dump sites where cybercriminals often share known exploits or pilfered material. But by the time this material bubbles up to the Surface Web, it has already been discussed, shared, and exploited by malicious communities active in the Deep & Dark Web. Monitoring public paste sites is not sufficient for effective research, and the data that shows up there is usually out of date.”

It then goes on to provide those 10 reasons why you can’t keep track of the bad guys relying solely on your own internal capabilities.  Spoiler alert!  They are going to resonate.

Nobody needs to be reminded of the facts regarding 2015. It was a banner year for those with malicious intent.  There are also the sobering realities that 2016 is already off to a rough start.

What the Flashpoint reports highlight are that when it comes to risk management, you can’t defend against what you don’t know. This is true when it comes to all of the latest tools and capabilities that will be showcased at RSA for dealing increasing visibility and control over internal and external threats as they are perpetrated. In addition, using Big Data and sophisticated analytics to detect anomalies faster, and use information about past attacks to shore up defenses and be proactive in building up a defense posture, will also get lots of attention. It is also true when it comes to having real-time information about the Dark Side. To say the least this is valuable intelligence for heading off possible catastrophe, particularly if your organization is target rich, and possibly extremely vulnerable.

This really is a case where fore-warned is fore-armed.