According to Wikipedia, the “internet” is defined as “the global system of interconnected computer networks that uses the internet protocol suite to communicate between networks and devices. The internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web, electronic mail, telephony and file-sharing.” Any good managed security services team will have the technologies and processes in place to protect its customers’ internet-facing assets. However, the description only goes so far as to scratch the surface of what the internet truly is. Consider the Internet like an iceberg: it extends far below the surface. This can create problems from a cybersecurity point of view because, similar to an iceberg, what security teams can’t see could be dangerous. Hidden below the visible top of the internet iceberg, or the areas seen using search engines for finding information, sits the deep web. The deep web makes up most of the iceberg mass and consists of everything that’s hidden from search engine indexing or “crawling.” Much of this information consists of organizations’ databases that shouldn’t be freely accessible, though these are 100 percent legitimate. Going even further, to the bottom of the iceberg sits the dark web, only accessible using specialist browsers and, though there are legitimate reasons for using it, the dark web also provides a home to threat actors and cybercriminals across the globe. While the dark web represents the smallest portion of the information iceberg, it may also present the biggest threat. Because it’s here that criminal intelligence is available in troves: credentials, IP addresses, open ports and personal information all can be found and shared amongst criminals on the dark web, which in turn can be used to facilitate attacks against organizations and individuals. Yet, although investing in both threat intelligence and technology is an accepted and instrumental part of any managed security service provider’s (MSSP) cybersecurity strategy, monitoring of the dark web is often overlooked; and this must change so that they can more adequately protect themselves and customers. The murky side The dark web, in and of itself, and similar to any technology infrastructure, is not an entirely bad thing. Indeed, just like the broader internet it can be a force for good – for example, an anonymizing medium where journalists, activists or individuals who need to evade persecution can communicate in relative safety. Or, as we have come to learn, it can be a place for evil where cybercriminal markets exist to trade in stolen and compromised data. It is this area where MSSPs could focus more attention to up-level their cyber threat intelligence capabilities. For instance, take the ransomware threat that exploded across the globe in the last couple of years. The criminal gangs behind these attacks, the likes of Conti, Grief and Lockbit, were all active on the dark web. Not only do such threat groups recruit “affiliates” who take on the reconnaissance and compromise steps of a ransomware attack in return for a share of the ransom, but it is also where both initial access brokers and remote desktop protocol brokers ply their trades. These brokers have marketplaces where stolen credentials and compromised accounts are packaged up and often auctioned to the highest bidder. With these types of information, ransomware affiliates can more efficiently and effectively buy their way into gaining an initial foothold within an organization’s network. MSSPs should consider adding dark web monitoring to their security arsenals CYBER PATROL GOING DARK By Ben Jones 12 CHANNELV ISION | SEPTEMBER - OCTOBER 2022
RkJQdWJsaXNoZXIy NTg4Njc=