Johannesburg, 11 Nov 2021
A webinar to be hosted by CrowdStrike, in partnership with ITWeb, will reveal the activities on the Dark Web, and show how strategically monitoring them can improve organisations’ cyber security.
Roland Daccache, systems engineering manager, Middle East & Africa at CrowdStrike, says the Dark Web is part of the over 90% of the Internet that is not exposed to search engines. This is where threat actors hide, and this is where cyber crime trends typically emerge first, he says.
“Organisations spend so much time and resources looking within their environments and tend to ignore the outside. But they need full situational awareness to improve their cyber security posture,” he says. By monitoring the Dark Web, organisations will know if their own information has been leaked, as well as being alerted to trends impacting their industry, region or geography.
Monitoring the Dark Web is not really something you can do yourself.
Roland Daccache, CrowdStrike.
“Anything and everything is for sale on the Dark Web,” he says. “Every piece of data is worth something as long as you can match it with the right entity. For example, source code leakage can be useless for many development companies, however it is still IP that might be found valuable by competing organisations, not only APT groups who would seek the code to find bugs and assess methods to inject payloads and initiate a more sophisticated attack.”
“Things can escalate easily,” he says. “We all heard about EA Games' major breach in June: it all started with a leaked Slack Session Token sold @10$ and ended up in the news with headlines like “EA Data Stolen by Hackers To Be Sold for $28 Million”. The Dark Web is dynamic, and information can be sold and resold. There is no moral obligation to remove the data once sold, and prices can be dynamic: it is just a question of how bad you want it or how critical it is for you. It should be noted that the value of this data is not only related to money – it can also directly impact the organisation’s reputation.”
Accessing the Dark Web
CrowdStrike explains that the Dark Web – unregulated parts of the internet where users can access unindexed web content anonymously – is generally associated with nefarious activities, but it can also be used by the intelligence community as well as by whistle blowers, members of the media and ordinary citizens whose communication may be monitored or restricted.
Activity in this network of unindexed Web content is made anonymous through a variety of encryption and routing techniques, and addresses tend to be a mix of random numbers and letters, which may change frequently. To access the Dark Web, users need a browser such as Tor (The Onion Routing) or I2P (Invisible Internet Project). Because the Dark Web is a common gathering place for hackers and other cyber criminals, browsing can be a risky activity, and downloading files could infect devices with viruses, malware, trojans or other malicious files. CrowdStrike cautions against organisations and individuals using the Dark Web.
Daccache says: “Cyber security alone is a challenge to any organisation, and added to that, the Dark Web is not something tangible. It presents two main challenges: access to Dark Web information, and analysis. Dark Web Forums have their own security measures and accessing them would require infiltrators, not to mention the size of the Dark Web itself.”
“Even if the organisation has the technology for monitoring the Dark Web, it will also require a specific set of skills for an analyst to be able to tune the searches and extract the needed information. To make matters worse, the analyst will also have to deal with obfuscated information and will need to create patterns and statistical analysis in some use cases to benefit from the detections,” he says.
Monitoring cyber crime markets
Daccache says sensitive information ends up on the Dark Web due to information harvesting, stealers and selling services (such as Ransomware as a Service, or new payloads).
“The Dark Web is considered as the Hackers Marketplace,” he says. “Information tends to end up on the Dark Web due to compromised information due to misconfiguration related to digital asset protection, such as exposed servers/databases with minimal security or public repository with no or weak authentication protection; due to phishing attacks targeting the weakest link (humans) or because an organisation is infected with stealers and command-and-control (C&C), leading to data exfiltration.”
Dark Web monitoring can help organisations mitigate risk by giving them visibility of leaked information.
“Monitoring the Dark Web is similar to having life insurance, as it might not always return direct added value, but it is critical and necessary to maintain security posture,” says Daccache. “It gives organisations visibility over the leaked information, credentials, PII, IP, etc. and allows them to take responsive measures to avoid a more sophisticated breach. It enables proactive monitoring for exploits and information that can lead adversaries into compromising the organisation's infrastructure, such as a 'Zero Day Targeting Exchange' in addition to correlating activities with adversaries and related IOCs.”
He says: “Monitoring the Dark Web is not really something you can do yourself. It requires skill to identify the right forums and markets for exchange of data by threat actors, and sift through vast amounts of noise and useless information. You need to have experts doing it. What sets CrowdStrike apart is that we go beyond just monitoring to include detailed analysis and curated data and reports.”
Webinar: Exposing the open, deep and dark web
Date: 25 November 2021
Time: 14:00 (GMT+2)
Duration: 60 minutes
CrowdStrike’s webinar, Exposing the open, deep and dark web, will be held in partnership with ITWeb on 25 November.
During this event, CrowdStrike experts will demonstrate the tracking of data leaks into Dark Web criminal forums, with examples from CrowdStrike Falcon X Recon showing how strategic monitoring can provide early warnings of attacks and guidance on risk mitigation.
For more information and to register for this event, go to https://www.itweb.co.za/webinar/exposing-the-open-deep-and-dark-web/
Share