Know your enemy to better protect against cyber crime

Johannesburg, 29 Nov 2021
Read time 2min 40sec
Roland Daccache, systems engineering manager, CrowdStrike META.
Roland Daccache, systems engineering manager, CrowdStrike META.

Organisations need to achieve situational awareness and monitor cyber crime actors in the Dark Web, in order to build cyber resilience and preparedness.

This is according to Roland Daccache, cyber security expert and Systems Engineering Manager Middle East & Africa at CrowdStrike, was speaking during a webinar hosted by CrowdStrike, entitled Exposing the open, deep and dark web.

Daccache and Jean Saad, Senior systems engineer and threat intelligence expert at CrowdStrike, outlined how crucial it is for organisations to monitor and analyse the Dark Web to get information about leaks and emerging risks threatening them directly. However, doing so requires specialised tools and expertise, since access and credentials for illicit sites are difficult to obtain, and incriminating posts appear and disappear quickly on the Dark Web.

“As a subset of the Deep Web, the Dark Web is where things get really interesting, with everything from passwords for sale and ransomware as a service, through to organ trafficking. The Dark Web is bigger than the parts of the Internet exposed to search engines. You can’t monitor and analyse it all on your own – nobody can,” said Daccache.

As a subset of the Deep Web, the Dark Web is where things get really interesting.

Roland Daccache, CrowdStrike.

He said organisations should be monitoring discussions relating to their region, sector, and brand. 

“We might also be interested to know if high profile VIPs in my organisation are being targeted or impersonated. If I were a bank, I would be interested in my bank’s data, stolen credentials or credit card data. If I wanted to take it further, I might also want to look at the exposure of my supply chain. Knowing you are being targeted by cyber crime actors is like knowing you are going to be robbed tonight – you will take action to reduce your risk.”

Anyone with sensitive information was at risk, he said.  “Threat actors don’t need visas – the internet is open for anyone. I strongly encourage organisations of midsize and over to look at what is going on out there. You cannot just ignore the problem." 

Saad said: “A few years ago it was definitely about large companies, but now even a small law firm with ten employees can be targeted because of the importance of their data. We see double and even triple extortion in which attackers secure a ransom and then threaten to leak data and report the victim to the regulator.”

Demonstrating how CrowdStrike Falcon X Recon exposes potentially malicious activity from the open, deep, and dark Web and beyond, Saad showed how the solution collects data and monitors activity from millions of restricted pages and forums to uncover leaks, fraud, data breaches, phishing campaigns and other cyber threats. 

Falcon X Recon collects raw intelligence at scale, performs real-time covert investigations and tracks criminal adversaries, giving automatic notifications of suspicious activity. Saad noted that the sheer scale of the Dark Web and threat actor activities meant that it was important to tailor searches and filter noise.

See also