By Giampiero Moscato, Partner and BDM – Kirey Group | IKS Security Division
Today, cyber threats, in particular those addressed to companies in the financial sector, increasingly come from the Dark Web. An ecosystem in continuous evolution where everything is found, from news to pages managed by cryptocurrency lovers to numerous alternative and illegal markets, all together with the guarantee of anonymity.
In the past, the Dark Web has always represented that space where ad-hoc malware was created and exchanged for cyber attack campaigns and information, so that they could be economically profitable once extracted. It is a market that has in common with the traditional ones the economic laws that regulate it, where supply and demand determine the price of a product, but in which it is possible to buy for everyone: from the code of an exploit not yet known, to the list of stolen username and password, individual credit card numbers guaranteed and much more.
On the Dark MarketPlace today the various modules that make up a malware or a phishing campaign are even available and that allow a potential hacker to buy separately and at the best price the various pieces that he needs to better design his “personalized” threat and choose how to infiltrate it.
The Dark Web therefore represents a huge repository of data and services, which are actually sometimes true and many other fakes. A pool of information hidden in a deep and anonymous part of the network, which can and must also be exploited to build an effective defense system with respect to the new frontiers of cybercrime.
The approach is certainly not the simplest, because in the world of anonymity you are known for the relationships that are created, for the hacking campaigns that you have carried on over time, for the name you have built. To access information and consider it valid, Cyber Intelligence companies must use people who already have a history within the Dark Web and who represent de facto real infiltrators.
This is why Cyber Intelligence companies use analysts, often ethical hackers with their own past, also capable of boasting skills in being able to recognize the truthfulness of information and also use it specifically in particular markets, such as banking.
In a scenario where protection becomes increasingly complex, an efficient cyber defense entails the ability to integrate and correlate multiple sources so that they are no longer based solely on a single reference, which is why intelligence on what comes from the Dark Web can play a key role.
The goal is to create a more effective security incident management, an integrated system that is able to cope with new and old threats. This system must provide for the use of tools capable of securing the company’s infrastructure and certainly cannot ignore new technologies, such as machine learning and the autonomous response, which increases the reaction speed to manage fluidly and effective security incident and its potential escalation process.
However, it is not a question of analyzing only the technological aspect of cyber threats but also the behavioral and relational threats, crossing vital company information with information derived from multiple sources, including the Dark Web. In this context they are also vital those tools that allow to analyze how the strategic assets of the business are exposed and known to the outside, scanning both the visible part of the Web and its Dark side.
Last but not least negligible for an effective security strategy is to always consider the global ecosystem in which it operates, from employees and collaborators who need targeted training so that security becomes an investment in the person, and to customers, partners and suppliers, so that the entire business value chain is compact in facing the new challenges that come from darkness