Example essay

GUEST ESSAY: Threat Hunters Adapt Characters and Leverage AI to Gather Dark Web Intelligence

The Deep & Dark Web is a mystery to most mainstream players today: many have heard of it, but few understand only a fraction of what goes on there.

Related: IABs spread ransomware

As you plan your roadmap, execute your projects, and keep an eye out for the deluge of ransomware headlines, it’s understandable that you and your team may feel some anxiety.

Cyber ​​anxiety can indeed be crippling, but new software solutions have the potential to be a game-changer for IT departments. These automated programs will hunt the Deep & Dark Web for you, scouring the deepest and dirtiest pools in search of the next threat bearing your name.

There are many facets to what I will call “The Underground”. It extends beyond the Deep & Dark Web to: unindexed web forums, email forums and marketplaces, encrypted email systems and code repositories. It is simply impossible for a human analyst to sort through everything.

Additionally, filtering through these channels is made even more difficult due to language barriers, as well as trust and access to these various forums. Having automated tools that can process these diverse datasets is integral to enriching your team’s intelligence programs, whether you have a well-established team and process or are just beginning your journey. .

hunting threats

To gain access to discussion forums and chats on the Deep & Dark Web, cyber professionals carefully cultivate their own personalities – a task that takes a lot of time and practice, but is the only way to gain access to hacker communities. . Once verified and accepted, threat hunters will go to these message boards and communities and search for anything related to your business, for example:

• Corporate login credentials

• Data collections published after ransomware attacks

• Databases with critical IP and/or PII

• Discuss the best methods to attack your business

Ransomware attacks indiscriminately hit all categories of businesses, from private corporations to government agencies, schools and universities, hospitals and healthcare providers, financial institutions and everything in between. There is no safety in size: hackers also target small businesses.

The financial losses associated with a hacking incident – ​​not to mention the loss of customer trust and trust in a brand – make recovery difficult and costly.

The rise of Initial Access Broker (IAB) markets gives criminal groups easy access to purchase stolen credentials for a nominal fee. Hackers use these credentials to try to gain a foothold in a targeted company. The average cost of these credentials is as little as $10.

For example, a hospital that suffered a ransomware attack in 2021 had credentials for its VPN offered for sale on an underground market eight days before the attack.

In another example, it was reported that the Lapsus$ ransomware gang bought and tried several sets of access credentials for T-Mobile, before finding a user with the right level of access to gain a foothold.

To remain vigilant

To help businesses understand how they are discussed and compromised on the Dark Web, Cybersixgill’s team of threat hunters and intelligence specialists offers a portal that can be customized to search for any threat in the underground that targets the organization. of a user.


Think about the Cybersixgill portal like a complex search engine that can reach the deepest depths of the Underground. It continuously crawls over 700 forums and marketplaces and monitors over 25,000 channels on platforms like ICQ, Discord, and Telegram. Every day, Cybersixgill’s portal brings over 7.5 million pieces of information, including Indicators of Compromise (IOC), Common Vulnerabilities and Exposures (CVE), and Malicious Files.

For each of the hundreds of thousands of CVEs, Cybersixgill’s platform uses machine learning (ML) models to help companies prioritize fixes. This method goes beyond the Common Vulnerability Score System (CVSS) which numerically ranks threats, so organizations can easily prioritize which one to attack first. It also integrates with many of the most popular cybersecurity platforms, such as Crowdstrike, Splunk, Microsoft Azure, and dozens more.

Keeping up with the latest threats can seem overwhelming, but you don’t have to be cyber paralyzed. Cybersixgill arms security teams with data straight from the underground, making it much easier to stop attackers before they cause significant damage.

About the essayist: Brad Liggett is CTO, Americas Intel Architects at Cybersixgill a Tel Aviv-based cybersecurity company that provides scalable, real-time, actionable, contextual and automated threat intelligence.

*** This is a syndicated blog from the Security Bloggers Network of The Last Watchdog written by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-threat-hunters-adapt-personas-leverage-ai-to-gather-intel-in-the-dark-web/

Source link