Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
-
Upload
surfwatch-labs -
Category
Technology
-
view
299 -
download
0
Transcript of Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
![Page 1: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/1.jpg)
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
![Page 2: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/2.jpg)
Today’s Speakers
2
Tim LaytonChief Intelligence OfficerSurfWatch Labs
Adam MeyerChief Security StrategistSurfWatch Labs
![Page 3: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/3.jpg)
Gaining Visibility of Your Cyber Risk is Critical to the Viability of Your Business
• Business executives and the Board can no longer keep their head in the sand
• Business leaders are struggling to align security strategies with real-world business strategies
- 14% of corporations report that the Board is actively involved in cybersecurity preparedness
- 52% report minimal involvement
3
![Page 4: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/4.jpg)
4
• Cyber crime is a business - with a very high return taking little effort
• Criminals target businesses that are custodians of a commodity that can be monetized:- Identity information (Employee &
Consumer)- Financial Information (Payment,
Banking, Gift Card, Coupons, Entertainment accounts etc.)
Know Your Adversary
![Page 5: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/5.jpg)
The Threat Balloon
Cybercriminals shift their tactics to hit
targets that are:“Attractive” and “Soft”
5
The Dark Web is a blind spot in your risk program
![Page 6: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/6.jpg)
The Dark Web: Where Your Information is Actively Targeted and Sold
• Hacking for Hire
• PII/Identity Info/Credit Cards
• Cyber Exploits for Sale
• Vulnerabilities for Sale
• Stolen IP, Designs & Counterfeits
• Spam & Phishing Campaigns for Hire
• Doxxing & Investigation for Hire
• Hacktivist Targeting Forums
• Insider Threat for Hire
6
![Page 7: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/7.jpg)
The Dark Web: Where Your Information is Actively Targeted and Sold
7
![Page 8: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/8.jpg)
Emerging Dark Web Trends: What We Can Learn?
8
![Page 9: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/9.jpg)
Compromised Accounts
9
![Page 10: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/10.jpg)
Transactional Accounts
10
![Page 11: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/11.jpg)
Carding
11
![Page 12: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/12.jpg)
Reward Accounts
12
![Page 13: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/13.jpg)
PII/Identities
13
![Page 14: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/14.jpg)
0-Days
14
![Page 15: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/15.jpg)
Traditional Cybersecurity Approaches Have Not Stopped the Bleeding
15
Shift to an Intelligence-Driven Defense• Gain visibility of specific threats to your
business that are on the horizon
• Understand attack execution methods based on cyber trends related to your business profile
• Prepare for attacks and tie your cyber risks to business impact
• Know what information is on the Dark Web
• Drive the most effective cyber defense tactics with strategic and operational intel
![Page 16: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/16.jpg)
The CISO’s Tug of War
16
Source: EMC
Intelligence Operations (Tracking threats) vs. Network Defense (Stop the Bleeding)
![Page 17: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/17.jpg)
How a CISO Can Leverage Dark Web Intelligence to Mitigate Risk• Intel from the Dark Web provides critical
insights on ACTIVE threats to your business• Dark Web intelligence can be applied to
different areas of the business- Threat intelligence teams – know threat actors
and their motivations to improve your defenses- Fraud teams – understand what commodities are
being monetized so you can minimize fraud- Partners and Suppliers – understand the
“presence” your vendors have to complement supply chain risk management
- Breach Response – instead of waiting to “get the call” from law enforcement, get ahead of the curve
17
![Page 18: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/18.jpg)
Mitigating Risk with a Practical Intelligence Operation
• Outsource Your Dark Web Intel –Complement your intel and facilitate faster, more effective risk management decisions
• Focus on Analysis – It’s less about getting more data and more about enabling sound analysis
• Link Intel to Business Impact – Avoid alert fatigue by worrying about threats specific to your business
• People, Process, Technology – Good intelligence leverages automation, expert human analysis and a process for using the intel
18
![Page 19: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/19.jpg)
Using the Dark Web: Legal and Moral Dilemma
19
• The TOR network was designed for anonymity - with that comes people in the business of conducting unethical and illegal activities
• It takes little effort to go from observing illegal activity to participating in illegal activity
• Due to law enforcement activities, more sites are beginning to deploy counter-intelligence, thus monitoring YOU
• More Dark Web markets are invite-only sites, requiring you to have measurable “street cred” to be vetted by site owners
![Page 20: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/20.jpg)
What’s at Stake and Why You Should Care
• Brand and Reputation
• Customer Loyalty
• Intellectual Property
• Legal Defenses
• Sales
• IT Baselines
• Cybersecurity Strategy
Direct Impact on Your Business and Bottom Line!
20
![Page 21: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/21.jpg)
Q&A and Additional SurfWatch Labs Resources
SurfWatch Cyber Advisor:https://www.surfwatchlabs.com/cyber-advisor
Dark Web Surveillance: www.surfwatchlabs.com/dark-web-intelligence
Sample Dark Web Intelligence Report:info.surfwatchlabs.com/dark-web-report
Personal SurfWatch Consultation:info.surfwatchlabs.com/dark-web-service-consultation
Shine a Light on Your Dark Web Risks
21
![Page 22: Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks](https://reader036.fdocuments.net/reader036/viewer/2022062820/58a9b0f41a28ab9c758b6457/html5/thumbnails/22.jpg)
Thank You!
www.surfwatchlabs.comFollow us at: