Business Security with Darknet Visibility The darknet is often treated as a hidden hive of nefarious activity, where drug dealers and cybercriminals run rampant. In truth, it is far more complex than that.

Darknet Scanning - Pre-Emptive Protection

Marketplaces - An Underground Amazon

Marketplaces - An Underground Amazon

Anyone can access the darknet by downloading the Tor browser and while there is certainly a huge amount of criminal activity on it, the darknet is far more organised than most people realise. A significant chunk of darknet criminal activity is conducted via online marketplaces, not dissimilar to more familiar online retailers such as Amazon. Potential buyers can browse the different market sections, filter out different types of products, and even leave reviews on products they have purchased.

One product which poses a clear security threat to organisations is tranches of stolen credentials, which remain a valuable commodity for cybercriminals. On the darknet, stolen credentials are widely available, often being traded and sold in the open, available for anyone to purchase. There are numerous online markets dedicated solely to the purchasing of stolen credentials which can then be used for anything from compromising email accounts to stealing bank details.

Monitoring the darknet for stolen credentials can be vital for pre-emptively identifying threats to company assets. It can prevent damaging, and potentially costly data breaches, as well as mitigating fraudulent account activity.

Contact Us For More Information

Initial Access - Networks Wide Open

Initial Access - Networks Wide Open

A vast range of products is sold on the darknet, with those most frequently mentioned being drugs, stolen credit card details, and firearms. Yet one of the most potentially damaging products available is rarely given the same level of attention. This product is access: specifically, access to an organisation’s network.

The main threat from initial access sales does not come from the broker themselves, but from the threat actors who purchase this access. Initial access sales are exceptionally popular within cybercrime communities, primarily because it outsources the need for time-consuming enumeration, scanning, and gaining of access to systems of value. In most cases, it is access to the domain administrator account that is sold which essentially provides a threat actor with control over an organisation’s entire network.

Over the past few months alone, Cyjax analysts have identified initial access sales targeting organisations from sectors including healthcare, energy, financial services, and telecoms. These sales affected a well-known multinational market research agency, a large government healthcare provider, and one of the world’s largest airport operators, to name just three.

Contact Us For More Information

Ransomware - Off-the-Shelf Products

Ransomware - Off-the-Shelf Products

Ransomware is one of the most prominent threats across the current threat landscape. Ransomware attacks began to increase in frequency throughout 2019, before exploding in 2020. There are many factors behind this rapid rise: one of the most important of these is the proliferation of Ransomware-as-a-Service (RaaS) offerings, many of which are active on the darknet.

Monitoring these RaaS groups can provide invaluable insight. From a strategic perspective, a new recruitment campaign for affiliates can provide advanced warning to expect a surge of attacks associated with this particular RaaS group in the coming months. At a more granular level, monitoring RaaS groups can enable analysts to identify affiliates belonging to a specific group. Armed with this knowledge, analysts can then begin to monitor these affiliates more closely and in some cases, pre-emptively identify organisations being targeted.

Many ransomware groups are now publicly naming victims and leaking stolen data unless the ransom demand is paid. Consequently, ransomware now poses not just a direct threat to the original victim, but to an indirect threat to that organisation’s clients and supply chain.  Monitoring these sites, therefore, provides advanced warning of potential abuse of business assets.

Contact Us For More Information

Discover Cyjax

Weekly Brief

Geopolitical and Cybersecurity Weekly - 19 October

Our weekly report takes in cybersecurity news, threats, and developments, providing brief contextualised analysis and a broad overview of everything you need to know about that week's threat landscape.
NextIcon for next Learn More

Geopolitical and Cybersecurity Podcast

Cyjax Geopolitical Podcast - August 2020

Joe Frederick (EMEA Operations and Security Intelligence Manager at A2 Global Risk) joins Ian and Tristan (CISO and Head of Editorial at Cyjax, respectively) to dissect a US report on North Korea, elections in Belarus, and corporate responsibility - from Garmin to Uber.
NextIcon for next Learn More

CISO Mid-Year Report

2020 Mid-Year CISO Report

We are regularly asked to define the biggest cybersecurity challenges. Inevitably, they are the same: vulnerability management to reduce the attack surface; phishing attacks (which still account for over 90% of initial compromise and the associated risk of malware infection, credential theft and data breach); and insider threat.
NextIcon for next Explore

Social Media

Follow us on Twitter

Stay up to date with the latest news, analysis and insight from Cyjax.

Make the darknet clear, with Cyjax