BRANDEFENSE BRANDEFENSE
  • Home
  • Product
    How it works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    brandefense background
    Eliminate risks
    Explore the Brandefense
  • Blog
  • Resources
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    We in the Press
  • Partners
    Channel Partners
    Deal Registration
  • Company
    About Us
    Career
    Privacy Policy
    Terms of Use
    Contact Us
Free Trial

BRANDEFENSE

  • Home
  • Product
    How it works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    brandefense background
    Eliminate risks
    Explore the Brandefense
  • Blog
  • Resources
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    We in the Press
  • Partners
    Channel Partners
    Deal Registration
  • Company
    About Us
    Career
    Privacy Policy
    Terms of Use
    Contact Us
Deep Web Intelligence Trends for Security Operation Centers (SOCs)

Deep Web Intelligence Trends for Security Operation Centers (SOCs)

BRANDEFENSE
Dark Web
16/05/2022

Last updated on February 9th, 2023 at 02:30 pm

Table of Contents

  • Intro
    • Most Common Threats From the Deep Web
    • Rise of Ransomware Attacks
    • Deep Web Intelligence Trends
  • Conclusion

Intro

Cyber Intelligence is knowledge, skills, and analyzed data to understand threat actors’ targets, behaviors, motives, and what they seek. The world of the Deep Web can be used to gain knowledge about cyber intelligence. Hacking and carding forums, leak databases, encrypted chat platforms, and illegal marketplaces provide threat actors a network, requiring deep web intelligence to understand potential threats.

Deep web or networks are connections that are made amongst trusted peers and some of them include Tor, Invisible Internet Project (I2P), or Freenet. Deep web intelligence, has a reputation in cyber threat intelligence as it monitors different sources to obtain security insights. This can be generated and prepared that could prevent cyber threats. Deep web intelligence plays an important role as many unindexed websites also have a lot of valuable information that helps to take the necessary measures. Deep web intelligence also uses deep web forum portals in order to make counter-hacking, collect confidential information, and cyber-attack surface analysis.

Most Common Threats From the Deep Web

Deep Web is a gateway to the underground crime market. Many threat actors use forums as like a rite of passage for more advanced threat actors. Searching threats from the deep web forums should not be limited to just hacker and dark web (TOR) forums. Even threat actors hang out on nonhacker forums, which can require skills like cracking, zero-day hacking, or launching ransomware attacks.

Here are some types of common threats from the deep web:

  • Botnets: Such malware includes many bots that coordinate different types of attacks and hackers offer them on the dark web.
  • Ransomware: Advanced threat actors develop malicious software to encrypt all the data after collecting them from their victims. Targeted and highly motivated cyber-attacks are shown and published on the Deep Web.
  • Exposed databases: Hackers acquire credentials from malware and phishing campaigns. Consequently, they can abuse the compromised accounts to their advantage.
  • Hacked accounts: Hacked accounts not only jeopardize the owner’s information but also pose a threat to other accounts on that domain. The hacker might use the account covertly as a foothold for launching further attacks.
  • Vulnerability publishers: Almost every application/service has some security vulnerabilities. Hackers target, discuss and publish these vulnerabilities on the dark web.
  • Targeted cyber attacks: Hackers offer or ask for tailored cyber attacks on different websites and deep web forums. Targeted cyber-attacks are usually like DDoS, SQL Injection, or RDP exploits.

Rise of Ransomware Attacks

Over the last few years, organized crime has watched, and learned, from how simply, and anonymously similar attacks can be utilized as a part of their overall illegal business plans. The harvesting of critical data gave control and power to threat actors and the Ransomware spawned and the global economy has changed forever.

Ransomware, in the simplest of terms, is the name given to a type of Malware from crypto virology that typically threatens to publish the victim’s data or block access to it unless a ransom is paid.

Ransomware and cyberattacks on a high level are a challenge to keep track of. It is evolving over the last few years. Now it means that threat actors exfiltrate data and then demonstrate them on the Deep Web.

Here are examples of REvil Ransomware Group’s cyber-attacks and demonstration of critical data:

revil_acer
revil cyberattack
revil quanta

Gathering intelligence and investigating Ransomware attacks can provide in-depth analysis to get a high-level security mindset.

Deep Web Intelligence Trends

Deep web intelligence is mostly found in online services. Controlling searchable lists, guides and directories that contain indexed information on a specific topic is very important. Collecting deep web intelligence can be a more labor-intensive process than gathering OSINT on the surface web. Here are some Intelligence feeds for example;

  • Paste Sites,
  • Deep Web Forums,
  • Credential Marketplaces,
  • Identity Fraud,
  • Chat-Based Services,
  • Carding Marketplaces,
  • Ransomware Group Sites,
  • Deep Web Search Engines.

Among these feeds, almost 70% of stolen data is marketed on Chat-Based Services and Carding Marketplaces.

deep web intelligence feed sources
Deep Web intelligence sources can also be used to investigate further information about stolen data or threat actor.
Here is an example of examining some fraudulence posts;
versus deep web marketplace
Another example of examining some credential marketplace;
deep web marketplace example
Ransomware groups are also using Deep Web to publish their victims. It’s very important to collect intelligence from ransomware groups, their targets and what they publish after they don’t get paid. Here is an example of [email protected] group’s website;
bl@ckt0r group data breach

Identity fraud, fake passports, and documents are sold through Deep Web. Fake IDs are in use of social engineering or targeted phishing attacks by threat actors.

Conclusion

Deep web can be useful for collecting valuable data that informs the types of cyber threats a company is facing as well as supporting a more nuanced understanding of its risk profile. However, data from this source can be hard to find and is often unreliable.

As-a-service offerings, data dumps, and general chatter about an organization can all be valuable that can inform a security posture. Validating each data point is crucial to avoid wasting resources. The resources required to find the data in the first place and then validate will be significant.

It’s essential that security teams focus their deep web efforts appropriately. While there is plenty of criminal activity on the web, focusing on the specific threats to your business will allow you to cut through the noise and understand your organization’s unique risk profile.

With the use of web monitoring systems gather intelligence and provide knowledge of the possible threats against your digital assets. Such tools can be used for the following types of intelligence:

  • Security News from the Deep web Monitoring Systems: give clues that your site has become a trend on hacker forums.
  • Discussions: gathering information from deep web discussions will let you know whether weaknesses on the web have been exploited. This can be used to secure websites to prevent attacks in the future.
  • Underground identities: threat actors try to keep their identities anonymous, however, you can gather information on which deep web forum they are based and what they are interested in.
  • Service providers, data sales, and leakage: threat actors need to advertise their services and the data they can provide to make money. Using a service such as Brandefense will help you to detect leaks and data sales.
Brandefense protects your online assets by monitoring deep&dark web continuously. This proactive approach gains you the time and money that you need.

Deep web intelligence can be used to proactively fight fraud activities and it has proven to reduce financial losses. Deep web intelligence contains different sets of data feeds in reach from the deep web; malware networks, botnets, ransomware groups, identity fraud, credential marketplace, and other technical infrastructure used by cyber threat actors to commit financial acquisition.

Share on Facebook Share on Twitter
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • Perspective of the Month | APT Groups
    Perspective of the Month | APT Groups
  • BellaCiao: The New Malware From Iran’s Charming Kitten
    BellaCiao: The New Malware From Iran’s Charming Kitten
  • Security News Digest | Security Newsletter | April 27, 2023
    Security News Digest | Security Newsletter | April 27, 2023
  • Cyber Security Trends in 2023: What You Need to Know
    Cyber Security Trends in 2023: What You Need to Know
2023 Ransomware Trends Report
Let’s Dive in Ransomware Attack Trends
Report

Let’s Dive in Ransomware Attack Trends

Download Report
Follow us!

Continue Reading

Previous post

Bitter APT Targets Bangladesh’s Key Institutions Through Phishing Emails

bitter apt targeted bangladesh for phishing
microsoft onenote vulnerability
Next post

The New Phishing Attack Detected Using Multiple Malware Types

particle element
We know what hackers know about you
Our cyber threat intelligence and security research team is ready to help you.
Request a demo
Free Trial
Contact
Login

Follow us on

brandefense logo brandefense

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Turkey:

Üniversiteler Mahallesi, 1605.Cadde, Kapı No:3/1, No: 204, 06800 Çankaya/Ankara 06800

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
Channel PartnersDeal Registration
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
Close
Search

Hit enter to search or ESC to close