Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label OSINT. Show all posts
Security System
Cyber Attacks Dark Web leaked credentials OSINT Security System

Dark Web Exposure Increases Risk of Cyber Attacks, Study Finds

 



A new research study has determined that any companies that are ever mentioned on the dark web will be much more vulnerable to cyberattacks. In collaboration with Marsh McLennan's Cyber Risk Intelligence Center, Searchlight Cyber has carried out research on more than 9,000 organizations, revealing that dark web exposure has a strong link to breaches in cybersecurity. This has established a critical urgency for businesses to track their presence online and develop better security protocols.


How the Dark Web Poses a Threat to Businesses  

The dark web is a hidden part of the internet where cybercriminals operate anonymously. It is commonly used for illegal activities, including the sale of stolen data such as passwords, financial records, and personal information. Many businesses are unaware that their sensitive data is already circulating on the dark web, making them prime targets for cyberattacks.

Based on the study, companies that experienced any type of exposure on the dark web suffered a 3.7% breach rate over four years. This simply means that after an organization's information hits underground marketplaces, hacking forums, or leaked databases, the chance of a security breach becomes a lot higher.

The researchers found several routes through which a company's information can find its way to the dark web, each step of which heightens the potential for cyberattacks: 

1. Exposed Employee Credentials  

In case employee login credentials (e.g., email and password) are leaked, the chances of hacking into a company increase by 2.56 times. The hackers use these leaked credentials to infiltrate internal systems without authorization.


2. References on Dark Web Marketplaces  

 Being associated with an underground trading platform increases a company's chance of being targeted by 2.41 times. Mainly, the hackers sell the stolen information to other attackers for use.  

3. Company Network Tied to Dark Web

If an organization's IT systems have activity on the dark web, whether intentional or accidental, an attack will happen 2.11 times more frequently.

4. Paste Sites Data Leaks 

Pastes are commonly used by hackers to share data that they have stolen from an organization. If a company's data is posted on such sites, there is an 88% increase in the possibility of breach.

5. Public Exposure through OSINT  

At times, some companies' information might be published due to either a misconfigured environment or breaches in data storage. If there is a firm's exposure within OSINT reports, then that increases the business's risk level by 2.05 times.

This research also demonstrated that companies featured in five or more of these risk categories had a 77% chance of facing a cyberattack than companies without any. 


How Companies Can Protect Themselves

Cyberattacks have been increasing by the day. Businesses, therefore, have to take proactive steps to ensure the security of their sensitive data. Experts say companies should consider taking the following actions: 


  •  Check the Dark Web Daily

Businesses must employ cybersecurity that scans the dark web for data breaches and responds immediately if data belonging to a company is located. 


  •  Strong Password Policies 

 Employees must be compelled to use strong passwords and to also activate MFA to block hackers from unauthorized access. 


  •  Frequently Update Security Systems

Software updates and system patches keep cybercriminals from exploiting vulnerabilities in outdated technology.


  •  Train Employees on Cybersecurity Risks 

  Human error is one of the biggest causes of cyber breaches. Educating staff on how to identify phishing scams and suspicious activities can significantly reduce security threats.


Why Dark Web Awareness is Crucial

According to Ben Jones, CEO of Searchlight Cyber, companies must be aware of their dark web exposure. Hackers, he explained, plan cyberattacks in underground forums and marketplaces and use leaked credentials to gain access to company systems.

By monitoring their exposure, strengthening their security policies, and educating employees, businesses will be able to minimize their risk and stay one step ahead of cybercriminals. Protect sensitive information before an attack happens and save money on security breaches.


Read more »
U.S. Spy Agencies
China Covid Intelligence agencies National Intelligence Open-Source intelligence OSINT Spy Agency Technology U.S. U.S. Intelligence U.S. Spy Agencies

US Spies Lag Rivals in Gathering Data That is Concealed From Plain Sight


As the alarms start to go off globally about the spread of the covid virus in China, official authorities in Washington are now concerned about the threat the virus may pose in America. In regards to this, they have turned to U.S. intelligence for insight. 

Although, according to a recent congressional review of classified reports from December 2019 and January 2020, the most prevalent early warnings did not come from spies or intercepts. Instead, officials relied on citizen journalists, reporting public, and diplomatic cables, as well as analysis from medical professionals – some instances of the so-called open-source intelligence (OSINT). 

Predicting the next potential pandemic or the next government to fall will require better utilization of open-source materials, the review noted. 

In a review conducted by Democrats on the House Intelligence Committee, the authors wrote, “There is little indication that the Intelligence Community’s exquisite collection capabilities were generating information that was valuable to policymakers.” 

This echoes what numerous current and former intelligence officials are increasingly alerting of, i.e. As opponents like China boost their efforts, the $90 billion U.S. spy infrastructure is falling behind because it has not embraced gathering open-source intelligence. 

Traditional Intelligence is Still Prevalent 

While open-source intelligence has become an important tactic in recent times, this does not budge the relevance of conventional intelligence. Spy agencies have unique powers in order to penetrate global communications and cultivate agents. For instance, when the Biden administration made the intelligence conclusions indicating Russian President Vladimir Putin intended to invade Ukraine public, they achieved a high-profile accomplishment. 

Nonetheless, officials and professionals have raised concerns over the fact that the U.S. did not invest sufficient people or finance in analyzing publicly available data. They as well claim that the U.S. did not efficiently utilize advanced technologies in order to yield critical insights. 

Commercial satellite images, social media, and other web data have increased the ability of private enterprises and unbiased analysts to disclose state secrets. And there are rising concerns in Washington about Beijing's influence over popular apps like TikTok, as it is well known that Beijing has stolen or gained control over vast amounts of data on Americans. 

"Open source is really a bellwether for whether the intelligence community can protect the country […] We collectively as a nation aren't preparing a defense for the ammunition that our adversaries are stockpiling," says Kristin Wood, a former senior official at the CIA, currently a chief executive at the Grist Mill Exchange, a commercial data platform. 

Barriers Concerning Open-Source 

Intelligence agencies have noted several barriers in regard to open-source intelligence. Some are technological. For instance, access to unclassified internet or open data sources is frequently difficult for officers working on classified networks. Concerns about civil liberties and upholding First Amendment rights are also present. 

While some experts also raise questions about whether agencies are held back by the reflexive belief that top-secret information is far more valuable. 

Rep. Jim Himes, a Connecticut Democrat, and longtime Intelligence Committee member says that he believed there is needed to be “some cultural change inside places like the CIA where people are doing what they’re doing for the excitement of stealing critical secrets as opposed to reviewing social media pages.” 

Open-Source Capability of the U.S. 

According to Frederick Kagan, a senior authority at the American Institute who looks after the creation of those reports, “There is a lot of open-source capability that the U.S. intelligence community can pretty much rely on to be there […] What it needs to do is figure out how to leverage that ecosystem instead of trying to buy it.” 

Of the 18 U.S. intelligence agencies, most of them utilize open-source programs, from the CIA’s Open-Source Enterprise to a 10-person program in the Department of Homeland Security’s intelligence arm. 

Although, the top officials do acknowledge the lack of consistency across those programs in the way they analyze open-source information or how they use and share it. In regards to the same, Avril Haines, the U.S. director of national intelligence has said, “We’re not paying enough attention to each other and so we’re not learning the lessons that different parts of the (intelligence community) are learning, and we’re not scaling solutions, and we’re not taking advantage of some of the outside expertise and information and work that could be taken advantage of.”  

Read more »
Subscribe to: Posts (Atom)