grandeduc - Fotolia

Flashpoint responds to evolving dark web threats

Cybersecurity firm Flashpoint updated its threat intelligence platform to better address evolving techniques and practices on the dark web, such as encrypted chat usage.

Threat intelligence firm Flashpoint said dark web threats are evolving, and the company has a plan to give enterprises better visibility into such threats.

The New York-based cybersecurity vendor introduced on Wednesday a new version of its Flashpoint Intelligence Platform to keep enterprise security teams better informed about dark web threats and new threat actor methodologies. The platform provides customers access to the company's archive of intelligence reports about dark web threats, including data from illicit forums and marketplaces.

Updates to the Flashpoint Intelligence Platform includes new analytics capabilities that provide customers with data about compromised accounts, stolen payment card numbers and collected chat discussions about illicit activity, the company said. The platform's industry alerting feature studies the multi-language conversations of dark web actors and provides customers actionable intelligence on threats to specific vertical industries.

"We have observed a very material uptick as far as the diversity of illicit actors across a broad array of different illicit actor communities who are using chat services such as Telegram for communications, networking, transactions or soliciting new partners in their illicit schemes," Flashpoint CEO Josh Lefkowitz said.

Factors driving this uptick includes the perceived security of these encrypted chat channels and is also in line with how today's generation is used to communicating -- in real time, he said. Chat channels also facilitate the use of media, including video, audio and imagery in a way that are not as user-friendly on forums and marketplaces, he added.

Many breaches are detected by stolen information appearing on the dark web; it's an important data point that every security team should be monitoring.
Bryce AustinCEO, TCE Strategy

"On top of that, there's the ability to very quickly and easily set up new channels without much friction, which can be done in a very seamless way and can facilitate organic development of channels," he said.

Flashpoint is also seeing threat actors move into a broader array of websites beyond traditional cybercrime forums. Those websites include Gab, 4Chan, 8Chan and Dread.

"We're seeing a variety of different illicit actor communities that are operating in those environments; ... there is a very fluid, a very agile threat actor community and threat actor landscape at a macro level that is always looking at new medium to come together as a group and pursue their goals."

Flashpoint is therefore extending its coverage of dark web communities, while also expanding its Telegram collections to multiple other chat services, Lefkowitz said.

One other challenge that Flashpoint customers face within the vulnerability management space, Lefkowitz said, is that they are inundated with CVEs and need to come up with a way of sequencing and prioritizing their patching process.

"With our vulnerability dashboard, what we have done is marry up data from MITRE and NVD with discussions that are taking place in illicit actor communities to help our customers better hone in on which vulnerabilities are being discussed by threat actors, which of course will drive their prioritization processes," he said.

The CVE Dashboard
The CVE Dashboard prioritizes CVEs based on the last 30 days of MITRE and NVD data mapped to Flashpoint illicit actor discussions, showing which of those CVEs are most often discussed by threat actors.

Collecting intel on dark web threats

Apart from helping security teams address and mitigate impending threats, intelligence about dark web threats can also be used as a driver to make better business decisions, Lefkowitz added.

"Organizations within the security enterprise are really looking for intelligence to help them make better business decisions," Lefkowitz said. "We're very much seeing a trend of convergence within enterprise security environments where fraud teams and cyber threat intelligence teams are increasingly collaborating and increasingly working together. What we've done with our expansion of our collection is really build lenses and analytics, as well as expose data, that helps our customers within those two user persona groups to more effectively do their jobs."

Lefkowitz said Flashpoint's team of threat analysts helps collect information about dark web threats. They speak more than 20 different languages and have deep fluency and understanding of a broad array of different illicit actor communities as far as their norms, their intricacies of language and diction, as well as the cultural elements behind those communities.

"They are building personas online, they are adopting virtual identities and interacting in a way that an undercover persona would in the real world," he said. "By interacting directly with these illicit actors they are able to build reputation, trust and credibility."

The dark web is an important view into the data that low and midlevel cybercriminals have access to, said Bryce Austin, CEO of cybersecurity consulting firm TCE Strategy. Knowing what's out there can provide critical insights into the cybersecurity health of a company, he said.

"Many breaches are detected by stolen information appearing on the dark web; it's an important data point that every security team should be monitoring," Austin said via email. "There are lists of stolen passwords for over two billion accounts on the dark web, and many people reuse passwords for work and play. Checking your users' work accounts to see if the passwords on the dark web work for your company's critical systems is a very good idea. If you can find a password that works for an account that has access to your company's VPN, so can a cybercriminal."

Dig Deeper on Threats and vulnerabilities

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close