Dark Web Monitoring – 2023 Threat Prediction
The first step in the MITRE ATT&CK Framework is Reconnaissance and this is a clear indication of the first challenge faced by threat actors.
Researching a target organisation’s key people, their roles, their privileges, and ultimately how they could be unknowing accomplices to illegal activities can be difficult and time-consuming.
The dark web has sped up the reconnaissance process to a previously incomprehensible pace. It also offers services via initial access brokers where other nefarious actors will provide easy access to target environments within a pre-agreed timeframe. Similarly, credentials previously stolen by other cyber-criminals are being publicly advertised and sold to the highest bidder.
2023 And Beyond
Worryingly, there is an increasing number of tools and services available to threat actors that are both extremely damaging and very cost-effective. The amount of PII and IP advertised, traded, and sold on the dark web is set to increase dramatically due to this increased efficiency and the raised awareness amongst would-be criminals about these types of services. Once content has been uploaded, there is little to nothing that can be done to remove it because of the inherently decentralised infrastructure.
Threat actors are always on the lookout to increase the efficiency and effectiveness of a cyber-attack. Sometimes even paying for any access within an organisation to plant ransomware or further an attack.
“The dark web will become even darker with the accelerated rise of organised criminal minds. If it is easy to buy leaked information anonymously, the dark web will continue to thrive. The continued use of cryptocurrencies to trade dark goods as the anonymous payment system of choice will only add to this threat…”
– Arjun Pednekar, CREST Fellowship and CTO of Cognisys.
- Ensure continuous monitoring of the dark web and its contents leaked/traded by cybercriminals.
- Ensure unique passwords are in use, ideally pass-phrases, with multi-factor authentication. This should be embedded within the heart of your corporate policy.
- Deploy access using the principle of least privilege throughout the organisation. The model can be applied to applications, systems or connected devices that require privileges or permissions to perform a required task.