Dark web marketplaces are online marketplaces where people can buy and sell illicit goods and services under the protection of the anonymity of the dark web. The goods and services on offer range from leaked credit card details, exploit kits and hackers for hire, to advertisements for hitmen services.

Because of the range of goods and services found for sale, as well as the conversations that occur around these sales, dark web marketplaces can be immensely valuable sources of data on criminal activity. As such, they are normally under intense scrutiny from law enforcement and security professionals alike.

5 Dark Web Marketplaces

People have been organizing illicit trades via the internet since the 1970s. Those early examples though were through closed networks and the actual exchanges of money and goods generally had to take place in person. With the advent of crypto-currencies, it became not only possible to complete trades online without leaving a money trail, but easy. As such, the trading of illegal goods online has become more commonplace and vast dark web marketplaces have been created. 

The very first of these marketplaces to pair the darknet with Bitcoin was the Silk Road. Silk Road was created by Ross Ulbricht in February 2011. Over the next two years, the Silk Road set the standard for darknet marketplaces. By the time it was shut down in October 2013, and Ross Ulbricht arrested, the site had traded an estimated $183 million worth of goods and services.  

ToRReZ

ToRReZ Market is a wallet-less market; which means you only send funds when making an order. The market currently supports four cryptocurrencies: Bitcoin, Monero, Litecoin, and Zcash. Both physical goods such as drugs, and digital goods such as software and credit cards, are sold on ToRReZ Market.

Tor2door

Tor2door is a darknet marketplace that launched in June 2020. The market is built from scratch and has a unique design. Tor2door claims that security and usability are its main priorities. This market is one of the easiest to use and is very simple for inexperienced dark-net users.

Hydra

Hydra is the largest marketplace in the darknet and most popular darknet marketplace in the Russian-speaking sphere. According to the Project news outlet, it is responsible for 64.7 billion rubles ($1 billion) in sales through its 5,000 shops between 2016 and 2019. Although a wide range of illicit goods and services are sold, the site also has a few rules, which are perhaps one of the reasons for its longevity and success. These rules include no fentanyl, no weapons, no sale of hitmen services, viruses, or porn.

Versus Project

Established in 2019, Versus quickly gained a reputation for a user-friendly UI and intuitive search options. It has gained a lot of users and become a popular marketplace due to its focus on security. Buyers can purchase a range of digital goods and services which include illicit drugs, software and malware, and services related to fraud. The marketplace has over 8,400 listings and 500 vendors who communicate in English and accept Bitcoin for transactions.

White House Marketplace (WHM)

White House Market is a dark web marketplace that enforces the use of PGP (Pretty Good Privacy) encryption to just browse the site. The site goes into detail about its security on the About page and explains that it does not store Monero private keys on their servers, which can ease the mind of its users. Although White House Market is a smaller marketplace than the others on this list, it is possible that its ultra-security features and simple, easy-to-use UI will quickly attract more vendors.

Other markets include Icarus market, Dark0de Reborn, Canada HQ, Monopoly Market, and more.

How to Keep Track of Evolving Darknet Marketplaces

There are various active dark web marketplaces. According to Webhose, one of our data providers, there are approximately 20 active leading dark web marketplaces and there are dozens of smaller additional marketplaces. 

Gaining access and monitoring these darknet marketplaces comes with a unique set of challenges. Firstly, they generally have short lifespans. This could be for a variety of reasons, for example, law enforcement might close them down, or perhaps to help avoid this fate they frequently change their domain address. It could even be because the admin implemented an exit scam, which is what happened with Empire Market, where the admin team is estimated to have made off with some $30 million worth of Bitcoin in August 2020. 

Because of this short lifespan, security professionals need to constantly be on the lookout for the next big marketplace. However, because of the illicit nature of the dark web, many websites don’t want to be found, as such there is no easy way to navigate the dark web. Each website can be thought of as an independent silo. Darknet websites rarely, if ever, link to one another. To find the forums and marketplaces where the important and relevant is you will need to know what you’re looking for and how to look for it.  

Finally, once the relevant sites have been located and access gained, there is still the serious challenge of monitoring the dark website to effectively gather usable intelligence. Doing this manually requires vast amounts of resources, however, you also can’t simply scrape the website as such activity can quickly get you banned from a site. 

This is where Open Source Intelligence (OSINT) tools like Signal come in.

The Role of OSINT tools when Monitoring the Dark Web

OSINT tools allow security professionals to effectively and efficiently monitor the surface deep, and dark web. Using Signal you can create targeted searches with Boolean logic, and then run the results through intelligent filters powered by our advanced AI. This process can be automated with real-time SMS and email alerting. 

This reduces the need for skilled professionals to spend all their time manually monitoring the entirety of the web and assessing the associated risks. Additionally, it reduces the inherent risk of accessing criminal forums and marketplaces. Instead, security professionals get hyper-relevant alerts that can quickly be assessed and acted on without ever actually having to go onto the dark web or painstakingly gaining access to marketplaces.

This approach is vastly more time-efficient and allows you to put your web monitoring on auto-pilot, reducing costs while simultaneously increasing efficacy. As cyber-criminals embrace new technologies it’s becoming increasingly necessary for security professionals to do the same in order to stay ahead.

Increase the scope of your monitoring ability and the overall amount of hyper-relevant intelligence at your fingertips. Gather actionable intel in realtime.

As threat actors continuously challenge the cyber defences of organizations, companies are increasingly forced to focus on improving cybersecurity practices. However, even the best cybersecurity teams with the largest budgets find it hard to stay ahead of the evolving threat landscape. And with more technology in use, a growing reliance on cloud storage and the Internet of Things (IoT), there is a growing potential for sensitive data to be exposed to threats. 

As such it’s unsurprising that data breaches, in spite of increased cybersecurity spending, are becoming more common and more expensive to deal with. Employees need intelligent security practices and cyber habits and companies need to be armed with the latest technology and tools for early data breach detection to gain the upper hand when combatting this ever-changing threat.

Data Breaches Need to be Caught Early

The average cost of a data breach in 2020 according to the IBM / Ponemon Institute report was $3.86 million. However, there are plenty of examples where the costs have vastly exceeded this average, escalating into the hundreds of millions or even billions. For example, the Equifax data breach in 2017 cost Equifax $1.7 billion in the end. Another high profile example, Facebook eventually settled on a fine of $5 billion after it’s ‘privacy misstep’ involving Cambridge Analytica. This bill doesn’t include the additional costs and expenses that Facebook has accrued in the development and expansion of their cybersecurity and privacy departments nor does it account for the reputational damage it suffered.

While costs of these extremes are rare, data breaches in general are not. The IBM report goes on to analyse particular subsets of the data noting that the worst impacted is healthcare with an average data breach cost exceeding $7 million. And that the average time taken for an organization to identify and contain a data breach, was an astonishing 280 days, over 9 months. This is in spite of significant evidence that the speed of containment has a significant impact on the overall data beach cost, which if left unchecked can linger for years after the incident. 

How to Prevent Data Breaches

As with many of these things prevention is often the best policy. 

Data Breach Prevention #1: Have Clear Security Protocols 

Every employee should know, understand and be able to abide by strict security protocols to keep company data secure and thwart social engineering tactics. Having protocols is one of the best ways to help prevent data theft by ensuring unauthorized personnel do not have access to data. 

Data Breach Prevention #2: Safeguard Against Human Error

Many data breaches are the result of an employee error. This could be anything from downloading a document off of an illegitimate website, social engineering tactics or even outright blackmail. Employees should only have access to the information that is vital to their particular roles within the company. Those with higher level access should accordingly have higher levels of cyber security training and understanding.

Data Breach Prevention #3: Improved Password Protection

Having strong unique passwords is the first line of defence against any cyberattack. However, nobody, whether they are a high level executive not, is going to be able to remember a dozen or more 12 character passwords that use special characters, letters and numbers. Make sure that 2FA is enabled on all logins, and use a password manager (with 2FA enabled) to auto generate and save complex passwords and ensure the highest levels of password security are enabled.

Data Breach Prevention #4: Update Security Software Regularly

Companies should utilize a high quality antivirus software, anti-spyware program and firewall. Additionally, these programs should be regularly updated to keep them free from vulnerabilities. 

Data Breach Prevention #5:OSINT for Dark Web Forums

By monitoring dark web forums and other chat rooms you can learn of planned attacks, potential exploits and even find exploit kits being sold online. This will give you a good indication of the access methods which have been discovered allowing you to implement a patch quickly to prevent it.

The Tools for Early Detection of Data Breaches: LERTR

Having the right tools is vital if an organization wants to prevent or mitigate the threat of data breaches. Using an OSINT platform like Signal allows security teams to efficiently monitor the surface, deep, and dark web for details or indications of potential and past data beaches. For example, you might find exploit kits targeting a vulnerability specific to your company. This would allow you to prepare a patch for this vulnerability before it was exploited. 

Additionally, hackers might discuss strategies or plans around an upcoming data breach attempt on a dark web forum. Forewarned, you have a better chance of catching and preventing the attempt. However, prevention isn’t always possible. For those scenarios where you do face a data breach you want to discover it as quickly as possible to mitigate the potential damage and limit the costs.

To this end we have integrated with Webhose to advance our early data breach detection capabilities. Additionally, we have launched LERTR, a cyber specific OSINT platform. aa

Final Words

Data breaches are increasingly common and expensive. Effective preventative measures need to be put in place and maintained to limit threats. However, even the best defences can fall to a determined threat actor. As such organizations needs to ensure they have all the tools to not only prevent, but also to detect early and contain data breaches quickly should one occur.

Signal is a powerful OSINT tool which allows users to create searches using boolean logic enhanced with NLP, with which security teams can efficiently monitor online activity to detect threats as or even before they emerge.

Data Breaches Aren’t Uncommon 

It’s not just small companies with limited security budgets that have exploitable cyber gaps. Often, in fact, large organizations become targets because of the amount and nature of the data that they hold. Organizations in the healthcare sector, for example, have proven time and again to be a popular targets for cybercriminals.

Another example of a large organization being targeted is Experian. Experian experienced a major data breach in August 2020 where over 24 million records were exposed. The attackers impersonated a client and were able to request and obtain confidential data. Experian claimed that no customer banking information was exposed. Even so, personal information like this could be used in a targeted social engineering strategy to then get Experian customers to reveal further sensitive information such as their banking details.

This isn’t the first major data breach that Experian has had. Back in 2015, 15 million North American customers and applicants had their personal data, including Social Security numbers and ID details, stolen. Perhaps because of this prior experience, Experian understands the risks and are adept at dealing with cyber breaches. They claim that the attacker’s hardware has already been seized and the collected data secured and deleted.

How Much Does the Average Data Breach Cost?

The answer to this question varies between country and is additionally dependent on the sector but in general, can span anywhere from $1.25 million to $8.19 million.

According to the 2020 report from IBM and the Ponemon Institute the average cost of a data breach in 2020 is down 1.5% since 2019 and cost around $3.58 million USD. This works out to be around $150 per record and is a 10% rise over the last 5 years. The report analyzes recent breaches at more than 500 organizations to spot trends and developments in security risks and best practices.

The cost estimate includes a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn as a result of bad publicity, and regulatory fines. Though the average cost of a breach is relatively unchanged, IBM says the costs are getting smaller for prepared companies and much larger for those that don’t take any precautions.

Interestingly, various industries including healthcare appear to be more susceptible targets for attackers. According to the report, healthcare breaches cost organizations $6.45 million per breach, a number that eclipses all other sectors and makes it the ninth year in a row that healthcare organizations have had the highest costs associated with a data breach.

The average cost for per breached healthcare record ($429) is more than double any other industry too and substantially higher than the average, $150, according to the report. Healthcare breaches can often take the longest to identify (up to 236 days) as well.

Data Breaches are Happening all the Time

Data breaches are occurring constantly. Records from large brands with big security budgets and teams as well as much smaller organizations. It’s important that everyone understand the importance of secure digital practices and explores strategies for educating staff to reduce the risk of social engineering tactics.

How do Data Breaches Occur?

Hackers use various strategies to gain access to data. For example, with Experian the attacker leveraged human weakness through social engineering to persuade an employee to give them the data. Other strategies could be exploiting weaknesses such as a misconfigured or unsecured cloud storage. Alternatively a data breach could be the result of a malicious malware or ransomware. 

According to the IBM/Ponemon report around 40% of all incidents were actually due to either cloud misconfigurations or stolen login details. Because of this IBM has urged companies to reexamine their authentication protocol to ensure 2FA is active.

A final note on the ascertaining of data by attackers is around state-sponsored attacks. State-sponsored attacks only make up around 13% of the overall number of attacks according to the report. However, with an average associated cost of around $4.43 million it’s clear that these types of attacks tend to target high-value data and this results in a more extensive compromise of victims' environments.

The energy sector, commonly targeted by nation-states, saw a 14% increase in breach costs when compared to the prior-year period, with an average breach cost of $6.39 million.

How can Organisations Reduce the Cost of Data Breaches?

“The average time to identify and contain a data breach, or the "breach lifecycle," was 280 days in 2020. Speed of containment can significantly impact breach costs, which can linger for years after the incident.” - Source 

By having mitigation measures in place IBM/Ponemon estimate companies can reduce the cost of a breach by an average of $720,000. 

According to their report those companies which had automated technologies deployed experienced around half the cost of a breach ($2.65 million on average) compared to those that did not have these technologies deployed ($5.16 million average). 

Security response times were also reported to be ‘significantly shorter’ for companies with fully deployed security automation – these companies are as much as 27% faster than their counterparts at responding to breaches.

Security tools like OSINT platforms not only enable a faster breach response but a significantly more cost-efficient one as well, which as the security professional shortage persists is of absolute importance.

Final Thoughts

With our increasing levels of digitisation, our growing reliance on the cloud, and the complexity of security systems paired with human error there are more attack vectors than ever before for hackers to exploit. 

A data breach could involve anything from publicly available data being scraped and sold off to spammers, to online banking and credit card information being stolen. The longer a data breach goes undetected the longer the threat actors have to utilize this data causing more harm as time goes on.

Having the right tools and processes in place will allow you to detect data breaches early or even prevent a data breach from happening in the first place. With the steadily rising cost associated with data breaches, this could save an organization millions in the long run.

Ransomware is big money and is a rapidly growing cyberattack strategy. The market has expanded massively since the advent of secure and untraceable payment methods such as Bitcoin. Emsisoft estimates that ransomware costs for US organizations in 2019 was in excess of $7.5 billion. Compare this to four years prior when in 2015 ransomware damages totalled around $300 million.

Some markets are particularly prone to ransomware attacks such as medical organizations and public services. And there have been several high profile cases involving these industries over the last few years. Attackers know that with lives literally on the line organizations in these fields are likely to simply pay the ransom to make the problem go away. Most recently Garmin technology company has been held to ransom with attackers using the WastedLocker ransomware seeking a ransom of USD$10 million.

In this article, we explore in detail what ransomware is, how cybercriminals utilize and what strategies organizations can employ to ensure they are protected from ransomware attacks.  

What is Ransomware?

Ransomware is a form of malware. It can take various forms but generally it functions in one of two ways:

• Crypto ransomware. This malware encrypts the files on a computer so that the user cannot access them.

• Locker ransomware. This malware locks the victim out of their device or out of particular files, preventing them from using it. 

One thing all ransomware attacks have in common is that the target won’t be able to regain access to their files unless they pay the attackers a hefty ransom to unlock the files.

Ransomware has grown in popularity over the last few years in the wake of cryptocurrencies which makes it safe to receive their ransom payments. The cost of a ransomware attack can range from a few hundred to thousands of dollars depending on who the target is and how valuable the attackers believe the files they have locked out of reach are. 

Probably the most common delivery system for ransomware is phishing scams. For examples, a virus masquerading as an email attachment can, once downloaded and opened, easily take over a victims computer. Another strategy is through social engineering which is growing in popularity with cybercriminals because of the better strike rate. A recent example of a successful social engineering attack was perpetrated against Twitter employees. Attackers were able to get aways with an estimated 12.85BTC, nearly US$120,000.

The encryption strategy for malware is the more common of the attacks. The result of this attack is that the victim will not be able to decrypt their files without a mathematical key known only to the attacker. The user will be presented with a message when they attempt to open their files saying that their documents are now inaccessible and will only be decrypted if the victim sends an untraceable cryptocurrency payment to the attacker’s wallet.

To encourage prompt payment attackers might masquerade as law enforcement and demand the payment as a fine. If the victim does have illegal or illicit files or programs on their device, such as pornography or pirated software or movies, then they may be more likely to pay without asking questions and without reporting the attack.

12 Ransomware Examples from the Last Decade

Ransomware has been around for decades. However, it was only after the advent of cryptocurrencies that it began being a favoured strategy for cybercriminals. Cryptocurrencies allow for them to collect untraceable completely anonymous payments. Some of the worst offenders have been:

• CryptoLocker is an older malware threat, and while it isn’t in broad circulation anymore during it’s peak it infected some half a million machines. Cryptolocker is a Trojan horse that infects a device computer and then searches the computer as well as additional connected media including; external hardrives, cloud storage, and USB sticks, for files to encrypt. 

• TeslaCrypt is a variation or copycat of CryptoLocker. TeslaCrypt started by using social engineering to infiltrate devices and later used phishing emails as well. It heavily targeted gaming files and saw numerous upgrade improvements during its reign of terror.

• SimpleLocker was another CyrptoLocker styled malware. However, it’s key difference was that it focused it’s targeting on Android devices.

• WannaCry is a ransomware worm. What this means is that it spreads autonomously from computer to computer using EternalBlue, an exploit developed by the NSA and then stolen by hackers.

• NotPetya also used the EternalBlue exploit. It is thought to be part of a Russion-directed cyberattack against the Ukraine. However, it expanded autonomously to infect a broad range of organizations.

• Leakerlocker was first discovered in 2017 and targeted Android devices. Rather than encrypt files, it threatens to share your private data and browsing history unless you pay the ransom.

• WYSIWYE, stands for “What You See Is What You Encrypt”. Discovered in 2017, this ransomware scans the web for open Remote Desktop Protocol (RDP) servers. It then allows for a customized attack with an interface through which it can be configured according to the attacker’s preferences.

• SamSam has been around since 2015 and has affected devices in a number of waves of attacks. It utilizes vulnerabilities in remote desktop protocols (RDP), Java-based web servers, file transfer protocol (FTP) servers or brute force against weak passwords It would then spread to numerous devices. It primarily targeted public services and healthcare effectively bringing entire organizations to halt.

• Ryuk first appeared in 2018. It is specifically used to target enterprise environments. It is often used in combination with other malware like TrickBot for distribution.

• Maze was first discover in 2019. The MAZE ransomware has been used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model. The ransomware was initially distributed via spam emails and exploit kits before later shifting to being deployed post-compromise.

• GandCrab currently holds a large portion of the ransomware market and may well be the most lucrative ransomware ever. Its developers, which sold the program to cybercriminals, claim more than $2 billion in victim payouts as of July 2019.

• Thanos is a Ransomware-as-a-Service (RaaS) operation which allows affiliates to customize their own ransomware through a builder offered by the developer. It was first discovered by security professionals being talked about on a Russian darknet forum. It is the first to use the RIPlace technique, which can bypass many anti-ransomware methods.  

Dealing with Ransomware

Prevention is always the best policy when it comes to dealing with cyber attacks. Using tools such as Signal you can stay up to date with the most common strategies and one step ahead of cybercriminals. However, if you become the victim of a ransomware attack, it is advisable not to pay the ransom. If you do so there is now guarantee that the cybercriminal will return your data, they are thieves after all. Additionally, it fuels the profitability of the ransomware business making future attacks more likely. So what can you do?

Decryption

For many ransomwares, especially the older ones there are decryption tools which have been developed. The first step then is to contact your internet security vendor and determine if decryption is possible. If this initial strategy fails you can visit nomoreransom.org. The No More Ransom site is an industry-wide initiative designed to help all victims of ransomware.

Recovery

It’s good practice to back-up your data regularly on both external hard drives as well as on cloud storage. If you have done this it becomes possible to simply recover the data which is currently being held hostage. There are of course some scenarios where this won’t be possible, for example, if the malicious actor is threatening to share private information rather than having simply encrypted your device.

Preventing Ransomware Attacks

Good security practices will help prevent you from falling victim to ransomware. These defensive steps will additionally help protect you against other generic cyber attacks. 

Four basic steps that every organization should take to mitigate the threat of cyber attacks are:

• Keep all operating systems up to date and patched. Doing this will ensure that there are few potential vulnerabilities that malicious actors can exploit.

• Do not allow a software admin privileges unless you are confident in its safety and know exactly what it is and what it does.

• Ensure you have an active and up to date anti-virus software installed on all devices. This will allow you to detect and block malicious programs like ransomware as they arrive.

• And, as we said in the section above, back up all your files regularly. This last point won’t help protect against ransomware or other malware but can help mitigate the damages that your organization might suffer.

The Role of OSINT in Defending Against Ransomware

While open source intelligence tools can’t prevent ransomware, they can help organizations mitigate the potential damages. 

Securing the supply chain

Supply chains can stretch across continents with potentially hundreds of suppliers and manufacturers all around the world bearing responsibility. Should any single part or resource be in short supply, then assembly lines can be brought to a halt resulting in costly delays at the very least. 

There are numerous threats to the supply chain, one of which is malware and in particular regard to this article, ransomware. A key example of this is when the shipping giant Maersk had their IT systems taken out by a malware NotPetya. This resulted in their IT systems being down for days and many deliveries being delayed despite Herculean logistical efforts by the company. 

Using OSINT tools you can learn whether an organization on your supply chain has been affected by ransomware in real-time which will allow you to take the necessary actions to mitigate the damage this has as their production or logistics is slowed.

Industry Targeting

It’s not unusual for malware to exploit weaknesses which are specific to an industry. For example, the Healthcare industry is particularly susceptible to ransomware as a delay in returning their operations to normal could result in patients deaths. Indeed a leading medical-research institution working on a cure for Covid-19 were forced to pay hackers a $1.14m USD ransom because of a ransomware attack.

Using OSINT tools you can monitor your own specific industry to determine what strategies and exploits are currently being used by cybercriminals against like companies. Determining this will allow you to take extra and specific precautions to fend off similar attacks which could potentially be turned on you.

Detect New Ransomware and Strategies

Cybercriminals are continuously evolving and updating their strategies and the ransomware that go with them. We are unlikely to see the end of this development. 

By using OSINT to monitor darknet forums and market places security professionals are able to learn about the newest strategies being employed, the most recent weaknesses being exploited, and the most current software being utilized. Armed with this knowledge they are much more able to develop effective countermeasures as well as actively prevent ransomware infection.

Social media is a powerful tool that allows organizations to reach new audiences, communicate and engage with customers, build brand loyalty, share promotions and ultimately achieve new growth. However, because of the very public nature of it, social media opens up new opportunities for cyber criminals to target an organization.

Companies which don’t take the proper precautions in securing their social media channels could find themselves reeling from unexpected attacks. These attack could implement a wide variety of threat vectors, from employees to malware, and could evolve into serious and costly threats.

In this article, we explore some of the commonly exploited risks that are associated with corporate social media use as well as what a company can do to best mitigate these risks and how Open Source Intelligence (OSINT) can play an important role in preventing and protecting an organization.

The risks of social media for corporate security

Phishing and Scams

Phishing is a predominant attack strategy by cybercriminals with an estimated 90% of incidents and breaches including a phishing element. 

Phishing is defined as social engineering using digital methods for malicious purposes. Generally, the goal is to get the victim to hand over private information such as passwords, banking or credit card information.

In the case of social media, there are numerous forms that phishing can take. For example:

• Impersonation

• Credential theft

• Propagating attacks

• Data dumps

• Romance scams

• Intelligence gathering (for account takeover and spear phishing)

Social media platforms still offer only minimal controls to prevent the further propagation of account takeovers. Additionally, because social accounts typically need to be approved prior to connecting with people, account takeovers allow hackers to utilise trust associated with that account. Which is why it’s important for organizations to understand and prepare responses to these evolving threats.

Human Error

One of the key security weaknesses that many organizations face is human error. Everyone makes mistakes and in today’s digital world it is all too easy for cybercriminals to take advantage of these mistakes. In fact, according to EY Global Information Security Survey, employee weakness was responsible for 20% of all cyber attacks. Something as simple as clicking the wrong link or downloading the wrong file could cause havoc with a company's security systems.

When it comes to social media, one attack vector that many users don’t realize cybercriminals utilise is online challenges and quizzes. These quizzes often ask for or obtain by way of an answer personal information which is then used to hack passwords. 

For example, the answers to a social quiz might require you to give up letters from your mother's maiden name, your date of birth, or your first pet's name. This information combined with the details publicly available on your social media profiles could very easily offer up common password and security question combinations.

Third-party Apps

Even if your company's social media accounts are locked down tight, hackers may be able to gain access to an otherwise secure social media account through vulnerabilities in connected third-party apps.

Imposter Accounts

A cyberattack doesn’t always take the form of a hack. Instead, it is fairly easy for an imposter to create a social media account that looks like it belongs to your organization. This is one reason having a verified account is so valuable.

• LinkedIn’s latest transparency report notes that they took action on 21.6 million fake accounts in just six months.

• Facebook estimates that about 5% of monthly active user accounts are fake.

Impostor accounts can target your customers with fake deals, disinformation, or nefarious links. When a customer is tricked like this, not only does your brand suffer but often the organization is held responsible.

One recent example found on Twitter was a fake account fraudulently collecting money on behalf of President Trump’s 2020 reelection campaign. The account “@realDonaldTrump_” is set up as an almost exact replica of the real Trump’s account with only an underscore at the end of the handle to indicate it is not the real account. And of course, it lacks that tell-tale blue verification tick.

Unsecured Mobile Phones

More than 50% of the time spent online is done through mobile phones. Using social media apps allows us to access and engage on social channels with just a single tap. This is great, as long as you are the one in possession of your phone. However, this ease also creates a security risk. 

Should your phone be stolen and accessed all it takes is one tap for the thief to access your social accounts and then they can message all your connections with phishing or malware attacks or spread disinformation using your accounts.

And, worryingly more than half of people leave their phones unlocked.

Malware and Hacks

By its very nature, social media is about social interaction. For personal accounts, this means interacting with friends or acquaintances online in some form or another. For organizations it means interacting with customers, for celebrities or influencers it means interacting with fans.

This is actually a barrier for many cybercriminals. People are generally distrustful of communications where they have no prior experience with the person or people behind them. 

Generally speaking, strangers on the internet are still strangers and it takes a while to build an audience and gain their trust. For a cybercriminal to utilize social platforms then, they often have to go through a rather troublesome and lengthy process of building this trust. And while there are certainly numerous ways for a cybercriminal to sidestep these issues, if their end goal is to get people to click links or share information then their success rate will obviously be much higher should they originally share from a trusted account. 

Related: The Crucial Role of Social Media Monitoring in Corporate Threat Intelligence

5 actions to securing your companies social media presence

The best policies for social media security operate around prevention. By implementing a few basic social media security protocols organizations can massively reduce the potential threats that social media might otherwise present.

Have a clear social media policy

A clear and properly implemented social media policy is the first place to start. This will allow you to not only protect against security threats but also help prevent bad PR or legal trouble that might ensue should your social media be compromised.

You social media policy should include the following things:

• Outline of your brand guidelines that explain how people are allowed to talk about the company on social media.

• A list of social media activities to avoid, such as the quizzes that we mentioned earlier.

• Guidelines related to copyright and confidentiality

• A guide on the best practices for password management to avoid threats like credential stuffing.

• The expectation that employees will keep all their devices updated with the latest software.

• Examples of scams and attacks and educational material on how staff can avoid these and other key security threats,

• Information on who to notify and how to respond should an employee notice a security concern.

Train staff on best security practices

Building on from the previous point, because human errors are such a prevalent factor in hacks and other cyber attacks it is incredibly important to properly and routinely train staff in proper cybersecurity measures. Even the best social media policy won’t protect an organization should the staff not know how to properly follow or implement it.

Training employees routinely will also give them the opportunity to ask questions, engage and get a sense of the importance of the issue. Additionally, because cybercriminals are constantly evolving their strategies, training is an opportunity to update staff on new threats or examples of current scams.

As an added bonus, social media training also equips your team to use social tools effectively. When employees understand best practices, they feel confident using social media for their work. They’re then well-equipped to use social media for both personal and professional purposes and ultimately your company will see better results.

Limit access and permissions

One of the best ways to keep social accounts secure is to strictly control who has access and the exact permissions they have. Not everyone after all needs the ability to post, not everyone needs the ability to see the stats. And should an individual leave (especially if they leave under a dark cloud) it is important to be able to and remember to revoke their access so that they can’t use the social accounts to cause harm to the company.

Have a designated person in charge

This isn’t just a security concern, having a designated person in charge of and responsible for the running of your social channels will, first of all, ensure consistency but also ensure that someone is constantly on top of and routinely checking the social media security which will go a long way to mitigating any risks.

This person will likely be a senior person on your marketing team. They should maintain a good relationship with your company’s IT department to ensure marketing and IT work together.

Social media monitoring for threat detection

As we have mentioned several times already security threats, especially those around social media accounts are constantly evolving as cybercriminals implement new and innovative new methods for attacks. Using OSINT you can not only closely monitor not only your own social media accounts but the entirety of the web. This will allow for your security team to catch risks as they appear and neutralize potential threats early. 

For example, careful monitoring of social channels will allow you to discover imposter accounts and get them shut down quickly before they can do real damage. It will allow you to spot inappropriate use of your brand by employees or others associated with your company such as a new partner.

The role of OSINT for social media monitoring and corporate security

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. Moreover, you could monitor for negative emotional sentiment concerning an event you're hosting and identify people who may decide to turn those threats into action.

Finally, OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat, when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively

Conclusion

Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses can emerge at any time. Researchers are now anticipating that advanced attacks against social media networks will be able to leverage a user’s contacts, location, and even business activities. This information can then be used to develop targeted advertising campaigns toward specific users, or even help spark crime in the virtual or real world.

To prevent social media breaches, protect user information, and secure company data, increased vigilance by individual users and regular audits of your social media security measures are necessary to ensure organization security.

There are some 500 million tweets and over 4 million new blogs posted every single day. Each of these sparks another conversation which could house potential threats against an organisation. And we haven’t yet mentioned Facebook, Instagram, Reddit, Flickr, Medium or any of the other dozens of social sites and forums where people post online. And if you thought that was a lot of noise you have to remember the dark web too, where many cybercriminals go to engage in nefarious activities with the protection of a Tor browsers anonymity. 

The point here is that the internet is full of noise. Monitoring all of that and then cutting through the noise to detect relevant potential threats requires the right tools. 

What is Sentiment Analysis?

Sentiment analysis, in short, is analysing the language in online posts and comments to determine the underlying emotion behind what has or is being posted by an individual or group.

Determining online sentiment doesn't just allow you to understand better how your brand is performing and how people feel about your business. It can also be used to manage crises and spot potential threats to assets or staff.

Without sentiment analysis, data can be misleading. Sentiment gives data extra context which allows it to be better understood enabling a more effective and accurate response to the potential rtisks. 

It also allows you to differentiate between when a negative comment is simply that, a negative comment, or when it needs more serious attention because, for example, it’s evolving into a physical threat.

Where and How do we Measure Sentiment?

Any text that gets highlighted by Signal OSINT software can be run through our sentiment analysis tool, Spotlight. This allows users to reduce the amount of noise and focus on the threats.

Sentiment can be expressed anywhere online, this might be through social media, in the comments of a blog or even in a dark web forum. Signal allows you to gather data from a huge array of open intelligence sources including (but not limited to) social media and dark web forums.

How can Sentiment Analysis Be Used for your Business?

Emerging Threats

Sentiment analysis can be an incredibly useful tool for those that wish to identify potential risks which might evolve into tangible reputational or physical threats against, employees, executives, brand or assets.

Managing Reputation

Your brand’s health and reputation are important. Having a tool that allows you to analyse the overall sentiment towards your brand and associated keywords gives organisations a bigger and better overall picture of their brand which can be a game-changer for launches of major events or analysing the success of a large marketing campaign.

Evolving Crises

When it comes to dealing with current and evolving crises having up to date and detailed situational awareness, gained through an OSINT tool such as Signal can make a huge difference. However, as we have mentioned before, there is a huge amount of noise out there. So, how do you determine which comments, which posts are relevant and need monitoring?

The answer is to use Signal to create specific filters and then run identified posts through our sentiment analysis tool “Spotlight”. This allows users to both quickly identify emerging threats and to then stay on top of these risks as they are evolving in real time.

Moving Your Marketing Forward

Social sentiment is a powerful tool for understanding the relationship between your brand, your customers, and your competitors. If you measure it regularly and act on what you learn, your team can create targeted marketing strategies to keep up with the ever-changing demands and opinions of your customers.

How do you determine when Negative Sentiment Becomes a Threat?

One of the key methods used by our software and our analysis team to tell whether or not a comment is a threat that needs more attention is the repetition of negative sentiment online by an individual or group.

For example:

• Does a particular author of a comment or post have a long history of bad-mouthing an organisation or expressing negative sentiment?

• Have they repeated the same negativity on multiple sources?

Even if they aren’t directly threatening any physical or tangible action against the organisation, if there’s enough online commentary from a single individual or group then this could escalate and it may be smart to further monitor.

You can then set up a search using our filters to target this individual or group so that you don’t miss if this negative sentiment becomes a physical or reputational threat. 

Secondly, using Spotlight, users can identify posts expressing dangerous emotions such as anger, or disappointment. Both if repeated enough should be addressed. Posts expressing anger are likely to indicate a physical threat and should be monitored for that, whilst the posts expressing disappointment may hold reputational risks. 

Summary

Sentiment analysis tools like Signal’s Spotlight can help security teams form a broader and more detailed overview of the situation to better understand the potential and emerging threats. It allows them to target their online searches and cut through the noise to identify key threats. All of this essentially means a more efficient and more effective security team.

You also might like:

Critical Security Intelligence for the Financial Services Sector