Ransomware is a form of malware which is installed on a victims device or devices with the main objective of seizing and/or locking away sensitive data. As the name suggests in order for a victim to regain access to their data and systems they need to pay a ransom. More often than not, the two options a victim is presented with when they succumb to a ransomware attack is to either rebuild their systems from scratch and potentially have the attacker leak the data online - or pay up.

As such, it’s unsurprising that, in our increasingly digital age with more and more data on the cloud, that the number of attacks and the success of ransomware attacks is on the rise. Approximately 58% of ransomware victims paid in 2020, compared to 39% in 2017.

Ransoms for these kinds of attacks range from a few hundred dollars to thousands or even millions of dollars payable in cryptocurrency such as Bitcoin. In return for the payout, the attackers will release a decryption key allowing the organization to return to business. Certain industries, such as government organizations and hospitals are more susceptible to ransomware attacks due to the nature of the work that they do often being time-sensitive. For example, a ransomware attack crippled a hospital in Germany, leading directly to one patient’s death.  

There are numerous strategies that ransomware attackers employ to gain access to a victims database. One of the most common though is through social engineering tactics, such as phishing emails. Cybercriminals can make these emails look exactly like trustworthy emails from official sources, tricking victims into downloading compromised software onto their device. 

Because of the nature of social engineering tactics, and the evolving cyber threat landscape no organization can ever be fully secure from malware threats. Below we outline 12 of the biggest ransomware attacks that occurred in 2020.

12 Ransomware Attacks that Happened in 2020

1. ISS World 

Estimated cost: $74 million 

In February of 2020 ISS world, a Denmark based company went down due to a ransomware attack. Thousands of employees were left without access to their systems and emails. This cost them an estimated $74 million which includes regaining control of the affected IT systems and re-launching critical business systems. 

2. Cognizant

Estimated cost: $50 million

A ransomware attack on the organization Cognizant in April of 2020 is said to have cost the company over $50 million, potentially as much as $70 million, including legal and consultation costs and data recovery costs, along with the financial loss reflected in their second-quarter earning in 2020.

3. Sopra Steria 

Estimated cost: $50 million

The company Sopra Steria revealed that they were hit by hackers using a new version of the Ryuk ransomware in October.

They estimate that the fallout, including dealing with the various systems that went out of action, is likely to have a gross negative impact on operating margin of between €40 million and €50 million.

4. Redcar and Cleveland Council 

Estimated cost: $14 million

Redcar and Cleveland Council in the UK suffered an attack on their systems in February of 2020 costing the council an estimated $14 million.  The ransomware attack is said to have disrupted the company’s network, tablets, computers, and mobile devices for 3 full weeks. The council announced that in March, that it could take months for a full recovery and estimated the overall costs to be between $14 - $21 million.

5. Software AG

Estimated cost: $20 million

Software AG is the second-largest software vendor in Germany. They were reportedly hit with the Clop ransomware in an attack in October of 2020. The company disclosed that the ransomware attack disrupted a part of its internal network but didn’t affect customer services. The cybercriminal group responsible demanded a $23 million ransom.

7. Travelex

Estimated cost: $2.3 million

It was reported that Travelex the money exchange firm was hit with a file-encrypting malware attack which shut down its internal networks, website and apps for several weeks. Reportedly Travelex paid a ransom of $2.3 million in BTC to the dark actors to regain access to their data and restore services.

8. University of California San Francisco (UCSF)

Estimated cost: $1.14 million

UCSF was targeted by a malware attack which encrypted servers used by the school of medicine impacting students in June of 2020. The ransomware was prevented from travelling to the core UCSF network and causing more damage. The authorities negotiated with the cybercriminals and UCSF ended up paying approximately $1.14 million in ransom of the $3 million demanded. 

9. Shirbit Insurance 

Estimated cost: $1million

After a cyberattack on the Israeli Insurance provider Shirbit in December of 2020 the attackers demanded roughly $1 million in Bitcoin. In order to pressure the company into paying they demanded immediate payment or an increase in the ransom cost, doubling after 24 hours. Additionally, to show they weren’t empty threats they dumped the first 300 records online, again threatening to dump additional records every 24 hours until they received payment.

10. Communications and Power industries 

Estimated cost: $500,000

California-based Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. Reportedly, CPI paid $500,000 to obtain the decryption key to unlock their servers and return services.

11. Grubman Shire Meiselas & Sacks 

Estimated cost: $365,000

Grubman Shire Meiselas & Sacks is a law firm that specializes in law for those in the media and entertainment industry. Their clients consist of a range of A-list celebrities and, with such high profile individuals on the line, the stakes for them were extremely high. They were targeted and files encrypted by REvil ransomware. The firm agreed to pay an estimated $365,000, however, the attackers started demanding more afterwards and the company has since kept quiet on what it has or is willing to pay.

12. Tillamook County 

Estimated cost: $300,000

Tillamook county in the US was attacked by cyber attackers in January. The attack interrupted their email network, phone systems and website. After exhausting alternative options, they estimated the costs to restore service would cost well over $1 million and take several years and opted instead to pay the $300,000 ransom. 

Keeping your data and organization secure

1. Never click on suspicious links or any links attached in unsolicited emails. 

2. Back up systems and data continuously. Create a separate data-backup in an external hard drive that is not connected to your computer, so that you don’t have to pay the ransom if a ransomware attack happens.

3. Never disclose personal information over the phone or over email. 

4. Educate employees of cybersecurity best practices and social engineering tactics that may be used against them.

5. Limit employee access to sensitive data to reduce attack surfaces.

OSINT Tools and Mitigating Costly Ransomware Attacks

Early warning of data beaches through OSINT tools can help you predict and prevent cyber attacks as well as enable organizations to take mitigating actions faster. While open-source intelligence tools can’t prevent ransomware, they can help organizations reduce the risks and potential damages. 

OSINT tools can be used by organizations to monitor their supply chains, allowing them to learn of potential disruptions in real-time and enabling them to implement contingency plans fast. 

Additionally, organizations can use tools like Signal to monitor for ransomware and malware currently being used. This can help security teams determine emerging threats being used against other organizations in their industry to better inform ongoing cybersecurity best practices.

Ultimately, by using OSINT to monitor darknet forums and market places security professionals are able to learn about the newest strategies being employed, the most recent weaknesses being exploited, and the most current software being utilized. Armed with this knowledge they are much more able to develop effective countermeasures as well as actively prevent ransomware infection.

What is Threat Intelligence?

Those very same technologies that have allowed globalization, which have brought us all closer together and enabled organizations and brands to achieve the current growth and success they enjoy today, have simultaneously brought with them increased risks. These risks come in the form of increased vulnerabilities and exploitable attack vectors for cyber attackers. Threat intelligence is all about gathering data and knowledge to combat and mitigate these threats. 

Threat intelligence provides organizations with information and context required to effectively predict and even prevent cyberattacks. Additionally, it helps inform security teams of the best practice for both preventative measures and response measures to ensure if there is a cyberattack the resulting costs are minimal. 

In short, threat intelligence is the gathering of evidence-based knowledge to inform action-oriented preventative and reactionary responses to an ever-evolving cyber threat landscape.

The Importance of Threat Intelligence

Threat actors are increasingly persistent, and their persistence pays off. Even the most dedicated professionals can’t help but struggle to keep abreast of every new cybersecurity development. New exploits are constantly being discovered or developed and strategies such as social engineering are increasing in complexity. Security teams need up to date data and intelligence on evolving threats if they are going to be able to develop effective responses.

Additionally, within the corporate world one of the key buzzwords of the last two decades has been “accessibility”. Accessibility to data means organizations have necessarily become reliant on digital processes and almost everything is stored on the cloud. Unfortunately, while accessibility is essential to developing efficient processes, and effectively using big data, it also increases the number of threat vectors that attackers can exploit. According to the IBM 2020 data breach report the longer a data breach goes undetected the more expensive it ends up being for the organization. Primarily then, threat intelligence gathered using tools like Signal OSINT can help organizations detect data breaches earlier, mitigating the eventual costs both reputational and monetary.

The final reason that threat intelligence plays such a pivotal role in today’s security is the distinct lack of skilled cybersecurity professionals. Threat intelligence is a time-consuming business that requires a skilled deft hand to manage. The best threat intelligence solutions use machine learning to automate data collection, then filter and structure data from disparate sources to present only hyper-relevant information to a skilled security team for final analysis. The security team can then use this data to create effective actionable plans based on evidential knowledge. This approach optimizes the performance of both the cybersecurity professional and the intelligence tools being used.

Threat intelligence is actionable — it’s timely, provides context, and is able to be understood by the people in charge of making decisions.

Use Case Examples for Threat Intelligence 

Threat intelligence can be used in a diverse range of strategies which makes it an essential tool for security teams in any organization. It’s most immediate value is in helping prevent an attack by gathering intel on threats in real-time, however, it’s also useful for a broad scope of activities such as managing vulnerabilities, informing decision making, and responding to attacks as or after they happen.

Related: The Role of Threat Intelligence and Cybersecurity in Retail

Prevent an attack

From the time that a vulnerability is found to the time an exploit targeting that vulnerability is available for threat actors is shortening. Security professionals need to know about the vulnerability fast so that they can implement a patch and prevent it from being exploited.

Respond to a Data Breach

Data breaches are costly and often go unnoticed. With the right threat intelligence tools you can determine when a data breach happens fast and take suitable actions to mitigate the costs of any following repercussions.

Manage a Vulnerability

The approach of “patch everything, all the time” is impractical and will likely see organizations fall behind - leaving more serious vulnerabilities open for longer. Threat intelligence can help security teams effectively manage vulnerabilities by giving the salient data to allow them to prioritize patches based on actual risk. 

Risk Analysis

This leads on nicely from the last point. Threat intelligence can help security teams determine the actual risks associated with potential vulnerabilities or attacks by providing additional contextual information. For example, threat intelligence can help security professionals  answer the following questions:

• Which threat actors are using this attack, and do they target our industry?

• How often has this specific attack been observed recently by enterprises like ours?

• Which vulnerabilities does this attack exploit, and are those vulnerabilities present in our enterprise?

• What kind of damage, technical and financial, has this attack caused in enterprises like ours?

Fraud Prevention

Fraud can encompass anything from a fraudulent use of your brand, data, or even impersonation of your employees. For example, an individual might impersonate a doctor and sell fake versions of your prescription medication online.

Incident Response

Having the ability to gather and filter through threat intelligence from across the surface, deep, and dark web in real-time allows security teams to effectively and appropriately respond to incidents as they are happening.

How can Signal threat intelligence improve your organization’s security?

Signal allows our customers to analyze emerging global trends, detect threats in real-time, and then form appropriate security strategies to counter these potential threats as or even before they fully reveal themselves.

One of the key issues that security teams and analysts face is the sheer amount of noise that might surround their brand. Invariably much of this noise is irrelevant to their purposes, however, some of it will be bad. This is why Signal assists with advanced filters with boolean logic as well as features such as our emotional analysis tool.

There are good reasons why the fictional characters like Varys (Game of Thrones) are so influential in their respective worlds. The more information you have the more you can tailor and optimise strategies for your preferred outcome. However, whereas Varys has to contend with political scheming, assassination attempts and dragons, the modern (and real) world has a much broader plethora of potential attack vectors, many of which were unimaginable just 20 years ago.

Thankfully for security professionals, the broadening net of threats exists in a symbiotic relationship with intelligence sources and security tools. What this means is that while, yes, there are now more threats to contend with, there are also more solutions and tools. For example, artificial intelligence (AI) enables Centaur approaches that far exceed human or machine only results. 

In this article, we take a look at how Open Source Intelligence (OSINT) can be and is being used to arm security teams with the ability to gather and analyse vast quantities of data and then enact effective plans to mitigate damage and even prevent threats. 

What is OSINT?

OSINT, as the name suggests, is data gathered from all publicly (openly) available data sources. These data sources could be anything from government records or archives, online discussion forums, blogs, social media posts, or the comments on those posts. 

OSINT allows you to collect data from all of those sources at once, and because of the sheer amount of information that is shared and discussed continuously on every fathomable topic, it is an incredibly powerful tool. There are billions of historical records and millions more being posted every day. You can use OSINT to identify physical threat made against your organization or executives, discover data breaches, uncover terrorist plots and even get breaking news as it is happening.

In many situations, expert data analysts with OSINT tools can identify malicious actors and discover relationships, information which can be used to enhance a privacy and security plan.

How Organizations use OSINT

The need for organizations to employ OSINT as part of their corporate security processes is becoming increasingly more evident. Interestingly though the use of OSINT has been neither formalised nor widely adopted. It often takes a particular scenario to unfold before they even consider it. 

A common example is a data breach. According to the Ponemon Institute’s 2018 Cost of a Data Breach Study, the average amount of time for a company to detect a data breach was 197 days. More often than not, the organization was not the first to know either. Utilising OSINT allows you to learn of data breaches as soon as discussions begin online, for example, the hacker offers up your data for sale.

This is just one way in which OSINT is used by businesses. The use of intelligence is immensely versatile. You can detect physical threats to assets or staff, determine travel risks, discover brand hazards, secure your social media channels and cybersecurity and more.

Despite the versatility of applications for OSINT tools it still often takes a worst-case scenario for an organization to decide to finally employ OSINT solutions.  

Applications of OSINT as Cyber Intelligence

Most people freely share a large amount of data about themselves. In fact, in this day and age, it’s hard not to share your data. For example, almost everyone has a phone number, this phone number is likely connected with your name, address, date of birth, and email address. It might even be linked with your broadband connection and subsequently your IP address. 

As an example, in 2019 T-mobile had a significant data breach. Thankfully, it appears they spotted and responded quickly, but not before some 1 million records were exposed. They were able to mitigate the damage but not prevent it. Other companies have historically been less quick to respond such as TerraCom and YourTel America who had to pay out $3.5 million USD collectively in damages in 2015 after their data breaches. Organizations also need to remember how everyday activities expose other forms of data such as shopping habits through credit card usage and location through fitness apps. 

Intelligence isn’t just important for detecting breaches or hacks. It is also vital if organizations want to protect their staff from physical threats or from being exploited via phishing scams. For example, a company’s employees will likely all have social media accounts such as a LinkedIn account which details their roles and responsibilities. This information can be paired with information from other social profiles or information shared online and can, when used properly, become valuable intelligence on how an organization runs, who’s responsible for what, and even who a malicious actor should target.

Because of the various methods that security teams can use intelligence to protect a businesses interests having a dedicated team, armed with powerful OSINT tools like Signal, could save them from serious reputational and financial damages.

Examples of threats that Signal OSINT can detect and help protect against

• Counterfeit or stolen property listed online - for example, counterfeit drugs.

• Employee conduct, threats and harassment on social media.

• Frustrated, angry or threatening customer correspondence.

• Merger, acquisition & organizational partnership discussions - this could be important for ensuring smooth operation of the supply chain, for example.

• Sensitive information publicly disclosed – accidentally or intentionally.

• Inaccurate, harmful or out of date information.

• Presence of fake websites, fake invoices or scams targeting customers, staff or the organization - for example, a phishing website made to look like a banking institutes website and designed to encourage users to enter their password combination. 

• Credentials from data breach & compromised accounts belonging the organization.

• Unsavoury relationships, membership or pending court action related to the organization.

The Results of Employing Powerful OSINT Tools

Experienced hackers and cybercriminals will understand the public nature of the channels and as such are likely to attempt to avoid actions that expose their intentions. However, OSINT doesn’t stop at the surface web, tools like Signal can give analysts and security teams access to data from sources such as the dark and deep web and even private dark web forums as well as more obscure surface websites. 

The purpose of OSINT research is to provide teams with a thorough foundation of knowledge. Teams can subsequently use these insights to develop actionable plans to either prevent a threat from fully emerging, or minimise the damages of a current or recent attack.

One of the key issues that security teams and analysts face is the sheer amount of noise which might surround their brand. Invariably much of this noise is irrelevant to their purposes, however, some of it will be bad. This is why Signal assists with advanced filters applying boolean logic as well as features such as our emotional analysis tool.

Social media is a powerful tool that allows organizations to reach new audiences, communicate and engage with customers, build brand loyalty, share promotions and ultimately achieve new growth. However, because of the very public nature of it, social media opens up new opportunities for cyber criminals to target an organization.

Companies which don’t take the proper precautions in securing their social media channels could find themselves reeling from unexpected attacks. These attack could implement a wide variety of threat vectors, from employees to malware, and could evolve into serious and costly threats.

In this article, we explore some of the commonly exploited risks that are associated with corporate social media use as well as what a company can do to best mitigate these risks and how Open Source Intelligence (OSINT) can play an important role in preventing and protecting an organization.

The risks of social media for corporate security

Phishing and Scams

Phishing is a predominant attack strategy by cybercriminals with an estimated 90% of incidents and breaches including a phishing element. 

Phishing is defined as social engineering using digital methods for malicious purposes. Generally, the goal is to get the victim to hand over private information such as passwords, banking or credit card information.

In the case of social media, there are numerous forms that phishing can take. For example:

• Impersonation

• Credential theft

• Propagating attacks

• Data dumps

• Romance scams

• Intelligence gathering (for account takeover and spear phishing)

Social media platforms still offer only minimal controls to prevent the further propagation of account takeovers. Additionally, because social accounts typically need to be approved prior to connecting with people, account takeovers allow hackers to utilise trust associated with that account. Which is why it’s important for organizations to understand and prepare responses to these evolving threats.

Human Error

One of the key security weaknesses that many organizations face is human error. Everyone makes mistakes and in today’s digital world it is all too easy for cybercriminals to take advantage of these mistakes. In fact, according to EY Global Information Security Survey, employee weakness was responsible for 20% of all cyber attacks. Something as simple as clicking the wrong link or downloading the wrong file could cause havoc with a company's security systems.

When it comes to social media, one attack vector that many users don’t realize cybercriminals utilise is online challenges and quizzes. These quizzes often ask for or obtain by way of an answer personal information which is then used to hack passwords. 

For example, the answers to a social quiz might require you to give up letters from your mother's maiden name, your date of birth, or your first pet's name. This information combined with the details publicly available on your social media profiles could very easily offer up common password and security question combinations.

Third-party Apps

Even if your company's social media accounts are locked down tight, hackers may be able to gain access to an otherwise secure social media account through vulnerabilities in connected third-party apps.

Imposter Accounts

A cyberattack doesn’t always take the form of a hack. Instead, it is fairly easy for an imposter to create a social media account that looks like it belongs to your organization. This is one reason having a verified account is so valuable.

• LinkedIn’s latest transparency report notes that they took action on 21.6 million fake accounts in just six months.

• Facebook estimates that about 5% of monthly active user accounts are fake.

Impostor accounts can target your customers with fake deals, disinformation, or nefarious links. When a customer is tricked like this, not only does your brand suffer but often the organization is held responsible.

One recent example found on Twitter was a fake account fraudulently collecting money on behalf of President Trump’s 2020 reelection campaign. The account “@realDonaldTrump_” is set up as an almost exact replica of the real Trump’s account with only an underscore at the end of the handle to indicate it is not the real account. And of course, it lacks that tell-tale blue verification tick.

Unsecured Mobile Phones

More than 50% of the time spent online is done through mobile phones. Using social media apps allows us to access and engage on social channels with just a single tap. This is great, as long as you are the one in possession of your phone. However, this ease also creates a security risk. 

Should your phone be stolen and accessed all it takes is one tap for the thief to access your social accounts and then they can message all your connections with phishing or malware attacks or spread disinformation using your accounts.

And, worryingly more than half of people leave their phones unlocked.

Malware and Hacks

By its very nature, social media is about social interaction. For personal accounts, this means interacting with friends or acquaintances online in some form or another. For organizations it means interacting with customers, for celebrities or influencers it means interacting with fans.

This is actually a barrier for many cybercriminals. People are generally distrustful of communications where they have no prior experience with the person or people behind them. 

Generally speaking, strangers on the internet are still strangers and it takes a while to build an audience and gain their trust. For a cybercriminal to utilize social platforms then, they often have to go through a rather troublesome and lengthy process of building this trust. And while there are certainly numerous ways for a cybercriminal to sidestep these issues, if their end goal is to get people to click links or share information then their success rate will obviously be much higher should they originally share from a trusted account. 

Related: The Crucial Role of Social Media Monitoring in Corporate Threat Intelligence

5 actions to securing your companies social media presence

The best policies for social media security operate around prevention. By implementing a few basic social media security protocols organizations can massively reduce the potential threats that social media might otherwise present.

Have a clear social media policy

A clear and properly implemented social media policy is the first place to start. This will allow you to not only protect against security threats but also help prevent bad PR or legal trouble that might ensue should your social media be compromised.

You social media policy should include the following things:

• Outline of your brand guidelines that explain how people are allowed to talk about the company on social media.

• A list of social media activities to avoid, such as the quizzes that we mentioned earlier.

• Guidelines related to copyright and confidentiality

• A guide on the best practices for password management to avoid threats like credential stuffing.

• The expectation that employees will keep all their devices updated with the latest software.

• Examples of scams and attacks and educational material on how staff can avoid these and other key security threats,

• Information on who to notify and how to respond should an employee notice a security concern.

Train staff on best security practices

Building on from the previous point, because human errors are such a prevalent factor in hacks and other cyber attacks it is incredibly important to properly and routinely train staff in proper cybersecurity measures. Even the best social media policy won’t protect an organization should the staff not know how to properly follow or implement it.

Training employees routinely will also give them the opportunity to ask questions, engage and get a sense of the importance of the issue. Additionally, because cybercriminals are constantly evolving their strategies, training is an opportunity to update staff on new threats or examples of current scams.

As an added bonus, social media training also equips your team to use social tools effectively. When employees understand best practices, they feel confident using social media for their work. They’re then well-equipped to use social media for both personal and professional purposes and ultimately your company will see better results.

Limit access and permissions

One of the best ways to keep social accounts secure is to strictly control who has access and the exact permissions they have. Not everyone after all needs the ability to post, not everyone needs the ability to see the stats. And should an individual leave (especially if they leave under a dark cloud) it is important to be able to and remember to revoke their access so that they can’t use the social accounts to cause harm to the company.

Have a designated person in charge

This isn’t just a security concern, having a designated person in charge of and responsible for the running of your social channels will, first of all, ensure consistency but also ensure that someone is constantly on top of and routinely checking the social media security which will go a long way to mitigating any risks.

This person will likely be a senior person on your marketing team. They should maintain a good relationship with your company’s IT department to ensure marketing and IT work together.

Social media monitoring for threat detection

As we have mentioned several times already security threats, especially those around social media accounts are constantly evolving as cybercriminals implement new and innovative new methods for attacks. Using OSINT you can not only closely monitor not only your own social media accounts but the entirety of the web. This will allow for your security team to catch risks as they appear and neutralize potential threats early. 

For example, careful monitoring of social channels will allow you to discover imposter accounts and get them shut down quickly before they can do real damage. It will allow you to spot inappropriate use of your brand by employees or others associated with your company such as a new partner.

The role of OSINT for social media monitoring and corporate security

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. Moreover, you could monitor for negative emotional sentiment concerning an event you're hosting and identify people who may decide to turn those threats into action.

Finally, OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat, when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively

Conclusion

Social media security threats are constantly changing. Hackers are always coming up with new strategies, and new scams and viruses can emerge at any time. Researchers are now anticipating that advanced attacks against social media networks will be able to leverage a user’s contacts, location, and even business activities. This information can then be used to develop targeted advertising campaigns toward specific users, or even help spark crime in the virtual or real world.

To prevent social media breaches, protect user information, and secure company data, increased vigilance by individual users and regular audits of your social media security measures are necessary to ensure organization security.

The dark web is a layer of the internet that is only accessible through an encrypted browsing software such as a Tor browser. This software makes the user anonymous. It is this anonymity which is so beneficial to criminals who are able to trade illegal items and services.

Cybercriminals are known to buy and sell stolen data, for example, which can be used to commit identity theft and fraud. Many of the overtly criminal websites require membership logins that you can only gain if you are active as an online criminal making it challenging for companies and security forces to access and monitor these websites.  

However, with the right tools, like Signal threat intelligence software, monitoring and filtering through these websites is entirely possible without ever needing to download a Tor browser yourself. 

What is dark web scanning?

A dark web scan monitors open-source information available on the dark web, using both human and artificial intelligence to scan things like criminal chat rooms, blogs, forums, private networks and other sites. In doing this it helps organizations detect potential security threats. 

Examples of activities that have been identified from dark web content using Signal Threat Intelligence software include;

• Online markets selling stolen and fake goods;

• Hackers selling non-sensitive data for use in credential stuffing attempts;

• Impersonation of individuals or organizations;

• Details in regard to hacking or incitement to hack;

• Reputational risk via fake news or impersonation;

• Illegal activities such as drugs and drug paraphernalia;

• Information regarding a previously undetected sensitive data breach.

What happens during dark web monitoring?

There are some 55,000 dark websites, however, many of these are inactive and even fewer of them are actually used for overtly criminal activity. During dark web scanning our security software monitors and detects any data that is relevant to the particular search queries that have been set up. This allows you to create a customised highly relevant stream of data and information around key points of interest for your company.

The information can also be run through a sentiment filter to create an even further refined stream of data, we explore this in further detail below.

Why is dark web monitoring with Signal Corp important for businesses?

1. Detecting data breaches

Our software has been used to identify stolen credentials and other personal information that is circulating on dark web networks and other channels.

To identify relevant data you are able to set up specific search queries within the software. These constantly monitor the open, dark and deep web and then filter these searches using our AI technology to determine what is and isn’t relevant. We then add a human touch to the remaining data to further filter using human intelligence to identify what is highly relevant.

The scan infiltrates private sites - many of which require membership within the cybercriminal community to enter. 

When it comes to detecting data beaches it can quickly identify chat around data that is circulating online which has been gained by illegal hacking attempts. If data is detected from a particular company, whilst there is no way to retrieve that data organisations can take precautionary measures to mitigate the damage and threat of the data breach as well as determining how the data was gained and ensuring that breach is secured against further data beach attempts.

2. Detecting Physical Threats against People and Assets

The big draw for criminals to the dark web is that all users need to use an encrypted browser to access the dark web which entirely anonymises their presence. This means, very simply, that criminals can and do talk about their activity, either to brag or as part of their preparations.

Using software like Signal you can constantly monitor the dark web and when a criminal talks about or potentially threatens one of your staff or assets you can know instantly. Whilst they are anonymised and you won’t know who is planning something, you will know that there is a very real potential threat that you can now guard against.

3. Predicting potential terrorist actions

In the same vein as detecting potential physical threats against a company online, the dark web is also a place where terrorists go to communicate and organise. By monitoring the dark web then you can pick up on their conversation and use the data gathered to potentially predict and deter terrorist attacks aimed at the company.

How do you determine when chat becomes a serious threat? 

One of the potential issues some of our customers face is the sheer amount of noise which might surround their brand. Invariably not all of this noise is good. Which is why we have a sentiment analysis tool to help filter out what chat, what noise online we need to pay attention to.

On top of this, this can then closely monitor individuals who have been detected to hold negative sentiments towards a customer and it can determine if that was a once-off comment, or if this negative sentiment might actually evolve into a more palpable threat.

It’s no secret social media is now a key source of intelligence for corporate security professionals. But with so many social media monitoring tools to choose from; departments can easily end up choosing software that hasn’t been developed with their needs in mind, i.e. social media monitoring software built for marketing purposes.

This poor choice often impacts efficiency, results, and ultimately hurts the bottom line and, in some cases, employees.

Here are 5 tell-tale signs that’ll help you work out if the social media monitoring tool your corporate security department uses, needs an overhaul.

1.     Sometimes they’re the “last to know”

News travels fast these days. Some call it “the speed of internet”. What this means is, everyone and anyone with an internet connection can learn about and/or spread the breaking news happening at your corporation.

This increases the chance that a staff member might find out things before your corporate security department does. Especially when it’s happening in a retail store or near the event your CEO is speaking at.

Corporate security departments using operationally focused social media monitoring tools give themselves a better chance of being in the “first to know” camp.

2.     Reports are missing known threats

Lack of awareness can linger long past the date something occurred (especially for potential threats that are yet to fully develop).

When regular reports are missing developed or developing threats, that are already known to senior executives (whose lives and lively hoods depend on it), it may result in a loss of confidence from the executive team. Even when the corporate security department think they are being as effective as possible.

The wrong tooling might provide you with what looks like the most relevant and timely information, but you’re often missing the complete picture.

The right tooling, developed specifically for protecting executives, assets and supply chains, provides more advanced and targeted search capabilities (e.g. Boolean search) than typical marketing related tools. For those such tools, the focus is generally on social engagement and brand and reputation management rather than detecting potential and developing cybersecurity and physical threats.

3.     Incident response times are slow

Further to point 1, if your team is unaware of a threat, or simply hear about it too late, this can have a butterfly effect impacting the overall incident response time. This can potentially put the safety of staff and executives at risk, impacting “Duty of Care” responsibilities and even impacting revenue or costs.

Having the right monitoring tool often means you can plan ahead (building out a calendar of events to monitor), giving you a better chance of being the “first to know” and therefore speeding up incident response times.

4.     Small incidents often escalate

You guessed it! Catching threats early can keep small incidents… well, small.

This will save you and your team from having to deal with larger and more troublesome incidents in the future. So, how does Social Media come into this?

Sometimes the earliest signals come from the most unusual sources. Social Media, if used with the right monitoring software, can act as an early warning system for you and your team. It can even supply this early intelligence directly to your phone via SMS or email so you are always on top of new incident’s.

5.     Your team is too reactive

If you’re the Head of Corporate Security and you can’t understand why your team never seems to be prepared for events such as executive travel and retail store/office openings, it could be a sign they need to move to operationally focused social media monitoring software where they can plan ahead and schedule monitoring at certain locations over certain dates, times or seasons.

This not only instils a more active team culture allowing you to get ahead of potential issues, but it also reduces stress and allows your team to be in a better frame of mind when things really matter.

Conclusion

It wasn’t that long ago that there was very little in the way of social media monitoring software tailored for corporate security professionals. Early adopters persevered, as a stop gap, with tools designed for marketers.

These days’ things are a little different:

• The role of corporate security in any large corporation is becoming more important;

• Social media is an open source of intelligence when it comes to protecting executives, digital, physical assets and supply chains;

• Access to social media is now in the hands of the majority (wherever they are);

• Threats can be indirectly identified via social media posts made by the public and media.

And, most importantly, tools have been created specifically for corporate security professionals to make use of this free intelligence source.

Are you already making the most of these new tools or is it time to make the shift?