Solutions
Go Back

Make Security Possible

Reduce Alert Noise and False Positives

Boost your team's productivity by cutting down alert noise and false positives.

Automate Security Operations

Boost efficiency, reduce burnout, and better manage risk through automation.

Dark Web Monitoring

Online protection tuned to the need of your business.

Maximize Existing Security Investments

Improve efficiencies from existing investments in security tools.

Beyond MDR

Move your security operations beyond the limitations of MDR.

Secure with Microsoft 365 E5

Boost the power of Microsoft 365 E5 security.

Force-Multiply Your Security Operations

Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore Our Solutions
Security Operations Platform
Go Back

The GreyMatter Platform

Detection Investigation Response

Modernize Detection, Investigation, Response with a Security Operations Platform.

Threat Hunting

Locate and eliminate lurking threats with ReliaQuest GreyMatter

Threat Intelligence

Find cyber threats that have evaded your defenses.

Model Index

Security metrics to manage and improve security operations.

Breach and Attack Simulation

GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.

Digital Risk Protection

Continuous monitoring of open, deep, and dark web sources to identify threats.

Phishing Analyzer

GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.

Unify and Optimize Your Security Operations

ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Explore the GreyMatter Platform
Resources
Go Back

Resources

Blog

Company Blog

Case Studies

Brands of the world trust ReliaQuest to achieve their security goals.

Data Sheets

Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.

eBooks

The latest security trends and perspectives to help inform your security operations.

Industry Guides and Reports

The latest security research and industry reports.

Podcasts

Catch to the latest cybersecurity perspectives, tutorials and industry discussions with various guest speakers.

Solution Briefs

A deep dive on how ReliaQuest GreyMatter addresses security challenges.

Threat Advisories

The latest threat research report from ReliaQuest Photons research team.

Upcoming & On-Demand Webinars

Upcoming and on-demand webinars addressing the latest challenges and solutions security analysts must know.

White Papers

The latest white papers focused on security operations strategy, technology & insight.

Videos

Current and future SOC trends presented by our security experts.

ReliaQuest Resource
Center

From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Resource Center
Company
Go Back

Company

About ReliaQuest

We bring our best attitude, energy and effort to everything we do, every day, to make security possible.

Executive Leadership

Security is a team sport.

Careers

Join our world-class team.

Press and Media Coverage

ReliaQuest newsroom covering the latest press release and media coverage.

Become a Channel Partner

When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.

Contact Us

How can we help you?

A Mindset Like No Other in the Industry

Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Search
Go Back

Generic selectors

Exact matches only

Exact matches only

Search in title

Search in title

Search in content

Search in content

Search in excerpt

Post Type Selectors
Hidden

Hidden

Hidden

Hidden

Back to blog

Threats From the Dark Web

admin 26 June 2017

Cybercrime and Dark Web Research

Despite the hype associated with the dark web, maintaining visibility into it is an important component of a comprehensive digital risk management program. In support of our announcement today about the expansion of our SearchLight’s dark web collection capabilities, we wanted to highlight some of the digital risks that can be associated with the dark web in this blog. It is important note that these risks can also occur on the open and deep web, just as with our previous research on sites like deer.io.

Dark Web Risks

Criminals are stealing customer data through payment systems and they are talking about it on the dark web

The insecurity of payments systems makes the news frequently. Take the recent Chipotle breach, which resulted from malware on their Point of Sale devices. It’s important for retailers (and any organizations with ATMs or PoS devices) to ensure these devices and their transactions are secure. Having visibility into criminal forum conversations that discuss committing fraud against these devices, third parties or your company is critically important. It is also important to have visibility into the items for sale in criminal marketplaces that could be used to conduct fraud. This can be in many forms; it might be in a guide for ATM skimmers (Figure 1), or product listings for specific hardware. Having visibility to these dark web conversation can make the difference in stopping or mitigating a breach.

Figure 1: Dark Web Marketplace offering guides on how to make ATM skimmers

Criminals are selling customer account details on the dark web

For banks seeking to protect their customers, gaining visibility and monitoring the dark web can be a highly valuable tool to stop fraud. Adversaries share credit card numbers on IRC channels (Figure 2) and sell accounts on dark web forums (Figure 3). Detecting these activities gives banks better visibility into their customers’ online exposure and enables them to get on the offense to minimize the impact.

Figure 2: IRC channel sharing and testing customer credit card information

Forum account for sale

Figure 3: Accounts for sale on the dark web

Criminals are taking over employees and customers’ accounts

It isn’t always a company’s assets that are at risk; organizations can also gain awareness of tools used against them. Figure 4 is an example of a tactic used to bypass SMS account verification. Understanding the latest tactics used by adversaries is vital for organization’s security decision-making to reduce their risk profile.

Figure 4: New tool for bypassing SMS authentication offered, mentioning specific sites

Criminals are conducting tax return fraud

Tax milestones throughout the year are popular times for fraud, and tax information is high in demand by cybercriminals. Approaching the deadline for 2017’s tax return, we detected a user claiming to sell access to the PCs of an individuals working for accounting companies. The accompanying screenshots indicated that the user had access to information on hundreds of companies in the United States.

Figure 5: User selling access to an accounting company’s customer information, consisting sensitive tax information

Digital Shadows (now ReliaQuest) provides the context you need to manage dark web threats

It isn’t enough to simply detect mentions of company assets and concerns across the dark web. Organizations need context behind these posts to have a better understanding. As a result, today we announced an expansion of our SearchLight’s dark web collection capabilities where we help our customers manage their dark web threats in five ways:

Detailed Explorer view. View the post in Searchlight’s explorer view to see previous posts by other users on the same thread or post. This enhanced view provides organizations with added context, enabling them to better understand how their company, employees or customers are likely to be impacted.
Dark Web User Background. The incident also provides an overview of the user in question, with their username, date joined, activity levels and reputation. This enables you to understand the credibility of the dark web user, informing your response.
Incident view with context. The incident includes a description, impact and recommendation action, all of which are written up by our team of expert analysts. This helps you to make a more informed decision about the risk to your business.
Detailed Source Background. Pivot from the incident into the intelligence view, providing context on the forum or marketplace. This context includes a description, timeline of events, associations, intelligence, and associated sites and social media accounts.

The importance of our team of data analysts extends beyond adding vital and relevant context. Not all dark or deep web sites can be easily accessed with technology on its own; expert human data analysts must also gain access to closed sources to provide the most relevant view of digital risks. Digital Shadows (now ReliaQuest) recognizes it is critical to complement automation with a team of data scientists and intelligence experts who gain access to closed sources, and qualify the data collected to enhance analytic capabilities. This gives our customers the full breadth and context needed to address the digital risks that are most relevant and impactful to their business.

Figure 6: SearchLight’s incident view, complete with vital context

Armed with this vital context, organizations are better informed about the risks they face online across the open, deep and dark web; understanding not only when they are mentioned online, but also why, by whom and the likely impact to your organization.

To learn more about Digital Shadows SearchLight (now ReliaQuest GreyMatter DRP)™ dark web monitoring capability, watch this demo video or read our datasheet for more details.