Blog

Security-savvy organizations know that they must understand their entire digital presence to effectively protect their business, brand, and customers.

As the internet becomes increasingly integral to the success of businesses, their digital presence expands. Companies must not only manage the websites, mobile apps, and social media accounts representing their organization in an official capacity, but also establish means to identify third-party impersonation and fraud across web, mobile, and social attack vectors. While the infrastructure needed to execute cyber attacks against an organization or its customers must be detected and mitigated on the open web, dark web monitoring can be highly informative to discovering cyber attacker tactics and methods.

Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats targeting their organization. RiskIQ is excited to announce a partnership with Flashpoint and new product offering of a Deep & Dark Web (DDW) Module within our existing External Threats product that brings Flashpoint’s rich intelligence directly into a customer’s digital risk program.

Through this integration and partnership, data sourced from Flashpoint’s monitoring of deep and dark web forums create events in the RiskIQ platform alongside other types of event alerts. The new module allows customers to set keywords of interest to provide visibility into potential cyber attacks during the planning stages or cyber attacks that may target the organization or employees directly. This capability adds to RiskIQ existing detection of active cyber threats against an organization across the internet.

When used together, these two intelligence sources create a powerful combination that protects an organization’s digital presence. Visibility into the dark web helps organizations understand the full complexity of their cyber security posture, and the additional context provided by both data sources turns previously non-actionable information into something actionable.

Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats.

Fig 1 – Flashpoint data from a dark web forum about Android Malware

With this partnership, Flashpoint dark web data is integrated into RiskIQ’s platform as a custom event. Figure-1 (above) shows an example event surfacing forum chatter about a strain of Android malware, commonly referred to as Loki-Bot, that is known to steal credentials and other sensitive information.

Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats.

Fig 2 – Searching RiskIQ Mobile App database for apps which have been related to Loki-Bot

This deep and dark web data will typically relate to the early reconnaissance phases of a cyber threat, whereas RiskIQ’s open web intelligence captures the later phases when malicious actors set up their infrastructure and deploy their cyber attack.  Users of the Deep & Dark Web Module can make correlations between these events and open web events found by RiskIQ as they arise. In this case, we have identified discussion about a type of Android malware on the dark web using data gathered by Flashpoint; RiskIQ can then provide data about where that mobile malware is being distributed via both our Mobile App and Global Blacklist indexes.  

Organizations should monitor both the open internet and the dark web for holistic visibility and a proactive approach to external threats.

Fig 3 – Easily create Mobile App events based on the location of apps related to Loki-Bot

In this example, we’ve searched for mentions of “Loki” in our Mobile App database and immediately discover two blacklisted entities. A user can sift through these results based on a wide range of customizable filters to surface the potential cyber threats that are most important to them. A user can then create an event from one of these entities to leverage RiskIQ’s event workflow, allowing External Threats customers to monitor risks of interest and even begin the takedown process.  

With the new Deep & Dark Web Module for External Threats, customers can proactively discover new cyber threats to their organizations across multiple channels to ensure that they have a holistic view of their digital presence.

To learn more about how you can use this other External Threats modules to defend your organization from digital threats, get in touch with one of our sales representatives today.

Share:

Connect with us
Featured Post

Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims