Book your demo: Supply Chain Security

The dark web refers to a part of the internet that is inaccessible through regular search engines or internet browsers. To access it you need to install specific software on your computer. It is notoriously associated with illegal activity that is intentionally hidden to avoid scrutiny from law enforcement, governments, and other entities like internet service providers.

Though not all dark web activity is illegal, criminals prolifically use it as they believe they can’t be traced. Our research revealed that only 32% of CISOs that gather dark web data use it to monitor for attacks against their supply chain. The prevalence of criminal activity on the dark web is what makes it a rich source of intelligence for security teams. If you know where to look (and have the right tools in your tech stack)  you can identify threat actors on the dark web targeting your business and your supply chain before they strike.

The dark web poses a significant danger to businesses and their supply chain partners, regardless of their size, as it is the platform where criminal activities, such as reconnaissance, occur. It is also the go-to place for cybercriminals to buy and sell stolen data, including login credentials, financial information, personally identifiable information (PII), and even intellectual property. This access can be leveraged for various nefarious purposes, from phishing scams to launching ransomware attacks against your brand, supply chain, and people.

The value and benefits of dark web monitoring are that it empowers security teams to automatically scan the dark web to detect and monitor potential threats and vulnerabilities that can compromise an organization’s digital security. Dark web monitoring helps businesses stay one step ahead of cybercriminals and take necessary measures to safeguard their confidential information.

Recaptured data in Searchlight Cyber includes anything from a leaked employee password belonging to your third-party suppliers, personal information about executives/VIPs that could be used in a phishing attack, or data scraped by an info stealer malware that could be used to breach your network.

Data includes details such as compromised usernames, crypto wallets, IP addresses, email addresses, cookies, financial, medical, and personal information about your third-party suppliers that could be used in a social engineering or phishing attack on the supply chain partner and its customers (ie. your business).

By automatically monitoring the dark web for attributes linked to your external threat surface, such as domains, IP addresses, and employee credentials, you can identify when they are being targeted by cybercriminals on forums, marketplaces, or messaging platforms like Telegram. This early warning from the dark web gives security teams invaluable time to adapt their defenses based on likely threats and – consequently – a far greater chance of preventing costly third-party supply chain cyberattacks.

A zero-day vulnerability in the file transfer software MOVEit, used by businesses to support the easy movement and sharing of files between locations, resulting in a mass supply chain attack. The dark web ransomware gang Cl0p took responsibility for the attacks in a post where they claimed to have the data of “hundreds of companies”. This attack reveals how the lack of visibility into a supplier’s security practices can impact your business’s security posture.

Three other examples where supply chain compromise was visible on the dark web include:

1. The Maersk compromise in 2017 was the victim of the NotPetya ransomware variant that cost it up to $300M.
2. The Ultimate Kronos Group was the victim of a ransomware attack which impacted high-profile enterprises using their technology, including Whole Foods, GameStop, Honda, Ascension, and Sainsbury’s. It’s estimated 8 million people were impacted by this attack.
3. Kaseya was the victim of a zero-day vulnerability attack. Kaseya’s technology is used by companies that serve other companies, which meant there was a cascading effect. This supply chain attack is estimated to have impacted more than 1,000 companies.

We gather our data from different sources on the deep and dark web, including underground forums, marketplaces, and encrypted chats, using a combination of automated technology and manual techniques in accordance with US, UK, and European laws. Our team of threat intelligence experts have extensive experience in law enforcement, cybercrime, and the military. Additionally, we use advanced AI web data collection methods to scrape and process large amounts of data quickly and efficiently – extracting context-rich insights from the data for use by investigators and security teams.