Page 48 - Cyber Defense eMagazine April 2023
P. 48

The alarming rise in compromised credentials led Cynet to launch its Lighthouse Service which monitors
            underground forums, private groups, and malicious servers for evidence of compromised credentials
            within the environment – taking its MDR team (CyOps) into the darknet and underground forums to search
            for  potential  cybersecurity  threats  before  they  become  full-on  attacks.  Unlike  traditional  darknet
            monitoring services, Cynet focuses primarily on credential theft monitoring because of the swift rise in
            leaked credentials.



            A Primer on the Darknet and Underground Forums

            Unlike the internet we all use to work, shop, and connect online, users must download a special Tor
            browser or browser add-ons to navigate the darknet. Because there is no link between a user and the
            user’s IP, the darknet requires specific access (software, configurations, authorization) – thus making it
            a prime location for illegal activity. Industry analysts estimate that the darknet accounts for 4% to 6% of
            internet content, with as many as three million users per day.

            But the darknet is not the only gathering spot for cybercriminals. The internet we use on a daily basis
            (Clearnet)  also  houses  underground  forums  that  fuel  and  empower  threat  actors.  The  now  seized
            “RaidForums” and its predecessor, “Breached,” are two popular sites that can be accessed via common
            web browsers. While the two are accessible to the public, their forums are not accessible. A lot of these
            underground forums are inaccessible for most people and require certain levels of “street cred” among
            the community of hackers to enter. To access these forums, users often must be known on other similar
            forums or have other users vouch for them. Another option is to pay for access.

            Because these forums still rely on anonymity, the communities have developed an ecosystem where
            users can buy credits and then transfer the credits into currency used to purchase databases, services,
            and malware posted on the forums.

            By monitoring these forums, along with conversations and activity happening across the darknet, Cynet’s
            research team is able to access the very places where threat actors share information, data, and malware
            with each other.



            Things You Learn about Cybersecurity While Monitoring the Darknet

            One of the primary cybersecurity insights Cynet has gained through its Lighthouse Service is that there
            is an enormous market for “Info Stealer” malware (malicious software that captures personal information
            from a computer). Once upon a time, hackers were heavily focused on attacking banking and financial
            information,  but  that’s  no  longer  the  case.  Cyber  criminals  are  using  “Info  Stealer”  malware  to  find
            compromised credentials for all organizations, actively planning large, sophisticated campaigns to target
            assets for both enterprises and small to midsize businesses.

            This malicious activity has led to an entire ecosystem of compromised credentials available on darknet
            marketplaces in the last few years. And it’s not just “Info Stealer” malware that’s causing serious concerns







                                                                                                              48
   43   44   45   46   47   48   49   50   51   52   53