A quarter century ago, organizations could get by with fairly robust perimeter security. Those days are gone. In the modern landscape, an organization’s security is only as strong as its weakest partner along the supply chain. Cyber criminals and hackers know this. That is why they are increasingly exploiting supply chain attacks.
Interestingly, such attacks are rarely conducted and secret. They are openly talked about on dark web channels. They are planned, tweaked, and documented by those responsible for them. This offers a clear advantage to security teams willing to do some legwork. By leveraging dark web threat intelligence, these teams can uncover supply chain attacks in the earliest possible stages.
The Problem of Vendor Exposure
Some organizations struggle to understand just how weak their vendors are. The problem with vendor exposure is that a single leak on the dark web can cascade into an enormous problem across the entire supply chain. But vendor leaks are often the first indicator of a pending attack.
Exposure comes by way of an Initial Access Broker (IAB) who gains unauthorized access to a vendor’s network. He then turns around and sells that access. Then the cascade begins.
Every attacker who purchases access can go after the entire supply chain through the exposed vendor. Attackers can gain access to a supplier’s network, VPN credentials, shared portal logins, etc. It doesn’t take much for them to gain a valid and direct entry point into the primary organization’s network. All the while, that organization’s perimeter defenses have been bypassed.
Monitoring Keeps Organizations Apprised
Stopping such attacks before they reach the organization at the top of the supply chain requires continual monitoring. Guess what dark web threat intelligence does? Among other things, it constantly monitors dark web forums, marketplaces, chat rooms, and websites looking for any clues that would indicate leaked credentials or wholesale credential dumps.
DarkOwl, a dark web threat intelligence expert, says that three key pieces of information can alert an organization to a pending threat against one of its vendors:
- Names and Domains – Chatter mentioning vendor names and/or domains suggests a general breach and a potential credential dump. They are an immediate red flag.
- Shared Technologies – Dark web data pertaining to technologies an organization and its vendors share suggest that integration points are being explored.
- Unique Assets – Data pertaining to unique assets and intellectual property (IP) suggests targeted theft of the organization’s unique property.
It can be hard for someone not in the cybersecurity field to believe that threat actors openly discuss such things on the dark web. Yet they do. It is not obvious to the casual web user because accessing the dark web requires specialized tools and some advanced knowledge. Your average internet user would not know how to do it.
On the other hand, security experts do know how to get to the dark web. So one of their tasks is to conduct regular dark web intelligence in order to stay abreast of what is going on in the shadows.
Resilience Is a Proactive Characteristic
Resilience in cybersecurity is the ability to launch countermeasures when an attack surfaces. It must be understood that resilience is a proactive characteristic. In other words, organizations need to be prepared if they hope to launch the right countermeasures at the right time. Dark web threat intelligence makes that possible.
Dark web threat intelligence isn’t merely an exercise for late-night security analysts with too much time on their hands. It is a vital tool for protecting organizations by warning them of potential supply chain attacks. Given how vulnerable supply chains are, ignoring it is foolish.
