June 25, 2024by Shir David

Third-Party Threat Intel and the importance of deep, dark web threat intelligence

In recent posts, we discussed the importance of third-party threat intelligence in shining the light on a significant blind spot for security teams: the ability to identify risks coming from the supply chain. The intelligence itself is tremendously valuable, not just because of what it reveals about an organization's third-party risks, but because of the way the information is sourced.

The importance of how and where intelligence is sourced is not only relevant to cybersecurity. Throughout history, intelligence gathered during international conflicts has been crucial as well.

For example, earlier this month, world leaders commemorated the 80th anniversary of D-Day, the massive assault at Normandy that led to the defeat of Nazi Germany and eventually the end of World War II. While the Allied Forces possessed many advantages over their enemy, one of the keys to that battle and the ultimate victory over the Axis powers was simply this: They knew their enemies’ secrets.

Thanks to breaking the codes that the Germans (and the Japanese) used to communicate internally, the Allies could take the initiative. Without those insights, they would have been in the dark, forced to guess about pending attacks and react once they were launched.

The same principle applies to cybersecurity. If you understand cybercriminals’ plans—their motivations, tactics, targets, and timing—you are better able to protect your organization from a damaging attack. The best way to gain this understanding is through comprehensive, contextual cyber threat intelligence (CTI) collected from the deep and dark web, the virtual gathering spots for cybercriminals to exchange tools, share information, buy and sell data, and offer services.

Breaking the code: infiltrating the cyber underground

Many underground websites are hidden from the public, but our threat analysts have methods to penetrate them and collect the broadest pool of dark web intelligence available. Using advanced machine learning (ML), we covertly extract threat actor data from clear, deep, and dark web sources including limited-access forums and markets, invite-only messaging groups, code repositories, and paste sites. This threat data is then processed, correlated, and enriched with AI and ML and filtered for business and attack surface context, so security teams understand which threats and vulnerabilities pose the greatest risk to their organization. 

Through our vast pool of dark web data sources, Cybersixgill’s CTI helps organizations address a multitude of use cases, some of which include:

  • Vulnerability Management – Know which vulnerabilities will be targeted and get insights around emerging threats, trends, and context on actors and their intent.

  • Ransomware Protection – Get real-time alerts and essential context to combat ransomware, malicious malware, and vulnerability exploits.

  • Compromised Credentials – Stay ahead with automatic notifications in the event of leaked employee credentials, system passwords, and brand assets.

  • Incident Response – Analyze and detect threats earlier. Perform investigations on the dark web to optimize the incident response lifecycle.

  • Threat Hunting – Seek the highest-priority potential cyber threats to your organization and take remediating action to protect your environment before they attack.

  • Third-party Risks – Identify threats from the supply chain and expand your threat exposure management efforts. 

Addressing threats posed through third parties: a game-changer

Beyond knowing how cybercriminals are targeting your organization directly, you also need to know how they’re targeting the vulnerabilities of your third-party suppliers and partners, which gives them the means to breach your network. Going back to our international conflict metaphor, it was crucial for the United States to gather intelligence about the enemy’s plans - not only to attack their own forces but their close allies as well.

To apply our rich dark web threat intelligence to an organization’s third parties and supply chain providers, we recently introduced our new Third-Party Intelligence module. The new module combines vendor-specific CTI with cybersecurity posture data from suppliers’ tech environments and enables SOC teams to preempt threats originating from third-party suppliers. Additionally, our Third-Party Intelligence identifies potential supply chain risks and delivers impact assessment with recommendations for remediation before an attack launches. Thus, Cybersixgill addresses the various use cases listed above for your organization’s assets and those of your third-party suppliers, providing you with comprehensive, hermetic CTI coverage of your suppliers and vendors. 

The new solution is truly a game-changer and takes an organization’s cyber defense efforts to new levels. Combined with our Attack Surface Management solution, our third-party intelligence module delivers data about each third-party provider with detailed descriptions of gaps in their network, IT environments, and applications (including DNS records, mail server misconfigurations, and technology with vulnerabilities known to have been exploited). 

After all, if your supplier is hit by a ransomware attack or a breach, the route to your organization’s data and/or environment becomes that much shorter. If you turn a blind eye to your allies, you might find your own homeland attacked as well, and taking action will likely be too late. 

To learn more about our Third-Party Intelligence module contact us for a demo or for more information. You can also visit our Dark Web Education Hub to discover more about activities on the deep and dark web.



You may also like

Analyst looking at multiple monitors

July 11, 2024

Chinese APT40 Hackers Hijack SOHO Routers: Unleashing Cyber Espionage Attacks

Read more
Abstract digital landscape with flowing lines of glowing binary code in blue and orange, representing data streams and modern technology.

July 08, 2024

CVE-204-6387 Poses Risk to Organizations Relying on OpenSSH’s Server (sshd)

Read more
A group of healthcare professionals is walking down a hospital corridor. In the foreground, a man wearing a light blue dress shirt, tie, and an ID badge around his neck is holding a tablet and talking to a female doctor. The female doctor, dressed in a white lab coat with a stethoscope around her neck and a dark blue shirt underneath, is attentively listening. In the background, another male healthcare professional in blue scrubs and a stethoscope around his neck is following them. The setting appears to be modern and well-lit, indicative of a professional healthcare environment.

June 25, 2024

Report on the Recent NHS Ransomware Attack

Read more