Threat Intelligence - Deep & Dark Web Monitoring

At a recent meeting?of the ACSC Threat Intelligence Network, intel directors discussed how to ensure that deep and dark web monitoring is worth the squeeze.?

If you cannot clearly define collection objectives and effectively consume the outputs, it's probably not worth it.?The best intelligence is from a credible source, reliable, and actionable – features that are harder to find in dark web intelligence. Here are a few recommendations:

• Essential vendors:?Navigating the deep and dark web is?specialized work requiring an understanding of the environment and the right access. There are very good intel vendors (and others that resell the good ones outputs). It is best to have one of the good vendors doing this work because they know how to handle the?risk and liability that comes with navigating the dark web.
• Pick a?vendor with a holistic approach because this work now means collecting OSINT from social media and other peer to peer communication channels like?Telegram.
• Internal Collaboration:?Cyber Threat Intel may be the best, centralized place for dark web monitoring as a service to your other intelligence verticals – physical security, executive protection, fraud, and brand protection.
• Domain squatting: Internal legal counsel can assist with cease and desist letters. There are vendors who can help with takedowns and directly contacting hosting services.?Recommendation: Block doppelganger sites to reduce their effectiveness in phishing campaigns.

Book Recommendation:?Kingpin by Kevin Poulsen, a look at NCFTA and the investigation of a carding forum with history going back to Russian carding forums.

Want to learn more, understand who the good vendors are? You can be a part of these important discussion too! Contact Jim Dinneen at [email protected] to learn how your organization can become a member.