By Daniel Reedy, Media and Communications Manager at Pentester Academy
The dark web remains an extremely suspicious entity. Many less-technical users are completely unaware of this obscure sector of the internet. The dark web is a small part of what is known as the “deep web,” which is not indexed by search engines and includes individual networks, user accounts and other privately hosted material.
Gabriel Glusman, the Senior Cyber Intelligence Analyst at Sixgill, said the deep web makes up about 96% of the internet and it includes any part of deep web that involves criminal intent. Cyber criminals use the dark web as a social network to virtually gather and exchange attack information (among other nefarious activities). Attackers can train on, learn from and recruit partners on the dark web to conduct various cyber attacks
These are exactly the type of attacks that Sixgill combats.
Co-Founder and CEO Avi Kasztan said Sixgill is a system that automatically performs analysis and monitoring of dark web activity — detecting dark web attacks before they occur.
With the quantity and sophistication of attacks ever increasing, preemptive security measures such as Sixgill’s are replacing traditional perimeter defense systems. Kasztan and his team’s goal is to provide customers with real-time, prioritized alerts that they can utilize for actionable intelligence. These customers range in industry and include government agencies but ultimately any organization could use this solution.
Kasztan says the whole purpose is to create a detailed picture of intelligence for customers. Sixgill does this on an analysis and notification system that is automated through advanced artificial intelligence and machine learning. This platform can be implemented on-premise or as a SaaS model.
One of the key components of Sixgill’s strategy is understanding attackers. We know attackers use the dark web to gain attack knowledge and strategies so Sixgill uses this same resource to gather intelligence. The information gathered is used for Sixgill’s Threat Actor Analysis which allows the team to learn about the humans behind the attacks. Not only is big data used, but Glusman says they monitor threat actor’s social behavior, looking at online interaction on various platforms while analyzing the threat actor’s communications and credibility.
Glusman says there are two kinds of cyber criminals: those with financial motivations and others who fight for ideals. The first group clearly carries out attacks for monetary gain, often through ransomware or phishing. The second group is made up of terrorists and hacktivists who attack with similar strategies as cyber thieves, but with less tangible goals in mind.
One of the major changes in this subject has been the essence of attacks: They are becoming far more service-oriented (“phishing as a service”), allowing attackers who may not have the required technical abilities to still carry out attacks. While hackers may specialize in one particular skill, they’re able to recruit partners to carry out more sophisticated attacks. This increased sophistication is making attacks more dangerous and tougher to combat.
That’s where DARK-i comes in, providing the intelligence to prevent these attacks before these attacks happen. To the user, DARK-i is a dashboard that shows a summary of alerts and notifications that can be set up based on different queries, customized needs, and automated monitoring.
“On the backside,” Sixgill’s on-site-developed, proprietary crawlers automatically scan all the different sources and collect and store the gathered information, in house. All intelligence gathered is stored permanently — regardless if analysis subjects go offline. AI and machine learning algorithms process that data and the information is categorized in the database. The platform “tags” the data, allowing users to easily segment and locate the relevant information much faster than other products.
We would like to thank Co-Founder and CEO Avi Kasztan and Senior Cyber Intelligence Analyst at Sixgill Gabriel Glusman for discussing dark web cyber intelligence on Access Point.