Cybercriminals communicate and collaborate through illicit forums on the Deep & Dark Web. A key indicator of cybercriminal activity is the vitality of these forums. New forums continue to emerge, and old forums continue to attract new members. The Deep & Dark Web communities monitored by Flashpoint encompass millions of posts on these forums which offer rich insight into the strength of the global cybercriminal ecosystem. Analysis of forum activity clearly shows that customers of US financial institutions continue to be the primary targets of the cybercriminals who frequent these communities. What drives this activity?
There is an “arms race” between financial institutions and cybercriminals. For every new exploit discovered and prevented, cybercriminals race to identify and exploit new vulnerabilities. Two dynamics accelerate this race.
The first dynamic is the increase in system complexity. The growing variety of financial instruments, devices, number of component parts, and the level of connectivity between them increases the brittleness of the targeted system, exposing it to vulnerabilities that are becoming more difficult to predict.
The second dynamic is the advances in threat intelligence collection, analysis, and sharing, which help identify and patch these vulnerabilities at a faster pace. This dynamic shortens the offensive-defensive cycle, or the time a cybercriminal campaign can remain profitable. Paradoxically, this leads to an increase in illicit activity as criminals are forced to identify and exploit new revenue streams at a faster pace.
In the same way increased information sharing within and between organizations facilitates effective responses to emerging threats, information sharing within cybercriminal communities enables the criminals to identify new vulnerabilities and collaborate on their exploitation. It logically follows that as responsiveness to cyber threats improves, the activity on cybercriminal forums in facilitating malicious activity will rise in tandem. And for financial institutions, tracking activity on these Deep & Dark Web forums provides an indicator of attacks to come.
For more information about understanding adversaries within the Deep & Dark Web, contact Flashpoint.