Security Management, MSSP

Data on the Dark Web Opens Door to a Cyberattack, Searchlight Cyber Reports

Share

The more an organization’s data is found on the dark web the more likely it will experience a cyberattack.

Searchlight Cyber, a dark web intelligence company, delivers the news in a new study released in cooperation with the Marsh McLennan Cyber Risk Intelligence Center this week. To coincide with the study, Searchlight also launched a supporting “Dark Web Risk Report." Organizations can use this free resource to view their dark web exposure and the corresponding risk, based on an analysis conducted by the Cyber Risk Intelligence Center.

The dark web is a critical area of security for MSSPs, as they monitor it for signs of potential attacks on their clients. Many organizations rely on MSSPs to safeguard sensitive data, but if this data is leaked or sold on the dark web it can lead to data breaches, financial losses and reputational damage. Cybercriminals often sell or share stolen credentials, malware or exploits on the dark web before an attack is executed.

How Dark Web Exposure Increases Risk of a Security Incident

Marsh McLennan analyzed Searchlight’s dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7% from 2020 to 2023. The research determined whether there was a correlation between data breaches and findings on the dark web in the year before the incident.

The study, “The Correlation Between Dark Web Exposure and Cybersecurity Risk,” found that all nine of Searchlight’s dark web intelligence sources are correlated to increased cybersecurity risk:

Intelligence SourceIncreased Likelihood of a Cyber Incident
Compromised UsersCompromised accounts on the dark web related to an organization.2.56x
Dark Web Market ListingsThe mention of the organization or data related to the organization on a dark web market.2.41x
Outgoing Dark Web TrafficTraffic originating from the organization’s network and connecting to the dark web.2.11x
OSINT ResultsAssets related to an organization that have been identified on the dark web.2.05x
Paste ResultsThe mention of an organization or data related to an organization on plain text repositories.1.88x
Telegram ChatsThe mention of the organization or data related to the organization on Telegram1.75x
Incoming Dark Web TrafficTraffic originating from the dark web and connecting to an organization’s infrastructure.1.63x
Forum PostsThe mention of the organization or data related to the organization on a dark web forum.1.58x
Dark Web PagesThe mention of an organization or data related to an organization on a dark web site.1.29x

The Dark Web: A Cyberattack Staging Area

The study also included a multi-variable analysis, which showed that combining multiple dark web sources provides a stronger indication of increased cyber risk. Paste Results, OSINT Results and Dark Web Market Listings were found to be the most correlated to cyber insurance loss frequency in conjunction with other factors, Searchlight Cyber reported.

Offering a press statement on the findings, Ben Jones, co-founder and CEO of Searchlight Cyber, said:

“The core finding of Marsh McLennan’s analysis is that any data related to your organization on the dark web is highly correlated with your chance of a cyberattack. Cybercriminals plan their attacks on dark web forums, marketplaces, and in hidden communication channels, and the study has quantified the risk of each of these areas of dark web exposure for the first time."

Jones emphasized that if security teams can identify their exposure on the dark web, they have a huge opportunity to proactively act, adjust their defenses and effectively stop attacks before they are launched by cybercriminals.

“The first step is to gain visibility to understand where the threat on the dark web is coming from, where the organization is being targeted and continuously monitor to give themselves the best chance of identifying and stopping a cybersecurity incident,” he said.

Further Searchlight Cyber, Marsh McLennan Collaboration

Following the study, Searchlight and the Marsh McLennan Cyber Risk Intelligence Center will collaborate to help organizations unlock the value of dark web intelligence in determining and mitigating the risks against their business.

“Historically, the insurance industry has focused on data from within an organization, such as questionnaires, along with outside-in technographic scans for determining cybersecurity risk,” Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Intelligence Center, said in a press statement. “While this data is extremely valuable, ignoring dark web factors external to the organization’s network leaves the industry with a blind spot around who could be targeting the organizations they insure and the resources those cybercriminals possess to execute their attacks.”

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.