MIT Sloan Management Review reported that the dark web hosts various “…CAaaS marketplaces and forums that cater to a criminal ilk of technologists and businesspeople….[on] the dark web to develop and sell the components needed to launch an attack as well as offer expertise and other services needed to complete an attack.” The July 15, 2019 research feature entitled “Casting the Dark Web in a New Light” included this advice on how to fight back:
1. Expand the focus of cyber-threat intelligence. Many cyber-threat intelligence services collect data from enterprise IT environments to detect potential cyber threats. There is some investigation of the dark web, but it is usually limited to harvesting threat information and alerting potential targets. Investigators, for example, can find out whether a company’s data is being traded in a dark web marketplace or whether its machines are part of botnets. But rarely do threat intelligence processes look at services provided in these marketplaces.
2. Pursue a good offense as the best defense. Cyber strategy in most organizations is mainly reactive. Companies defend themselves after successful attacks have been launched. A value-chain-based view of attacks enables a more proactive strategy: We can switch to playing offense by disrupting the CAaaS ecosystem.
Another offensive strategy is to disrupt select services that are frequently used to create attack vectors, thereby making it difficult and risky to orchestrate an attack. For example, by monitoring and infiltrating botnet services, law enforcement agencies can anticipate and prevent attacks that use them. Likewise, infiltrating cryptocurrency-based money-laundering services could deter attackers by making it difficult for them to access their illegal gains.
Great advice, what do you think?