Articles Tagged with
We like brands, companies and organisations that do the right thing. They are for good. They want to help. Their product or service is helpful, is useful and goes some way to fight the bad in the world, and let’s face it, there is way too much of that right now.
So, we are also going to try and do the right thing. We are a startup, a fledgling business and one which has not got endless reserves and pots of cash. But, we strongly believe that by helping people we can develop a loyal customer in the future…
From today, if you are a UK charity, a NHS trust or UK school, you can apply for a special account with SOS Intelligence, which gives you the first six months for free. An application takes seconds and once approved, you can up and running in minutes. We are offering this as we know this can make a huge difference to your cyber security, and we know that is more and more important.
What does this account include?
After the six months free time period, this will cost £200+VAT per month or £1,920+VAT with a 20% discount for 1 year.
We have seen time and time again that organisations who don’t act, even with intelligence we’ve come across ourselves, leave themselves open to tremendous risk.
A new threat report published by the NCSC reveals why the charity sector is particular vulnerable to cyber attacks, the methods used by criminals, and how charities can best defend themselves.
“More charities are now offering online services and fundraising online, meaning reliable, trusted digital services are more important than ever. During the Ukraine crisis, we saw more criminals taking advantage of the generosity of the public, masquerading as charities for their own financial gain.”
Lindy Cameron, NCSC CEO
You can read their blog post here and download the report here.
Just one set of compromised credentials is it all takes. Imagine, if you will, knowing when a user has been compromised and so you can act and secure the account. Imagine seeing an alert, almost in real time, where some of your data has been posted on a dark web forum.
Intelligence means you can do something about it.
Please do share this far and wide – we want to help! 🙂
FAQs
It started with a tweet.
The dark web has long been associated with illegal activities and the sale of illicit goods and services. Among the many services offered on the dark web, hacking services are particularly prevalent.
We had our PIR and got to writing an Intelligence Requirements sheet following the PESTLEP model and that allowed us to prioritise our Collection Plan.
With which we were able to start our collection process and begin answering Daniel Card’s Tweet.
The collection process consisted of using the SOS Intelligence platform to identify current active market places for the specific IR areas we had to answer to.
Our platform has the capability to scan the dark web very quickly, with the ability to rotate around all active Onion services within 24-48 hours. This gives us a clear view of current and active Onion services.
In addition SOS Intelligence has a broad range of automatic closed and open forum collection giving us a real time view into purchases and sales.
The research for this article looked at around 40 different current dark web marketplaces and clear web and dark web forums, where hacking services are commonly offered for sale. The average prices for the services mentioned were determined based on the information gathered from these sources.
According to our research, the average price for a stolen credit card on the dark web is around $243.15.
This may seem like a low price, but the value of a stolen credit card can vary depending on the country it was issued in and the remaining balance on the card. For example, a credit card from the United States may be worth more than one from a less economically developed country. To keep things as like for like as possible we took the average card limit for a USA bank.
Counterfeit money is also commonly available on the dark web, with the average price per $1,000 coming in at around $396.24.
This may seem like a high price, but it’s important to remember that producing high-quality counterfeit money can be a time-consuming and expensive process.
Botnets, which are networks of compromised computers used to launch distributed denial of service (DDoS) attacks, are also commonly available on the dark web.
The average price for a botnet or DDoS attack is around $382.41.
Another common service offered on the dark web is the sale of so called residential proxies, which are more difficult to detect and block as they “proxy” a cyber criminals connection out through a residential ISP. These proxies are used to mask the true IP address of the user and are often used by hackers to avoid detection.
The average price for a residential proxy is around $645 per month.
Finally, initial access to a target network is often available for sale on closed forums and marketplaces. This can include login credentials or vulnerabilities in a network that can be exploited to gain access, Initial Access or AI is typically the first ‘open door’ into a victim’s network and can lead to ransomware.
Prices for this service ranged wildly from a few hundred dollars to tens of thousands, due to wide ranging victims and seller motivations, varying greatly depending on access offered, method of access and compromised company.
The average price for initial access to a network is around $7,700.
In conclusion, the dark web is a hub for a wide range of hacking services, from stolen credit card information to initial access to target networks.
While the prices for these services may seem steep, it’s important to remember that at least for some of the services offered there is a more demand than supply.
It is also important to note that there is no guarantee with any of the services provided and the sellers or marketplaces themselves could be scams or scammers although a majority do offer purchase through escrow.
Header photo by Jefferson Santos on Unsplash.
One of the features which we’ve been working on recently is a pwnREPORT Breach Report Tool. I’m pleased to say this is now available for our MSSP and Enterprise customers.
What does it do?
Watch the short video below to see it in action.
This kind of tool is precisely what we try and focus on. Simple execution of a query and a quick, useful output for you to use and potentially share.
If you have any questions, please don’t hesitate to get in touch and book a call / demo here.
We are going to be attending the International Cyber Expo on the 27th / 28th September and we would love to meet up if you are attending.
Get in touch by emailing us or via Twitter 🙂
Another week and yet another cyber-attack on a major UK company. The Guardian broke the news yesterday highlighting that Go-Ahead are facing problems with their back office systems, including bus services and payroll software.
Fortunately it is only affecting the bus services they run and not their rail business.
There are a couple of important things to note here. Firstly, the UK and other countries are seeing more threats to government organisations, transport and infrastructure companies. Infrastructure, by it’s nature, is vital to the smooth running of a countries’ daily life and an interruption to this can cause serious problems.
One of the most infamous cyber attacks to infrastructure took place last year when hackers breached the Colonial Pipeline using a compromised password.
The key aspect of this case was that investigators suspect hackers got password from dark web leak. This scenario is a perfect demonstration of how SOS Intelligence could have helped, alerting the company to this in time and possibly preventing what happened.
In the UK, companies have faced sizeable fines when they have been the subject of a breach and lost customer data.
British Airways was told in July 2019 that it faced a fine of £183m after hackers stole the personal information of half a million customers. Eventually they paid £20M, still a considerable amount.
If you are reading this and wonder if we can help, we probably can. You can book a call and demo here.
Yesterday, the UK government announced that mobile and broadband carriers must follow a new set of rules that will strengthen our protection against cyber attacks.
“we know that today the security and resilience of our communications networks and services is more important than ever. From heightened geopolitical threats through to malicious cyber criminals exploiting network vulnerabilities, global events have shown the importance of providing world-leading security for our networks and services.
That’s why the creation of a new telecoms security framework via the Telecommunications (Security) Act 2021 was so important. With the help of the telecoms industry, we’ve now been able to move that framework forwards.”
– Matt Warman, Minister of State for Digital, Culture, Media and Sport
The new rules which the companies will need to follow, look at areas such as
The executive summary of the consultation outcome is one we completely endorse:
The UK is becoming ever more dependent on public telecoms networks and services. The increased reliance of the economy, society and critical national infrastructure (CNI) on such networks and services means it is important to have confidence in their security. As the value of our connectivity increases, it becomes a more attractive target for attackers. It is important to make sure that our networks and services are secure in this evolving threat landscape.
Proposals for new telecoms security regulations and code of practice – government response to public consultation – Updated 30 August 2022.
TechCrunch highlights that those who fail to comply with the new regulations will face big fines, up to £100,000 per day.
SOS Intelligence is focused on providing effective and affordable cyber threat intelligence. We would welcome a conversation with any mobile and / or broadband carrier as we can definitely help you.
We can help you avoid the question from your CEO or MD… Why didn’t we know about this?
Simply put, we monitor keywords, email addresses, domains and more online including the Dark Web, so you get to know immediately if your data has been leaked. You can then do something about it.
Forewarned in many cases will be incredibly helpful.
The results of a GOV.UK survey released in March 2020 confirms cyber security breaches are becoming more frequent. It found 46% of UK businesses and charities reported a cyber- attack during the year. Of those, 33% claimed they experienced a cyber breach in 2020 at least once a week – up from 22% in 2017.
The consultation is recognising that the threats from certain countries are not going away, but more likely to be increasing. The UK’s vigilance needs to increase to meet these threats.
Photo by Compare Fibre on Unsplash
We have recently graduated from the NCSC / Plexal startup programme which has been superb. A big thank you to everyone involved, especially making us so welcome.
At the end of the programme I spoke with James Lamb, the Programme Leader at Plexal and you can watch this below.
In the last article, I wrote about how legal firms can utilise cyber threat intelligence and the SOS Intel toolkit for cyber defence. But in this article I want to explore a different idea, namely, offensive threat intelligence for legal firms.
When someone says “cyber crime” what do most people think of? Likely something along the lines of “hacker”. Most will picture someone in a dark room staring at a computer screen with hundreds of lines of code flashing by while frantically typing on their keyboard.
While hackers like this do exist, they make up a minority of cyber criminals. Cyber stalking is, by far, the most common cyber crime.
Every year almost 10 million people in the United States are victims of cyber stalking or harassment. The vast majority, about ~80%, of cyber stalking incidents go unreported to law enforcement. To make matters worse, cases of cyber stalking that are reported often go unpunished. From 2010 – 2013, of the roughly 2.5 million reported cases of online harassment, only 10 cases resulted in a prosecution.
A major reason many of these cases go unresolved is the extensive evidence required to make a case. Collecting evidence on a cyber stalker is a difficult and time consuming process. But, this doesn’t have to be the case.
Utilising cyber threat intelligence tools, it is possible to collect large amounts of data on a target. Much like other cyber criminals, cyber stalkers use platforms like Telegram and Signal. Threat intelligence tools like the SOS Intel toolkit can pull data from these platforms on a mass scale. Just by crafting a few keywords you can search thousands of terabytes of data.
This “offensive” use of the SOS intelligence toolkit is not isolated to just cyberstalking cases. The SOS toolkit is incredibly versatile, it’s capable of assisting with any sort of research into any internet crime. Let’s take a look at what the SOS toolkit is capable of…
SOS Intelligence Toolkit API
The best way to utilise the SOS Toolkit is the API. The API allows you to integrate the toolkit into 3rd party programs. The API provides you the raw aggregate data and leaves the organisation up to your personal preferences. To start working with the API, first you will need to generate your API key.
You can do this in the “API” tab of the web interface. Once you click the “generate” button you will see this message:
There are many API clients out there, but for the purpose of simplicity in the example I will be using Postman.
SOS Intelligence offers a Postman Collection file to further simplify the process of implementing API requests in postman. If you are interested in using the Postman collection, please send an email to “[email protected]”
Once you have your API key and have imported the Postman collection file (or you plan on manually adding the API requests) you need to add the key to Postman as such:
Once you have your API key set you are ready to start making API requests! In this example I will be making queries as if I was investigating a cyber crime case.
Quick note: The user I am searching for in this example is “pompompurin” a known cyber criminal who is active on Twitter and Telegram and administrator of the infamous “Breached Forums”.
Here is a simple query for “breached forums” using the Twitter search function. (Note: At the moment the Twitter search function has a search history limit of 6 months)
The Twitter search function will return any data that matches the search query. If the query matches any of the values or sub-values of a post, the function will return all of the data of said post.
The data aggregated on each post is entirely dependent on the post itself, i.e. if other users are mentioned or if there are hashtags. It’s worth noting that searches are passed as phrases with “AND” logic. For example, my search for “breached forums” searches for “breached” AND “forums”. This way you can refine your results easily by crafting search queries that match exactly what you’re looking for, automatically weeding out all of the bad results.
Sometimes collecting intelligence from clearnet sources is not sufficient enough. Many hacking forums run both clearnet and darknet sites. The SOS Darkweb search function can search with several different categorical options. The first option is the “Full Text Search” as seen below.
The “full text search” searches through the full text of the site’s page. To narrow down your search results, you can set parameters like “phrase” to true. For example, if I search for SOS Intelligence, the query will pass as SOS “OR” Intelligence. However, if I set the “phrase” parameter to true, this query is passed as SOS “AND” Intelligence.
The Dark Web Search tool also has special functions for more specific searches like emails and Bitcoin wallet addresses.
The SOS Toolkit puts all of these tools at your disposal instantly. The API is just one method of utilising the toolkit.
The SOS web application allows you to access the same tools with a more friendly user interface. But the API allows you to integrate the SOS Toolkit into 3rd party OSINT frameworks as well as your own programs/scripts.
The API provides a simple way to work with the tool kit “offensively”. Utilising several or all of these search functions you can gather a great amount of information on a suspect. You can try these searches out yourself! Remember, we have two community APIs:
Both can be accessed via a free plan which you can sign up for here 🙂
Photo by Tingey Injury Law Firm on Unsplash.
We can’t stand still. We believe it is vital to keep investigating new threat intel feeds for our customers, so over the last 2 weeks we have created 15 new bespoke collection pipelines to gather intelligence from various hacking forums.
We have also been listening closely to customer feedback…
We value all of our customer feedback and aim to deliver feature requests as soon as realistically possible. Please continue to give us suggestions and feedback!
Photo by Fotis Fotopoulos on Unsplash.
Recent Comments