Customer portal
Articles Tagged with

dark web threat intelligence

"SOS
Flash Alert

Flash Alert – Brute-Force scanning of VPNs

SOS Intelligence has recently seen indications of brute-force login activity against VPN services associated with a customer.  

Our research has linked this activity to an Initial Access Broker (IAB), who has recently released access to a brute force scanning tool through their profile on a high-profile cyber-crime forum. 

Thanks to Daniel, our new Threat Intelligence Analyst who has been investigating this. Future flash alerts and intelligence reports will come from Daniel via email. If you would like to get these, you can sign up here.

The IAB has shared information with our Intelligence Team, showing statistics relating to successful logins they have found whilst scanning VPN networks.

This has highlighted a concerning amount of networks accessible using commonly known default login credentials.  However, the IAB has acknowledged that some of these may represent honeypots.

Source: SOS Intelligence discussion with Bassterlord

Initial Access Brokerage is a common feature of cyber-crime forums.  The individuals concerned involve themselves with the compromise of computer networks. 

Once persistence within the network has been maintained, they monetize that access by selling it within forums, often to actors with access to destructive malware.  Therefore, IAB activity can often be a precursor to Ransomware and/or Data-exfiltration attacks.

Other Discussions identified by the SOS Intelligence Platform related to VPN Provider Scanning

Recommendation

We recommend reviewing any VPN services in use to ensure all default account passwords have been changed, and any built-in accounts have been disabled, in accordance with the best practices of your provider.

At SOS Intelligence we can provide bespoke intelligence feeds to help monitor your data to help you identify when credentials have been leaked and are appearing online, helping you to stay ahead of the attackers and keep your networks safe.

Photo by Kevin Ku on Unsplash

"Eastern
Product news

Supporting the Eastern Cyber Resilience Centre

We are delighted to announce that we are the newest Eastern Cyber Resilience Centre Community Ambassador.

The Eastern Cyber Resilience Centre (ECRC) supports and helps protect SMEs, supply chain businesses and third sector organisations in the East of England against cyber crime.

The ECRC began its journey in November 2020. Led by Policing and facilitated by Business Resilience International Management (BRIM), they have followed a structured modular programme based on a highly successful model that had previously been established for over 9 years in Scotland.

They work in structured partnership with regional Policing, Academia, Businesses, Third and Public Sector organisations through a variety of ways.

What is a Community Ambassador?

Community Ambassadors are local businesses who recognise that cyber resilience is essential for their own customers and supply chains and want to help the ECRC promote this message.

We fully support what the ECRC are doing and very much look forward to working closely with them in the future.

"SOS
Product news

The new SOS Intelligence UI

I’m delighted to announce that our new UI is now live on the SOS Intelligence platform. This is something we have been working on for a good few months and is the culmination of customer feedback since launch.

Not only does it give a better experience visually, it’s more intuitive, easier to navigate and much simpler to use.

This is the first important step as part of a series of improvements across the platform. This development and investment in SOS Intelligence as part of our growth funding project which we recently announced.

Our old UI, whilst ok, was not as good as it should be. Ever since launching SOS Intelligence it’s something that’s always caused me to wince slightly – the design and UI didn’t match the product.

Good software lives or dies by how easy it is to use and interact with and it sure helps to look nice too!

We’ve focused on improving the menus and navigation so that you can see exactly where you are and see how to get to the next thing. We’ve also made use of a full screen on desktop. Previously it felt cramped and we still had a lot of unused space. No more! We now have a well laid out screen which has easy-to-read visuals and the new colours.

Here is a walk through video showing the new UI:

You can see most of the new screens below with an explanation of what they are and what you can do:

Our new dashboard now gives you unparalleled information about your keyword alert performance. At a glance view your most recent alerts, Most popular collection type and keyword performance over time. 
Dashboard

Our new alerts UI allow you to get the information you need fast. Highlighting of matched keyword enables you to zone in on exactly what’s been identified. View the full content for accurate context. Not only do we provide you with the full URL but also the full unredacted content. 

Acknowledge the alert once you have completed your review. 

Provide feedback to us if the alert was useful or not, and you can provide a reason and commentary.

Alert management
Alerts
Alerts

OSINT Search – You can view posts on a forum or any collection, live without having to have an account on that forum yourself, this is especially useful for closed forums. Narrow down your search with the Search by Date option or add a keyword if you are searching for something or some one specific.

OSINT Search
OSINT Search

The new Dark Search – Use our Onion address search feature to search for just part of an onion address or URL – search for what you have or know and we will match the most relevant Onion service address.

Dark Search

Generate an on demand live screenshot of an onion website without having to use a Tor browser. Images on Onion sites are not rendered.

Dark Search

Search the dark web and retrieve thumbnail for Onion websites, text content and generate on demand screenshots for your search results. You can also customise your search by searching just for the page titles, content, content & title or part of an onion address.

Dark Search

Last but not least, we have the user management:

User profile

It’s been a complex project, not only the design but also the integration into the code base and structure of the platform.

If you’d like to know more and let us show you how easy it is to use, then please book a demo call here. Thank you!

"SOS
SOS Intelligence Webinar

Special launch webinar for UK Charities, NHS Trusts and Schools – February 22nd

To celebrate the launch of the special plan we just announced, we are having a webinar on Wednesday February 22nd at 11am and you’re invited.

Sign up here for the webinar.

Join us on the webinar to learn why we are doing this, how to apply and the details of the special plan.

Who is this for?

  • Senior Managers
  • IT and Security teams
  • Anyone with a responsibility for data
  • NHS Trust Heads
  • School Heads
  • SLT of charities

You will learn:

  • Why cyber threat intelligence and especially on the Dark Web is so vital
  • How the world has changed
  • Data diligence
  • Why we are launching this special plan and how to apply
  • Plan details

If you are a UK Charity, School or NHS Trust, you can apply for a special plan with SOS Intelligence, which gives you the first six months for free. 

You can apply now by clicking here.

We look forward to seeing you!

"SOS
SOS Intelligence Webinar

Our webinar schedule

Firstly, a very Happy New Year to you! We hope you had a terrific festive period, recharged the batteries and avoided getting the “worst cold ever” – we sadly didn’t and are still recovering!

Following our first webinar in December we are going to be doing regularly events through out this year.

We are using a terrific platform called Livestorm which allows you to sign up in seconds, receive timely reminder emails and during the event, ask questions and answer polls 🙂

We have a dedicated page with the schedule on, which you can find here.

We will be constantly adding to this throughout the year, so we look forward to welcoming you!

"Dark
Investigation, The Dark Web

Dark Web Services Current Average Prices

It started with a tweet.

The dark web has long been associated with illegal activities and the sale of illicit goods and services. Among the many services offered on the dark web, hacking services are particularly prevalent.

Daniel’s tweet

We had our PIR and got to writing an Intelligence Requirements sheet following the PESTLEP model and that allowed us to prioritise our Collection Plan.

Collection plan.

With which we were able to start our collection process and begin answering Daniel Card’s Tweet.

The collection process consisted of using the SOS Intelligence platform to identify current active market places for the specific IR areas we had to answer to.

Our platform has the capability to scan the dark web very quickly, with the ability to rotate around all active Onion services within 24-48 hours. This gives us a clear view of current and active Onion services.

In addition SOS Intelligence has a broad range of automatic closed and open forum collection giving us a real time view into purchases and sales.

Gathering the relevant information and calculating averages per service, per market place. 

The research

The research for this article looked at around 40 different current dark web marketplaces and clear web and dark web forums, where hacking services are commonly offered for sale. The average prices for the services mentioned were determined based on the information gathered from these sources.

According to our research, the average price for a stolen credit card on the dark web is around $243.15.

This may seem like a low price, but the value of a stolen credit card can vary depending on the country it was issued in and the remaining balance on the card. For example, a credit card from the United States may be worth more than one from a less economically developed country. To keep things as like for like as possible we took the average card limit for a USA bank.

Counterfeit money is also commonly available on the dark web, with the average price per $1,000 coming in at around $396.24.

This may seem like a high price, but it’s important to remember that producing high-quality counterfeit money can be a time-consuming and expensive process.

Botnets, which are networks of compromised computers used to launch distributed denial of service (DDoS) attacks, are also commonly available on the dark web.

The average price for a botnet or DDoS attack is around $382.41.

Another common service offered on the dark web is the sale of  so called residential proxies,  which are more difficult to detect and block as they “proxy” a cyber criminals connection out through a residential ISP. These proxies are used to mask the true IP address of the user and are often used by hackers to avoid detection.

The average price for a residential proxy is around $645 per month.

Finally, initial access to a target network is often available for sale on closed forums and marketplaces. This can include login credentials or vulnerabilities in a network that can be exploited to gain access, Initial Access or AI is typically the first ‘open door’ into a victim’s network and can lead to ransomware.

Prices for this service ranged wildly from a few hundred dollars to tens of thousands, due to wide ranging victims and seller motivations, varying greatly depending on access offered, method of access and compromised company.

The average price for initial access to a network is around $7,700. 

In conclusion, the dark web is a hub for a wide range of hacking services, from stolen credit card information to initial access to target networks.

While the prices for these services may seem steep, it’s important to remember that at least for some of the services offered there is a more demand than supply.

It is also important to note that there is no guarantee with any of the services provided and the sellers or marketplaces themselves could be scams or scammers although a majority do offer purchase through escrow.

Header photo by Jefferson Santos on Unsplash.

"SOS
Product news

Join us for our first SOS Intelligence webinar on December 8th at 11am

We are delighted to invite you to our first webinar. This is at 11am on Wednesday 8th December and will last around twenty minutes.

Hosted by myself, I’ll give you a short overview of the product and how it fits as an essential part of your business or organisation’s online security plus a demonstration of how easy it is to use the keyword alert feature.

Who is this for?

  • Anyone in a business or organisation who has responsibility for online security
  • CTOs who wants to understand the risks of cyber breaches and how to monitor them
  • MSSPs who would like to leverage our solution with their clients

You will learn:

  • Why cyber threat intelligence and especially on the Dark Web is so vital
  • What SOS Intelligence does and what you can expect when using it
  • How it meets the need of a modern business / organisation

All you need to do is click the button below. We look forward to seeing you!

"pwn
Product news

pwnReport tool for MSSP and Enterprise customers

One of the features which we’ve been working on recently is a pwnREPORT Breach Report Tool. I’m pleased to say this is now available for our MSSP and Enterprise customers.

What does it do?

  • Generates an aggregated breach report for records found across our BreachDB, OSINT collections and Dark Web.
  • Searches for a provided company email domain.
  • Returns a CSV document on completion for you to download.

Watch the short video below to see it in action.

pwnREPORT Breach Report Tool

This kind of tool is precisely what we try and focus on. Simple execution of a query and a quick, useful output for you to use and potentially share.

If you have any questions, please don’t hesitate to get in touch and book a call / demo here.

Photo by Kevin Ku on Unsplash.

1 2 3
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound