New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches

Mar
20,
2023The
Hacker
NewsData
Breach
/
Dark
Web

This
article
has
not
been
generated
by
ChatGPT.

2022
was
the
year
when
inflation
hit
world
economies,
except
in
one
corner
of
the
global
marketplace
–
stolen
data.
Ransomware
payments
fell
by
over
40%
in
2022
compared
to
2021.
More
organisations
chose
not
to
pay
ransom
demands,
according
to
findings
by
blockchain
firm
Chainalysis.

Nonetheless,
stolen
data
has
value
beyond
a
price
tag,
and
in
risky
ways
you
may
not
expect.
Evaluating
stolen
records
is
what

Lab
1,
a
new
cyber
monitoring
platform,
believes
will
make
a
big
difference
for
long-term
cybersecurity
resilience.

Think
of
data
value
this
way:

Stolen
credentials
can
become
future
phishing
attacks
Logins
for
adult
websites
are
potential
extortion
attempts
Travel
and
location
data
are
a
risk
to
VIPs
and
senior
leadership,
And
so
on…

Hackers
could
retaliate
for
non-payment
by
simply
posting
their
loot
to
forums
where
the
data
will
be
available
for
further
enrichment
and
exploitation.

Shining
a
light
on
dark
places

Even
though
your
company
may
not
have
suffered
a
direct
breach,
your
data
may
already
be
on
the
Dark
Web.
That
is
why

Lab
1
gets
hold
of
available
data
and
contextualises
it
to
assess
risk.

The
Dark
Web
started
off
as
a
closed
network
to
protect
dissidents.
Now
half
of
it
is
a
popular
backwater
for
criminal
activity.
According
to
the
IMF,
data
marketplaces
are
the
second
most
popular
activity
after
pharma
and
recreational
drugs.

Industry
research
in
2022
also
found
more
than
24
billion
username
and
password
combinations
on
sale
on
the
dark
web,
up
from
15
billion
in
2020.
But
there
can
be
other
records
–
intellectual
property,
accountancy
documents,
employee
records
and
more.

Breaches
end
up
being
marketed
by
hackers
with
data
descriptions
and
auction
demands,
often
in
Bitcoin.
By
getting
hold
of
these
records,
no
matter
their
value
or
half
life,
Lab
1
builds
a
picture
of
risk
exposure.

Chain
reaction

You
may
not
think
of
your
supply
chain
as
a
source
of
cybersecurity
risk,
but
you
should.
53%
of
organisations
have
had
a
data
breach
caused
by
third
party
information
theft,
according
to
Ponemon
Institute.

Data
breaches
can
and
do
spread
outside
the
perimeter
of
your
business.
That’s
the
insight
that
drives
the
Lab
1
platform.
In
an
interconnected
business,
the
tools
you
use,
the
agencies
you
hire,
and
the
subcontractors
you
use
to
perform
everyday
business
are
all
potential
vectors
of
attack.

Say
you’re
a
client
of
a
software
vendor,
and

their
stolen
data
pack
includes
code
access
to
the
servers
of
various
clients,
it’s
likely
to
include
yours.
Or
what
if
trip
details
of
VIP
customers
get
leaked
and
they’re
about
to
show
up
at
an
important
conference?

Monitor
your
supply
chain

Fallouts
from
cybersecurity
breaches
don’t
have
to
be
inevitable.

Lab
1
monitors,
alerts
and
analyses
data
breaches
across
a
company’s
entire
supply
chain
by
finding
and
contextualising
data
found
on
forums,
messaging
platforms
and
Dark
Web
marketplaces.

Using
Lab
1,
organisations
can
“follow”
the
companies
they
work
with
and
get
alerted
if
any
of
them
have
been
breached
that
would
pose
a
risk.
This
can
be
particularly
useful
for
breach
insurance
and
other
risk-related
provisions.

Because
Lab
1
is
finding
new
data
entities
by
the
second
–
24bn
to
date
–
and
is
adding
them
to
CiGraph,
its
graph
database,
the
monitoring
is
continuous.

As
and
when
incidents
are
recorded
or
data
becomes
available,
Lab
1
systems
provide
a
near-real-time
alerting
service
called

Blast
Radius.
It
allows
security
teams
to
dig
deeper
on
what
happened.

Lab
1
also
details
history,
risk
quantification,
and
recommended
remedies,
based
on
the
nature
and
size
of
the
breach.
Helping
to
prevent
attack,
manage
damage
and
view
live
risk
quantification
across
thousands
of
suppliers,
with
the
intention
for
businesses
to
build
more
robust
supply
chains.

To
find
out
if
there’s
a
hidden
data
breach
that
involves
your
company,
go
to

https://www.lab-1.io/,
where
CiGraph
may
yet
reveal
a
Dark
Web
secret
you
didn’t
know
you
had.

Found
this
article
interesting?
Follow
us
on

Twitter


and

LinkedIn
to
read
more
exclusive
content
we
post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts