Threat Intelligence

5/24/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

OWL Cybersecurity Launches Darknet Index

Index ranks Fortune 500 based on the Darknet footprint and security threat levels.

DENVER — OWL Cybersecurity, a Denver-based cybersecurity company offering the world’s largest commercially available database of darknet data, today announced the release of The OWL Cybersecurity Darknet Index: Reranking the Fortune 500 using Darknet Intelligence, a study that assessed each company in the 2017 Fortune 500 list and ranked each company based on company data exposed on the darknet.

The darknet is a collection of networks on the internet that are purposefully hidden, designed specifically for anonymity. Unlike the surface web (public information available to search engines) and the deep web (online information requiring credentials, like banking sites or paid firewalls), the darknet is only accessible with special tools and software. As a result, the anonymity of the darknet facilitates the exchange of large amounts of stolen and hacked data.  The presence of a company’s data on the darknet, and the extent of that presence is one measure of cybersecurity risk.

To compile the Darknet Index, OWL Cybersecurity ran each member of the 2017 Fortune 500 through the company’s proprietary OWL Vision database and adjusted their results based on computations of “hackishness”— a proprietary algorithmic rating system which scores based on the likelihood that data could be used for nefarious intent and how recently the data was made available, with recent results given the most weight.

“Until now, there hasn’t been an easy way to comprehensively measure a company’s presence on the darknet,” said Mark Turnage, CEO of OWL Cybersecurity. “Using our proprietary database of darknet content, combined with our hackishness algorithm, we are able to provide companies with customized Darknet Index scores that allow them to measure the efficacy of their cybersecurity efforts over time, and how they compare to other companies in similar industries.”

The study revealed that every company on the Fortune 500 is exposed on the darknet. Additional insights from the study include:

· Amazon leads the index. The company with the largest darknet footprint is online retailer Amazon, who has a massive internet presence and possesses significant customer data. 

· Technology and telecommunications companies overall are the largest target. Technology and telecommunication firms have the highest Darknet Index scores, indicating that they are the most attractive firms targeted by threat actors.

· Financial firms perform better than expected. Financial firms — frequent targets of hackers — fare better than expected, likely reflecting their focus on significant investment in cybersecurity in recent years.

· Hacked valuable data = Increased risk. The highest scoring companies all had credentials and/or intellectual property exposed on the darknet which can be monetized by others.

· Vigilance pays off. Investing in cybersecurity has tangible Darknet Index score benefits. Sectors which have invested heavily have, in some cases, smaller darknet footprints and, thus, lower Index ratings. 

Based on the results of OWL Cybersecurity’s Darknet Index, it is apparent that DARKINT is a key factor in a complete information security approach. This fact also offers a glimpse into the sheer volume of information available on the darknet and confirms that no company or organization is without risk on the darknet. Analyzing and monitoring darknet data as an integral part of a complete cybersecurity program allows organizations to swiftly detect security gaps and mitigate damage prior to the misuse of compromised data.

To read the full study visit www.owlcyber.com/owl-cybersecurity-darknet-index.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.