Threat Intelligence

12:00 AM
Dark Reading
Dark Reading
Products and Releases

OWL Cybersecurity Launches Darknet Index

Index ranks Fortune 500 based on the Darknet footprint and security threat levels.

DENVER — OWL Cybersecurity, a Denver-based cybersecurity company offering the world’s largest commercially available database of darknet data, today announced the release of The OWL Cybersecurity Darknet Index: Reranking the Fortune 500 using Darknet Intelligence, a study that assessed each company in the 2017 Fortune 500 list and ranked each company based on company data exposed on the darknet.

The darknet is a collection of networks on the internet that are purposefully hidden, designed specifically for anonymity. Unlike the surface web (public information available to search engines) and the deep web (online information requiring credentials, like banking sites or paid firewalls), the darknet is only accessible with special tools and software. As a result, the anonymity of the darknet facilitates the exchange of large amounts of stolen and hacked data.  The presence of a company’s data on the darknet, and the extent of that presence is one measure of cybersecurity risk.

To compile the Darknet Index, OWL Cybersecurity ran each member of the 2017 Fortune 500 through the company’s proprietary OWL Vision database and adjusted their results based on computations of “hackishness”— a proprietary algorithmic rating system which scores based on the likelihood that data could be used for nefarious intent and how recently the data was made available, with recent results given the most weight.

“Until now, there hasn’t been an easy way to comprehensively measure a company’s presence on the darknet,” said Mark Turnage, CEO of OWL Cybersecurity. “Using our proprietary database of darknet content, combined with our hackishness algorithm, we are able to provide companies with customized Darknet Index scores that allow them to measure the efficacy of their cybersecurity efforts over time, and how they compare to other companies in similar industries.”

The study revealed that every company on the Fortune 500 is exposed on the darknet. Additional insights from the study include:

· Amazon leads the index. The company with the largest darknet footprint is online retailer Amazon, who has a massive internet presence and possesses significant customer data. 

· Technology and telecommunications companies overall are the largest target. Technology and telecommunication firms have the highest Darknet Index scores, indicating that they are the most attractive firms targeted by threat actors.

· Financial firms perform better than expected. Financial firms — frequent targets of hackers — fare better than expected, likely reflecting their focus on significant investment in cybersecurity in recent years.

· Hacked valuable data = Increased risk. The highest scoring companies all had credentials and/or intellectual property exposed on the darknet which can be monetized by others.

· Vigilance pays off. Investing in cybersecurity has tangible Darknet Index score benefits. Sectors which have invested heavily have, in some cases, smaller darknet footprints and, thus, lower Index ratings. 

Based on the results of OWL Cybersecurity’s Darknet Index, it is apparent that DARKINT is a key factor in a complete information security approach. This fact also offers a glimpse into the sheer volume of information available on the darknet and confirms that no company or organization is without risk on the darknet. Analyzing and monitoring darknet data as an integral part of a complete cybersecurity program allows organizations to swiftly detect security gaps and mitigate damage prior to the misuse of compromised data.

To read the full study visit

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSec,  4/12/2018
7 Non-Financial Data Types to Secure
Curtis Franklin Jr., Senior Editor at Dark Reading,  4/14/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.