Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

12:00 AM
Dark Reading
Dark Reading
Products and Releases

OWL Cybersecurity Launches Darknet Index

Index ranks Fortune 500 based on the Darknet footprint and security threat levels.

DENVER — OWL Cybersecurity, a Denver-based cybersecurity company offering the world’s largest commercially available database of darknet data, today announced the release of The OWL Cybersecurity Darknet Index: Reranking the Fortune 500 using Darknet Intelligence, a study that assessed each company in the 2017 Fortune 500 list and ranked each company based on company data exposed on the darknet.

The darknet is a collection of networks on the internet that are purposefully hidden, designed specifically for anonymity. Unlike the surface web (public information available to search engines) and the deep web (online information requiring credentials, like banking sites or paid firewalls), the darknet is only accessible with special tools and software. As a result, the anonymity of the darknet facilitates the exchange of large amounts of stolen and hacked data.  The presence of a company’s data on the darknet, and the extent of that presence is one measure of cybersecurity risk.

To compile the Darknet Index, OWL Cybersecurity ran each member of the 2017 Fortune 500 through the company’s proprietary OWL Vision database and adjusted their results based on computations of “hackishness”— a proprietary algorithmic rating system which scores based on the likelihood that data could be used for nefarious intent and how recently the data was made available, with recent results given the most weight.

“Until now, there hasn’t been an easy way to comprehensively measure a company’s presence on the darknet,” said Mark Turnage, CEO of OWL Cybersecurity. “Using our proprietary database of darknet content, combined with our hackishness algorithm, we are able to provide companies with customized Darknet Index scores that allow them to measure the efficacy of their cybersecurity efforts over time, and how they compare to other companies in similar industries.”

The study revealed that every company on the Fortune 500 is exposed on the darknet. Additional insights from the study include:

· Amazon leads the index. The company with the largest darknet footprint is online retailer Amazon, who has a massive internet presence and possesses significant customer data. 

· Technology and telecommunications companies overall are the largest target. Technology and telecommunication firms have the highest Darknet Index scores, indicating that they are the most attractive firms targeted by threat actors.

· Financial firms perform better than expected. Financial firms — frequent targets of hackers — fare better than expected, likely reflecting their focus on significant investment in cybersecurity in recent years.

· Hacked valuable data = Increased risk. The highest scoring companies all had credentials and/or intellectual property exposed on the darknet which can be monetized by others.

· Vigilance pays off. Investing in cybersecurity has tangible Darknet Index score benefits. Sectors which have invested heavily have, in some cases, smaller darknet footprints and, thus, lower Index ratings. 

Based on the results of OWL Cybersecurity’s Darknet Index, it is apparent that DARKINT is a key factor in a complete information security approach. This fact also offers a glimpse into the sheer volume of information available on the darknet and confirms that no company or organization is without risk on the darknet. Analyzing and monitoring darknet data as an integral part of a complete cybersecurity program allows organizations to swiftly detect security gaps and mitigate damage prior to the misuse of compromised data.

To read the full study visit www.owlcyber.com/owl-cybersecurity-darknet-index.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Exploitation, Phishing Top Worries for Mobile Users
Robert Lemos, Contributing Writer,  2/28/2020
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing Writer,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-28
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for so...
PUBLISHED: 2020-02-28
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensi...
PUBLISHED: 2020-02-28
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
PUBLISHED: 2020-02-28
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
PUBLISHED: 2020-02-28
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.