Information security professionals discussed methods of protecting against threats from malicious actors and insiders at the Inside Dark Web conference in New York City on Thursday.
Lance James, chief scientist at Flashpoint, discussed efforts by analysts to effectively identify and categorize Dark web pages. "How do we understand what is happening on Dark web sites?" James asked, noting a 24 percent growth rate of Onion sites on the Dark web between 2014 and 2015, according to Flashpoint research.
James found that the process of researching malicious Dark web sites can be automated by tagging and categorizing Onion sites using details such as when the sites were created, image match, hash match, and encryption information.
“Without actually viewing the sites or involving a human analyst, you can track campaigns and cluster behaviors," James said.
During an earlier presentation, University of Toronto professor Bob Logan discussed the difficulties of protecting against insider threats. “The tools are not made for insider threats, Logan said. “In general, tools are built for perimeter threats.”
Organizations are increasingly at-risk, considering that there are few barriers to entry when it comes to insider threats. He said that there is not yet a strong threat profile of malicious insiders, but he said the indicators that an individual could become a malicious insider include "many of the same indicators as criminal behavior. These may include antisocial behavior, an adverse life trigger such as a bankruptcy or divorce, poor work performance reviews, and an inability to change their life situation.
Attackers seize on employees struggling with these challenges and adapt an approach that he dubbed “Why hack when you can recruit?”