By Chris Camacho
As threat actors continue to find a measure of security and anonymity away from illicit online forums, and operate more and more on encrypted chat services, the need for access to and monitoring of these platforms becomes an imperative for mitigating risk.
The migration to chat services varies by region, and the sophistication of the actor and law enforcement, but it’s indisputable that more illicit activity is taking place on these platforms than ever before.
Some criminals are leveraging the various implementations of encryption offered by some chat services to elude surveillance from law enforcement and security researchers. Others, meanwhile, stand up channels dedicated to fraud, carding, account takeover, malware, insider recruitment, narcotics, and other nefarious activities.
The challenge for enterprises is getting a handle on the activity targeting their business that’s happening on these decentralized systems. Most organizations don’t have the time or people required for what can become an arduous, manual task.
To obtain full visibility into these discussions—both for proactive defense and historical research—often requires an intelligence provider with expansive coverage of these platforms. That means more than manually curating individual conversations and working through analysis via a spreadsheet. This aspect of security operations requires access and monitoring of the broad universe of illicit discussions taking place on a range of closed venues via scaled collections processes
This approach is much more comprehensive than manually obtaining and analyzing a handful of interesting messages; organizations will quickly see gaps in this approach and their resulting exposure to threats.
Instead, a full-spectrum collection of such data is required in order to have the assurance that the resulting intelligence will meet an organization’s needs. Human analysts alone cannot capture all the critical content necessary from these platforms, nor can they have the insight up front to make a determination which conversations will end up becoming the most important. The only feasible approach to reduce exposure for an organization is to provide access to and analyze an expansive archive of available data, and provide actionable intelligence from the resulting information.
This is the approach Flashpoint has taken in its collections from numerous chat services, delivering to users secure access through our platform to around-the-clock conversations within these illicit channels and communities. Key features of Flashpoint’s chat services collections include access to relevant channels and the targeted data shared therein, near real-time data within the platform, an expansive historical data archive providing users with secure access to threat actor conversations, and universal searching capabilities allowing users to efficiently view historical results across channels.
Our customers acknowledge that providing this access requires substantial expertise, specialized engineering, resources, and time. Attempting to access and monitor these online regions without the proper capabilities established and precautions in place could yield misconstrued conclusions. In some cases, it could even place an organization and its stakeholders at an increased risk of malicious cyber activity. Flashpoint’s approach lowers that risk and puts an enormous wealth of information and actionable intelligence within reach of organizations.
Contact us to learn more about our chat services.