Application Security and the Dark Web: Understanding Criminal Behavior

In July, we got a taste of the Dark Web: What criminals are doing, what they're buying and selling. In August, Jason Rivera is going to take us a little deeper and study their motivations and goals, and study the criminal mindset.

Application Security & the Dark Web: Understanding criminal behavior and motive in order to enhance application security

Most leading cybersecurity programs adhere to a series of best practices when it comes to the implementation of cybersecurity protocol, and application security (AppSec) is no exception. Most of us by now are familiar with leading cybersecurity frameworks (NIST, ISO 27001/27002,PCI DSS, etc.) – many of us are even familiar with the implementation of these frameworks. The problem, however, is that these frameworks are static; they are updated on an irregular basis and tend not to keep pace with the criminal community. Moreover, criminals also have access to these opensource cybersecurity frameworks and it probably isn’t too hard to figure out what framework a business uses (a criminal can easily gauge this through hiring announcements, social engineering, etc.). This means that they already possess a road map that could be used to gain system access, and ultimately compromise an organization’s security posture.

Given the above, it is incumbent upon security professionals, particular those who specialize in AppSec, to gain an understanding of criminal behavior and motive in order to defend against threats of the future. The good news is that this isn’t actually that hard. From a behavioral standpoint, criminals talk to each other on a regular basis in dark web forums. They discuss their goals, their operations, they look for collaborators, they sometimes talk about their methodology,etc. In terms of motive, one can gauge this through an understanding of dark web marketplaces. That is, to understand motive a security professional should gain an understanding of the kinds of exploits that are being sold, the value of these exploits, the rate of sale of these exploits, the kinds of applications that are held at risk, etc.

It is through a combined understanding of criminal behavior and motive, which can be achieved through respectively monitoring and assessing dark web forums an marketplaces, that a AppSec-minded individual can gain the upper hand. This presentation will discuss the basic methodology of how to do this and will provide a simple tutorial that can be understood at a high enough level to be universally applicable for any cybersecurity professional.