The Dark Dive

In this episode of The Dark Dive we're looking at a particular type of malware called Information Stealers or "infostealers". This malware is designed to (you guessed it!) steal information from infected devices. Threat Intelligence Engineers Rob Fitzsimons and Joe Honey discuss exactly how infostealers work, why this malware has become so prolific, and where it can be spotted on the dark web.  During the episode we cover the differences between different strains of infostealer, recent law enforcement action that has succeeded in taking infostealers offline, and how organizations should be protecting themselves. You can download Searchlight Cyber's infostealer report (discussed 26.53 - 29.40) here: https://slcyber.io/whitepapers-reports/infostealer-identified/ And find more information on Operation Magnus (discussed 38.18 - 47.06) here: https://www.operation-magnus.com/ Want to find out more or have a suggestion for future podcast episodes? Email: thedarkdive@slcyber.io Website: www.slcyber.io [http://www.slcyber.io/] LinkedIn: www.linkedin.com/company/searchlight-cyber [http://www.linkedin.com/company/searchlight-cyber] X: www.twitter.com/SLCyberSec [http://www.twitter.com/SLCyberSec] Weekly newsletter: www.slcyber.io/beacon/ [http://www.slcyber.io/beacon/]

This episode of The Dark Dive focuses on encrypted communication apps, including Telegram, Tox, Signal, Session, and Jabber. While not strictly speaking part of the "dark web", these apps are used by the same criminals to perpetrate many of the same crimes. We start with the "mainstream", taking a close look at the popular messaging app Telegram in the wake of the arrest of its CEO in August 2024. Vlad, a threat intelligence analyst at Searchlight Cyber, then takes us through the alternative apps that criminals may migrate to, should the privacy changes to Telegram make in an inhospitable environment for cybercrime. We then take a look at the other end of the spectrum with the example of EncroChat - an enrcypted communication network that required a special device sold on subscription. Dave Osler, Head of Product at Searchlight Cyber, talks us through the type of crimes that took place on this "high end" encrypted network and the international law enforcement operation that brought the whole thing crashing down. Further reading: * The arrest of Telegram's CEO: https://www.reuters.com/world/europe/telegram-messaging-app-ceo-pavel-durov-arrested-france-tf1-tv-says-2024-08-24/ * Privacy changes on Telegram: https://thehackernews.com/2024/09/telegram-agrees-to-share-user-data-with.html * Vice's reporting around the takedown of EncroChat: https://www.vice.com/en/article/how-police-took-over-encrochat-hacked/ * Europol and Eurojust's figures around EncroChat: https://www.europol.europa.eu/media-press/newsroom/news/dismantling-encrypted-criminal-encrochat-communications-leads-to-over-6-500-arrests-and-close-to-eur-900-million-seized * The Ghost app takedown: https://www.europol.europa.eu/media-press/newsroom/news/global-coalition-takes-down-new-criminal-communication-platform Want to find out more or have a suggestion for future podcast episodes? * Email: thedarkdive@slcyber.io * Website: www.slcyber.io [http://www.slcyber.io/] * LinkedIn: www.linkedin.com/company/searchlight-cyber [http://www.linkedin.com/company/searchlight-cyber] * X: www.twitter.com/SLCyberSec [http://www.twitter.com/SLCyberSec] * Weekly newsletter: www.slcyber.io/beacon/ [http://www.slcyber.io/beacon/]

In this episode of The Dark Dive we're joined by incident response heavyweight Caleb Barlow (former head of IBM X-Force and now CEO of Cyberbit) and Searchlight Cyber's Head of Threat Intelligence Luke Donovan to discuss the best ways to respond to a cyberattack. Caleb and Luke share war stories, talk about what progress has been made in the cybersecurity industry (and areas of improvement!), and each give their own take on how organizations can best prepare for the fateful day that their network is breached. Along the way we discuss how incident response has changed over the years, where threat intelligence and - in particular - dark web intelligence on cybercriminals fits into the incident response process, and why a eight-year-old Ted Talk now seems remarkably prescient. The Ted Talk discussed at the 39 minute mark is "Where is Cybercrime Really Coming From?": https://www.ted.com/talks/caleb_barlow_where_is_cybercrime_really_coming_from? Want to find out more or have a suggestion for future podcast episodes? Email: thedarkdive@slcyber.io Website: www.slcyber.io [http://www.slcyber.io/] LinkedIn: www.linkedin.com/company/searchlight-cyber [http://www.linkedin.com/company/searchlight-cyber] X: www.twitter.com/SLCyberSec [http://www.twitter.com/SLCyberSec] Weekly newsletter: www.slcyber.io/beacon/ [http://www.slcyber.io/beacon/]

Can you quantify the risk the dark web poses to organizations? In this episode of the podcast, we discuss a landmark study that has tried to do just that. We're joined by Scott Stransky, Managing Director and Head of the Marsh McLennan Cyber Risk Intelligence Center and Ben Jones, CEO of Searchlight Cyber and Scott unravel the findings of the report "The Correlation Between Dark Web Exposure and Cybersecurity Risk". We discuss how cyber insurance loss data can be used to calculate the impact of dark web exposure on an organization's cybersecurity risk. We look at how different types of dark web exposure individually impact the chance of a cyberattack. Then we explore how multiple factors combined increase the chances of a cybersecurity incident. Download the research report discussed in the podcast: https://slcyber.io/whitepapers-reports/the-correlation-between-dark-web-exposure-and-cybersecurity-risk/ Apply for a Dark Web Risk Report on your organization: https://slcyber.io/dark-web-risk-report-find-out-your-dark-web-exposure/ Want to find out more or have a suggestion for future podcast episodes? Email: thedarkdive@slcyber.io Website: www.slcyber.io [http://www.slcyber.io/] LinkedIn: www.linkedin.com/company/searchlight-cyber [http://www.linkedin.com/company/searchlight-cyber] X: www.twitter.com/SLCyberSec [http://www.twitter.com/SLCyberSec] Weekly newsletter: www.slcyber.io/beacon/ [http://www.slcyber.io/beacon/]

This episode of the podcast looks at the Qilin ransomware group's attack on the UK's National Health Service. Or - more accurately - their ransomware attack against Synnovis, a third party pathology testing organization for a number of London hospitals. Guests Louise Ferrett and Joe Honey go through time timeline of the attack - discussing the group's history, whether to trust claims that the attack was politically motivated, and the reasoning behind leaking 400gb of stolen patient data. This episode also looks at the state of ransomware half a year into 2024 - including where some of the biggest groups from last year have disappeared off to, new groups that security professionals should be aware of, and the diversification of ransomware landscape as more groups emerge than ever before. Want to find out more or have a suggestion for future podcast episodes? * Email: thedarkdive@slcyber.io * Website: www.slcyber.io [http://www.slcyber.io/] * LinkedIn: www.linkedin.com/company/searchlight-cyber [http://www.linkedin.com/company/searchlight-cyber] * X: www.twitter.com/SLCyberSec [http://www.twitter.com/SLCyberSec] * Weekly newsletter: www.slcyber.io/beacon/ [http://www.slcyber.io/beacon/]