ACID Technologies is a well-established threat intelligence company that utilizes an advanced, proprietary dark web scan tool to monitor the dark web 24/7/365, with the aim of detecting threats targeting its clients. These include signs of a cyber attack being planned, as well as attacks that are in progress or have already taken place.

The company provides services to companies and organizations operating in a wide variety of sectors and industries, including banking and finance, healthcare, education, transportation, energy, state and local government, gaming and gambling, and others. In addition to the dark web, ACID also monitors the deep web, paste tools, dump sites, leak sites, and social media – Facebook, Twitter, Instagram, VK, and Weibo; and chats – IRC web chat, Discord, Telegram, WhatsApp and WeChat, greatly increasing coverage. The monitoring is meticulously tailored, based on client-specific keywords and relevant languages, in order to yield optimally precise results and actionable intelligence.

Once a threat is detected by the dark web scan tool or through monitoring of any of the other sources and platforms, the threatened organization is alerted in real time and provided with all known details, to enable it to effectively respond. Additional intelligence is immediately conveyed as it becomes available, to enable fine-tuning the response. By implementing targeted countermeasures, the organization can reduce the harmful consequences of the attack – be they disruption to operation, loss of business, payment of heavy regulatory fines, loss of clients, reputational damage, or other. When the threat detected is an attack that is still in its planning stage, it can potentially be thwarted altogether.

What is the dark web used for?

The dark web is a part of the internet that includes sites that are not indexed by commonly used search engines, such as Google. They are accessible only through anonymized software like the browser Tor or I2P, which uses a distributed network database. Users are thus able to maintain their confidentiality: both their identity (IP address), and the websites they choose to visit.

These characteristics make the dark web attractive to cybercriminals, who use it for illicit activity such as selling drugs, weapons and malware.

On the dark web, cybercriminals also share information, develop and coordinate cyber attacks, negotiate Ransom as a Service (Raas) transactions, and sell confidential information that they have obtained by breaching targeted organizations’ systems (for example, credit card information, personally identifiable information (PII), login credentials, financial information, medical records and more). The perpetrators are often motivated by the prospect of financial gain – either by selling the stolen information or using it to extort its original owners.

Groups motivated by ideology, whether political, social, environmental or other, are also known to have used the dark web to plan and coordinate demonstrations or attacks on organizations they perceive as adversaries.

It should be noted, however, that the dark web is also used for non-criminal activity, for example, by journalists who must protect their identity in countries that do not respect privacy and allow free speech.

What does dark web monitoring consist of, and why is it important?

Dark web monitoring is essentially a continuous search of the dark web with the aim of detecting threats. Given the enormous amount of information found on the dark web, in order to yield effective results, the monitoring must be as precise as possible, using keywords and terms that are specific to the information sought. When the languages relevant to the organization that has engaged a dark web monitoring service provider are also taken into consideration in the search parameters, as ACID does, the results are even more accurate, and therefore, more actionable.

The importance of dark web monitoring lies in its ability to detect threats – those that are emerging, and those that have already materialized and caused damage to the targeted organization. Knowledge is key here: An organization that receives real-time alerts to threats, such as information about a cyber attack being planned against it along with all available details, can act upon this information and take the necessary mitigation steps. Also, an organization that learns that its data has been compromised and is posted on the dark web can investigate how, when and by whom it had been stolen. Often, this will point to a security gap in its systems that it is unaware of, one that possibly occurred weeks or months earlier and may still require closing to prevent further data leakage. Knowing which data has been compromised also allows taking action to lessen the harmful consequences of the breach. Providing these real-time actionable alerts and information is precisely what ACID does.

What are the most important features to consider when choosing a monitoring service employing a dark web scan tool?

The most important features to look for when choosing a monitoring service provider are its ability to effectively detect threats targeting specific organizations, and provide actionable alerts that are as detailed as possible. ACID’s dark web scan tool was designed to do both – by coupling its technological scanning capabilities with keywords and languages that are specific to each client organization.

What makes ACID’s dark web scan tool so effective?

ACID’s dark web scan tool is comprised of a number of elements, which seamlessly operate in unison to provide the most effective and precise results. Clusters of robots are unleashed to roam the dark web, seek and identify threats, and sophisticated AI algorithms are implemented to enhance effectiveness.

As ACID serves clients across numerous sectors and industries, the keywords used by the dark web scan tool are set accordingly. Bearing in mind that each of the different companies that are active in the same industry have their own specific characteristics and operational profile, keywords reflecting their uniqueness are also used in the monitoring process. Furthermore, to best serve ACID clients operating around the globe and communicating in different languages, the tool takes the languages relevant for each client into consideration as well. Tailoring the tool for each client specifically is a process conducted by ACID experts in coordination with each client’s professional staff. Keywords can be changed and added clients develop their operation, introduce new products and/or services, diversify their activities, and enter new markets.

Immediately upon the detection of a threat, the client is notified and provided with all known details at that time, including screenshots, where possible. The real-time alerts to specific threats enable the targeted organization to plan and set in motion steps to contain the threat, eliminate it or mitigate its harmful impact. ACID’s tool continues scanning the dark web in order to collect more information on the detected threat. Any new information is provided to the client as soon as it is revealed, to enable adjusting the countermeasures accordingly. This ability to fine-tune the client’s response to the threat increases the chances of success in reducing the harmful consequences, in terms of disruption to operation, exposure of trade secrets, regulatory noncompliance fees, damage to reputation, abandonment of clients and financial loss.

While continuing to scan the dark web for additional information about a threat that it has already detected, ACID’s dark web scan tool also continues searching for other threats.

Importantly, when the detected threat is an attack that is still being planned, the real-time, precise alert provided by ACID can help the organization foil it altogether. This not only allows it to avoid harmful outcomes, but can also signal to the perpetrator that the target it has chosen is vigilant and capable of protecting itself, increasing its deterrence.

As the dark web is not only an arena for planning attacks, but also a marketplace at which cyber criminals offer stolen data for sale and finalize transactions, ACID’s sophisticated scan tool is designed to detect whether data stolen from its clients is put up for sale, or dumped for all to see, free of charge. This is a clear indication of a breach that the client may not be aware of, and which requires its immediate attention. Such information, provided by ACID, enables the victim of the breach to close the gap, and hopefully pinpoint when its data first became exposed, what was stolen, and perhaps – by whom.

What are some examples demonstrating the effectiveness of ACID’s dark web scan tool and cyber threat detection and real-time alerting services?

Banking

• An employee of a third party that supplies services to a bank stole sensitive information and tried to sell it on the dark web. ACID detected these attempts and alerted the bank, provided all known details and continued to monitor for more. Thanks to the information supplied by ACID, the perpetrator was apprehended, the stolen data was retrieved, and the bank’s reputation remained intact. ACID continued monitoring the dark web for several months to verify that the data had not been copied and was still being offered for sale by possible accomplices.

• A disgruntled bank employee stole a database of 1 million customer records and 2 million credit cards from his employer and demanded ransom. ACID conducted extensive searches on the dark web and multiple additional sources and platforms to check whether the stolen data was also being offered for sale to others, to prevent harm to the bank’s reputation while it was negotiating with the attacker, in order to provide the police sufficient time to apprehend him. With the additional information that ACID collected, the employee behind the attack was identified and brought to justice, and the stolen data retrieved.

Healthcare

• ACID detected the attempted sale of personally identifiable information (PII) of hundreds of thousands of patients on the dark web. The information included patient treatment records, details of therapy sessions with psychologists and X-rays, among others. The targeted healthcare institutions were immediately alerted and provided with all available data on the attack. In one case, the perpetrator was unable to sell the stolen information and posted chunks of data in Pastebin. ACID detected the posted chunks and informed the relevant institution in real time. It also detected activity aimed to defraud health insurers with fake certificates. Thanks to ACID’s threat detection services, the institutions were able to mitigate the consequences of the attack, close the security breach and prevent future attacks. The targeted institution also had time to prepare a PR response before the theft became public knowledge.

Energy

• ACID detected a utilities & power company’s classified report on a system malfunction on the dark web. It sent a real-time alert to the company, which was unaware that the report had been leaked. The information provided by ACID allowed the company to investigate who had leaked the report and take action to mitigate the consequences of the leak.

• ACID detected that a cybercriminal had hacked into a thermal power plant’s management system and gained full control. It immediately informed the client, who, with the details provided by ACID, closed the security breach and regained control of its management and control systems. The client thus avoided financial losses, as well as damage to reputation. Potential harm to the environment was also avoided.

Telecommunications

• ACID detected an attempt to trade in confidential information stolen from a telecommunications company. The perpetrator stole the information from the company’s engineering network, and offered private correspondence of individual users, identified by their telephone number, for sale. ACID alerted the company in real time, providing all available details, and continued monitoring the incident to collect additional data and update the client. With the information provided by ACID, the company was able to take immediate action to mitigate the consequences of the attack.

Gambling

• ACID detected that the SSL VPN server of a gambling company’s financial system had been hacked, and that its admin access credentials were traded on the dark web. It immediately alerted the company, providing all the details known at that time, and continued monitoring in order to collect additional information as it became available. Thanks to the information provided by ACID, the company was able to eliminate the threat and mitigate its consequences, thus avoiding financial harm and damage to its reputation.

Government

• ACID detected an attempt to sell stolen personal information of hundreds of thousands of citizens, including the ID photos of some of them, on the dark web. It immediately alerted the governmental body from which the information had been stolen, providing all the available details, enabling it to close the security breach.