Dark Matters

Tax season is prime time for phishing attacks. While many PII leaks come from malicious attacks, we must also remember the danger inherent in human error.

This week brings rising payment card fraud levels and a disconcerting data breach that affects hundreds of thousands of children.

Verizon gets another discount on the Yahoo deal, and researchers at Carnegie Mellon find the limits to customer loyalty after a bank breach.

This week a toy retailer found evidence of rewards scamming, and the government discovered that password re-use is just a hop-skip-and-a-jump away from a major breach.

While dark web markets are illicitly alluring, there are conversations in the forgotten forums that could be even bigger threats.

This week a major dark web market saw thousands of customer details dumped online, while an Australian agency had yet another accidental data leak exposing vulnerable minors. Plus, bowling.

This week we saw a new strain of ransomware with the Midas touch. The FBI breach from earlier in the month may not be what it appears. Plus, squirrels.

What do a typo, a hacked database, and a tweet have in common? Leaked credentials. This week we saw three major leaks that could have been avoided. While we are constantly advised to be on the lookout for malicious actors, sometimes we are our own worst enemies.

The dark web is a near perfect example of laissez faire economics, the theory of letting things take their own path without interference. Free of an overarching governing body, if offers us an opportunity to see how a market manages itself.

The Dark Overlord welcomed 2017 with new high-profile data leaks from an array of companies, and customers of collectable trading cards were compromised in a breach.

Dark web data intelligence can provide unique measures of security and data breach risk, especially when it comes to M&A negotiations.

What's the dark web equivalent of a doorbuster deal? Depends on if you're looking for specials on stolen credit cards or just some discounted edibles.

While Facebook tried a new method to protect their user information, another social site fell victim to a data breach. These criminals may have gotten away this time, but others were not quite so lucky.

The hacking-as-a-service market on the dark web exists, but isn’t necessarily sophisticated. The development of malware which uses the Internet of Things may change that.

This week we saw vendors break out Halloween-themed sales and other dark web offers. Oh, and your crockpot may be a security risk.

This week, Indian banks faced one of the largest breaches to ever hit the country. Meanwhile, web-hosting platform Weebly saw over 43 million users with exposed credentials.

On the eve of an acquisition, Yahoo finds itself facing a billion-dollar discount request from Verizon and Turkey restricted access to Dropbox, Google Drive, Github, and more (all to prevent government information making the rounds). Where should we draw the line on a proportional response?

Today we're proud to announce that we've partnered with Mandiant, a FireEye company, to provide incident response and breach remediation services to our customers.

Buying credit cards, drugs, or software exploits on the dark web is not like your everyday shopping.

The Yahoo breach is still making headlines, and tensions continue to brew between Azerbaijan and Armenia surrounding the Armenian Independence Day.

This week we saw a lot of Personal Health Information appear online. Fancy Bear's Hack Team dumped a series of confidential files on Olympians, and even though many on the dark web consider hospitals off-limits, TheDarkOverlord doesn't agree.

Gone are the days of stealing a test from a copier in the break room. Now, students need only go online to access a trove of educational exploits to change their grades, increase performance, and beat sky-high textbook prices.

This week, we’re reminded once again that the electoral system is an ever-increasing target for cybercriminals. Meanwhile, the credentials for over 68 million Dropbox accounts were exposed online.

Researchers continue to approach the dark web drug trade with interest and apprehension, while governments attempt to convince citizens that sharing personal data is better for everyone in the long run.

The Olympics highlight a systemic problem in the data intelligence community: the quiet leaks are often the ones you need to worry about the most.

As the Olympics are winding down in Brazil, cyberattacks are not.

The Olympics, payment fraud, and ongoing struggles between government oversight and privacy topped the news this week.

The contrast in marketing imagery at Black Hat in 2016, compared to Black Hat 2015, represents a palpable shift in the industry away from fear, uncertainty, and doubt toward rational risk management and a calmer understanding of the problem.

We're seeing more and more political information floating around the dark web, including everything from voter PII to delegate and candidate doxes to sensitive documents stolen from political parties.

According to the latest Ponemon Report, the fastest detection took nearly a full month, and the longest took just shy of two years. Breached organizations do not have that time to spare.

Organizations should look to their own data for information, rather than being distracted the flurry of headlines appearing on security.

On Monday, Troy Hunt published a blog post suggesting that there is a new trend of historical data breaches showing up on dark web markets. The blog post observed a cluster of four advertisements of data from past breaches, all from the same seller on the same market, in the same month. Based on this data, Troy suggested that this was a new trend. This got us thinking about anecdotes and statistical inference. What, if anything, can we conclude from a couple of anecdotes? Here’s our take.

Interested in learning more about data intelligence? Come see us speak at events around the country - starting tonight!

#OpIsrael is an annual campaign against Israeli government and business sites originally timed to coincide with the eve of Holocaust Remembrance Day in 2013.

We're excited to begin working with Thomson Reuters Special Services (TRSS) to expand dark web data intelligence capabilities for TRSS clients.

Tax fraud is one of the most prevalent forms of crime on the internet, and while Americans rush to prepare their returns, stolen personally identifiable information (PII) continues to appear in large quantities across the dark web.

The Poseiden Group is just one of several growing groups of hackers based out of Brazil, and we have recently seen a significant increase in the number of Brazilian data leaks and compromised credit cards on the dark web.

Given the increase in large and widespread data breaches, organizations find themselves facing issues of user security and fraudulent activity — even if their systems were never breached.

Retailers aren't the only ones offering holiday sales. Vendors on the Dark Web are taking advantage of Black Friday, Cyber Monday, and the rest of holiday season for some promotions of their own. All items 70% off. Buy one, get two free. Special discounts while supplies last. And these are just on the major markets.

According to the 2015 Cost of Cyber Crime Study from the Ponemon Institute, the mean number of days to resolve a data breach is 46, at an average cost of over $21,000 per day during the 46 day period. If your company experienced a data breach today, how quickly would you want to be notified? Matchlight Data Intelligence empowers clients with a suite of tools to proactively monitor their data."

Weather is a risk management problem. You can neither measure a storm by counting the raindrops, nor can you be safe from every hurricane. Increasingly, information security must be considered in a similar way, requiring a series of basic precautions and a contingency plan for when the storm of the century comes. As the industry undergoes this wholesale shift in mindset, enterprises are struggling to catch up.

A Chief Information Security Officer at a bank asked us to tell him if one of his client lists was ever leaked to the internet. The catch? He couldn’t actually ever provide us with the list

The average data breach takes more than 200 days to discover, and 85% of those breaches are discovered by external third parties.We are here to help. Terbium Labs is proud to introduce Matchlight, a data intelligence system designed to discover elements of your sensitive data on the internet - immediately and automatically. Matchlight monitors the dark web using a patented, one-way digital fingerprinting technique. Matchlight then automatically searches for your information, without anyone else - including Terbium - ever having to see or store the originating data.

Matchlight is powered by the latest in large-scale computational technologies. Matchlight bridges the gap between big data and information security. Built on technologies including the MapR Distribution of Apache Hadoop, Apache Spark, and Python, Matchlight constantly scours the web for matches against the fingerprints of your most sensitive data.

It's not a matter of if, but a matter of when. In fact, it's not a matter of when, but a matter of what already happened that an organization doesn't know about when it comes to data breaches. We started Terbium from the thesis that defense, while still necessary, is no longer sufficient. In today's insecure world, your organization's critical data will always be at risk, whether from a sophisticated threat actor or insider threat. That's why modern organizations are shifting their information security focus from prevention to risk management.