That sector-specific targeting is also visible in ransomware groups’ recruitment patterns. “If an [affiliate recruitment] ad like ‘Looking for SaaS or CRM partners’ appears, it’s a direct signal that your industry is being targeted,” says Aleksandr Adamenko, co-founder of Winday.co, noting that such indicators can help CISOs connect the dots between dark web activity and emerging threats to their business.
Even when there’s no immediate danger, dark web monitoring can strengthen defenses by providing insight into how attackers operate. “Be aware of the tactics, techniques, and procedures used in cyberattacks, and stay current with real-world attack scenarios,” says Stacey Cameron, CISO at anti-ransomware company Halcyon. She cites examples such as “discussion of unpatched or zero-day vulnerabilities, often tied to specific operating systems, VPNs, or remote access tools,” and the sale of “harvested credentials, both human and non-human, especially for cloud and SaaS platforms.”
How to monitor the dark web
Getting access to all this information is easier said than done — and many may find it intimidating. At the most basic level, there are free tools that offer entry-level visibility. “‘Have I Been Pwned,’ for example, is a free and reliable service for checking if an email address was involved in a known breach,” says Crystal Morin, cybersecurity strategist at Sysdig. “It also offers paid tiers of enterprise monitoring for all email addresses associated with a corporate domain.”
