Cyble’s Beenu Arora Explains How They Provide Real-Time Visibility on the Dark Web

Cyble has quickly grown to become a force in the field of real-time dark web visibility and cyber-risk assessment, helping thousands of companies and organizations secure their systems. By extension, this effort has tangible positive effects on the protection of user data. So the role of Cyble goes well beyond just that of a complementary cyber-security service for firms. Very often, it is at the core of the development of data management strategies.

We have approached Beenu Arora, the founder of Cyble, to learn more about the "whys" and "hows" that hide behind their services and get an inside peek of what trends they see right now on the deep and dark web. Moreover, we analyze the current risks, how third parties should be controlled effectively when it comes to data protection, and what organizations should invest in to tackle today's threats.

TechNadu: Can you tell us a few things about yourself, your background, and how you decided to found Cyble?

I am Beenu Arora, a trained software engineer with a double MBA degree from Columbia Business School and London Business School with a focus in Entrepreneurship and Finance. I have been in the Cybersecurity industry for almost 15 years, and most of the experiences have been on Security Engineering, Cyber Defence, Threat Management, and Intelligence. Having worked for large corporates previously, one of the areas which I am still worried about is cybersecurity issues caused by third parties. I have experienced/managed several security incidents/crises in the past, which were introduced due to vulnerabilities or lack of controls in third parties. While several solutions were "trying" to provide visibility to third party threats, those often were missing a lot of data points, especially from deep web and dark web, and were using a back-box scoring approach and a number of other limitations. Hence, I decided to start Cyble to address some of those problems.

TechNadu: Cyble is about providing organizations with the invaluable knowledge of when a data breach that affects them has occurred. How extensive is the problem right now?

Cyble's ultimate mission is to provide organizations with close-to real-time visibility to Supply Chain Cyber threats and risks. As part of our vision, we have built a scalable, robust, and 'smart' technology fused with human intelligence through our network of security researchers.

Data breach monitoring and notification are one of the several things we look into when it comes to monitoring deep web and dark web. Since the launch of the company to the public, we have disclosed over 12,000 data unreported data breaches, including several high-profile ones such as Unacademy and others. Data breaches are growing due to several reasons, and dark web markets are also booming.

TechNadu: The dark web is a vast place featuring numerous user forums and marketplaces, so how do you manage to keep track of what's on offer?

Deepweb and dark web are massive in terms of its scope and complexity. We have a dedicated team of researchers, backed by our proprietary technology, which allows them to focus on high-interest events. We parse 15-25 billion pages every day, parsing for key events analyzed with our proprietary risk models, so our researchers can narrow their focus, and produce actionable insights for our customers and subscribers. At the time of writing this article, we have over 50 billion records from deep web and dark web, including breaches, chats/conversations over the private forum, P2P, etc. We are continually working towards expanding our visibility over the dark web.

TechNadu: Do you see any data breach trends forming right now? We know that ransomware actors are now also stealing files from the compromised systems before they encrypt them locally. What other noteworthy trends can you share with us?

Data breaches due to ransomware operators are one of the key concerns for public and private sectors, including governments. We are tracking over 400 threat actors currently, and a number of them are related to ransomware such as Maze, Revil, Cl0P, Sekhmet, DopplePaymer, etc. Ransomware attacks have been rapidly increasing over the past few years. These attacks are estimated to cost organizations $20 billion by 2021 (Source: Ransomware Statistics), and I believe one reason for this increase is the fact that cybercriminals are being paid out. These payouts encourage cybercriminals, resulting in new ransomware attacks with more features. Some of the trends we are noticing:

• The cybercrime markets are tending to become more profitable than before, and their affiliates' networks are expanding at a rapid pace. As organizations are unwillingly paying out ransom amounts to the cybercriminals, it is resulting in new ransomware attacks with more features and sophistication. Cyber insurance companies are indirectly causing a surge in these ransomware attacks. For instance, one of the trends that have been followed in the industry is that some cyber insurance companies have started to pay the ransoms because it costs them less than going and doing the remediation or going back to do the backups.
• Credential stuffing on the rise: Since Jan 2020, Cyble has identified over 1.2 billion new records from the deep web and dark web, indexed on our data breach monitoring and alerting engine, AmIBreached.com. Within APAC, the Financial Services, Banking, Energy, and Utilities Sectors are at the most significant risk based on their information exposure on the dark web. Several threat actors' groups have been using password spraying attacks on US and APAC organizations citing the "Magnallium" group targeting the US utility sector. Citrix Systems suffered a cyber-attack, and perpetrators gained access to their sensitive data such as employee records, financial data, etc. It is alleged that the hackers gained initial access to their systems through password spraying attacks.
• Cyble is also reporting a sharp increase in the volume and sophistication of cyber-attacks leveraging COVID-19 as a threat vector.

TechNadu: Maintaining a powerful search engine where individuals and businesses can enter their email and check where and when their data was leaked is great. Do you collaborate with services like "HaveIBeenPwned" when you discover a dump that affects a large number of users, or is everything kept on Cyble at the moment?

As part of our extensive deep web and dark web monitoring, we often directly collaborate with the affected organizations to provide them insights and assist them in their investigations. Our proposition to our enterprise and retail customers is not throwing the data on them – but we also offer risk-adjusted scoring, which considers a lot of aspects from the breach data or events from the dark web and deep web as well.

From the data collection and analysis perspective, we rely solely on our proprietary technology, world-class in-house researchers, and decades of knowledge/know-how.

TechNadu: You are also providing a way to evaluate third-party risks, a problem that has been turning into a monster for organizations today. What would be your advice on that part towards company owners who are collaborating with a large number of data-handling entities?

The global supply chains have become increasingly connected, causing a complicated web of digital inter-dependencies. Supply Chains are heavily reliant on third-party technologies partnerships across Cloud, data, hardware, and others. An SME organization can have up to 4,000 or more suppliers working across their business value chain.

At Cyble, we have observed cyber attackers who successfully exploited supply chain relationships to compromise organizations' critical network and systems, and these attacks have a profound impact economically, operationally, regulatory, as well as reputationally. Additionally, the regulatory environment for managing cybersecurity and supply chain risks are getting stringent. With the enactment of GDPR and other regulations (including UK, AU, Singapore, India, US), organizations are enforced to do more in managing supply chain cybersecurity and protect their customers' and partners' data.

Our recommendations for the organizations are to:

• Gain visibility into the dark web and cybercrime markets to prepare for previously undetected threats. Answering fundamental questions such as "What are our crown jewels? Where are they stored? Who is accessing them, and how?" is prudent to improving monitoring capabilities.
• Take a risk-based approach in reducing your attack surface by proactively identifying and remediating vulnerabilities. Many organizations are still struggling due to the complexity of their internal policies, conflicting priorities, limited control over outsourced capabilities, and poor governance.
• Gain a situational awareness of cyberthreats and risks introduced by third parties, partners, and suppliers. Cybercriminals are increasingly exploiting trust to conduct cyberattacks on their targets. While large organizations have deployed TPCRM capabilities, their confidence level is still quite low.

TechNadu: A couple of weeks back, you decided to launch your own blog citing problems with Medium. Did you face any kind of issues relating to stories that exposed or defamed companies? Has this been a problem for Cyble so far, or are affected organizations happy to accept the warnings, even when made public?

Cyble, as an organization, is heavily focused on engineering and research. We learn a lot from the open-source community, and we also make deliberate efforts to contribute back as well. Often, we use our social media channels, including Medium, to share our views, opinions, and research as well. At times, the research could be about an adversary who may have targeted an organization – our intent is not to jeopardize the victims' reputation or harm them in any way, shape, or form. The majority of the disclosures have been made responsibly.

It should be noted that there are several significant breaches that we haven't made public yet, as the affected parties are still investigating them internally. We assist those companies where we can, with no obligations whatsoever.

At the same time, we deeply empathize with the victims – we genuinely feel for them as it takes a lot of effort and time to build a business, and it is despicable to see cybercriminals taking their hard work away! Hence why we extend our assistance and support to the affected parties or victims to assist in their investigation.

Yes, there have been very few instances where organizations didn't appreciate disclosures at all. We also realized that certain social media policies lack transparency and fairness. Hence, we decided to move all the content to our own blog, i.e., cybleinc.com.

TechNadu: The Forbes Council has recently accepted you as an expert in the threat intelligence field. Would you like to comment concerning the role that you'll undertake on the council?

Forbes Technology Council is an esteemed global community of senior technologists, learning and sharing together to make a greater impact on the business world. In my role with the council, I regularly participate in the expert panels on thought leadership regarding technology, including Cyber, talent building, etc., and contribute to a broader audience by publishing articles like this one.

TechNadu: We have covered stories about scores of security issues plaguing Fortune 100 companies, so there's a clear problem of not paying attention to the cybersecurity risks involved in today's operations. Would you say that large companies with seemingly endless financial resources allocate too little of their available budget to cybersecurity, or is there something else going on?

We are seeing large organizations acting seriously on cybersecurity aspects by investing in talent building, technology sourcing, as well as building cyber awareness in their employees and partners. However, just like technology itself, the cyber threat landscape is also changing and evolving. Cybercriminals now have a similar level of computation resources, skillsets, and funding like large companies have. Hence, organizations must review their current investments and ensure those are aligned to addressing the current and emerging cyber threats and risks.