Fortune 500 Reranking the Fortune 500 Using Darknet Intelligence
Total Page:16
File Type:pdf, Size:1020Kb
The Darknet Index: Fortune 500 Reranking the Fortune 500 using Darknet Intelligence Introduction We live in an era where cybersecurity often dominates the news. Yahoo, Sony and Target are only three of the many companies subjected in recent years to costly cyber attacks. No company or organization is immune from these types of attacks, and billions of dollars are spent annually in an attempt to protect the valuable data they hold. TABLE OF CONTENTS Measuring cybersecurity risk therefore becomes important for any company seeking to implement a comprehensive Introduction ...............................1 cybersecurity strategy and justify a return on the increasing Methodology................................3 investments made. Several different risk measures exist— The Top 25 ...................................5 some financial, performance, or technology related, and others Observations................................6 which attempt to measure the frequency of attacks thwarted. Conclusions..................................8 Each provides one aspect of guidance for management teams in their evaluation of overall risk. The Darknet Index......................9 About Us .....................................22 However, to date, there has been no attempt to measure the cybersecurity risk or profile of companies by how much data is available on a company that can be misused. How does the availability of breached data affect the overall the overall cybersecurity profile of a company? When data is hacked or stolen it often ends up for sale on an area of the internet known as the darknet. The darknet— actually a collection of numerous private networks, forums and channels—allows anyone using special browsers and tools to post data and communicate in a private online world. This facilitates the confidential and anonymous exchange of large amounts of stolen data. OWL CYBERSECURITY OWLCYBER.COM 303-234-1231 OWL CYBERSECURITY DARKNET INDEX: FORTUNE 500 PAGE 2 Unlike the surface web — the internet most of us use every day — there is little indexing of darknet sites. In fact, until now, there has been no easy way to comprehensively measure a company’s presence on the darknet. OWL Cybersecurity has built a proprietary database of darknet content which is the most comprehensive one of its kind in the world. This database is automatically and continuously updated with between 10 to 15 million pages per day, from more than 24,000 domains on the Tor network alone, as well as other darknet networks. Our darknet content is indexed and searchable in 47 languages for organizations wishing to monitor their data on the darknet. To demonstrate how the unprecedented scope and scale of our darknet data can strengthen a cybersecurity program, we used our OWL Vision database, together with additional sources of DARKINT™ — or darknet intelligence — to rerank all members of the Fortune 500 (as of April 2017) based on their darknet footprint. By doing this, we can provide each company with a snapshot view of its exposure on the darknet relative to peers, something we are uniquely positioned to provide. Key Takeaways From Our Analysis • Every Fortune 500 company is exposed. Every single company in the Fortune 500 had a positive Darknet Index score, meaning they have a presence on the darknet. • Amazon leads the Index. The company with the largest darknet footprint is online retailer Amazon, who has a massive internet presence and possesses a significant amount of customer data. • Technology and telecommunications companies overall are the largest target. Technology and telecommunication firms have the highest Darknet Index scores, indicating that they are the most attractive firms targeted by threat actors. • Financial firms perform better than expected. Financial firms—frequent targets of hackers—fare better than expected, likely reflecting their focus on significant investment in cybersecurity in recent years. • Hacked valuable data = increased risk. The highest scoring companies all had credentials and/or intellectual property exposed on the darknet which can be monetized by others. • Vigilance pays off. Investing in cybersecurity has tangible Darknet Index score benefits. Sectors which have invested heavily have, in some cases, smaller darknet footprints and, thus, lower Index ratings. OWL CYBERSECURITY OWLCYBER.COM 303-234-1231 OWL CYBERSECURITY DARKNET INDEX: FORTUNE 500 PAGE 3 Methodology One of the biggest hurdles to widespread awareness of darknet activity is the lack of any reliable indices. Unlike the surface web, on which many organizations continuously capture and record internet activity in a historical archive, the darknet is designed to be difficult to trace. The use of special browsers is required, and users need to obtain the full URL of a destination darknet web page to visit. There is no “darknet Google,” and darknet sites are often put up and taken down within a matter of minutes to maintain anonymity. As a result, the darknet has become a safe harbor for those looking to remain private online, whether their intentions are good or bad. A high volume of criminal activity has migrated to the darknet. “According to our scale, every company on the Fortune 500 has a darknet ranking.” OWL Cybersecurity’s proprietary OWL Vision is an expansive darknet database which can be queried via Boolean logic, proximity search, email domains, and more. Leveraging this, OWL Cybersecurity assessed each company in the 2017 Fortune 500 list, ultimately assigning every company with an overall darknet footprint. Combined with our proprietary hackishness algorithm — which rates darknet postings based on their potential for criminal use — our calculations yielded notable results. To compile our Darknet Index, we ran each member of the 2017 Fortune 500 through the OWL Vision database. We focused on specific darknets for matches on each company’s website and email domains and then further adjusted the results based on computations of “hackishness”— our algorithmic rating system which scores based on the likelihood the data could be used for nefarious intent and/or has been recorded within a recent timeframe. Recent results, from within the last 90 days, were given the most weight, as recent breaches or data leaks containing an organization’s proprietary information often make the target company a target. All mirror sites (which can be otherwise considered duplicate data) of both darknet and surface net results were excluded. OWL CYBERSECURITY OWLCYBER.COM 303-234-1231 OWL CYBERSECURITY DARKNET INDEX: FORTUNE 500 PAGE 4 Algorithm Our hackishness algorithm is the most critical input to these rankings as it eliminates uninteresting content hits. For simplicity, our algorithm weighted results from Tor Hidden Services and transitory sites most heavily. All results found in our database were given some weight as per the formula below: H (ln RDS + ln RTS) = H (ln ATR) 90 ATR H = Hackishness of last 90 days results 90 H = Hackishness of all time breach results ATR RDS = # results from Darknet Sites RTS = # results from Transitory Paste Sites ATR = # results from all time breach results Key Methodological Points • The Index is simple and objective. It is not biased toward company nicknames, press mentions, company size, CEO names or other subjective measures. • The Index scale is logarithmic, meaning every point in the index reflects almost triple the profile of a single point less. • The Index ranking reflects the attractiveness of the target. It is not a “risk of breach”. It is more closely aligned to the attractiveness of the target to a hacker while taking into account the effectiveness of their cyber defenses. • The size of a single breach is less of a factor than the frequency of breaches over the study period. • A company’s ranking as compared with direct competitors is very important. In future reports, we will take a closer look at more specific industry data to see the extent to which industry relates to a company’s DARKINT footprint. OWL CYBERSECURITY OWLCYBER.COM 303-234-1231 OWL CYBERSECURITY DARKNET INDEX: FORTUNE 500 PAGE 5 The OWL Cybersecurity Darknet Index: Top 25 The results of our analysis are presented below for the top 25 companies in our Index as follows. The full ranking of the Fortune 500 companies by their darknet footprint can be found in the Darknet Index section (Page 9). We categorize all companies using the following metrics: • DARKINT Rank - The rank of each company based on their darknet footprint score. • Fortune 500 Rank - The rank each company is given on the annual list. • Darknet Index Score - The darknet footprint score on which the rankings are based. • Company Sector - The market segment as defined by the Fortune 500 list. DARKINT Fortune Darknet Rank 500 Rank Company Name Index Score Company Sector 1 18 Amazon.com 19.16 Technology 2 36 Alphabet (Google) 17.21 Technology 3 3 Apple 15.98 Technology 4 157 Facebook 14.99 Technology 5 300 eBay 14.55 Technology 6 85 American Express 13.33 Financials 7 461 Frontier Communications 13.29 Telecommunications 8 379 Netflix 13.19 Retail 9 219 Texas Instruments 12.99 Technology 10 58 FedEx 12.58 Transportation 11 27 Wells Fargo 12.31 Financials 12 25 Microsoft 12.23 Technology 13 67 American Airlines Group 12.06 Transportation 14 10 AT&T 12.01 Telecommunications 15 37 Comcast 12.01 Telecommunications 16 11 General Electric 12.00 Industrials 17 77 Oracle 11.95 Technology 18 78 Morgan Stanley 11.57 Financials 19 20 HP 11.54 Technology 20 51 Intel 11.31 Technology 21 60 Lockheed Martin 11.30 Aerospace & Defense 22 53 Disney 10.88 Media 23 35 State Farm Insurance Cos. 10.77 Financials 24 71 Best Buy 10.72 Retail 25 75 Honeywell International 10.63 Industrials OWL CYBERSECURITY OWLCYBER.COM 303-234-1231 OWL CYBERSECURITY DARKNET INDEX: FORTUNE 500 PAGE 6 Observations Every company on the Fortune 500 has a darknet ranking. This fact alone offers a glimpse into the sheer vol- ume of information available on the darknet and confirms that no company or organization is without risk on the darknet.