Owl Cybersecurity’s Darknet Index puts Amazon as #1
Technology and telecommunications companies are among the companies which are most at risk for hacked data to end up on the web of private networks collectively known as the darknet, according to a recent report put together by Owl Cybersecurity.
Owl has a proprietary database of darknet content that it analyzed to calculate a “darknet footprint” for each of the companies in the Fortune 500 (as of April 2017) and re-ranked them based on the size of that footprint and the recentness of the data associated with ech company. The company published the top 25 in its Darknet Index, which were heavily weighted toward technology and telecom companies.
Owl found that Amazon had the largest darknet footprint, followed by Alphabet (Google), Apple, Facebook and EBay. Frontier Communications was the highest-ranked telecom company with a ranking of #7. Texas Instruments came in at #9, and Microsoft ranked #12, AT&T ranked #14 with Comcast at #15. Oracle, HP and Intel also made Owl’s top 20.
Telecom companies have been among the victims of a number high-profile cyber attacks, from Spanish operator Telefonica running afoul of the WannaCry ransomware to Bell Canada experiencing a massive hack of customer information, primarily active email addresses. In March 2016, Verizon Enterprise was hit with a hack that resulted in the data of 1.5 million customers being offered for sale online.
RCR Wireless News asked Mark Turnage, CEO of OWL Cybersecurity to break down the implications for telecom companies. The following Q&A was conducted via email and has been lightly edited.
RCR: Tell us about how the report came together and the context for the information.
Turnage: We’re in the unique situation of having the largest commercially available database of darknet content, so we put together this Index to leverage that database and darknet intelligence (DARKINT) to highlight the significant amount of exposure most companies have on the darknet. In this case, we noticed a number of the companies in the Fortune 500 were appearing in one data dump after another on the darknet and decided to dig a little further. After running several variables of each company’s identifiable information through our database and applying our proprietary algorithm to assess the extent of their darknet footprint, we found that each company in the Fortune 500 has a darknet presence, and that is really significant. We wound up developing our Index as a way to track their exposure over time and to see what it would look like if we re-ranked the list based on DARKINT.
RCR: There are a few telecommunications/network providers on your list. What makes a company vulnerable or attractive as a target? What do telcos in particular need to be aware of in terms of what makes them a target?
Turnage: Since we focused this analysis on the Fortune 500, the number of results per-sector are reflective of the number of companies in each sector that are in the actual Fortune 500 list. In this case, that is only twelve companies. Taking a closer look at the telecommunications sector, there are some interesting takeaways there. While the average rank of telecommunication companies in the Fortune 500 is 246, their average rank in our Index is 187. From this we can say that when ranked by revenue, the telecommunications industry has a relatively modest performance as compared to other sectors. However, when re-ranked by darknet footprint, the telecommunications sector has a significantly high average – in fact it is only second to the technology sector (which has an average darknet rank of 157).
One of the ways we quantify the vulnerability or attractiveness of any given target is by determining the level of “hackishness” – our proprietary algorithm that judges to what extent a company’s information may be leaked and used for nefarious purposes – of each entity and factoring that into the amount of results we found for that company in our database. For example, companies with a significant amount of DARKINT results within the last 90 days are given a higher hackishness score, as this information is considered more timely and thus more desirable from a criminal perspective.
All companies are a target. Any modern business in the Fortune 500 will have weak points that can be discovered and exploited by those with criminal intent. Email phishing and third party relationships (vendors) are the top vectors for exploit of a Fortune 500 organization. We see the results of these exploits appearing in our DARKINT collection almost daily.
RCR: What do you see as the key takeaways from this report, particularly for telcos?
Turnage: For us, the biggest takeaway is that all of these companies have a darknet footprint. Even if we were to keep moving down the Fortune List beyond the top 500, and happen upon a company who yielded no darknet footprint, it is reasonable to say that they work with or utilize at least one company in the top 500 and thus presumably do business with a company that does have a darknet footprint. By spreading awareness of this, we hope to shift the conversation towards the importance of monitoring the darknet for not only your businesses information, but also monitoring for your customer or client information as well.
Image copyright: beebright / 123RF Stock Photo