Supply chain operations can be vast. While globalization and digital technologies are making the world a smaller place in many ways, they also increase the number of potential vulnerabilities that security teams and supply chain managers must monitor. Current threats to the logistics sector include climate and weather events, piracy, terrorism, DDoS attacks, malware and data breaches.

The range of potential threats is exacerbated by the vulnerabilities of the supply chain and the sheer size and scope of the operations involved. For example, around 90% of the entirety of global trade flows through only 39 bottleneck regions. An effective attack on any of these 39 traffic-heavy logistics hubs would have far-reaching consequences impacting billions of dollars of trade.

One example is the Hong Kong-Shenzhen freight cluster, a critical gateway for global manufacturing and trade, through which tens of millions of tonnes of container and air freight move annually. Additionally, there are a number of geographic chokepoints, such as the Panama Canal and the Strait of Malacca.

It is no longer merely the threat of attacks to these areas, which could halt a vast amount of freight. Incidents, such as the grounding of the Ever Given in the Suez Canal in 2021 and the drought that restricted movement through the Panama Canal in 2023-24, demonstrate that these geographic chokepoints are increasingly vulnerable.

If this wasn’t enough, digitization has increased the number of threats that logistics companies need to consider. This increase in vulnerability needs to be addressed through effective security measures, such as real-time data collection using Open Source Intelligence (OSINT) software.

How can transport and logistics companies secure their supply chains?

Ensuring secure passage

One of the key concerns – and one of the oldest – that logistics and transport companies have to contend with, is tangible and physical security threats; terrorism and piracy being the obvious examples. The rise in extreme weather events, such as hurricanes and droughts, also places pressure on logistics routes. Organizations need real-time information to carefully and continuously assess the threat level, implications and risks surrounding these physical security concerns.

These analyses help organizations to develop mitigation strategies. They also help to establish contingency plans for worst-case scenarios. Organizations need to be able to adapt and respond quickly to events as risk levels change. Supply chain managers across all industries need to consider higher transportation costs, longer travel times and potential issues in meeting schedules when alternative transportation routes are used.

These strategies depend on continuous visibility of current and emerging threats. Without this response, planning is compromised. Being caught unawares could have far-reaching and even devastating consequences. And, in some cases, business models based on time-critical deliveries may be squeezed out of the market.

Keeping cyberspace safe

Cybersecurity is a concern that should be receiving increasing attention as cybercriminals continue to evolve their tradecraft.

In 2017, a cyberattack cost shipping giant Maersk upwards of US$300 million. A vicious malware called NotPetya took down Maersk’s IT systems. Maersk was handling roughly one container ship into port every 15 minutes. So, it's easy to imagine the logistical nightmare that ensued as the company was forced to turn to manual processes to keep things moving.

The Russian military developed NotPetya to target businesses in Ukraine – but the malware quickly got out of hand. Soon, it was spreading around the world, taking down networks and causing billions of dollars in damage and lost revenue. In this scenario, Maersk was simply collateral damage.

More recently, Expeditors International were affected by a cyberattack that forced them to shut down their operating systems, disrupting their services for more than three weeks. Expeditors later revealed the attack had cost them $60 million in lost revenue, investigation and remediation.

Transportation is already heavily reliant on Information Communication Technology (ICT), with virtual threats growing in frequency and complexity. For this reason, cyber threats are an increasing concern across multiple industries. Additionally, for transportation and logistics, cyberattacks designed to induce physical damage are an increasingly common attack vector.

OSINT software for a more secure future

Some organizations operate with hundreds of individual suppliers. If any supplier is disrupted, consequences across the supply chain could be costly. Expeditors International and Maersk are just two examples of this.

Investing in live threat detection doesn’t just reduce risk; it also keeps operations running smoothly and predictably. When it comes to security and supply chain management, it’s especially important to look at future scenarios and manage security proactively. Reacting to crisis situations is not enough. Companies must find the right combination of preventive and reactive measures to achieve the optimal level of supply chain security.

Executives should also keep an eye on so-called wildcard events. That means examining the potential financial impact, the relative vulnerability of their business model, and their company’s ability to respond to low-probability, high-impact events.

As supply chain threats multiply, staying ahead of the intelligence flood becomes more difficult. Signal’s tools cut through the noise by using AI to perform tasks, such as triaging alerts and providing contextual SITREPs for possible threats. This sort of practical application of AI creates efficiencies within security teams, without compromising the crucial situational awareness needed to keep logistics lines open.

How Signal is already helping secure logistics supply chains

• Signal alerts a customer to a supplier’s merger. They can find new suppliers in a timely fashion, preventing disruption and revenue loss.

• Signal provides data on severe weather warnings that affect multiple suppliers and disrupt transportation routes.

• Confidential data is found for sale on the dark web, allowing the organization to act quickly for threat mitigation.

The dark web has grown in popularity over the years, as people become increasingly technologically savvy. Using a darknet browser like Tor or I2P enables users to remain anonymous while browsing the internet.

 People seek anonymity online for many legitimate reasons. For example, they might have concerns about large companies' abilities to track their online activity, or they might not feel comfortable giving Google all their data. Alternatively, they might live in a place with restrictions on freedom and free speech and necessarily turn to dark web anonymity to access world news or freely share journalism.

However, that same anonymity also protects criminals. It allows them to operate across borders, organize crime and trade in illegal items, both physical and digital. Dark web forums also host discussions on topics including extremist ideas, hate speech, threats of violence, or even plans for cyberattacks.

This wide range of dark web activity is a key concern for security professionals. By monitoring the dark web with OSINT tools, such as Signal, security professionals can discover exploit kits targeting their organization, get early alerts of data breaches, and even prevent physical attacks on assets or employees.

In this article, we examine a few of the more common dark web forums and explore how security professionals can utilize OSINT tools, such as Signal, to more efficiently and effectively monitor threats on the dark web.

About dark web forums as data sources

Because of the anonymity afforded by the dark web, people feel comfortable discussing all manner of things. As such, the dark web – especially dark web forums – is a valuable source of intelligence for security professionals. Monitoring these channels can help expose real and potential threats, ranging from planned attacks, both physical and digital, to fraud, data breaches and more.

Below, we examine 7 of the largest dark web forums that professionals should be aware of as potential sources of security data.

BreachForums

Despite multiple takedowns by law enforcement and rumours that it may now be a ‘honeypot’ (a site compromised by law enforcement or security researchers), BreachForums and the mirror sites that pop up are still a major threat. BreachForums and its mirrors are still one of the most visible places for selling or leaking corporate databases and credentials. If your company data is compromised, it is highly likely it will appear here.

DarkForums

This is a relatively new forum, emerging as a successor to BreachForums. With a rapidly growing user base, this English-language site specializes in data leaks, malware and access sales.

Cracked / Nulled

Cybercriminals mostly use these forums to trade and purchase leaked or hacked information. Despite a significant law enforcement action in mid-2025 (Operation Talent), these forums still have millions of members. They are able to remain in operation in much the same way as BreachForums, by spawning mirror sites.

Dread

Dread is a forum on the darknet that mirrors Reddit’s functionality. It provides the same familiar community discussion boards. The forum takes many ideas from Reddit, such as sub-communities and user moderation responsibilities. The site mimics this functionality without any JavaScript. The primary goal of Dread is to offer a censorship-free forum; however, it also provides hacking guides, software and carding tools, as well as drugs and stolen data. Dread also serves as a place for news on the latest dark web marketplaces.

XSS

A longstanding Russian language forum. XSS has a reputation for high-quality content and is a closed forum with restricted access to approved members. Access to compromised systems is frequently sold and traded on this site.

Exploit

Exploit has been in existence even longer than XSS, for many of the same reasons (high-quality content and restricted access). Due to its longevity, most types of cybercriminal activity can be found in dedicated sections.

RAMP

This is another Russian-language forum that has quickly gained prominence on the dark web. It functions as both a forum and a marketplace for criminal activity with a particular focus on financial fraud.

Other prominent forums

Other active forums with substantial membership include:

• LeakBase

• Crax

• Germania (a German-language forum)

• Infinity

• HackForums

• Sinister.ly

• Mirror sites for older forms, such as RaidForums, also persist on the dark web.

The dark web is no longer the only location for this type of activity. Apps such as Telegram and Discord, which sit on the unindexed deep web, are also becoming increasingly popular for cybercriminals to trade exploits, swap information and organize activities.

Related: How Can 4chan be Used as a Data Source for Security Intelligence?

Why dark web monitoring is difficult

Security professionals face numerous challenges when it comes to monitoring the dark web. For a start, there is the sheer volume of posts. With each of these forums and marketplaces operating across numerous time zones, they experience continuous activity. The most popular get tens of thousands of posts a day. Manually monitoring these sites is just not a feasible task.

Secondly, the fluid nature of the dark web community means that forums and marketplaces are forever becoming the victims of law enforcement action, internal troubles or scams. For example, XSS may have become compromised even as this blog is being published. These forums and marketplaces are like a Hydra – when one is cut off, new sites or mirror sites sprout up almost immediately.

Thirdly, the more explicit dark web forums and marketplaces (such as XSS or Exploit) will require you to create an account and may even go some way to verifying that you have the necessary skills to be allowed in. While the anonymity of the dark web means administrators of these forums likely can't work out exactly where you came from or what your true purpose is on their platform, those that are interested might attempt to determine your real identity. When creating an account, it’s essential to make sure it holds no relevance to any other online account you have, if you want to maintain your complete anonymity and avoid becoming a target of those same criminals you are looking to monitor.

Once inside, you must remain active on the platform without arousing suspicion; otherwise, your hard-won access could be revoked.

Finally, a lot of hackers on the dark web would be more than willing to turn their talents and attention to you, should you accidentally cross them. Some websites will infect your device with malware, so treat all links or downloads with suspicion. Additionally, clicking those links may take you to disturbing material. So, unless you’re confident you can safely and securely navigate the dark web, it may be better to look for safer, more efficient alternatives.

How Signal makes dark web monitoring safer and smarter

The Signal OSINT platform works by continuously scanning the surface, deep, and dark web. You can run custom Boolean searches across multiple data sources. These search results can then be filtered using our advanced AI and natural language processing (NLP), which enables you to search across languages, determine location, analyze copy in images and even assess the emotional intent behind text through our NLP software, Spotlight.

The benefits of having a tool like this for monitoring the dark web include efficient, continuous monitoring and assessment of a multitude of sites, allowing security teams to monitor more of the web to catch more threats faster. Because Signal’s searches are across the dark web, rather than specific sites, they do not rely on security teams having up-to-the-minute intelligence about which forums or marketplaces are active and popular. Additionally, security professionals can access this data without ever having to hunt down and access the various dark web forums and marketplaces, which is both more secure and much more time-efficient.

This lets you automate dark web monitoring – cutting costs, while expanding coverage and relevance.

Dark web marketplaces are online platforms, where people can buy and sell illegal goods and services while remaining anonymous. The offerings include leaked credit card details, exploit kits, hackers for hire and advertisements for hitman services.

Because of the range of goods and services available, as well as the conversations that occur around these transactions, dark web marketplaces can be immensely valuable sources of data on criminal activity. As such, they are typically under intense scrutiny from both law enforcement and security professionals.

These marketplaces have become increasingly sophisticated, with slick user interfaces that resemble familiar online storefronts, such as Amazon, along with seller ratings and escrow services for secure payment. This makes the barrier for users lower than ever before.

5 dark web marketplaces

People have been organizing illicit trades via the internet since the 1970s. Those early examples were through closed networks, with actual exchanges of money and goods usually taking place in person. With the advent of cryptocurrencies, it has become easy to complete online trades without leaving a trail. As a result, the online trade of illegal goods has become increasingly commonplace, and vast dark web marketplaces have emerged.

The very first of these marketplaces to pair the darknet with Bitcoin was the Silk Road, created by Ross Ulbricht in February 2011. Over the following two years, the Silk Road set the standard for dark web marketplaces. By the time it was shut down in October 2013, and Ulbricht arrested, the site had traded an estimated $183 million worth of goods and services.

Torzon Market

Torzon is one of the largest general-purpose darknet markets still active in 2025. It offers a familiar mix of narcotics, fraud tools and digital services. The site operates on Tor and supports Bitcoin and Monero, utilising escrow to facilitate transactions. Torzon also imports vendor feedback from other platforms, providing some continuity for buyers and sellers who have migrated after past shutdowns.

STYX Market

STYX has carved out a role as a hub for stolen data rather than drugs. Its listings focus on stealer logs, initial access and financial credentials, making it highly relevant for financial security professionals. Unlike older drug-oriented markets, STYX looks more like a specialized cybercrime exchange than a bazaar.

STYX is a great example of a ‘new model’ market with a searchable structure and trusted vendor processes, which helps buyers quickly filter for fresh data. The market grew through 2023-24 and remains active in 2025, underscoring how access and credentials have become commodities on par with drugs in the dark web economy.

Russian Market

Often written as RussianMarket, this is the largest marketplace for stealer logs. It aggregates credentials, cookies and session data harvested by malware such as RedLine, Raccoon and Vidar, and sells them in bulk. This makes it both a goldmine for attackers seeking account takeovers and a persistent monitoring target for security professionals.

Researchers estimate that millions of logs are for sale, with new ones added daily. Its endurance shows how cybercriminal demand has shifted from physical contraband to stolen identity data. For enterprises, Russian Market illustrates why compromised credentials remain one of the most common entry points for intrusions.

2easy

Sometimes branded 2easy.shop, this site has become known as the budget marketplace for stolen logs. Rather than focusing on premium access, it thrives on low-cost, high-volume sales. Individual log packages are often priced between $5 and $25, making them accessible to a wide spectrum of buyers. 2easy's persistence highlights the democratization of cybercrime. Criminals no longer need large budgets to obtain working credentials, just a few dollars.

BriansClub

BriansClub is a long-running carding shop, best known for selling stolen credit card ‘dumps’ and CVVs. Despite a 2019 breach (and law enforcement action) that exposed millions of its records, the shop has remained active and continues to attract buyers in 2025.

Estimates before the breach suggested a nine-figure annual turnover and, while its exact scale today is harder to verify, it remains one of the most recognisable carding brands.

Other markets include Abacus market, BidenCash, Exploit, Exodus Marketplace and more.

The diffusion of dark web marketplaces

With the rise of encrypted communication apps, such as Telegram and even Discord, some of the trade previously undertaken on the dark web has ‘surfaced’ to the unindexed deep web. Channels such as CrdPro Corner, AsCarding Underground and Daisy Cloud are flourishing on Telegram, with thousands of users in each channel trading everything from logs to bots. These channels often operate as subscription services, providing fresh dumps of material daily.

How to keep track of evolving darknet marketplaces

There are various active dark web marketplaces. One of our data providers estimates there are approximately 20 active, leading dark web marketplaces and dozens of smaller, additional marketplaces. With the diffusion to the unindexed deep web, this number becomes even greater.

Gaining access and monitoring these darknet marketplaces comes with a unique set of challenges. Firstly, they generally have short lifespans. This could be for a variety of reasons. For example, law enforcement might close them down; or, perhaps to help avoid this fate, they frequently change their domain address. It could even be because the admin implemented an exit scam, as happened with Empire Market, where the admin team is estimated to have made off with approximately $30 million worth of Bitcoin in August 2020. Almost none of the marketplaces featured in the 2020 version of this article are in existence now.

Due to this short lifespan, security professionals need to constantly be on the lookout for the next big marketplace. However, because of the illicit nature of the dark web, many websites don’t want to be found; as such, there is no easy way to navigate the dark web. Each website can be thought of as an independent silo. Darknet websites rarely, if ever, link to one another. To find forums and marketplaces on the dark web, as well as in the deep web, you need to know what you’re looking for and how to look for it.

Finally, once the relevant sites have been located and access gained, there is still the serious challenge of monitoring the dark website to gather usable intelligence effectively. Doing this manually requires vast amounts of resources; however, you also can't simply scrape the website, as such activity can quickly get you banned from a site.

This is where Open Source Intelligence (OSINT) tools like Signal come in.

The role of OSINT tools when monitoring the dark web

OSINT tools allow security professionals to effectively and efficiently monitor the surface, deep and dark web. Using Signal, you can create targeted searches with Boolean logic and run the results through intelligent filters powered by our advanced AI. The process can be automated with real-time SMS and email alerting.

This reduces the need for skilled professionals to spend all their time manually monitoring the entire web and assessing the associated risks. Additionally, it reduces the inherent risk of accessing criminal forums and marketplaces. Instead, security professionals get hyper-relevant alerts that can quickly be assessed and acted upon without ever actually having to go onto the dark web or painstakingly gain access to marketplaces.

This approach is vastly more time-efficient and allows you to put your web monitoring on autopilot; reducing costs, while simultaneously increasing efficacy. As cyber-criminals embrace new technologies, it’s becoming increasingly necessary for security professionals to do the same to stay ahead.

Increase the scope of your monitoring ability and the overall amount of hyper-relevant intelligence at your fingertips. Gather actionable intel in real-time.

Open Source Intelligence (OSINT) refers to the process of collecting, analyzing, and utilizing publicly available information to produce actionable intelligence. This information can come from a variety of sources, including social media, news articles, blogs, forums, and other online platforms. OSINT is a crucial component of modern security intelligence, as it helps organizations identify potential threats, monitor emerging risks, and make informed decisions.

The market for Open Source Intelligence (OSINT) tools is rapidly evolving, driven by the increasing need for comprehensive and actionable intelligence to protect employees and business operations.

Buyers in the market for robust OSINT solutions should be looking for several key features to ensure they are investing in the most effective tools, including:

• Competitive pricing

• Scalability

• Comprehensive suite of tools

• Transparency

• Integration capabilities

• A client-centric approach

Key Components of an OSINT Solution

Data Collection

The first step in an OSINT solution is gathering data from various open sources. This includes scraping websites, monitoring social media platforms, and collecting information from public databases. Best-in-breed OSINT tools allow users to configure the searches themselves without needing to reach out to customer support. The goal is to compile a comprehensive dataset that can be analyzed for relevant insights.

Data Analysis

Once the data is collected, it needs to be analyzed to extract meaningful information. This involves using advanced algorithms and machine learning techniques to identify patterns, trends, and anomalies. The analysis process helps in transforming raw data into actionable intelligence and assess content of concern.

Data Visualization

To make the intelligence easily understandable, OSINT solutions often include data visualization tools. These tools create visual representations of the data, such as graphs, charts, and maps, which help in identifying key insights at a glance. The best tools also include the ability to effectively filter data to identify just the content of interest.

Real-Time Monitoring

Effective OSINT solutions provide real-time monitoring capabilities. This means continuously scanning open sources for new information and updating the intelligence in real-time. Real-time monitoring is essential for staying ahead of emerging threats and responding quickly to critical events.

Integration Capabilities

OSINT solutions should be able to integrate with other security systems and tools. This ensures that the intelligence can be seamlessly incorporated into the organization’s existing security infrastructure, enhancing overall effectiveness.

Dissemination and Reporting

OSINT solutions should offer tools to assist analysts in drafting their reports. Generative AI can help quickly distil large amounts of raw data so analysts can complete and distribute reports quickly.

Investigations

OSINT tools shouldn't just detect threats: they should also provide a toolkit to help analysts investigate further to better support robust behavioural threat assessments. Comprehensive OSINT solutions can help identify anonymous threat actors and manage persons of interest.

OSINT Solution Providers available today

• Signal from Signal Corporation

• Dataminr

• Liferaft (Navigator)

• Samdesk

• Flashpoint (Echosec)

• Babel Street

• Penlink (Cobwebs)

• Ontic

• Fivecast

• Seerist

• OSINTCombine (NEXUSXplore)

Signal Corp.

Signal Corp’s OSINT platform stands out in the crowded market with its exceptional blend of affordability, scalability, and comprehensive functionality. Unlike many competitors that charge high fees, Signal offers a cost-effective solution without compromising on features. With prices ranging from $35-60K, Signal provides a competitive alternative to platforms that cost over $100K.

One of the key strengths of Signal cited by its customers is the breadth of sources it can monitor. On the scalability side, while many OSINT platforms charge per user license, Signal grants access to the entire organization, making it an ideal choice for large organizations looking for an affordable yet scalable solution. This approach ensures that protective security becomes a team effort, enhancing overall effectiveness.

Signal’s platform is a true multi-tool, offering a wide range of features that cater to various intelligence needs. From comprehensive data collection and report generation to data visualizations, POI investigations, AI incident detection, and asset alerting, Signal offers a complete solution. This eliminates the need for multiple fragmented tools, saving organizations both time and money.

Transparency is another hallmark of Signal’s offering. In an era where many OSINT solutions operate as black boxes, Signal is transparent about how its platform works and leverages artificial intelligence. This transparency ensures that analysts are well-informed and effective in their roles.

Integration capabilities are also a strong suit for Signal. The platform is designed to plug and play with existing solutions, consolidating data where it’s needed. This can include seamless integration with systems like Everbridge 360, Noggin, Restrata’s resilienceOS, ARCGis/Esri, XMatters, and more.

Signal’s client-centric approach sets it apart from the competition. The company is highly responsive to support requests and is willing to design meaningful features based on client feedback. This commitment to client satisfaction ensures that Signal’s platform continually evolves to meet the operational requirements of its users.

Signal Corp’s OSINT platform offers a compelling combination of competitive pricing, scalability, comprehensive functionality, transparency, integration capabilities, and a client-centric approach. These features make it a standout choice for organizations seeking a robust and reliable OSINT solution.

Signal routinely receives outstanding feedback about its customer service and the operational support/advice its specialists provide.

Dataminr

Dataminr is a real-time information discovery platform that uses AI to analyze public data sources and provide actionable alerts. It is known for its ability to detect breaking news and emerging risks, making it a valuable tool for crisis management and situational awareness.

Liferaft (Navigator)

Liferaft’s Navigator is an OSINT platform designed to help organizations identify and mitigate threats from social media and other online sources. It offers features such as real-time monitoring, geospatial analysis, and search capabilities, making it a comprehensive solution for threat intelligence.

Samdesk

Samdesk is an AI-powered crisis detection platform that provides real-time alerts on critical events worldwide. It leverages social media and other data sources to deliver timely and relevant information, helping organizations respond to emerging threats.

Flashpoint (Echosec)

Flashpoint’s Echosec is an OSINT platform that specializes in deep and dark web monitoring. It provides insights into threat actors and their activities, offering features such as keyword monitoring, geospatial analysis, and data visualization to enhance threat intelligence efforts.

Babel Street

Babel Street is an OSINT platform that offers multilingual text analytics and geospatial analysis. It enables organizations to collect, analyze, and visualize data from various sources, providing insights for threat intelligence and risk management.

Penlink (Cobwebs)

Penlink’s Cobwebs is an OSINT platform that focuses on web intelligence and data extraction. It offers features such as automated data collection, entity extraction, and link analysis, making it a useful tool for investigations and intelligence gathering.

Ontic

Ontic is a protective intelligence platform that integrates data from various sources to provide a comprehensive view of potential threats. It offers features such as real-time alerts, risk assessments, and incident management, helping organizations proactively address security risks.

Fivecast

Fivecast is an OSINT platform that uses AI and machine learning to analyze large volumes of data from open sources. It provides insights into emerging threats, trends, and patterns, offering features such as automated data collection, sentiment analysis, and geospatial visualization.

Seerist

Seerist is an OSINT platform that combines AI and human expertise to deliver real-time threat intelligence. It offers features such as predictive analytics, risk assessments, and incident monitoring, helping organizations stay ahead of potential threats.

OSINTCombine (NEXUSXplore)

OSINTCombine’s NEXUSXplore is an OSINT platform that focuses on data aggregation and analysis. It offers features such as automated data collection, entity extraction, and link analysis, providing valuable insights for investigations and intelligence gathering.

Factal

Factal is a real-time risk intelligence platform that uses AI to monitor global events and provide actionable alerts. It offers features such as real-time monitoring, geospatial analysis, and data visualization, helping organizations respond quickly to emerging threats.

Summary

This comparison provides an in-depth analysis of the current state of the OSINT tools market, highlighting the importance of Open Source Intelligence (OSINT) in modern security intelligence. It outlines the key components of an effective OSINT solution, including data collection, analysis, visualization, real-time monitoring, and integration capabilities.

For further information, contact Signal for a free consultation on your OSINT solution needs, or book a free demo.

The new softwares and systems that are employed across an organization create new attack vectors for threat actors and new data security concerns. Not only that but as these new digital systems are put into use to replace once manual tasks additional complications arise from potential user errors, for example, an employee might make private data public without even realising. 

In this article, we take a look at 7 of the growing concerns that cyber and infosec professionals hold as this trend towards digitizations continues at an increasingly explosive pace.

1. Unintentional Data Exposure

“To err is human,“ as Alexander Pope famously wrote. We all make mistakes and to combat this we have progressively leveraged more technology across industries to automate processes and reduce the potential for human error. However, technology can’t prevent our every mistake, and paradoxically, this use of technology increases the amount of data we as people and organizations produce and store in our systems. Hackers are aware of this and continue to find creative ways to exploit human weakness with strategies such as complex phishing campaigns.  

On top of this, the adoption and rapid development of hardware (phones, for example) mean many people conduct work from their personal mobile device. And the move towards work from home driven by the COVID-19 pandemic has furthered this merger of work and personal devices as well as increased the amount of work done from unsecured networks.

2. Adoption of AI into Malware for Scale and Evasion

Denial of service attacks can take a variety of forms, from malware to DDoS attacks, and have huge financial implications for an organization. In 2018, for example, shipping giant Maersk had their IT systems taken out by a vicious malware called NotPetya, costing them an estimate $300 million.

These ransomware attacks might be driven by political motives, thoughts of financial gain, or something else entirely. Over the last few years, these tactics have evolved they’ve adopted new technologies and strategies allowing threat actors to increase both the scale of the attacks, as well as to more effectively neutralize increasingly complex security protocols.

One increasing concern is the adoption of AI into these attacks. AI can be used in a variety of ways, such as increasing the effectiveness of phishing campaigns. One example was developed by IBM Research, DeepLocker. DeepLocker hides its malicious payload in benign carrier applications, such as a video conference software, to avoid detection by most antivirus and malware scanners and then uses facial recognition to identify the specific target and launch its payload.

How AI is used to could completely change the way information security and cybersecurity professionals, in general, need to adapt and respond to threats.

3. Financial Fraud

Financial fraud off the back of data breaches is nothing new. However, it continues to be a problem today and into the foreseeable future. Data breaches from large organizations, whether they are related to your organization or not could easily lead to new attack vectors on your company.

There is a huge amount of Personal Identifiable Information (PII) for sale on the dark web. This data can be used in a number of ways, from credential stuffing strategies to identifying high-value targets and refining strategies for spear-phishing campaigns.

4. 3rd Party Integrations

Often organizations spend a huge amount of time and money ensuring their internal cybersecurity practices are excellent. It only takes one breach to realize the efficacy of this investment. Successful ransomware, for example, against an organization for example could cost tens of millions not even considering the reputational damages that might accompany the financial ones.

However, as was seen with the 2020 SolarWinds breach, it doesn’t matter how well educated your staff, how up to date your firewalls, how alert your security teams are if your third party integrations have weaknesses.

5. Increasing Amounts of Sensitive Data Collected Through IoT Devices

Internet of Things (IoT) devices is beginning to infiltrate every level of our lives. From mobile robots, to inventory tracking, to personal assistants, connected speakers and smart TVs. These devices seek to automate and simplify our lives.

However, what many people don’t realize is that these machines are often insecure by design and offer attackers new opportunities. Additionally, the terms and conditions around data sharing and usage from many of these devices lack transparency, and by utilizing this technology an organization makes it increasingly difficult to know and control what data is going out.

Finally, it’s often the case that, while a vendor may recommend applying new firmware updates, they are not applied unless the device starts misbehaving and someone applies the update to troubleshoot the issue. This could lead to serious security compromises.

6. Rise of Fake Online Personas

This threat can have a direct and dramatic impact on organizations reputation and the physical security of employees. By creating and leveraging fake or phantom social profiles threat actors can create trending news and information, promote poor products, or push lies and deceptions to further an agenda. 

The application for these kinds of campaigns is vast, affecting everything from national elections to company sales and share prices, and there is currently no system in place to identify false profiles efficiently and counter the purposeful spread of misinformation in this way. 

7. Shortfall of Professionals

The final security risk on the list is the continued shortage of skilled security workers. As cybersecurity threats evolve, and areas such as information security become more important for organizational security, increasing numbers of skilled and trained professionals will be needed.

Finals Words

Many people are now desensitized to the fact their data is shared online either through breaches or loose company policies. Because we cannot regain our privacy, they often become careless about protecting it further. Add to this the constant evolution of cybersecurity threats, and the challenge for cybersecurity professionals looks like a tough one. 

To ensure organizational security, companies need a combined response, that includes continuous education of employees, restricted accesses, and multi-factor authentication. This needs to be paired with a skilled security team who are armed with the necessary knowledge and tools such as OSINT software.

Security professionals need to be able to gather real-time data on emerging threats and proactively implement an effective response. 

What is Doxing?

The term itself originates from the phrase “dropping docs” and was later shortened to “docs” and then “dox”. As the original term suggests, doxing is when someone collects and then shares information about another person or organization.

There are numerous reasons someone might dox someone else or be the victim of doxing. It could be for revenge or a personal grudge, a disgruntled ex-employee might target their previous employer, for example. In 2014, Sony was the victim of a doxing attack backed by, experts believe, the North Korean government after they released a film which made fun of their leader. Other motivations include harassment and cyber-bullying, vigilante justice (for example, exposing neo-Nazi’s), and doxing for financial gain. 

Organizational doxing is on the rise and can be immensely damaging, exposing company secrets and customer data, or more directly exposing executives to new levels of threats.

Doxing Strategies and Goals

Traditionally doxing started with an online argument escalating to one person digging out information on their adversary and sharing it online. More recently though, doxing has become more of a cultural tool with hackers taking down people or groups with opposing ideologies. When it comes to organizations, threat actors have been known to both target an organizations reputation and to use information gained through a doxing attack to leverage financial reward.

For example, in one scenario an employee at a bank was blackmailed after a doxing attack into using his position in the bank to steal over $100,000 from customers for his blackmailers. 

The fallout is generally reputational with the victim suffering from online abuse such as death threats to them and their family in lieu of the new information shared. However, on occasion, the fallout can be significantly worse. There have been examples of mobs dishing out physical vigilante justice after a person's information, such as an address, was shared online.

There are numerous ways you can be identified online. By following ‘breadcrumbs’ of information a dedicated doxxer can assemble an accurate picture of a person - even if they were using an alias. The kind of details they might look for include, full name, current address, email address, phone number etc. Additionally, some doxxers might buy information from data brokers.

IP/ ISP Dox

There are various methods that can be used to locate your IP address, which is linked to your location. With just your IP address a doxxer could then use social engineering tactics against your Internet Service Provider (ISP) to discover the information they have on file such as:

• Your full name

• Email address

• Phone number

• ISP account number

• Date of birth

• Exact physical address

• Social security number

This requires the doxxer to go through a dedicated process, which may not even work, however, it’s just one strategy they can employ, and even if they are unable to gather further information through a gullible ISP worker they still have the first parts of the puzzle - your IP address and a rough location.

Doxing with Social Media

If your social media accounts are public then anyone can view them. Often things a threat actor can find out include your location, place of work, your friends, your photos, some of your likes and dislikes, places you’ve been, names of family members, names of pets, names of schools you attended, and more.

With this kind of information, they can then find out even more about you, or even discover the answer to your security questions helping them break into other accounts such as your online banking.

As such it’s recommended to keep your social media profiles private, and if you use multiple online forums to use a different name and password for each to help prevent doxxers from compiling information from across multiple online forums and social media sites. 

Data Gathered through Brokers

Data brokers on the internet collect information from publicly available sources and then sell the data for profit. Generally speaking, they sell this data to advertisers - if you’ve ever found yourself randomly receiving emails from companies you’ve never heard of before, this is why. However, for a doxxer it could be an easy way to start building a detailed profile of their target.

How Might Doxing be Used Against Your Organization?

For organizations to be successful with their media strategies they necessarily need to share relevant information and regularly engage with their customers through social media channels. This provides a substantial opportunity for doxxers.

By combining publicly-available data with basic attack techniques, such as phishing campaigns or credential stuffing, malicious actors can uncover large quantities of supposedly secure data. For consumers, exposed information could lead to identity theft or public shame. Meanwhile, companies face the prospect of large-scale reputation damage or lost revenue if proprietary project briefs or intellectual properties are leaked to the public.

Additionally, doxing can be used as an incentive to expedite the resolution of ransomware attacks. This is where the cyber attacker threatens to release documents or information to the public should their target not pay the ransomware fee promptly. This adds to already serious financial implications.

How Can you Prevent Doxing?

Unfortunately, it's nearly impossible to completely remove personally-identifying information from the internet, especially parts which are part of public records. Still, there are some tips to reduce your attack surface.

Keep your profiles private 

People and organizations do have a lot of say as to what gets published on the internet. Make sure to practice general data privacy best practices.

• Avoid posting identifying information

• Keep all social media settings at the most private level, and don't accept friend requests from people you don't know

• Change the settings on Office and your phone's photo app so personal info isn't embedded in those files

• Use a "burner" email address for signing up for accounts when possible.

• Set the ‘whois’ records on any domains you own to private

• Ask Google to remove personally available information about you, and request the same from data broker sites

Implement Safe Browsing Measures

These steps are good internet hygiene in any case, but can also prevent a breach that can lead to your info being exposed to a potential doxxer:

• Use a VPN, especially when using insecure public Wi-Fi networks

• Switch to a secure email system with built-in encryption

• Vary your usernames and passwords

Self-Doxing

Humans remain the weakest link in the security chain. In most cases, malice isn’t the problem or the intent when someone lets a threat actor in. Instead, employees overshare personal data on corporate platforms by accident or use insecure third-party applications. In both cases, however, following the breach and identifying the potential compromises is difficult when IT teams start from the side of defenders. 

By flipping the script and looking at your organization from the view of potential doxxer it becomes easier for IT and security teams to spot key areas of weakness. They can then develop strategies and staff training programs to protect against them.

Final Words

Doxing represents a growing threat to organizations and individuals. However, by self-doxing with security intelligence gathering strategies, security teams can create accurate attack surface maps. With this intelligence, they can then enhance threat modelling and deliver actionable insights to staff to reduce overall risks.

Using OSINT software like Signal you can learn about potential threats as or before they occur, learn about potential exploits targeting your organization, and self-dox to help identify weaknesses and shore-up defences.

People are increasingly aware of how their data is accessed and used, whether this is the security of their private conversations, their online browsing history, or even Personal Identifiable Information (PII). With this increase in consciousness for data privacy, chat applications have had to promise better encryption and anonymity if they are to compete.

As such, over the last few years new chat apps, with a primary USP of better privacy have hit the market. This includes the likes of Telegram and Discord. The anonymity and data security offered by these apps have quickly made them popular with both legitimate users and criminals. On Telegram, you don’t have to look too hard to uncover conversations around the sale of illicit goods, examples of extremist views and hate speech, the trading of PII, and more. It’s also worth noting that many marketplaces and forums on the dark web also have chat groups on Telegram.

Many of the groups and channels on apps like Telegram are open to the public, allowing users to easily reach a large potential market relatively risk-free. Not all groups though are open to the public making it substantially harder for security professionals and law enforcement to monitor these channels successfully.  

However, with a tool like Signal, you can view and monitor data from many of these closed communities and hard to access groups easily and efficiently.

About Telegram

Telegram is a messaging app that was launched in 2013. It focuses on supplying a fast, free and above all, secure messaging service. The chat app has end-to-end encryption and several other features which add to it’s perceived security. These features include “secret chats” which store data locally, a timer on messages to self-destruct after a specified time, notifications of screenshots, and messages in secret chats can’t be forwarded. Their main USP is to provide a service where data is protected from thirds parties, including any curious government or security agencies.

Unlike other chat apps, Telegram promotes itself as providing its users with full anonymity, including the ability to set up a unique username and make your phone number to private. It’s because of these security features as well as the offered anonymity that the application quickly became a popular choice for criminal communications.

How Can You Leverage Data from Telegram for OSINT?

There are various channels and groups on the Telegram app in which illicit and criminal activity is discussed or undertaken. This ranges from the sale of illegal goods, stolen data, to planning physical attacks on an organization or individual.

For example, on the group “Carders” on Telegram, a group which has over 5,000 members you can find stolen credit card details including full numbers and CVV codes. This chat group is linked to an online shop getbette.biz (which was taken down in early 2020). Most of the conversations in this group revolve around some form of financial fraud, whether that’s leaked card details or the sale of PII.

On other Telegram groups, you can find details for hacked personal accounts like Netflix, Disney Plus, Amazon Prime etc. These logins might be sold for a variety of reasons, such as credential stuffing, or for personal use.

It’s not just dealing in illegally obtained data though. Telegram is used for a broad variety of purposes. A particularly popular one is the sale of drugs. Narcotic Express DE is one such group. With close to 1,000 members, this German group is a closed group which focuses on the purchasing, sale and distribution of drugs. 

Closed groups cannot be found in a search within the app or in the dedicated Telegram search engine, instead, you have to be invited and sent a link by another user in the group. In addition, users can only see posts, not post themselves into the group.

Other examples of leveraging Telegram as a data source include monitoring for:

• Hate speech and death threats,

• Hacking services for sale,

• Exploit kits,

• Data breaches,

• Hate groups.

Using Telegram as an OSINT Source

As outlined above, are plenty of conversations of interest that happen through the Telegram app and its various groups. These groups can offer insight into criminal activity and better enable organizations to protect their assets and staff from emerging threats. For example, you might find information on a recent data breach through the app. Having this early knowledge of the breach is essential for mitigating costs.

However, as with any potential data source, it’s not a case of simply downloading the app. Efficiently scanning and monitoring the platform for potentially relevant or information of interest requires the right tools.

First, groups like Narcotic Express DE are closed groups, meaning locating and gaining access to them is a challenge in itself. Secondly, with features such as message self-destruct constant surveillance is necessary. These challenges mean time and resource need to be devoted to this specific channel, time and resource that might be better spent elsewhere.

Using an OSINT tool gives users the ability to access and utilize hard to reach data sources like Telegram. Data from Telegram is gathered by our data provider Webhose, who scrape the publicly available data from both open and harder to access closed groups continuously. Signal users can set up searches with Boolean logic, selecting Telegram as one of the data source options available. 

Ransomware is a form of malware which is installed on a victims device or devices with the main objective of seizing and/or locking away sensitive data. As the name suggests in order for a victim to regain access to their data and systems they need to pay a ransom. More often than not, the two options a victim is presented with when they succumb to a ransomware attack is to either rebuild their systems from scratch and potentially have the attacker leak the data online - or pay up.

As such, it’s unsurprising that, in our increasingly digital age with more and more data on the cloud, that the number of attacks and the success of ransomware attacks is on the rise. Approximately 58% of ransomware victims paid in 2020, compared to 39% in 2017.

Ransoms for these kinds of attacks range from a few hundred dollars to thousands or even millions of dollars payable in cryptocurrency such as Bitcoin. In return for the payout, the attackers will release a decryption key allowing the organization to return to business. Certain industries, such as government organizations and hospitals are more susceptible to ransomware attacks due to the nature of the work that they do often being time-sensitive. For example, a ransomware attack crippled a hospital in Germany, leading directly to one patient’s death.  

There are numerous strategies that ransomware attackers employ to gain access to a victims database. One of the most common though is through social engineering tactics, such as phishing emails. Cybercriminals can make these emails look exactly like trustworthy emails from official sources, tricking victims into downloading compromised software onto their device. 

Because of the nature of social engineering tactics, and the evolving cyber threat landscape no organization can ever be fully secure from malware threats. Below we outline 12 of the biggest ransomware attacks that occurred in 2020.

12 Ransomware Attacks that Happened in 2020

1. ISS World 

Estimated cost: $74 million 

In February of 2020 ISS world, a Denmark based company went down due to a ransomware attack. Thousands of employees were left without access to their systems and emails. This cost them an estimated $74 million which includes regaining control of the affected IT systems and re-launching critical business systems. 

2. Cognizant

Estimated cost: $50 million

A ransomware attack on the organization Cognizant in April of 2020 is said to have cost the company over $50 million, potentially as much as $70 million, including legal and consultation costs and data recovery costs, along with the financial loss reflected in their second-quarter earning in 2020.

3. Sopra Steria 

Estimated cost: $50 million

The company Sopra Steria revealed that they were hit by hackers using a new version of the Ryuk ransomware in October.

They estimate that the fallout, including dealing with the various systems that went out of action, is likely to have a gross negative impact on operating margin of between €40 million and €50 million.

4. Redcar and Cleveland Council 

Estimated cost: $14 million

Redcar and Cleveland Council in the UK suffered an attack on their systems in February of 2020 costing the council an estimated $14 million.  The ransomware attack is said to have disrupted the company’s network, tablets, computers, and mobile devices for 3 full weeks. The council announced that in March, that it could take months for a full recovery and estimated the overall costs to be between $14 - $21 million.

5. Software AG

Estimated cost: $20 million

Software AG is the second-largest software vendor in Germany. They were reportedly hit with the Clop ransomware in an attack in October of 2020. The company disclosed that the ransomware attack disrupted a part of its internal network but didn’t affect customer services. The cybercriminal group responsible demanded a $23 million ransom.

7. Travelex

Estimated cost: $2.3 million

It was reported that Travelex the money exchange firm was hit with a file-encrypting malware attack which shut down its internal networks, website and apps for several weeks. Reportedly Travelex paid a ransom of $2.3 million in BTC to the dark actors to regain access to their data and restore services.

8. University of California San Francisco (UCSF)

Estimated cost: $1.14 million

UCSF was targeted by a malware attack which encrypted servers used by the school of medicine impacting students in June of 2020. The ransomware was prevented from travelling to the core UCSF network and causing more damage. The authorities negotiated with the cybercriminals and UCSF ended up paying approximately $1.14 million in ransom of the $3 million demanded. 

9. Shirbit Insurance 

Estimated cost: $1million

After a cyberattack on the Israeli Insurance provider Shirbit in December of 2020 the attackers demanded roughly $1 million in Bitcoin. In order to pressure the company into paying they demanded immediate payment or an increase in the ransom cost, doubling after 24 hours. Additionally, to show they weren’t empty threats they dumped the first 300 records online, again threatening to dump additional records every 24 hours until they received payment.

10. Communications and Power industries 

Estimated cost: $500,000

California-based Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. Reportedly, CPI paid $500,000 to obtain the decryption key to unlock their servers and return services.

11. Grubman Shire Meiselas & Sacks 

Estimated cost: $365,000

Grubman Shire Meiselas & Sacks is a law firm that specializes in law for those in the media and entertainment industry. Their clients consist of a range of A-list celebrities and, with such high profile individuals on the line, the stakes for them were extremely high. They were targeted and files encrypted by REvil ransomware. The firm agreed to pay an estimated $365,000, however, the attackers started demanding more afterwards and the company has since kept quiet on what it has or is willing to pay.

12. Tillamook County 

Estimated cost: $300,000

Tillamook county in the US was attacked by cyber attackers in January. The attack interrupted their email network, phone systems and website. After exhausting alternative options, they estimated the costs to restore service would cost well over $1 million and take several years and opted instead to pay the $300,000 ransom. 

Keeping your data and organization secure

1. Never click on suspicious links or any links attached in unsolicited emails. 

2. Back up systems and data continuously. Create a separate data-backup in an external hard drive that is not connected to your computer, so that you don’t have to pay the ransom if a ransomware attack happens.

3. Never disclose personal information over the phone or over email. 

4. Educate employees of cybersecurity best practices and social engineering tactics that may be used against them.

5. Limit employee access to sensitive data to reduce attack surfaces.

OSINT Tools and Mitigating Costly Ransomware Attacks

Early warning of data beaches through OSINT tools can help you predict and prevent cyber attacks as well as enable organizations to take mitigating actions faster. While open-source intelligence tools can’t prevent ransomware, they can help organizations reduce the risks and potential damages. 

OSINT tools can be used by organizations to monitor their supply chains, allowing them to learn of potential disruptions in real-time and enabling them to implement contingency plans fast. 

Additionally, organizations can use tools like Signal to monitor for ransomware and malware currently being used. This can help security teams determine emerging threats being used against other organizations in their industry to better inform ongoing cybersecurity best practices.

Ultimately, by using OSINT to monitor darknet forums and market places security professionals are able to learn about the newest strategies being employed, the most recent weaknesses being exploited, and the most current software being utilized. Armed with this knowledge they are much more able to develop effective countermeasures as well as actively prevent ransomware infection.

As threat actors continuously challenge the cyber defences of organizations, companies are increasingly forced to focus on improving cybersecurity practices. However, even the best cybersecurity teams with the largest budgets find it hard to stay ahead of the evolving threat landscape. And with more technology in use, a growing reliance on cloud storage and the Internet of Things (IoT), there is a growing potential for sensitive data to be exposed to threats. 

As such it’s unsurprising that data breaches, in spite of increased cybersecurity spending, are becoming more common and more expensive to deal with. Employees need intelligent security practices and cyber habits and companies need to be armed with the latest technology and tools for early data breach detection to gain the upper hand when combatting this ever-changing threat.

Data Breaches Need to be Caught Early

The average cost of a data breach in 2020 according to the IBM / Ponemon Institute report was $3.86 million. However, there are plenty of examples where the costs have vastly exceeded this average, escalating into the hundreds of millions or even billions. For example, the Equifax data breach in 2017 cost Equifax $1.7 billion in the end. Another high profile example, Facebook eventually settled on a fine of $5 billion after it’s ‘privacy misstep’ involving Cambridge Analytica. This bill doesn’t include the additional costs and expenses that Facebook has accrued in the development and expansion of their cybersecurity and privacy departments nor does it account for the reputational damage it suffered.

While costs of these extremes are rare, data breaches in general are not. The IBM report goes on to analyse particular subsets of the data noting that the worst impacted is healthcare with an average data breach cost exceeding $7 million. And that the average time taken for an organization to identify and contain a data breach, was an astonishing 280 days, over 9 months. This is in spite of significant evidence that the speed of containment has a significant impact on the overall data beach cost, which if left unchecked can linger for years after the incident. 

How to Prevent Data Breaches

As with many of these things prevention is often the best policy. 

Data Breach Prevention #1: Have Clear Security Protocols 

Every employee should know, understand and be able to abide by strict security protocols to keep company data secure and thwart social engineering tactics. Having protocols is one of the best ways to help prevent data theft by ensuring unauthorized personnel do not have access to data. 

Data Breach Prevention #2: Safeguard Against Human Error

Many data breaches are the result of an employee error. This could be anything from downloading a document off of an illegitimate website, social engineering tactics or even outright blackmail. Employees should only have access to the information that is vital to their particular roles within the company. Those with higher level access should accordingly have higher levels of cyber security training and understanding.

Data Breach Prevention #3: Improved Password Protection

Having strong unique passwords is the first line of defence against any cyberattack. However, nobody, whether they are a high level executive not, is going to be able to remember a dozen or more 12 character passwords that use special characters, letters and numbers. Make sure that 2FA is enabled on all logins, and use a password manager (with 2FA enabled) to auto generate and save complex passwords and ensure the highest levels of password security are enabled.

Data Breach Prevention #4: Update Security Software Regularly

Companies should utilize a high quality antivirus software, anti-spyware program and firewall. Additionally, these programs should be regularly updated to keep them free from vulnerabilities. 

Data Breach Prevention #5:OSINT for Dark Web Forums

By monitoring dark web forums and other chat rooms you can learn of planned attacks, potential exploits and even find exploit kits being sold online. This will give you a good indication of the access methods which have been discovered allowing you to implement a patch quickly to prevent it.

The Tools for Early Detection of Data Breaches: LERTR

Having the right tools is vital if an organization wants to prevent or mitigate the threat of data breaches. Using an OSINT platform like Signal allows security teams to efficiently monitor the surface, deep, and dark web for details or indications of potential and past data beaches. For example, you might find exploit kits targeting a vulnerability specific to your company. This would allow you to prepare a patch for this vulnerability before it was exploited. 

Additionally, hackers might discuss strategies or plans around an upcoming data breach attempt on a dark web forum. Forewarned, you have a better chance of catching and preventing the attempt. However, prevention isn’t always possible. For those scenarios where you do face a data breach you want to discover it as quickly as possible to mitigate the potential damage and limit the costs.

To this end we have integrated with Webhose to advance our early data breach detection capabilities. Additionally, we have launched LERTR, a cyber specific OSINT platform. aa

Final Words

Data breaches are increasingly common and expensive. Effective preventative measures need to be put in place and maintained to limit threats. However, even the best defences can fall to a determined threat actor. As such organizations needs to ensure they have all the tools to not only prevent, but also to detect early and contain data breaches quickly should one occur.

Signal is a powerful OSINT tool which allows users to create searches using boolean logic enhanced with NLP, with which security teams can efficiently monitor online activity to detect threats as or even before they emerge.

Artificial Intelligence (AI) describes technologies that can make informed, non-random decisions algorithmically. It has many current and potential applications, it is the current pinnacle of humanities ceaseless drive towards greater and greater efficiency. In particular regard to OSINT though, it enables humans to collect, analyze and interpret huge sets of data, data sets so large that it would be entirely unfathomable to even approach them without machine assistance.

Everyone knows AI is shaping their world in one way or another. But often the changes are subtle, gradual and go unnoticed. Very few of us know what actually goes on behind the steel doors of the big tech companies like Alphabet, Facebook, and Apple. And yet we interact with their AI systems on a daily basis and those systems have huge power over our lives. In this article, we take a look at some of the key ways AI is being used today and how it will become increasingly important as our technologies improve.

5 Ways AI is Shaping the World 

1. Improving and optimising business processes 

The very first robots in the workplace were all about automating simple manual tasks. This is the age of factories and production lines. Today though, it’s not manual tasks that robots are taking over. Instead, software-based robots are taking on repetitive tasks carried out on computers. 

Initially, this was limited to automating simple repetitive tasks, such as “send follow up email 2 if no response after 3 days”. This has already reduced admin tasks and improved business operational efficiencies immeasurably. The next step though is the use of AI technologies to further alleviate some of the more labour intensive ‘intelligent’ tasks such as data gathering, aggregating and analysis, leaving people to spend more time on complex, strategic, creative and interpersonal tasks.

2. More personalization will take place in real-time

Big tech companies are already using data to personalization services. Google Discover, for example, is a feed based on a complex algorithm which reads your online history and tailors the news feed to your particular interests. Other big tech examples are Spotify and Netflix which use AI to suggest relevant media based on your historical behaviour. 

This technology is constantly being evolved and is probably one of the most noticeable in our day to day lives. The end goal is a system which can almost perfectly predict your desires and needs, an outcome none of us are likely to protest against. On the other side of the same coin though is the use of that very same data to target individuals with hyper-relevant ads. This practice can often seem intrusive and is one of the driving forces behind the adoption of VPN’s.

3. AI in the creative space

Some things are still, even in 2020, better handled by humans. That being said AI technologies are now beginning to encroach on the creative spaces. Scorsese's, The Irishman, is one example of this, where Robert De Niro was de-aged on-screen using AI technology. 

There are additional uses though, for example, AI is being used to edit video clips for the purposes of spreading misinformation, and often these edits are incredibly hard to spot. This has led to a new sector of cybersecurity which requires AI technology to spot AI-generated or edited video and audio files. 

4. Increasing AI in Cybersecurity

Even as data grows and is used to progress the development of AI this simultaneously opens up new avenues for exploits by threat actors. For example, AI can be used to create and automate targeted ‘intelligent’ phishing campaigns. AI-supported cyberattacks though have the potential to go much further.  As such, increasingly advanced AI is needed to combat the evolving cyber threat landscape.

Related: How Machine Learning is Changing Modern Security Intelligence 

5. AI learning to perfectly emulate humans

Anyone that keeps their eye on the work that Google is doing will know about their 2019 update, BERT. A natural language processing (NLP) framework which is designed to better understand context and intertextual reference so that they can correctly identify both the searcher's intent as well as the intent behind any content created. 

One of the key challenges that faces AI right now is idiomatic or referential speech; language that has more depth of meaning, for example, determining the importance of the concept of a mother, or understanding a phrase like “six feet under”. Our current research and development project at Signal is one example of the practical applications of overcoming this challenge. It involves using machine learning to enable our software to understand the intent behind text, even when ‘hidden’ behind challenging language like idioms, to more accurately identify threats.  

As these natural language processes advance, so too will conversational AI bots, to the point where, because of the range and complexities of their answers, you would be forgiven for mistaking them as human.

The Future of AI and what that means for OSINT

Artificial Intelligence, machine learning, and automation have already revolutionized intelligence gathering. With OSINT tools like Signal security teams and intelligence agents can effectively and efficiently monitor the open, deep, and dark web, setting up customized alerts based on searches that leverage boolean logic. Machine learning takes this intelligence to the next level. It allows for vast amounts of data to be collected, aggregated, and for all the irrelevant hits to be essentially culled, supplying the security team at the end with actionable, relevant intelligence.

Humans play an essential role in this new intelligence lifecycle. In defining the search terms to match security strategies, analysing the end date the system feeds back, reassessing the searches based on the new evidential data and implementing appropriate responses. This is a key role that will no doubt evolve as the technology becomes more accurate, reducing inefficiencies in process.