How organizations can prepare for emerging threats from the dark web

How organizations can prepare for emerging threats from the dark web

Tämä tutkielma käsittelee pimeää verkkoa ja sieltä organisaatioille nousevia uhkia. Pimeän verkon tutkimisella voidaan kasvattaa ymmärrystä kyberrikollisten toimintatavoista ja saada kyberuhkatietoa. Tavoitteena oli selvittää, millaisia uhkia pimeästä verkosta nousee organisaatioille ja miten niihin...

Full description

Bibliographic Details
Main Author: Itkonen, Juuso
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2022
Subjects:
cyber threat intelligence
the dark web
attack techniques
mitigations
Tietotekniikka
Mathematical Information Technology
602
Tor-verkko
anonyymiverkot
verkkohyökkäykset
Tor (anonymity networks)
anonymity networks
cyber attacks
Online Access: https://jyx.jyu.fi/handle/123456789/81419
_version_ 1826225750971252736
author Itkonen, Juuso
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Itkonen, Juuso Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Itkonen, Juuso Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Itkonen, Juuso
datasource_str_mv jyx
description Tämä tutkielma käsittelee pimeää verkkoa ja sieltä organisaatioille nousevia uhkia. Pimeän verkon tutkimisella voidaan kasvattaa ymmärrystä kyberrikollisten toimintatavoista ja saada kyberuhkatietoa. Tavoitteena oli selvittää, millaisia uhkia pimeästä verkosta nousee organisaatioille ja miten niihin voisi varautua. Mahdollisesti saatavalla kyberuhkatiedolla voitaisiin varautua ennakoivammin erilaisiin kyberuhkiin ja hyökkäyksiin. Pimeän verkon teknologiaksi rajattiin Tor-verkko, koska se on käytetyin teknologia. Tutkimusstrategiana oli tapaustutkimus ja tapauksena Nasdaq Helsinki listatut yhtiöt sekä niihin liittyvien verkkotunnuksien perusteella löydetyt uhkaavat asiat pimeästä verkosta. Tutkimuskysymykseen siitä, miten organisaatiot voivat varautua pimeästä verkosta nouseviin uhkiin, pyrittiin hakemaan vastausta. Tähän kysymykseen vastaamiseksi lähdettiin kartoittamaan, mitä organisaatioista löytyneistä tiedoista voitaisiin hyödyntää kyberhyökkäyksissä tai kertovatko löydökset suoraan meneillään olevasta uhkaavasta toiminnasta. Lisäksi kartoitettiin lievennyskeinoja löydöksiin liittyviin uhkiin. Hyökkäystekniikoita ja -kuvioita sekä lievennyskeinoja kartoitettiin MITRE ATT&CK viitekehystä ja MITRE CAPEC katalogia vasten siellä missä se oli mahdollista. Myös CIS Controls kontrollit kartoitettiin tunnistettuihin kyberhyökkäysmenetelmiin soveltuvin osin. Erityisesti vuodettuihin salasanoihin liittyviä löydöksiä ilmeni Nasdaq Helsinki tapauksessa. Näitä voidaan käyttää valtuuttamattomaan pääsyyn palveluihin, jos myös käyttäjätunnus ja kohdejärjestelmä tunnetaan. Tämän tutkimuksen pohjalta voidaan todeta, että pimeästä verkosta saatavalla kyberuhkatiedolla on merkitystä. Näillä tiedoilla olisi mahdollista suojautua ennakoivammin kyberrikollisuutta vastaan. Organisaatioiden tulisikin hyödyntää kyberuhkatietoja suojautuakseen paremmin mahdollisilta kyberuhkilta ja -hyökkäyksiltä. Jos ei tiedä mille uhkille altistuu, niin niiltä voi olla hankala suojautua. This study examines the dark web and emerging threats to organizations from there. It is possible to acquire cyber threat intelligence and a greater understanding of cybercriminal practices by conducting research on the dark web. The objective was to determine what kind of threats emerge from the dark web and how organizations can prepare for them. The possibly available intelligence on cyber threats could be used for more proactive preparation against various cyber threats and attacks. Because Tor is the most used technology, it is used to represent the darknet. The research methodology consisted of a case study. The issue involved Nasdaq Helsinki and the associated surface exposures that were discovered using the domain names of the listed companies. It was attempted to answer the research question of how organizations may prepare for increasing threats from the dark web. In order to address this issue, mapping began to determine if the discovered information on the organizations may be used in cyberattacks or if the discoveries directly indicate the existence of ongoing threatening activities. In addition, mitigation actions for the identified threats were identified. Whenever possible, attack techniques and patterns as well as mitigation measures were mapped to the MITRE ATT&CK and MITRE CAPEC frameworks. When applicable, CIS Controls were also mapped to identified cyber-attack techniques. In the instance of Nasdaq Helsinki, findings relating to password leaks were very prominent. If the username and target system are known, these can be used to gain unauthorized access to the services. On the basis of this investigation, it is possible to conclude that cyber threat intelligence collected from the dark web is significant. This information would allow for more proactive defense against cybercrime. Therefore, organizations should utilize cyber threat intelligence to protect themselves from future cyberattacks. If you are unaware of the threats you face, it can be difficult to protect yourself from them.
first_indexed 2022-06-02T20:00:47Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Niemel\u00e4, Mikko S.", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Itkonen, Juuso", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2022-06-02T06:54:13Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2022-06-02T06:54:13Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2022", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/81419", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4 tutkielma k\u00e4sittelee pime\u00e4\u00e4 verkkoa ja sielt\u00e4 organisaatioille nousevia uhkia. Pime\u00e4n verkon tutkimisella voidaan kasvattaa ymm\u00e4rryst\u00e4 kyberrikollisten toimintatavoista ja saada kyberuhkatietoa. Tavoitteena oli selvitt\u00e4\u00e4, millaisia uhkia pime\u00e4st\u00e4 verkosta nousee organisaatioille ja miten niihin voisi varautua. Mahdollisesti saatavalla kyberuhkatiedolla voitaisiin varautua ennakoivammin erilaisiin kyberuhkiin ja hy\u00f6kk\u00e4yksiin.\n\nPime\u00e4n verkon teknologiaksi rajattiin Tor-verkko, koska se on k\u00e4ytetyin teknologia. Tutkimusstrategiana oli tapaustutkimus ja tapauksena Nasdaq Helsinki listatut yhti\u00f6t sek\u00e4 niihin liittyvien verkkotunnuksien perusteella l\u00f6ydetyt uhkaavat asiat pime\u00e4st\u00e4 verkosta. Tutkimuskysymykseen siit\u00e4, miten organisaatiot voivat varautua pime\u00e4st\u00e4 verkosta nouseviin uhkiin, pyrittiin hakemaan vastausta. T\u00e4h\u00e4n kysymykseen vastaamiseksi l\u00e4hdettiin kartoittamaan, mit\u00e4 organisaatioista l\u00f6ytyneist\u00e4 tiedoista voitaisiin hy\u00f6dynt\u00e4\u00e4 kyberhy\u00f6kk\u00e4yksiss\u00e4 tai kertovatko l\u00f6yd\u00f6kset suoraan meneill\u00e4\u00e4n olevasta uhkaavasta toiminnasta. Lis\u00e4ksi kartoitettiin lievennyskeinoja l\u00f6yd\u00f6ksiin liittyviin uhkiin. Hy\u00f6kk\u00e4ystekniikoita ja -kuvioita sek\u00e4 lievennyskeinoja kartoitettiin MITRE ATT&CK viitekehyst\u00e4 ja MITRE CAPEC katalogia vasten siell\u00e4 miss\u00e4 se oli mahdollista. My\u00f6s CIS Controls kontrollit kartoitettiin tunnistettuihin kyberhy\u00f6kk\u00e4ysmenetelmiin soveltuvin osin.\n\nErityisesti vuodettuihin salasanoihin liittyvi\u00e4 l\u00f6yd\u00f6ksi\u00e4 ilmeni Nasdaq Helsinki tapauksessa. N\u00e4it\u00e4 voidaan k\u00e4ytt\u00e4\u00e4 valtuuttamattomaan p\u00e4\u00e4syyn palveluihin, jos my\u00f6s k\u00e4ytt\u00e4j\u00e4tunnus ja kohdej\u00e4rjestelm\u00e4 tunnetaan. T\u00e4m\u00e4n tutkimuksen pohjalta voidaan todeta, ett\u00e4 pime\u00e4st\u00e4 verkosta saatavalla kyberuhkatiedolla on merkityst\u00e4. N\u00e4ill\u00e4 tiedoilla olisi mahdollista suojautua ennakoivammin kyberrikollisuutta vastaan. Organisaatioiden tulisikin hy\u00f6dynt\u00e4\u00e4 kyberuhkatietoja suojautuakseen paremmin mahdollisilta kyberuhkilta ja -hy\u00f6kk\u00e4yksilt\u00e4. Jos ei tied\u00e4 mille uhkille altistuu, niin niilt\u00e4 voi olla hankala suojautua.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This study examines the dark web and emerging threats to organizations from there. It is possible to acquire cyber threat intelligence and a greater understanding of cybercriminal practices by conducting research on the dark web. The objective was to determine what kind of threats emerge from the dark web and how organizations can prepare for them. The possibly available intelligence on cyber threats could be used for more proactive preparation against various cyber threats and attacks.\n\nBecause Tor is the most used technology, it is used to represent the darknet. The research methodology consisted of a case study. The issue involved Nasdaq Helsinki and the associated surface exposures that were discovered using the domain names of the listed companies. It was attempted to answer the research question of how organizations may prepare for increasing threats from the dark web. In order to address this issue, mapping began to determine if the discovered information on the organizations may be used in cyberattacks or if the discoveries directly indicate the existence of ongoing threatening activities. In addition, mitigation actions for the identified threats were identified. Whenever possible, attack techniques and patterns as well as mitigation measures were mapped to the MITRE ATT&CK and MITRE CAPEC frameworks. When applicable, CIS Controls were also mapped to identified cyber-attack techniques.\n\nIn the instance of Nasdaq Helsinki, findings relating to password leaks were very prominent. If the username and target system are known, these can be used to gain unauthorized access to the services. On the basis of this investigation, it is possible to conclude that cyber threat intelligence collected from the dark web is significant. This information would allow for more proactive defense against cybercrime. Therefore, organizations should utilize cyber threat intelligence to protect themselves from future cyberattacks. If you are unaware of the threats you face, it can be difficult to protect yourself from them.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2022-06-02T06:54:13Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2022-06-02T06:54:13Z (GMT). No. of bitstreams: 0\n Previous issue date: 2022", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "65", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "cyber threat intelligence", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "the dark web", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "attack techniques", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "mitigations", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "How organizations can prepare for emerging threats from the dark web", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202206023041", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Tor-verkko", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "anonyymiverkot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "Tor (anonymity networks)", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "anonymity networks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber attacks", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_81419
language eng
last_indexed 2025-02-18T10:54:58Z
main_date 2022-01-01T00:00:00Z
main_date_str 2022
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/08a82783-ee14-4859-bd5f-c67c346a6cf5\/download","text":"URN:NBN:fi:jyu-202206023041.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2022
record_format qdc
source_str_mv jyx
spellingShingle Itkonen, Juuso How organizations can prepare for emerging threats from the dark web cyber threat intelligence the dark web attack techniques mitigations Tietotekniikka Mathematical Information Technology 602 Tor-verkko anonyymiverkot verkkohyökkäykset Tor (anonymity networks) anonymity networks cyber attacks
title How organizations can prepare for emerging threats from the dark web
title_full How organizations can prepare for emerging threats from the dark web
title_fullStr How organizations can prepare for emerging threats from the dark web How organizations can prepare for emerging threats from the dark web
title_full_unstemmed How organizations can prepare for emerging threats from the dark web How organizations can prepare for emerging threats from the dark web
title_short How organizations can prepare for emerging threats from the dark web
title_sort how organizations can prepare for emerging threats from the dark web
title_txtP How organizations can prepare for emerging threats from the dark web
topic cyber threat intelligence the dark web attack techniques mitigations Tietotekniikka Mathematical Information Technology 602 Tor-verkko anonyymiverkot verkkohyökkäykset Tor (anonymity networks) anonymity networks cyber attacks
topic_facet 602 Mathematical Information Technology Tietotekniikka Tor (anonymity networks) Tor-verkko anonymity networks anonyymiverkot attack techniques cyber attacks cyber threat intelligence mitigations the dark web verkkohyökkäykset
url https://jyx.jyu.fi/handle/123456789/81419 http://www.urn.fi/URN:NBN:fi:jyu-202206023041
work_keys_str_mv AT itkonenjuuso howorganizationscanprepareforemergingthreatsfromthedarkweb

Similar Items