Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Digital Shadows (now ReliaQuest) has been researching the cybercriminal response to the COVID-19 outbreak sweeping across the globe. We’ve been monitoring several dark web forums, looking for answers to questions including whether discussions of COVID-19 are as popular on the dark web as they are on the clear web and how in general cybercriminals are discussing COVID-19.
In summary, while we’ve seen cybercriminals attempting to capitalize on fear and uncertainty surrounding the COVID-19 pandemic, we’ve also observed some atypical discussions from users including:
The ongoing COVID-19 (aka coronavirus) pandemic has dominated the media over the past few weeks. Voluntary self-isolation and government-mandated restrictions of movement have significantly impacted the lives of millions. Over the past few weeks, cybercriminals have been attempting to capitalize on fear and uncertainty surrounding the COVID-19 pandemic by conducting phishing, selling fraudulent medical equipment, and spreading misinformation.
In January, we published a blog discussing how the dark web mirrors our everyday lives. While that now seems like forever ago, we decided to revisit this concept in the current climate with these questions in mind: Are discussions of COVID-19 as popular on the dark web as they are on the clear web? How are cybercriminals discussing COVID-19?
Google Trends analyzes the popularity of top search queries on Google Search and compares the volume of those queries over time across different regions. We chose a simple query of the search term “coronavirus” across all regions worldwide over the past 90 days.
But how does this compare to the dark web?
Unfortunately, there is no centralized search engine on the scale of Google that covers .onion domains. Instead, we used Digital Shadows (now ReliaQuest)’ Shadow Search (now ReliaQuest GreyMatter Digital Risk Protection) to look for mentions of “COVID-19” OR “coronavirus” across dark web sources over the past 90 days.
(If you want to try this yourself, sign up for free demo of our tool here.)
In the chart below, the purple line is the data from Google Trends, and the teal line is the dark web data from Shadow Search (now ReliaQuest GreyMatter Digital Risk Protection).
COVID-19 interest on the clear web vs. dark web (Teal: Dark web results via Shadow Search (now ReliaQuest GreyMatter Digital Risk Protection); Purple: Clear web via Google Trends)
From this data, discussions of COVID-19 on the dark web have followed a very similar path to search queries on the clear web. In the past month alone, there has been a 738% increase in the number of COVID-19-related terms on dark web sources. This aligns with the spike in Google searches beginning around February 19.
It’s important to note that the Y-axis does not represent the total number of searches. Instead, as Google notes, these numbers represent search interest relative to the highest point on the chart for the given region and time. A value of 100 is the peak popularity of the search query, a value of 50 means that the query is half as popular, and a value of 0 means that there was not enough data available. The data pulled from Shadow Search (now ReliaQuest GreyMatter Digital Risk Protection) consists of individual mentions of COVID-19-related terms and has been added over the Google Trends axes.
Another caveat is that dark web ≠ cybercriminality. While there are several examples of overt criminal activity, as discussed in our previous blog on COVID-19, not all mentions of COVID-19 on dark web sources are criminal. For example, some of these are likely from the dark web mirrors of legitimate social media and news sites.
COVID-19 article on The New York Times dark web mirror
This trend should not come as a surprise to anyone. It is expected that the popularity of searches for “coronavirus” will increase with media coverage and as governments address the pandemic.
So what do some of the discussions about COVID-19 on cybercriminal forums look like? Similarly to how it has affected search popularity on the clear web, the COVID-19 pandemic has impacted the direction of discussions on the cybercriminal landscape, resulting in users creating posts off-topic to typical forum discussions.
On Torum, a popular English-language dark web cybercriminal forum, several users have taken to the forum to provide their perspectives on how the COVID-19 pandemic has affected them. One user, “L-47”, only recently joined the forum, seemingly with the express intent to provide first-hand information on the impact of the virus in Spain and Germany:
Another user appeared concerned about the supposed lack of activity from forum members.
On BlackHatWorld, an ethically-questionable clear web forum, users created similar posts recapping the current situation.
Likewise, on forums dedicated to the trade and sale of stolen accounts like Cracking King and Cracking Soul, users have created off-topic posts expressing solidarity for the situation in Italy, warning fellow forum members to take extra care of at-risk and elderly family members.
Unfortunately, there are still individuals that are overtly seeking to take advantage of the current situation for profit (See our blog How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation. But, in a seemingly atypical move for a cybercriminal forum, these attempts are not always well-received. For example, one user took to Torum to ask for advice on how best to take advantage of COVID-19, only to receive responses pleading them not to profit off the pandemic.
As we’ve seen time and time again, cybercriminals will find ways to take advantage of people’s fears and uncertainties in the wake of major disasters and emergencies. However, the gravity of the COVID-19 pandemic has shown some benevolent reasoning has emerged on some platforms that are typically used for crime: Users urging others to avoid taking advantage of an already dire situation.
To get instant search of dark web pages, criminal forums, threat feeds, and more + 200 threat intelligence profiles of actors, tools, and campaigns, register for a free demo request of Search Light (now ReliaQuest GreyMatter Digital Risk Protection).