Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
In 1984, science fiction writer William Gibson became the father of the Cyberpunk fiction genre with his novel, Neuromancer. Neuromancer and its follow up novels, Count Zero and Mona Lisa Overdrive, can be interpreted as narratives about humanity’s grapple with technology and technology’s effects on the development of culture and crime. Strangely enough, these stories’ backdrop can also be mapped thematically to the real-world rise and splintering of the modern dark web marketplace and help teach us what’s in store for future users (and give me a chance to talk about sci-fi).
Buckle up! This blog post will be a bit nerdier than usual – minor spoilers for three science fiction novels from the 20th century ahead!
How can the modern network of .onion marketplaces be understood through novels about a cyberpunk dystopia? The answer is in how dark web marketplaces grow and die.
Gibson’s novels, collectively known as the Sprawl Trilogy, often deal with the concept of Artificial Intelligence (AI). The first novel itself culminates with a single AI, Wintermute, developing into an enormous, monolithic system after it was able to evade and outwit law enforcement and other adversarial factions. It’s then struck down in the second novel by an outside force and explodes into a teeming multitude of lesser intelligences which inhabit cyberspace, also known as the matrix.
If Wintermute’s story sounds familiar, it’s because that’s beat-for-beat how many of the largest dark web marketplaces meet their end, with their users jumping ship to create new sites or make their trades off the Tor network entirely. Looking back to 2013, many of the roughly one million users of Silk Road likely migrated to other sites or created new ones when the marketplace giant was shut down by the FBI and Europol.
However, in 2017 one of the largest marketplaces at the time, Alpha Bay, had only 400,000 users when it was terminated by authorities. This can partially be attributed to the fracturing of the marketplaces on the .onion network – over time it has become more and more common for sites to maintain a selective membership rather than growing into Silk Road-esque goliaths. But like Wintermute, who was split into multiple, smaller selves, it’s clear the current dark web marketplace in 2019 is diminished compared to days of yore. However, the items and services available for purchase are only advancing!
Did you know? Many marketplaces also die out due to internal causes, like exit scams or the leakage of user details. For instance, Nightmare Market has been in disarray with talks of an exit scam, and around this time last year Olympus Market did the same thing.
Figure 1: Users on Dread (a reddit-like site for dark web marketplace news) reacting to the alleged Nightmare exit scam.
It’s worth mentioning, not every popular marketplace is shut down by authorities; Digital Shadows (now ReliaQuest) recently reported a likely exit scam from one criminal dark web marketplace, Nightmare. Often a marketplace’s lifespan is affected by threats within almost as frequently as without – the more successful a site gets, the more lucrative an exit scam may be. While titillating, the shuttering of dark web marketplaces is nothing new. However, clear attempts to de-anonymise the Tor network are in full-swing, perhaps leaving some users fearful that the old havens are not as secure as they once were.
Another common theme of Gibson’s Sprawl Trilogy is how dangerous life can be on the net. Hostile forces ranging from the police, ghosts in the machine, and other hackers can pose huge risks, which cause many net denizens to hang up their hats. This seems to be what’s happening with many users on different Tor marketplaces. After countless busts, exit scams, and dodgy security controls, people are leaving in droves – many continuing to conduct business elsewhere. For instance, criminal forums like Sinister, Raid Forums, and Exploit are reasonably popular despite maintaining presences on the clear web.
Alternative marketplaces: At Digital Shadows (now ReliaQuest), we often see cyber criminals trading credentials, payment card information, and other data on places like Telegram and Pastebin. These act as alternatives to sites or exit nodes that some users may no longer trust.
Figure 2: A Telegram message excerpt – the post exposes complete payment card details.
The dark web (and specifically Tor) isn’t going away any time soon. However, the winnowing of many Tor marketplaces, fear of eavesdropping, and frustrations from constant DDoS attacks are likely pushing many users away.
Monitoring for your company assets, whether those are related to your internal employees or external customers, is a large task but not an impossible one. If you want to go down the free route, take a look at our Practical Guide to Reducing Digital Risk and make sure to get a solid understanding of the dark web with our comprehensive blog on the topic, Dark Web Monitoring: The Good, The Bad, and The Ugly.
In the next year it’s likely that organizations will see more customer information for sale on services like Telegram. And like cyberspace (which in the Sprawl Trilogy is exclusive and tightly controlled), many marketplaces on the .onion network are likely to become more mature, compartmentalized, and selective when it comes to their user base.
At Digital Shadows (now ReliaQuest), we help our clients monitor for sensitive and unwanted information that is exposed on the dark web. This can include mentions of your products and assets being sold on criminal locations, research tools shared and sold on the criminal underground, and insiders selling valuable data or privileged access. You can learn more on our dark web monitoring page here.
A final note: All readers are encouraged by the author to read the Sprawl Trilogy. Also, for slightly less nerdy insights, subscribe to our threat intelligence newsletter to check out our other blog posts!