David Carmiel, KELA: “the danger emerging on the dark web is massively growing, and attacks are rocketing up”
With the world experiencing major global events, including wars and pandemics, various cyberthreats are on the rise.
It’s getting nearly impossible to ignore the increasing volume of cyberattacks for both regular users and companies. An irresponsible way of building a digital security system in the organization can lead to an overall malfunction of the company, financial losses, and other long-term consequences.
To learn more about improving online security, Cybernews had a chat with David Carmiel, the CEO of a company that specializes in cybersecurity – KELA. He agreed to share his views regarding rising threats, safety measures, and the role of his product.
Tell us the story behind KELA. What has the journey been like since your launch?
KELA was founded in 2009 and entered the threat intelligence space around 2014. Most recently, 2021 has been one of the most interesting years in the company. As we saw leaders worldwide forced to think creatively and learn to be more flexible in the face of Covid, our team evolved our go-to-market strategy and focused on product-led growth.
Can you introduce us to what you do? What are the main issues you help solve?
KELA brings automation and scalability to dark web threat intelligence. Our technology accesses and monitors the dark web for organizations’ valuable assets and provides actionable insights from data and discussions within the cybercrime ecosystem. We bring massively scalable cyber threat intelligence solutions to organizations, law enforcement agencies, and managed security services providers (MSSPs) through sophisticated automation, data capture, and analysis capabilities, making the complex cybercrime underground accessible and easy to navigate.
The most prominent problems organizations face with dark web threat intelligence include visibility, access, automation, anonymity, and expertise. Here is how we solve for each:
- Visibility: we provide focused, actionable intelligence to neutralize relevant threats observed in the cybercrime underground. We apply unique methods for penetrating hard-to-access sources, using our automated solution built on highly sophisticated technology.
- Access: our unique security data lake holds a rich bank of processed intelligence for a clear, straightforward view of structured data and finished intelligence. Our flexible technology makes the collection, analysis, and management of intelligence – even across multiple languages – highly scalable and accessible.
- Automation: we offer a fully operational, automated, and scalable dark web intelligence platform used daily by Tier 1 security and intelligence professionals worldwide.
- Anonymity: we allow organizations to obtain access to raw data straight from our data lake while meeting legal and compliance requirements and without exposing the scope of their investigation to threat actors.
- Deep expertise: our intelligence covers the entire life cycle with technology and products designed by Israeli army intelligence professionals and veteran intelligence experts. Extending existing cyber intelligence efforts, we go the extra mile to cultivate a deep understanding of a customer’s environment and proactively direct its efforts to what matters most for each security situation. Our managed intelligence services act as your integrated but outsourced team, bridging gaps in your organization’s bandwidth.
KELA’s mission is to deliver the world’s best intelligence solutions that empower organizations to neutralize the most relevant threats observed in the cybercrime underground. We partner with organizations to defeat criminals before they can penetrate your business or cause harm by exposing the hidden dangers lurking in the darkest corners of the internet.
What technology do you use to detect and analyze threats?
KELA’s market-leading cyber threat intelligence end-to-end platform penetrates the hardest-to-reach places to automatically collect, analyze, monitor, and alert on emerging threats coming from the cybercrime underground. It comprises three products, each designed with a unique purpose to serve the organization’s needs.
DARKBEAST is KELA’s solution for conducting an in-depth, anonymous investigation, analysis, and advanced research on the dark web. DARKBEAST provides unrestricted access to KELA’s unique and rich security data lake comprising years of data collected from the dark web. It helps organizations gain real-time, contextualized insights into cyberattack trends and assess the profiles of cyberattackers.
KELA's monitoring and analysis tool – RADARK – takes the intelligence investigation to the next level by enabling custom, real-time dark web monitoring capabilities and providing a clear overview of possible threats, along with tailored threat remediation recommendations.
INTELACT, KELA’s automated attack surface intelligence solution for SMBs and MSSPs, further enhances cyber threat detection with efficient real-time alerts and contextualized and actionable intelligence that enables organizations to act on threats and maintain a reduced cyberattack surface.
In conjunction, these products act as a personalized SWAT team working together as a complete threat intelligence platform for cyber threat detection, neutralization, and analysis. It empowers KELA’s clients to focus on relevant, organization-related cybersecurity threats and relieves organizations from manually detecting them amidst the cybercrime underground chaos and the massive number of false-positive alerts.
Additionally, KELA’s technology assists organizations in investigating possible cyberattacks by uncovering tactics, techniques, and procedures (TTPs) or threat vectors and locating lists of potential ransomware victims and sales of network access information on the dark web.
Do you think the current global events are going to influence how threat actors operate?
Global events and the way threat actors operate often go hand in hand. Threat actors are constantly looking for the latest vulnerability, whether it’s a utility vulnerability like Log4j or a human vulnerability like recent phishing attacks on Ukrainian soldiers.
These global events create new trends in the dark web community that KELA takes into account. For example, the emerging trend of cybercriminals shifting from text-based to image-based discussions to evade detection by bots that read and analyze online texts on the dark web.
To counter this trend, KELA has come up with a cutting-edge OCR technology that, combined with its intelligence solutions, captures data from picture-based online discussions from various online spaces like Internet forums, Telegram groups, and Discord servers. This allows KELA to enhance its delivery of real-time cyber threat detection results to clients.
With every year that passes and significant global events, the danger emerging on the dark web is massively growing, and attacks are rocketing up. It used to be just financial institutions and banks that were concerned with monitoring the dark web for fraud and financial crimes. But today, every sector gets attacked – from education institutions to nonprofit organizations to hospitals.
Across all industries that you work with, what types of threats are the most common nowadays?
In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organizations worldwide. High-profile attacks disrupted operations of companies in various sectors, including critical infrastructure (Colonial Pipeline), food processing (JBS Foods), insurance (CNA), and many more.
KELA’s annual Cybercrime Threat Intelligence Report found the number of ransomware attacked companies increased from 1460 in 2020 to 2860 in 2021, and almost 40 of those companies were compromised twice by different ransomware gangs.
The rise of initial access brokers and monetization methods is another major threat organizations must be concerned with. Most cyberattacks start with an initial access broker publishing a small post on the dark web, listing network access for sale.
For years, KELA has been tracking initial access brokers and the initial network access listings that they publish for sale on various cybercrime underground forums. Initial Network Access refers to remote access to a computer in a compromised organization. Threat actors selling these accesses are referred to as initial access brokers.
Initial access brokers play a crucial role in the ransomware-as-a-service (RaaS) economy. They significantly facilitate network intrusions by selling remote access to a computer in a compromised organization and linking opportunistic campaigns with targeted attackers, often ransomware operators. Recently, KELA explored over 1000 access listings offered for sale and found the average price for network access during this period was 5,400 USD.
Other widely common threats include supply chain attacks, financial crimes, fraud, brand damage, and the orchestration of terror attacks.
What are the most common problems companies can run into if appropriate threat intelligence solutions are not in place?
The most common problems companies run into if appropriate threat intelligence solutions aren’t in place include:
- Difficulty prioritizing intelligence, handling false positives, and alter fatigue
- Inability to prepare in advance for unexpected attacks because they don’t know what’s out there until it’s too late
- Inability to detect and act on simultaneous, continually changing internal and external threats
- Unable to keep up with growing attack sophistication
- Managing internal skills and resources gaps
Besides threat intelligence solutions, what other actions should businesses take to upgrade their cybersecurity posture?
- Be proactive, not reactive. Identify how your organization can get savvy on what cybercriminals are talking about and trading in.
- Establish a method of operations. Decide whether you want to engage an outsourced team to manage your security efforts or build an in-house team to do it. Your team may not have the skills, knowledge, or permission to collect intelligence in all of the places criminal actors dwell. But if you do have the in-house option, make sure your analysts are experienced enough to know what kinds of threats to look for and how to assess them when found. Be sure to think about automated vs. manual intelligence collection.
- Map out your key assets. Map out all possible entry points that cybercriminals could leverage to get into your organization.
- Define KPIs. Think about how to determine when you have reached your security goals. This can be a bit tricky because it’s not easy to calculate damage from what could have happened but didn’t because you prevented an attack. Still, you can define scores or levels of exposure that you would want to reach, specific actors you want to track, patching of vulnerabilities in your software infrastructure, and other tangible goals based on your key asset mapping.
- Continually re-evaluate your plan in the context of changing needs. Your plan cannot stay static because cybercriminals and their methods are always changing. Your security protocols must adapt to that shifting ecosystem.
Since the topic of dark web monitoring may be lesser known by the general public, can you tell us more about this practice?
Ever-present cybersecurity threats have multiplied manifold post COVID. As organizations rushed their on-premises system to the cloud in a mostly haphazard manner to expedite remote work, it left gaping holes in internal security. Amidst this scenario, the dark web, which initially started as an overlay network within the Internet for private file hosting with end-to-end peering, has gradually transformed into the primary playground for cybercriminals and nation-state hackers to collaborate, communicate, and monetize stolen data.
Organizations must penetrate the hardest-to-reach places to automatically collect, analyze, monitor, alert, and defend against threats coming from the cybercrime underground.
And finally, what’s next for KELA?
Going forward, KELA seeks to bring to fruition its ambitious expansion plans on the business and technology fronts. KELA currently has prominent business operations in North America, Europe, APAC, and the UAE.
On the technology front, KELA plans to further invest in additional cost-effective, user-friendly, easy-to-implement solutions equipped with automated threat remediation recommendations. We also aim to assist smaller organizations in fast enhancing their cybersecurity measures at par with large ones.
An attack originating on the dark web can bypass all security mechanisms. This danger is real and poses a growing threat to organizations of all sizes. KELA will continue to assist organizations in successfully leveraging data securely with the technology we have released and plan to release on the market.