How to Automate Supply Chain Risk Reports: A Guide for Developers
Do you use Python? If so, this guide will help you automate supply chain risk reports using AI Chat GPT and our News API.
Discussions about Common Vulnerabilities and Exposures (more commonly known as CVEs), can be found across all corners of the dark web, in hacking forums, illicit marketplaces, and clandestine chat applications. These often hidden spaces offer cybercriminals a relatively safe and accessible environment to exchange insights, uncover vulnerabilities, and even trade methods for exploiting CVEs. These illicit activities lead to far-reaching implications, leading to unauthorized access to digital assets, data breaches, and cyberattacks.
Cybercriminals use CVEs on the dark web in various ways, including:
Because the dark web serves as a rich environment for cybercriminals to learn, exchange, and trade guides and tools related to cyberattacks, it serves as a prime space for the continuous discovery of new vulnerabilities and CVEs. Many companies monitor the dark web to track any attempts of cybercriminals to leverage these vulnerabilities to compromise systems, steal sensitive data, and cause widespread harm to their business and employees.
We have noted a persistent surge in the volume of discussions about CVEs on the dark web when we looked for relevant values on our new dark web monitoring tool Lunar. You can see this trend in the chart below:
The reason behind this trend we believe can be attributed to two main factors. The first is the ongoing identification of security vulnerabilities across diverse software and systems, and the second is the increase in the number of available spaces hackers can easily turn to and securely share their knowledge on the dark web.
To combat this growing risk, cyber analysts need to constantly monitor the dark web to keep their organizations safe. We used the same workflow a cyber analyst would use to discover, investigate and monitor risks involving two CVEs by using our Lunar tool.
We first ran a basic query on Lunar to search for CVEs mentioned on the dark web associated with vulnerabilities, exploits, and other hacking-related mentions that could indicate foul play.
Running the discovery query a year back retrieved almost 15,000 posts.
The first thing we got was an overview which we could easily narrow down according to our needs by using Lunar’s dynamic filters. In the following image, you can easily see the most mentioned CVEs (on the right) by using the CVE Entity filter.
By further zooming in on the most discussed CVEs, and then narrowing down our search to one of them, we can determine which CVEs are the main subject of conversations and how often they’re mentioned on the dark web. This enables us both to discover the top recent CVEs discussed on the dark web and to detect a renewed interest in older CVEs.
You can also find new lines of investigation when using other filters such as risk score, dark web sources, threat actors, and extracted entities found in the posts such as emails, domains, IPs, etc. Each of them allows you to unravel other potential risks and gain quicker insights.
After running this query, we want to enhance our investigation. We start by refining our results by using the sources filter. In this case, we narrowed down our search to posts from the popular Russian underground forum XSS.
Once selecting XSS, the results shrank from 15,000 to a few hundred, streamlining our information intake to allow a more efficient and thorough investigation.
Once a filter is applied, we get an additional layer of insights that help open new directions of investigations.
Once we filtered the results, we found a post (see the image below) in which a threat actor sells exploits and exploit configurations service for 2 different CVEs; The first is CVE-2022-28672, which allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. The second is CVE-2023-21608, a security flaw in Adobe Acrobat Reader versions 22.003.20282, 22.003.20281, and 20.005.30418.
Using exploit configurations, additional components, or guidance that complement an exploit, a hacker can take advantage of vulnerabilities in CVEs, potentially gaining unauthorized access or control over systems, leading to data breaches, system compromise, and broader security risks.
It’s crucial for security teams, from CTI (Cyber Threat Intelligence) Analysts, SOCs (Security Operation Centers), to threat hunters to monitor the dark web for discussions related to CVEs since they can provide early insights into emerging vulnerabilities and potential exploits. By staying informed about the latest CVE-related trends and illicit activities, teams can proactively defend against cyber threats, assess their organization’s risk exposure, and take timely measures to secure their systems before they become targets for malicious actors. This proactive approach helps prevent data breaches, system compromises, and potential financial losses.
CVEs are only one example of many different entities that can be tracked on the dark web to monitor for emerging threats and hacking trends that pose risks to brands, and individuals.
Dark web monitoring tools, like Lunar, help analysts easily search through the largest database of darknet data to discover, investigate, and continuously monitor the dark web for quick insights. In this blog post, we showed how you can efficiently identify and discover recently disclosed CVEs on the dark web, find which system they belong to, on which dark web source they were mentioned, and investigate who posted them and where else those threat actors operate on a daily basis. You can also set up alerts to receive notifications about pre-set searches that you’d like to continuously monitor to gain critical insights and take proactive measures to protect your business.
Do you use Python? If so, this guide will help you automate supply chain risk reports using AI Chat GPT and our News API.
Use this guide to learn how to easily automate supply chain risk reports with Chat GPT and news data.
A quick guide for developers to automate mergers and acquisitions reports with Python and AI. Learn to fetch data, analyze content, and generate reports automatically.