How to Automate Supply Chain Risk Reports: A Guide for Developers
Do you use Python? If so, this guide will help you automate supply chain risk reports using AI Chat GPT and our News API.
On this page
How to Monitor Supply Chain Risks in the Dark Web
How to Monitor Supply Chain Risks in the Dark Web
Key Takeaways
- Supply chain attacks continue to rise and monitoring dark web threats lets you catch vendor vulnerabilities before attackers exploit them.
- Two monitoring models work best: tracking Tactics, Techniques, and Procedures (TTPs) tied to your vendors, or monitoring third-party software for exploits mentioned in underground forums.
- Dark web monitoring tools filter massive amounts of data down to actionable intelligence, identifying critical CVEs and threat actor activity across networks.
- Proactive dark web monitoring reduces the risk of a breach, ensures regulatory compliance, and gives your team visibility into emerging supply chain threats targeting your ecosystem.
The Threat of Supply Chain Attacks
Supply chain networks have become increasingly vulnerable. From cyberattacks to counterfeit products, organizations must proactively monitor potential threats to safeguard their supply chains and their bottom line.
Supply chain attacks are not new. The famous Target breach that took place in late 2013 was a supply chain breach. The threat actors gained access to Target by using credentials stolen from its HVAC provider, Fazio Mechanical Services. Since then, we’ve seen a flow of hundreds of supply chain attacks targeting different industries, from pharma to energy, finance, and more.
Although incidents like SolarWinds have played a significant role in fueling this awareness, it is only in the past few years that we have all recognized the huge impact of these risks. According to SecurityWeek, in the last 3 years supply chain attacks increased by 742%.
While there are various solutions that are used to detect and mitigate these attacks, one emerging solution has gained more attention: dark web monitoring tools. These tools enable companies to proactively identify and address supply chain risks originating from the deep web and darknets, where illicit activities often take place.
In this post, we will explore how dark web monitoring tools can enhance supply chain risk management and explore how easy it is to monitor such risks in the dark web, by using Lunar, Webz.io’s new dark web monitoring tool.
How to monitor supply chain risks on the dark web
The process of monitoring supply chain risks can be done by using two models:
Model #1: Tactics, Techniques, and Procedures (TTPs) monitoring
The analyst should list TTPs that match the vendors of the target company or vendors who have integration or shared resources with the target company. Once a vendor risk, like phishing, malware, or social engineering, is found, it should be evaluated and reported with recommendations to mitigate possible threats.
Model #2: Third-party monitoring
A Third-Party Risk Management (TPRM) analyzes and minimizes risks associated with outsourcing to third-party vendors or service providers. This could mean, for example, detecting a recent exploit mentioned in the dark web that can be associated with Microsoft as a supply chain risk. Effective supply chain monitoring tools help identify these risks by searching for vendor exploits and vulnerabilities across dark web sources.
Example: Third-party risk monitoring on the dark web
Let’s take a look at an example to illustrate how we can perform third-party risk monitoring on the dark web.
The need: The cyber analyst needs to protect Ford Motors. One of the company’s vendors is Fortinet, which provides IT & cyber security services. The software it provides includes FortiGate firewalls, FortiEDR endpoint security software, and FortiSandbox sandboxing software. This means that the analyst will look for Fortinet software vulnerabilities on the dark web as they could pose a risk to Ford Motors as a result.
To illustrate the flow, we’ll use our dark web monitoring tool, Lunar.
How can a cyber analyst monitor supply chain risks with Lunar?
Step #1: Run a general query
The starting point would be to run a very general query, such as (fortinet OR fortigate) on Lunar.
As you can see below, Lunar returned many mentions (27000+), which means we’ll need to narrow it down to a management size of relevant results.
Step #2: Filter to get the most relevant vulnerabilities
In order to trim the long list down to relevant results related to Fortinet, we can use several powerful filters, including:
- A Risk Score of greater than 7 – which has a significant risk level
- According to Site Domain
Even after using them, we get too many results, so we can narrow them down by using the timeline to select recent results, which narrows the list down to 1010 documents.
Step #3: Use the CVE filter to spot specific vulnerabilities
Since 1000+ results are still a big number to analyze, we can narrow it further down by using the CVE filter to find registered vulnerabilities.
This helps us shrink the list from 1010 results to only 15 documents where threat actors mentioned CVEs. The most mentioned one, CVE-2023-27997, appears at the top of the list.
CVE-2023-27997 is a heap-based buffer overflow vulnerability [CWE-122] in FortiOS version that allows unauthenticated access to Fortinet device (RCE). This means that the severity of this vulnerability is critical and it must be reported with a patch and a mitigation plan to all relevant Fortinet products that Ford Motors is using.
Clicking the CVE dynamic filter and then choosing the specific value CVE-2023-27997 will narrow down the results to eight.
Step #4: Completing the risk picture
Looking back at the results, we managed to narrow down to eight documents. Seven out of eight are from Exploit, all from the last few days. The CVE was published on June 20, three weeks earlier.
We then can continue the TPRM process and refine the evaluation by:
- Assessing the site domain
- Profiling the threat actors involved
- Identifying additional CVEs mentioned in relation to Fortinet
After going through these different steps, it’s possible to compile actionable steps to mitigate these risks.
How do dark web monitoring tools help?
Dark web monitoring tools, like Lunar, can help monitor supply chain risks in a number of ways, including:
- Reducing the risk of data breaches – By monitoring the dark web for mentions of suppliers’ products, services, and employees, Lunar can help to identify and mitigate risks of data breaches to any company.
- Getting a full view of emerging supply chain risks – With a simple and quick interface, a company can gain a comprehensive view of new risks in their supply chain. This helps organizations make informed decisions about how to mitigate these risks.
- Bolstering compliance with regulations – Organizations will more easily comply with regulations, like the General Data Protection Regulation (GDPR) by monitoring compromised accounts in near real-time.
What’s next?
With dark web supply chain threats continuously on the rise, dark web monitoring tools play a key role in protecting against emerging threats and mitigating ongoing risks. The job of a TPRM is hard and monitoring these hidden spaces on the web is an endless task that requires simple solutions. For that reason, we have worked with cyber analysts to develop a tool to help them monitor and investigate threats on the dark web with ease.
FAQs
What is the role of the dark web in supply chain attacks?
The dark web is where threat actors gather to buy and sell exploits, stolen credentials, and vulnerabilities targeting your suppliers. They discuss supply chain attack methods, share tools, and coordinate campaigns against vendors. Monitoring these spaces reveals threats before they reach your organization’s supply chain or impact your vendors’ operations.
How do I know if my supplier is mentioned on the dark web?
Dark web monitoring tools search for your vendor names, products, and services across forums and markets. You get alerts when exploits or vulnerabilities mentioning your suppliers surface. This gives you time to contact vendors, discuss patches, and put mitigation strategies in place.
What are the biggest supply chain cyber threats today?
Vendors face credential theft, unpatched software vulnerabilities, malware distribution, and ransomware targeting. Threat actors exploit weak security in smaller suppliers to gain access to larger organizations. A single vulnerable vendor can compromise multiple companies through supply chain web attacks, amplifying risk across interconnected networks.
Can small businesses monitor supply chain risks on the dark web?
Yes. Small businesses face supply chain risks just like enterprises do. Dark web supply chain threats targeting vendors affect organizations of all sizes. Dark web monitoring tools help teams of any size track their vendor ecosystem without adding security headcount or expensive infrastructure.
How does Webz.io’s Lunar tool compare to other dark web monitoring solutions?
Lunar provides intuitive filtering and risk scoring designed specifically for supply chain monitoring. You narrow results using CVE filters, risk scores, and timelines to find actionable intelligence quickly. The platform combines dark web data with structured analysis to help analysts identify and prioritize threats faster than manual searching.
Subscribe to our blog for more news and updates!
Read Up
How to Automate Supply Chain Risk Reports: A Guide for Product Managers
Use this guide to learn how to easily automate supply chain risk reports with Chat GPT and news data.
How to Automate Mergers and Acquisitions Reports: A Guide for Developers
A quick guide for developers to automate mergers and acquisitions reports with Python and AI. Learn to fetch data, analyze content, and generate reports automatically.
