Dark Web – Deep Web Investigation

[ Dark Web ] [ Surface Web ] [ Deep Web ] [ Illegal & Criminal activities ] [ Importance ] [ Investigation ]

Dark Web Investigations, Deep Web Investigations

Dark Web


What is the Dark Web?

The dark web is simply a part of the  World Wide Web. The dark web uses networks called darknets. You need different software and setups to access the dark web anonymously.

In fact, you cannot reach the dark web by using traditional search engines such as Google, Bing, etc.

To access the dark web you need to use Tor (The Onion Router) or I2P (Invisible Internet Project) types of technology. The dark web is intentionally hidden. To search the deep web or dark web, you must use special deep web search engines.

In addition to the above, the traffic on the dark web is encrypted and communications are private. This is why it attracts criminal operators and other entities who prefer to work in the shade, unseen or difficult to trace. Cybercriminals and organized crime are increasingly using the dark web to conduct illicit business.

  • it is an ‘underground’ medium
  • it distributes harmful information
  • activities on the dark web are practically untraceable

In all honesty – as a research tool – the dark web contains a treasure trove of dark data & OSINT.

dark web investigations

Surface Web

The Surface Web

The surface web is different from the dark web. The surface web is called the Indexed Web, Indexable Web or Lightnet), where you find public information via search engines & systems such as Google, Bing, Yahoo, Yandex, Baidu, Wikipedia, etc.

deep web investigations

Deep Web

The Deep Web

Take note that the dark web forms a tiny part of the deep web.

The deep web is not entirely indexed by search engines. Only what you can find on it is somewhat indicated, but to access it you need special browsers and configurations. Estimates state that the deep web is about 500+ times bigger than the surface web.

Hence the comparison with floating icebergs, whose main mass is under the surface. It’s difficult to measure in petabytes how big the deep is, exactly because most of its content is inaccessible. In 2001 data scientists estimated it would be 8+ petabytes big. We are now in 2022. Imagine the size…

Examples of Deep Web:

  • government databases
  • webmail systems
  • internal company directories (such as Active Directories)
  • data libraries
  • pages/sites in which normal search engines cannot search 
  • not illicit or illegal material

What is the Deep Web?

The deep web is the ‘invisible’ part of the web (aka the “hidden” web or “invisible” web). We call it the hidden web because this content is not indexed by the typical search engines (Google, Bing, Yandex, etc…) who index basically everything that their spiders & bots find on the public internet, the surface web.

The content of the deep web however hides behind forms, firewalls consisting of webmail, online banking systems, private databases, restricted access to social media pages and profiles, and web forums. You either have to register to see the content or pay for it.

Information you can find on the Deep Web

  • academic information
  • literature, books (not illegal pdf-files )
  • medical records
  • legal documents
  • scientific reports
  • subscription information
  • multi-lingual databases
  • conference proceedings
  • seminar, webinar content
  • government resources
  • competitor websites
  • organization-specific repositories

Dark Web

Illegal & Criminal activities on the Dark Web / Dark Net

On its own, the dark web is not illegal, but most of the activity that occurs on the dark web is illegal or at least objectionable. Many criminal enterprises have thus established their presence on the dark web.

Hackers who might have infiltrated a company or organization’s network to extract data can sell this on the dark web. On the dark web (essentially a marketplace for cybercriminals), you will find many illegal marketplaces, illegal websites, and other illicit “things”, illegal activities happening such as:

Types of Illegal activities

  • illegal drugs, heroin – online drug lists
  • illegally distributed information
  • counterfeit money
  • stolen goods
  • illegal weapons & ammunition for sale
  • illegal firearms & military equipment
  • explosives
  • untraceable documents
  • whistleblower activity
  • cyber terrorist-related information
  • cybercrime targets, cyber-attack tools
  • cyberweapons
  • stolen data, databases, datasets
  • confidential info about data breaches
  • creditcard details
  • social security numbers
  • personally identifiable details (PID)
  • healthcare and insurance details
  • assassins for hire
  • illicit pornography
  • child pornography
  • Netflix passwords
  • stolen credit card information
  • stolen account numbers & details
  • passwords and access credentials
  • customer account details
  • banking details
  • passports, identity cards (I/C)
  • list of company targets for ransomware
  • hacking & cracking tools
  • cracked software, serial numbers
  • copied & illegal software
  • malware
  • spyware
  • ransomware
  • RaaS – Ransomware as a Service
  •  illegal software
  • prepaid debit cards
  • hackers for hire
  • fake IDs
  • diverse illegal materials
  • articles by reporters hiding from hostile governments (difficult to trace)
  • identity theft scams
  • botnets
  • illegal bitcoin and other cryptocurrency services
  • hacking groups and hacking services
  • APT groups advertising their services
  • illegal financing, loan sharks
  • diverse fraudulent activities
  • terrorism-related content
  • explicit violent or shocking content
  • hoaxes, fake news
  • unverified content
  • illegal torrents (downloads)

You will also find “arenas”; forums where hackers expose and discuss vulnerabilities. In stage 2 this intelligence is then sold anonymously to global buyers.

The threat to corporations and organizations is immense and an ever-growing concern. The cyber threat is imminent also. Once you have been the victim of a data breach or ransomware attack, the catastrophic financial and reputational consequences become clear very fast.

Why do the DarkWeb and Deep Web matter?

Imagine if employees are logged into the dark web, using office computers buying illegal things on the dark web. This would just be a minor thing as compared to the other major dark web exploitation issues that can hit your company.

What would happen if people who are under your care participate in illegal behavior? If your staff were to participate in dark web forums, which involve making threats of hate speech, or criminal conduct. What are the consequences? How to prevent all this? What detection mechanisms do you have in place?

What if your own credit card details, bank account information, social security numbers, and PID are released on the dark web? Did you even notice this? What actions can you take, should you (not) take?

The exploitation of company data on the dark web has consequences:

  • failure to protect your company data & exposure on the dark web (accountability)
  • damage to consumer confidence and other business relationships
  • failure to comply with rules leads to legal issues or regulatory fines
  • customer loyalty damage
  • difficulty in establishing trust and securing new deals & business partnerships
  • adversaries will buy your stolen data and others will gain a competitive advantage 
  • huge reputational damage to companies brand and trust your organization
  • social media coverage of the disaster might go viral 
  • once you have been exploited, you could be considered an insecure company, an easy target for other cyberattacks or exploits.
  • high expenses in setting up proper security and investigate

Professional Dark Net / Deep Web Investigators

If you have been ‘exposed’ already on the dark web, we don’t recommend doing these types of investigations on your own. Because it might lead to further disasters & extended exposure. How do you know by the way if your communication system is not totally compromised? Hence it would be useless or dangerous to keep using it to document the findings of an investigation… This does not mean you should not be aware of the dangers of the dark web and educate yourself. In the end, you will need to protect your people, your organization, and your company against these dark web threats and related cyber-attacks.

Investigations into the dark web, require a secure setup. AR INTELL can assist Crime Investigators, National Security Investigators, Narcotics investigators, and Government and Police Investigators using open source (OSINT) analytics to study what happens on the Dark Net or Dark Web.

Request Dark Web / Deep Web Investigation

Insider Threat Investigations

[ Reality of Insider Threat ] [ Types ] [ Threat Actors ] [ Dangers ] [ Red Flags ] [ Counter Measures ]

insider threat investigations

Insider Threat

Insider Threat Investigation

The Insider Threat is real

The “insider threat” will sneak around in your offices like a snake, poke around in your network, look for confidential information, and check what is on your computers. Spies might install hidden trojan horses, backdoors, etc. All this activity can go on unseen, unheard, un-noticeable.

Until one day you notice something is wrong or misplaced, but by then it will most of the time already be too late. Internal malicious operators are experts in hiding, deceiving, and leaving a trail of decoys and deception. Professionals don’t work alone also and in the case of data exfiltration, there are external affiliates involved also.

To avoid disasters, and hidden insider threats, you will need to investigate certain matters discreetly. We can do this for you and check for red flags and other indicators.

Types of Insider Threats (threat classification)

Different types of organizations are subject to insider threats. It does not matter if you are a family-owned SMB / SME business or a huge Fortune 500 corporation. The same goes for local governments, state governments, and public infrastructure agencies, including major federal departments and agencies.

Any person, current or former employee that was entrusted with access to or knowledge of an organization can represent potential risks. Intentional or unintentional disruptive or harmful acts can have an effect across all infrastructure sectors and in virtually every organizational concept. Disruptions can cause significant damage.

The insider threat is a type of risk created by entities who have gained or given access to an organization’s physical or digital assets. Employees (current or former), contractors, vendors, or business partners all were given access to a network and digital assets (data) stored on computer systems or simple were given insight into a process, were given understanding, or privileges. Hence an insider threat can manifest itself in different ways:

  • data breaches with help of insiders
  • fraud schemes
  • theft of trade secrets
  • theft of sensitive & valuable data
  • intellectual-property theft
  • cyber-espionage
  • sabotage of security controls
  • outsiders getting insider access to systems and data
  • non-compliance with corporate security policies
  • negligence towards rules & regulations
digital assets hackers

Who is accessing your digital assets?

The Typical Internal Threat actors are:

  • malicious insiders – using legitimate access to corporate data for personal gain
  • inside agents – malicious insiders recruited by 3d parties – will steal, alter, delete, tamper with data
  • disgruntled employees – emotionally driven attackers – will seek to harm or damage your organizational assets
  • current or former employees
  • careless workers – employees can choose to ignore or neglect the rules, including cyber security rules
  • third parties – entities who gained access to internal company resources – will abuse or compromise your security
  • professional spies or infiltrators (not always internal threats)
  • moles, undercover agents
  • unintentional insider threats
  • APTgroups or hacker groups targeting organizations/companies with malware campaigns, phishing attacks, ransomware attacks, exploitation of endpoint devices
  • information exploited by the presence of remote access software – file shares exposed
  • third parties with access to company systems
    • contractors & vendors
    • external accountants & auditors
    • part-time staff
    • customers
    • visitors
    • suppliers
    • service providers
  • data leaks via email & instant messaging
  • insecure / misconfigured filesharing via cloud systems (dropbox, google drive, Skydrive, one-drive, slack, skype, etc..) exposing your network to the internet
  • accessing insecure wireless networks – lack of encryption & authentication
  • posting company information, work-related messages to social media, blogs & forums
  • communication with the unauthorized person about confidential company topics
data theft
Is there any data theft happening in your company?

Dangers of Insider Threats

  • difficult to detect, until they manifest themselves (data already exfiltrated, attack already done)
  • zero-day potential or capability (only spotted when they are being executed)
  • infiltration starts with the abuse of stolen or compromised credentials, passwords, login-details
  • companies & organizations don’t have a zero-trust model in place
  • the concept of trust but verify/trust but control is not understood or being applied
blur bright business codes
Are there any data exfiltrations going on inside your network?

Red Flags and Indicators of Insider Threat Activity in your organization

  • disgruntled, angry, negative employees
  • toxic company culture
  • users circumventing the access controls – breach of security
  • people turning off security controls
  • employees “working” late or in the office
  • employees present during times when there is nobody in the office
angry employees
What could an angry employee do to your company, after being fired?
  • violation of corporate policies & not following SOPs
  • downloading large amounts of data; using torrents and P2P services
  • using software or systems that have nothing to do with the job profile or official function
  • linking company resources to outside technology or devices
  • exfiltrate data outside the organization
  • doing covert penetration testing by scanning for vulnerabilities

Insider Threat Investigation & Counter Measures to take

  • re-establish proper identity management and access control protocols (CIA)
  • awareness training
  • develop a strategy for insider threat detection
  • prevention and detection security measures
  • start an insider threat mitigation project
  • implement security best practices and perform continuous monitoring
  • detection of spyware, viruses, ransomware, and other malware
  • analysis of user behavior – detect suspicious profiles
  • tracking of employees
  • tracking of company assets
  • do routine backups, perform maintenance on a regular basis
  • enforce two-factor authentication (2FA)
  • limit access to sensitive data
  • reduction of the attack surface
  • detect and fix the vulnerabilities
insider threat counter measures
Counter Measures against Insider Threat
Request Insider Threat Investigation

SOCMINT – Social Media Intelligence Gathering

[ What is SOCMINT? ] [ Social Media Monitoring ] [ Information Extraction ] [ Social Media Investigation ]
[ Psychological Analysis ] [ ProcessReport ]

Social Media Intelligence Gathering SOCMINT

Social Media




What is SOCMINT?

Social Media Intelligence (SOCMINT) consists of a set of search methods and technologies. These forensic techniques aim to monitor social media networking platforms and users.

Many people connected their smartphones (cellphone numbers) and computer systems to social media systems. Moreover, platforms like Facebook, Instagram, Youtube, Twitter, Pinterest, and Instant Messaging (IM) chat systems WhatsApp, FB Messenger, and WeChat can map your social networks (friends and contacts). In fact, their artificial intelligence algorithms are masters in profiling and data collection.

Monitoring of Social Media

What is being monitored? Social Media Intelligence is related to intelligence gathering, open-source intelligence (OSINT), and other surveillance activities.  SOCMINT is conducted either overtly or covertly.

Take note that OSINT sources are different from other intelligence sources. The season for this is that they are legally accessible by the public without breaching any copyrights, patents, or privacy laws.

  • published content
  • messages
  • images
  • comments
  • social media identities and associated data
  • individual users
  • groups
  • person-to-person, person-to-group, group-to-group interactions
  • content in public or private groups or pages

Open Source Intelligence (OSINT) collects data from publicly, available, open/overt sources. We use this intelligence in a given context.

Consequently, Social Media Intelligence (SOCMINT) is a type of OSINT where data is obtained from social media networks & sites:

  • published content
  • linked metadata (extra info)

Many times people use the same username on different social media platforms. This name is in many cases linked to the same email address or cellphone number. Consequently, once the main identifier is clear, then the search expands to different social media channels – using the same or similar usernames.

How to use SOCMINT? Methods of information extraction.

  • content is extracted and replicated into offline and other online database systems (easy to search)
  • collection, retention + analysis of social media data
  • what are people saying about your product or service?
  • what are people saying about your company?

Social Media Investigation. Which types of intelligence do we gather?

You will find here a short overview of what type of information can be gathered via social media channels.

Specific data is collected and processed for future analysis. These data points & personal information (PID) of a registered person. We can find this data on Facebook & other social media platforms & communication systems such as Pinterest, Instagram, Whatsapp, Telegram, TikTok, and many more.

  • political views
  • religion
  • ethnicity/race
  • country of origin
  • personal images and videos
  • spouse name (or marital status)
  • home and work addresses
  • locations visited
  • social activities
  • sports activities
  • restaurant visits
  • work history
  • educational info
  • employment history
  • residential address
  • social connections
  • places visited
  • habits
  • likes and dislikes
  • family members
  • spouse
  • important event dates & birthdays
  • graduation days
  • relationship updates
  • dates leaving or starting a new job
  • social interactions
  • date/time of posts
  • geo-location info 
  • checking publicly available information on social media
  • gather relevant social media intelligence
  • analysis of main social media ID and metadata
  • video content on sharing platforms (e.g. Youtube, Vimeo)
  • content on blogs, forums
  • presence on social gaming platforms
  • social bookmarking (Pinterest)
social media investigation of data points

What can be found about you on social media? What is being uploaded without you actively being aware about it? What happens to the information you upload? Who can see this? Who can use this information?

Social Media Psychological Analysis

An important element of the analysis of all these data points is the Psychological Analysis of what users have published online.

  • performing linguistic analysis on the target account
  • tone and content of the post (photos, videos, text messages, status messages)
  • verify the true identity of an anonymous account
  • monitor the times/date of posts or comments
  • location of the subject – geolocation data
  • linguistic analysis to detect human feelings
heart and zero neon light signage

What are people publishing online about you, your company, your customers?

Social Media Investigation – Process & Report

The uncontrolled growth of social media and how the social media companies connected themselves to organizations, society & corporations, has created huge IT security challenges & cyber security issues.

Clearly, this justifies a serious effort into how social media penetrated your environment, and how the influencers or hackers got past the firewalls. This requires a deeper analysis of the risks & benefits of connecting to social media networks.

How do you manage this type of activity and get some feeling of control? Who will audit online activities? Is your company properly represented online? How to mitigate social media risk? What do you do when a bad thing happens?

Our AR INTELL SOCMINT Specialized team can advise you on these matters. Contact us today.

Request SOCMINT - Social Investigations

Cyber Espionage Investigations

[ Cyber Espionage ] [ Cyber Espionage Targets ] [ Espionage Methodology ] [ Spy-Operators ] [ Red Flags for Espionage ] [ Cyber Espionage Indicators ] [ Cyber Espionage Counter Measures ] [ Risks of Cyber Espionage ] [ Cyber Espionage Asssesment ]

cyber espionage investigation



Cyber Espionage Investigation

What is Cyber Espionage?

Cyber Espionage is one of the biggest threats to your economic security. Cyberspies have been hacking into corporations’ computer networks for many decades now. Cyber Criminals & Hackers are stealing your valuable trade secrets, intellectual property data, and confidential business strategies. You could be drained of your wealth and lose your competitive advantage as we speak, under your very nose and you would not notice it until it’s done. It’s worth taking note that it happened on your watch. The accountability issues are huge. You will need to conduct a Cyber Espionage Investigation to understand what is going on.

Corporations & organizations need to wake up and build a strong cyber defense strategy before it’s too late.

This cloak-and-dagger activity is part of undercover work. Cyberspies are sometimes after secret government data or will try to breach the security of big corporations in order to steal other confidential info. The exfiltrated information is gathered to obtain a personal, economic, political, or military-strategic, or tactical advantage, other commercial strategic advantages.

The intelligence gathered by spies can also be used for psychological, political, and physical subversion or even acts of sabotage. OSINT & SOCMINT became a substantial tools in this perspective since data analysts will analyze the activity of specific subjects or groups on social networking channels.

This is why you need to invest in cybersecurity since all our research data and events show that cyberespionage is an increasingly imminent threat. The detrimental effects of Industrial espionage are not to be underestimated.

Cyber Spying is closely associated – but not exactly the same – with undercover surveillance, data exfiltration, data theft, intelligence gathering, eavesdropping, infiltration, counterintelligence, counter-espionage, ninjutsu, bugging, TSCM, wiretapping, reconnaissance (recon).

What and who are the targets of cyber espionage?

  • secret & private data from individuals
  • large corporations
  • government agencies
  • academic institutions
  • think tanks
  • organizations, NGOs, not for profits
  • journalists
  • government officials
  • business executives
  • security officers
  • technology service providers – supply chain attack – hijacking devices and modifying hardware
hacker cyber espionage

How to you know if you are a target of cyber espionage?

  • intellectual property and commercial data from competitors
  • plans and confidential data from rivals, adversary groups
  • government intelligence
  • national security-related info
  • critical infrastructure sectors (electricity, water, nuclear, energy, oil & gas, pipelines, etc..)
  • hospitals and medical facilities (obtain medical records and other data)
  • military intelligence
  • police, security forces, and law enforcement
  • law firms
  • essential any secure facility or non-public, yet protected data-pocket

Espionage Methods and Spy Operators:

  • hacking methods using the internet & networks
  • cracking & hacking methodology
  • use malicious software (trojan horses, spyware)
  • remote hacking tools
  • closeby infiltration (on-site) – water hose technique
  • conventional espionage
  • insertion of moles
  • use of hired criminals or malicious hackers
  • software programmers providing backdoors into systems
  • advanced persistent threats (APT) – APT groups
  • infiltration of organizations & companies
  • social engineering methods
  • malware attacks
  • ransomware attacks
  • insider threat
  • spy bugs, electronic equipment tapping your communications
  • eavesdropping


What are the Red Flags or indicators that you are being spied upon?

  • previously confidential documents leak out (online or selectively)
  • identical products & services developed by competitors
  • theft of trade secrets leading to similar patents being filed
  • suspicious activity on your computer network
  • increased activity on your website hosting
  • suspicious IP numbers connecting to your network
  • malware and other suspicious software on your devices
  • unauthorized resets of systems
  • unscheduled backups, repairs, and maintenance
  • unauthorized persons accessing secure premises
  • social engineering attacks (phishing emails, strange phone calls…)
  • tricking people to give out confidential information
  • trick people into installing malicious software
  • telephone scams
  • fake emails
  • infected attachment sent via emails
  • suspicious links in emails
  • the sender of email which is not a recognized person or properly identifiable organization
  • fake social media accounts requesting to connect to your company ID
  • irrelevant requests are made via email or phone
  • people suddenly want to access certain places or data without clear reason or authorization
  • messages with spelling and grammatical errors, wrong phrases
red and white fire alarm

Is your network infected by Malware, Spyware or Ransomware?

Actions & Counter Measures to take against cyber espionage.

  • do social engineering phishing tests to identify vulnerabilities and solutions
  • zero tolerance for security breaches
  • train staff, workforce and vendors to detect the signs
  • hire professionally trained people who can do this for you
  • Covert Operations
  • Counter-Espionage
  • Cyber Espionage Investigiation
  • Security Awareness Training
  • Establish an Incident Response Center with real operators
  • Create a Clear Security Policy & SOP

What are the Risks of Cyber Espionage for your organization?

  • reputational harm
  • leak of private information via databreach
  • loss of shareholder & customer trust in your brand
  • loss of tactical or strategic intelligence in cyber terrorism & cyber warfare by cyber espionage
  • electionhacking
  • disruption of public services
  • attack on (critical) infrastructure facilities (the soft underbelly of society)
  • leak of salary information and finanical data
  • damage to your supply chain & business

Cyber Espionage Investigation

Currently, we live in an extremely complex ecosystem of cyber espionage, nation-state hacking, APTgroups, ransomware, data breaches & cyber attacks that have regularly compromised governments, government agencies, health care services, businesses, corporations, academic and educational institutions, critical infrastructure, and other connected computer network systems.

Hence the need for professional Cyber Espionage Investigations has increased. Every different sector requires a specific approach. Over the years we have developed relevant cyber insights & threat intelligence in the threats that are facing these industries or regulators. The following elements (this is a forensic process) are addressed in such types of investigations:

  • analysis of stolen data
  • enumeration of the sensitive targets & attack vectors
  • Investigation of a Cyber Espionage Network requires at least 12 months of focus
  • 1st an analysis is done on the allegations at hand
  • enumeration of the network of compromised computers (the spread)
  • list of the high value targets
  • cloud connectivity investigation – what is connected to the cloud?

The main stages in the Cyber Spy Investigation process:

  • Technical interrogation (Sinkhole – DNS Sinkhole Server)
    • collect intelligence on attack method
  • Boots on the ground / field investigation
  • Analysis of Data Acquired
  • Understanding the Geopolitical or other relevant context
  • Malware analysis
    • which type, which template
    • exploits
    • command & control servers
    • which file-types sent? (PPT DOC PDF EXR)
  • Document the Cyber Kill Chain (methods used)
    • understand the capabilities of the attackers and their targets
    • command and control servers
    • which data was exfiltrated
    • who was compromised & how
    • description of a botnet used
  • time of the attacks
  • type of exploitation – what kind of malicious activities?
  • what type of social engineering was used?
  • identitify the perpetrators
  • understand the motivation of the attackers
  • document links to criminal networks
  • determine the fall-out and spread of the attack
  • which domain names, URLs and IP addresses were used by the attackers
  • retrieve & decrypt the stolen documents
  • list of compromised login credentials, email-accounts, VPN-accounts, passwords, etc..
  • list of confidential information stolen – which data was exfiltrated
    • documents
    • presentations
    • login credentials
    • pictures
    • configuration settings
  • level of confidentiality of these documents (how secret)
  • list of email addresses used by the attackers
  • reporting process to the relevant authorities
  • potential of simular attacks in connected entities (lateral movement)
  • determine the extent of the dammage – including collateral damage
  • in depth study & analysis of the correlations in order to to determine the motivation and attribution (who did what, how, when, how, to what end, why, what instructions received ,etc…)
  • what type of cyber espionage was at play?
    • nation-state cyber espionage
    • localized incident
    • script kiddies?
    • corporate espionage?
    • APT Groups
    • Internal “Hackers”
    • External Hacking
  • recommendations for the future (prevention, resilience, risk analysis)

Do contact us for a free Cyber Espionage Assessment

Request Cyber Espionage Detection

Cyber Defense

[ What is Cyber Defense ] [ Cyber Defense Assessment ] [ Effects of Cyber Attacks ] [ Recommendations ]


Request Cyber Defense Assessment

What is Cyber Defense?

Cyber Defense refers to the ability to prevent cyber attacks. This activity is sometimes related to Cyber Warfare, Cyber Espionage, National Security issues, Critical Infrastructure Attacks, Cyber Offence/Offense Operations (hacking back), Nation-state Hacking (hackers sponsored by states), and Military Cyber Operations.

cyber defense


Initial Cyber Defense / Cyber Defence Assessment.

  • Are you able to anticipate cyber attacks by your adversaries?
  • Can you counter new cyber intrusions?
  • Do you have proper cyber defense strategies and tactics in place?
  • Can you prevent such attacks?
  • Are your operators able to disrupt & respond to cyber threats?
  • How fast can you respond to threats?
  • Is your critical infrastructure protected?
  • How do you detect if your digital assets and networks are being manipulated?
  • Do you have an information assurance plan in place?
critical infrastructure
Protection of Critical Infrastructure and its underlying Supply Chain. Are you prepared? Is your cyber defense ready and operational?

Effect of Cyber Attacks on your organization

  • heavy pressure on the “cleanup team”
  • high financial cost
  • destructive to your brand
  • damaging to your IT operations
  • may result in legal consequences
  • may result in bankruptcy or significant financial losses
  • not having a proper defense makes you an easy target for ransomware & data breaches
cyber attacks


  • Protect your organization/company from insider threats
  • protect sensitive information
  • safeguard digital assets
  • run threat intelligence projects
  • cooperate with your supply chain and affiliates
  • implement cyber defense products
  • develop cyber security monitoring services
  • develop resilience against cyberattacks, phishing, social engineering attacks
  • run awareness training and prevention campaigns
  • train the users not to fall victim to hacking attempts
  • keep customer trust + improve shareholder value by remaining alert and honest
  • start vulnerability assessment and risk management of people and systems
  • identify staff ready to “flip” or be easily influenced
  • analysis of different potential threats
  • reduce attack-surfaces
  • minimize attack vectors
  • activate security controls on critical locations with sensitive data
  • create active attack detection, security response SOP
  • understand the cyber kill chain
  • analysis of historical approach path and exit path of attackers
  • list of potential targets

Cyber Defense Investigation

Request Cyber Defense Assessment

Cyber Warfare


Cyber Attacks

The amount of ongoing cyber attacks (many types) could be compared to a relentless assault with millions of arrows on a given target. Just take a look at the different live Cyber War maps and Cyber Attack or Cyber Threat maps.

Cyber Threat Maps

Live Cyber Threat Map | Check PointFireEye Cyber Threat MapCyber-attack Map (httpcs.com)

Cyber Warfare activity is aggressive in nature and is conducted by different entities. It is not reserved for governments and military entities or security forces only. This makes the cyber landscape a threatening and complex combat theatre with multiple attack vectors. After Land, Sea, Air, and Space, the ‘new’ Cyber Space is recognized as the fifth domain. It is in this 5th domain that Cyber Warfare, Cyber Defense, and Cyber Offense are conducted.

Request Cyber Warfare Risk Analysis

Spear Phishing Risk Assessment & Investigation

spear phishing attacks

Passwords & Phishing
Spear Phishing
Email Security
Fraudulent Emails
Online Scams
Disgruntled Employees

What is spear phishing?

Spear phishing is the sending of fraudulent emails from a known or trusted sender (in the eyes of the receiver) with the malicious purpose to get the targeted person to reveal confidential information because they think they can trust you. But in fact, you are emailing to an imposter or a conman.

This is done in order to induce targeted individuals to reveal confidential information.

This type of social engineering activity is closely related to phishing.

Request Spear Phishing Risk Assessment

Hacker Detection – Spot the Hackers



Request a Hacker Detection Assessment

Hackers & Cyber Criminals

Not all hackers are cybercriminals. So how do you know if there are any hackers present in your company/organization its network and digital assets or cloud systems?

How do you get a clear idea of what they are doing there, why and to what end? A presence could be either physical or virtual. We are all connected to the internet via our IP numbers and devices…

Not all connections and data pockets are secure or encrypted. In many cases, users or admins never read the access logs or even know this information exists. Most of the time, there is no time or knowledge on how to do this.

There is always a possibility that you are hacked without your knowledge. Different sources of Cyber Threat Intelligence confirm that hackers target as well individuals or whole industries.

Not all your security measures will work. Many hackers launch attacks and are able to bypass firewalls, antivirus systems, and other security protections in place.


Why should you bother about hackers?

The naive or blissful thinking attitude.. that nothing is going on, “don’t be paranoid”, this won’t happen to us, we are too busy, we have nothing to hide, we are ok, we are too small or unimportant to be a target of hackers (etc…) is the main reason that your blindspots will be exploited. The list of excuses not to spend some money and time and intelligence on cybersecurity is endless. Common sense is sometimes totally absent. In some cases, there is blatant denial or ignorance at work.

Who should NOT be in my network and using our data?

  • who are the users in my network
  • who uses my bandwidth and WiFi access points?
  • are access passwords still stored in excel files or cleartext files?
  • is the confidentiality, integrity, accessibility of my files guaranteed (CIA principle)
  • who can access my data?
  • is my backup or cloud storage secure?
  • are there credentials stored online or on PCs that should not be there?
  • how do I know if hackers are targeting my technical infrastructure?
  • are those new IoT devices secure?
  • what if a vendor stores my login on their systems in an insecure way?
  • how do I manage BYOD (bring your own devices)?
  • do I have a counter hacker attack strategy in place?
  • how do I monitor my network? who can monitor my network?
  • can somebody log in and steal my files?
  • can my passwords be captured?
  • is my internet traffic encrypted?

Investigate if you are being targeted

Thus an investigation that goes deeper into finding out the significant unknowns, irregular or suspicious activity in and around computer networks and digital assets, digital devices might indicate that an organization/company is being targeted by hackers or already under some form of cyberattack, surveillance, or cyber espionage.

Reasons to verify if you are being hacked

  • you need to protect the data in your system, accounting details, etc.

  • as a caretaker of your customer’s data, you are obliged by the law to comply with PDPA, GDPR, and other regulatory requirements to safeguard these data and make sure you don’t put people in harm’s way, due to lack of compliance or negligence.
  • the well-being of your co-workers and staff might be put at risk if data is hacked
  • companies can literally go bankrupt or use millions, if not billions of US dollars as the result of hacking or cyber-attacks
  • if you are online, which means connected, the chance that you are already hacked or will be hacked in the near future is quite high. Are you prepared?

Different types/categories of hackers (typology)

  • White Hat Hackers – cybersecurity professionals authorized or certified to hack systems – pen-testing. ethical hackers.
  • Black Hat Hackers – attack systems to steal data or destroy the system. Criminal Hackers. Malicious intent is clear.
  • Gray Hat Hackers – in between black hat and white.
  • Script Kiddies – amateur hackers, trying things out, experimenting, juveniles – doing lots of DoS (Denial of Service) or DDoS attacks, IP-flooding, etc…
  • Green Hat Hackers – learning from experiences – opportunities – trial and error users.
  • Blue Hat Hackers – hacking as a cyber weapon, gain popularity, revenge action, sometimes dangerous.
  • Red Hat Hackers – they counterattack the black hats.
  • State or Nation-state sponsored hackers – cyber espionage – spy on adversaries & other countries – government-funded groups.
  • Professional Hackers for hire – basically mercenaries – will do anything for money if profitable – dark ops / covert ops.
  • Cyber Terrorist type of hackers – attacking or destroying national security facilities, critical infrastructure, etc.
  • Criminal hackers – into cybercrime –
  • Political hackers – Hacktivists – affiliated with certain political ideologies – hacking government websites –  personal, political, or social motivation.
  • Malicious insider or whistleblowers – expose confidential data or illegal activities inside organizations.
  • APT groups – advanced persistent threats – long-term threats – very persistent.
  • Cyber Warfare hackers – conduct cyberwar, use cyber weapons, sometimes linked to military operations.

Different Purposes and motivations of hacking

  • Ethical Hackers help companies and organizations in fixing their network security, IT security, and cyber security. Battle against cyber threats, and cybercrimes, set up cyber defenses, and detect vulnerabilities. do pen-testing.

  • Black Hat Hackers: steal data, steal cryptocurrency and other information for self-profit, extortion, ransom, sell the data on the black market, dark web. Cause further nuisance to the target company (e.g.: Ransomware Attacks)

Red flags that your digital assets or systems might have been hacked

Many levels need to be looked at (OSI model & network infrastructure, software, hardware in use, cloud platforms, etc.)

  • slow or unresponsive websites
  • suspiciously high outgoing network traffic
  • hacked devices run slow because other processes occupy the processor
  • increased disk activity or suspicious looking files in the root directories of any drive
  • illegal data exfiltration uses the network bandwidth – the network is slower – unauthorized data transfers
  • a large number of packets that come from a single IP address 
  • slow browsing speed due to for example DNS Hijacking – dirty plugins/extensions, hacked browsers
  • crashing systems – screen of death – freezing applications – lagging systems
  • pop-up ads, unwanted adware
  • reports that backdoors or trojans have been detected on your system
  • spy apps logging your actions (check for log files)
  • online unauthorized activity on your accounts
  • unscheduled sudden reboots of devices
  • unauthorized changes in system settings
  • suspicious services added
  • other abnormalities…

How to detect hackers?

  • enumerate all the devices on your network. block mac addresses that you don’t want to have access
  • check the IP addresses that are connected to you. An IP address can be used to find their approximate geographic location
  • run a proper anti-virus, the firewall on your device
  • check for spyware and PUPs
  • check if remote users are connected to your computer
  • check for unknown or suspicious processes running
  • follow a network intrusion course
  • check for illegal or suspicious software, many times these are used for remotely accessing a network

We are not just looking for a person wearing a hoodie…

Hackers come in many different forms and shapes… Looks and appearances are deceiving or even set up as deception or obfuscation. Only deeper profiling will lead to tangible facts and proof of what is going on.

Start your investigation and assessment today.

Request a Hacker Detection Assessment

Cyber Kill Chain Investigation & Assessment

cyber kill chain


What is a typical cyber kill chain?

The concept “cyber kill chain” refers to the structure, process & methodology for intrusions into a computer network/system by means of a cyber attack. These are the typical phases:

  • target identification – who is doing. what; when, where, and how?
  • force dispatch to target – mission in motion/move into position
  • decision and order to attack target – strike – prepare to proceed with the attack
  • destruction or elimination of the target
  • report of the attack

Phases in a ‘typical cyber kill chain’:

Why do we need to understand the nature of a cyber attack?

1st you have documented and really understood how a cyber attack, data breach, or ransomware attack happened. Then you can develop tools and strategies to limit breaches, respond to cyberattacks, and minimize risks. If you don’t know exactly what is happening, your counter-measures will be of little effect against a trained attacker or group of attackers.

During each phase of an attack, there are specific defense measurements that can be taken. Contact us for a Cyber Assessment.

Request Cyber Kill Chain Investigation

APT Groups – Advanced Persistent Threats

ApT Groups Investigations

Advanced Persistent Threats

What are APT groups?

APT – Advanced Persistent Threat groups are essentially covert or hidden hacker organizations that perform, “attacks on a country’s information assets, critical infrastructure or other elements of national security or strategic economic importance. Standard methods used to come down to cyber espionage, cyber warfare or cyber sabotage.” These groups are elusive, eminent, highly skilled, and very effective in achieving their objectives.

A good overview of well-known APT (Advanced Persistent Threats) groups can be found here.

What is an APT – Advanced Persistent Threat?

An advanced persistent threat (APT) refers to a stealthy threat actor, a nation-state, or a state-sponsored group. These groups typically gain unauthorized access to computer networks and can remain undetected for a very long period. Recently non-state-sponsored groups also started to conduct large-scale targeted cyber attacks. Many business sectors have reported multiple cyberattacks by such actors.

Request ATP group Investigation