Third Party Risk Assessment Using Darkweb Keyword Searching
Modern risk assessment may leverage various computing technologies to efficiently predict threats and associated risk. However, conventional risk assessment analysis does not consider unnatural disasters and other unforeseen events that can break down common modeling structure. For example, cyberattacks are generally perpetrated by individuals who seek to achieve specific objectives with available resources (including skill and equipment) in a certain amount of time. This type of security challenge may require modeling in a different manner—one more closely tied to the use of intelligence.
Researchers at Arizona State University have developed a system to generate risk assessments of third parties (e.g., suppliers, vendors, and other external organizations) by evaluating anomalies in keywords collected from hacker conversations on the darkweb. This process can be described in four general steps:
(1) The client inputs the search terms related to the third party, be they names, locations, products and services offered by the vendors, or any other related keywords.
(2) Using the keywords as input, all relevant forum and marketplace discussions are collected from darkweb/deepweb websites relating to hacker conversations.
(3) Anomalies in the filtered hacker conversations (such as spikes in discussion frequency) are detected. These anomalies often indicate increased interest in the third-party products and services. This interest could result from: vulnerabilities discovered in the products/services and malicious code to exploit those vulnerabilities, data leaks from third parties, or simply non-harmful discussions regarding the third party.
(4) Results are presented using tools such as word clouds, phrase clouds, or topic models.
This invention is covered by US Patent Application US16/407,719
Risk assessment of third parties including:
• Customers or employees
• Joint ventures
Faculty Profile of Professor Paulo Shakarian