Uncovering threats from the surface web and darknet: A qualitative analysis of content relating to cybersecurity and critical infrastructure

The increasing connectivity of critical infrastructure (CI) is now exposing facilities and institutions to malicious actors who aim to cause significant damage. During the process of a cyber-attack, open-source data could be used by hackers to gather information, knowledge, and plan attacks against targeted CI sectors. The purpose of the current study is to explore and identify the types of data useful for malicious individuals intending to conduct cyber-attacks against the CI industry. Applying and searching keyword queries in four open-source surface web platforms and one darknet forum, search results were reviewed and qualitatively analyzed to categorize information that could be useful to hackers. The thematic results from this study reveal an increasing amount of open-source information useful for malicious attackers against industrial devices, as well as the necessity to implement policies and preventative strategies to counter the increasing threat against critical infrastructure brought by accessible open-source information.