Are you monitoring for compromised data that can be used to exploit your business? External threat intelligence is the collection of data & information about security threats and threat actors. This information can help you mitigate harmful cyberspace events against your business.
What is external threat intelligence?
As a commercial offering, our external threat intelligence service utilises Dark Web Monitoring to monitor domains, open-source intelligence, social media, human & technical intelligence, and other data sources from the deep web and the dark web. This information is fed into our SOC (Security Operation Centre) where our team can react and remediate on your behalf.
The most common and dangerous type of external threat intelligence data we see is compromised credentials.
How are credentials compromised?
PHISHING – Sending emails disguised as legitimate messages, tricking users into disclosing credentials and information. This is used to deliver malware through email and websites that aim to capture credentials.
WATERING HOLES – Targeting popular social media sites and corporate intranets and injecting malware into the code of those legitimate websites. This delivers malware to visitors that captures credentials.
MALVERTISING – Injecting malware into legitimate online advertising networks to deliver malware to visitors that captures credentials.
WEB ATTACKS – Scanning internet-facing company assets for vulnerabilities and exploiting those vulnerabilities to establish a foothold. Secondly, attempts are made to move laterally through the network to discover further credentials and take more control.
What can an attacker do with compromised credentials?
- Send SPAM from compromised email accounts
- Deface web properties and host malicious content to further expand their attack
- Install malware on compromised systems to gather keystroke data, including passwords
- Compromise other accounts using the same credentials
- Exfiltrate sensitive data (Data Breach)
- Encrypt data and hold it to ransom
- Identity theft for further money-making opportunities
What we do
- We Identify compromises leaked to the Dark Web that relate to your business
- We Monitor hidden chat rooms, private websites, peer-to-peer networks, IRC (internet relay chat) channels, social media platforms, black market sites, 640,00+ botnets
- We Report 80,000+ compromised emails daily…
Protecting against credential compromise
While there is always a risk that attackers will compromise a company’s systems through advanced attacks, most data breaches exploit common vectors such as known vulnerabilities, unpatched systems and unaware employees.
Only by implementing a suite of tools including monitoring, data leak prevention (DLP), multi-factor authentication (MFA), employee security awareness training and others – can organisations protect their business from the perils of the dark web.
Planned and well-rounded Cyber Security
Working to a level of Cyber Essentials standard is a good start, with healthy Network Security and a reliable Backup Solution just in case all else fails. Then you need to look at your front line – devices and end users – and introduce plans and processes to help protect your business.
We can help you understand all of these technologies and bring them together to create a bespoke service portfolio that you can trust, based around your business needs.
Feel free to give us a call if you would like any further information 0113 532 9800.