Know where to find your dig­i­tal risk

Kuwait Times - - TECHNOLOGY - By Alas­tair Pater­son, CEO and Co-Founder, Dig­i­tal Shad­ows

Ap­prox­i­mately 250 years ago Sa­muel John­son said, “The next best thing to know­ing some­thing is, know­ing where to find it.”This is quite a fit­ting quote from the au­thor of A Dic­tionary of the English Lan­guage and equally fit­ting to­day when it comes to un­der­stand­ing your dig­i­tal risk. There’s a great deal of in­tel­li­gence or­ga­ni­za­tions can find on the deep and dark web. Credit card num­bers, bank ac­count in­for­ma­tion, pa­tient in­for­ma­tion and in­tel­lec­tual prop­erty are widely known to be for sale on fo­rums. Now some of the in­tel­li­gence is more eye open­ing. We’re see­ing W-2 forms, and em­ployee cre­den­tials avail­able, mak­ing any or­ga­ni­za­tion ripe for tax fraud or ac­count takeover, re­spec­tively.

One of the most pop­u­lar mar­ket­places on the dark web for such in­for­ma­tion is Al­phaBay. Not only is in­for­ma­tion re­lated to a com­pany’s as­sets avail­able, but in­for­ma­tion about new tech­niques to com­pro­mise tar­gets is for sale as well. One of the lat­est is a tool to by­pass SMS ac­count ver­i­fi­ca­tion, mak­ing multi-fac­tor au­then­ti­ca­tion that re­lies on SMS vul­ner­a­ble. On such fo­rums you can also find con­fig­u­ra­tion files for cre­den­tial stuff­ing tools, like Sen­try MBA, that are cre­ated for ac­count takeover of spe­cific com­pa­nies.

There are dozens of mar­ket­places on the dark web and com­pe­ti­tion for busi­ness is steep. In fact, some less pop­u­lar mar­ket­places of­fer bot­nets de­vised to spam Al­phaBay users with ad­ver­tise­ments or spe­cial pro­mo­tions in an at­tempt to en­tice them to switch fo­rums. Not all dark web sources are as read­ily ac­ces­si­ble as Al­phaBay, of course. Some re­quire hu­man an­a­lyst ex­per­tise to also gain ac­cess to closed sources to get the most rel­e­vant view of the risks.

But for all the no­to­ri­ety of these mar­ket­places, it is also im­por­tant to re­mem­ber that crim­i­nal ac­tiv­ity isn’t lim­ited to the dark web, par­tic­u­larly given the fact that some coun­tries don’t ex­tra­dite cy­ber­crim­i­nals. With min­i­mal con­se­quences, bad ac­tors have no in­cen­tive to hide. As a re­sult, cy­ber­crime is an In­ter­net-wide prob­lem, al­most equally pre­sent on the deep and open is a prime ex­am­ple. This all-in-one out­sourced on­line shop pro­vides host­ing, de­sign (based on Word­Press-like tem­plates) and a pay­ment so­lu­tion. Ad­di­tional items for sale on the mar­ket­place in­clude:

Bot-reg­is­tered so­cial me­dia ac­counts (usu­ally sold in bulk), typ­i­cally with the in­tent of sup­port­ing so­cial me­dia spam and ar­ti­fi­cially in­creas­ing the pop­u­lar­ity of other ac­counts/posts.

Stolen, le­git­i­mate so­cial me­dia ac­counts, which are advertised in small quan­tity but at higher prices com­pared to bot-reg­is­tered ac­counts.

“Coupons” to ser­vices that ar­ti­fi­cially in­crease the pop­u­lar­ity of so­cial me­dia ac­counts or posts.

Stolen ac­counts from other ser­vices in­clud­ing banks, pay­ment, and gift and loy­alty cards. Ded­i­cated servers and do­main names. The point is that crim­i­nal fo­rums ex­ist ev­ery­where so fo­cus­ing only on the dark web won’t give you a com­pre­hen­sive view of your dig­i­tal risk. Fur­ther­more, it isn’t enough to sim­ply de­tect men­tions of com­pany as­sets and con­cerns. You need con­text be­hind the in­for­ma­tion you see posted to have a bet­ter un­der­stand­ing of the ac­tual risk to your or­ga­ni­za­tion. This re­quires a com­bi­na­tion of tech­nol­ogy and peo­ple.

Au­to­mated col­lec­tion tech­nol­ogy can pro­vide vis­i­bil­ity into in­ci­dents with con­text, as they hap­pen, wher­ever they hap­pen - across the open, deep and dark web. For ex­am­ple, be­ing able to see pre­vi­ous posts by other users on the mar­ket­place on the same thread or post can pro­vide a deeper un­der­stand­ing of how your com­pany, em­ploy­ees or cus­tomers may be im­pacted. It can also pro­vide an over­view of the user in ques­tion, with their name, data joined, ac­tiv­ity lev­els and rep­u­ta­tion.

Data sci­en­tists and in­tel­li­gence ex­perts are able to gain ac­cess to some closed sources that col­lec­tion tech­nol­ogy alone can’t pen­e­trate and they need to be in­volved in qual­i­fy­ing the data col­lected. With en­hanced an­a­lytic ca­pa­bil­i­ties and ad­di­tional con­text they can help de­ter­mine the po­ten­tial im­pact to the or­ga­ni­za­tion, a pos­si­ble time­line of events, and rec­om­mended ac­tion.

A com­pre­hen­sive as­sess­ment of your dig­i­tal risk starts with know­ing where to find it. With an ap­proach that com­bines tech­nol­ogy and hu­man ex­perts look­ing across the open, deep and dark web, you can un­der­stand not only where and when you are men­tioned on­line, but also why, by whom and the likely im­pact to your or­ga­ni­za­tion. This breadth and depth of cov­er­age is es­sen­tial to pro­tect against threats as­so­ci­ated with fo­rums and mar­ket­places and, ul­ti­mately, to for­mu­late a suc­cess­ful dig­i­tal risk man­age­ment strat­egy.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.