Monitor Cyber Threat Activity: Proactively Defending Your Organization
March 26th, 2019
Digital risk protection (DRP) is growing increasingly important to IT decision makers, so we released an ebook to help them understand the basics, Digital Risk Protection for Dummies, at the RSA Conference in San Francisco.
In the interest of making the extensive information in the Dummies book more digestible, we’re publishing a series of blogs over the next several weeks to break down some of the key points and highlights. There are two prior entries: A high-level overview of some of the concepts, and a closer look at how to map your digital footprint and identify weak points.
Today, we’ll focus on monitoring the threat landscape to keep tabs on any potential threats that target your organization – whether or not you’re aware of them. Here are the keys to improving your readiness to prevent these kinds of risks:
Understand the cyber threat landscape
Put simply, it’s impossible to have tabs on all the different interactions happening across the web. Cyber threats are not confined to a singular location, time, or attack type. So, how can you effectively sift through all this data to find real, validated threats that might target your company?
This is where mapping your digital footprint comes into play. Organizations with acute understandings of their attack surfaces are better positioned for success. Effective DRP solutions monitor endless amounts of interactions and web activity, but they also need to relate this activity back to your company’s assets to promptly identify specific threats and alert stakeholders appropriately.
After your footprint is mapped, you’ll need to make sure your monitoring efforts cover the open web, the deep web, and the dark web. Here’s what kinds of sources you should be looking for in each of those sectors of the web:
- Open web: Mobile app stores, domain registrars, and paste sites
- Deep web: Chat groups, invite-only forums, closed social media groups/pages
- Dark web: Black markets, hacking forums, credit card shops, etc.
Monitoring threats originating on the dark web can be tricky. Many of the forums and groups within the dark web are invite-only, and users must prove their worth before they are authorized to participate. However, most cybercriminal activity takes place in these watering holes, so this is a crucial part of an effective DRP monitoring strategy.
Let’s take a closer look at what you can expect to find within some of the sources you’ll need to monitor:
- Black markets: Stolen goods, hacking tools, hackers for hire
- Instant messaging groups: Hacking tools, datasets, other information needed to coordinate cybercriminal activity
- Hacking forums: Information about malware, hacking tools, stolen data for sale
- Paste sites: Stolen credentials, bank account logins, credit card details, and more
Monitoring these kinds of sources is a key component of your DRP strategy, but knowing what to do with the data you gather is even more important.
Proactively identify common attack vectors and industry trends
A significant component of a good DRP strategy is understanding how and when threat actors will strike. Staying on top of cyberattack trends is a good start. Here are some of the common types of threats you should be looking for, and some of the types of malicious posts you can expect to find:
- Attack indications: Chatter about your organization on dark web forums, target lists, forum posts, and insider threats
- Data leakage: Leaked databases, credentials, confidential documents, customer account logins, and similar activities
- Phishing: Suspicious domains being registered, change in domain ownership, DNS activity, and web content updates
- Brand security: Malicious social media posts, malicious applications spotting brand infringement, finding social media scams
- Exploitable data: Entry points such as login pages, expired SSL certificates, and open ports
- VIP and executive threats: Leaked personal data, impersonating executives on social media
You can further narrow down the potential threats facing your company by keeping tabs on industry-specific trends and attacks. Certain threats may pose a higher risk for your industry than they might for other industries, and vice versa.
For example, financial institutions, retailers, and insurance providers may be most affected by fraud, while manufacturers and other organizations with extensive R&D departments may be more at risk of suffering from intellectual property theft. In addition, cybercriminals may attempt to impersonate your brand on social media or with phishing scams, targeting unaware customers by posing as a legitimate company.
There are countless sources of malicious activity for your security team to continuously monitor. Your DRP and threat intelligence solution must be able to collect external data from the open, deep, and dark web to promptly identify the most prevalent threats facing your organization.
Learn more about implementing an effective DRP strategy. Download your copy of Digital Risk Protection for Dummies.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.