It Could Happen to You
We all know that in today’s aggressive cyber security environment there is a high probability that your organization has already been breached. In fact, you may not even be aware that it happened.
None of us are completely protected. There is no solution that can provide you with 100% assurance. During a Cyber Security Threat Assessment for a company with thousands of employees, and defended by what they felt was a strong cyber security program; DefendEdge’s in-depth threat assessment discovered credentials on the dark web.
That meant that highly sensitive business, client and employee data was being illegally sold, traded, or offered for sale while putting everyone at great risk. What can a security team do to be alerted when their data is being stolen? How can they quickly remove it from the dark web?
The State of the Industry
Tracking stolen data on the dark web is challenging because it is just beginning to be addressed by the industry. Currently, there are few products and services available to do the job. However, there are some strategies and tools that companies can immediately put into practice for their protection.
Data Tracking Tools
One of the key tools for tracking data on the dark web is PwnedList.com. Created by Alen Puzic, a security intelligence researcher for HP’s TippingPoint DVLabs, it is designed to search for leaked data.
The service hunts down data on the dark web, aggregates and indexes it and allows you to search for your specific information. By simply using a company email address or username, you can determine if your information has been compromised.
Another tracking company, Hold Security, offers a deep web monitoring solution that searches the dark web forums and deep web sites, gathers and indexes the stolen data and works to identify “victim” companies using that information.
It is important to note, that there is a shortcoming to using these services because of the very nature of the criminal act. So as not to alert victims, the cyber criminal is very unlikely to post a complete data set and the origin of the data, making it difficult to identify you company with the tracking tools.
Data Loss Prevention Tools
Forward thinking security teams have probably already put this tool into action. Data Loss Prevention tools (DLP) analyze network traffic to detect sensitive data that is being sent in violation of information security policies. DLP solutions can also be used to discover lost data when used in conjunction with tools like Bishop Fox’s Google Hacking Diggity Project. (This is a research and development initiative leveraging search engines to quickly identify vulnerable systems and sensitive data.)
Since DLP requires a specific format, this can be utilized by the Bishop Fox tool to more easily search the dark web for specific patterns helping you to find and recover stolen data.
Early Alert System
Seeding your sensitive internal databases with fictitious accounts, referred to as honey tokens or honey pots, can serve as an early alert system of a security breach. These fake accounts will show a login history, will have been active in the last 30 days, and reflect other key information that will make a hacker believe these are actual accounts.
If a login occurs using the fictitious account credentials, or if spam mail is received in other accounts, this serves as an early alert to a data breach and action should be taken immediately.
However, if you move forward with this cyber security measure, it is critical to create a well thought out strategy. Since you will not want to include false accounts in every database, it is important to take the time to identify the most sensitive/important data requiring protection.
Take Action
Although these tools are in their early stages of development and not yet perfected, they can help you better protect your organization against crimes of the dark web. We highly encourage you to take action. When it comes to cyber security, there’s no time like the present.
For more information please email DefendEdge at Hello@DefendEdge.com