Proactive Dark Web Monitoring for Enhanced Security

Written By Jordan Stewart

Our proposal resolves the immediate breaches and then continues monitoring your domain on the dark web as a managed service.

As more and more systems move online, credentials are essential to everyday life from a personal and business perspective. However, recent studies have shown that the average user has over 25 online accounts with a username and password but uses the same five passwords (or close variations) across all of them - this, coupled with the rise in cyber crime and associated data breaches, has resulted in employee credentials becoming a best seller on the dark web.

These valuable credential data are obtained via various methods, such as viruses, malware, or social engineering. Then they are sold in bulk on the dark web to other cyber criminals for tiny monetary amounts. Still, it could have a significant impact on your business. The dark web is part of the internet that isn't accessible by regular browsers (e.g., Chrome), nor is it searchable by Google and the like, and it also requires particular configuration or authorisation to access it. As a result, it is heavily used for illegal activity, such as selling stolen credit cards, weapons, drugs, and credentials. 

As of May 2019, there were 7 billion records (usernames and passwords) leaked, and a large majority of these appear on the dark web for sale. The leaked data comes from various personal and business-related sources, but regardless of the source and because of the reuse of passwords we described above, ALL leaks need to be a concern to your business. 

Some of the more significant leaks have come from companies heavily used within organisations, such as:

  • LinkedIn

  • Adobe

  • Dropbox

Once a cybercriminal has obtained this leaked information, they will use it to try and compromise your other corporate services, such as: 

  • Office 365 / GSuite

  • Online payroll services

  • VPNs / remote desktops

  • Banking

  • VOIP

  • ERP

  • CRM

  • Social Media

The result may be obtaining more information from more accounts, causing disruption and downtime, or obtaining funds through deploying ransomware or social engineering (Whaling). Some leaked information may also contain personally identifiable information (PII), which may have knock-on effects through GDPR.

Solution

Based on the above, Fifosys recommends that your organisation invests in proactive Dark web monitoring. This system will automatically monitor 24/7/365 the most secretive areas of the internet and dark web to find compromised credentials associated with your domain. The system will observe the following:

  • Hidden chat rooms

  • Private websites

  • Peer-to-peer networks

  • Internet relay chat channels

  • Social Media platforms

  • Black market sites

  • Over 640,000 botnets

If we discover credentials or information linked to any of your monitored domains, a ticket will automatically be logged in our ticket logging system and triaged appropriately. The key logged will contain the following information:

  • Data found

  • Username

  • Password details, if applicable

  • Source of breach

  • Origin of breach

  • If personal identifiable information is included

Our assigned Fifosys engineer will then contact you and advise what action needs to be taken, such as if the user needs to change their password or if any subsequent education or action is required. We can inform the internal IT department, but please note that your staff may not be comfortable with the IT team knowing the identified source.

Ten personal email addresses (per monitored domain) can also be added for a reduced charge, which is helpful for senior members within the organisation who have personal email accounts (such as Hotmail and Gmail) and want the added benefit of knowing their account is also being proactively monitored.

Organisations will also receive a clean bill of health email at the end of each month if no new breaches have occurred, ensuring the company's data is secure. 

An example is shown below:

This service is designed to alert organisations when compromised data is released. You can take other steps to reduce the risk and impact of these breaches, such as:

  • Multi-factor authentication

  • Mobile device management

  • Social engineering awareness training

  • Next-generation Anti-virus and firewalls

None of the above solutions will completely eradicate the chance of a security breach or cyber-attack but deployed together will increase the overall security of the environment and increase the users' knowledge, reducing the overall risk and likelihood.

Jordan Stewart
Next

The Significance of Cyber Security Audits for Organisations