Corporate Security Ben Luxon Corporate Security Ben Luxon

Detect Signs of Stalking in Real Time to Keep Employees Safe

We take a look at how to prevent online stalking, or cyberstalking, as it’s on the rise. Read more about Signals’ stalker threat preventative system.

Online stalking, or cyberstalking, is on the rise. Covid-19 has only exasperated the problem, with lockdowns increasing the vulnerability of victims as people continue to spend exponentially more time online. In fact, Paladin (UK’s national stalking advocacy service) reported having a 50% to 70% increase in requests for support around stalking cases during the pandemic.

In one UK study, 358 cases of homicides were analysed. The results indicated that in 94% of these homicides, the victim was stalked before the homicide took place. This statistic indicates how important it is to recognise stalker-like behavior before a potential violence occurs. Organizations who exercise the highest standards of Duty of Care and want to keep their employees safe, understand the importance of detecting signs of stalking before the problem snowballs.

women on mobile phones.jpg

Cyberstalking is on the rise

  • Stalking on social media:

    • Facebook

    • Instagram

    • Twitter

    • Snapchat

    • TikTok


  • Stalking via private messaging platforms:

    • WeChat

    • Telegram

    • Whatsapp

    • Facebook Messenger


  • Other stalking techniques:

    • Virtually visiting victims on street maps

    • Looking at victim geotags

    • Hijacking webcams

    • Catfishing

woman on phone.jpg

How Signal Helps

Using Signal, analysts discovered X, a stalker using social media, harassing a client’s employee. In a 4-week span this user sent approximately 1500 social media posts mentioning said employee. The content of X’s posts includes photographs of the employee’s children, mentions 9 hand-written letters posted to the client, marriage proposals, and also sentiment seesawing between love-speech and hate-speech. X also contacted other employees, especially when the desired effect on the first employee wasn’t achieved.

Using the data found, analysts took X’s content and ran it through various analysis steps to prepare a data set to be included in a dossier. The most popular words and phrases were pulled from the posts, then further analysed by Signal.

The prepared dossier was shared with the client so that they could instigated their employee support  process for dealing with online harassment. 

Benefits of Signal’s Stalker Threat Preventative System

Signal helps prevent the potential psychological trauma of employees, physical harm, and at worst violence or loss of life. 

Stalking causes business disruptions as well. Companies whose employees fall victim to stalking will lose productivity each year. Impacts include reduced or lost output, increases in staff turnover, increases in absenteeism, investment required for support programs and increased management overhead. Collectively, victims of stalking will lose approximately $110 billion over a lifespan.

Signal can detect harassment in real time. Client analysts or analysts from Signal can watch for stalker-like behavior and notify you as soon it is detected. This information in turn is used to trigger employee support programs and increased monitoring to ensure escalation doesn't occur.  

We can save your employees and business potential time, harm and money. Contact us to learn more or schedule a demo.

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

7 Growing Cybersecurity Threats Professionals are Increasingly Worried About

We take a look at 7 of the growing concerns that cybersecurity and infosec professionals have as the trend towards digitizations continues at an increasingly explosive pace.

The new softwares and systems that are employed across an organization create new attack vectors for threat actors and new data security concerns. Not only that but as these new digital systems are put into use to replace once manual tasks additional complications arise from potential user errors, for example, an employee might make private data public without even realising. 

In this article, we take a look at 7 of the growing concerns that cyber and infosec professionals hold as this trend towards digitizations continues at an increasingly explosive pace.

connected devices.jpg

1. Unintentional Data Exposure

“To err is human,“ as Alexander Pope famously wrote. We all make mistakes and to combat this we have progressively leveraged more technology across industries to automate processes and reduce the potential for human error. However, technology can’t prevent our every mistake, and paradoxically, this use of technology increases the amount of data we as people and organizations produce and store in our systems. Hackers are aware of this and continue to find creative ways to exploit human weakness with strategies such as complex phishing campaigns.  

On top of this, the adoption and rapid development of hardware (phones, for example) mean many people conduct work from their personal mobile device. And the move towards work from home driven by the COVID-19 pandemic has furthered this merger of work and personal devices as well as increased the amount of work done from unsecured networks.

2. Adoption of AI into Malware for Scale and Evasion

Denial of service attacks can take a variety of forms, from malware to DDoS attacks, and have huge financial implications for an organization. In 2018, for example, shipping giant Maersk had their IT systems taken out by a vicious malware called NotPetya, costing them an estimate $300 million.

These ransomware attacks might be driven by political motives, thoughts of financial gain, or something else entirely. Over the last few years, these tactics have evolved they’ve adopted new technologies and strategies allowing threat actors to increase both the scale of the attacks, as well as to more effectively neutralize increasingly complex security protocols.

One increasing concern is the adoption of AI into these attacks. AI can be used in a variety of ways, such as increasing the effectiveness of phishing campaigns. One example was developed by IBM Research, DeepLocker. DeepLocker hides its malicious payload in benign carrier applications, such as a video conference software, to avoid detection by most antivirus and malware scanners and then uses facial recognition to identify the specific target and launch its payload.

How AI is used to could completely change the way information security and cybersecurity professionals, in general, need to adapt and respond to threats.

3. Financial Fraud

Financial fraud off the back of data breaches is nothing new. However, it continues to be a problem today and into the foreseeable future. Data breaches from large organizations, whether they are related to your organization or not could easily lead to new attack vectors on your company.

There is a huge amount of Personal Identifiable Information (PII) for sale on the dark web. This data can be used in a number of ways, from credential stuffing strategies to identifying high-value targets and refining strategies for spear-phishing campaigns.

4. 3rd Party Integrations

Often organizations spend a huge amount of time and money ensuring their internal cybersecurity practices are excellent. It only takes one breach to realize the efficacy of this investment. Successful ransomware, for example, against an organization for example could cost tens of millions not even considering the reputational damages that might accompany the financial ones.

However, as was seen with the 2020 SolarWinds breach, it doesn’t matter how well educated your staff, how up to date your firewalls, how alert your security teams are if your third party integrations have weaknesses.

5. Increasing Amounts of Sensitive Data Collected Through IoT Devices

Internet of Things (IoT) devices is beginning to infiltrate every level of our lives. From mobile robots, to inventory tracking, to personal assistants, connected speakers and smart TVs. These devices seek to automate and simplify our lives.

However, what many people don’t realize is that these machines are often insecure by design and offer attackers new opportunities. Additionally, the terms and conditions around data sharing and usage from many of these devices lack transparency, and by utilizing this technology an organization makes it increasingly difficult to know and control what data is going out.

Finally, it’s often the case that, while a vendor may recommend applying new firmware updates, they are not applied unless the device starts misbehaving and someone applies the update to troubleshoot the issue. This could lead to serious security compromises.

home device IoT.jpg

6. Rise of Fake Online Personas

This threat can have a direct and dramatic impact on organizations reputation and the physical security of employees. By creating and leveraging fake or phantom social profiles threat actors can create trending news and information, promote poor products, or push lies and deceptions to further an agenda. 

The application for these kinds of campaigns is vast, affecting everything from national elections to company sales and share prices, and there is currently no system in place to identify false profiles efficiently and counter the purposeful spread of misinformation in this way. 

7. Shortfall of Professionals

The final security risk on the list is the continued shortage of skilled security workers. As cybersecurity threats evolve, and areas such as information security become more important for organizational security, increasing numbers of skilled and trained professionals will be needed.

Finals Words

Many people are now desensitized to the fact their data is shared online either through breaches or loose company policies. Because we cannot regain our privacy, they often become careless about protecting it further. Add to this the constant evolution of cybersecurity threats, and the challenge for cybersecurity professionals looks like a tough one. 

To ensure organizational security, companies need a combined response, that includes continuous education of employees, restricted accesses, and multi-factor authentication. This needs to be paired with a skilled security team who are armed with the necessary knowledge and tools such as OSINT software.

Security professionals need to be able to gather real-time data on emerging threats and proactively implement an effective response. 

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

5 Lessons Organizations Can Learn from the Worst Data Breaches of 2020

In this article, we take a look at 5 of the lessons that can be learnt from some of the biggest cyberattacks of 2020.

While data breaches are invariably costly for organizations, the fallout from a data breach isn’t always the same. There are numerous motivations for threat actors and an even greater number of strategies that they employ to achieve their varied goals. As such, it falls to security professionals can continuously learn from the ongoing cyberattacks the best ways to predict and prevent cyber breaches in a constantly evolving threat landscape.

In this article, we take a look at 5 of the lessons that can be learnt from some of the biggest cyberattacks of 2020.

1. 3rd party integrations create new attack surfaces

The recent breach of SolarWinds allowed foreign agents to access and spread malware to numerous government agencies and high-value US targets. These threat actors knew they could likely never penetrate these targets directly, and instead discovered they all used the same software for network management - SolarWinds. 

The attack spread a malware which lay unnoticed in the system for months as the attackers are believed to have observed and gathered data on their targets.

The key take away from this hack is that no matter how excellent and strict your own system’s security is, if the 3rd party systems you use have a weakness, then so do you. This is especially important as systems become increasingly interconnected, with a myriad of moving parts provided by dozens of different vendors. 

While you can’t and shouldn’t simply wall of your systems with a trust no-one approach, organizations also mustn’t take third-party solution provider’s security for granted. Conduct rigorous, ongoing security audits of your systems to be sure there’s not a nasty surprise hiding around the corner.

2. You need clarity across your organization’s security

As an organization grows in size and complexity, often, as we mentioned above, integrating and employing 3rd party vendors, the number of attack surfaces grows too. Organizations need systems in place to maintain clarity over the entirety of their IT security.

In July, Garmin was locked out of its own systems by ransomware and ended up having to pay millions in ransom for the decryption key. 

Garmin faced an impossible situation. While law enforcement officials and cybersecurity experts repeatedly warn companies not to pay ransomware attackers as it encourages further ransomware attacks, companies like Garmin are often left with no other choice. 

As such, companies need to employ systems, security protocols, and training to prevent ransomware.

For businesses like this, it’s vital to have systems in place to maintain a vigilant security posture toward every possible vector for attack.

3. Humans are the weakest link

Social engineering tactics can range from rather obvious emails from Nigerian princes to complex multi-step and highly targeted spear-phishing campaigns. In late 2020 the latter is what happened to Twitter, with numerous employees targeted with a strikingly elaborate spear-phishing campaign. The strategy involved multiple steps including tricking an employees phone carrier, pretending to be a member of the I.T. team, and creating fake login pages.

Once they had an employees admin account login they hijacked multiple high profile Twitter accounts and launched a Bitcoin scam that saw them making off with over $100,000 in less than an hour before it was stopped. Though this attack certainly could have been worse, it shows how one of a companies biggest vulnerabilities is compromised employee credentials. 

There are a couple of things that can be done to protect against employee weakness in your security defences. These include restricting employee access to sensitive data. Ensuring you offboard, and remove access to systems for old employees, implementing strong authentication protocols such as multi-factor authentication, and regular security training sessions for staff 

4. Only store data vital to providing your service

In July of 2020 GEDMatch, a DNA genealogy site was hacked. The hackers changed the user’s privacy settings - opting everyone in to share their data with law enforcement. The hack exposed the data of around 1.4 million people.

Thankfully, GEDMatch later announced that no raw DNA files had been compromised as no raw data is stored on the site. Instead, the data is encoded when it’s uploaded and the raw file deleted immediately. The key lesson here is that GEDMatch followed good practice, not storing any sensitive raw data and thus eliminating a potentially serious attack vector meaning the failure of one control did not lead to the attackers progressing beyond their initial intrusion.

If you can avoid storing highly sensitive data — such as passwords, payment information, or biometric data — on your own servers, do so. Deleting raw DNA data helped minimize the damage to GEDMatch in this breach.

5. People aren’t going to stop reusing passwords

The majority of people on the internet don’t know the best online security practices and many reuse the same tired old password across numerous websites. This has lead to a rise in popularity of one of the most common attack strategies employed by threat actors, credential stuffing. This is when they buy large datasets of login details, eg. passwords and user names, and apply them to other sites. While the strike rate is generally quite low, this strategy of credential stuffing does work. This is what happened to several insurance companies in 2020 including Independence Blue Cross

Independence Blue Cross reported that their member portals had been improperly accessed by hackers reusing credentials stolen from MyFitnessPal in an attack from 2018.

People aren’t going to stop reusing passwords anytime soon, but businesses can still guard against credential stuffing. One crucial step is to implement strong authentication protocols such as multi-factor authentication or adaptive authentication, which asks users for more credentials if their behavior is suspicious. In this case, it could have noticed that members were logging in with new I.P. addresses or at an unusual time of day, and asked them to confirm their identity.

Final Words

Organizations are increasingly connected online, using a myriad of integrations and tools to create better, more user-friendly solutions. Additionally, as we all become more technologically literate and engage more and more online there is an increasing amount of users data stored on organizational systems.

This means that the number of attack surfaces that organizations have to be aware of is continuously growing, and so too are the opportunities for attackers to achieve their goals. Whether it’s foreign espionage, idealogical fanatacism, or for personal financial gain.

Ultimately, we’re all in this together, a data breach or successful attack on one company could easily have ramifications against your own organizations. As such, employing the right tools, such as an OSINT tool like Signal, to monitor, detect and better protect against potential threats in this growing threat landscape has never been more important. 

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

12 of the Biggest Ransomware Attacks of 2020

Ransomware can cost an organization millions and often the victim has no alternative but to pay. In this article, we look at 12 of the biggest ransomware attacks that occurred in 2020.

Ransomware is a form of malware which is installed on a victims device or devices with the main objective of seizing and/or locking away sensitive data. As the name suggests in order for a victim to regain access to their data and systems they need to pay a ransom. More often than not, the two options a victim is presented with when they succumb to a ransomware attack is to either rebuild their systems from scratch and potentially have the attacker leak the data online - or pay up.

As such, it’s unsurprising that, in our increasingly digital age with more and more data on the cloud, that the number of attacks and the success of ransomware attacks is on the rise. Approximately 58% of ransomware victims paid in 2020, compared to 39% in 2017.

Ransoms for these kinds of attacks range from a few hundred dollars to thousands or even millions of dollars payable in cryptocurrency such as Bitcoin. In return for the payout, the attackers will release a decryption key allowing the organization to return to business. Certain industries, such as government organizations and hospitals are more susceptible to ransomware attacks due to the nature of the work that they do often being time-sensitive. For example, a ransomware attack crippled a hospital in Germany, leading directly to one patient’s death.  

There are numerous strategies that ransomware attackers employ to gain access to a victims database. One of the most common though is through social engineering tactics, such as phishing emails. Cybercriminals can make these emails look exactly like trustworthy emails from official sources, tricking victims into downloading compromised software onto their device. 

Because of the nature of social engineering tactics, and the evolving cyber threat landscape no organization can ever be fully secure from malware threats. Below we outline 12 of the biggest ransomware attacks that occurred in 2020.

secure_server_ransomware.png

12 Ransomware Attacks that Happened in 2020

1. ISS World 

Estimated cost: $74 million 

In February of 2020 ISS world, a Denmark based company went down due to a ransomware attack. Thousands of employees were left without access to their systems and emails. This cost them an estimated $74 million which includes regaining control of the affected IT systems and re-launching critical business systems. 

2. Cognizant

Estimated cost: $50 million

A ransomware attack on the organization Cognizant in April of 2020 is said to have cost the company over $50 million, potentially as much as $70 million, including legal and consultation costs and data recovery costs, along with the financial loss reflected in their second-quarter earning in 2020.

3. Sopra Steria 

Estimated cost: $50 million

The company Sopra Steria revealed that they were hit by hackers using a new version of the Ryuk ransomware in October.

They estimate that the fallout, including dealing with the various systems that went out of action, is likely to have a gross negative impact on operating margin of between €40 million and €50 million.

4. Redcar and Cleveland Council 

Estimated cost: $14 million

Redcar and Cleveland Council in the UK suffered an attack on their systems in February of 2020 costing the council an estimated $14 million.  The ransomware attack is said to have disrupted the company’s network, tablets, computers, and mobile devices for 3 full weeks. The council announced that in March, that it could take months for a full recovery and estimated the overall costs to be between $14 - $21 million.

5. Software AG

Estimated cost: $20 million

Software AG is the second-largest software vendor in Germany. They were reportedly hit with the Clop ransomware in an attack in October of 2020. The company disclosed that the ransomware attack disrupted a part of its internal network but didn’t affect customer services. The cybercriminal group responsible demanded a $23 million ransom.

7. Travelex

Estimated cost: $2.3 million

It was reported that Travelex the money exchange firm was hit with a file-encrypting malware attack which shut down its internal networks, website and apps for several weeks. Reportedly Travelex paid a ransom of $2.3 million in BTC to the dark actors to regain access to their data and restore services.

8. University of California San Francisco (UCSF)

Estimated cost: $1.14 million

UCSF was targeted by a malware attack which encrypted servers used by the school of medicine impacting students in June of 2020. The ransomware was prevented from travelling to the core UCSF network and causing more damage. The authorities negotiated with the cybercriminals and UCSF ended up paying approximately $1.14 million in ransom of the $3 million demanded. 

9. Shirbit Insurance 

Estimated cost: $1million

After a cyberattack on the Israeli Insurance provider Shirbit in December of 2020 the attackers demanded roughly $1 million in Bitcoin. In order to pressure the company into paying they demanded immediate payment or an increase in the ransom cost, doubling after 24 hours. Additionally, to show they weren’t empty threats they dumped the first 300 records online, again threatening to dump additional records every 24 hours until they received payment.

10. Communications and Power industries 

Estimated cost: $500,000

California-based Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. Reportedly, CPI paid $500,000 to obtain the decryption key to unlock their servers and return services.

11. Grubman Shire Meiselas & Sacks 

Estimated cost: $365,000

Grubman Shire Meiselas & Sacks is a law firm that specializes in law for those in the media and entertainment industry. Their clients consist of a range of A-list celebrities and, with such high profile individuals on the line, the stakes for them were extremely high. They were targeted and files encrypted by REvil ransomware. The firm agreed to pay an estimated $365,000, however, the attackers started demanding more afterwards and the company has since kept quiet on what it has or is willing to pay.

12. Tillamook County 

Estimated cost: $300,000

Tillamook county in the US was attacked by cyber attackers in January. The attack interrupted their email network, phone systems and website. After exhausting alternative options, they estimated the costs to restore service would cost well over $1 million and take several years and opted instead to pay the $300,000 ransom. 

undraw_safe_bnk7.png

Keeping your data and organization secure

  1. Never click on suspicious links or any links attached in unsolicited emails. 

  2. Back up systems and data continuously. Create a separate data-backup in an external hard drive that is not connected to your computer, so that you don’t have to pay the ransom if a ransomware attack happens.

  3. Never disclose personal information over the phone or over email. 

  4. Educate employees of cybersecurity best practices and social engineering tactics that may be used against them.

  5. Limit employee access to sensitive data to reduce attack surfaces.

OSINT Tools and Mitigating Costly Ransomware Attacks

Early warning of data beaches through OSINT tools can help you predict and prevent cyber attacks as well as enable organizations to take mitigating actions faster. While open-source intelligence tools can’t prevent ransomware, they can help organizations reduce the risks and potential damages. 

OSINT tools can be used by organizations to monitor their supply chains, allowing them to learn of potential disruptions in real-time and enabling them to implement contingency plans fast. 

Additionally, organizations can use tools like Signal to monitor for ransomware and malware currently being used. This can help security teams determine emerging threats being used against other organizations in their industry to better inform ongoing cybersecurity best practices.

Ultimately, by using OSINT to monitor darknet forums and market places security professionals are able to learn about the newest strategies being employed, the most recent weaknesses being exploited, and the most current software being utilized. Armed with this knowledge they are much more able to develop effective countermeasures as well as actively prevent ransomware infection.

Read More
Dark Web Monitoring Ben Luxon Dark Web Monitoring Ben Luxon

7 Dark Web Forums You Need to Monitor for Improved Cyber Security

We take a look at how security professionals can utilize OSINT tools like Signal to more efficiently and effectively monitor threats on dark web forums.

The dark web has grown in popularity over the years as people become increasingly technologically savvy. Using a darknet browser like Tor or I2P allows users to stay anonymous whilst browsing online. 

There could be any number of reasons a person desires anonymity online, and many of those reasons are perfectly legitimate. For example, they might simply have concerns about large companies’ abilities to track their online activity, they might not feel comfortable giving Google all their data. Alternatively, they might live in a place with restrictions on freedom and free speech and necessarily turn to dark web anonymity to access world news or freely share journalism. 

However, the same anonymity which protects those people is also a boon for criminals. It allows them to operate across borders, organize crime, and trade in illegal items, both physical and digital. Additionally, any number of topics can be found on dark web forums being discussed, including extremist ideas, hate speech, threats of violence, or even plans for cyber attacks.

It is this broad array of potentially dangerous activity on the dark web which is of concern for security professionals. By monitoring the dark web with OSINT tools like Signal, security professionals can discover exploit kits targeting their organization, get early alerts of data breaches, and even prevent physical attacks on assets or employees

In this article, we take a look at a few of the more common dark web forums and how security professionals can utilize OSINT tools like Signal to more efficiently and effectively monitor threats on the dark web.

About Dark Web Forums as Data Sources 

Because of the anonymity afforded by the dark web, people feel comfortable discussing all manner of things. As such, the dark web, especially dark web forums, is a valuable source of intelligence for security professionals. Monitoring these channels can help expose real and potential threats ranging from planned attacks, both physical and digital, to fraud, data breaches, and more.

Below we take a look at 7 of the largest dark web forums that professionals need to be aware as potential security data sources.

Nulled

Nulled is an online forum board with over 3 million members as of 2020, mostly used by cybercriminals to trade and purchase leaked or hacked information. In 2016 it became known as the target of a data breach which helped law enforcement to obtain information about possible "suspects", who were registered on Nulled.

Dread

Dread is a forum on the darknet that mirrors Reddit’s functionality. It provides the same familiar community discussion boards. The forum takes many ideas from Reddit, such as sub-communities and user moderation responsibilities. The Website manages to mimic this functionality without any JavaScript. The main goal of Dread is to offer a censorship-free forum, but it also offers some services, such as pen testing.

CrackingKing

Cracking King is a community forum that provides tutorials and tools for hackers. Additionally, you can find information about and from data leaks, as well as gain access to their marketplace.

CryptBB

CryptBB, which launched in 2017, started out life as a private English-speaking hacking forum known for its rigorous application policy, only accepting members who passed an interview. They have, however, recently been expanding with a new section of the site for “newbies”.

RaidForums

RaidForums is a site dedicated to sharing hacked databases and tools to perpetrate credential stuffing attacks. They also have an open web version of their site.

FreeHacks

FreeHacks is one of the most popular and one of the largest hacking forums on the web. This Russian community of hackers and cybercriminals gathers its resources to expand and solidify their knowledge base.

HackTown

HackTown is an educational platform. They have numerous courses all of which focus on hacking for profit. The forum aims to educate new hackers and cybercriminals to help them develop their skill sets and successfully pull off fraud attacks, phishing campaigns and more. 

Related: How Can 4chan be Used as a Data Source for Security Intelligence? 

Key Challenges of Dark Web Monitoring for Security Professionals

Security professionals face a number of challenges when it comes to monitoring the dark web. For a start, there is the sheer volume of posts. With each of these forums and market places operating across numerous time zones, they have continuous activity. The most popular of them get tens of thousands of posts a day. Manually monitoring these sites is just not a feasible task.

Secondly, the more explicit dark web forums and market places will require you to create an account and may even go some way to verifying you have the skills to be allowed in. While the anonymity of the dark web means they likely can’t work out exactly where you came from or what your true purpose is on their platform, those that are interested might attempt to get further information out of you to determine your real identity. When creating an account it’s important to make sure it holds no relevance to any other online account you hold if you want to maintain your complete anonymity and don’t become a target of those same criminals you are looking to monitor.

Once you’re into one of these forums or marketplaces you will then need to remain active on the platform, without arousing suspicion otherwise you could have your hard-won access revoked. 

Finally, a lot of hackers on the dark web would be more than willing to turn their talents and attention to you should you accidentally cross them. Some websites will infect your device with malware and any and all links or downloads should be viewed with suspicion. Additionally, if you do click any links you may be taken to the material you don’t want to see that many people would find disturbing. As such, unless you’re confident you can safely and securely navigate the dark web, it may be better to look for safer, more efficient alternatives. 

dark web binary.jpg

The Role of OSINT when Monitoring the Dark Web

The Signal OSINT platform works by continuously scanning the surface, deep, and dark web. You can create custom searches using boolean logic and select from several data sources. These search results can then be filtered using our advanced AI and natural language processing (NLP) which enable you to search across languages, determine location, analyze copy in imagery, and even assess the emotional intent behind text through our NLP software Spotlight.

The benefits of having a tool like this for monitoring the dark web include efficient continuous monitoring and assessment of a multitude of sites allowing security teams to monitor more of the web to catch more threats faster. Additionally, they can access this data without ever having to hunt down and access the various dark web forums and marketplaces which is both more secure and much more time-efficient.

This approach allows you to leave your dark web monitoring on autopilot and not only effectively reduce costs but vastly increase the scope of your monitoring ability and the overall amount of hyper-relevant intelligence at your fingertips.

Read More
Social Media Monitoring Ben Luxon Social Media Monitoring Ben Luxon

Why you Need to Upgrade your Social Media Security

We take a look at why and how attackers target social accounts as well as reviewing some of the current best practices for mitigating the risks.

For organizations, social media is vital for the success of their business. It forms a central part of their efforts to build brand awareness, establish their community, do market research and gather intelligence. However, because of the frequency with which it’s used and the importance of the role it plays, social media cybersecurity threats can have a very tangible impact on an organization through reputational damage, data breaches, or worse.

In a recent survey by Statista, it was revealed that 22% of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once. Due to the constantly changing nature of technology and trends, it’s difficult to pin down a defined set of best practices. 

In this article, we take a look at why and how attackers target social accounts as well as reviewing some of the current best practices for mitigating the risks.

social media security

Why Do Hackers Target Social Media Accounts?

A successful account takeover can enable threat actors to achieve a variety of malicious objectives, from the distribution of malware to the spreading of misinformation. Some of the most common uses for a compromised account are as follows:

Continuing the Attack: Generally speaking, most people are wary of random messages from strangers. However, if you can gain access to someone’s account and launch your phishing campaign against their contacts you can leverage the trust already established as a personal contact to dramatically improve the success rate of the phishing campaign. In the case of an organization’s account, these attacks are particularly harmful as they can target thousands or even millions of followers and can come with serious associated reputational damage.

Gathering Intelligence: The actual account takeover might not be the endgame of the attack. Instead by taking over an account, they gain access to intelligence, from an individual's messaging history to extensive personal details on an individual and their contacts.

Reputational Damage: We’ve already mentioned the potential for reputation damage as a by-product. However, there is a chance that reputation damage is the entire objective of the attack. Attackers might have a grudge against an organization or person, for example. Once they have access to the account they could do a range of things, such as posting racist slurs from the account or directly targeting followers through the account.

Credential Stuffing: Many people use the same login credentials across websites. Once attackers have successfully compromised an account, they then attempt logins at other popular websites using the same credentials to see what else they can gain access to. Often the objective is a financial reward.

Blackmail: If embarrassing or damaging information is surfaced through the account attack then hackers are unlikely to miss the opportunity to blackmail the individual or organization to further their other objectives.

4 Examples of Successful Social Media Attacks

LinkedIn Hacked, Exposing 117 Million Credentials

  • When: May 2016

  • Tactic: Data Breach, Account Takeover

  • The 2016 LinkedIn data breach exposed 117 million records of its users including email and password combinations. These were sold on the dark web and allowed hackers to gain access to and control thousands of accounts as well as use the data for credential stuffing.

Vevo Hacked Via LinkedIn Phishing

  • When: September 2017

  • Tactic: Targeted Phishing & Malware

  • In 2017 the streaming service Vevo suffered a breach when one of its employees was phished via LinkedIn. Through this attack, hackers obtained and publicly released over 3TB worth of the company’s sensitive internal data.

HAMMERTOSS Malware

  • When: July 2015

  • Tactic: Malware/Data Exfiltration

  • HAMMERTOSS is a malware which was created to automatically search and extract data from social networks and was controlled by commands posted by attacker profiles. This novel approach to weaponizing social media shows the need to analyze social media as part of the full lifecycle of a cyber attack. 

Twitter Bitcoin Scam

  • When: July 2020

  • Tactic: Account Takeover

  • Through a series of targeted phishing campaigns, hackers were able to get access to internal systems and tools at Twitter. They used this access to take control of numerous high profile accounts, including verified accounts such as Kanye West, Barack Obama, Apple, and Joe Biden. The attackers used the platform to Tweet a message requesting Bitcoin be sent to a specific wallet number with a promise they’d return it doubled. In the short time the message was up the attackers collected over $100,000.

likes social media.jpg

6 Quick Tips to Improve your Organizations Social Media Cybersecurity

1. Employ strong unique passwords.

Avoid the risks of credential stuffing by ensuring that all accounts are locked with strong unique passwords.

2. Keep personal and business accounts separate.

Linking personal and business accounts just make it easier for hackers to gain access to both. So, when possible, keep a separate and distinct login and password for both. 

3. Restrict access and permissions.

Not everyone needs to have the ability to login to the organization’s social media accounts. Not everyone needs to be able to post, share or send messages through it. Additionally, when an employee leaves make sure to revoke their access to all social media accounts.

4. Be mindful about what you share.

Even harmless posts might unwittingly share sensitive data that could be used by attackers. For example, you might share an employee update, maybe congratulating an employee for having a child, information which could be used in a targeted spear-phishing campaign.

5. Protect the physical access points.

Make sure devices are password-protected, don’t leave USB devices lying around, ensure that wi-fi networks are private and secure. These physical security threats are particularly prevalent currently with many employees working from home

6. Be wary of third-party apps.

Third-party apps like scheduling softwares are invaluable, allowing you to save a huge amount of time. However, they also provide an additional way for attackers to gain access to your social media accounts. 

The Role of OSINT in Securing Social Media Platforms

live streams laptop on desk.png

By monitoring social networks for mentions of your brand and keywords, you’ll know right away when suspicious conversations about your brand emerge. For example, people might be sharing fake coupons or offers, or an imposter account starts tweeting in your name. Using OSINT you can monitor all the relevant activity online regarding your business and quickly identify fraud allowing you to respond to it in a timely fashion.

Additionally, you can use OSINT tools like Signal to monitor not only your social media channels for things like imposters but also for physical threats against employees or branch locations. 

OSINT is vital in identifying when one of the above-mentioned risks of social media becomes more than just a threat when it becomes a reality. Being amongst the first to know when something like this happens allows you to respond quickly and effectively.

Read More
Signal Product Ben Luxon Signal Product Ben Luxon

How Machine Learning is Changing Modern Security Intelligence

Today, AI and machine learning enable both attackers and defenders to operate at new magnitudes of speed and scale. Security teams need to leverage the power of machine learning and automation if they want to stand a chance of mitigating threats.

A key challenge facing modern security teams is the explosion of new potential threats, both cyber and physical, and the speed with which new exploits are taken advantage of. Additionally, in our globalized world threats can evolve from innumerable sources and manifest as a diverse range of hazards.

Because of this, security teams need to efficiently utilize automation technology and machine learning to identify threats as or even before they emerge if they want to mitigate risks or prevent attacks.

Artificial Intelligence in the Cyber Security Arms Race

Today, AI and machine learning play active roles on both sides of the cybersecurity struggle, enabling both attackers and defenders to operate at new magnitudes of speed and scale.

When thinking about the role of machine learning for corporate security and determining the need, you first need to understand how it is already being used for adversarial applications. For example, machine learning algorithms are being used to implement massive spear-phishing campaigns. Attackers harvest data through hacks and open-source intelligence (OSINT) and then can deploy ‘intelligent’ social engineering strategies with relatively high success rate. Often this can be largely automated which ultimately allows previously unseen volumes of attack to be deployed with very little effort.

Another key example, a strategy that has been growing in popularity as the technology evolves, making it both more effective and harder to prevent, is Deepfake attacks. This uses AI to mimic voice and appearance in audio and video files. This is a relatively new branch of attack in the spread of disinformation and can be harnessed to devastating effect. For example, there are serious fears of the influence they may bring to significant future political events such as the 2020 US Presidential Election.

facial recognition AI.png

These are just two of the more obvious strategies currently being implemented in a widespread fashion by threat actors. AI supported cyberattacks though have the potential to go much further. IBM’s DeepLocker, for example, describes an entirely new class of malware in which AI models can be used to disguise malware, carrying it as a ‘payload’ to be launched when specific criteria are met - for example, facial recognition of its target.

Managing Data Volumes

One of the primary and critical uses of AI for security professionals is managing data volumes. In fact, in Capgemini’s 2019 cybersecurity report 61% of organizations acknowledged that they would not be able to identify critical threats without AI because of the quantities of data it is necessary to analyze.

“Machine learning can be used as a ‘first pass’, to bring the probable relevant posts up to the top and push the irrelevant ones to the bottom. The relevant posts for any organization are typically less than 0.1% of the total mass of incoming messages, so efficient culling is necessary for the timely retrieval of the relevant ones.” - Thomas Bevan, Head Data Scientist at Signal.

Without the assistance of advanced automation softwares and AI, it becomes impossible to make timely decisions - impossible to detect anomalous activity. The result of which is that those organizations who don’t employ AI and automation softwares for intelligence gathering often miss critical threats or only discover them when it’s too late.

Signal OSINT and Machine Learning

Developer machine learning.png

Signal OSINT platform uses machine learning and automation techniques to improve data collection and aggregation. The platform allows you to create targeted searches using Boolean logic, but it is our machine learning capabilities which allow us to go beyond Boolean keyword searches. 

“By recognising patterns in speech and relations between commonly used words, one can find examples of relevant posts even without keywords. While phrases like ‘I’m gonna kill the boss’ can be picked up by keywords easily, keyword searches alone struggle with more idiomatic speech like, ‘I’m gonna put the boss six feet under’, and will incorrectly flag posts like ‘Check out the new glory kill animation on the final boss’. Machine learning, given the right training data, can be taught to handle these sorts of examples,” says Thomas Bevan.

Signal continuously scans the surface, deep, and dark web and has customizable SMS and Email alert capability so that security teams can get real-time alerts from a wide array of data sources such as Reddit, 4Chan, 8Kun etc. Additionally, Signal allows teams to monitor and gather data from dark web sources that they would otherwise be unable to access either for security reasons or because of captive portals.

Finally, the software allows users to analyze data across languages and translate posts for further human analysis. There are additional capabilities, such as our emotional analysis tool Spotlight, which can help indicate the threat level based on language indicators.

Complementing AI with Human Intelligence

In order to stay ahead of this rapidly evolving threat landscape, security professionals should be using a layered approach that pairs the strategic advantages of machine learning to parse through the vast quantities of new data with human intelligence to make up for current flaws in AI technology.

Machines have been at the forefront of security for decades now. Their role though is evolving as they get passed the heavy lifting, allowing analysts and security professionals to analyse hyper-relevant data efficiently. 

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

Why organizations need threat intelligence tools as part of their security defences

Threat intelligence is an essential tool for any security team. It is the gathering of evidence-based knowledge to inform action-oriented preventative and reactionary responses to an ever-evolving cyber threat landscape.

What is Threat Intelligence?

Those very same technologies that have allowed globalization, which have brought us all closer together and enabled organizations and brands to achieve the current growth and success they enjoy today, have simultaneously brought with them increased risks. These risks come in the form of increased vulnerabilities and exploitable attack vectors for cyber attackers. Threat intelligence is all about gathering data and knowledge to combat and mitigate these threats. 

Threat intelligence provides organizations with information and context required to effectively predict and even prevent cyberattacks. Additionally, it helps inform security teams of the best practice for both preventative measures and response measures to ensure if there is a cyberattack the resulting costs are minimal. 

In short, threat intelligence is the gathering of evidence-based knowledge to inform action-oriented preventative and reactionary responses to an ever-evolving cyber threat landscape.

connectivity.jpg

The Importance of Threat Intelligence

Threat actors are increasingly persistent, and their persistence pays off. Even the most dedicated professionals can’t help but struggle to keep abreast of every new cybersecurity development. New exploits are constantly being discovered or developed and strategies such as social engineering are increasing in complexity. Security teams need up to date data and intelligence on evolving threats if they are going to be able to develop effective responses.

Additionally, within the corporate world one of the key buzzwords of the last two decades has been “accessibility”. Accessibility to data means organizations have necessarily become reliant on digital processes and almost everything is stored on the cloud. Unfortunately, while accessibility is essential to developing efficient processes, and effectively using big data, it also increases the number of threat vectors that attackers can exploit. According to the IBM 2020 data breach report the longer a data breach goes undetected the more expensive it ends up being for the organization. Primarily then, threat intelligence gathered using tools like Signal OSINT can help organizations detect data breaches earlier, mitigating the eventual costs both reputational and monetary.

The final reason that threat intelligence plays such a pivotal role in today’s security is the distinct lack of skilled cybersecurity professionals. Threat intelligence is a time-consuming business that requires a skilled deft hand to manage. The best threat intelligence solutions use machine learning to automate data collection, then filter and structure data from disparate sources to present only hyper-relevant information to a skilled security team for final analysis. The security team can then use this data to create effective actionable plans based on evidential knowledge. This approach optimizes the performance of both the cybersecurity professional and the intelligence tools being used.

Threat intelligence is actionable — it’s timely, provides context, and is able to be understood by the people in charge of making decisions.

Use Case Examples for Threat Intelligence 

Threat intelligence can be used in a diverse range of strategies which makes it an essential tool for security teams in any organization. It’s most immediate value is in helping prevent an attack by gathering intel on threats in real-time, however, it’s also useful for a broad scope of activities such as managing vulnerabilities, informing decision making, and responding to attacks as or after they happen.

Related: The Role of Threat Intelligence and Cybersecurity in Retail

Prevent an attack

From the time that a vulnerability is found to the time an exploit targeting that vulnerability is available for threat actors is shortening. Security professionals need to know about the vulnerability fast so that they can implement a patch and prevent it from being exploited.

Respond to a Data Breach

Data breaches are costly and often go unnoticed. With the right threat intelligence tools you can determine when a data breach happens fast and take suitable actions to mitigate the costs of any following repercussions.

Manage a Vulnerability

The approach of “patch everything, all the time” is impractical and will likely see organizations fall behind - leaving more serious vulnerabilities open for longer. Threat intelligence can help security teams effectively manage vulnerabilities by giving the salient data to allow them to prioritize patches based on actual risk. 

incident.jpg

Risk Analysis

This leads on nicely from the last point. Threat intelligence can help security teams determine the actual risks associated with potential vulnerabilities or attacks by providing additional contextual information. For example, threat intelligence can help security professionals  answer the following questions:

  • Which threat actors are using this attack, and do they target our industry?

  • How often has this specific attack been observed recently by enterprises like ours?

  • Which vulnerabilities does this attack exploit, and are those vulnerabilities present in our enterprise?

  • What kind of damage, technical and financial, has this attack caused in enterprises like ours?

Fraud Prevention

Fraud can encompass anything from a fraudulent use of your brand, data, or even impersonation of your employees. For example, an individual might impersonate a doctor and sell fake versions of your prescription medication online.

Incident Response

Having the ability to gather and filter through threat intelligence from across the surface, deep, and dark web in real-time allows security teams to effectively and appropriately respond to incidents as they are happening.

How can Signal threat intelligence improve your organization’s security?

Signal allows our customers to analyze emerging global trends, detect threats in real-time, and then form appropriate security strategies to counter these potential threats as or even before they fully reveal themselves.

One of the key issues that security teams and analysts face is the sheer amount of noise that might surround their brand. Invariably much of this noise is irrelevant to their purposes, however, some of it will be bad. This is why Signal assists with advanced filters with boolean logic as well as features such as our emotional analysis tool.

Read More
Corporate Security Ben Luxon Corporate Security Ben Luxon

What is Ransomware and Why Should you Care?

Ransomware attacks are becoming more complex and brazen with big companies like Garmin in their crosshairs. What do security professionals need to know about ransomware attacks, and what measures and precautions can they take to mitigate the potential damages?

Ransomware is big money and is a rapidly growing cyberattack strategy. The market has expanded massively since the advent of secure and untraceable payment methods such as Bitcoin. Emsisoft estimates that ransomware costs for US organizations in 2019 was in excess of $7.5 billion. Compare this to four years prior when in 2015 ransomware damages totalled around $300 million.

Some markets are particularly prone to ransomware attacks such as medical organizations and public services. And there have been several high profile cases involving these industries over the last few years. Attackers know that with lives literally on the line organizations in these fields are likely to simply pay the ransom to make the problem go away. Most recently Garmin technology company has been held to ransom with attackers using the WastedLocker ransomware seeking a ransom of USD$10 million.

In this article, we explore in detail what ransomware is, how cybercriminals utilize and what strategies organizations can employ to ensure they are protected from ransomware attacks.  

What is Ransomware?

Ransomware is a form of malware. It can take various forms but generally it functions in one of two ways:

  • Crypto ransomware. This malware encrypts the files on a computer so that the user cannot access them.

  • Locker ransomware. This malware locks the victim out of their device or out of particular files, preventing them from using it. 

One thing all ransomware attacks have in common is that the target won’t be able to regain access to their files unless they pay the attackers a hefty ransom to unlock the files.

Ransomware has grown in popularity over the last few years in the wake of cryptocurrencies which makes it safe to receive their ransom payments. The cost of a ransomware attack can range from a few hundred to thousands of dollars depending on who the target is and how valuable the attackers believe the files they have locked out of reach are. 

Probably the most common delivery system for ransomware is phishing scams. For examples, a virus masquerading as an email attachment can, once downloaded and opened, easily take over a victims computer. Another strategy is through social engineering which is growing in popularity with cybercriminals because of the better strike rate. A recent example of a successful social engineering attack was perpetrated against Twitter employees. Attackers were able to get aways with an estimated 12.85BTC, nearly US$120,000.

The encryption strategy for malware is the more common of the attacks. The result of this attack is that the victim will not be able to decrypt their files without a mathematical key known only to the attacker. The user will be presented with a message when they attempt to open their files saying that their documents are now inaccessible and will only be decrypted if the victim sends an untraceable cryptocurrency payment to the attacker’s wallet.

To encourage prompt payment attackers might masquerade as law enforcement and demand the payment as a fine. If the victim does have illegal or illicit files or programs on their device, such as pornography or pirated software or movies, then they may be more likely to pay without asking questions and without reporting the attack.

cyber attack screen.jpg

12 Ransomware Examples from the Last Decade

Ransomware has been around for decades. However, it was only after the advent of cryptocurrencies that it began being a favoured strategy for cybercriminals. Cryptocurrencies allow for them to collect untraceable completely anonymous payments. Some of the worst offenders have been:

  • CryptoLocker is an older malware threat, and while it isn’t in broad circulation anymore during it’s peak it infected some half a million machines. Cryptolocker is a Trojan horse that infects a device computer and then searches the computer as well as additional connected media including; external hardrives, cloud storage, and USB sticks, for files to encrypt. 

  • TeslaCrypt is a variation or copycat of CryptoLocker. TeslaCrypt started by using social engineering to infiltrate devices and later used phishing emails as well. It heavily targeted gaming files and saw numerous upgrade improvements during its reign of terror.

  • SimpleLocker was another CyrptoLocker styled malware. However, it’s key difference was that it focused it’s targeting on Android devices.

  • WannaCry is a ransomware worm. What this means is that it spreads autonomously from computer to computer using EternalBlue, an exploit developed by the NSA and then stolen by hackers.

  • NotPetya also used the EternalBlue exploit. It is thought to be part of a Russion-directed cyberattack against the Ukraine. However, it expanded autonomously to infect a broad range of organizations.

  • Leakerlocker was first discovered in 2017 and targeted Android devices. Rather than encrypt files, it threatens to share your private data and browsing history unless you pay the ransom.

  • WYSIWYE, stands for “What You See Is What You Encrypt”. Discovered in 2017, this ransomware scans the web for open Remote Desktop Protocol (RDP) servers. It then allows for a customized attack with an interface through which it can be configured according to the attacker’s preferences.

  • SamSam has been around since 2015 and has affected devices in a number of waves of attacks. It utilizes vulnerabilities in remote desktop protocols (RDP), Java-based web servers, file transfer protocol (FTP) servers or brute force against weak passwords It would then spread to numerous devices. It primarily targeted public services and healthcare effectively bringing entire organizations to halt.

  • Ryuk first appeared in 2018. It is specifically used to target enterprise environments. It is often used in combination with other malware like TrickBot for distribution.

  • Maze was first discover in 2019. The MAZE ransomware has been used in attacks that combine targeted ransomware use, public exposure of victim data, and an affiliate model. The ransomware was initially distributed via spam emails and exploit kits before later shifting to being deployed post-compromise.

  • GandCrab currently holds a large portion of the ransomware market and may well be the most lucrative ransomware ever. Its developers, which sold the program to cybercriminals, claim more than $2 billion in victim payouts as of July 2019.

  • Thanos is a Ransomware-as-a-Service (RaaS) operation which allows affiliates to customize their own ransomware through a builder offered by the developer. It was first discovered by security professionals being talked about on a Russian darknet forum. It is the first to use the RIPlace technique, which can bypass many anti-ransomware methods.  

Dealing with Ransomware

Prevention is always the best policy when it comes to dealing with cyber attacks. Using tools such as Signal you can stay up to date with the most common strategies and one step ahead of cybercriminals. However, if you become the victim of a ransomware attack, it is advisable not to pay the ransom. If you do so there is now guarantee that the cybercriminal will return your data, they are thieves after all. Additionally, it fuels the profitability of the ransomware business making future attacks more likely. So what can you do?

Decryption

For many ransomwares, especially the older ones there are decryption tools which have been developed. The first step then is to contact your internet security vendor and determine if decryption is possible. If this initial strategy fails you can visit nomoreransom.org. The No More Ransom site is an industry-wide initiative designed to help all victims of ransomware.

Recovery

It’s good practice to back-up your data regularly on both external hard drives as well as on cloud storage. If you have done this it becomes possible to simply recover the data which is currently being held hostage. There are of course some scenarios where this won’t be possible, for example, if the malicious actor is threatening to share private information rather than having simply encrypted your device.

coding laptop.jpg

Preventing Ransomware Attacks

Good security practices will help prevent you from falling victim to ransomware. These defensive steps will additionally help protect you against other generic cyber attacks. 

Four basic steps that every organization should take to mitigate the threat of cyber attacks are:

  • Keep all operating systems up to date and patched. Doing this will ensure that there are few potential vulnerabilities that malicious actors can exploit.

  • Do not allow a software admin privileges unless you are confident in its safety and know exactly what it is and what it does.

  • Ensure you have an active and up to date anti-virus software installed on all devices. This will allow you to detect and block malicious programs like ransomware as they arrive.

  • And, as we said in the section above, back up all your files regularly. This last point won’t help protect against ransomware or other malware but can help mitigate the damages that your organization might suffer.

The Role of OSINT in Defending Against Ransomware

While open source intelligence tools can’t prevent ransomware, they can help organizations mitigate the potential damages. 

Securing the supply chain

Supply chains can stretch across continents with potentially hundreds of suppliers and manufacturers all around the world bearing responsibility. Should any single part or resource be in short supply, then assembly lines can be brought to a halt resulting in costly delays at the very least. 

There are numerous threats to the supply chain, one of which is malware and in particular regard to this article, ransomware. A key example of this is when the shipping giant Maersk had their IT systems taken out by a malware NotPetya. This resulted in their IT systems being down for days and many deliveries being delayed despite Herculean logistical efforts by the company. 

Using OSINT tools you can learn whether an organization on your supply chain has been affected by ransomware in real-time which will allow you to take the necessary actions to mitigate the damage this has as their production or logistics is slowed.

Industry Targeting

It’s not unusual for malware to exploit weaknesses which are specific to an industry. For example, the Healthcare industry is particularly susceptible to ransomware as a delay in returning their operations to normal could result in patients deaths. Indeed a leading medical-research institution working on a cure for Covid-19 were forced to pay hackers a $1.14m USD ransom because of a ransomware attack.

Using OSINT tools you can monitor your own specific industry to determine what strategies and exploits are currently being used by cybercriminals against like companies. Determining this will allow you to take extra and specific precautions to fend off similar attacks which could potentially be turned on you.

Detect New Ransomware and Strategies

Cybercriminals are continuously evolving and updating their strategies and the ransomware that go with them. We are unlikely to see the end of this development. 

By using OSINT to monitor darknet forums and market places security professionals are able to learn about the newest strategies being employed, the most recent weaknesses being exploited, and the most current software being utilized. Armed with this knowledge they are much more able to develop effective countermeasures as well as actively prevent ransomware infection.

Read More
Signal Product, Corporate Security Ben Luxon Signal Product, Corporate Security Ben Luxon

Combining Human Analysts, AI, and Automation for Fast Threat Intelligence

Security professionals need to think like cybercriminals: allow machines to do the heavy lifting then add in human intervention to execute strategies as successfully as possible.

It is estimated that cybercrime will cost organization a combined amount of upwards of $6 trillion a year. Cybercriminals are getting smarter and to defend networks, predict threats, and protect staff, organizations need increased access to timely intelligence. 

Effective information security requires smarter detection techniques which is why many organizations are incorporating AI-driven solutions and products to enable their security teams. However, even with AI assistance the sheer amount of data to assess is encumbering. Signal offers a multi-faceted approach that incorporates filters using boolean logic, AI analysis, and a human hand.

Getting Actionable Insights in Real-Time

In threat intelligence having timely data means everything! Having hyper-relevant intelligence as or even before events are unfolding could mean the difference of several zero’s. By contrast, acting upon old threat insights that maybe have dated can be counter-productive, or even undermine the purpose of the intelligence.

Automation and AI tools can make all the difference when it comes to constantly collecting fresh data. A threat intelligence platform such as Signal which harnesses automation and AI tools massively expands the potential data sources and amount of data that an organisation is able to effectively and efficiently monitor. As well as enabling security teams to sift through all that data and detect anomalous and potentially dangerous activity.

Reacting fast is vital to mitigating threats, but what is even more effective is preempting potential attacks enabling security teams to take preventative measures. For example, using a dark web scan a security team might discover an exploit package for sale targeting a previously unknown vulnerability. Discovering this exploit pack allows the security team to patch the vulnerability before hackers have a chance to take advantage of it.

Robot hand.jpg

Automation isn’t Everything

Machines can save you time and in that way they save you money. The combination of AI and Automation when scanning the surface, deep and dark web allows your security team to have more eyes on more data sources. This is vitally important especially today when cyber skills are scarce and data growth so overwhelming. This combination helps prevent analysts from being utterly swamped by endless admin work and allows them to deliver true value to their role.

That being said. Machines can only do so much by themselves (at least for the foreseeable future. People remain fundamentally better at understanding insights from potentially vague context and who are able to deliver an effective response.

Acting fast as we have already mentioned is incredibly important. But just throwing machine learning at the threat intelligence problem isn’t nearly enough. The perfect blend combines rapid and large-scale initial gathering and analysis by machines that then hand-off to their human team-mates to apply strategic intellect while the data is still fresh.

Security professionals have to think how cybercriminals think: machines (e.g. botnets) to do the heavy lifting and a sprinkling of human intervention to execute as successfully as possible.

Injecting Human Intelligence into Automated Threat intelligence

The key to superior threat intelligence accuracy and timing is to leverage automation whilst simultaneously injecting human expertise. You don’t want to be wasting your human resources by making skilled data security analysts wade through piles of admin. Nor do you want those analysts to miss potential anomalous data because your automated system disregarded a seemingly meaningless information package which later turned out to be a viable threat. 

Signal allows you to create filtered searches using Boolean logic scanning your chosen data sources and understanding potential location information. These searches can additionally be run through our emotional analysis tool Spotlight. 

sentiment+analysis+2.jpg

There is one more problem though. Getting the balance of human and automation right is essential if you want to derive an effective threat intelligence system at a competitive cost.

To solve this problem we have launched our Sapphire program. Sapphire is an optional bolt-on which enables Signal customers to leverage our skilled in-house data analysts to further refine their results allowing their in-house security personnel to spend time on delivering real value.

Final Words

As can be seen from the description above, Signal is not an “AI application” in the commonly understood way. Instead, it’s a system where we use AI techniques and automation in multiple places to create a tool which in the right hands creates an extremely capable intelligence solution.

Even though machines and software will continue to evolve with dazzling speed, the complexity of threat analysis means there will be plenty of challenging opportunities for human analysts for a very, very long time.

Read More