In a world powered by digital devices, where social media enables us to share widely and rapidly, our personal information is more vulnerable than ever. As we spend more time online, and with malicious activity now commonplace, it’s crucial to take the time to understand how to protect our information.

When security solutions aren’t enough

With threats continually on the rise, there’s a good reason why cybersecurity solutions that protect digital identities have skyrocketed in recent years, but even these solutions can’t stand in the place of simple and necessary best practices to protect you and your information.

Adequately safeguarding your online identity may feel daunting but it doesn’t have to be. Combining a healthy dose of common sense with tips and tricks acquired over years in the industry has led us to understand the important building blocks of a strong foundation of security. This foundation requires us to get back to the basics, implementing best practices and behaviours, and leveraging security solutions when necessary.

Recognising the need for real world, practical advice and steps to take to safeguard your online identity, our Intelligence Analysts have  published a whitepaper on this very topic, drawing on their  expertise to share pivotal insights into operational security and privacy in the age of social media. 

The whitepaper covers several common vulnerabilities and sources of exposure, with tangible, practical recommendations to minimise the vulnerability of your online presence, so you can enjoy the benefits of social media without the fallout.

Breaking it down to get to the core vulnerability

In the whitepaper, we lay out how to develop good habits that improve your identity security and limit the ability to assess and exploit personal information. We cover what may seem obvious and that which you may never have considered before, and share resources and insights to help you on your journey to a safer online presence.

For instance, have you ever considered the potential vulnerability of your usernames and profile URLs? Utilising the same username, or variants, across multiple platforms enables a threat actor to identify your online profiles which they can leverage for an attack.

OSINT, which stands for open-source intelligence, is the means of gathering information with automatic or manual means, from public sources, including the deep and dark web and  websites. While the practice itself is fully legal, leveraging only public information, this can then be used for more nefarious means. The OSINT community is known to use free script-based username enumeration tools to search across hundreds or thousands of websites for accounts or URLs featuring a specific username.

In order to address this issue, we offer various suggestions. For one, avoid using your full real name for online accounts wherever possible. You could decide on a pseudonym or simply use your first name. Another top tip is when a platform allows users to customise your profile URL, such as Facebook or LinkedIn, you can edit the default URL to include randomised characters, a pseudonym or a misspelt variant of your name.

Understanding and stopping the threat against your personal information

In our whitepaper we go much more in depth into how we can and should be protecting your online identity. Other key topics we cover include privacy settings, public profile details, data breaches and passwords, personal data aggregators, and the role of family and friends.

We’ve been doing this work long enough to see the unfortunate reality of how seemingly small vulnerabilities can lead to bigger issues. While it can still be unlikely for anything untoward to take place, it’s better to take the time to tighten up security best practices and improve your safety overall.

Click here to download a full copy of the whitepaper.

For as long as there have been executives there have been executive threats. It’s the unfortunate lay of the land that the bigger the name or the more airtime an executive has, the more likely that they’ll be the recipient of various threats.

Over the years, the number of threats against executives in online environments has grown, ranging from death threats and hate speech right through to doxings and attacks against an executives’ private residences. In more extreme cases, attacks extend from executives alone to include their family or loved ones.

With such threats increasingly common, it’s imperative for organisations to protect their people in real-time, catching risks before any damage is done, and gaining better peace of mind overall.

Threats grow following pandemic and topical issues

As branding has evolved, the role of executives has also transformed. Leaders today have become the face of a business, and are more likely to speak out not only about the business they represent but topical issues such as the pandemic or climate change. Even not speaking out can be seen as a failing on the part of the organisation. Overall, with a bigger spotlight comes more attention - good and bad.

Recent studies have highlighted the rise in executive threats, highlighting that employees in U.S. companies stated their CEO received physical threats after taking (58%) or not taking (40%) a position on a racial or political issue. Overall, 35% said there was growing concern about extremists, with a lot of this activity tied to larger issues. In addition, the pandemic witnessed a massive increase in executive threats, with physical attacks more prevalent.

The above example has been censored to remove identifiable features

Keeping executives safe in the face of extremists

If security teams are to adequately face these threats head on, they must gain a more thorough picture of what people are saying, plotting, or bragging about in order to ensure risks can be intercepted and executives, as well as their loved ones, can stay safe. It’s important to know what’s going on in public forums for discussion, such as Twitter, as well as more nefarious corners of the internet, such as the dark web.

Recognising the need for increased security measures, open source intelligence gathering forms a critical aspect of increased situational awareness and risk mitigation for advanced executive protection.

Signal provides open source intelligence that enables security teams to effectively monitor and analyse open source data available and use targeted searches to gain more in-depth situational awareness. Leveraging this intelligence enables security teams to objectively evaluate current security challenges, and launch risk-mitigation measures.

All we know for sure is in today’s day and age we need to remain as vigilant as possible, catching threats before they turn into something more sinister. While every organisation needs a master plan, they also need tools and effective security intelligence that will make that plan a functional, daily practice.

Contact us to learn more or schedule a demo.

One misstep in today’s competitive business world can be enough to lose customers and employees. Today, reputation is everything. Coinciding with this is a rapid increase in online events that have the sole intention of damaging an organisation’s reputation. 

In such a reality, being able to access and gain insights from actionable, real-time data will put you one step ahead of the game and help mitigate any destructive forces against your reputation.

Why reputation matters

In 2020, Weber Shandwick, a leading global communications and marketing solutions firm, found that on average global executives attribute 63% of their company’s market value on their overall reputation.

On top of this, we now live in a world where the vast majority of consumers will research a brand before they commit to buying a product or service. A company’s digital presence, and the reputation of its brand and staff, factors into this decision-making process, determining whether the company in question is an optimum choice or not.

In fact, analysts at IDC have stated that one of the current key pillars of brand and reputation resilience is customer trust and loyalty. Customers, partners and suppliers use enterprise response to crises to measure the quality and integrity of an organisation and its leadership, the analysts state.

Events that can have an adverse impact on a company’s reputation includes conversations or false information about executive behaviour, environmental footprint or damage, political donations, societal issues, allegations of unethical practices, or employee safety.

The above example has been censored to remove identifiable features

Catching the problem before it snowballs

While preventative measures are always a good idea, as it stands it's impossible to catch everything before it's released into the world. Recent years have seen the rise of malicious attacks on everything from CEOs to SEO results, all with the intention of making a company look bad or perform poorly.

Using open source intelligence gathering tools like Signal offers multi-faceted help against such issues. When it comes to reputation, Signal can alert users to any mention of specific terms or names. This includes attacks against a company, any C-suite personnel, or discussions online about a current or potential attack on operations.

We highlighted this in action in our blog Black Hat Brags About Bank Hack - Signal Could Have Spotted It. In this example, Capital One, one of the biggest banks in the United States, discovered it had been hacked after a ‘white hat’ noticed the cyber criminals bragging about the breach - four months after the initial incident. The configuration vulnerability that the hacker had exploited was located and rectified, but not after approximately 100 million people in the US and 6 million in Canada were impacted.

Signal could have caught the issue immediately. Our machine learning driven relevancy engine can draw an analyst’s attention towards critical incidents amidst thousands of irrelevant posts. We scan the web and dark web for chat about data hacks, breaches and stolen information. Monitoring multiple data sources, we can provide real-time results and feed this back to your organisation so you can take practical steps to deal with an incident that could cause reputational damage immediately, before your brand is impacted. Proactive alerts can be activated via email, SMS, our mobile app or through one of the many integrations available.

Ultimately, reputation can spell the difference between your company’s success or a massive stumbling block. Uncovering what people are saying about you can highlight the potential negative impact of malicious keyboard warriors and give you the chance to respond, and it can uncover more sinister threats against your business. Regardless of the specifics, the power of visibility can’t be understated, and that’s exactly what we’re proud to offer.

Contact Signal to learn more or schedule a demo.

The Impact of Online Stalking, Threats and Harassment

In March 2022, Apple and its CEO Tim Cook finally got a court to enforce a restraining order against a mentally disturbed stalker who falsely claimed to be married to Cook, tried to set up fake companies under Cook’s and Apple’s names, and sent Cook pictures of guns and ammunition.

The stalker, Julie Lee Choi, was never jailed.

It was doubly worrying for Cook and Apple, because two years ago, the company was granted a restraining order against Rakesh Sharma, who visited Cook's house twice and threatened him, as stated in court documents.

Again, Sharma wasn’t imprisoned – leaving Apple with costs of $USD630,000 to pay for Cook’s security. That cost was just for 2021 alone.

There is an increasing trend of people online threatening to kill, maim, rob or blow up those they dislike – sometimes adding the words “In Minecraft, that is” or “In Call of Duty, of course” to try create plausible deniability.

The stalkers, threatener and harassers all leave plenty of activity on the web. If we use the right tool to cut through internet chatter and zero in on the threats, we can pre-empt the worst outcomes.

But how did this come to be– and how do we know which harmful online trends will have real-world consequences? 

The Costs and Consequences of Internet-Driven Harm

According to Forbes, since March 2020, global internet usage has soared by 50-70% in most countries due to lockdowns keeping people inside and angry and internet-capable devices becoming ubiquitous.

The company Cybersecurity Ventures estimates the cost of internet-derived harm as having risen past $3 trillion USD in 2015 to an expected $USD 10.5 trillion in 2025. The basis? Hostile nation-state sponsored and organized crime gang hacking activities, damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Online activity’s real-world consequences are sometimes financial, sometimes reputational, sometimes against individuals, and sometimes against corporations.

For example:

• In 2021, a Massachusetts-based supervisor at eBay was sent to prison after he was found to have cyber-stalked – and harassed in the real world – online critics of the company. The supervisor was sentenced to 18 months in prison for cyber-stalking a couple critical of the company who published an online newsletter that covered eBay and other companies. The victims were sent disturbing packages including a preserved pig fetus and a book on dealing with the loss of a spouse. Ten other employees were charged in relation to the case – severely embarrassing eBay.

• In early May 2022, DGL Group's chief executive Simon Henry made personal comments about celebrity chef Nadia Lim which were sensationalized by social media commentators and opinion columnists, leading to DGL having $304 million wiped off its market value over four trading days in the wake of Henry’s comments, with some fund managers blacklisting DGL, small shareholders selling – and a share price bounce-back of 5% following news Lim had been sent an apology

• In January 2021, a ‘short squeeze’ saw supporters of GameStop reverse GameStop’s plunging share value by colluding to assist ‘Meme stocks.’ The supporters collaborated on a subreddit called r/WallStreetBets, forced the value of GameStop stock to rise and cost investors who owned shorts on the stock billions of dollars – all thanks to Redditors colluding on an online discussion board.

How Online Obsessions Can Transform into Harassment

When it comes to personalized hatred of individual, identifiable human beings, the more public a person, the more likely they are to be a target, sadly.

Fixated individuals may post thousands of times a day for years on end, obsessing over a public figure. Even when blocked, they will simply create new accounts to continue the behavior – potentially causing significant negative impact on those they target.

Often there are elements of delusion wrapped up in the obsession, viewing a twisted view of reality. (ie. viewing things said by a news anchor as being targeted at them or people walking by as conspiratorial attempts by corporations to ‘gang stalk’ and silence them)

Obsession can quickly turn from romantic overtures through to ultimatums and physical threats. Spurned attention can lead to increased rhetoric.

How Signal Supports Companies to Combat Online Stalking and Harassment

Several media companies are Signal customers, and they deal with multiple instances of this sad reality. The victims are often female, sadly, and Forbes says harassment of women is 2.5 times more frequent in Western countries, and gaining at a rapid pace non-Western countries.

Signal is here to help, however. Cutting through the chatter, the open source security intelligence solution – which integrates with several related threat management systems – has taken care of the following:

• Signal has have helped find comments related to what people were wearing on a particular day,

• Signal can capture written records of stalkers admitting to watching targets undertaking family activities such as dropping kids off to school, marriage proposals, transfer of interest

• Signal can trace accounts between a multitude of platforms, establishing records of planning and organization before potential attacks.

• Signal has helped identify changes in behaviors that helped assist with identifying potential escalation of harassment

Safety of your employees is critical and a requirement as part of an organisation’s duty of care responsibilities. Get threat intelligence tool Signal today, save your employees and business from harm, and capture evidence for prosecution.

Contact Signal to learn more or schedule a demo.

How Signal Manages Risks and Threats to Business

Recently Signal picked up activity on the web indicating a possible threat to the Chief Executive Officer of a military-related organisation.  

The stakes were pretty high - the CEO was receiving death threats, and conversations we intercepted between bad actors on the Deep Web indicated that the CEO’s home address might be revealed, seriously jeopardising his safety. 

The first step in combating the risk? Signal pushed the data it had detected into the corporate security operations platform of one of Signal’s integrated partners. Signal informed the at-risk organisation, handed over the relevant data - and the organisation was then able to instigate risk mitigation procedures. This offensive reaction was far more cost-effective than waiting to become defensive following an attack. 

The successful outcome wouldn’t have been possible before Signal became able to integrate with more and more platforms, enabling users to look at threats on what’s commonly known as ‘a single pane of glass.’ 

In plain English, this means centralised control on a unified dashboard. Signal helps by enabling information captured on the Dark Web and World Wide Web to be plugged into an increasing number of other platforms so the ‘bigger picture’ can be viewed all at once. 

Integrations with other Apps & Platforms to Prevent Harm

It’s about integration. Leading open source threat intelligence tool Signal works in the following ways: 

• Integrates with a number of other leading solutions in the safety and security market including Everbridge Critical Event Management, xMatters, Noggin and i2 Analyst’s Notebook

• Signal helps deliver a comprehensive view of developing incidents and events to assist with the protection of locations, assets, people or cyber environments

• Intelligence found by Signal can be shared with other integrated systems thanks to the setup of its API.

The Ways Signal Minimises Potential Harm to Business

Helping the CEO in the above story to avoid attack is one of dozens of use cases for which Signal is a powerful and effective tool. Businesses around the globe utilise Signal to minimise potential damage from:

• Data Breach detection - in which employees’ data, passwords, accounts and banking details are shared online and put up for auction

• Ransomware - in which an organisation or key suppliers are discussed on known ransomware forums as intended victims. 

• Employee inducement - this means employees targeted to provide confidential or secure information

• Doxing - personal details shared online, such as home addresses, family details, sensitive personal information

• Domain or IP mentions - shared online in hacking or cyber forums

• Saboteurs exploiting vulnerabilities with key applications. 

We can save your employees and business potential time, harm and money by keeping you aware of developing situations which might threaten your interests.

Contact Signal to learn more or schedule a demo.

Preparedness is Key to Mitigating Severe Weather Risks

Severe weather and natural disasters— such as tropical storms, wildfires, tornadoes, earthquakes, floods, tsunamis, and hurricanes— put people and organizations across the globe at risk every year. The level of preparedness and response to these severe weather events can often mean the difference in life or death. In addition, organizations who prepare and respond quickly to weather disasters can prevent loss of revenue and other costs by maintaining continuity of operations.

Advance warning and accurate real-time data about severe weather and natural disaster threats is a critical part of your risk profile. Signal has advanced tools to enable you to stay alerted as quickly and as early as possible to severe weather threats relevant to your people, buildings, supply chain, and other assets. 

Brand reputation is also at stake during a weather emergency. Handled efficiently, it’s an opportunity for organizations to shine and prove their resilience. Handled poorly, the public is unlikely to forgive or forget the organization’s response or lack of response. Clear guidelines and properly gradated alert levels allow you to respond effectively and efficiently every time—no matter what weather emergency comes your way.

Get Notified Early About Severe Weather Threats

Every second counts when dealing with emerging severe weather risks. As our collective ability to track and predict many severe weather events due to artificial intelligence improves each year, the data comes faster, earlier, and in greater quantity. Only when this data is accurately and relevantly mined do you have more opportunities to increase preparedness and speed of response. Otherwise, the overload of information only causes noise.

Signal uses open-source intelligence to monitor what’s important to you 24/7. Customize searches and get notified via SMS and email when vital severe weather information is detected that’s relevant to your organization. Leverage advanced customizable filters to reduce irrelevant noise so that you can focus on the threats that matter to you. Quickly search for real time updates on developing situations or set up complex boolean searches to monitor severe weather incidents, and actively drive prevention. The alternative is to waste an enormous amount of time and money randomly browsing the web and other sources for weather information—usually too late. Such a haphazard approach causes big gaps in risk awareness.

Verify Information to Make Confident Decisions & Act Quickly

Misinformation can cause panic during a severe weather emergency. This misinformation can spread rapidly through both social media and even through more trustworthy news sources during emergencies. Social media posts provide updates to the public which are often helpful; however, citizen-sourced information can also lead to the spreading of falsehoods. It’s important to keep your team ahead of the news— including fake news, and even scammers trying to capitalize on the disaster. To tackle this, the first thing any organisation needs is accurate, relevant, vetted, trustworthy information. 

Signal enables organizations to monitor and manage large amounts of data from a plethora of different data sources across the surface, deep, and dark web. This, paired with advanced filters and boolean logic means that security teams are empowered to identify disinformation, discover patterns, and practically respond to these potential and evolving threats during a severe weather emergency. 

Maintain heightened situational awareness before, during, and after the event.

Increase situational awareness by corroborating and contextualizing severe weather data. Monitor supplier production facilities and transport routes, and continually assess and reassess the evolving threat landscape and update your alert level guidance accordingly. 

Customer Example

During a recent tornado, one customer used Signal to help safeguard a manufacturing facility in the U.S. when a tornado landed near the town where most of their employees were based. Luckily, there were no casualties. The customer used Signal to gain intelligence about:

• The scale of the tornado

• The impact it was going to have on their employees

• The impact it might have on their overall operation

This intelligence was extremely useful to the organization in recognizing threats being proactive. The intelligence helped them to:

• Protect lives (people)

• Protect assets (facilities)

• Maintain business continuity (resilience)

• Protect reputation (brand)

To learn more about preparing for severe weather emergencies, request a full demo

Online stalking, or cyberstalking, is on the rise. Covid-19 has only exasperated the problem, with lockdowns increasing the vulnerability of victims as people continue to spend exponentially more time online. In fact, Paladin (UK’s national stalking advocacy service) reported having a 50% to 70% increase in requests for support around stalking cases during the pandemic.

In one UK study, 358 cases of homicides were analysed. The results indicated that in 94% of these homicides, the victim was stalked before the homicide took place. This statistic indicates how important it is to recognise stalker-like behavior before a potential violence occurs. Organizations who exercise the highest standards of Duty of Care and want to keep their employees safe, understand the importance of detecting signs of stalking before the problem snowballs.

Cyberstalking is on the rise

• Stalking on social media:

  • Facebook

  • Instagram

  • Twitter

  • Snapchat

  • TikTok

• Stalking via private messaging platforms:

  • WeChat

  • Telegram

  • Whatsapp

  • Facebook Messenger

• Other stalking techniques:

  • Virtually visiting victims on street maps

  • Looking at victim geotags

  • Hijacking webcams

  • Catfishing

How Signal Helps

Using Signal, analysts discovered X, a stalker using social media, harassing a client’s employee. In a 4-week span this user sent approximately 1500 social media posts mentioning said employee. The content of X’s posts includes photographs of the employee’s children, mentions 9 hand-written letters posted to the client, marriage proposals, and also sentiment seesawing between love-speech and hate-speech. X also contacted other employees, especially when the desired effect on the first employee wasn’t achieved.

Using the data found, analysts took X’s content and ran it through various analysis steps to prepare a data set to be included in a dossier. The most popular words and phrases were pulled from the posts, then further analysed by Signal.

The prepared dossier was shared with the client so that they could instigated their employee support  process for dealing with online harassment. 

Benefits of Signal’s Stalker Threat Preventative System

Signal helps prevent the potential psychological trauma of employees, physical harm, and at worst violence or loss of life. 

Stalking causes business disruptions as well. Companies whose employees fall victim to stalking will lose productivity each year. Impacts include reduced or lost output, increases in staff turnover, increases in absenteeism, investment required for support programs and increased management overhead. Collectively, victims of stalking will lose approximately $110 billion over a lifespan.

Signal can detect harassment in real time. Client analysts or analysts from Signal can watch for stalker-like behavior and notify you as soon it is detected. This information in turn is used to trigger employee support programs and increased monitoring to ensure escalation doesn't occur.  

We can save your employees and business potential time, harm and money. Contact us to learn more or schedule a demo.

The new softwares and systems that are employed across an organization create new attack vectors for threat actors and new data security concerns. Not only that but as these new digital systems are put into use to replace once manual tasks additional complications arise from potential user errors, for example, an employee might make private data public without even realising. 

In this article, we take a look at 7 of the growing concerns that cyber and infosec professionals hold as this trend towards digitizations continues at an increasingly explosive pace.

1. Unintentional Data Exposure

“To err is human,“ as Alexander Pope famously wrote. We all make mistakes and to combat this we have progressively leveraged more technology across industries to automate processes and reduce the potential for human error. However, technology can’t prevent our every mistake, and paradoxically, this use of technology increases the amount of data we as people and organizations produce and store in our systems. Hackers are aware of this and continue to find creative ways to exploit human weakness with strategies such as complex phishing campaigns.  

On top of this, the adoption and rapid development of hardware (phones, for example) mean many people conduct work from their personal mobile device. And the move towards work from home driven by the COVID-19 pandemic has furthered this merger of work and personal devices as well as increased the amount of work done from unsecured networks.

2. Adoption of AI into Malware for Scale and Evasion

Denial of service attacks can take a variety of forms, from malware to DDoS attacks, and have huge financial implications for an organization. In 2018, for example, shipping giant Maersk had their IT systems taken out by a vicious malware called NotPetya, costing them an estimate $300 million.

These ransomware attacks might be driven by political motives, thoughts of financial gain, or something else entirely. Over the last few years, these tactics have evolved they’ve adopted new technologies and strategies allowing threat actors to increase both the scale of the attacks, as well as to more effectively neutralize increasingly complex security protocols.

One increasing concern is the adoption of AI into these attacks. AI can be used in a variety of ways, such as increasing the effectiveness of phishing campaigns. One example was developed by IBM Research, DeepLocker. DeepLocker hides its malicious payload in benign carrier applications, such as a video conference software, to avoid detection by most antivirus and malware scanners and then uses facial recognition to identify the specific target and launch its payload.

How AI is used to could completely change the way information security and cybersecurity professionals, in general, need to adapt and respond to threats.

3. Financial Fraud

Financial fraud off the back of data breaches is nothing new. However, it continues to be a problem today and into the foreseeable future. Data breaches from large organizations, whether they are related to your organization or not could easily lead to new attack vectors on your company.

There is a huge amount of Personal Identifiable Information (PII) for sale on the dark web. This data can be used in a number of ways, from credential stuffing strategies to identifying high-value targets and refining strategies for spear-phishing campaigns.

4. 3rd Party Integrations

Often organizations spend a huge amount of time and money ensuring their internal cybersecurity practices are excellent. It only takes one breach to realize the efficacy of this investment. Successful ransomware, for example, against an organization for example could cost tens of millions not even considering the reputational damages that might accompany the financial ones.

However, as was seen with the 2020 SolarWinds breach, it doesn’t matter how well educated your staff, how up to date your firewalls, how alert your security teams are if your third party integrations have weaknesses.

5. Increasing Amounts of Sensitive Data Collected Through IoT Devices

Internet of Things (IoT) devices is beginning to infiltrate every level of our lives. From mobile robots, to inventory tracking, to personal assistants, connected speakers and smart TVs. These devices seek to automate and simplify our lives.

However, what many people don’t realize is that these machines are often insecure by design and offer attackers new opportunities. Additionally, the terms and conditions around data sharing and usage from many of these devices lack transparency, and by utilizing this technology an organization makes it increasingly difficult to know and control what data is going out.

Finally, it’s often the case that, while a vendor may recommend applying new firmware updates, they are not applied unless the device starts misbehaving and someone applies the update to troubleshoot the issue. This could lead to serious security compromises.

6. Rise of Fake Online Personas

This threat can have a direct and dramatic impact on organizations reputation and the physical security of employees. By creating and leveraging fake or phantom social profiles threat actors can create trending news and information, promote poor products, or push lies and deceptions to further an agenda. 

The application for these kinds of campaigns is vast, affecting everything from national elections to company sales and share prices, and there is currently no system in place to identify false profiles efficiently and counter the purposeful spread of misinformation in this way. 

7. Shortfall of Professionals

The final security risk on the list is the continued shortage of skilled security workers. As cybersecurity threats evolve, and areas such as information security become more important for organizational security, increasing numbers of skilled and trained professionals will be needed.

Finals Words

Many people are now desensitized to the fact their data is shared online either through breaches or loose company policies. Because we cannot regain our privacy, they often become careless about protecting it further. Add to this the constant evolution of cybersecurity threats, and the challenge for cybersecurity professionals looks like a tough one. 

To ensure organizational security, companies need a combined response, that includes continuous education of employees, restricted accesses, and multi-factor authentication. This needs to be paired with a skilled security team who are armed with the necessary knowledge and tools such as OSINT software.

Security professionals need to be able to gather real-time data on emerging threats and proactively implement an effective response. 

While data breaches are invariably costly for organizations, the fallout from a data breach isn’t always the same. There are numerous motivations for threat actors and an even greater number of strategies that they employ to achieve their varied goals. As such, it falls to security professionals can continuously learn from the ongoing cyberattacks the best ways to predict and prevent cyber breaches in a constantly evolving threat landscape.

In this article, we take a look at 5 of the lessons that can be learnt from some of the biggest cyberattacks of 2020.

1. 3rd party integrations create new attack surfaces

The recent breach of SolarWinds allowed foreign agents to access and spread malware to numerous government agencies and high-value US targets. These threat actors knew they could likely never penetrate these targets directly, and instead discovered they all used the same software for network management - SolarWinds. 

The attack spread a malware which lay unnoticed in the system for months as the attackers are believed to have observed and gathered data on their targets.

The key take away from this hack is that no matter how excellent and strict your own system’s security is, if the 3rd party systems you use have a weakness, then so do you. This is especially important as systems become increasingly interconnected, with a myriad of moving parts provided by dozens of different vendors. 

While you can’t and shouldn’t simply wall of your systems with a trust no-one approach, organizations also mustn’t take third-party solution provider’s security for granted. Conduct rigorous, ongoing security audits of your systems to be sure there’s not a nasty surprise hiding around the corner.

2. You need clarity across your organization’s security

As an organization grows in size and complexity, often, as we mentioned above, integrating and employing 3rd party vendors, the number of attack surfaces grows too. Organizations need systems in place to maintain clarity over the entirety of their IT security.

In July, Garmin was locked out of its own systems by ransomware and ended up having to pay millions in ransom for the decryption key. 

Garmin faced an impossible situation. While law enforcement officials and cybersecurity experts repeatedly warn companies not to pay ransomware attackers as it encourages further ransomware attacks, companies like Garmin are often left with no other choice. 

As such, companies need to employ systems, security protocols, and training to prevent ransomware.

For businesses like this, it’s vital to have systems in place to maintain a vigilant security posture toward every possible vector for attack.

3. Humans are the weakest link

Social engineering tactics can range from rather obvious emails from Nigerian princes to complex multi-step and highly targeted spear-phishing campaigns. In late 2020 the latter is what happened to Twitter, with numerous employees targeted with a strikingly elaborate spear-phishing campaign. The strategy involved multiple steps including tricking an employees phone carrier, pretending to be a member of the I.T. team, and creating fake login pages.

Once they had an employees admin account login they hijacked multiple high profile Twitter accounts and launched a Bitcoin scam that saw them making off with over $100,000 in less than an hour before it was stopped. Though this attack certainly could have been worse, it shows how one of a companies biggest vulnerabilities is compromised employee credentials. 

There are a couple of things that can be done to protect against employee weakness in your security defences. These include restricting employee access to sensitive data. Ensuring you offboard, and remove access to systems for old employees, implementing strong authentication protocols such as multi-factor authentication, and regular security training sessions for staff 

4. Only store data vital to providing your service

In July of 2020 GEDMatch, a DNA genealogy site was hacked. The hackers changed the user’s privacy settings - opting everyone in to share their data with law enforcement. The hack exposed the data of around 1.4 million people.

Thankfully, GEDMatch later announced that no raw DNA files had been compromised as no raw data is stored on the site. Instead, the data is encoded when it’s uploaded and the raw file deleted immediately. The key lesson here is that GEDMatch followed good practice, not storing any sensitive raw data and thus eliminating a potentially serious attack vector meaning the failure of one control did not lead to the attackers progressing beyond their initial intrusion.

If you can avoid storing highly sensitive data — such as passwords, payment information, or biometric data — on your own servers, do so. Deleting raw DNA data helped minimize the damage to GEDMatch in this breach.

5. People aren’t going to stop reusing passwords

The majority of people on the internet don’t know the best online security practices and many reuse the same tired old password across numerous websites. This has lead to a rise in popularity of one of the most common attack strategies employed by threat actors, credential stuffing. This is when they buy large datasets of login details, eg. passwords and user names, and apply them to other sites. While the strike rate is generally quite low, this strategy of credential stuffing does work. This is what happened to several insurance companies in 2020 including Independence Blue Cross. 

Independence Blue Cross reported that their member portals had been improperly accessed by hackers reusing credentials stolen from MyFitnessPal in an attack from 2018.

People aren’t going to stop reusing passwords anytime soon, but businesses can still guard against credential stuffing. One crucial step is to implement strong authentication protocols such as multi-factor authentication or adaptive authentication, which asks users for more credentials if their behavior is suspicious. In this case, it could have noticed that members were logging in with new I.P. addresses or at an unusual time of day, and asked them to confirm their identity.

Final Words

Organizations are increasingly connected online, using a myriad of integrations and tools to create better, more user-friendly solutions. Additionally, as we all become more technologically literate and engage more and more online there is an increasing amount of users data stored on organizational systems.

This means that the number of attack surfaces that organizations have to be aware of is continuously growing, and so too are the opportunities for attackers to achieve their goals. Whether it’s foreign espionage, idealogical fanatacism, or for personal financial gain.

Ultimately, we’re all in this together, a data breach or successful attack on one company could easily have ramifications against your own organizations. As such, employing the right tools, such as an OSINT tool like Signal, to monitor, detect and better protect against potential threats in this growing threat landscape has never been more important. 

What is Doxing?

The term itself originates from the phrase “dropping docs” and was later shortened to “docs” and then “dox”. As the original term suggests, doxing is when someone collects and then shares information about another person or organization.

There are numerous reasons someone might dox someone else or be the victim of doxing. It could be for revenge or a personal grudge, a disgruntled ex-employee might target their previous employer, for example. In 2014, Sony was the victim of a doxing attack backed by, experts believe, the North Korean government after they released a film which made fun of their leader. Other motivations include harassment and cyber-bullying, vigilante justice (for example, exposing neo-Nazi’s), and doxing for financial gain. 

Organizational doxing is on the rise and can be immensely damaging, exposing company secrets and customer data, or more directly exposing executives to new levels of threats.

Doxing Strategies and Goals

Traditionally doxing started with an online argument escalating to one person digging out information on their adversary and sharing it online. More recently though, doxing has become more of a cultural tool with hackers taking down people or groups with opposing ideologies. When it comes to organizations, threat actors have been known to both target an organizations reputation and to use information gained through a doxing attack to leverage financial reward.

For example, in one scenario an employee at a bank was blackmailed after a doxing attack into using his position in the bank to steal over $100,000 from customers for his blackmailers. 

The fallout is generally reputational with the victim suffering from online abuse such as death threats to them and their family in lieu of the new information shared. However, on occasion, the fallout can be significantly worse. There have been examples of mobs dishing out physical vigilante justice after a person's information, such as an address, was shared online.

There are numerous ways you can be identified online. By following ‘breadcrumbs’ of information a dedicated doxxer can assemble an accurate picture of a person - even if they were using an alias. The kind of details they might look for include, full name, current address, email address, phone number etc. Additionally, some doxxers might buy information from data brokers.

IP/ ISP Dox

There are various methods that can be used to locate your IP address, which is linked to your location. With just your IP address a doxxer could then use social engineering tactics against your Internet Service Provider (ISP) to discover the information they have on file such as:

• Your full name

• Email address

• Phone number

• ISP account number

• Date of birth

• Exact physical address

• Social security number

This requires the doxxer to go through a dedicated process, which may not even work, however, it’s just one strategy they can employ, and even if they are unable to gather further information through a gullible ISP worker they still have the first parts of the puzzle - your IP address and a rough location.

Doxing with Social Media

If your social media accounts are public then anyone can view them. Often things a threat actor can find out include your location, place of work, your friends, your photos, some of your likes and dislikes, places you’ve been, names of family members, names of pets, names of schools you attended, and more.

With this kind of information, they can then find out even more about you, or even discover the answer to your security questions helping them break into other accounts such as your online banking.

As such it’s recommended to keep your social media profiles private, and if you use multiple online forums to use a different name and password for each to help prevent doxxers from compiling information from across multiple online forums and social media sites. 

Data Gathered through Brokers

Data brokers on the internet collect information from publicly available sources and then sell the data for profit. Generally speaking, they sell this data to advertisers - if you’ve ever found yourself randomly receiving emails from companies you’ve never heard of before, this is why. However, for a doxxer it could be an easy way to start building a detailed profile of their target.

How Might Doxing be Used Against Your Organization?

For organizations to be successful with their media strategies they necessarily need to share relevant information and regularly engage with their customers through social media channels. This provides a substantial opportunity for doxxers.

By combining publicly-available data with basic attack techniques, such as phishing campaigns or credential stuffing, malicious actors can uncover large quantities of supposedly secure data. For consumers, exposed information could lead to identity theft or public shame. Meanwhile, companies face the prospect of large-scale reputation damage or lost revenue if proprietary project briefs or intellectual properties are leaked to the public.

Additionally, doxing can be used as an incentive to expedite the resolution of ransomware attacks. This is where the cyber attacker threatens to release documents or information to the public should their target not pay the ransomware fee promptly. This adds to already serious financial implications.

How Can you Prevent Doxing?

Unfortunately, it's nearly impossible to completely remove personally-identifying information from the internet, especially parts which are part of public records. Still, there are some tips to reduce your attack surface.

Keep your profiles private 

People and organizations do have a lot of say as to what gets published on the internet. Make sure to practice general data privacy best practices.

• Avoid posting identifying information

• Keep all social media settings at the most private level, and don't accept friend requests from people you don't know

• Change the settings on Office and your phone's photo app so personal info isn't embedded in those files

• Use a "burner" email address for signing up for accounts when possible.

• Set the ‘whois’ records on any domains you own to private

• Ask Google to remove personally available information about you, and request the same from data broker sites

Implement Safe Browsing Measures

These steps are good internet hygiene in any case, but can also prevent a breach that can lead to your info being exposed to a potential doxxer:

• Use a VPN, especially when using insecure public Wi-Fi networks

• Switch to a secure email system with built-in encryption

• Vary your usernames and passwords

Self-Doxing

Humans remain the weakest link in the security chain. In most cases, malice isn’t the problem or the intent when someone lets a threat actor in. Instead, employees overshare personal data on corporate platforms by accident or use insecure third-party applications. In both cases, however, following the breach and identifying the potential compromises is difficult when IT teams start from the side of defenders. 

By flipping the script and looking at your organization from the view of potential doxxer it becomes easier for IT and security teams to spot key areas of weakness. They can then develop strategies and staff training programs to protect against them.

Final Words

Doxing represents a growing threat to organizations and individuals. However, by self-doxing with security intelligence gathering strategies, security teams can create accurate attack surface maps. With this intelligence, they can then enhance threat modelling and deliver actionable insights to staff to reduce overall risks.

Using OSINT software like Signal you can learn about potential threats as or before they occur, learn about potential exploits targeting your organization, and self-dox to help identify weaknesses and shore-up defences.