Step Up Your Digital Risk Protection (DRP) with Dark Web Monitoring

Posted on January 20, 2021 by Noa Hassidim

read the article

Although many leading organizations have been striving for digital transformation for years, the global pandemic has recently accelerated their efforts. With increasing numbers of organizations moving their digital assets online, the risk of their data being exposed and misused is also becoming a greater threat. In response to this need, many have begun deploying a number of systems to counteract this need, such as digital risk protection (DRP) with dark web monitoring.  

Today digital risk protection  is quickly becoming the first line of defense for protecting an organization’s ever-increasing digital assets.

Let’s take a moment to define DRP and explain why it is effective in defending organizations against cyberattacks. We’ll then show some examples of how organizations can incorporate digital risk protection with dark web monitoring and data breach detection.

What is Digital Risk Protection and What Makes it Effective

DRP is the protection of an organization’s assets from external threats to their domains and accounts as well as the domains and accounts of its subsidiaries. It aims to mitigate or prevent a wide range of organizational threats, including data leak detection, account takeover prevention, brand protection, and executive protection. 

DRP is a subset of threat intelligence, which focuses on a long-term investigative process to track threats against internal resources and creating a method to predict and prevent them. Threat intelligence is more strategic, whereas DRP is operational and enables organizations to respond immediately to threats. 

But in order for organizations to continue to provide effective digital risk protection, they need to have a system in place for filtering through the exponential amount of data.

Automated discovery of relevant sources, combined with human intervention, can sift through the vast array of social media data and dark web data that exists to uncover the most relevant sources.

Why Organizations Need Extensive Dark Web Coverage

As we’ve mentioned, data now encompasses more sources than before and presents more threats to organizational security. The types of sources and threats include:

Deep and darknet websites spreading disinformation to the public about a brand or a global trend or phenomenon

Unfortunately, the list is endless.

Digital Risk Protection with Dark Web Monitoring Extends Threat Coverage

Many global enterprises have seized the opportunity to explore opportunities to increase their data coverage to provide their customers with greater digital risk protection. Take Signal, a security platform and risk intelligence solution that provides real-time information and tools to monitor multiple online data sources. Although the platform originally focused on social media channels, it later wanted to expand their data coverage to include cyber intelligence and advanced data breach detection. Through Webhose’s data breach detection service, Signal has been able to extend their OSINT solutions to a wide variety of verticals and unlimited applications. These include logistics organizations securing supply chains from terrorism or natural disasters, intelligence of the protection of executives, and early data breach detection for international financial institutes. 

Here are a few examples of the type of data Webhose dark web monitoring and data breach detection provides:

Data Breach Detection

Data breaches have continued to be a primary concern for global organizations this past year, especially in light of the many employees forced to work from home. According to IBM, remote work has increased the cost of a data breach to organizations by $137,000. This has extended into verticals such as public services and municipalities.  

For example, on October 13th a hacker posted the database of Indian Railways (IRCTC) in a known hacking forum with the details of the information that can be found in the leak. These included approximately one million records with mobile numbers, dates of birth, emails, gender, marital status, names and addresses. 

The breach was announced by the Hindustan Times three days later on October 16.  

We took the opportunity to monitor both Indian Railways and its subsidiaries in the Cyber Endpoint to see if we could find an increase in mentions of the organizations at the time of the publication date of the database. 

Sure enough, we found one.

Number of mentions of indian Railways and subsidiaries in the Cyber Endpoint in the last 5 months

Once we detected the leak in our cyber repository, we added it to our coverage in the data breach detection endpoint, indexing the data based on our supported entities. The data is now available in our endpoint and listed as an incident for every compromised entity from this particular leak.

Since the original post in the hacker forum about the Indian Railways leak is no longer available, having the post about the first mention of the breach in our cyber repository is particularly valuable. 

Another quick example for data breach detection is to monitor the domains of organizations. Take Verizon, for example, a domain covered in our data breach detection endpoint.  More than 80,000 leaked email addresses of this domain exist in our data breach detection endpoint. More than 50% of those emails were leaked more than once in multiple data breaches. The emails were leaked as a part of large database leaks like Collection #1-5, Houzz and MyHeritage, as well as combolists in different sizes.

Brand Protection

Both data leaks and company fraud not only cause financial harm to an organization, they also cause damage to the brand. Remember that a strong brand can take years to build, yet be destroyed in an instant. 

Phishing pages are one of the most classic ways to commit fraud against a company. Phishing involves hackers imitating a well-known organization’s website or sending emails impersonating the organization. Through these methods they succeed in convincing their victims to reveal personal information. 

Various tutorials on the dark web exist that teach how phishing pages can be created. Many are customized for different organizations. After detecting these tutorials, it is critical for organizations to take immediate steps to block the phishing methods and domains being targeted.

Here is an example of a phishing tutorial customized for Capital One sold in a dark web marketplace: 

Phishing tutorial for CapitalOne found in the Cyber Endpoint

Executive Protection

Although executive protection has played a role in corporate security in the past, it becomes more critical during times of political unrest or economic crisis. Threats to executives and CEOs can be in the form of doxing, the spread of misinformation around an executive or CEO, or physical threats to their safety. 

Let’s take an example of a post from December 23 we were able to locate in the Webhose Cyber Endpoint that threatens bodily harm to a top executive in the software industry. The threatening post is part of a larger thread discussing a masterplan to make America white again. Note that the author of the first post in the thread takes the same name as the executive being threatened, attempting to inflict more damage to his reputation.  

Post about masterplan to make America white found in the Cyber Endpoint
Post from the same thread threatening harm to top executive found in the Cyber Endpoint

Although these threats are not new, the rise of free speech social media platforms and imageboards have provided the anonymity needed for malicious actors and their radical discussions to flourish. These discussions should be monitored since words can translate into actions.

Digital Risk Protection Complements Threat Intelligence Solutions

Many organizations can extend their corporate security by implementing DRP to their threat intelligence solution. Digital Risk Protection with dark web monitoring is critical for mitigating active threats that should be defended against immediately. . Effective DRP encompasses coverage of a wide range of online sources that include the open web and free speech social media networks as well as the deep and dark web. Webhose is proud to play a role in digital risk protection and corporate security by delivering comprehensive coverage of the open, deep and dark web to top enterprise-level organizations around the world.

Want to learn more about how Signal leveraged Webhose’s data to extend their OSINT solutions to a wide variety of verticals and unlimited applications? Download the case study now.