Don't be on the cyber "kill chain"

Why tracking and monitoring are the best ways to avoid cybercriminal attacks.

The data that digital attackers need to hamstring a business is out there, easily accessible on the internet and the dark web.

It could be something as simple as information about the senior executive team: their email addresses (thanks to your website), plus LinkedIn posts demonstrating how they write and what they care about.

For someone with bad intentions, that could be enough to impersonate the CEO and send a phishing email to people within the business.

Perhaps someone is selling information about the business on the dark web: stolen data, customer information or access to the business’s environment. Maybe, without anyone knowing anything about it, there’s a fake version of the company website designed to scam customers.

Joshua Alcock, Principal Security Strategist – Fortinet. Photo / Supplied.

There might even be fake social media accounts aimed at damaging brand reputation. These can pop up overnight, fly under the radar and undermine all the good work being done by the business and the team responsible.  

“Some large companies have giant security teams with analysts who can go out and find all this information,” says Joshua Alcock, Principal Security Strategist at Fortinet. “However, most businesses can’t afford to dedicate the resources to track their digital footprint.

“If you don’t go out looking for this information, the first time you find out about it might be when it’s used against you maliciously.”

First steps 

There are seven stages in a cyberattack, known as the cyber kill chain. The concept comes from the military kill chain and the stages are: reconnaissance; weaponisation; delivery; exploitation; installation; command and control; and actions on objectives.

If you’re lucky, the attack might be detected at the delivery stage. For example, when a phishing email arrives, or a file designed to exploit a vulnerability turns up in the company’s systems.

But knowing what digital attackers or threat actors can see in those first two stages— reconnaissance and weaponisation—can help make a business a less appealing target.

“Knowing what’s out there gives you the adversarial view,” Alcock explains. “It lets you proactively mitigate risks, monitor your brand and know what’s available on the dark web about your organisation. The reality is that everyone’s digital footprint continues to grow, often without adequate security measures.”

By tracking and monitoring your organisation’s digital footprint, you can reduce vulnerability to cyberattacks, have better control of your brand reputation and quickly discover if data is being sold on the dark web.

Like a private eye 

Because it takes a considerable investment in time and money to keep doing this reconnaissance, Fortinet now offers a service, FortiRecon, that any business can subscribe to. It combines artificial intelligence (AI) web trawling with human intelligence to give organisations an overview of all the information that’s out there online.

“It’s like having a private eye who’s seeking out information on your behalf,” says Alcock. “We provide actionable information so businesses know what they can do to shore up vulnerabilities and move to shut down impersonators.”

For example, businesses can look at the FortiRecon dashboard and see any fake social media accounts, fraudulent domains, leaked credentials or data up for sale. It can identify devices that are vulnerable as access points due to a lack of two-factor authentication or weak passwords.

“It might not even be a weakness in your business; it might have come from a third party,” Alcock says. “T-Mobile, for example, had a third-party provider looking after customer data. That provider accidentally exposed the personal information of 37 million customers by making it publicly accessible on the internet.

“However, you wouldn’t find it unless you went looking for it, which is why recon can be so important.”

Silent and effective criminals 

Ransomware attacks are designed to be as disruptive as possible to force a business’ hand to meet the attacker’s demands. Yet not all cybercriminals are shouting about what they’re doing, says Alcock.

“If someone wants to be silent and effective, they will be. They could be in your systems, exfiltrating information and continuing to poke around to find new data as it’s added. However, when they sell that data on the dark web, FortiRecon is going to find it and you’re going to know.”

Organisations don’t need to be Fortinet clients to make use of FortiRecon. It’s a subscription-based Software-as-a-Service (SaaS) available to any business, to protect brand reputation, assets and data.

“There is no silver bullet for protecting an organisation; however, this type of reconnaissance covers that pre-attack stage of the cyber kill chain, which has never been seriously looked at in the past,” says Alcock. “This is a fairly new level of cybersecurity that gives organisations a fresh layer of digital risk management.”

To find out more, go to https://fortinet.uberflip.com/fortirecon-nz/dont-face-the-dark-web-alone