Digital risk is no longer defined purely by owned technical infrastructure. Risk spreads onto third-party platforms as organisations engage on social media, have accounts leaked onto dumpsites, near-to domains appear, and other public domain assets provide visible risk points. Having visibility of this essentially ungovernable attack surface is difficult.
Sapphire delivers industry-leading Digital Risk Protection solutions that provide organisations with visibility of this vast attack surface. By essentially automating many of the reconnaissance techniques carried out by an attacker, it allows organisations to understand how threat actors gather the intelligence to formulate attacks.
Vigilant: Collect public domain threat intelligence about your organisation as an attacker does, but at scale, with access to advanced search functionality covering many digital platforms.
Dynamic: Receive alerts in real-time as new threats appear to enable swift takedowns, mitigate data leakage, remove information from social media and more.
Holistic: Understand more than just technological threats, but risks to brand and reputation, senior executives, employees and domains.
Digital risk protection (DRP) scans an organisation’s publicly visible attack surface, including social media and deep and dark web, to mimic the reconnaissance phase of an attack. It helps organisations to understand what an attacker sees externally.
To effectively protect an organisation against external threats, three components need to be incorporated into the Digital Risk Protection process, and they include:
Collecting this information, in bulk, and frequently is a full-time job for a specialist team. Unfortunately, to stay ahead of attackers – this needs to be done regularly – which requires automation.
From the aggregate data set curation is crucial to isolate relevant threats and determine what risk they pose. Where DRP is using machine processing and algorithms, these solutions can often score to improve relevance, reduce noise and prioritise issues.
DRP is nothing without an effective mitigation process. Whether this is issuing take-downs to ‘near to’ domains or changing leaked email addresses and credentials, it is important that security teams use the information effectively.
Digital risk capabilities have a number of use cases:
The reliance on websites to sell products and grow brand awareness is significant. Unfortunately, web sites and their associated domain names provide a vast and lucrative surface for attacks. This can result in cybercriminals acquiring ‘look-alike’ domains with a view to targeting specific organisations. There are several ways in which an attacker can target organisations, these include:
Copycatting: a website that mirrors your existing domain; visitors are tricked into believing they are interacting with a legitimate website.
Piggybacking: Spoofed or look-alike domains of well-known brands, generally used to generate revenue from adverts.
Typosquatting and Homoglyphs: Typosquatting is a method that targets users who visit a website and do not notice that there are misspellings in the URL. For example; www.saphire.net rather than www.sapphire.net. A homoglyph is another variant of domain spoofing however a character of the URL is replaced with a unicode character that looks similar to a character from the Latin alphabet.
Cyber attacks are often tailored to target a specific individual within an organisation. Executives, VIPs and other high-value targets are highly targeted with attacks through methods such as social media impersonations, account take-overs and business email compromise.
Social Media is increasingly used as a way of communicating with customers and employees, and as a platform for organisations to grow their brand. As a result, the adoption of social media has resulted in an increase in the attack surface of organisations. Brand protection is paramount for any organisation and traditional security tools do not necessarily offer visibility into public platforms.
Attackers will look to bypass corporate controls and as such target the social media administrator accounts. The impact of this type of breach can be significant. Safeguarding corporate and executive/VIP accounts is vital.
Cyber criminals will use the deep and dark web to sell or leak stolen data. The ability to have visibility of the deep and dark web to monitor any mention of brand, executives or high-value targets is essential:
Phishing attacks are becoming increasingly sophisticated. Tactics such as Business Email Compromise (BEC) and fake-giveaways are rife with many users being susceptible or ‘click prone’. Deploying solutions that can identify phishing links coupled with effective phishing testing, training and awareness solutions can protect against digital threats.
Spoofed domains, impersonated email accounts and fraudulent profiles on social media form an organisation’s digital attack surface. Attackers use the platforms to launch sophisticated campaigns including: