Safeguard your digital SERVICES

Gain deeper awareness into your security gaps, before cybercriminals have the chance to compromise you.

Data leaks, user account takeovers, phishing attacks, malicious use of your ICT, can result in a significant disruptive event for your business operations.​

compromised credentials
0.1 bn
Compromised Domains
0.1 m
plain text passwords
0.1 bn

Digital Risks

Cybercriminals traffic and buy stolen credentials so they can infiltrate your networks to steal your data.
Stolen user credentials (emails/passwords) found on the Dark Web can indicate that your company, or a 3rd party application/website, that your employees user credentials have been compromised.

Account Takeovers

Account takeover is a type of online fraud that occurs when attackers use stolen logins to gain unauthorised access to accounts. When passwords are reused across multiple online accounts, criminals can exploit credentials that have been exposed in third-party data breaches to access multiple accounts.

Service Features

Our service can help both public and private sector organisations detect and mitigate cyber threats. Malicious threat actors can leverage stolen email addresses and passwords to compromise your own business systems and services.

The technology leverages a combination of human and artificial intelligence to scour botnets, criminal chat rooms, blogs, websites and bulletin boards, peer-to-peer networks, forums, private networks, and other black-market sites to identify your stolen credentials and other Personally Identifiable Information (PII).

Key Features:

  • 24/7/365 Monitoring
  • Automate Discoveries of Vulnerabilities & Suspicious Behaviour
  • Enhanced Risk Analysis to Deliver Meaningful Insights
  • Custom Rule Based Alerts
  • Simple and Easy to use Dashboard

Frequently Asked Questions

  • Dark Web Chatroom: compromised data discovered in a hidden IRC;
  • Hacking Site: compromised data exposed on a hacked Website or data dump site;
  • Hidden Theft Forums: compromised data published within a hacking forum or community;
  • Peer-to-Peer (P2P) File Leak: compromised data leaked from  file sharing programs or network;
  • Social Media Post: compromised data posted on a social media platform;
  • Command and Control (C2) Server/Malware: compromised data harvested through botnets or C2 server.

All organisations that have an internet presence are a potential target from malicious threat actors. While we can’t say definitively that the data we’ve discovered has already been used in a targeted attack, the fact that we are able to identify this data should be of concern. Organisations should consult their internal or external IT/security teams to prepare for a disruptive cyber event.

While your employees may have moved on, it is common to find that their user credentials are valid and, in a lot of cases, active within your internally and externally delivered IT solutions. In many cases, the 3rd party systems or databases that have been compromised have been in existence for 10+ years holding millions of “dormant” accounts that can be used to exploit an organisation. Discovery of credentials from legacy employees should be a good reminder to confirm you’ve removed any dormant accounts that could be used for unauthorised purposes.

Fake email accounts are routinely created by employees as a “throw away” when wanting to gain access to a system or piece of data. However, fake email accounts are frequently created to facilitate well-crafted social engineering and/or phishing attacks. Often, the identification of fake email accounts indicates that your organisation has already been targeted by individuals or groups.

Employees often recycle passwords throughout their work and personal networks. If your internal requirement is to have a capital letter and special character, it’s common practice for employees to use a password they are familiar with, and add a capital letter and exclamation mark. (Example: Exposed Password: cowboys, Variation: Cowboys!, Cowboys1, Cowboys!1, and so on.) Knowing this, hackers will run scripts using Metasploit (hacking and penetration testing framework) to “brute force” their way into an unsuspecting system.

There can be as much risk to your data within a Cloud environment as there is when it resides locally within your own servers. When researching Cloud providers and data centers, make sure you understand their compliance and certification with the security standards and protocols that impact your industry.

Once the data is posted for sale within the Dark Web, it is quickly copied and distributed (re-sold or traded) to a large number of cyber criminals, within a short period of time. It is generally implausible to remove data that has been disseminated within the Dark Web. Individuals whose PII has been discovered on the Dark Web are encouraged to enroll in an identity and credit monitoring service immediately.

SAFEGUARD YOUR DIGITAL FOOTPRINT

Business practices, resulting from the global pandemic, have exposed vulnerabilities that threat actors are actively exploiting. Avoid being the next victim.

Your information provides a very lucrative business opportunity for cybercriminals. Hackers and scammers are smart and efficient. With just a few key personal details and basic technological skills, these criminals could potentially gain access to some of your most important accounts.

Let's talk

Contact us to discretely discuss how to safeguard your digital footprint.

Complete the form to receive your Complementary Dark Web Analysis!

Please enable JavaScript in your browser to complete this form.
Name
Company email address.