Skip to main content

Who has my login details?

By 17 December 2020 December 22nd, 2020 Blog, CERT, Digital Risk Protection

Do you know who is in possession of YOUR personal data? Theft of confidential data by hackers is an everyday occurrence. But what can they do with the data and what are the damages that can be inflicted? Can you limit these damages?

A practical example

Your organisation has become the victim of a hacker and various databases are stolen. One of the databases contains login details of employees and board members. In particular, the latter category is of interest to a hacker: this allows them to pose as a board member and, for instance, commit fraud. Of course, the login details can also be used to abuse other systems, with all fateful consequences.

In many instances the hack is only discovered much too late and the confidential data have in some instances already been abused before an organisation discovers this (in 2019, it took an average of 209 days before a hack was discovered. Source: IBM). Confidential data, like login details, are worth money on digital black markets that are often hidden on the Deep and Dark Web. Special tooling is needed to access the Dark Web; a standard internet browser will, for instance, not work. Then how do you discover if your data are traded on the Dark Web and are, potentially, abused?

Digital Risk Protection

With DRP, fake domains can also be retrieved that strongly resemble your own domain. For instance, www.0rganisatie.nl. Here, the letter ‘o’ was replaced by the number ‘0’. This kind of attack is called typo-squatting. This method is often used in case of a phishing attack in order to get hold of login details. With the help of DRP, this fake domain can be removed in order to prevent the phishing attack.

It may also be that through DRP you become aware of the fact that your organisation was hacked (in the past). As the occasion arises, you can instantly deal with the T-CERT of Tesorion to start an investigation into the cause of the hack and to gain advice to prevent further damages.

What else can I use Digital Risk Protection for?

A known framework for cyber-security is Prevent, Protect, Detect & Respond. With DRP, an additional step is added at the start, namely Predict. A potential attack can be detected early and this way, unpleasant surprises are avoided. How does it work?

A cyber-attack is usually prepared well by hackers and, again, the Dark Web is used. Hackers use Dark Web Fora to scheme and share, in order to coordinate their attack.
A recent example is a published list with approximately 50,000 Fortinet VPN login details of vulnerable organisations. By making use of a vulnerability in the FortiGate system, a hacker managed to obtain VPN login details of, inter alia, banks, official authorities, and telecommunications companies. The database with details of approximately 6.7 gigabyte is offered for sale online on fora that are frequently used by hackers.

What else can you use DRP for? We give a few examples:

  • Signal attack indicators on, for instance, hacker fora
  • Recognise stolen confidential data
  • Protect a trade name, for instance by recognising “fake websites”
  • Detect (imminent) phishing attacks
  • Retrieve unnecessarily exposed data and (vulnerable) systems
  • VIP protection

DRP provides insight into the digital world into which and to which you do not immediately have insight and access from your own network. DRP is also referred to as “outside the wire” monitoring. The information that DRP yields can be used to determine and deploy security measures much more accurately. This way, it can also be checked if the security policy actually focuses on the most important matters.