Google may not explore the “deep” or “dark” web, but it’s still incredibly useful. We all use Google on a daily basis, and there should be no exception for cybersecurity. There is plenty of chatter and intelligence generated every day that we can learn from. After all, most data is generated online. You’d be surprised at how much a company can stay ahead of the curve by just using an open web search engine. It’s no replacement for a dedicated threat intelligence provider, but it can’t hurt.
It’s true that we’ve entered uncharted territories with the scope of attacks and breaches. However, one upside to this spike in activity is that it gives us an excellent chance to learn from others in order to be better prepared. Cybersecurity is currently in its “wild west” phase and, the more we are able to learn from other attacks and hacks, the better prepared we will be.
Instead of just acknowledging that a breach occurred with another organization – look into it in detail. How did it happen? When did the first clue drop? How did the attacker get into the network? The more you study ongoing attacks, the more prepared your team will be for one.
Pastebin and Github can be a major thorn in the side of many security teams. Personal information, passwords, and other sensitive information show up on Pastebin frequently as it is one of the world’s most popular text sharing websites.
Github, as the world’s biggest code repository, comes with its own set of problems. Anyone can upload source code regularly, which could include either your own stolen proprietary data, or code to exploit vulnerabilities in your systems. Monitor both of these sites regularly so that you can take appropriate action.
Your team should always have indicators of compromise (IOC) at the top of mind. Geographical irregularities, strange IP addresses, strange activity or high spikes in traffic can all mean that an attack is occurring or a breach has happened.
This is somewhat effective on a manual level, but to keep up with the scope and nature of attacks, it is best to utilize a threat Intelligence provider. Some providers are able to use machine learning to flag these events in real-time, which can mean the difference between stopping an attack in its tracks or having to clean up after it.
Put yourself in the mindset of an attacker; What are your network’s vulnerabilities? What are the top attack routes? Analyze this first on your own, and then by looking at your adversaries’ own tactics, techniques and procedures (TTP). Since much of this information is freely available and discussed on the internet, your team is able to get in the mindset of the potential attackers. By preparing for all your nightmare “what-if” scenarios, your team will sleep safer at night and be able to do their job more effectively.