14 Aug Why you need dark web monitoring for your business
I was recently at the annual Ascii IT Success Summit in East Brunswick, NJ. The general topic of the event focused on cybersecurity, dark web, and ransomware for Managed IT Service providers
The biggest highlight of the event was a speaker by the name of Frank Abagnale. If that name rings a bell it’s because Leonardo DiCaprio played Frank Abagnale along with Tom Hanks in the award winning movie Catch Me If You Can released in 2002. The accuracy of the movie is spot on after Tom Hanks’ character apprehended Frank Abagnale, he spent 4 years in a US prison before the FBI hired him to shorten his prison sentence. To this day, Mr. Abagnale has spent almost 40 years working for the FBI as a Fraud Prevention Expert and most recently, a Cybersecurity expert assisting with various government departments throughout the country on a consulting basis. Call him what you will, a con man, criminal, or a genius, but some say he did his time and has paid back society many times over.
When Mr. Abagnale started taking questions from the audience during the Q&A, one audience member asked him “What keeps you up at night?” His answer resonated with the audience full of IT experts and not a single person was checking their phone, going to get a drink, or was taking a bathroom break. All eyes and ears were perked up for his answer. Mr. Abagnale responded that the FBI has done a multitude of tests at their Quantico, Virginia research facility that would make most people want to live in a bunker with a tin foil hat. He said that while ransomware has been at the forefront of cybersecurity issues recently, IoT or Internet of Things devices are what’s coming next. The FBI has successfully been able to remotely slow down, speedup, and stop pace makers from a 30 foot distance. They have also been able to remotely take over and control modern cars from within that same distance. While these features make diagnostics for doctors and mechanics alike more efficient, it can be used for malicious purposes. For example, one can easily use the remote control of a pace maker to attempt an assassination on someone merely just by walking past their intended target. As scary as this sounds, this isn’t what Mr. Abagnale said keeps up him at night. He said, “What keeps me up at night, is that I know in a few years, that 30 foot distance will increase to thousands of miles away. That is what keeps me up at night because now you’re talking about tracking a much larger attack vector that could be anywhere in the world.” You think it’s bad now with ransomware asking for money? Wait until they can start threatening you with your life by demanding you pay them within 15 minutes and failure to comply may result in stopping your pace maker or disabling your car.
After having time to reflect on this event I have come to the conclusion there is no stopping cybercriminals. When one of them is arrested, three more pop up as copycats in their place. They are relentless selling and buying stolen credentials on the dark web for their own gains. All we can do is merely slow them down enough where they just move on to their next potential victim. However, this cybersecurity loaded freight train is barreling down full speed ahead with no stopping it. The rapid rise in cryptocurrencies such as BitCoin is fueling this behavior because the more BitCoins these criminals have the more their net worth keeps going up. This anonymous preferred payment method is what cybercriminals swoon over because it is untraceable. Furthermore, the recent break out of BitCoin going over the $4,000 mark and is now up over 410% this year alone accelerates this behavior. I will not delve into details regarding block chain technology and cryptocurrencies here as that is a big conversation (and another blog post) all within itself.
My wife was recently a victim of similar atrocities when her cell phone was stolen at a local mall last weekend. As a result, those responsible for the theft then followed up with a one-two punch combo to hack into her Amazon and Gmail accounts to go on a shopping spree. So, when she immediately went to the T-Mobile store to inform them of what happened, they tracked the phone via GPS and found it to be briskly heading north on a local highway. They immediately flagged the phone in their system as being stolen and replaced it with a new one. Fortunately, she had two-factor authentication turned on for her Gmail account. As a result, upon the suspects attempting a password reset, her phone immediately received the two-factor authentication text message informing her of the request. If it weren’t for this being turned on, the would-be cyber criminals may have actually had a pay day. A few minutes later after the text message arrived, Amazon caught on to the suspicious behavior and called her while the criminal was attempting to purchase a shiny new Apple iPhone with her stored credit card information. My wife then proceeded to reset all of her online passwords as a precaution in case they got away with more than just Gmail and Amazon access. This became a tedious task as it’s difficult to comprehend how many online accounts you have until you have to go through all of them for password resets. The primary reason behind this is because the same or similar password was used on the majority of the accounts. This includes any bank accounts, social networks, credit cards, online shopping accounts, auction sites, pharmacies, and even the login for the primary health care provider. Total in all, there must have been 50+ sites that took an hour or two to go through them all with password resets.
This ordeal was a reminder that we are all guilty of reusing the same passwords across the countless portals, sign-in pages, and cloud based services. More often than not we also reuse the same or similar passwords on both our personal and business accounts. This exposes our businesses to additional risk as data breaches are dime a dozen these days. Furthermore, to exacerbate the issue, the FBI estimated that only 1 in 4 businesses actually report a data breach. Moreover, most data breach announcements don’t happen immediately after the incident either. It usually takes companies months to perform their own investigations before they even announce details on what information was actually breached. This means that stolen credentials and personal information can be circulating through the dark web long before we are notified and often too late before our information is used by cybercriminals for their own gains.
On-Site Technology has just released a brand new service called Dark Web Monitoring that monitors all of your employee’s corporate and personal email addresses on the dark web. This service searches the internet for any data breaches that involved your employee’s credentials. Find out today how this can help your business stay out of the next security breach statistic.