For many people, thinking about the dark web evokes images of seedy hackers with malicious intentions, cloaked in black hoodies hovering intently over a computer. We picture bad actors quickly typing away while sitting at a corner coffee shop. The green text flashes on a black screen at speeds where it is nearly impossible to read, with progress bars indicating uploads of a virus or maybe the transfer of money from unsuspecting victims to a secret offshore account. These dramatizations may be extreme, but nonetheless, the Dark Web is very real and very dangerous.
The Dark Web is a very real place and contains a frighteningly large amount of stolen data, aggressive phishing schemes, hoaxers, botnets, and black-market activities. Much of the personal data that makes it way to the dark web comes from people like us and is for sale at an astonishingly low price. It was recently discovered that Remote Desktop Protocol (RDP) access to a major international airport’s security and building automation system was being sold for only $10. For less than what many spend on lunch, you could gain access to what should be a highly secure environment! Another example of what can be solicited on the Dark Web is a stolen social security number, which can sell for as little as one dollar.
Once a hacker has access to a compromised machine, the potential harm to a company is staggering. Not only does the attacker have access to potentially sensitive data on that device, but they can also utilize that machine to move laterally throughout the enterprise network and quickly compromise additional systems. Installing ransomware, planting false flags (a tactic where an attacker will make it appear as if his/her illegal activity originates from the victim’s machine), becoming a source for spam origination, being used as a crypto miner, or being used for credential harvesting that further compromises the organization are all common hacker activities and outcomes. It can take weeks, or even months, for an organization to realize their network had been compromised, if they realize at all.
“Just as we check the doors and windows when we leave our homes, organizations must regularly check which services are accessible from the outside and how they are secured,” McAfee recently wrote in a blog post detailing a specific breach.
Centripetal's intelligence policies are built from complex combinations of static and dynamic rules, so that rules and policies can be constructed to filter any combination of the following elements, which are typically part of the commercial indicator of compromise. In addition to malicious IPs, we conduct thorough inspection on every inbound and outbound packet including:
- Source IP, Destination IP, and IP range (v4 or v6)
- Port or Port Range
- Dynamic, multi-dimensional indicators of compromise
Centripetal’s Active Threat Blocking enforcement solution, the CleanINTERNET service, can leverage billions of threat indicators that are correlated and filtered at network edge, against millions of complex security rules. We enable automatic enforcement (blocking and shielding) to support real enterprise speeds and convert indicators to action on a continuous basis as intelligence feeds are dynamically updated. By taking hundreds of millions of indicators and distilling them to a finite number of rules, we are able to prevent millions of threats and deliver an unprecedented intelligence-led defense.
Learn more about CleanINTERNET services here