For many companies, “threat intelligence” means only indicators of compromise data and information on specific cybercriminal tools. But in fact, threat intelligence implies a much deeper knowledge about threat actors, including tracking their activity on the network. Sometimes this information allows you to not only to get an idea of the criminal methods and tactics, but also to prevent a cybercrime. A vivid example is the recent case of a Latin American country’s central bank.
While studying cybercriminal activity, our experts learned that one group managed to access the bank’s network. Investigators immediately notified the victim, contacted Interpol and jointly conducted a thorough investigation into the incident. As a result, they managed to eliminate vulnerabilities in corporate infrastructure and prevent real financial losses. Unfortunately, we сannot share the details of the incident and describe how the attackers penetrated the bank’s network.
How our experts managed to detect the activity of intruders
Not all cybercriminals are responsible for a full attack cycle — from initial studying the target to the final move (which is usually data or money exfiltration, or ransomware infection). There are groups that specialize exclusively in gaining access to the infrastructure of companies: having successfully penetrated the network, they try to sell access to those who can organize an attack on the dark web or on hacker forums. Moreover, there are so-called Initial Access Brokers that buy access and then resell it to other cybercriminals.
While studying the activities of completely different criminals, our researchers discovered that someone is looking for partners to attack the bank in order to perform some kind of cyberfraud. They shared some information as a proof of access to the bank’s infrastructure, and it helped our experts to identify the victim and prevent the crime.
How threat intelligence can help a particular company?
In this case our experts were not searching for signs of an attack on a particular bank. This bank wasn’t even our client. However, our instruments can allow you to track threats for a specific organization. Our Threat Intelligence portfolio includes a Digital Footprint Intelligence service that allows you to create a dynamic “digital portrait” of an organization, and then to track dangerous symptoms through open sources on the dark web and deep web. Sometimes this allows you to prevent quite serious cyber incidents.
In addition, to protect against sophisticated attacks, we recommend using services such as Managed Detection and Response. It allows your cybersecurity team to employ the help of external experts to detect and stop complex attacks on company infrastructure at an early stage.