Omri Orgad, Regional Managing Director at Bright Data (formerly Luminati Networks) explores the many benefits collecting publicly available data online brings to security teams looking to test and solidify their security infrastructure against potential cyber threats.
Companies are facing more cyberattacks than ever before. Nearly a third of British businesses have suffered a cybersecurity breach in the past year according to the latest data by the UK Government’s Cyber Security Breaches Survey 2020. Some attribute this to the continued technological transformation of our economy and society which has increased the number of operations and systems susceptible to a host of new and rapidly evolving cybersecurity threats. In other words, digitalisation has brought about a myriad of benefits economically, but it has also revealed more vulnerable entry points into companies’ IT systems and data networks. It is for this reason that protecting against cyber criminals is high on the agenda for both the public and private sectors. Prioritising and fixing vulnerabilities to combat such attacks and preserve valuable data by using comprehensive technologies and solutions is now more critical than ever.
Recognising evolving risks
Despite increasing awareness and technical innovations, malicious attacks are still proving successful. Years ago, our biggest cyber threat was the theft of our credit card information. Now, thanks to increasingly sophisticated methods of attack, the risk has evolved. A testament to this risk growth is the ‘WannaCry’ ransomware attack that struck hundreds of companies around the globe in May, causing an estimated $4 billion in total losses. The move towards remote working during the Covid-19 pandemic increased personal and wider organisational IT vulnerabilities and exposed even more avenues for potential attacks. One such attack, which is a bit less sophisticated and easier for employees to fall victim to, is the ransomware/malware delivered through phishing via email. We have seen this happen plenty of times, when for example an employee clicks a single link that can then open the door to an attacker to exploit that entire system.
Threat actors have often relied on phishing emails and malicious links as a strong attack vector for compromising organisations through individual employees. However, the scale is growing. In fact, as of February 2021 there are more than 2,168,066 websites marked as phishing sites, according to Google Safe Browsing. Furthermore, ESET’s Threat Report reveals that there has been a 9% rise in malicious email detections between the Q2/Q3 periods when compared to Q1 and Q2 in 2020.
As numbers continue to rise throughout 2020, it is easy to see why organisations have become focused on avoiding falling victim to these damaging attacks. Although security teams can offer some protection when it comes to emails sent to a corporate inbox, cyber criminals continue to find new ways around IT defenses and protocols. Highly specialised attacks can be planned through spear phishing and social engineering, which focus on targeted individuals and enable emails containing malicious links, to look as legitimate as possible.
The issue here is evident. It is a constant game of cat and mouse between security teams and cyber criminals. So, what can be done to fight back and turn the tide against attacks that involve malicious links? Outside of the tried and tested methods, data collection tools are proving to be a new weapon in the armory of security teams.
Data collection to the rescue
Collecting publicly available online data enables security teams to build multiple layers of data when checking for malware being distributed via links within emails or other fraudulent means. More importantly, it allows for the creation of what we call a “secure sandbox environment” that catches the fraudster deploying the fraud and detonating the link within it. As such, if there is cause for concern, it is contained and dealt with, posing no threat to the wider IT environment. However, data doesn’t just help in exposing malicious links. It also allows teams to test their infrastructure when going through ‘red teaming’ or user emulation procedures. Red teaming allows organisations to perform comprehensive tests that help expose potential vulnerabilities on every attack level. It also offers a better understanding of how to respond to potential cyberattacks, levelling the playing field against threat actors.
Furthermore, testing networks using automated real-life techniques, tactics, and scenarios allows organisations to get a better picture of the current content delivery networks and cybersecurity setup and aim it towards areas that require updates. The extra level of intelligence-led security assessment that data enables allows teams to thoroughly test organisations’ cyber resilience as well as threat detection and incident response capabilities.
Analysing security threats and vulnerabilities.
Data collection can be deployed to reveal potential vulnerabilities and risks within hardware and software-based systems such as networks, applications, routers, switches, and appliances. By collecting publicly available data, red teams have a better picture of the current security landscape. They are therefore much more informed and can perform focused and realistic exercises that wouldn’t be possible without the added benefit of data. This further allows them to review and analyse log data, utilise security information and event management (SIEM) platforms for visibility and detection of live intrusions, and to triage alarms in real time.
Regardless of size or sector, all organisations are prime targets when it comes to cyberattacks, and it’s important that security teams are always looking to be one step ahead of those trying to break into their systems. But to achieve this, they need to be using the latest technologies available to keep cyber criminals at bay, and this is where data collection is giving teams the upper hand. Now is the time for security teams to seize the initiative to test and increase defenses with the latest data collection technologies. Doing so will offer a better and bigger picture of the threat landscape, will allow them to control the various attack parameters and contain the threat in order to truly protect their networks.