Page 42 - index
P. 42
• Initiating a botnet takedown to eliminate or paralyze criminal networks.
• Feed the botnet large amounts of false and unreliable data.
• Recover stolen data such as compromised passwords, credentials, credit card numbers,
documents and much more. Afterwards, the entity can remediate the exposure.
• Proactively block, track and monitor a list of known crime servers.
Hacktivism Awareness
Organizations should be aware of what’s being posted on social media sites, websites known
for sharing stolen data and operations conducted by Hacktivist groups. XYZ Corp closely
monitors this by analyzing real-time alerts and reports generated when keywords they specify
are triggered.
For example, an alert is sent when a Hacktivist group like Anonymous uses Pastebin to expose
information about XYZ Corp such as:
• Credentials to servers and websites.
• Personal details about corporate executives and officers.
• Trade secrets and other documents.
Organizations can also track campaigns such as #OpRemember which recently used
Facebook, Twitter and Pastebin to coordinate cyber-attacks against dozens of companies in the
financial sector. Stolen data is posted daily under #OpRemember since going live in November
2014. Organizations can take action by following established procedures to have the stolen
data removed and trigger internal forensics investigations to mitigate further seizures.
There’s seemly little you can do today about Hacktivist threatening or openly coordinating an
attack against your organization. The unpleasant truth is they probably already breached your
environment. However, intelligence provides you with the early warning needed to prepare and
hopefully locate any previously undetected vulnerabilities and exposure.
Brand Abuse Monitoring
XYZ Corp tracks brand abuse which can damage their reputation by putting its employees,
customers and others at risk. For years Internet users knew that misspelling the address of a
popular website meant you would probably be sent to a malicious website. Criminals now use a
combination of social engineering and spear phishing tactics to lure users into visiting malicious
websites designed to steal information.
Cybersquatting and Phishing websites designed to look like your brand can be identified using
threat intelligence. Once discovered, an entity can take action by:
• Releasing public or private notices alerting users of the threat.
42 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
