Monitor and detect data leaks
Group-IB Digital Risk Protection monitors a range of open and dark web sources to uncover code repositories and other private information belonging to your organization.
Why is it important?
for 2020
vulnerable of data breaches
their data security posture
How data leakage damage businesses
How Group-IB Digital Risk Protection works:
What can be detected:
Type of threat
There are specialized websites for exchanging contextual information (such as paste-bin and analogous resources). They can be used to upload raw data and anyone can link to them. Both legitimate IT specialists and hackers actively use such resources.
Detection procedures
Group-IB collects text data from such resources into its central repository and indexes all texts.
Among the collected texts, experts identify those that can potentially relate to leaks (e.g., lists of passwords, email addresses, hashes, tables, output from security scanners, configuration files for network equipment) and may be related to the client (e.g., domain names, BIN numbers, external IP addresses, the names of its internal systems).
Type of threat
Open-source repositories, such as GitHub, contain codes that anyone can search through. They are often used by threat actors planning attacks against specific companies or industries.
Detection procedures
Group-IB Threat Intelligence & Attribution searches through the open and exclusive code resources for domain names, BINs, external IP addresses, or the names of internal systems belonging to customers and partners. If information is found, the entire repository is downloaded for long-term storage. Inside such repositories, Group-IB searches for signs of sensitive information such as logins and passwords, API keys, and bank card data. When such signs are detected, we notify administrators and users in accordance with internal policy to mitigate and remediate threats.
Type of threat
Many hacked databases are published on hacker forums. Such databases can contain different sets of data, including logins, passwords, contact and other personal information of users. Attackers use these databases to form lists of usernames and passwords for subsequent attacks, for example, brute force or credential stuffing. In addition, leaked data can be used to launch attacks targeting specific individuals, such as company executives or VIPs.
Detection procedures
Group-IB collects information from leaked databases and searches for records associated with customer and partner domains. Ever breach that is identified is linked to the database from which it was identified, and what additional information has leaked for this user.
Type of threat
This component of the platform alerts organizations based on information collected from closed online forums that are not directly accessible from the internet. Cybercriminal groups use such forums to gather information and conduct business. Initially, only data relevant to your organization is displayed.
Detection procedures
Group-IB analysts and automated systems collect and classify various types of information to warn customers and partners against emerging attacks and trends.