The Kaspersky Digital Footprint Intelligence team has presented the results of its darknet leak monitoring initiative that took place in 2022. Experts tracked Darkweb posts offering access to companies, the sale of databases or compromised accounts, and other critical incidents, and notified victim companies about them. As a result of the initiative, it was found that companies from Europe were the most frequently affected, accounting for more than 25 percent of all notifications. This global trend also exposes unpreparedness, denial, and negligence of companies’ victims when it comes to incidents related to data leaks. Kaspersky annual NEXT 2023 conference discloses key details.
As part of the recent initiative by the Kaspersky Digital Footprint Intelligence team, whenever a cybersecurity incident involving compromised corporate data on the Dark web, such as database sales, infrastructure compromises, or ransomware, was detected, the victim company promptly received a notification from the Kaspersky team about the threat.
As a result of the initiative, 258 companies globally received incident reports. European companies were most frequently affected by leaks, accounting for more than 25 percent of notifications – or 66 reported incidents – that were critical and time-sensitive, requiring immediate attention from the company victim. Incidents involving fake, public, or generic data were not considered reportable. The monitoring was conducted on Dark web forums and blogs, plus shadow Telegram channels. To prevent unauthorized access to the victim companies' infrastructure, compromised data was not verified in any way.
Unpreparedness, denial, and negligence: how companies worldwide react to data leaks
The worldwide results of the initiative unveiled a trend concerning: 42 percent of companies lack a dedicated point of contact for cyber incidents, while 28 percent show indifference and 2 percent deny incidents. This negligence risks penalties, trust, and financial losses, being especially relevant for Europe, where GDPR regulations are strict. Thankfully, 22 percent reacted appropriately, accepting the information, and addressing risks, and 6 percent demonstrated proactive monitoring and detection, indicating they are already aware of the incident.
“The findings from our initiative regarding companies' reactions to data compromises on the Darknet are rather discouraging. Only a third of the companies adequately responded to the situation, while the majority seemed to be engulfed in a whirlwind of emotions ranging from ignorance to denial and helplessness ,” comments Yuliya Novikova, Head of Digital Footprint Intelligence. “ While Darknet monitoring may have seemed complex in the past, the current situation is evolving. It has now emerged as a valuable and accessible source of threat intelligence data for cybersecurity professionals, including CTI analysts, SOC analysts, and others. This resource enables immediate responses to security incidents such as offers to sell access to company systems or data leaks, ultimately helping to prevent data breaches. ”
To protect your organization from related threats, Kaspersky experts recommend:
- Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities. Install patches for new vulnerabilities as soon as possible. Once it is downloaded, threat actors can no longer abuse the vulnerability.
- Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
- Use Kaspersky Digital Footprint Intelligence to help security analysts explore an advisor's view of their company resources, promptly discover the potential attack vectors available to them. This also helps raise awareness about existing threats from cybercriminals in order to adjust your defenses accordingly or take counter and elimination measures timely.
- If you are faced with an incident, Kaspersky Incident Response service will help you respond and minimize the consequences, in particular they can identify compromised nodes and protect the infrastructure from similar attacks in the future.
