Wikipedia defines a dead drop or dead letter box is a method of espionage tradecraft used to pass items or information between two individuals using a secret location. In cyberspace, however, a variant of this tradecraft has emerged in the last few years. This involves rogue insiders in organizations dumping valuable data including credentials, network information, or even ways to bypass security measures in online forums or the Dark Web. They expect hackers to find and use this data to target their organization as a means of exacting revenge or settling scores as the case may be.
We are encountering many such data dumps across forums now as dead drops. In the last few months, the number of such drops encountered by our research team has risen steadily enough to warrant concern and action. Insiders are compromising even highly confidential information belonging to employees such as pitch decks, pricing documents, and meeting minutes. From the shop floor, production schedules, device information (including patch status in some instances), machinery information, default system control passwords for remote devices, and more are compromised.
More than the loss of data, it is the exploitation of such data that should worry businesses. It also represents the failure of data protection measures at many levels. Such drops are also making it easier for hackers to breach networks and systems and encrypt data and demand ransom for its release.
Dealing with the insider threat (Dead Drops)
The US Cybersecurity and Infrastructure Agency (CISA) recommends the institutionalization of preventive measures. This includes the establishment of an Insider Threat(Dead drops) Program Office to work towards progressively lowering this threat. It also recommends detection and managing access by gathering and investigating incident and threat information, assess and categorize those risks; then implement management strategies to mitigate the threats.
In addition to these, businesses can also establish perimeters around information and only allow logged access on a need-to-know basis to avoid dead drops. No information should be published in a place where it can be accessed without leaving a trail behind. Information audits should also be conducted periodically to identify data that has been stored or accessed without adequate access management measures or permission.
Even discussions on sensitive data should be discouraged outside the group that needs to access and use that data.
In case of a breach, through a detailed forensic investigation, the source of the breach should be identified.
How can Sectrio help
Sectrio’s products for IoT-OT and IT security can help detect cyber-attacks early and prevent them from succeeding. Our products are designed to offer critical infrastructure-grade security to protect your data and assets from hackers and other malicious actors.
Sectrio is a leading IoT and OT cybersecurity vendor. Our offerings include:
Vulnerability management module: helps identify and address vulnerabilities and prevent hackers from exploiting them. Discover authenticated and rogue devices.
Threat management module: gain deep insights into network activity to detect threats
Micro segmentation module: deploy compliance measures at a granular level, prevent lateral movement of malware.
IoT-OT-IT Converged Security Suite: secure systems across IoT, OT, and IT; prevent attacks and movement of malware and threats
Together with a strong insider threat management program, our offerings can secure your business.
To see how our offerings can help your business, book a demo now.