Blog

Bleeding data: why cybersecurity leaders should be worried about dead drops

By |

Wikipedia defines a dead drop or dead letter box is a method of espionage tradecraft used to pass items or information between two individuals using a secret location. In cyberspace, however, a variant of this tradecraft has emerged in the last few years. This involves rogue insiders in organizations dumping valuable data including credentials, network information, or even ways to bypass security measures in online forums or the Dark Web. They expect hackers to find and use this data to target their organization as a means of exacting revenge or settling scores as the case may be. 

We are encountering many such data dumps across forums now as dead drops. In the last few months, the number of such drops encountered by our research team has risen steadily enough to warrant concern and action. Insiders are compromising even highly confidential information belonging to employees such as pitch decks, pricing documents, and meeting minutes. From the shop floor, production schedules, device information (including patch status in some instances), machinery information, default system control passwords for remote devices, and more are compromised. 

More than the loss of data, it is the exploitation of such data that should worry businesses. It also represents the failure of data protection measures at many levels. Such drops are also making it easier for hackers to breach networks and systems and encrypt data and demand ransom for its release.   

Dealing with the insider threat (Dead Drops)

The US Cybersecurity and Infrastructure Agency (CISA) recommends the institutionalization of preventive measures. This includes the establishment of an Insider Threat(Dead drops) Program Office to work towards progressively lowering this threat. It also recommends detection and managing access by gathering and investigating incident and threat information, assess and categorize those risks; then implement management strategies to mitigate the threats.  

In addition to these, businesses can also establish perimeters around information and only allow logged access on a need-to-know basis to avoid dead drops. No information should be published in a place where it can be accessed without leaving a trail behind. Information audits should also be conducted periodically to identify data that has been stored or accessed without adequate access management measures or permission.      

Even discussions on sensitive data should be discouraged outside the group that needs to access and use that data.  

In case of a breach, through a detailed forensic investigation, the source of the breach should be identified.  

Gain insights from the largest ot and iot focused honeypot network - sectrio
Bleeding data: why cybersecurity leaders should be worried about dead drops - Sectrio

How can Sectrio help  
Sectrio’s products for IoT-OT and IT security can help detect cyber-attacks early and prevent them from succeeding. Our products are designed to offer critical infrastructure-grade security to protect your data and assets from hackers and other malicious actors.  

Sectrio is a leading IoT and OT cybersecurity vendor. Our offerings include: 

Vulnerability management module: helps identify and address vulnerabilities and prevent hackers from exploiting them. Discover authenticated and rogue devices.  
Threat management modulegain deep insights into network activity to detect threats    
Micro segmentation moduledeploy compliance measures at a granular level, prevent lateral movement of malware. 
IoT-OT-IT Converged Security Suite: secure systems across IoT, OT, and IT; prevent attacks and movement of malware and threats 
Threat intelligence:

Improve your cybersecurity through ot and iot focused threat intelligence feeds free for 15 days
Try out our threat intelligence feeds for free for 15 days to see what your SIEM has been missing all this while

Together with a strong insider threat management program, our offerings can secure your business.  

To see how our offerings can help your business, book a demo now.  

Share:
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defense tactics at close quarters.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio