integrated result: Cyber Threat Tactical Monitoring

A specific type of cyber threat that is very hard to combat, is spearphishing attacks: an influential staff member of a company is approached using handcrafted emails that contains a lot of factual information, adding to credibility of the email. Usually, such an email contains an instruction to transfer money, or to click a link, and it appears completely legitimate. There is need for companies to understand the threat level of this type of attack. This new service does this by identifying the ‘attack surface’: how much public information is available for key staff members of the company?

The result is called ‘tactical’ monitoring because the time frame of the attacks, and the associated the information is more ephemeral by nature.

The result presents information from the clearweb for a number of selected company employees; results from project partner TU Eindhoven are used for this. Additionally, honeytoken information is used to make the information more specific: a honeytoken is a piece of information that is usually only extracted by very curious (malicious) users, just like the well-known honeypot concept. Honeytokens collect information about the origin of the entity that extracts the information (it can be a document, an image or any other digital entity). The honeytoken technology is developed by project partner Almende. This information is added to the analysis.

The new service is not yet in the form of a dashboard that can easily be accessed: the result is not yet a finished product and its precise definition needs to be developed together with a launching customer.

Larger companies that run the risk of spearphishing; cyber threat intel companies

The result can be accessed by reaching out to the exploiting partner