News

How Blackpanda deploys darknet scanning in incident response

LAST EDITED:
PUBLISHED:
2/1/2023

Asia’s premiere incident response company Blackpanda and top US darknet intelligence company, DarkOwl are pleased to announce a partnership that will provide Blackpanda’s clients with expanded protection and detection of cyber risk.

Blackpanda is proud to be partnering with DarkOwl to provide darknet scans as a part of all incident response and compromise assessment services to our clients. 

Blackpanda addresses cyber attacks from all varieties of malware, ransomware or business email compromise. Stationed in cities across the Asia-Pacific region, we have a hyper focus on digital forensics and incident response.

The incident response lifecycle

Incident response starts with a call, an alert, or an automated indicator that comes from one of our intelligent platforms or an endpoint detection and response tool.

Once we receive such an alert, we then move on to determine the validity and extent of the attack. Essentially, incident responders scope out what happened and assess what resources we need to deploy in order to address the attack.

After this, the triage process starts. Our digital forensics specialists gather evidence, with the goal of finding indicators of compromise. In the meantime, incident responders develop a plan of action and work with the client in order to stop the infection from spreading any further.​

The containment phase follows, where incident responders actively block the malware and stop it from carrying out damage to the system. 

All this happens within the first 48 hours following initial notification of an attack. By working around the clock, Blackpanda DFIR specialists are able to swiftly figure out who the threat actor is and have an idea of what assets and data could be at risk.

What data has been leaked?

After the malware has been eradicated, we typically hear the same question from our clients: ‘What data has been leaked?’ 

This is a very important thing to evaluate, as leaked data may contain sensitive information such as emails, passwords, or proprietary files. Hackers often post this information on darknet forums, effectively increasing the company’s vulnerability to a second attack. 

Having access to DarkOwl’s darknet scanning tools at this point is extremely helpful. This way, we are able to actively and continuously monitor the darknet and look up darknet data from over 30,000 websites as part of the services we offer our clients.


What information is available on the darknet?

Among the types of data that are found in the darknet are very large quantities of personally identifiable information and credentials to compromised accounts which can be used by attackers to spread ransomware. Additionally, darknet forums host chatter amongst threat actors, which if identified, can help us predict which organizations they are likely to target next.

We can also find many vendor and supply risk indicators. Most recently, in the context of the Ukraine Russia war, we are finding significant indicators of risk among vendors, supply chain vendors and supply chains that have presence in Ukraine, Belarus and Russia. 

With such access to darknet data, Blackpanda can then work on ‘connecting the dots' and delivering relevant intelligence to make informed predictions of the risks organizations face. 

Working together to protect organizations in APAC from cyber attacks

Blackpanda is Asia’s premier ‘cyber firefighting’ firm, offering specialized digital forensics and incident response for organizations in the region. 

By leveraging DarkOwl’s Vision platform, Blackpanda is able to offer darknet intelligence to clients and guide them in carrying out appropriate action to mitigate near and long term risks while informing their overall cyber security posture.

About Blackpanda

Blackpanda is Asia’s premier digital forensics and incident response firm, hyper-focused solely on digital forensics and cyber crisis response. Our team consists of an elite cadre of risk and security experts from international special forces, intelligence, forensics, and law enforcement backgrounds. We are highly trained, ready to respond to and help manage crises on short notice, when and wherever needed. To learn more, please visit www.blackpanda.com

About DarkOwl

We are darknet experts. DarkOwl was founded in 2016, and we are the world's leading provider of DARKINT™, darknet intelligence and offer the largest commercially available database of darknet content. DarkOwl enables cybersecurity organisations, law enforcement and government organisations to fully understand their security posture, detect potential breaches and violations of the law and mitigate them quickly. We offer a variety of options to access our data, please visit us at www.darkowl.com.

News
Novice

Related articles

The Basics

What is ransomware?

Ransomware is one of the most devastating types of cyber crime today. What is ransomware? Who is targeted? And how can you protect yourself from it?

Protect & Defend

Sophos vulnerability advisory

A remote code execution (RCE) vulnerability (CVE-2022-1040) has been identified in User Portal and Webadmin of Sophos Firewall in versions 18.5 MR3 (18.5.3) and older. The vulnerability has been rated as critical by our cyber security specialists. 

The Basics

What Is a business email compromise?

Learn about preventing, identifying, and resolving a BEC before it can cause significant harm to your business.

View all

Sign Up to Our Newsletter

Our weekly Asia Cyber Summary is a snappy, non-technical overview of regional cyber security news that helps you stay informed. Test it today, you can always unsubscribe. 

Let’s talk
Company News
Novice