Threat Intelligence
CVE-2024-3400: Zero-Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS
April 23, 2024
by George Glass
Digital Risk Protection
Proactively safeguard your organization’s digital assets and accelerate visibility of online threats.
Contact UsUnrivaled Digital Risk Protection Overview
Kroll’s Digital Risk Protection services provide a holistic understanding of what information is available about your organization in all corners of the internet. This can range from monitoring brand reputation to assessing the extent of leaked data from a past incident. Powered by key partnerships and elite threat intelligence analysts, Kroll’s cyber threat intelligence team leverages frontline expertise to monitor both surface and deep and dark web for deeper insight into any exposure.
As the world’s #1 incident response provider, we deliver frontline-informed dark web monitoring, brand monitoring and domain protection, and threat monitoring for social media, chat platforms and repositories. Drawing on experience in the U.S. Secret Service, the FBI, Fortune 100 and the National Cyber Forensic Training Alliance (NCFTA), Kroll’s analysts manage and minimize your organization’s exposure to risk in an increasingly complex threat landscape.
Benefits
Identify Leaked or Stolen Information
Know if You’re Being Targeted by Cyber Attackers
Identify an Ongoing or Past Data Breach
Safeguard Against Brand Abuse and Impersonation
Reduce your Attack Surface
The continually evolving attack surface demands constant vigilance. Attack surface management or external attack surface management (EASM) enables organizations to monitor for and manage these types of threats more easily and effectively. Kroll’s digital risk protection service enables you to gain comprehensive insight into your external attack surface and continuously reduce your exposure across the surface, deep and dark web.
Account takeover is one of the most common ways in which threat actors gain access to accounts, typically by using previously compromised or stolen credentials sold on the dark web to automate login attempts. By monitoring comprehensively for compromised credentials, digital risk protection minimizes the risks created by account takeover.
Types of Activity Kroll Monitors For
- Email address and password pairs exposed or sold on the dark web, hacking forums and marketplaces
- Forum chatter about vulnerabilities or offers of network access or data for sale
- Data dumps or sensitive documents appearing on primary sources
- Negative or derogatory comments directed at the client or client-owned brands
- Third-party data exposures
- Payment cards, personally identifiable information (PII), passports and other sensitive data posted or sold on marketplaces, shops or forums
- Phishing campaigns and event logs matching client names, email addresses or domains
- Employees exposing sensitive information on public sites or forums
- Initial access brokers selling backdoors/malware, compromised server, RDP, VPN or account credentials
- Activist/hacktivist groups discussing or targeting a client on forums and chat channels
How It Works
Our threat intelligence analysts use a combination of automated and manual data collection methods to monitor for any exposures across the surface, deep and dark web sources, including ransomware shaming sites, criminal marketplaces, private forums, closed and private bin/paste sites and Tor chat platforms.
Our analysts then filter out false positives and duplicates to deliver an early warning of targeted malicious activity in the form of alerts via our client portal, Redscan, that could be indicative of an impending, targeted attack campaign on your organization.
Kroll’s Digital Risk Protection Services
Deep and Dark Web Monitoring
Deep and Dark Web Monitoring
Kroll's threat intelligence analysts hunt for activity matching selected keywords that appear on the deep and dark web and on other areas of the internet where malicious activity is most likely to take place.
Our experts review activity, mentions, chatter and data listings and deliver alerts for any type of activity that could potentially pose a risk.
Apart from monitoring for general security purposes, covering keywords such as company name, subsidiaries, domains and executive names, Kroll’s analysts also check for activity related to a specific security incident.
This includes terms related to the incident, specific data contained in exposed or exfiltrated documents, such as customer names and employee names, and in some cases, indicators of compromise (IOCs), as well as specific data contained in exposed/exfiltrated documents.
Where we look:
- The dark web
- Forums
- Chat channels
- Ransomware sites
- Marketplaces
- Card shops
- Account shops
- Blogs
- Paste sites
Domain Monitoring and Brand Protection
Domain Monitoring and Brand Protection
Through expert threat hunting, detection and takedown, Kroll's experts will help secure and preserve your organization's brand reputation. Our analysts alert you of potential attacks on your owned sites and identify spoofed sites that use typo squatting or other copycat techniques, helping to protect clients from phishing and malware scams.
Once a malicious site is identified, Kroll provides a complete managed remediation and takedown service.
Key features include:
- Anti-phishing monitoring
- Unauthorized mobile apps monitoring
- Malware monitoring
- Social media abuse monitoring
- Site takedowns
- Dark web Bank ID number (BIN) monitoring
Threat Monitoring: Social Media, Chat and Repository
Kroll’s intelligence analysts monitor common social media and chat platforms, including encrypted platforms, for suspicious activity or chatter relating to your organization, as well as check existing repositories for any hidden keys or suspicious activity. We merge market-leading social media monitoring technology with unrivaled threat intelligence expertise to scan popular social media and other surface web platforms—ensuring thorough oversight of potential cyber and reputational threats. We can complete a one-off review or provide ongoing monitoring for real-time threat alerts.
Case Study – Fortune 100 Financial Services Company
Threat | Solution | Outcome |
|---|---|---|
Kroll’s Dark Web Monitoring service identified a post on a forum located on the Tor network containing over 1,500 credit card numbers, along with all the information needed to compromise the cards and use them for fraudulent purposes. The forum where this data was detected is known for harboring sensitive data and attracting users who may use it for malicious purposes. Approximately 250 of these cards were issued to consumers by one of Kroll’s clients in the financial services industry. | Because this client had our 24/7 Dark Web Monitoring service, the disclosure of this sensitive customer data was quickly reported to our client as a threat. Kroll was able to identify the source (forum names and usernames of the users who appeared to post the data), which was included in the incident report. | The client was able to quickly identify its affected customers and take action on the issued credit cards, thus minimizing the possibility of fraudulent transactions on these cards. This in turn helped bolster customer satisfaction and preserve the relationship, producing a competitive edge in a crowded sector of credit card providers. The client was also able to manage its ongoing risk by being aware of these forums and potentially nefarious actors on the deep web and file sharing networks. |
Supplement Your MDR Service with Digital Risk Protection
Customers who choose to bundle our Responder MDR service with our Digital Risk Protection services see added benefits:
-
Alerting of Both Internal and External Threat Activity in One Portal
By having alerts from your internal controls and from the dark web in one interface, you can maintain visibility of both threats in the wild and in your network. This also gives you the opportunity to immediately get more context behind a threat in your environment such as previously leaked or stolen information. -
Extended Visibility of Threat Activity Across the Attack Chain, From Pre-, During and Post-compromise
Supplementing your MDR service with dark web monitoring gives you extended visibility across the entire attacker lifecycle, which gives you additional layers of defense: 1) the opportunity to stop a planned attack in its tracks before it hits your network 2) if it does enter your network you have visibility but also can respond to contain it and 3) if the attack is successful or if it has compromised a previously unmonitored endpoint, you can identify early what data has been leaked. -
Use Intel From Surface, Deep and Dark Web to Supplement New Detection Use Cases
This intelligence gives your security operations teams additional IOCs to monitor, which, in turn, can be a new source for creating adversary-driven detection rules and playbooks. Armed with this additional intel can refocus your security controls but also proactively indicate new security policies and hardening priorities. -
Extend Response, Not Just Detection
Some providers such as Kroll can include takedown services so organizations can respond to any signs of brand impersonations such as typosquatting or phishing campaigns. This adds an additional string to your bow in terms of response options that go beyond your internal controls to more external threats.
Digital Risk Protection in a Cyber Risk Retainer
Digital risk protection can significantly advance the security of your organization’s digital identity and reputation. Kroll clients are able to package digital risk protection services with Kroll’s cyber risk retainer, for prioritized access to elite investigators and the flexibility to allocate incident response resources, as well as all other cybersecurity solutions offered by Kroll.
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll Responder MDR for Microsoft Security
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
Managed Security Services
World-renowned cyber investigators and leading technology fuel Kroll’s managed security services, augmenting security operations centres and incident response capabilities.
24x7 Endpoint Detection and Response
Intelligent Endpoint detection and response: Maximum confidence in data security
24/7 Managed SIEM Services
Detect and shut down threats faster with Managed Security Information and Event Management (SIEM) management from Kroll. Gain true insight into threats with real-time threat monitoring for visibility of security events throughout your organization’s network.
Events
Threat Intelligence
Threat Intelligence
Q1 2024 Cyber Threat Landscape Virtual Briefing
May 29, 2024|Online
Join the Q1 2024 Cyber Threat Landscape Virtual Briefing as Kroll’s cyber threat analysts outline notable trends and insights from our incident response intelligence.
Threat Intelligence
Kroll at 2024 Gartner Security & Risk Management Summit
June 3 - 5, 2024|Conference
Join Kroll experts at Gartner SRM in National Harbor from June 3-5, 2024. Stop by booth 556 to meet our team.
Threat Intelligence
Kroll at Infosecurity Europe 2024
June 4 - 6, 2024|Conference
Join our cyber risk experts at Infosecurity Europe in London, June 4–6, Stand C35. Get the latest threat intel, win prizes, and more.
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.