Cyberseer Discovers Exposed Corporate Credentials by Integrating Digital Shadows Intelligence into Exabeam Managed Service Offering
Account compromise — an increasing risk
Compromised credentials have become an ever-increasing threat over the past few years. The recent Digital Shadows Account Takeover in 2022 report shows they’ve found a whopping 24 billion exposed credentials online and, since 2020, the amount of hacked credentials available on the dark web has increased by 65%. Once a credential is exposed, malicious actors will rush to use it to try and compromise an account. As organizations also move to modern authentication mechanisms like SAML (where one credential provides access to multiple systems in an organization) a compromised credential becomes a very lucrative approach for hackers to gain a foothold in an environment — so much so that dark web subscriptions exist solely to broker exposed credential information to malicious actors and crime organizations.
What can Cyberseer do about this?
Cyberseer is a UK-based MSSP focused on taking a smart approach to cybersecurity, adopting machine learning and behavioral analytics toolsets. As a longstanding partner of both Exabeam and Digital Shadows, Cyberseer built a bespoke integration between the two platforms. Within Cyberseer’s managed Exabeam service, Cyberseer uses threat intelligence from Digital Shadows, which continually monitors an organization’s external digital footprint, particularly on the dark web. An effective use case to combat ransomware and groups like Lapsus$ is to monitor for exposed corporate credentials available online. Cyberseer’s automation proactively searches for exposed credentials discovered by Digital Shadows, feeding any that are found directly into the Smart Timelines in Exabeam Advanced Analytics.
Harnessing Exabeam Advanced Analytics and Rule Engine
Once Digital Shadows has been integrated, Cyberseer inserts compromised credential alerts directly into the Exabeam timeline to show alongside other user activity within the session, adding additional risk to the user or device’s total. With Digital Shadows alerts now visible within a user’s session, Cyberseer has multiple rules to detect anomalous Digital Shadows behavior, using the associated rule scores to easily show the severity of an event. A user or device becomes “notable” within Exabeam when they have scored 90 points of risk or more, automatically triggering an alert on the Advanced Analytics landing page. This alert is very visible to an analyst, reducing the time to respond when compromised credentials are discovered.
The advantage of putting Digital Shadows alerts into the timeline is that an analyst can use Exabeam’s User Risk Trend, quickly identifying any sessions with indicators of compromise (IOCs), where an exposed credential may have been compromised and then used maliciously. Commonly, the systems where a compromised credential can be used maliciously (such as email or Active Directory) are already sending log data into Exabeam, meaning that compromised credential misuse, such as account creation or email forwarding changes, can quickly be identified by looking at high-scoring rules. The upshot is that Cyberseer customers receive context-rich reports with accurate levels of severity for the exposed credential.
Bolstering the approach
As Cyberseer has customized rules that look for Digital Shadows alerts, Exabeam Incident Responder can be used to start orchestrating an automated response, helping reduce the mean time to detect and respond, lowering the risk exposure of an exposed credential.
In an example below, an Exabeam Playbook can be customized, so that when Cyberseer’s rule fires for a credential compromise, Cyberseer can orchestrate a response to lock that account, or send an email requesting the user reset their account password. Using Cyberseer’s rules, there are many possibilities for how Incident Responder can react to this.
Using Exabeam to process Digital Shadows alerts streamlines the process of handling anomalous events and minimizing the risk when credentials get exposed.
Cyberseer offers a wide range of smart security solutions to protect your business data, systems, and people. We can offer you the right solution and service to suit your individual needs.
With Cyberseer you get complete comfort with a rock-solid SLA. We provide a rapid response to incident management, real-time monitoring, coupled with process-led incident teams, reducing the time between incident awareness and remediation.
Cyberseer offers highly tailored and customized expert advice, technology solutions, and service offerings, so that you can be confident in what happens next when a cyber incident occurs.
For more information on Digital Shadows or Cyberseer service:
Exabeam News Wrap-up – Week of September 12, 2022
The 4 Steps to a Phishing Investigation
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!