While the technology sector’s pervasive economic footprint, privileged access to valuable information, and constant innovation of new technologies are key indicators of success, they also attract cybercriminals, hacktivists, and other actors motivated by financial or political gain.
The threat landscape yields many unique challenges for tech companies, which is why Flashpoint is proud to work with three of the top ten Internet-based companies globally. Flashpoint’s Trusted Intelligence derived from online illicit communities and chat services empowers tech companies to proactively address threats and mitigate risk across business functions.
Below are examples of challenges that Flashpoint helps tech companies address:
Since many tech companies maintain proprietary access to intellectual property (IP), they may be particularly susceptible to insider threats. The high black-market value and ample demand for IP on online illicit communities means that for malicious insiders with access to valuable company information, selling such access can provide a quick and profitable return. But, as most tech companies lack visibility into the forums and marketplaces where IP is bought and sold, insider threats often go undetected until the damage has occurred.
Flashpoint’s comprehensive access to online illicit communities facilitates quick detection of insider threats. In one instance, Flashpoint identified a post on an elite cybercrime forum offering the sale of source code from unreleased, enterprise-level software owned by a multinational tech company. Flashpoint subsequently determined the actor was a company employee. This intelligence enabled the company to prevent the sale of the source code and take action against the rogue employee.
Tech companies’ key executives are often the focal points of an abundance of press coverage and public interest. Unfortunately, this means that some executives may also receive unwanted attention from hacktivists, attention-seekers, and other threat actors motivated by financial, political, or personal gain. Since these actors’ schemes are often conceived and developed within online illicit communities, executive protection teams without visibility in these online regions may not be aware of all cyber and physical threats to which their executives are susceptible.
Many of Flashpoint’s analysts also possess physical security skills honed during time served in the U.S. military. This cyber-physical acumen helps organizations proactively address a full spectrum of threats facing executives and other high-profile individuals. Recently, when the CEO of a Fortune 100 tech company planned to attend a popular public event, the company used Flashpoint’s intelligence to identify and investigate previously-unknown physical threat actors located in the vicinity. This visibility enables security teams to leverage a threat-based approach by deploying resources in priority areas to protect their executive.
SUPPLY CHAIN SECURITY
Steep competition amid intense pressure to innovate new technologies drives many tech companies to outsource their supply chains. While outsourcing can increase efficiency and lower costs, it often prevents companies from having visibility into the production of their goods. As such, tech companies may not be aware of flawed manufacturing practices, insufficient quality controls, or other errors that could lead to security vulnerabilities within these goods.
In one instance, Flashpoint identified a serious vulnerability present within millions of Internet of Things (IoT) devices that rendered them susceptible to exploitation by the Mirai botnet and subsequent DDoS attacks. Analysts then traced the vulnerability to one upstream supplier contracted by many tech companies to manufacture components of their products. Flashpoint immediately alerted the companies and manufacturers so they could patch the vulnerability, issue recalls, and enforce stricter quality controls and security standards on upstream suppliers.
Since many tech companies store high volumes of customers’ personally identifiable information (PII), they can be desirable targets for cybercriminals seeking to steal and monetize PII. But without ample visibility into illicit communities, marketplaces, and forums where criminal schemes are hatched and proprietary information is bought and sold, tech companies may struggle to detect and verify cyber indicators of compromise (IOCs) accurately and effectively.
Flashpoint’s extensive lingual, social, and cultural expertise, as well as comprehensive access to online illicit communities, helps organizations proactively identify and investigate breaches. In one situation, Flashpoint observed a highly-reputable threat actor on an underground marketplace offering to sell access to a global IT company’s internal network. After verifying the breach’s validity, Flashpoint conducted a technical analysis to identify the source of the compromise and help the company mitigate any additional exposure.