Description
Service Overview
To subscribe to the Dark Web Monitoring service, you will be required to register your domain(s),and/or individual email address(es).
This will be added to the Cloud Reputation database, and Network Box will perform a Dark Web analysis to check if your details have been posted.
When the analysis is complete, Network Box will send you a detailed report on any compromised credentials.
After the initial report has been sent, further reports will be delivered, as and when additional credentials with the domains being monitored, appear on the Dark Web.
Network Box is only scanning for user credentials, and confidential data is not analysed.
For the IT manager
If breaches are discovered, the IT manager will receive an alert detailing the following:
■ Total number of breaches found
■ Number of plaintext/cracked passwords breached
■ Number of hashed passwords breached
■ Number of breaches domain is affected by
■ List of email addresses breached
■ Breach details of compromised email addresses
■ List of breaches domain is affected by
Additional notes:
The presence of specific email addresses and passwords in these breaches implies that this information is generally available on the Dark Web.
It is possible that some of these accounts on public websites were not setup by the particular user, but by others. This may be considered a false positive.
The primary concern is that the same passwords used on external systems, may also be used on internal systems.
■ If plaintext passwords are breached,that means either the plaintext password was originally released, or hackers have subsequently reversed the hash to find the plaintext password. In either case, the plaintext password is generally available on the Dark Web.
■ If hashed passwords are breached, that means they have not yet been reverse hashed, but may be at some time in the future.
As a matter of policy and to protect the sensitivity and security of this data, Network Box will not provide plaintext or hashed passwords to anyone except for the authenticated and confirmed end-users at the breached email address, as well as authorised Network Box staff. IT managers, will not have access to these passwords.
It would be prudent to force a password reset on internal systems for these accounts. In general, PCI style password policies should also be enforced to enforce 90 day (or so) password changes and other good password practices.
Users should be encouraged NOT to use their work email address for non-work related websites. (It is estimated that about thirty percent of people, reuse the passwords on multiple sites.)
A secondary concern is that these email addresses and passwords may be used in targeted phishing attacks.
You should consider using this as an opportunity for end-user education concerning such phishing activity (and general Internet trust) – not just for these users, but also other high level and high risk staff.