Integral to this effort is the process of each client learning from the incident and updating their security incident response plans accordingly. One thing that you generally don\u2019t yet find in most such plans is crossing over to the \u201cdark\u201d side of the internet \u2013 but moving forward I think it\u2019s likely you may.<\/p>\n","protected":false},"excerpt":{"rendered":"
Several weeks prior their client-facing website\/application had been \u201chijacked\u201d and was redirecting clients from certain geographic regions to an overseas site. … Best guess would be a drive-by malware site, although the geographic discrimination is an unusual twist that would have been interesting to understand. In order to ensure that any traces of the compromise were eradicated, the client rebuilt the site at a different hoisting provider on a fresh Content Management System (CMS) install with updated modules\/templates. That being said, we had several good data points: an overseas IP address attempting to hit the admin page of the app and the fact that the hacker had signed his website defacement.<\/p>\n
One thing many people don\u2019t know about TOR is that it can also be used to connect to \u201chidden services\u201d on the internet \u2013 sometimes referred to as the \u201cdarknet\u201d. … It\u2019s not for the faint of heart \u2013 and despite the \u201canonymity\u201d that is provided by TOR, you still find yourself looking over your shoulder when you\u2019re on it. <\/p>\n
Part of our client\u2019s continuous improvement process is adding TOR\/darknet knowledge to their Computer Security Incident Response Team (CSIRT). Hopefully, they won\u2019t have to exercise the plan anytime soon \u2013 but if they have a security incident to respond to their Incident Response Plan now includes a trip to the dark side.<\/p>\n
Link: http:\/\/www.pivotpointsecurity.com\/risky-business\/does-your-incident-response-plan-include-the-dark-side-of-the-internet<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-225","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=225"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/225\/revisions"}],"predecessor-version":[{"id":2712,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/225\/revisions\/2712"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}