Tag: stolen credentials

August 29, 2019

Thank You from our CEO: ID Agent Crosses 2,000 MSP Partner Mark and Continues to Expand Globally

A couple weeks ago, I received an email from Matt Solomon, our VP of Business Development, that caused me to stop what I was doing and take a moment to reflect… with a big smile on my face. The email was addressed to ID Agent’s Management Team and simply stated, “As of today, we’ve officially crossed the 2,000-Partner mark!” For some vendors in the channel, this number is comparatively small, but we reached that number in just over two years, as a self-funded startup in a new industry. I think that is pretty amazing! To say I am proud and grateful would be an understatement. We’ve been welcomed into the channel by MSP Partners who value protecting their small and midsized customers’ credentials as much as we do. We’ve used Dark Web ID™ to keep their customers’ data off the Dark Web, and we are so appreciative that each one has trusted our solution. We’re dedicated to helping MSPs grow their businesses and Dark Web ID is a crucial part of that process. As of today, our platform monitors roughly tens of thousands of domains and has reported nearly 10 million compromised records on behalf of our partners! Part of our mission is to extend that protection and revenue-building service we provide beyond North America. We currently have active Partners offering Dark Web monitoring in 22 countries, and we continue to expand that footprint, We’re invested in our Partners’ businesses, and we strive to do all we can to help them succeed. This past year we looked at other ways we can help MSPs to protect their customers, and the logical next step for us was to develop a Security Awareness Training and Anti-Phishing platform. With lots of input from our Partners, we launched BullPhish ID™ and have received excellent reviews from our Partners. With a wide range of phishing templates and training topics, MSPs can help develop employees into the front line of a company’s defense. Speaking of developing new products, we were beyond excited to announce earlier this year that we joined Kaseya. The vision Kaseya has shown in developing their IT Complete platform made them the perfect partner to help us get to the next level. With the backing of the leading provider of IT infrastructure management solutions, we are able to drive bigger and better improvements to our existing products and continue to innovate new security offerings to complement them. The feedback from our MSP Partner community speaks for itself. Every day, I receive emails and messages on LinkedIn raving about our Customer Success team and how they have in some cases literally saved a business, our world-class marketing materials that enable demand generation for MSPs who don’t have a marketing staff, and the educational presentations provided by our Business Development team that expand the value we bring far beyond the products themselves. Those emails make every early morning and late night at work, along with countless hours traveling the globe, totally worth it for me and the ID Agent Team. By the way, our team has grown to more than 50 full-time employees, and we are adding more every week! As we continue to grow, we thank each of you for your loyalty, your insight, and your friendship. Sincerely, ID Agent Awards to Date 1. ASCII 2018: Best Revenue Generator, Charlotte 2. ASCII 2018: Best Revenue Generator, Ann Arbor 3. ASCII 2018: Best Revenue Generator, Toronto 4. ASCII 2018: Best Revenue Generator, Seattle 5. ASCII 2018: Best Partner Involvement, Seattle 6. ASCII 2019: Best Educational Presentation, Orange County 7. ASCII 2019: Best Partner Involvement, Orange County 8. ASCII 2019: Best Partner Involvement, Dallas 9. ASCII 2019: Best Educational Presentation, Bethesda 10. ASCII 2019: Best Partner Involvement, Bethesda 11. ASCII 2019: Best Educational Presentation, Charlotte 12. ASCII 2019: Best Revenue Generator, Denver 13. ASCII 2019: Best Revenue Generator, Toronto 14. ChannelPro SMB Forum 2017: Best New Solution, Newark 15. ChannelPro SMB All-Star Vendor 2018 16. CRN Emerging Vendors 2017 17. CRN NexGen 2017: Best Technology Solution 18. CRN NexGen 2017: Best Tech Talk 19. CRN Emerging Vendors 2018 20. CRN Women in the Channel 2018 21. CRN Xchange 2018: Best Boardroom Execution, Orlando 22. CRN Xchange 2018: Best Xchange Newcomer, Orlando 23. CRN Xchange 2018: Best Boardroom Execution, San Antonio 24. CRN NexGen 2018: Best Technology Solution 25. CRN NexGen 2018: Best Tech Talk 26. CRN NexGen 2018: Best Boardroom Execution 27. CRN Channel Chiefs 2019 28. CRN 100 People You Should Know 2019 29. CRN Security 100 2019 30. CRN Xchange 2019: Best Boardroom Execution, Las Vegas 31. DattoCon 2018: Most Innovative Product 32. DattoCon Barcelona 2018: Best in Show 33. E-Channel News: Best New Solution 2018 34. IOTSSA 2019: Best Security Presentation, Salt Lake City 35. IOTSSA 2019: Best Security Solution, Columbus 36. SMB TechFest: Best Product Q2 2019

Read More
August 15, 2019

The link between GDPR and the Dark Web

Over a year after its widely anticipated debut on May 25th, 2018, the General Data Protection Regulation (GDPR) is still a point of confusion for many SMBs. Although our European partners have been keeping a pulse on developments for quite some time, privacy regulations are quickly pervading into the global security landscape across the US, Canada, Australia, and New Zealand with cascading consequences and implications. In order to prepare MSPs and business owners for upcoming change, the ID Agent Team will unravel how the Dark Web and GDPR are inextricably connected. But first, let’s refresh on the basics: A GDPR Crash Course Designed to protect the data security and privacy of EU citizens, the GDPR was introduced as a replacement to the Data Protection Directive of 1995. As an overview, the regulations empower consumers with greater ownership over their personal information; highlights including the “right to be forgotten”, a fortified consent process, and more stringent breach notification protocol requirements. Aside from expanding the definition of “data processing” to include collection, retention, deletion, breaches, and disclosures of personal data, the penalties associated with infractions are no laughing matter. Since its implementation, multinational corporations have seen fines amounting to $23M. Or even worse, 4% of global revenue. Dark Web + GDPR So where does the Dark Web fit into this? Just this past week, we covered a recent report by the Federation of Small Businesses (FSB) proclaiming that UK-based SMBs were suffering nearly 10,000 cyber attacks per day. Although the majority of these are serious security breaches, some are slipping through the cracks as “leaks” that go unnoticed. These manifest themselves as vulnerabilities caused by password recycling, lost devices, accidental website updates/ emails, and even rogue employee behavior. Unlike more overt incidents, data compromises are much more difficult to detect, especially for small businesses with minimal security measures in place. Therefore, sensitive information collected from such leaks ultimately finds a home on the Dark Web, without anyone being the wiser. As we know, cybercriminals will exchange valuable credentials for cryptocurrency, and then leverage leaked information to orchestrate crippling fraud tactics. In the past, companies were able to sidestep any ties back to them due to loose privacy regulations and limited feedback loops. However, those days are soon coming to an end. The GDPR mandates that companies of all shapes and sizes must disclose consumer data breaches, and will also be held liable for such accidental leaks. For example, the Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) of the UK has published specific guidance for risk management, data protection, detection, and minimization of impact. The Solution The global standards for data protection may be rising, but so have the solution sets for SMBs. By partnering up with MSPs who have enlisted in proactive Dark Web monitoring solutions (like Dark Web ID!), you can future-proof your company from facing GDPR fines or dealing with business process interruptions. Case dismissed. Need more proof? See what Ryan Markel, President of Take Ctrl, LLC, has to say about working with our team: “My clients are so grateful that they are not aware when their passwords are compromised that they are telling their colleagues at other companies they have to work with us”. Sources: https://www.parkersoftware.com/blog/gdpr-dark-web https://www.law.com/legaltechnews/2019/01/23/could-the-gdpr-right-to-access-make-personal-data-more-vulnerable/?slreturn=20190712111548 https://cybersecuritysummit.co.uk/wp-content/uploads/sites/29/2017/10/White-Paper-GDPR-Data-Breaches-the-Dark-Web-June-2017.pdf https://www.swknetworkservices.com/dark-web-breaches-compliance-gdpr/ https://gdpr.report/news/2017/07/03/growing-threat-dark-web/ http://www.securityeurope.info/the-eus-gdpr-and-crime-throwing-some-light-on-the-dark-net/ https://mashable.com/article/how-gdpr-changed-internet-2018/ https://lmgsecurity.com/should-your-data-breach-response-plan-include-dark-web-scanning/ https://cyansolutions.co.uk/monitor-dark-web-stop-security-breaches-fast/ Cybersecurity and GDPR: https://www.ncsc.gov.uk/information/GDPR UK’s Cyber Essentials certification: https://www.cyberessentials.ncsc.gov.uk/advice/

Read More
August 13, 2019

Just Announced: ID Agent To Deliver Cyber Security Certification at GlueX

ID Agent will be offering a Pre-Day MSP Security Certification at GlueX! Taught by our very own Senior Threat Analyst, Duncan Miller, those in attendance will learn the fundamentals for offering an effective core security program.

Read More
August 01, 2019

Thank You New Zealand and Australia!

As I reflect on the last 2 weeks I spent traveling through New Zealand and Australia for a series of MSP roadshows, one word comes to mind. Grateful. ID Agent has been in the channel since May 2017 and we’ve grown from a handful of early adopters to over 2000 active MSP Partners today. We first ventured Down Under last summer. Matt Solomon, our VP of Business Development, brought ID Agent to ANZ and had tons of success growing that market quickly. Since then, our Kiwi and Aussie Partners have really hit the ground running selling Dark Web ID and have become huge advocates and friends of the Team. Our roles in Channel Development are often exhausting, hectic and stressful, but getting to fly across the world and bring this product to a new batch of MSPs makes all the flight delays, early mornings and late nights, and the inevitable jet lag totally worth it! Dark Web ID is a best-in- class solution that provides our Partners the ability to educate and inform their clients when employee credentials have been exposed. This actionable data allows our Partners to become trusted advisors who provide valuable insight into employee behavior, In each of these 5 roadshows with our friends at Datto, I was able to speak to the success stories our Partners share every day and provide educational content they can turn around and present to their prospects. Having the right approach and not just using the data to scare people into buying something is key and we share the “tried and true” messages that have proven to work. In Sydney, Robert Brown even got up on stage with me and shared his own success stories. When I thanked him profusely for the kind words and recommendation, his response was simply, “I just spoke about my experiences. It’s a good product which makes it easy.” This mindset is prevalent throughout New Zealand and Australia, and it really was amazing to see how welcoming, thoughtful and energetic our current (and soon to be) Partners are on that side of the world. Our small but mighty business development team is on the road every week in various cities presenting and meeting with prospects and current Partners. We love what we do – and love getting to meet our Partners on the road. Whether it’s laughing over a cocktail (pr a kangaroo dinner), strategizing how to use Dark Web data to drive new revenue or just exploring a new city, the MSP community has been nothing short of amazing. Once this jet lag subsides, I can’t wait to hop back on a plane and head to the next city! Check out our events page to see when we’re heading your way!

Read More
July 31, 2019

Capital One Suffers Massive Data Breach

There was a time when bank robbers resembled the stereotype of a bandit or a pirate. In reality, modern bank robberies are much less like an Ocean’s Eleven movie and more of a person sitting behind their desk eating yogurt and probing networks for vulnerabilities. While we can’t verify the type of food that was eaten during the recent Capital One Financial Corporation breach, we do know what was taken and how. Paige Thompson, AKA “erratic,” a former software engineer, stole more than 100 million Americans’ information and another 6 million Canadians’ sensitive information in the breach. Capital One was made aware of a configuration vulnerability on July 17th when an ethical hacker discovered the data on Github and reported it to the bank. While investigating and fixing the vulnerability, the bank revealed that a third party had gained access to their system in March of this year. Capital One immediately fixed the vulnerability and contacted the FBI to conduct a criminal investigation. The list of information stolen is not pretty and is quite long. Compromised data includes: Names, dates of birth, phone numbers, email addresses, home addresses, zip codes/postal codes, self-reported income, credit card application data, credit scores, credit limits, balances, payment history, transaction data, US Social Security Numbers, bank account numbers, and Canadian Social Insurance Numbers, It should be noted that Capital One responded immediately to this breach and has since strengthened its cybersecurity defenses, but one cannot help but wonder how that much sensitive data was exposed on a popular public website from March to July without the bank realizing it was missing. Not only that, but what if the hacker decided to sell the information in a more secure location such as the Dark Web. Fortunately, the main suspect behind this digital bank heist was apprehended quickly. Today’s robberies may use less dynamite and guns, but the catastrophic effects are typically long-lasting and far-reaching. Now more than ever, individuals and businesses need to take responsibility for proactively protecting their digital credentials and assets. ID Agent provides monitoring and alerting for businesses when their employees’ credentials have become exposed on the Dark Web by offering Dark Web ID™ through the MSP channel. We also offer personal identity monitoring through our MSP Partners so that individuals can have peace of mind that they are covered when data breach occurs. SpotLight ID™ can be purchased directly from MSPs by individuals, or by business owners as a tax-free employee benefit. Contact [email protected] to learn more.

Read More
June 27, 2019

How to Spot a Phishing Attempt

Phishing is one of the most common, yet dangerous methods of cybercrime. Despite cybersecurity experts’ warnings over the years, it seems that internet users still consistently fall prey to these simple but effective attacks.

Read More
June 17, 2019

CISA Issues Official Activity Alert for BlueKeep

A security flaw has caused CISA to raise a red flag to alert users to possible trouble. Here’ what you need to know.

Read More
May 30, 2019

You’ve Been Breached: Now What?

So you’ve been breached. Now what? Once the dust has settled use it as a learning opportunity & tune up your cybersecurity plan. We can help.

Read More
May 14, 2019

Migrate With Caution: Microsoft Office 365 Security

The benefits of moving your business to the Cloud have become crystal clear in recent years. It allows you to empower your aging IT infrastructure, integrate your existing tools seamlessly, scale as your organization grows and work anywhere on any device. However, as is often the case, convenience comes at a cost to security. Cloud services are no exception. In fact, the Cybersecurity and Infrastructure Security Agency (CISA) has released an Analysis Report after having conducted interviews with customers who used third-party partners to migrate their email services to O365. It found that these organizations had a mix of configurations that lowered their overall security posture and led to user and mailbox compromises and vulnerabilities. Here is what you need to know about the risks involved in transitioning to O365 and other cloud services. Default settings = Defeated settings CISA found that multi-factor authentication for administrator accounts was not enabled by default by either the customer or third-party integrator. Azure Active Directory (AD) Global Administrators in an O365 environment have the highest level of administrator privileges at the tenant level. This is equivalent to the Domain Administrator in an on-premises AD environment. The Azure AD Global Administrator accounts are the first accounts created so that administrators can begin configuring their tenant and eventually migrate their users. Multi-factor authentication (MFA) is not enabled by default for these accounts. These accounts are exposed to internet access because they are based in the cloud. If the password has been compromised on the Dark Web or elsewhere, these cloud-based accounts could allow an attacker to maintain a constant presence in a customer’s critical O365 services from the very start of migration – essentially giving them the keys to the kingdom. Solution: Ensure that multi-factor authentication is enabled from the beginning of your migration to the cloud. If you are unsure how to do this, a reliable Managed Service Provider will be able to implement this step. Think Before You Sync Azure AD Connect integrates on-premises environments (non-cloud) with Azure AD when customers migrate to O365 (cloud). This technology provides the capability to create Azure AD identities from on-premises AD identities (or to match previously created Azure AD identities with on-premises AD identities). The on-premises identities then become the authoritative identities in the cloud. In order to match identities, the AD identity needs to match certain attributes. If matched, the Azure AD identity is flagged as on-premises managed. Therefore, it is possible to create an AD identity that matches an administrator in Azure AD and create an account on-premises with the same username. One of the authentication options for Azure AD is “Password Sync.” If this option is enabled, the password from on-premises overwrites the password in Azure AD. In this particular situation, if the on-premises AD identity is compromised, then an attacker could move laterally to the cloud when the sync occurs. Solution: Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users. A knowledgeable Managed Service Provider will be able to guide you through proper implementation of this precautionary measure. Just Following (Legacy) Protocol? Azure AD is the authentication method that O365 uses to authenticate with Exchange Online, which provides email services. It is important to keep in mind that there are several protocols associated with Exchange Online authentication that do not support modern authentication methods with multi-factor authentication features (such as POP3, IMAP and SMTP). Legacy protocols are used with older email clients and can be disabled at the tenant level or at the user level. However, if your organization requires older email clients as a business necessity, these protocols will not be disabled. This leaves email accounts exposed to the internet with only the username and password as the primary authentication method. Given the rampant exposure of credentials on Dark Web markets and elsewhere, a breach is highly likely to follow. Solution: One approach to mitigate this issue is to inventory users who still require the use of a legacy email client and legacy email protocols. Using Azure AD Conditional Access policies can help reduce the number of users who have the ability to use risky legacy protocol authentication methods. Taking this step will greatly reduce the attack surface for organizations. Again, an experienced Managed Service Provider will be able to ensure that your business is using the proper protocols. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More
May 02, 2019

“BERN” App Divulges 150 Million Voter Records

The future of community organizing or the latest flagrant violation of online privacy? That’s the debate currently raging over the Bernie Sanders presidential campaign’s roll-out of its new “BERN” application. The campaign positions it as a new organizing tool that assists volunteers in tracking potential supporters – permitting them to log the name and background of anyone they talk to: from friends and family members to complete strangers on the street. But skeptics argue that the database of personal information could open non-supporters up to harassment. While a sizable proportion of the data the app requests is publicly available for savvy political operatives who know where to look, critics say that having the data neatly compiled — while not giving people a way to opt out of it — presents online and offline safety concerns. So how did this hotly debated application expose private information of up to 150,000,000 American voters? It seems that an error in the app’s source code caused personal voter identification numbers to be exposed for several hours before ultimately being corrected. Visitors to the website could simply use the F12 Developer Tools shortcut to inspect HTML elements, displaying results like this: (personal information redacted to protect user privacy) Defenders of the application note that information like this has long been accessible by campaigns through the use of CRM tools like NGP VAN and others. However, opponents argue that there are some important caveats. Traditionally, campaign staff using the above tools are limited to data about the precincts they work in, data packets are coded, and personnel are monitored – the BERN app contained no such restrictions. Publishing voter files online is illegal in every state – and for good reason. In some states, voter ID numbers are identical to other identifying numbers like those found on Driver’s Licenses or Social Security cards. This is deeply troubling as hackers and criminals could use these legitimate records to make counterfeit IDs and subsequently use them to open bank accounts and commit other types of fraud. Setting aside critical identifiers like Social Security numbers, the exposed information such as a user’s age, residence, gender, zip code and other “banal” data can be cross-referenced with personal records already compromised on the Dark Web. For example, a cybercriminal typically purchases stolen credit card information on the Dark Web for less than $10 per record. To carry out an online purchase, a hacker would have to know your address and ZIP code – and thanks to the BERN leak, this information is already out there. For in-store purchases, a hacker could simply clone your credit card and, in the rare case that a store associate asks for a photo ID, use the Driver’s License number found on BERN to create a convincing and scannable counterfeit ID. (sample Dark Web advertisement for stolen credit card information) So how do you protect yourself from becoming a victim of identity theft? Organizations have proved time and time again that they are unable to ensure complete security of your personal information; therefore, it would benefit private citizens to enroll in an Identity Monitoring service. By enlisting the help of a trusted provider, online users can monitor their credit cards, driver’s license, Social Security number, medical records and even their passwords – and be alerted when they are for sale on the Dark Web, the world’s largest marketplace for stolen information. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More

Please fill in the form below to subscribe to our blog