When we go online, we’re always at risk of one thing or another, whether it’s direct attacks, our data getting stolen in some data breach, or us falling for a phishing scam. Digital Shadows is a company that seeks to protect against external threats, even diving on the dark web to dig out precious data.
Harrison Van Riper is a Strategy and Research Analyst with Digital Shadows, climbing up the ranks over the past few years with the company. We wanted to dig into what Digital Shadows is doing and how the company keeps people safe. Read our interview with Van Riper to find out more.
TechNadu: Digital Shadows comes with some really great tools, but what makes you stand out from the crowd? Why would clients choose you over other options currently available?
Harrison Van Riper: Digital Shadows provides a wholly inclusive delivery model that highlights our expertise in the field of Digital Risk throughout every step of the way. In our collective mind, it isn’t just about one specific tool, but how we stay connected with our clients throughout the entire process. From our initial calls establishing what the client’s team(s) are most concerned with to the delivery of our risk alerts, Digital Shadows experts whether they be engineers, analysts, or client success managers are there every step of the way. Competitors tend to either focus on a specific area of coverage or overwhelm you with data. We take an approach which gives you broad coverage without alert fatigue. I think this is what makes Digital Shadows stand out among the pack of other options, and I’m not alone: in 2018, Forrester Research published the Digital Risk Protection New Wave for Q3 2018, in which Digital Shadows was named a “Leader” in the Digital Risk Protection space.
TechNadu: Digital Shadows offers a wide range of tools to combat attackers, including dark web monitoring, which isn’t something that we often encounter among security solutions. How does it work exactly and what kind of data do you provide customers with?
Harrison Van Riper: Our Dark Web Monitoring combines technical collection capabilities in addition to our analyst collections. Without going too deep into the tradecraft that our teams utilize, Digital Shadows is able to gain valuable, actionable intelligence from the cybercriminal threat landscape from forums, marketplaces, and other private areas, not only on the dark web but also the open and deep web. It’s essential to keep in mind that criminals operating online do not solely exist on the dark web – there are several, if not proportionally more, instances of criminal activity occurring on the open web. However, to gain the full perspective and analysis that Digital Shadows offers to our clients, it’s essential to monitor all of these different data sources. SearchLight detects whenever your sensitive assets are exposed or impersonated across a broad range of online sources across the surface web, document stores, deep and dark web, and technical sources. We are continually expanding the variety of sources we cover as the threat landscape grows.
TechNadu: What are some of the most popular tools clients look to get from Digital Shadows?
Harrison Van Riper: Within Digital Shadows Searchlight, our clients have access to Shadow Search, which enables instant access to our comprehensive collection of historical and evolving threat intelligence assets, as well as expert security sources. Features and sources contained in Shadow Search include current and historical domain WHOIS information, structured and unstructured data sets from the open, deep, and dark web, as well as the ability to save searches and export results in Excel and JSON, and access that data via our API. We’ve found these features to be extremely useful for those security teams which may have more human resources to do investigations or conduct incident response on internal events.
TechNadu: One of the things you do at Digital Shadows is to research cyber threat actors to help customers better understand the landscape. Where are the most significant threats coming from?
Harrison Van Riper: The threats are incredibly varied, but I think one of the biggest threats that companies face today is Business Email Compromise (BEC). I wrote a blog in April summarizing the FBI’s annual Internet Crimes Complaints Center (IC3), and out of the $2.7 billion lost over 2018 alone, $1.2 billion of that was due to BEC. This threat has existed for a number of years now, but when we start to quantify just how much money businesses are losing because of BEC alone, it really does become staggering and forces you to rethink your approach to specific processes and systems. We’ve focused so heavily on the internal protections that network security and hardware security bring, but we need to look at more external threats overall to gain full visibility into our risks. Within BEC attacks, you’ve got techniques like spear phishing, social engineering, typosquatting domains – things that more traditional network security don’t wholly mitigate.
TechNadu: At the end of 2018, you made some predictions about what 2019 will bring. How many of those came true so far and what are two things you think we’ll see in the second half of the year?
Harrison Van Riper: For the most part, those forecasts have held up pretty well! If you look at GDPR, we’ve seen several high profile and record-making fines levied against companies exposing employee data, which has undoubtedly put a lot more companies on notice. Traditional ransomware has continued to decline throughout the year, with several reports indicating that though it’s still being seen attacking in the wild, not nearly as many instances have been observed. One that might be less obvious was the prediction that the US and China “trade war” would lead to an increase in nation-state espionage from both parties. As the economic tension between the two countries continues to be a significant geopolitical flashpoint, I would expect that more covert cyber espionage campaigns will continue between the two nations.
One thing we’ll likely continue to see throughout the second half of the year is more targeted ransomware attacks. In my previous forecast, I assessed that traditional ransomware attacks would decrease – that is, ransomware being delivered indiscriminately via phishing or spear-phishing emails, relying on the volume of campaigns to find success. As we’ve seen in the case of Norsk Hydro and various city governments around the US, ransomware is more frequently being used for targeted attacks to disrupt specific procedures within an overall system, hopefully leading to a higher success rate. So it’s hard to argue that logic as a small city in Florida paid over $600,000 to attackers after their systems were infected with ransomware.
Additionally, as the United States Presidential election approaches in 2020, I would expect to see efforts to cause some level of disruption begin to start ramping up. Social media networks specifically have been on high alert, with several identifying and blocking large swaths of accounts attributed to spreading disinformation. With the rise of “deep fakes” within the media over the last couple of months, it would not surprise me if videos depicting political leaders or presidential candidate contenders began circulating online.
TechNadu: I noticed you have a bachelor of Science in Criminal Justice. How has this degree helped you in your career so far?
Harrison Van Riper: My Bachelor of Science in Criminal Justice was how I discovered the cybercrime landscape, to begin with – I took a Cybercrime class, and it showed how prevalent online criminal activity is in the modern era. My degree helped introduce me to the traditional frameworks used to study illegal activity from a law enforcement perspective, which applies well to the cybercriminal landscape once you add a technical layer. Just as real-world criminals have their tactics, techniques, and procedures to rob a bank or break into a car, cybercriminals have their own technically sophisticated TTPs to steal funds from online bank accounts or break into networks.
I think there’s much crossover between traditional physical-based crimes and that which occurs online, especially with a lot of cyber threat actors going after low hanging fruit. This manifests itself with things like criminals stealing data from data stores which have been left publicly accessible by accident from organizations or individuals, something the Photon Research Team highlighted in our report Too Much Information: The Sequel.
Do you agree with what Van Riper has to say? Drop us a note in the comments section below the article and share the interview with friends and family so they can give it a read too. Follow TechNadu on Facebook and Twitter for more tech news, interviews, reviews, and guides.