INDUSTRY: Cybersecurity

CLIENT: Confidential (referred to as “the client”)

About

In the digital age, protecting assets and data from cyber threats is a paramount concern for organizations. ICE24’s Cyber Security Division provides comprehensive solutions, including the Dark Web Threat Intelligence and Monitoring Solutions (TIMS). TIMS combines human expertise with sophisticated AI to scan millions of darknet domains, detecting breaches and generating detailed reports. This case study details how TIMS helped a high-net-worth individual (HNWI) client identify and mitigate a significant cyber threat.

Objectives

• Early Threat Identification: Provide early identification of threats and vulnerabilities for high-net-worth individuals and C-Suite clients.
• Data Breach Response: Respond swiftly to data breaches, safeguarding clients’ assets and preparing for potential attacks.
• Vulnerability Assessment: Continually assess and address potential vulnerabilities through comprehensive monitoring and analysis.

Challenges

• Dark Web Leaks: Client’s personally identifiable information (PII) was exposed on dark web forums, making it accessible to malicious actors.
• Initial Cyberattacks: HNWI clients received phishing emails and unsolicited messages, raising concerns about the sophistication and persistence of the threat actor.
• Digital Pseudonyms: The threat actor’s use of multiple aliases complicated efforts to understand the scope and scale of the campaign.

Strategies

• Tracing the Digital Footprint: Initiated an extensive Open Source Intelligence (OSINT) investigation to trace the threat actor’s digital footprint, scrutinizing email addresses and phone numbers used in the attacks.
• Phone Number Analysis: Identified a phone number used by the threat actor, uncovering associated social media accounts, online forum profiles, and linked email addresses.
• Social Media Profiles: Analyzed social media profiles to reveal consistent activity patterns and connections to hacking and cybercrime communities, despite the use of multiple pseudonyms.
• Positive Identification: Combined OSINT findings to positively identify the threat actor, who had a history of cybercrime, including previous hacking incidents and extortion attempts.
• Digital Sanitation: Conducted digital sanitation to ensure the client’s information was not easily exploitable by other malicious actors, tracking and identifying any additional compromising information leaked to the Dark Web.
• Ethical Considerations: Maintained strict ethical guidelines, respecting privacy and legal boundaries throughout the investigation.

Outcomes

• Sanitation: Guided the client in maintaining a secure digital footprint by understanding and addressing potential vulnerabilities.
• Leveraging OSINT: Demonstrated the power of OSINT in uncovering digital footprints and tracing malicious actors, even those operating under pseudonyms.
• Collaborative Efforts: Highlighted the importance of collaboration between cybersecurity experts, legal professionals, and law enforcement agencies in addressing cyber threats targeting high-net-worth individuals.