Using Threat Intelligence to Counter Platform Abuse

by | Aug 3, 2020 | Blog, Trust and Safety

Companies whose products serve as collaboration platforms play a key role in our increasingly cloud native and remote work environment. The technology allows companies to achieve clear business opportunities, but also cause unique security challenges. Not only must they protect their corporate and development systems like all enterprises (endpoints, network infrastructure, container and VM security, etc), they also need to protect customers’ data on their platforms.

To disrupt fraud and abuse, these companies must ensure security is embedded in their development and product management culture. Threat intelligence can play a critical role in this process.

For the largest enterprises that have dedicated resources such as trust and safety teams to build internal threat intelligence programs, defending against fraud and abuse is feasible. However, what are smaller businesses to do?

Below are some considerations from our recent discussions with one such security leader, Egnyte Chief Security Officer and Co-Founder Kris Lahiri.

Take the following example:

A malicious actor used different credit cards to buy different anonymous accounts because a payment gateway would not stop the activity. Using those new accounts, the actor can conduct phishing attempts against the contact list of a compromised email account.

Actors are able to mold their actions to resemble normal user behavior that technology controls would not flag as anomalous. And in a vacuum, the activity may represent only a minor threat. However, when taken in the aggregate and fraud techniques are leveraged at scale, the impact can be severe. Enterprises need to think about threat hunting outside their firewalls as an additional layer of stopping and identifying malicious behavior.

In the example above, threat intelligence may have been able to pre-identify credit card data associated with malicious activity that could be blocked from purchases. Knowledge of the types of malware being uploaded to the platform for use in phishing could also prevent those attacks ahead of time.

Criminal actors typically have to establish infrastructure to commit their malicious acts. Combining the right external telemetry with internal data, platform security teams can put the proper automation into place to combat fraud and abuse. Adding external threat hunting that includes customer environments will provide yet another potential source of threat indicators.

If an actor cannot use existing base infrastructure to connect to an application in the first place, the expected gains from the criminal activity may not justify the time and expense required to start over and establish new infrastructure from scratch.

Implementing threat intelligence and advancing to external threat hunting may seem like a major investment and can be rife with false positives if the proper external telemetry is not collected, aggregated, automated, and analyzed. However, executed appropriately, it can help level up an enterprise security posture to the point an actor may choose to move onto an easier target.

Contact us to learn how Managed Intelligence can accelerate defense against fraud and platform abuse.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks