With emerging regulations and guidelines, including DORA, NIS2, HIPAA, SEC, and NIST, enterprises need a trusted partner to continuously monitor third-party, vendors and supply chain cyber risk.

Sling is designed to align seamlessly with the diverse set of regulations and frameworks, ensuring that organizations not only meet but exceed the necessary standards. This protects sensitive data while establishing a culture of trust and transparency with regulators and stakeholders.

DORA

The Digital Operational Resilience Act (DORA) is a European regulatory framework for financial entities and critical third parties. DORA focuses on strengthening defenses against disruptions and cyber threats.

Sling seamlessly integrates risk management assisting entities in aligning with the DORA framework. Sling aligns with DORA’s emphasis on continuous management and reporting, providing ongoing oversight and facilitating compliance with regulatory demands.

NIS2

The most recent iteration of the Network and Information Systems Directive (NIS2) is a European regulation targeting organizations critical to the economy and society’s cyber resilience, spanning sectors like energy, transport, finance, health, etc., and their supply chains. This, in turn, may impose obligations on entities outside of the EU that have business partnerships or serve as vendors for entities based within the EU.

Sling facilitates NIS2 compliance by supporting thorough risk analyses and identifying vulnerabilities in supply chains. It enables coordinated security risk assessments and ensures continuous evaluation of cybersecurity measures. Sling’s dynamic approach, including regular updates based on emerging threats, helps organizations adapt their supply chain security in alignment with the evolving threat landscape, overall enhancing enterprises cyber posture.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA), is a U.S. regulation mandating healthcare organizations to protect their health information and uphold patients’ rights. Compliance with HIPAA involves conducting comprehensive risk assessments for business associates and third parties with potential access to electronic Protected Health Information (ePHI).

Sling supports organizations in the regular review and updating of risk analysis and management processes. This adaptability ensures alignment with changes in environmental or operational factors that may impact ePHI, ensuring a continuous and dynamic approach to compliance.

NIST

National Institute of Standards and Technology (NIST) highlights Cyber Supply Chain Risk Management (C-SCRM).

While not a regulatory binding requirement, NIST is a common framework for multiple cybersecurity issues, also applicable in the form of the C-SCRM framework.

Organizations can enhance C-SCRM with the Sling tool supporting the identification, assessment, and mitigation of cybersecurity risks in the supply chain and critical infrastructure. Sling streamlines thorough risk assessments, pinpoints potential vulnerabilities, and facilitates due diligence of suppliers. Sling’s continuous monitoring strategies align with NIST’s emphasis on adaptability, enabling organizations to detect and respond promptly to changes in the supply chain risk environment.

SEC

The landscape of the U.S. Securities and Exchange Commission (SEC) regulations significantly impacts publicly traded companies, placing a primary emphasis on the management of third-party risks. Within this framework, there is a crucial focus on addressing cybersecurity, ensuring operational resilience, and upholding compliance with securities laws.

Sling facilitates adherence to multiple key compliance measures, including the adoption of External Attack Surface Management, continuous understanding and addressing of supply chain risk, standardized cyber risk measurement, driving remediation efforts, verifying vendor compliance, and determining vendor criticality. By utilizing Sling, organizations can integrate these compliance measures into their third-party risk management framework, effectively meeting SEC requirements and enhancing the overall security of their operations.

In essence, Sling becomes a vital partner for enterprises seeking to navigate the complexities of modern cybersecurity regulations. By streamlining safety procedures, Sling empowers organizations to focus on their core capabilities, confident in the knowledge that their cyber risk management is in good hands. As the regulatory landscape continues to develop and evolve, having a trusted partner like Sling becomes crucial in maintaining a strong and secure business environment.

הפוסט Navigating Supply Chain Regulations with Sling’s Integrated Solutions הופיע לראשונה ב-Sling Score.

This data breach shows the importance for businesses to recognize that securing not just their own systems but also third-party entities is key to protecting sensitive information. 

Delta Dental was among the numerous clients impacted by the breach that occurred on MOVEit’s file transfer software between May 27th and May 30th, an incident that came to their attention only on June 1st. The personal information compromised includes names, addresses, Social Security numbers, passport numbers, driver’s license numbers, financial account details, tax identification numbers, and health insurance and individuals health information.

The insurance company took steps to contain and remediate the incident, discovering the full extent of the breach on November 27, 2023. The affected individuals are being urged to remain vigilant for any suspicious activity on their accounts, and were offered free identity monitoring services.

The breach stands out due to its scale, making it the third-largest healthcare MOVEit-related breach reported, behind Maximus Inc. (11 million) and Welltok (8.5 million).

The Delta Dental breach emphasizes the need for advanced cyber risk management. By leveraging Sling, organizations can benefit from a proactive cybersecurity approach. Sling combines extensive Darknet knowledge with expert-driven threat intelligence, enabling customers to enhance their cybersecurity posture over time. Sling’s approach not only addresses vulnerabilities but also helps organizations stand strong against constantly changing cybersecurity threats.

הפוסט Delta Dental of California Data Breach הופיע לראשונה ב-Sling Score.

T-Mobile Data Breach:

T-Mobile faced a series of data breaches in 2023, exposing millions of customers and employees to potential risks. The January breach, where a hacker exploited an API vulnerability, affected up to 37 million accounts. The breach originated from malicious activity in November 2022, but T-Mobile contained it within 24 hours. In April, a second breach affected 836 customers, exposing highly sensitive data, such as social security numbers and government ID details. Later in September, 89 gigabytes of T-Mobile employee data, linked to a breach of Connectivity Source, surfaced on hacker forums. Additionally, a system error in September led to the exposure of customer and payment data for fewer than 100 customers, which was quickly fixed by T-Mobile.

The T-Mobile breaches highlight the importance of proactive security measures and the need for continuous monitoring of APIs. In response to the vulnerability, T-Mobile’s swift containment demonstrated the value of quick incident response. However, the recurrence of breaches time and again in just 2023 alone suggests the necessity of a thorough security overhaul. Additionally, as seen in T-Mobile’s case with Connectivity Source, enhancing third-party management could help to mitigate potential risks. Strengthening cybersecurity infrastructure and fostering an environment of security awareness can help organizations preemptively address vulnerabilities and enhance overall resilience if ever facing threats.

MOVEit Data Breach:

The MOVEit Transfer software breach in 2023 stands out as one of the largest and most impactful hacks in 2023, affecting over 1,000 known victim organizations. Progress disclosed a critical zero-day vulnerability in MOVEit Transfer in May, enabling the notorious Clop ransomware gang to exploit the service and steal sensitive data. The fallout included continuous threats to publish stolen data unless ransoms were paid. The breach had global repercussions, with U.S.-based organizations accounting for a large majority of the victims.

The MOVEit breach underlines the critical need for ongoing software vulnerability management and underscores the surging impact on interconnected organizations. The financial sector, healthcare, information technology, and government entities were particularly vulnerable, emphasizing the importance of sector-specific cybersecurity measures. Businesses should prioritize timely patching, threat intelligence sharing, and cybersecurity training to reduce the risk of zero-day vulnerabilities. As organizations grapple with the aftermath, it becomes very important to safeguard against the increasing sophistication of cyber threats.

Okta Data Breach:

In the latest security incident, Okta, a leading identity and authentication management provider, suffered a breach through a third-party vendor, Rightway Healthcare, affecting approximately 5,000 Okta employees. The compromise, discovered in late September but disclosed in October, involved unauthorized access to Rightway’s network, allowing threat actors to steal an eligibility census file containing sensitive personal information. The stolen data included names, Social Security numbers, and health or medical insurance plan numbers for Okta employees and their dependents from 2019 and 2020. Okta learned of the incident on October 12, and an investigation revealed that the hacker initially gained access to a Rightway employee’s cell phone, altering credentials to access and exfiltrate the files.

The Okta breach marks the inherent risks associated with third-party vendors and the need for vendor risk management strategies. Organizations must not only secure their internal systems but also assess the security practices of their third-party partners. Organizations should implement multi-layered security measures, such as regular vendor risk assessments, continuous monitoring, and employee training on cybersecurity best practices.

The events of third-party breaches in 2023 demonstrate the critical necessity for a reorganization of security. Strengthening third-party management is imperative to minimize risks and protect businesses. By securing internal systems and assessing the security practices of third-party partners effectively, businesses can strengthen their defense against potential threats and establish a resilient security framework.

הפוסט Lessons Learned from 2023’s Most Notable Third-Party Breaches הופיע לראשונה ב-Sling Score.

In this blog, we will elaborate on each step of Sling’s assessment process to understand why Sling’s solution is important in the makeup of an accurate cyber risk calculation.

Assets Discovery: Digital Footprint Detection

Accurate digital assets discovery is critical for risk management as digital networks are constantly changing and third parties are capable of accessing different assets. Existing solutions often encounter challenges with false positives – wherein unrelated assets are detected, and false negatives – leading to the oversight of relevant assets. 

Sling overcomes these problems through extensive discovery and validation capabilities. There are automatic validation mechanisms in the discovery process, including detecting and considering shared hosting and cloud providing services. Later on, a significant validation of the discovery is done in the onboarding process, when all assets are automatically reviewed and considered per unique guidelines.

Risks Collection: Extensive Threat Analysis

Following the asset discovery, Sling’s strategy for collecting risks relies on the extensive experience and knowledge of the Threat Intelligence ecosystem gaining invaluable insights into the perspectives of potential attackers. With over a decade of experience monitoring relevant sources, Sling translates textual information extracted from the Darknet and Deep Web directly to the score calculation. This enhances Sling’s ability to assess and mitigate cyber risks effectively.

The risks collection process is divided into three categories: Threat Intelligence Exposure, covering leaked credentials, compromised accounts, initial access, ransomware attacks, and database leaks; Attack Surface Management, which includes open ports and email security issues; and Technical Intelligence, comprising outdated technologies, vulnerabilities, and information disclosure. When combined and monitored properly, these intelligence types allow a comprehensive assessment of a company’s cyber exposure.

Score Calculation: The Root of Cybersecurity Assessment

At the heart of Sling’s cybersecurity assessment lies the Sling Score, a unique concept derived from a proprietary scoring algorithm. This score serves as a predictive mechanism, operating on a scale of 0 to 100, representing the probability of the company being attacked. The lower the score, the more vulnerable the organization is to potential threats. For further insights into the Sling Score, explore our blog post available here: Link

Portfolio Analysis: Strengthening the Chain, Link by Link

A company’s cybersecurity is only as strong as its weakest link, and Sling stresses this implicitly. Offering a comprehensive overview of a company’s vendors, including trends and distribution information, Sling enables organizations to gain insights into the strengths and weaknesses of their supply chain. The logic here is clear—evaluating a vendor portfolio in depth is essential to mitigate risk. Businesses can make informed decisions about vendor relationships, fortifying their cybersecurity defenses link by link.

Reports Output: Transforming Data into Actionable Intelligence

To streamline the experience, there is an option to export data into reports. The intelligence and data gathered is then exported into downloadable comprehensive reports. Sling provides flexibility with two types of reports—the Portfolio Report offering a comprehensive perspective on the overall security posture of vendors, and the Vendor Overview Report providing an in-depth view of a specific vendor in the portfolio. 

In order to calculate your cyber risk accurately, it is important to prioritize your sensitive vendors and resolve their issues first, maintain real-time knowledge of your supply chain vendors, and leverage technology to access darknet indications. The systematic progression of Sling’s platform is a testament to the company’s commitment to safeguarding businesses.

הפוסט Sling Architecture: A Step-by-Step Guide to Cybersecurity Assessment הופיע לראשונה ב-Sling Score.

Even though TPRM solutions are gaining popularity, third-party attacks are still surging, often resulting in significant financial losses to organizations, as well as business interruptions. This trend continues due to cyber score miscalculation and a lack of risk assessment. 

Sling Score addresses the inadequacies of existing risk assessments and the oversight of critical risks through its proprietary scoring algorithm, which is specifically tailored to focus on the Darknet. This tool was developed in collaboration with Threat Intelligence experts, leveraging a unique, in-house decade-plus Darknet and cybercrime database. Sling’s scoring mechanism, referred to as the “Sling Score”, operates on a scale of 0 to 100, representing the risk of the company being attacked by considering insights from an attackers’ perspective.

This is done by three key functionalities. Firstly, through actionable assets discovery, it autonomously validates the identification of assets, including domains, subdomains, and IP addresses, ensuring a wide detection and analysis of company-related assets. Secondly, the intelligence collection which includes advanced analysis to delve into attackers’ motivations, relying on a deep understanding of the Darknet and open sources. Lastly, the system prioritizes noise reduction, concentrating on verified data with clear impact on the vendor’s network. 

These methods make the Sling Score a predictive tool for cyber incidents, offering a solution that combines extensive Darknet knowledge with expert-driven threat intelligence for a more robust and proactive approach to cybersecurity. Over time, customers using Sling’s platform can improve companies’ scores by remediating risks related to network vulnerabilities & minimizing Darknet exposure. Customers with an average portfolio score of 75 and above are unlikely to endure a cyber incident from a provider in the supply chain.

With this approach, Sling helps organizations maintain a resilient cybersecurity posture by addressing vulnerabilities and staying current with the evolving threat landscape.

הפוסט Leveraging Darknet Intelligence for Accurate TPRM Score Calculation with Sling הופיע לראשונה ב-Sling Score.

Lack of Visibility in the Supply Chain:

While companies routinely prioritize the security of their supply chains as a necessity, they continue to struggle with the challenge of achieving real-time visibility into the hidden cyber risks within these chains. Consequently, if companies lack visibility into their supply chains, they may be vulnerable to cyber incidents originating from vendors. From data breaches to operational disruptions, the outcome of inadequate supply chain security can be extensive.

To tackle this issue, Sling prioritizes continuous real-time updates. In the cyber world, there is a brief window between recognizing a vulnerability and its potential exploitation, where every moment is of significant value. Acting fast in the face of potential threats, such as data breaches and operational disruptions, can make all the difference in safeguarding your assets and reputation.

False Positives (Noise) in the Supply Chain:

A common challenge in the management of cyber risks is the persistent and overwhelming flood of false positives. An inbox swamped with alerts significantly complicates the task of distinguishing genuine threats from unwanted noise. Dealing with this issue not only consumes valuable resources but also affects an organization’s ability to respond effectively to real dangers.

Sling utilizes automation mechanisms to filter out irrelevant cyber risks and digital assets during the risk assessment, and ranks the remaining ones by severity (Critical, High, Medium, Low, and Information) based on an in-house mechanism. This approach is oriented from the attacker’s perspective, considering the likelihood of exploitation by an attacker and its potential impact to the network. The enhanced visibility empowers organizations to make informed decisions, allocate resources efficiently, and strengthen incident response capabilities while mitigating false positives.

Communication Channels in the Supply Chain:

As supply chains are becoming more complex, it is necessary for companies to maintain direct communication with dozens of contacts. As a result, many cyber  issues remain unresolved while data continues to flow, and can create weak spots that cybercriminals may use to access a company’s sensitive data. It’s vital to provide a reliable method for alerting vendors to critical issues and maintain straightforward communication channels between businesses and their partners. This emphasizes the importance of quick identification and resolution of vulnerabilities through efficient communication.

Sling simplifies communication channels by allowing you to add vendors quickly and download reports in an instant. This streamlined approach complements our focus on addressing the cybersecurity challenges mentioned earlier, enabling companies to enhance collaboration and consistency with their partners and suppliers while ensuring swift and efficient management of their supply chain security.

Sling’s actionable third-party cyber risk management, can help you enhance visibility, reduce false positives, and improve communication channels within your supply chain. In conclusion, addressing the challenges associated with managing cyber risks from partners and suppliers is vital to the success of today’s businesses.

הפוסט Overcoming Market Challenges: Tackling Cyber Risks in Your Supply Chain הופיע לראשונה ב-Sling Score.

特に懸念されているのが繰り返し発生する攻撃で、その重大性への警戒が必要です。様々な種類の攻撃で、一度攻撃された被害者は再度攻撃される可能性が高いという研究結果が出ています。

特にランサムウェアについてはこうした繰り返し攻撃が最も顕著に見られます。ランサムウェアの被害者に関する複数の調査で、繰り返し攻撃が発生している割合が高いことがわかりました。たとえばCybereasonが先ごろ実施した調査では、ランサム（身代金）を支払ったランサムウェア被害者のうち80%近くが再度被害に遭っていることがわかりました。その多くが同一の相手による攻撃でした。興味深いのはこのうち約68%が最初の攻撃から1か月以内に2回目の攻撃に遭っている点です。

前述のようにこの傾向は各種攻撃で見られます。たとえば以下のような例が挙げられます。

データ漏えい：AccentureとPonemon Instituteが2021年に実施した調査では、データ漏えいを1度でも経験したことがある企業や組織は経験したことがない企業や組織に比べて繰り返しの攻撃に遭う確率が2.7倍高かったことがわかりました。

ウェブサイト偽装：Impervaの調査ではウェブサイト偽装攻撃に遭った企業や組織のうち、その後6か月以内に類似の攻撃に遭ったと回答した割合は47%でした。1

DoS：Neustarによる調査では、DDoS攻撃に遭った企業や組織のうち44%が攻撃後1年以内に再度攻撃されていることがわかりました。2

こうした調査だけでなく類似の調査でも同様な結果が得られているため、1度でも攻撃に遭った企業や組織は繰り返し攻撃される可能性が高く、企業や組織のサイバー攻撃の大半を占めています。

過去のインシデントと現在のリスクの関連性の高さについては、いくつか理由があります。

第1に、サイバー犯罪者は被害に遭ったことがある企業や組織を脆弱な存在としてとらえ、将来的にも攻撃しやすいと考えます。

さらにサイバー犯罪者は過去の攻撃で得た情報を利用して、その後さらに高度な標的型攻撃を仕掛けることができます。たとえば過去の攻撃で企業や組織のデータが盗まれた場合、サイバー犯罪者はその情報を利用してスピアフィッシング攻撃、ソーシャルエンジニアリング攻撃、あるいは企業や組織の脆弱性を狙ったその他の形式のサイバー攻撃を仕掛けることができます。

そして企業や組織が1度でもサイバー攻撃に遭えば、その防御やセキュリティプロトコルが脆弱なもの、あるいは正しく機能しなくなり、その後も攻撃対象になりやすいのです。最初の攻撃の原因となった脆弱性を修復するために適切な措置を講じなかった場合、その後の攻撃が発生しやすくなります。SLINGは広範なデータ収集と詳細なダークネットインテリジェンスを活用して過去に発生したあらゆる種類のサイバー攻撃を検出し、すべてのインシデントの分析に活用することで企業やベンダーのサイバーリスクスコアを適切に評価、予測できるようにします。

הפוסט 繰り返されるサイバー攻撃に警戒せよ：個人、企業、行政機関への影響とインサイト הופיע לראשונה ב-Sling Score.

There are plenty of known vulnerabilities, and the amount has increased over the years: In 2001 there was 1,677 new CVEs registered; in 2011, there was 4,155 (+247.7% in a decade); and in 2021 the numbers reached 20,169 (+485.4% in a decade). Therefore there is a need to prioritize mitigation and remediation. This challenge concerns IT personnel, CISOs, and everyone within the organization who relates to cybersecurity issues. According to FIRST publication, “firms are able to fix between 5% and 20% of known vulnerabilities per month”, and “only a small subset (2%-7%) of published vulnerabilities are ever seen to be exploited in the wild”.

The ability to make a realistic assessment of the significance of each CVE, its relevance to resources and functions, and its exploitability, is essential for proper prioritization of vulnerability handling by CISOs, and from a cyber insurance point of view for a correct assessment of a client’s cyber risk.

There are several scoring systems dedicated for CVEs. The most known is CVSS, but there are some alternatives that are not as widely used. Here we’ll review some of these systems and discuss their sufficiency.

CVSS

CVSS (Common Vulnerability Scoring System) measures severity based on technical analysis of multiple factors which represent the feasibility, technical difficulty, distribution, and impact of the vulnerability, along with the theoretical value of the compromised resource. CVSS rates CVEs on a scale from zero to ten.

CVSS was criticized as lacking in several aspects. Among the criticism drawn, the use of ratio scales for ordinal scale parameters, which results in a potentially inaccurate calculation of severity differences between cases; a lack of empirical basis for the formula as a standard; a lack in transparency of logics and supports behind the formula; and doubts regarding the validity of the weighting and rating methods.

One of the prominent weaknesses of CVSS is its failure to account for context. Vulnerabilities are often chained by hackers, meaning they exploit one to enable the exploitation of another. In this way a pair of low-risk CVEs in themselves could present a much more dangerous threat. For example, by exploiting CVE-2021-26855 an attacker can get a response from a Microsoft Exchange server with sensitive information including users’ SID (Security identifier). Then, the information can be used with CVE-2021-27065, which is a file writing vulnerability.

Another form of contextual variable is defence mechanisms (like input sanitisation) that prevent implementation of a given/existing CVE.

There are some interesting attempts to develop and offer an alternative or complementary scoring systems, aiming to address the weak aspects of CVSS. Two of them are EPSS and SSVC.

In view of the small proportion of exploitable vulnerabilities, EPSS (Exploit Prediction Scoring System) focuses on feasibility. The system looks at all published CVEs and revises the CVSS score of each, by their probability to materialize. It weights the CVE descriptive features, and base factors from CVSS, but adds to them more findings from the real world. EPSS counts if there are accessible exploits for a particular vulnerability, and to what extent these exploits were used in the field (based on data from AT&T and Fortinet). 

EPSS aims to provide accuracy and reduce the scope of vulnerabilities that are considered as requiring attention, so they overlap more and more with the vulnerabilities that are actually exploited.

The practical advantage of EPSS compared to CVSS, with regards to efficiency was demonstrated by First.org. On a sample of 1,000 CVEs with a CVSS score of 8.8 or higher, it was tested how many CVEs needed to be remediated in order to fix approximately 50% of all exploited vulnerabilities, under the prioritisation of each scoring system. With EPSS v2, this coverage rate (50% of all exploited CVEs) was gained by the top 47 CVEs, while with CVSS the requirement was to address 253 CVEs.

SSVC (Stakeholder-Specific Vulnerability Categorization) emphasizes the perspective differences between vendors (patch developer) and asset owners (patch applier, e.g., users). The system focuses on the need for decision from the point of view of the consumer.

SSVC is perhaps more of a framework than a scoring system. It doesn’t produce numerical scores for each CVE, but defines figurative variables and qualitative results, which design dedicated decision trees, that are intended to reflect the way users may see urgency differently than the ones who own the product and should patch the vulnerability.

Decision points include exploitation (whether there’s an exploit in the field) and exposure (whether the user’s network is accessible); technical impact (developer’s angle) and mission impact (user’s angle); and more. The values these variables get should determine the answer to the question of when to patch. The decision of whether the vulnerability demands immediate attention or it should be addressed as part of a scheduled update.

The benefits of SSVC are the clear, discreet assignment of priorities. In some it requires effort to “route” a vulnerability through the tree, that is, to classify and match CVEs to the appropriate category.

As explained, EPSS and SSVC look at the whole record of published CVEs and try to “sort the wheat from the chaff” however this isn’t a complete solution. EPSS does not intend to be used solely, but rather alongside CVSS or another robust scoring system. EPSS excels at calculating probability but does not calculate severity.  SSVC provides a framework more than actual scores.

More importantly when combining inputs from multiple scoring systems, there is still a need for further inspection. Every fixed system will fail to consider interference and cross-effects between two or more CVEs, and since concatenating exploits / chaining vulnerabilities is common, this is a significant flaw.

There are considerations that could not be included in a broad system. As articulated in the specification of CVSS v3.1:

Consumers may use CVSS information as input to an organizational vulnerability management process that also considers factors that are not part of CVSS in order to rank the threats to their technology infrastructure and make informed remediation decisions. Such factors may include: the number of customers on a product line, monetary losses due to a breach, life or property threatened, or public sentiment on highly publicized vulnerabilities. These are outside the scope of CVSS.

We suggest a concept of primary, secondary and tertiary vulnerability analysis levels that utilises the insights of the “institutional” systems, the base metrics of CVSS and the probability and perspective optimization that EPSS and SSVC provide. Added to these then a dynamic, hand-made analysis by a team of security researchers providing calculations based on a wide and in-depth collection of Darknet sources and in a way that enables detection, measurement and monitoring of actual trends.

הפוסט Sling Intelligence: Prioritization and Risk Assessment הופיע לראשונה ב-Sling Score.

The foundation of our unique approach for quantifying cyber risk comes from utilizing our own dark web threat intelligence platform which aims to penetrate the hardest to reach places across the internet. Those where cyber criminals engage and where Sling looks to automatically collect and analyze both structured and unstructured data sets from those interactions, then monitor and alert on the emerging threats emanating from the cyber criminal underground. To do this we leverage over a decade of experience and exhaustive training in darkweb research, intelligence collection and analysis across over 350 sources including forums, marketplaces, auto shops, instant messaging platforms, information sharing websites and hacking repositories. All in order to provide specific and context based customer threat data which informs the fast and accurate underwriting process of our solution.

Armed with these curated intelligence insights the next pillar of the process is the addition of insight from our in-house attack surface management and monitoring. Sling’ expertise in this field provides visibility of thousands of online assets across millions of sources and we build a comprehensive asset map, seeking out configuration weaknesses, missing patches, application bugs, encryption weaknesses etc, which are all assessed against the foundation level intel gained from the darkweb.

Within this continuous assessment cycle for our customers darkweb expertise and evaluation are at the core of our operations and inbuilt within our DNA, ensuring we fulfill our mission of reducing those typically ‘unknown’ cyber risks for our customers and consistently working from the viewpoint of cyber criminals.

To combat and provide visibility of aggregated exposure across our customer portfolio Sling is also able to reveal the attack surface of customer vendors, geolocate and map server locations and check customer profiles against significant or considered zero day vulnerabilities. All of these collated insights are available in real-time view via our interactive dashboard which provides visibility of all threats simultaneously – leaked credentials, hacking discussion references, leaked source code, compromised accounts, credit card records and network vulnerabilities. Customers have full access to their own unique profile. where they can manage their risk before, during and after a cyber incident. The clear and concise individual threat infographics feed into your own Sling cyber risk score, an accurate measure of the current risk profile for the business. All of these details are available in clear and easy to access reports making them actionable at a tactical, operational and strategic level. Email and text alerts provide updates of any new indicators of risk with follow up recommendations for mitigation measures. Remediation work is undertaken in partnership to help reduce the likelihood of a cyber attack becoming reality. As for the customer experience throughout the lifecycle with Sling, we will run masked phishing campaigns to show signs of where human error can expose the business and conduct non-standard breach and attack simulations to ensure security hygiene is profiled to best practices. These examples showcase the automatic and ongoing services that form part of the customer offering.

In instances where you have become the victim of cyber crime Sling’s post incident remediation capabilities provide support through the response and recovery phases of a cyber event to get you online and back to business fast!

Threat intelligence is now the battleground for cyber and we aim to protect and provide our customers with peace of mind by illuminating the darkweb, seeking and undertaking complex data analytics relevant to your business and providing a tailor made insurance and cybersecurity solution which is intelligence led.

הפוסט Unraveling Sling’s Intelligence-Led Cyber Insurance Approach הופיע לראשונה ב-Sling Score.

As a quick recap, DraftKings is a daily fantasy sports contest and sports betting company based in the United States. 

The breach described as a credential stuffing attack – when an attacker uses already leaked credentials (login username and password) of a digital account to hack into another account.

Credential stuffing naturally becomes possible where the victim recycles passwords – uses same or similar passwords for several accounts – and where there isn’t an MFA protection.

In the breach of DraftKings users, an unknown number of users discovered that money deposited in their account was stolen. The company compensated the users affected by the attack in the total amount of $300,000.

This is actually quite a peculiar event in the cybercrime landscape.
The interesting fact is that DraftKings says its systems were not hacked. However, the company suffered financial loss, due to the compensation, and possibly also a reputation damage.

The event demonstrates the significance of leaked credentials as a threat intelligence source, especially with regards to accounts which contain deposited balance, or permission to withdraw money from a bank account, and also accounts with sensitive information, when the incentive to commit credential stuffing is higher. Those kinds of accounts, in particular, should be protected by a unique password (from the client’s side), and by an added layer of authentication, e.g., MFA (from the provider’s side).

Another interesting fact, which by-context emphasizes our takes, is that one of DraftKings competitors, FanDuel, has also seen an increase in account takeover attempts against its users.

SLING risk score calculates leaked credential dumps gathered from multiple Darknet and Telegram sources, and takes into consideration the possibility of credential stuffing.

הפוסט Initial Access: The DraftKings Case Study by Sling הופיע לראשונה ב-Sling Score.