The beginning of this week has been incredibly busy for Damien, a system admin working for Sihtmark. His company’s servers were attacked during the weekend, and it seems like they were totally corrupted. It is now impossible to log in, some entire departments of the company are paralysed.
First conclusion after several days of investigation and reinstallation: one of the early development version of the intranet that had been forgotten was still mistakenly online, waiting for hackers to attack it. Users data that is potentially still valid on that intranet was probably compiled from information gathered on the internet.
Second conclusion: Sihtmark has lost control and has lost track on what they expose on the internet.
Too many questions, not enough answers.
After an event like that, Damien is asking himself simple questions, and yet all his answers include “Maybe”, “I believe…”, “It should be…”, “Usually…”.
What domains does the company manage? Who bought, configured and is now supposed to maintain them?
What has been done with those websites? And why was the intranet on the internet?
Furthermore, if the attackers could find the intranet and flaws in it, those very flaws that led to a total corruption of the servers, how and where did they find information about it? Is confidential information spread all over the internet?
The time has come for cleaning the company’s digital footprint.
Now, what Sihtmark needs to do is a proper investigation of its online presence and Damien knows how to do that. By conducting a Recon Audit.
Audit for companies with a bit of history.
It would make little sense for a 3 months startup to do that kind of audit. Indeed, the younger a company is, the smaller its digital footprint will be as well as its technical history.
On the other hand, a company like Sihtmark that has been around for many years and that has had an important staff turnover is very likely to find many information, sometimes sensitive information, on the internet during a Recon Audit. Its digital footprint will be proportionate to the degree of the company’s digitalisation (being on the internet, having a digital core business, using several web tools…)
An audit with no risk (except from odd findings).
The time of cold sweats and service interruptions is over for Sihtmark. Now, Damien needs to rest a little since he cannot take the risk to interfere with the company’s activities anymore.
By nature, a digital footprint audit does not include agressive technical attacks on the target. As opposed to a “pentest” audit (or penetration testing audit) which aims to enter in a company’s infrastructure. The digital footprint audit just turns around its target, merely touching it.
The objective is simple: find the hidden part of the iceberg. Thinking that we know everything about our company and its digital life is no longer realistic.
Basically, Damien will be looking for the following information on his company: who is identifiable, and how? What kind of documents, or sensitive information are traceable? Is there any obvious security flaws? Is there any hidden data that is not indexed on regular search engine? He will also have to do a digital mapping of the different services that are noticeable on the internet.
And there is more to it. Those researches will not only be aimed at the present, but at the past too. Don’t forget that the internet remembers everything.
We have seen that Recon Audits are risk free when it comes to the security of your digital platform. However, we do not guarantee you that you are safe from finding unexpected information.
A third-party company took care of the audit and, sadly for Damien, they discovered a lot of unexpected information, which is very common for companies that important, such as:
- Confidential data leaked by a supplier,
- Web domains forgotten for several years and old services still working on servers (including CMS that were not updated and that were installed on unsafe servers),
- Compromised professional email accounts,
- Test data that was forgotten here and there.
It is quite tricky to remain fully aware of the digital services, and data linked to them, provided by a company. It gets even worse for the environments that are constantly evolving and organisations with a high staff turnover.
The main objective of a Recon Audit is to seize the digital footprint of your company on the internet.
DNS registration, IPs, services, emails, evidence left by your employees, Darknet presence… We set up a full cartography of your web presence.