IntSights - Experts & Thought Leaders

Naranja is Argentina’s largest issuer of credit cards. With over 5 million clients and 210 storefront locations across the country, the company has a substantial presence in nearly every city. Headquartered in Cordoba, Argentina’s second-largest city, Naranja has over 4 million cardholders and 9 million active cards that perform 146 million transactions per year. While its primary operations are in Argentina, Naranja also has a strong presence in Peru and the Dominican Republic via its business partnerships. Naranja recently entered the fintech sector through Naranja X, a mobile app that satisfies customers’ daily needs with digital products and services for people, merchants, and small businesses. Security Operations Center The company has a workforce of around 3,000, with a security team made up of 30 people. There are three pillars within the security team: digital information security, which covers products and standard security revisions; cybersecurity, which includes the Security Operations Center (SOC) and several tools for SIEM and endpoint protection; and security information, which pertains to digital brand protection strategy. The SOC team primarily uses IntSights Threat Command for brand protection initiatives. Daniel Daniele, the Information Security Lead, and Leonardo Ariel Chiodin, an Information Security Analyst, use the IntSights platform daily as part of their brand protection activities. Lack of determining threat SOC team used online tools to manually check for mentions of Naranja, but these tools were not capable of alerting the team Before adopting IntSights, Daniele’s team was faced with performing manual threat hunting and monitoring of domains, social media platforms, and other sources where Naranja digital assets could be exposed or at risk. Naranja’s security team lacked visibility into external threats to the company’s online brand, such as malicious spoofed domains or leaked credentials. The SOC team used several online tools to manually check for mentions of Naranja, but these tools only provided surface-level information and were not capable of alerting the team when targeted threats emerged. If the team did not manually check the sites they knew of frequently, it would leave the company susceptible to cyberattacks. The limited visibility into external threats and the security team’s reactive strategy meant that Naranja needed to rely on the existing perimeter and endpoint security solutions in the event of an attack. IntSights Threat Command Naranja’s SOC team knew they needed to embrace a more proactive strategy to identify external cyber threats. They looked into several different vendors in the cyber threat intelligence space, measuring each solution’s capabilities against the company’s most pressing needs. Naranja team determined that IntSights Threat Command provided the best threat data to provide broad visibility After careful consideration, the Naranja team determined that IntSights Threat Command provided the best threat data compared to other vendors. The quality, breadth, and accuracy of the threat alert IntSights provided were superior to that of the other vendors. The Naranja SOC team decided it was the best fit to provide broad visibility into external threats targeting the organization, offering the automated ability to constantly monitor for threats. Efficient threat detection with ETP  Since Naranja deployed IntSights, Daniele and Chiodin have gained visibility, become more efficient, and been able to focus more on threat investigation, rather than manually searching for and identifying threats. The SOC team has visibility into threats targeting Naranja’s digital assets and personnel, whether it be stolen credit card numbers, spoofed domains, or targeted corporate executives and VIPs. They receive automated daily alerts regarding external cyber threats directly within the IntSights External Threat Protection (ETP) platform. Naranja’s SOC team can focus on the most important or pressing threats against the brand, as Threat Command identifies critical and actionable threats. The platform’s detailed threat data provides critical information that enables the security team to prevent credential or credit card leaks. With IntSights in-platform remediation tools, Daniele and Chiodin can mitigate the risk of threats before they evolve into cyberattacks by proactively shutting them down at the source.

IntSights and ALSO Holding AG launched a new partnership that presents an exciting opportunity for ALSO’s 9,000+ channel partners and the businesses they serve. Through the ALSO Cloud Marketplace, channel partners can extend their solution sets with IntSights Threat Command to provide business-critical external threat intelligence to small and midsize businesses (SMBs) and small and medium enterprises (SMEs). SMB and SME security leaders have limited resources and visibility. Their teams are continuously inundated with uncontextualized threat alerts, most of which don’t directly impact their organizations. As a result, they spend valuable time manually sifting through excessive data, or they simply focus on other priorities. Either way, SMBs, and SMEs are missing the opportunity to prioritize and dismantle the most critical threats posing the greatest risk to their companies. Continuous threat monitoring IntSights helps SMBs and SMEs enhance their cybersecurity and improve resilience by covering critical use cases IntSights Threat Command is the first-of-its-kind technology to become available via the ALSO Cloud Marketplace. Leveraging unique cyber reconnaissance capabilities and proprietary data-mining algorithms, Threat Command continuously monitors and mitigates emerging external threats that directly target the organization. Mapping to the company’s unique brand and digital assets, it identifies, analyses, and prioritizes relevant threats to the business. IntSights helps SMBs and SMEs enhance their cybersecurity and improve resilience by covering critical use cases, including: Data Leakage Detection (stolen IPs, confidential documents, PII) Account Takeover (credential theft) Phishing Protection (detection and prevention, fraud campaign blocking) Exposed Services (misconfigured cloud storage services, open ports, unpatched vulnerabilities)

It has long been recognized that no one is safe from cyber-attacks, but some sectors face a much higher level of threat than others. Critical infrastructure sectors such as utilities, energy and industrial manufacturing are some of those that face an intense level of interest from cyber criminals and nation-state groups across the globe. The impacts of a successful attack can have detrimental consequences, for both the cyber and physical side of the business, in terms of business disruption, economic dips and other real-life consequences. Compromise of ICS and SCADA systems One of the greatest risks to these critical infrastructure sectors is the compromise of ICS and SCADA systems inside operational technology environments (OT environments). Attackers can move laterally from IT networks to OT environments, with the potential to cause even greater damage or disruption. But even those attackers, who solely focus on compromising IT environments, are still able to trigger major disruption, by disabling day-to-day processes that are involved in the production and roll-out of solutions and services. Rise in cyber-attacks on utility and energy sector Recent events have shown that attacks on the utility and energy sector are ramping up Recent events have shown that attacks on the utility and energy sector are ramping up. The attack on the US Colonial Pipeline, for example, was one of the most high-profile breaches in the industry’s history, particularly when considering the secondary, physical consequences. The decision to shut down the Colonial Pipeline, while considered necessary, triggered a wave of disruption, leading to gasoline shortages and inflated costs. This is just one example of the serious effects that a successful cyber breach can have on an organization. Ransomware-based attacks Often financially motivated, one of the most common methods that cyber criminals increasingly opt for is ransomware-based attacks, as they are an effective way of blackmailing organizations into handing over valuable credentials or completing financial transactions. Once armed with the company credentials, threat actors can then post a sale of access to compromised networks on underground criminal forums. Armed with stolen credentials and therefore, access to the network, adversaries can then move laterally across the IT systems in OT environments. The ability to travel laterally is a sign of poor network segmentation on the business side between IT and OT networks. Malicious links in phishing emails If files are encrypted by criminals within both environments, businesses are faced with double the amount of disruption. This can lead to companies having to shut down operations, even if just as a precaution, just like in the case of the Colonial Pipeline. Malicious links included in phishing emails are another simple and highly effective method used by criminals to compromise company networks. While there are many security solutions that defend against common phishing attempts, criminal activity is becoming far more advanced, to the point where they are able to bypass standard security systems and gain access to the most sensitive of files. Why critical infrastructure is targeted Common forms of attack involve theft of personally identifiable information (PII) of customers and employees Businesses within the utilities and energy sectors often hold data deemed highly valuable by threat actors, including both basic criminal gangs and advanced nation-state operatives. Common forms of attack involve theft of personally identifiable information (PII) of customers and employees, either for further exploitation or to sell on the dark web. However, motivations can develop far beyond the usual common criminal. Nation-states have also taken great interest in these industries to steal competitive intelligence, in order to gain market advantages over foreign competitors. States including Russia, Iran and China, have all been suspected of targeting competitor countries in the critical infrastructure markets. Cyber threats posed by nation-states Aside from gaining a competitive edge, nations have also been known to engage in these cyber battles as forms of retaliation for previous attacks, or to get one-over on rivals. For example, it’s been recognized that motivations behind Iranian actions on the energy sector are due to the value of oil and gas in being central to the Iranian economy, and international efforts against their nuclear program. Other Iranian actors have focused their efforts on water infrastructures and attempted to compromise chlorine levels in Israeli water supplies back in 2020. The chlorine levels would have been reset to toxic levels, which could have had devastating physical consequences. On the other hand, motivations in China have revolved around competitive intelligence and intellectual property for cyber espionage. The data is subsequently used to advance economic growth in different industries. Physical and digital disruptions Due to the nature of these industries, in addition to companies facing business disruption and loss of customer trust, consequences could span beyond the digital side of the business. As outlined above, these attacks on utilities and other industrial organizations can result in physical damage, as well as digital disruption. Unlike other markets, utilities are directly involved in people’s lives, and any attack on a company will impact individuals through a domino effect. The incident with an Iranian actor attempting to sabotage chlorine levels in an Israeli water supply is a prime example of this. While the attack was against the water provider itself, the consequences could have been harmful to the wider population, who rely on the water supply. Again, the Colonial Pipeline attack had consequences that expanded beyond the targeted company. Inflated prices and fuel shortages impacted all customers at the end of the supply chain. Attacks on any critical infrastructure could cause both short and long-term physical impacts, including blackouts, disrupted energy supply, and even physical harm to individuals. Need for a multi-layered defense solution The best way to deal with these forms of cyber-attacks is to bring everything right back to basics The best way to deal with these forms of cyber-attacks is to bring everything right back to basics. In most cases, criminals carry out their attacks by first gaining access to IT networks through the usual means of phishing emails and malicious links. Organizations should, therefore, ensure they have a multi-layered defense solution implemented, including advanced email security. There are a number of features that these solutions should deploy, including spam filters to prevent malicious emails from actually making it to the inbox. Sandbox analysis is also critical for scrutinizing email attachments, especially for external senders and emails containing suspicious file formats. These solutions should feature rules that block the execution of macros in Microsoft Office attachments to emails from senders outside the organization. Enhancing cyber security with encryption and authentication Additional features to help prevent lateral movement through the network are also worth considering. Demilitarized zones (DMZs) are also often used to divide IT and OT networks, as part of segmentation efforts and have proven to be highly effective. Further solutions such as encryption and authentication requirements will help restrict adversaries’ access to different areas of the network, should they be successful in breaching the defense line. Everyone should be involved in maintaining an organization’s line of defense. Education and training are vital, as employers can arm workers with the tools to spot and remove malicious emails, should any make it through the line of defense. Educating employees on enterprise security Human workers are often considered the weak point in a company’s cyber security, often due to lack of understanding of the risks. Keeping employees informed and educated will prove beneficial to the security of an organization in the long run.