Uploaded byyvbnqsvj5b
32 views

Darkivore Deck 2025 deck for cyber security

Summary of carnivore product

Internet
Related topics:
Cyber-Security

Embed presentation

Download to read offline
WE ARE A CYBERSECURITY TECHNOLOGY VENDOR WITHIN THE POTECH GROUP. Headquartered in Paris, France, our mission is to empower organizations with the tools and expertise necessary to navigate the complex digital landscape with confidence.
A robust Security Information and Event Management (SIEM++) platform that centralizes and correlates security logs from various sources, providing real-time visibility into your network and enabling proactive threat detection. A powerful security incident response platform that empowers security teams to rapidly respond to and contain cyberattacks, minimizing downtime and damage. WE PROVIDE CUTTING-EDGE SOLUTIONS FOR THREAT DETECTION, INTELLIGENCE, & RESPONSE. SIEM++ A cutting-edge threat intelligence & digital risk protection platform that relentlessly hunts for threats lurking on the surface deep and dark web, uncovering potential vulnerabilities and enabling swift mitigation. CTI,DRP & XEASM SIRP
GLOBAL PRESENCE DARKIVORE: COMPLIANCE, GLOBAL REACH &INDUSTRY IMPACT COMPLIANCE DARKIVORE PRESENCE POTECH PRESENCE PLANNED EXPANSION
DIGITAL EXPANSION COMES WITH A PRICE STANDARD DATA CENTER EVOLVING DATA OPERATIONS MOTIVES CRIME OPPORTUNITY MEANS DIGITAL FOOTPRINT & DATA SOCIAL MEDIA DATABASE SERVER MAIL SERVER APPLICATION SERVERS SYSTEMS & INFRASTRUCTURE NETWORK DEVICES THE WEB CLOUD & ONLINE STORAGE ATTACKER THIRD PARTIES & SAAS While classic cybersecurity platforms focus on blocking the opportunities in a defensive manner. Darkivore Acts on detecting and taking down the means until we demotivate the attacker.
THE DARKCLOUD EVOLUTION THE LOCKSMITH - AAA Access as a service THE DETONATOR - RAAS Ransomeware as a service THE MIDNIGHT DIDLOMAT - NAAS Negotiation as a service The Dark Web has evolved from a secluded marketplace for elite cyber criminals into a vast ‘as- a-service’ ecosystem. With tools like Ransomware-as-a-Service (RaaS), Negotiation-as-a-Service (NaaS), and Access-as-a- Service (Aaas), cybercrime is now within reach of anyone with malicious intent.
DARKIVORE IN NUMBERS +20,000 Prevented data breaches 15% Increase in average business valuation +150,000 Yearly takedowns, potential threats neutralized $450M Avoided potential damages from data leakage and cyber attacks $2.31M Average Cost of Fraud prevented 95% Reduction in threats
FULL LICENSE - FEATURES DIGITAL RISK PROTECTION IMPERSONATIO N & SOCMINT COPYRIGHT & TRADEMARK DIGITAL FOOTPRINT PROTECTION ANTI- PHISHING DATA BREACH PROTECTION 3RD PARTY & CLOUD SECURITY ATTACK SURFACE & VULNERABILITY INTELLIGENCE TACTICAL CYBER THREAT INTELLIGENCE BRAND PROTECTION ATTACK SURFACE & THREAT INTELLIGENCE This all-in-one license integrates full-spectrum intelligence services with a robust suite of breach, incident, and takedown response capabilities, providing complete protection for your brand, digital assets, and online presence.
BRAND PROTECTION METRICS FEATURES From sophisticated impersonation schemes to widespread fraud and the rapid spread of malicious content, your online reputation is constantly under attack. 519% Year-over-year percentage increase in security incidents involving impersonation scams. 58% of organizations experienced account takeover incidents in 2024 +66% of consumers lose their trust in a brand after an impersonation attack.
BRAND PROTECTION FEATURES PROTECT YOUR ORGANIZATION AND CUSTOMERS by neutralizing phishing domains, bogus apps, spoofed subdomains, and fake web forms. ELIMINATE RISKS OF: • VIP/Brand impersonation • Scams • Account takeovers • Fraud attempts GUARD YOUR BRAND IMAGE, SocialMedia content, or exclusive services and products from unauthorized use. SAFEGUARD BOTH YOUR ACTIVE AND PASSIVE ONLINE PRESENCE, TO PREVENT: • Reputational Damage • Identity Theft • BEC Attacks • Spam &Phishing
ATTACK SURFACE &THREAT INTELLIGENCE FEATURES Your business relies on a dynamic and expansive digital ecosystem, spanning websites, mobile apps, cloud platforms, and employee devices. While this connectivity fuels growth and innovation, it also widens the attack surface, creating a larger 'window' of opportunity for cybercriminals to exploit. Increase in credential theft attacks in the second half of 2024. Companies affected by cloud security incidents in 2024. Average cost of a data breach in 2024. 703% $4.88M 80%
ATTACK SURFACE &THREAT INTELLIGENCE FEATURES Protect your organization and customers by neutralizing phishing domains, bogus apps, spoofed subdomains, and fake web forms. Gather indicators from OSINT, major threat feeds, CSIRT advisories and deep/dark web platforms, to counter potential threats targeting your organization. Automate passive reconnaissance to identify vulnerabilities and reduce your attack surface, strengthening your external security posture. Monitor the deep and dark web for leaks to uncover compromised credentials, financial data, source codes, and sensitive business information. Map and protect large amounts of data stored with third parties, software (SaaS) providers and cloud computing platforms. Anti- Phishing Tactical Cyberthreat Intelligence Attack Surface & Vulnerability Intelligence Data Breach Protection 3rd Party & Cloud Security
CORE ADVANTAGES PIIExposure Protection ➢ Real-Time Exposure Prevention: 98% Granular Deep and Darkweb Visibility ➢ x5 less noise in leakage management Hyper Fast Unlimited Takedown ➢ Average 12hours takedown The Dark Agent and Analyst Curated Results ➢ 90% less false-positive Seamless API Integration for Security Orchestration ➢ Time-to-action improvement by 95% Multilingual Threat Detection and Data Scavenging ➢ +120 script-aware detection 50+Commercial, Opensource and CSIRT Threat Feeds ➢ Tailor-made threat feeds Holisitic Social Media Intelligence (SOCMINT) Coverage ➢ +20 Social Media Platforms
THE DARK AGENT Maximize Takedowns Optimize Reports Sanitize The Noise Streamlines the takedown process by automating the selection of relevant targets, generating detailed investigation reports, and launching the takedown. Provides contextual answers related to the customer’s latest threats, dramatically accelerating data visibility and enabling faster decision-making. Effectively filters out false positives and irrelevant data, reducing the burden of sifting through massive datasets and allowing security teams to focus on genuine threats.
HOW DARKIVORE WORKS DARKIVORE® leverages the organization’s domains, content, and brand identity to scan the internet, deep, and dark web. It identifies, analyzes, and eradicates external threats targeting the organization.
DARKIVORE ANALYST COMPANY BRANDS & DOMAINS, CORRELATED WITH SENSITIVE CUSTOMER ASSETS: CHAT ROOMS & MESSAGING APPS Documents,urls, IPS, Services & Media Content, Contracts, etc.. DOMAIN NAME SERVERS SOCIAL MEDIA MENTIONS & DEEPFAKES HACKER SPACES/FORUMS DARK WEB/ DEEP WEB MARKETPLACES PHISING FORMS EXPOSED CLOUD ASSETS
CYBERTHREAT TAKEDOWN: PRECISION, SPEED, &SCALE Darkivore identifies threats with speed and precision, while human analysts validate findings to ensure accuracy. This seamless fusion of automation and expertise accelerates incident response, delivering scalable results without compromise. Relentless Diligence Ensures threats areeliminated with precision and persistence. Dynamic Scalability Responds to incidents at scale, minimizing downtime and disruption.
DARKIVORE ANALYST THREAT-NEUTRALIZING MESH ENGINE HOSTING SERVER ELIMINATION DOMAIN NAME DISMANTLING SOCIAL MEDIA PROFILE & CONTENT REMOVAL BROWSER & DEVICE ACCESS BLOCKING SEARCH ENGINE CACHE CLEARANCE ONLINE STORAGE/ REPOSITORY DELETION DEEP WEB & SURFACE WEB SITES NEUTRALIZATION
HUMAN IN THE LOOP: ELEVATING THREAT HUNTING BEYOND AI PROACTIVE TAKEDOWN SERVICES Tailored threat neutralization (weekly, daily, hourly). DEDICATED THREAT MONITORING Custom, human-curated monitoring, alerting, and response services, tailored to your needs REGULAR PROGRESS UPDATES Specialized CTI&DRP reports with “hands on” remediation. CUSTOM INSIGHTS Tailored reporting, dashboards, and triggers on demand. CUSTOMER SUCCESS MANAGEMENT Monthly and on-demand sessions. STRATEGIC THREAT OVERVIEW Executive CTI reports and strategies. 24/7 PLATFORM ACCESS SEAMLESS INTEGRATION Several types of APIs for alerts, findings, and updates.
DARKIVORE SOCRADAR Limited (cyber-squatting) Limited (newly created domains) Limited to social media CROWDSTRIKE ZEROFOX RECORDER FUTURE CYBELANGEL BLUELIV Limited Limited Limited (focused on official referenced content) Limited to darkweb marketplace FEATURES PHISHING DOMAIN DETECTION DATA LEAKAGE (DEEP & DARKWEB SCAVENGING) SUBDOMAIN SPOOFING/ DEFACEMENT WHALING/ ONLINE FORM SOCIAL MEDIA COVERAGE UNLIMITED TAKEDOWN TRADEMARK & COPYRIGHT (FOR E-MARKET PLACES) MOBILE ROGUE APPS ATTACK SURFACE MANAGEMENT Limited Limited Limited reference to official content Limited to darkweb marketplace Limited cost /takedown Limited local & regional social media presence Limited direct monitoring of official app stores Limited to darkweb marketplaces Limited response time & frequency latency Limited social media coverage Limited no takedown service specified limited focused on official references, lack of regional social media DARKIVORE BATTLECARD
SUCCESS STORY: LARGE MULTI-REGIONAL BANK Overview: Multi-regionalBank with37branches Company size: Large enterprise, with 2.20K+employees Challenge: Phishing and Social Media Scam Attacks
02 ACTION PLAN • Took a proactive approach to enhance company security instead of simply reacting to attacks. • Implemented round-the-clock scanning of the surface, deep, and dark web • Provided customers with a real-time platform to : • Continuously monitor brand’s digital footprint on all social media platforms • Track usage of brand domain & trade name on various platforms • Monitor the online exposure of key personnel 03 RESULTS • Take down of : +9,000 fake pages on Social Media +1,500malicious sites +25 rogue Mobile Application detected • Deactivation of +500 fake WhatsApp groups & malicious members • Detected & Alerted customers for deactivation of +2,500Credit Card leaked • Reduced malicious activities by 99%over 2years time • Provided regular weekly & monthly reports that included quantitative analysis of cyber threats and risks. 01PROBLEM • The Bank’s customers were affected by external fraud attempts through Phishing and Social Media Scam attacks. • Executives were suffering from Identity Theft. • The customer brand and digital assets were facing reputational damage. • Sensitive data was divulged through unintentional leakage. • SOC, SIEM, EDR, DLP, NGFW, Pen Tests etc.. Were not pre- emptive enough.
SUCCESS STORY : LARGE MULTI-REGIONAL HEALTHCARE COMPANY Overview: Healthcare Company, established since 1900 Company size: Large enterprise, 10K+ employees Challenge: Malware Darkweb Data Leakage
03 RESULTS • Malware harvested other credentials (personal email & social media accounts) and was not targeting the company specifically. • Data Leak took place outside the organization environment; company was relieved by the news. • Client enforced remote access policies to secure their 3rd party suppliers, changed their credentials immediately. • Client informed their customers to change their credentials and alerted them about the attack targeting their personal devices. 02 ACTION PLAN • 24/7 scanned the surface, deep and dark web. • Analyzed the data leakage :Malware installed on third party suppliers and customers personal devices that logs user credentials, outside the company’s environment. • Detected & Alerted our client of the compromised users. 01PROBLEM • Customers and Dev-Ops employee's data was compromised and sold on the dark/deep web. • Many password stuffing, and illegitimate access were detected on their platforms & VPN/PAM. • Initial Forensic investigations conducted by 3rd parties showed no sign of customer environment compromise. • Still their operations and online platforms were dramatically affected. • Cybersecurity teams were confused and overwhelmed.
Boosts threat accuracy & enrichment Enhances proactive cloud threat detection STRENGTHENING PROACTIVE THREAT INTELLIGENCE WITH SECLYTICS Seclytics is a leading provider of proactive threat intelligence, specializing in data aggregation and analysis to deliver highly accurate insights. Adds e-reputation, sentiment analysis, and GeoSec capabilities. Shares brand data for e-reputation and enriches GeoSec with regional threat intel. ELEVATING BRAND PROTECTION WITH NIGMA Nigma is at the forefront of brand protection, offering e-reputation management, sentiment analysis, and geo-specific threat intelligence. STRATEGIC ALLIANCES: ENHANCING DARKIVORE’S CAPABILITIES
DRIVING INNOVATION WITH POTECH LABS Potech Labs specializes in state-of-the-art research, providing innovative papers and insights that fuel technological advancements in cybersecurity. Provides cutting-edge research papers (+5). Supplies real-world threat data to advance AI/ML models. SECURING ACCESS WITH SNOWPACK Snowpack offers Zero Trust security solutions, focusing on protecting access and exposure management for organizations. Delivers Zero Trust access and enhances exposure management for customers. Detects attack surface to scope Zero Trust coverage. STRATEGIC ALLIANCES: ENHANCING DARKIVORE’S CAPABILITIES
THIDESOFT: EMPOWERED BY A UNIFIED CYBERSECURITY ECOSYSTEM Predictive Threat Analysis, AI Powered Assessments Analyst Expertise & Contextual Risk Analysis AI,State Of The Art R&D Big Data, and Latest Trends Darkcloud & Brand Data Scavenging E-reputation Physical Threat Intelligence (Gartner) Latest Attacks, Incident Response & TTPs, IOCs, IOAs AI based Threat detection and Automation
DARKIVORE ROADMAP – 2.0 FEATURES & UPDATES 2025 - UI/UX Revamp • Seamless user experience, clickthrough dashboards • Graph based correlation across all modules and detection • Highlighted critical findings throughout all views. • Organized unstructured darkweb data in a readable format for easy comprehension. • Improved navigation for effortless access to features. • Enhanced visual dashboards while maintaining clarity and simplicity. • User friendly feedback for improvements. Q1 2025 - Threat Hunting – The Dark Agent • Automated Insights: Advanced ticket enrichment and contextual threat analysis streamline investigations. • Noise Reduction: Minimize medium/low-risk distractions, allowing focus on critical threats. • Enhanced Autonomy: Empower customers with seamless, reduced manual navigation on the platform. • Proactive Protection: Automated social media/antiphishing takedown suggestions, enhancing existing rules and whitelists. 2025 - Reg Tech - Assistant • Provides an AI legal counsel navigating complex regulations specially in multi regional threat cases. • Utilizes advanced AI to contextualize relevant Regulations. • Darkivore caters to the unique needs of each client by accommodating custom internal policies and bylaws, suggesting additional controls, offering an easy automated approach to compliance management. 2025 – E-reputation & Geo Int. Q4 Q2 Q3
DARKIVORE ROADMAP – 3.0 FEATURES & UPDATES 2026 – Black-box & Gray-box Automation • Automated AI based blackbox and greybox security tests for web applications and APIs. • Targeted business logic and permissions authorization issues • Assessments beyond OWASP top 10and typical technical flaws (SQL injection, Directory traversal). • Enhanced reporting capabilities to communicate test results clearly to stakeholders. • Continuous refined and expanded test coverage adapting to evolving security threats and agile application changes. The Darkivore Black-box & Gray-box automation is built on an academic research from Potech Lab and has approved by IEEE Q1
Darkivore identified a fake recruitment campaign designed to steal job applicants’ personal data to infiltrate corporate networks through newly hired employees. 03 The attacker infiltrates the company's onboarding process to gain access to corporate accounts. 01 The attacker creates fake job postings on social media, impersonating major energy companies. 02 The attacker collects personal data from applicants to later impersonate them. RECONNAISSANCE 04 The attacker runs malicious code, automates data collection and establishes deeper control within the network. 05 The attacker escalates privileges and move through internal networks to steal critical data. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #1 USE CASE RECRUITMENT SCAMS IN THE ENERGY SECTOR
#1 USE CASE RECRUITMENT SCAMS IN THE ENERGY SECTOR DARKIVORE’S SOLUTION • Detection Identified a phishing campaign targeting our client. Further investigation revealed two major energy companies were also at risk. • Escalation Alerted targeted organizations. • Remediation Shut down the phishing site and fraudulent social media account, retrieving attacker data. POTENTIAL IMPACT • Financial Loss • Ransomware • Reputational Damage BASIC PHISHING TARGETED SOCIAL ENGINEERING Fake Facebook recruitment campaign BENEFITS • Rapid Incident Response Blocked the attack before it reached corporate systems. & more…
03 They send emails and documents with the link counting on the platform’s credibility to lure targets. 01 The attacker identifies trusted academic repositories with high reputability and open upload policies. 02 They create a malicious document with a fake CAPTCHA that links to a credential-harvesting payload. RECONNAISSANCE 04 When the victim clicks the CAPTCHA, they are redirected to a malicious site that initiates the attack. 05 The attacker uses harvested credentials to access higher-privilege systems or services within the victim’s environment. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #2 USE CASE CYBERCRIMINALS EXPLOIT TRUSTED PLATFORMS During a routine audit for our client, Darkivore discovered a document hosted on Zenodo,a research repository, it contained a hidden malicious CAPTCHA that redirected users to a credential-stealing file. READ THE BLOG
POTENTIAL IMPACT • Financial Loss • Unauthorized Access To Sensitive Data • Reputational Damage BASIC PHISHING CLOUD-BASED ATTACKS Fake CAPTCHA BENEFITS • Proactive Threat Intelligence Uncover hidden threats before they escalate. & more… #2 USE CASE CYBERCRIMINALS EXPLOIT TRUSTED PLATFORMS DARKIVORE’S SOLUTION • Detection Identified the hidden malware within the Zenodo- hosted file. • Escalation Alerted Zenodo’s security team and provided forensic evidence. • Remediation Coordinated the immediate takedown of the malicious file devices INFILTRATION IN TRUSTED PLATFORMS
03 They lure victims to fake websites that mimic legitimate services, tricking them into submitting login credentials or engaging in scams. 01 The attacker finds legitimate websites and industries to impersonate, and identifies target brands and their user bases. 02 They register convincing domains, set up phishing infrastructure using reputable platforms like AWS and Cloudflare to hide their identity. RECONNAISSANCE 04 Malicious scripts execute upon user interaction . 05 They use stolen credentials to gain unauthorized access to victim accounts. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #3 USE CASE During a routine security scan for our client, Darkivore identified a phishing website mimicking the client's legitimate site, however, further investigation revealed over 1,700 phishing sites hosted on AWS and shielded by Cloudflare WAF services. READ THE BLOG A PHISHING EPIDEMIC IN THE CLOUD
POTENTIAL IMPACT • Financial Loss • Data breaches • Reputational Damage BASIC PHISHING CLOUD-BASED ATTACKS More than 1700 investment bank were scammed including JP Morgan BENEFITS • Rapid Incident Response Immediate detection and collaboration with third parties. & more… #3 USE CASE A PHISHING EPIDEMIC IN THE CLOUD INFILTRATION IN TRUSTED SERVERS DARKIVORE’S SOLUTION • Detection Identified thephishing network hosted on AWS. • Escalation Alerted AWS’s security team and provided forensic evidence. • Remediation Coordinated the takedown of the 1,700 +phishing sites.
03 Using the leaked credentials, the attacker logs into critical systems without triggering basic detection 01 The attacker scours data leak sites and underground forums for valid, reused, or leaked corporate credentials. 02 They prepare ransomware payloads and set up command-and-control infrastructure across cloud services like Azure, OVH, and Megashare. RECONNAISSANCE 04 They deploy ransomware to encrypt key files. 05 The attacker escalates access within the environment to reach high-value assets and maximize impact before triggering the ransom note. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #4 USE CASE THE HIVE RANSOMWARE READ THE BLOG Darkivore uncovered an attempted intrusion on our client's systems using leaked credentials. Further investigation revealed the attacker's connection to a massive ransomware network hosted on Azure, OVH (France), and Megashare,and compromising data globally. The HIVE Infrastructure spanned hundreds of victims, 500 GB of data leakage.
DARKIVORE’S SOLUTION • Detection Identified the ransomware infrastructure hosted on AWS, OVH and Megashare. • Escalation Alerted the concerned parties. • Remediation Took down the full infrastructure POTENTIAL IMPACT • Operational disruption • Millions of dollars in financial loss and data leakage. • Reputational Damage Europol: HIVE infrastructure shut down • Swift Takedowns Remove threats fast and at scale • Law Enforcement Followup Contribute to global threat takedown COMPROMISED CREDENTIALS MULTIPLATFORM INFRASTRUCTURE ATTACKS #4 USE CASE THE HIVE RANSOMWARE BENEFITS
Member of potech® group, thidesoft® is a Cybersecurity Technology Vendor headquartered in Paris - France, with the mission to provide an arsenal of °360 cyber defense tools. Among others, thidesoft® offers TACIVOAR®, DARKIVORE® and OCTIVORE®, three engineering masterpieces that harness AI, Machine Learning, and cutting-edge technology to protect internal & cloud assets, hunt the web for potential threats targeted at businesses, and respond to security incidents.
Founded in 2002, potech® group provides a wide range of Cybersecurity services and products, operating from various locations around the globe including Cyprus, France, Lebanon, the UAE and KSA. Serving more than 20 countries spanning the Middle East, Africa, Europe and Australia, potech® caters to a large spectrum of sectors, strategically including amongst others Governmental Entities, Telecommunications, Energy, Banks & Financial Corporations, Universities & Academic Establishments, Hospitals & Health Institutions. www.potech.global
THANK YOU @potech global | info@potech.global

More Related Content

PDF
Darktrace_Threat_Visualizer_User_Guide.pdf
byLeninHernnCortsLlang
 
PPTX
Threat Intelligence (CTI) Blue Teams.pptx
byPhongTrn639136
 
PDF
Living with the threat of Determined Attackers - RANT0214
byJames '​-- Mckinlay
 
PPTX
Cyber Security in AIIIIIII (3 JULY).pptx
byaneshraj905
 
PDF
Addressing the cyber kill chain
bySymantec Brasil
 
PPTX
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
bySurfWatch Labs
 
PDF
Living with Determined Attackers MOSI Edition
byJames '​-- Mckinlay
 
PDF
IT Managed Services Florida | MSP Solutions Provider Orlando
byZ7 Solutions
 
Darktrace_Threat_Visualizer_User_Guide.pdf
byLeninHernnCortsLlang
 
Threat Intelligence (CTI) Blue Teams.pptx
byPhongTrn639136
 
Living with the threat of Determined Attackers - RANT0214
byJames '​-- Mckinlay
 
Cyber Security in AIIIIIII (3 JULY).pptx
byaneshraj905
 
Addressing the cyber kill chain
bySymantec Brasil
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
bySurfWatch Labs
 
Living with Determined Attackers MOSI Edition
byJames '​-- Mckinlay
 
IT Managed Services Florida | MSP Solutions Provider Orlando
byZ7 Solutions
 

Similar to Darkivore Deck 2025 deck for cyber security

PPTX
CyberKnight capabilties
bySneha .
 
PDF
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
byJames Perry, Jr.
 
PDF
Idan Tohami - Branding Portfolio (Logo, Visual Identity, Brand Styleguide)
byIdan Tohami
 
PPTX
Splunk for Security Breakout Session
bySplunk
 
PDF
How AI can Think Like an Attacker (Carlos Gray at DarkTrace)
byExecutive Leaders Network
 
PDF
Atelier Technique SYMANTEC ACSS 2018
byAfrican Cyber Security Summit
 
PPTX
Top 5 Cybersecurity Threats in Retail Industry
bySeqrite
 
PDF
SplunkSummit 2015 - Splunk User Behavioral Analytics
bySplunk
 
PPTX
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
bySurfWatch Labs
 
PDF
Digital Risk Protection
byVisioneerIT
 
PPTX
Splunk EMEA Webinar: Scoping infections and disrupting breaches
bySplunk
 
PPTX
Shining a Light on Cyber Threats from the Dark Web
bySurfWatch Labs
 
PDF
Cyber Security | Information Security
byCyber Security Experts
 
PDF
Dark Web Monitoring How Companies Can Protect Their Data.pdf
byvisionary vogues magazine
 
PPTX
SplunkLive! - Splunk for Security
bySplunk
 
PPTX
Introducing Dynatrace DPM 1v0
byNelli Kertész
 
PDF
Splunk conf2014 - Operationalizing Advanced Threat Defense
bySplunk
 
PDF
Cyber Risk Management in the New Digitalisation Age - eSentinel™
byNetpluz Asia Pte Ltd
 
PDF
Cyber Threat Intelligence
byMarlabs
 
PDF
Big Data Dectives
by- Mark - Fullbright
 
CyberKnight capabilties
bySneha .
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
byJames Perry, Jr.
 
Idan Tohami - Branding Portfolio (Logo, Visual Identity, Brand Styleguide)
byIdan Tohami
 
Splunk for Security Breakout Session
bySplunk
 
How AI can Think Like an Attacker (Carlos Gray at DarkTrace)
byExecutive Leaders Network
 
Atelier Technique SYMANTEC ACSS 2018
byAfrican Cyber Security Summit
 
Top 5 Cybersecurity Threats in Retail Industry
bySeqrite
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
bySplunk
 
Gathering Intel from the Dark Web to Identify and Prioritize Critical Risks
bySurfWatch Labs
 
Digital Risk Protection
byVisioneerIT
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
bySplunk
 
Shining a Light on Cyber Threats from the Dark Web
bySurfWatch Labs
 
Cyber Security | Information Security
byCyber Security Experts
 
Dark Web Monitoring How Companies Can Protect Their Data.pdf
byvisionary vogues magazine
 
SplunkLive! - Splunk for Security
bySplunk
 
Introducing Dynatrace DPM 1v0
byNelli Kertész
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
bySplunk
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
byNetpluz Asia Pte Ltd
 
Cyber Threat Intelligence
byMarlabs
 
Big Data Dectives
by- Mark - Fullbright
 

Recently uploaded

PPTX
Universidad Internacional Villanueva Transcripts
bynxv6x4gd42
 
PDF
Guide: Essential Google Search Operators
bySocial Searcher
 
PDF
Why Some Online Profiles Cannot Be Found in Search Results
bySocial Searcher
 
PDF
The Guide on how to pray the rosary and the mysteries.pdf
byGianneCarloIway
 
PDF
Meta (Facebook) Extracts Hundreds of Billions of Wealth from European Citizens
byJulieMeyer42
 
PPT
The Digital Opportunities Taskforce: How to Govern the Internet
byJeffrey Hart
 
PPTX
Cloud Computing ppt - SP.pptx by ankit kumar gurjar
byankitingame
 
PPTX
7G (7th generation of technology) seminar presentation
bymitalijally6
 
PDF
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
PDF
Oracle Services Company in Riyadh - Grey Space Computing
byseoconsultantandy
 
Universidad Internacional Villanueva Transcripts
bynxv6x4gd42
 
Guide: Essential Google Search Operators
bySocial Searcher
 
Why Some Online Profiles Cannot Be Found in Search Results
bySocial Searcher
 
The Guide on how to pray the rosary and the mysteries.pdf
byGianneCarloIway
 
Meta (Facebook) Extracts Hundreds of Billions of Wealth from European Citizens
byJulieMeyer42
 
The Digital Opportunities Taskforce: How to Govern the Internet
byJeffrey Hart
 
Cloud Computing ppt - SP.pptx by ankit kumar gurjar
byankitingame
 
7G (7th generation of technology) seminar presentation
bymitalijally6
 
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
Oracle Services Company in Riyadh - Grey Space Computing
byseoconsultantandy
 

Darkivore Deck 2025 deck for cyber security

  • 2.
    WE ARE A CYBERSECURITY TECHNOLOGYVENDOR WITHIN THE POTECH GROUP. Headquartered in Paris, France, our mission is to empower organizations with the tools and expertise necessary to navigate the complex digital landscape with confidence.
  • 3.
    A robust SecurityInformation and Event Management (SIEM++) platform that centralizes and correlates security logs from various sources, providing real-time visibility into your network and enabling proactive threat detection. A powerful security incident response platform that empowers security teams to rapidly respond to and contain cyberattacks, minimizing downtime and damage. WE PROVIDE CUTTING-EDGE SOLUTIONS FOR THREAT DETECTION, INTELLIGENCE, & RESPONSE. SIEM++ A cutting-edge threat intelligence & digital risk protection platform that relentlessly hunts for threats lurking on the surface deep and dark web, uncovering potential vulnerabilities and enabling swift mitigation. CTI,DRP & XEASM SIRP
  • 4.
    GLOBAL PRESENCE DARKIVORE: COMPLIANCE, GLOBALREACH &INDUSTRY IMPACT COMPLIANCE DARKIVORE PRESENCE POTECH PRESENCE PLANNED EXPANSION
  • 5.
    DIGITAL EXPANSION COMES WITHA PRICE STANDARD DATA CENTER EVOLVING DATA OPERATIONS MOTIVES CRIME OPPORTUNITY MEANS DIGITAL FOOTPRINT & DATA SOCIAL MEDIA DATABASE SERVER MAIL SERVER APPLICATION SERVERS SYSTEMS & INFRASTRUCTURE NETWORK DEVICES THE WEB CLOUD & ONLINE STORAGE ATTACKER THIRD PARTIES & SAAS While classic cybersecurity platforms focus on blocking the opportunities in a defensive manner. Darkivore Acts on detecting and taking down the means until we demotivate the attacker.
  • 6.
    THE DARKCLOUD EVOLUTION THE LOCKSMITH- AAA Access as a service THE DETONATOR - RAAS Ransomeware as a service THE MIDNIGHT DIDLOMAT - NAAS Negotiation as a service The Dark Web has evolved from a secluded marketplace for elite cyber criminals into a vast ‘as- a-service’ ecosystem. With tools like Ransomware-as-a-Service (RaaS), Negotiation-as-a-Service (NaaS), and Access-as-a- Service (Aaas), cybercrime is now within reach of anyone with malicious intent.
  • 7.
    DARKIVORE IN NUMBERS +20,000 Prevented data breaches 15% Increasein average business valuation +150,000 Yearly takedowns, potential threats neutralized $450M Avoided potential damages from data leakage and cyber attacks $2.31M Average Cost of Fraud prevented 95% Reduction in threats
  • 8.
    FULL LICENSE -FEATURES DIGITAL RISK PROTECTION IMPERSONATIO N & SOCMINT COPYRIGHT & TRADEMARK DIGITAL FOOTPRINT PROTECTION ANTI- PHISHING DATA BREACH PROTECTION 3RD PARTY & CLOUD SECURITY ATTACK SURFACE & VULNERABILITY INTELLIGENCE TACTICAL CYBER THREAT INTELLIGENCE BRAND PROTECTION ATTACK SURFACE & THREAT INTELLIGENCE This all-in-one license integrates full-spectrum intelligence services with a robust suite of breach, incident, and takedown response capabilities, providing complete protection for your brand, digital assets, and online presence.
  • 9.
    BRAND PROTECTION METRICS FEATURES Fromsophisticated impersonation schemes to widespread fraud and the rapid spread of malicious content, your online reputation is constantly under attack. 519% Year-over-year percentage increase in security incidents involving impersonation scams. 58% of organizations experienced account takeover incidents in 2024 +66% of consumers lose their trust in a brand after an impersonation attack.
  • 10.
    BRAND PROTECTION FEATURES PROTECT YOURORGANIZATION AND CUSTOMERS by neutralizing phishing domains, bogus apps, spoofed subdomains, and fake web forms. ELIMINATE RISKS OF: • VIP/Brand impersonation • Scams • Account takeovers • Fraud attempts GUARD YOUR BRAND IMAGE, SocialMedia content, or exclusive services and products from unauthorized use. SAFEGUARD BOTH YOUR ACTIVE AND PASSIVE ONLINE PRESENCE, TO PREVENT: • Reputational Damage • Identity Theft • BEC Attacks • Spam &Phishing
  • 11.
    ATTACK SURFACE &THREAT INTELLIGENCE FEATURES Yourbusiness relies on a dynamic and expansive digital ecosystem, spanning websites, mobile apps, cloud platforms, and employee devices. While this connectivity fuels growth and innovation, it also widens the attack surface, creating a larger 'window' of opportunity for cybercriminals to exploit. Increase in credential theft attacks in the second half of 2024. Companies affected by cloud security incidents in 2024. Average cost of a data breach in 2024. 703% $4.88M 80%
  • 12.
    ATTACK SURFACE &THREAT INTELLIGENCE FEATURES Protectyour organization and customers by neutralizing phishing domains, bogus apps, spoofed subdomains, and fake web forms. Gather indicators from OSINT, major threat feeds, CSIRT advisories and deep/dark web platforms, to counter potential threats targeting your organization. Automate passive reconnaissance to identify vulnerabilities and reduce your attack surface, strengthening your external security posture. Monitor the deep and dark web for leaks to uncover compromised credentials, financial data, source codes, and sensitive business information. Map and protect large amounts of data stored with third parties, software (SaaS) providers and cloud computing platforms. Anti- Phishing Tactical Cyberthreat Intelligence Attack Surface & Vulnerability Intelligence Data Breach Protection 3rd Party & Cloud Security
  • 13.
    CORE ADVANTAGES PIIExposure Protection ➢ Real-TimeExposure Prevention: 98% Granular Deep and Darkweb Visibility ➢ x5 less noise in leakage management Hyper Fast Unlimited Takedown ➢ Average 12hours takedown The Dark Agent and Analyst Curated Results ➢ 90% less false-positive Seamless API Integration for Security Orchestration ➢ Time-to-action improvement by 95% Multilingual Threat Detection and Data Scavenging ➢ +120 script-aware detection 50+Commercial, Opensource and CSIRT Threat Feeds ➢ Tailor-made threat feeds Holisitic Social Media Intelligence (SOCMINT) Coverage ➢ +20 Social Media Platforms
  • 14.
    THE DARK AGENT Maximize Takedowns OptimizeReports Sanitize The Noise Streamlines the takedown process by automating the selection of relevant targets, generating detailed investigation reports, and launching the takedown. Provides contextual answers related to the customer’s latest threats, dramatically accelerating data visibility and enabling faster decision-making. Effectively filters out false positives and irrelevant data, reducing the burden of sifting through massive datasets and allowing security teams to focus on genuine threats.
  • 15.
    HOW DARKIVORE WORKS DARKIVORE® leveragesthe organization’s domains, content, and brand identity to scan the internet, deep, and dark web. It identifies, analyzes, and eradicates external threats targeting the organization.
  • 16.
    DARKIVORE ANALYST COMPANY BRANDS &DOMAINS, CORRELATED WITH SENSITIVE CUSTOMER ASSETS: CHAT ROOMS & MESSAGING APPS Documents,urls, IPS, Services & Media Content, Contracts, etc.. DOMAIN NAME SERVERS SOCIAL MEDIA MENTIONS & DEEPFAKES HACKER SPACES/FORUMS DARK WEB/ DEEP WEB MARKETPLACES PHISING FORMS EXPOSED CLOUD ASSETS
  • 17.
    CYBERTHREAT TAKEDOWN: PRECISION, SPEED, &SCALE Darkivoreidentifies threats with speed and precision, while human analysts validate findings to ensure accuracy. This seamless fusion of automation and expertise accelerates incident response, delivering scalable results without compromise. Relentless Diligence Ensures threats areeliminated with precision and persistence. Dynamic Scalability Responds to incidents at scale, minimizing downtime and disruption.
  • 18.
    DARKIVORE ANALYST THREAT-NEUTRALIZING MESH ENGINE HOSTING SERVER ELIMINATION DOMAINNAME DISMANTLING SOCIAL MEDIA PROFILE & CONTENT REMOVAL BROWSER & DEVICE ACCESS BLOCKING SEARCH ENGINE CACHE CLEARANCE ONLINE STORAGE/ REPOSITORY DELETION DEEP WEB & SURFACE WEB SITES NEUTRALIZATION
  • 19.
    HUMAN IN THELOOP: ELEVATING THREAT HUNTING BEYOND AI PROACTIVE TAKEDOWN SERVICES Tailored threat neutralization (weekly, daily, hourly). DEDICATED THREAT MONITORING Custom, human-curated monitoring, alerting, and response services, tailored to your needs REGULAR PROGRESS UPDATES Specialized CTI&DRP reports with “hands on” remediation. CUSTOM INSIGHTS Tailored reporting, dashboards, and triggers on demand. CUSTOMER SUCCESS MANAGEMENT Monthly and on-demand sessions. STRATEGIC THREAT OVERVIEW Executive CTI reports and strategies. 24/7 PLATFORM ACCESS SEAMLESS INTEGRATION Several types of APIs for alerts, findings, and updates.
  • 20.
    DARKIVORE SOCRADAR Limited (cyber-squatting) Limited (newly created domains) Limitedto social media CROWDSTRIKE ZEROFOX RECORDER FUTURE CYBELANGEL BLUELIV Limited Limited Limited (focused on official referenced content) Limited to darkweb marketplace FEATURES PHISHING DOMAIN DETECTION DATA LEAKAGE (DEEP & DARKWEB SCAVENGING) SUBDOMAIN SPOOFING/ DEFACEMENT WHALING/ ONLINE FORM SOCIAL MEDIA COVERAGE UNLIMITED TAKEDOWN TRADEMARK & COPYRIGHT (FOR E-MARKET PLACES) MOBILE ROGUE APPS ATTACK SURFACE MANAGEMENT Limited Limited Limited reference to official content Limited to darkweb marketplace Limited cost /takedown Limited local & regional social media presence Limited direct monitoring of official app stores Limited to darkweb marketplaces Limited response time & frequency latency Limited social media coverage Limited no takedown service specified limited focused on official references, lack of regional social media DARKIVORE BATTLECARD
  • 21.
    SUCCESS STORY: LARGE MULTI-REGIONALBANK Overview: Multi-regionalBank with37branches Company size: Large enterprise, with 2.20K+employees Challenge: Phishing and Social Media Scam Attacks
  • 22.
    02 ACTION PLAN •Took a proactive approach to enhance company security instead of simply reacting to attacks. • Implemented round-the-clock scanning of the surface, deep, and dark web • Provided customers with a real-time platform to : • Continuously monitor brand’s digital footprint on all social media platforms • Track usage of brand domain & trade name on various platforms • Monitor the online exposure of key personnel 03 RESULTS • Take down of : +9,000 fake pages on Social Media +1,500malicious sites +25 rogue Mobile Application detected • Deactivation of +500 fake WhatsApp groups & malicious members • Detected & Alerted customers for deactivation of +2,500Credit Card leaked • Reduced malicious activities by 99%over 2years time • Provided regular weekly & monthly reports that included quantitative analysis of cyber threats and risks. 01PROBLEM • The Bank’s customers were affected by external fraud attempts through Phishing and Social Media Scam attacks. • Executives were suffering from Identity Theft. • The customer brand and digital assets were facing reputational damage. • Sensitive data was divulged through unintentional leakage. • SOC, SIEM, EDR, DLP, NGFW, Pen Tests etc.. Were not pre- emptive enough.
  • 23.
    SUCCESS STORY :LARGE MULTI-REGIONAL HEALTHCARE COMPANY Overview: Healthcare Company, established since 1900 Company size: Large enterprise, 10K+ employees Challenge: Malware Darkweb Data Leakage
  • 24.
    03 RESULTS • Malwareharvested other credentials (personal email & social media accounts) and was not targeting the company specifically. • Data Leak took place outside the organization environment; company was relieved by the news. • Client enforced remote access policies to secure their 3rd party suppliers, changed their credentials immediately. • Client informed their customers to change their credentials and alerted them about the attack targeting their personal devices. 02 ACTION PLAN • 24/7 scanned the surface, deep and dark web. • Analyzed the data leakage :Malware installed on third party suppliers and customers personal devices that logs user credentials, outside the company’s environment. • Detected & Alerted our client of the compromised users. 01PROBLEM • Customers and Dev-Ops employee's data was compromised and sold on the dark/deep web. • Many password stuffing, and illegitimate access were detected on their platforms & VPN/PAM. • Initial Forensic investigations conducted by 3rd parties showed no sign of customer environment compromise. • Still their operations and online platforms were dramatically affected. • Cybersecurity teams were confused and overwhelmed.
  • 25.
    Boosts threat accuracy& enrichment Enhances proactive cloud threat detection STRENGTHENING PROACTIVE THREAT INTELLIGENCE WITH SECLYTICS Seclytics is a leading provider of proactive threat intelligence, specializing in data aggregation and analysis to deliver highly accurate insights. Adds e-reputation, sentiment analysis, and GeoSec capabilities. Shares brand data for e-reputation and enriches GeoSec with regional threat intel. ELEVATING BRAND PROTECTION WITH NIGMA Nigma is at the forefront of brand protection, offering e-reputation management, sentiment analysis, and geo-specific threat intelligence. STRATEGIC ALLIANCES: ENHANCING DARKIVORE’S CAPABILITIES
  • 26.
    DRIVING INNOVATION WITH POTECHLABS Potech Labs specializes in state-of-the-art research, providing innovative papers and insights that fuel technological advancements in cybersecurity. Provides cutting-edge research papers (+5). Supplies real-world threat data to advance AI/ML models. SECURING ACCESS WITH SNOWPACK Snowpack offers Zero Trust security solutions, focusing on protecting access and exposure management for organizations. Delivers Zero Trust access and enhances exposure management for customers. Detects attack surface to scope Zero Trust coverage. STRATEGIC ALLIANCES: ENHANCING DARKIVORE’S CAPABILITIES
  • 27.
    THIDESOFT: EMPOWERED BY A UNIFIED CYBERSECURITY ECOSYSTEMPredictive Threat Analysis, AI Powered Assessments Analyst Expertise & Contextual Risk Analysis AI,State Of The Art R&D Big Data, and Latest Trends Darkcloud & Brand Data Scavenging E-reputation Physical Threat Intelligence (Gartner) Latest Attacks, Incident Response & TTPs, IOCs, IOAs AI based Threat detection and Automation
  • 28.
    DARKIVORE ROADMAP –2.0 FEATURES & UPDATES 2025 - UI/UX Revamp • Seamless user experience, clickthrough dashboards • Graph based correlation across all modules and detection • Highlighted critical findings throughout all views. • Organized unstructured darkweb data in a readable format for easy comprehension. • Improved navigation for effortless access to features. • Enhanced visual dashboards while maintaining clarity and simplicity. • User friendly feedback for improvements. Q1 2025 - Threat Hunting – The Dark Agent • Automated Insights: Advanced ticket enrichment and contextual threat analysis streamline investigations. • Noise Reduction: Minimize medium/low-risk distractions, allowing focus on critical threats. • Enhanced Autonomy: Empower customers with seamless, reduced manual navigation on the platform. • Proactive Protection: Automated social media/antiphishing takedown suggestions, enhancing existing rules and whitelists. 2025 - Reg Tech - Assistant • Provides an AI legal counsel navigating complex regulations specially in multi regional threat cases. • Utilizes advanced AI to contextualize relevant Regulations. • Darkivore caters to the unique needs of each client by accommodating custom internal policies and bylaws, suggesting additional controls, offering an easy automated approach to compliance management. 2025 – E-reputation & Geo Int. Q4 Q2 Q3
  • 29.
    DARKIVORE ROADMAP –3.0 FEATURES & UPDATES 2026 – Black-box & Gray-box Automation • Automated AI based blackbox and greybox security tests for web applications and APIs. • Targeted business logic and permissions authorization issues • Assessments beyond OWASP top 10and typical technical flaws (SQL injection, Directory traversal). • Enhanced reporting capabilities to communicate test results clearly to stakeholders. • Continuous refined and expanded test coverage adapting to evolving security threats and agile application changes. The Darkivore Black-box & Gray-box automation is built on an academic research from Potech Lab and has approved by IEEE Q1
  • 30.
    Darkivore identified afake recruitment campaign designed to steal job applicants’ personal data to infiltrate corporate networks through newly hired employees. 03 The attacker infiltrates the company's onboarding process to gain access to corporate accounts. 01 The attacker creates fake job postings on social media, impersonating major energy companies. 02 The attacker collects personal data from applicants to later impersonate them. RECONNAISSANCE 04 The attacker runs malicious code, automates data collection and establishes deeper control within the network. 05 The attacker escalates privileges and move through internal networks to steal critical data. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #1 USE CASE RECRUITMENT SCAMS IN THE ENERGY SECTOR
  • 31.
    #1 USE CASE RECRUITMENTSCAMS IN THE ENERGY SECTOR DARKIVORE’S SOLUTION • Detection Identified a phishing campaign targeting our client. Further investigation revealed two major energy companies were also at risk. • Escalation Alerted targeted organizations. • Remediation Shut down the phishing site and fraudulent social media account, retrieving attacker data. POTENTIAL IMPACT • Financial Loss • Ransomware • Reputational Damage BASIC PHISHING TARGETED SOCIAL ENGINEERING Fake Facebook recruitment campaign BENEFITS • Rapid Incident Response Blocked the attack before it reached corporate systems. & more…
  • 32.
    03 They send emailsand documents with the link counting on the platform’s credibility to lure targets. 01 The attacker identifies trusted academic repositories with high reputability and open upload policies. 02 They create a malicious document with a fake CAPTCHA that links to a credential-harvesting payload. RECONNAISSANCE 04 When the victim clicks the CAPTCHA, they are redirected to a malicious site that initiates the attack. 05 The attacker uses harvested credentials to access higher-privilege systems or services within the victim’s environment. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #2 USE CASE CYBERCRIMINALS EXPLOIT TRUSTED PLATFORMS During a routine audit for our client, Darkivore discovered a document hosted on Zenodo,a research repository, it contained a hidden malicious CAPTCHA that redirected users to a credential-stealing file. READ THE BLOG
  • 33.
    POTENTIAL IMPACT • FinancialLoss • Unauthorized Access To Sensitive Data • Reputational Damage BASIC PHISHING CLOUD-BASED ATTACKS Fake CAPTCHA BENEFITS • Proactive Threat Intelligence Uncover hidden threats before they escalate. & more… #2 USE CASE CYBERCRIMINALS EXPLOIT TRUSTED PLATFORMS DARKIVORE’S SOLUTION • Detection Identified the hidden malware within the Zenodo- hosted file. • Escalation Alerted Zenodo’s security team and provided forensic evidence. • Remediation Coordinated the immediate takedown of the malicious file devices INFILTRATION IN TRUSTED PLATFORMS
  • 34.
    03 They lure victimsto fake websites that mimic legitimate services, tricking them into submitting login credentials or engaging in scams. 01 The attacker finds legitimate websites and industries to impersonate, and identifies target brands and their user bases. 02 They register convincing domains, set up phishing infrastructure using reputable platforms like AWS and Cloudflare to hide their identity. RECONNAISSANCE 04 Malicious scripts execute upon user interaction . 05 They use stolen credentials to gain unauthorized access to victim accounts. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #3 USE CASE During a routine security scan for our client, Darkivore identified a phishing website mimicking the client's legitimate site, however, further investigation revealed over 1,700 phishing sites hosted on AWS and shielded by Cloudflare WAF services. READ THE BLOG A PHISHING EPIDEMIC IN THE CLOUD
  • 35.
    POTENTIAL IMPACT • FinancialLoss • Data breaches • Reputational Damage BASIC PHISHING CLOUD-BASED ATTACKS More than 1700 investment bank were scammed including JP Morgan BENEFITS • Rapid Incident Response Immediate detection and collaboration with third parties. & more… #3 USE CASE A PHISHING EPIDEMIC IN THE CLOUD INFILTRATION IN TRUSTED SERVERS DARKIVORE’S SOLUTION • Detection Identified thephishing network hosted on AWS. • Escalation Alerted AWS’s security team and provided forensic evidence. • Remediation Coordinated the takedown of the 1,700 +phishing sites.
  • 36.
    03 Using the leaked credentials,the attacker logs into critical systems without triggering basic detection 01 The attacker scours data leak sites and underground forums for valid, reused, or leaked corporate credentials. 02 They prepare ransomware payloads and set up command-and-control infrastructure across cloud services like Azure, OVH, and Megashare. RECONNAISSANCE 04 They deploy ransomware to encrypt key files. 05 The attacker escalates access within the environment to reach high-value assets and maximize impact before triggering the ransom note. RESOURCE DEVELOPMENT INITIAL ACCESS EXECUTION & PERSISTENCE PRIVILEGE ESCALATION #4 USE CASE THE HIVE RANSOMWARE READ THE BLOG Darkivore uncovered an attempted intrusion on our client's systems using leaked credentials. Further investigation revealed the attacker's connection to a massive ransomware network hosted on Azure, OVH (France), and Megashare,and compromising data globally. The HIVE Infrastructure spanned hundreds of victims, 500 GB of data leakage.
  • 37.
    DARKIVORE’S SOLUTION • Detection Identifiedthe ransomware infrastructure hosted on AWS, OVH and Megashare. • Escalation Alerted the concerned parties. • Remediation Took down the full infrastructure POTENTIAL IMPACT • Operational disruption • Millions of dollars in financial loss and data leakage. • Reputational Damage Europol: HIVE infrastructure shut down • Swift Takedowns Remove threats fast and at scale • Law Enforcement Followup Contribute to global threat takedown COMPROMISED CREDENTIALS MULTIPLATFORM INFRASTRUCTURE ATTACKS #4 USE CASE THE HIVE RANSOMWARE BENEFITS
  • 38.
    Member of potech®group, thidesoft® is a Cybersecurity Technology Vendor headquartered in Paris - France, with the mission to provide an arsenal of °360 cyber defense tools. Among others, thidesoft® offers TACIVOAR®, DARKIVORE® and OCTIVORE®, three engineering masterpieces that harness AI, Machine Learning, and cutting-edge technology to protect internal & cloud assets, hunt the web for potential threats targeted at businesses, and respond to security incidents.
  • 39.
    Founded in 2002,potech® group provides a wide range of Cybersecurity services and products, operating from various locations around the globe including Cyprus, France, Lebanon, the UAE and KSA. Serving more than 20 countries spanning the Middle East, Africa, Europe and Australia, potech® caters to a large spectrum of sectors, strategically including amongst others Governmental Entities, Telecommunications, Energy, Banks & Financial Corporations, Universities & Academic Establishments, Hospitals & Health Institutions. www.potech.global
  • 40.
    THANK YOU @potech global| info@potech.global