How dark is the DarkSide Ransomware Group

How dark is the DarkSide Ransomware Group

In the last decade, there has been an exponential increase in cyberattacks on companies all around the world. Till now no other security attack has been as serious as a Ransomware attack. This is because it denies the computer owner the ability to make further use of the computer systems. In some cases, it has resulted in the loss of life because critical medical systems were attacked and could not be brought back live on time. One of the most potent Ransomware groups is the Darkside. In this blog post, I will explore this group and the mode of operation.


What is the “Darkside” Hackers group?

The group has been called “one of the largest and most notorious” ransomware groups. Like other forms of cybercrime, its activities are fuelled by money. Its members, they claim, are not directly affiliated with any government or intelligence agency, but they rely solely on ransom payments to fund their operations.

They use a sophisticated business model know as Ransomware-as-a-Service (RaaS). This enables them to recruit other hackers to help them carry out lots of attacks. Darkside team also has an extensive network of affiliates who can distribute their malware globally through spam campaigns or targeted spear-phishing attacks.

The Ransomware-as-a-Service (RaaS) Model

Interested parties who are not necessarily hackers are recruited and given access to the hacking tools via simple, yet powerful web services to carry out their attacks in almost a point-and-click system. These new recruits are called affiliates and work for the main group. When an attack is successful and the payment is made, the loot will be shared based on the group’s revenue-sharing model.

This is a very effective business model as they even have a “free trial” of their malware to encourage easy adaptation. They also provide tutorials on how people can create and deploy ransomware themselves using the same tools they make available.

In just one month this year over $17.5 million worth of Bitcoin was deposited in a Crypto wallet linked to the hackers.

    • According to the group they have the following revenue sharing model:
    • Dynamic rate of 75% to 90%.
    • A stable rate of 80%.

They also have a trial and more attractive offer for new users:

    • 90% for the first two payouts when you switch to us from any other affiliate program if you had three ransom payments in the last month; each of them needs to be over 2M (and each needs to be verified).
    • 90% for the first two payouts when you switch to us from any other affiliate program.

The group has publicly stated that they prefer to target organizations that can afford large ransoms instead of hospitals, schools, non-profits, and governments. Ransoms demanded by the group have ranged from US$200K to US $20M. The Darkside seems to be experts in hacking oil pipelines and can bypass security measures with ransomware to extort large sums of money.

How the “Darkside” Group Works

DarkSide is believed to be based in Russia, but it is not sponsored by the government. They claimed on their website that members are not allowed to attack the computers of people in Russia, Ukraine, Georgia, or Belarus. Other computers out of reach are those from:

    • Healthcare (only: clinics, hospitals, and palliative care organizations, retirement homes, companies that develop COVID-19 vaccines or take part (to a significant extent, as a part of the supply chain) in supplying them).
    • Funeral services (morgues, crematoria, and funeral parlors).
    • Education (universities, schools).
    • Public sector (municipal services, any public agencies).
    • Non-profit organizations (charitable foundations and associations)

Experts state that the group is one of the many for-profit ransomware groups that have proliferated and thrived in Russia.

Darkside was first noticed in August 2020. They have a professional-looking website and tries to have a Robinhood image. The group claims that they donated some ransom money to charity, and they only target organizations that can afford large ransoms.

The Colonial Pipeline Hack

The Darkside seems to be fun of hacking oil pipelines and is able to bypass security measures with ease due to their expertise, making them a big threat for authorities worldwide. They have hit large oil pipelines at least four times from December 2020 to date. They make use of one of their most potent weapons: The Ryuk.

Ryuk is one of the most recent types of ransomware, and it has proved effective in locking down computers across the world. With Ryuk they can target large organizations with the ability to pay large some of Ransom.

Successful Activities of the “Darkside”.

August 2020:

DarkSide introduces its ransomware.

October 2020:

DarkSide donates US$20,000 stolen from victims to charity.

November 2020:

DarkSide establishes its RaaS model.

November 2020

DarkSide launches its content delivery network (CDN) for storing and delivering compromised data.

March 2021

DarkSide releases version 2.0 of their ransomware with several important updates to make it more sophisticated.

March 2021

They hit the IT managed services provider CompuCom

May 2021
DarkSide launched an attack on the Colonial Pipeline. After the attack, Darkside said that they were not a political organization and would start to check where their targets are.

Attack Method

Darkside has a method of a quick escalation. The longer it takes a victim to comply with the demand the more troubles they get.

Step One: The Ransom Phase

This is the initial delivery phase. In this phase, the ransomware encrypts the files and leaves a ransom note behind while the attackers seat back and wait for payment.

Step two: The Double Extortion Phase.

This is the step the attackers start threatening the victim to release to the public the data it stole if the money is not paid on time. In some cases, additional money is demanded to prevent the public distribution of the stolen data.

This was what happened in the case of Toshiba Tec Corp., a unit of Toshiba Corp, more than 740 gigabytes of information were compromised, and included personal data of personnel such as copies of passports.

The group also likes to hedge their bets by shorting the shares of the companies they hack in the stock market and profiting from the temporary fall of the value of the shares.

The first published case of double extortion happened in November 2019. Allied Universal, a large American security company, was the victim. When Allied refused to pay the demand of 300 Bitcoins the attackers upped the game and threatened to release sensitive information exfiltrated from the company.

To prove they were not kidding, the attackers published some of the files they stole which included contracts, medical records, and encryption certificates.

Step Three: Triple Extortion Phase

In this phase, the victims are threatened with Distributed Denial of Service Attack (DDoS) if they do not pay the ransom. In this phase, if a victim pays up for the first time, then he or she is likely to be targeted by the hackers again and extorted of more money to keep their data safe.

This happened to the German company Brenntag this May 2021, when their systems were hit by ransomware. A DDoS attack took down their IT infrastructure and encrypted data. They ended up paying $4.4 million ransom in Bitcoin to Darkside and still suffered significant downtime.

Step Four: The Final Extortion Phase

If the victim still has not paid then they will get a further escalation. This time they will start getting calls to comply. Sometimes, the clients of the victim will be included at this point to turn up the heat.

Step Five: The Release Phase

After getting paid, hackers will release the data they encrypted by providing the victim with the encryption key to unlock the files. This stage also includes publicizing that a victim has been hacked, so victims cannot deny what happened and know how much money was extorted from them.

Ransomware is one of the most potent security attacks in history. It could result in a loss of life if it takes down critical medical systems. There have been over 2 million ransomware incidents, which means that this attack can happen to anyone!  Therefore, it’s important for every company to take steps towards preventing and mitigating these types of cyberattacks as soon as possible.

If you want help with training your staff and creating awareness on these types of cyberattack please contact us via email at


CISO: Increase Effectiveness through understanding the Roles and Responsibilities

CISO: Increase Effectiveness through understanding the Roles and Responsibilities

A CISO’s job is a challenging one. To increase effectiveness, understanding the roles and responsibilities that come with this position is crucial.

As the CISO of an organization, you are responsible for protecting and maintaining the integrity of organizational data. In this article, we will discuss what it means to be a Chief Information Security Officer (CISO) in an organization, as well as some tips on how to go about being more effective at your job.

What Is the CISO Role?

The Chief Information Security Officer (CISO) is an executive-level position, as the CIO. However, the attention of the CISO is primarily on the protection of data through the process of information and cybersecurity.

A CISO is responsible for identifying security risks to the organization’s information assets.

Protecting the data and intellectual property and reputation from both internal and external threats, as well as maintaining the integrity of organizational assets by identifying risks that could do harm to the company’s information systems.

Responsibilities of A CISO

The Chief Information Security Officer (CISO) has many responsibilities within the information security rhythms such as:

    • Developing and overseeing the cybersecurity strategy.
    • Define the organization’s security goals and objectives
    • Create a plan to achieve the goals and objectives
    • Development of information security policies and procedures to protect the organization from cybersecurity harm.
    • Implement the security policies, procedures, and guidelines for employees to follow.
    • Conduct regular risk assessments of all systems and managing the organization’s cybersecurity.
    • Identify resources needed for prevention strategies.
    • Preparing budgets for cyber-security initiatives.
    • Coordinating cybersecurity initiatives with other members of management.
    • Establishing priorities among competing needs.
    • Planning for security breaches and develop an incident response plan.
    • Develop, implement, and manage the Information Security Awareness and Training Programs.
    • Ensure adequate staffing is available with the necessary skills to carry out tasks related to information security management.

While the CISO has many duties, they all revolve around one key mission:

Protecting organizational data from unauthorized access, damage, or theft.

The CISO is a key member of the organization’s leadership team. The role and responsibilities that they have are very important for an organization to protect their data from cyber-attacks.

They also serve as an advisor on all things related to information security, including establishing business objectives, policies, and standards; developing new products or services while balancing risk and security requirements; and implementing tools for identifying, monitoring, or preventing threats.

Positioning of The CISO Role in An Organisation

The organizational structure of an enterprise defines where its chief information security officer (CISO) fits in. The CISO’s responsibilities and functions vary depending on the size of the organization.

Large Enterprise

Typically, a large enterprise will have an IT department with a CIO or other senior-level positions like director of information technology (IT), vice president for computing services, head of Network Operations Centre, Systems Administration.

In such an organization the CIO is the most senior-level IT position responsible for all aspects of an enterprise’s technology resources and infrastructure (including hardware, software, telecommunications networks), It oversees other senior-level positions in that organization with responsibilities for computing services like network operations center or systems administrator.

In such an organization, there could be a CISO that reports to the CIO. Lately, it is common to have a CISO that reports directly to the CEO even in an organization with a CIO. This ensures information security is getting the full attention it deserves.

Medium-Sized Organization

Many medium-sized organizations do not have a CIO; instead, they have a CISO that reports directly to the CEO of the organization and oversee information security needs.

A chief information security officer (CISO) is responsible for protecting an enterprise’s critical business data, intellectual property, systems infrastructure, and reputation from cyberattacks by criminals, terrorists, or nation-states. The role requires a deep understanding of emerging risks.

In A Small Organisation

In a small company or start-up, for example, it may not be possible to have a full-time CISO handling security so, you often have someone handling security in combination with other managerial tasks like budgeting and strategic planning. This is not typically an ideal arrangement but can work if this person could be assisted by an external CISO or a Virtual CISO.

How Does A CISO Fulfil These Responsibilities?

The CISO also takes part in the design of a company’s security policies and procedures to protect its IT assets. This includes overseeing any disaster recovery or contingency plans that are executed, as well as serving on the team for assessing risks and vulnerabilities.

The CISO shares this information with executives so they can make sound decisions about their organization’s security measures.

This includes overseeing any disaster recovery or contingency plans that are executed, as well as serving on the team for assessing risks and vulnerabilities. He shares this information with executives so they can make sound decisions about their organization’s security measures.

To be effective a CISO must have a strong understanding of the organization’s business. The information security department is part of an organization and not independent of it, which means that they need to understand how all departments operate in order to best protect them.

The CISO should also have knowledge on what would be detrimental for the company if exposed or compromised.

The CISO also advises on how to respond in an emergency, such as a data breach or cyberattack, so that recovery is swift and effective. A well-trained cybersecurity team can minimize damage to company information assets from malicious insiders who are looking for ways to profit by selling trade secrets.

The chief security officer often has knowledge of investigations into disasters because they have access to valuable forensic evidence if it’s required in order to assess damages and losses incurred by the company due to sabotage, espionage, or terrorism.

They may be called upon during legal proceedings following any incident where IT was compromised during periods when systems were not up to date with patches or other anti-malware software.

Risk Management

Information Security Risk Management

The CISO is responsible for performing risk assessments to identify the potential vulnerabilities that could lead to data breaches and recommend solutions in order to limit harm or damages. This includes developing policies, procedures, and standards of security operation needed by all company employees with regards to access control, identification management, and privileged user roles.

Identifying and implementing safeguards, controls, or countermeasures to protect information assets from unauthorized access. This includes identity management, data loss prevention (DLP), firewall/intrusion detection systems, and encryption technologies.

The Chief Information Security Officer is also responsible for managing the vulnerability assessment and penetration testing programs. These initiatives are designed to identify, manage risks through a set of methods such as scanning networks, reviewing codebases or performing manual tests on applications, operating systems, networks, or other IT assets.

A good CISO must be able to spot potential risks and vulnerabilities in an organization quickly. It is important that the CISO maintain his awareness of current threats and exploitations to know how best to protect the information assets. It is critical that the CISO is aware of current threats and exploitation and be informed of how best to protect the information assets in helping the organization decide on the controls to implement.

The Development of a disaster recovery plan

The CISO should understand how the business operates, to be able to provide advice on the extra protection measures needed for its valuable information assets, especially during a disaster.

The CISO is responsible for developing a disaster recovery plan to safeguard company assets in case of emergencies, such as natural disasters and hacking attacks. Oversees any disaster recovery or contingency plans that are executed, as well as serving on the team for assessing risks and vulnerabilities. Shares this information with executives so they can make sound decisions about their organization’s security measures.

Overseeing protective controls against electronic threats on enterprise networks like malware, viruses, ransomware, and DDoS attacks; monitoring online activity 24/hours per day with real-time alerts so that employees know when an attack is underway before it can do damage to computers’ systems.

Help Organisation Comply with Regulations

A chief information security officer’s (CISO) functions include ensuring adherence to both government regulations such as Health Insurance Portability and Accountability Act (HIPPA).

General Data Protection Regulation (GDPR) and industry standards such as ISO 27001:2013, Payment Card Industry Data Security Standard (PCI-DSS).

Internal and External Auditing & Review

A CISO helps the organization to coordinate internal security audits, including periodic reviews of the company’s security policy documents. The CISO may be involved in overseeing external auditors who review their compliance with industry standards such as ISO 27001 and SOC. The CISO will provide feedback to executives on any areas that need improvement or changes.

Web Monitoring

In today’s ‘world of high competition and social media, it is important to ensure proper management of the reputation of an organization online. The Chief Security Officer should have measures in place to monitors the internet and social media sites for malicious content that could negatively affect the organization.

Processes have to be put in place to use Open-Source Intelligence (OSINT) to monitor for threats, vulnerabilities, and information leaks. OSINT is the discovery and analysis of information about individuals or organizations using open sources on the internet. This can include social media, blogs, etc. It helps to discover areas that are not readily available in the public domain.

OSINT can help you to:

  • Understand your competition and adversary better.
  • Identify up-and-coming trends that could affect the security posture of your organization and customers.

Cybersecurity Training and Awareness

The CISO should ensure staff has a general awareness of the risks around cybersecurity as well as how they should respond in a crisis. The goal is for every employee to understand their role and what they can do to help protect company information.

Security awareness programs are designed to help employees identify and avoid cyber threats. These types of security programs help your employees to be situation-aware so they can react to both current and future cybersecurity threats. It is important for all members of an organization to have this knowledge to the protect organization’s assets.

Intellfence-Cybersecurity Awareness Training Module

Skills to be an Information Security Officer

A CISO must have strong knowledge and understanding of IT, computer security, information technology law, information systems. The ability to think strategically about the potential risks that could threaten business operations.

Superior analytical capabilities with an ability to conduct comprehensive assessments of risk levels for various vulnerabilities or threats in order to protect data from accidental damage or loss as well as an intentional intrusion by hackers into organizations’ networks, computers, and databases containing sensitive user data such as passwords or credit card numbers are required.

These cybersecurity professionals need strong social engineering prevention background because they may also be involved in training and awareness efforts to safeguard against social engineering.

Being vast in technology is also essential to implement security measures that will protect systems from intrusion, leaked data, or other breaches. A chief information security officer should possess the ability to understand how computer systems work, be able to properly assess their vulnerabilities, and know what action is required when they are under attack or compromised in some way. Have a good understanding of different technologies.

These professionals must have excellent problem-solving skills because they will constantly need a solution for whatever security challenges come up in the organization. An effective CISO needs an understanding of what constitutes sensitive information, how that can be compromised, and how one might go about fixing such a violation.

Interpersonal skills

A good chief information security officer must have excellent interpersonal skills to deal with other members of the staff properly. The ability to maintain composure under pressure is another crucial requirement because he/she may have to coordinate multiple teams during an emergency situation; such situations could include software outages or cyberattacks against computer systems within the area of control.

Strong Communication Skills

A CISO needs to have strong communication skills: verbal; written; presentation and facilitation skills and interpersonal skills. Some two key people the CISO interacts with are the CEO and CFO, CIO, so they need to be able to articulate their strategic plan for security in a way that is comprehensible without jargon or acronyms.

They also need good listening skills – being able to understand not only what is being communicated to them, but also the tone of voice used.

Strong Leadership Skills

Chief Information Security Officers wear many hats daily and must act as a leader at times while still being flexible enough to handle unexpected situations; developing these qualities helps create an effective CISO in an organization.

An effective CISO needs strong leadership skills to manage and oversee a team of engineers as well as project managers.

Good People Skills

The CISO interacts with a lot of people, both internally and externally. The ability to communicate effectively can help foster goodwill among the employees. Those who are particularly skilled at this may raise trust levels in others when they speak on highly sensitive issues.

A good relationship with external partners is also important as it helps build rapport and establish a sense of confidence as to the organization’s ability to keep data safe.

Experience needed to be an effective CISO in an organization:

The Chief Information Security Officer (CISO) is an important role in any organization that deals with sensitive data and computer systems, but not all CISOs have the same responsibilities or duties. Therefore, the requirements are also different depending on the organization.

For example, some organizations require their CISO to hold a bachelor’s degree in computer science while other companies do not mandate such qualifications if they can prove five years of experience working on IT-related projects.

The most common requirement across industries is relevant to work experience and training; however, there is not much standardization when it comes to educational requirements because each company has different needs depending on its size and industry sector.

Industrial Standard Certifications:

The CISO needs to be vast in lots of topics that are not only in security but business-related. Some of the security certification programs that try to cover the technological aspect of this are:

ISC2 Certifications

Certified Information Systems Security Professional (CISSP): This is a globally recognized certificate for professionals in the information security arena. Although, there have been lots of questions raised as to the relevance of this certification for professionals to who demonstrate a deep technical understanding of cyber threats and how to design and implement cybersecurity solutions.

ISACA Certification

Certified information security manager: The leading credential for information security managers, the CISM is designed for people who design, build, and manage information security programs.

Certified in risk and information systems control: (CRISC) The CRISC is a credential for security management professionals and project managers responsible for information security. It covers risk identification, risk assessment, response and mitigation, and control monitoring.

Certified in the governance of enterprise IT (CGEIT) certifies your understanding of enterprise IT governance principles and practices. The CGEIT certification helps you to establish your credibility and expertise in governance, risk management, strategy formulation, compliance issues, and the latest IT innovation.

Tips to be a Successful CISO

    • Be a good communicator
    • Knowledgeable about the business side of software and hardware
    • Experience in managing security, IT projects, or related jobs
    • Familiarity with the company’s technical infrastructure. This includes networking, firewalls, databases, and operating systems.
    • Be proactive and understand the direction of the industry.

With so much data at stake, it is important that the CISO’s responsibilities are carried out with as much seriousness as possible. An organization cannot afford to have its sensitive information compromised because someone did not take proper precautions.

If all of this sounds intimidating and you want help enacting these principles, let us know. Our team of experts is ready and waiting to partner with you to help train and mentor you to create a stellar cybersecurity plan for your business or organization that will protect against future attacks on organizational assets by malicious actors.

Hoe identiteitsdiefstal te overleven

Hoe identiteitsdiefstal te overleven

Wat is identiteitsdiefstal?

Identiteitsdiefstal vindt plaats wanneer een crimineel informatie over je steelt en die informatie misbruikt om fraude te plegen, zoals het aanvragen van een werkloosheidsuitkering, belastingteruggave, een lening of kredietkaart in jouw naam. Als je geen voorzorgsmaatregelen neemt, kan je in de situatie terechtkomen waarin je betaalt voor producten of diensten die je niet kocht, en te maken krijgen met alle stress en miserie die met identiteitsdiefstal gepaard gaat.

Je persoonlijke informatie staat op talrijke plaatsen op het internet. Telkens wanneer je online iets bekijkt of koopt, een video bekijkt, boodschappen doet, naar de dokter gaat of een applicatie op je smartphone gebruikt, wordt informatie over je verzameld. Die informatie wordt vaak legaal verkocht of gedeeld met andere bedrijven. Als zelfs ook, maar één van die bedrijven wordt gehackt, kunnen criminelen toegang krijgen tot je persoonlijke informatie. Ga ervan uit dat criminelen al over bepaalde informatie over je kunnen beschikken, en ga na wat je kan doen om het misbruik van je informatie voor fraude te vertragen of te detecteren.

Hoe detecteren

  • Controleer je financiële kaarten en andere rekeningen regelmatig op kosten of betalingen die je niet hebt gedaan. Een eenvoudige manier om dit te doen is je aan te melden voor e-mail, sms, of telefoonapplicatienotificaties voor betalingen en andere transacties. Controleer ze op fraude.
  • Onderzoek situaties waar handelaars je krediet- of debetkaarten weigeren. Kijk naar brieven of telefoontjes van incassobureaus voor achterstallige betalingen voor kredietkaarten, medische rekeningen of leningen waarvan je weet dat ze niet van jou zijn.
  • Let op brieven die je informeren over werkloosheid of andere overheidsuitkeringen waarvoor je nooit een aanvraag hebt ingediend.
  • Bekijk je kredietrapporten ten minste éénmaal per jaar, als dit beschikbaar is in je regio. In de Verenigde Staten bijvoorbeeld kan je gratis rapporten opvragen op

Wat moet je doen wanneer het gebeurt

  • Contacteer de organisatie die betrokken is bij de fraude. Als een crimineel bijvoorbeeld een kredietkaart op jouw naam heeft geopend, bel dan de kredietkaartmaatschappij om die van de fraude op de hoogte te brengen. Als iemand in jouw naam een werkloosheidsuitkering of belastingteruggave heeft aangevraagd, neem dan contact op met de desbetreffende overheidsorganisatie.
  • Doe aangifte bij de politie om een officieel bewijs van identiteitsdiefstal te maken. Je kan dit vaak online doen. In de Verenigde Staten bijvoorbeeld kan je aangifte doen op gov. Volg de instructies op de website voor eventuele volgende stappen die je moet nemen.
  • Wanneer je met fraude te maken hebt, hou dan alle gegevens bij van je interacties met financiële instellingen en de politie, en van alle kosten die je maakt ten gevolge van de identiteitsdiefstal voor het geval deze gegevens later nodig zijn.
  • Breng je verzekeringsmaatschappij op de hoogte; misschien heb je een bescherming tegen identiteitsdiefstal in een van je polissen.

Hoe kan je je ertegen beschermen

Hier zijn enkele eenvoudige stappen die je kan nemen om de kans op identiteitsfraude te verkleinen:
● Beperk de hoeveel informatie die je over jezelf deelt met online diensten en websites.
● Gebruik een uniek en sterk wachtwoord voor al je online accounts en schakel tweestapsverificatie in op je belangrijkste accounts bij wijze van bijkomende bescherming.



Kenton Smith is een gerespecteerde cyberbeveiligingsconsultant en -adviseur in Calgary, Canada, gespecialiseerd in de ontwikkeling, het beheer en de beoordeling van beveiligingsprogramma’s. Hij geeft les uit het SANS management curriculum en je vindt hem op Twitter onder@kentonsmith of, occasioneel op

Hoe identiteitsdiefstal te overleven

Surviving Identity Theft

What is Identity Theft?

Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you may end up paying for products or services that you didn’t buy and dealing with the stress and financial heartache that follows identity theft. 

Your personal information exists in numerous places all over the internet. Every time you browse or purchase something online, watch a video, buy groceries, visit your doctor, or use an app on your smartphone, information about you is being collected. That information is often legally sold or shared with other companies. Even if just one of these gets hacked, the criminals can gain access to your personal information. Assume that some information about you is already available to criminals and consider what you can do to slow down or detect the use of your information for fraud. 

How to detect it

  • Review your financial cards and other accounts regularly for any charges or payments you did not make. An easy way to do this is to sign up for email, text messages, or phone app notifications for payments and other transactions. Monitor them for fraud.
  • Investigate situations when merchants decline your credit or debit cards. Look into letters or phone calls from debt collectors for overdue payments for credit cards, medical bills, or loans that you know are not yours. 
  • Pay attention to letters that inform you about unemployment or other government benefit claims for which you never applied. 
  • If available in your area, review your credit reports at least once a year. For example, in the United States, you can request free reports from 

What to do when it happens

  • Contact the organization that is involved in the fraud. For example, if a criminal opened a credit card in your name, call that credit card company to notify it about the fraud. If someone filed for a tax refund or unemployment benefits in your name, contact the corresponding government organization.
  • File a report with law enforcement to create an official record of identity theft. You can often do this online. For example, in the United States you can report at Follow the site’s instructions for any additional steps you may need to take.
  • When responding to fraud, keep records of your interactions with your financial institutions and law enforcement, as well as the costs you incur due to identity theft in case these details will be needed later.
  • Notify your insurance company; you may have identity theft protection included in one of your policies.

How to defend against it

Here are some simple steps you can take to decrease the chance of identity fraud happening: 

  • Limit how much information you share about yourself with online services and websites.
  • Use a unique strong password for all of your online accounts and enable two-factor authentication as additional protection for your most important accounts.
  • If applicable in your location, restrict who can get access to your credit reports. For example, in the United States freeze your credit score so that anyone who tries to get a credit card or loan in your name has to first temporarily unfreeze it.
  • Consider getting insurance coverage, either through a dedicated policy or as part of your existing insurance plan, that covers the costs of dealing with identity theft.

Privacy – Bescherm je digitale voetafdruk

Privacy – Bescherm je digitale voetafdruk

Wat is privacy?

Er zijn veel verschillende definities van ‘privacy’. Wij leggen ons toe op persoonlijke privacy, dat is de bescherming van de informatie over jou die anderen verzamelen. In de digitale wereld van vandaag zou je versteld staan van alle verschillende entiteiten die niet alleen informatie over je verzamelen, maar die informatie vervolgens ook legaal delen of verkopen. Telkens wanneer je online iets bekijkt of koopt, een video bekijkt, boodschappen doet, naar de dokter gaat of een applicatie op je smartphone gebruikt, wordt informatie over je verzameld. Deze informatie kan worden gebruikt om je goederen of diensten te verkopen, je rentetarieven voor leningen te bepalen, het soort medische zorg te bepalen dat je krijgt of de banen waarvoor je in aanmerking komt. Bovendien kan deze informatie, als ze in verkeerde handen valt, door cyberaanvallers worden gebruikt om je als doelwit te nemen en aan te vallen.

Het doel van het handhaven van persoonlijke privacy is het beheren van je digitale voetafdruk, d.w.z. – proberen te beschermen en te beperken welke informatie over jou wordt verzameld. Wees je ervan bewust dat het in de huidige digitale wereld bijna onmogelijk is geworden om helemaal geen digitale voetafdruk te hebben en dat elke organisatie-informatie over je verzamelt; we kunnen dit alleen proberen beperken.

Stappen die je kan nemen om je privacy te helpen beschermen

Er is geen enkele stap die je kan nemen om al je privacyproblemen op te lossen. In plaats daarvan zal je verschillende stappen moeten nemen, waarbij elke stap op een kleine manier helpt. Hoe meer stappen je neemt, hoe meer je je privacy beschermt.

Beperk wat je post online en deelt met anderen, zoals op internetfora of op sociale media. Dit houdt ook in dat je voorzichtig moet zijn met welke foto’s en selfies je deelt. Zelfs op gesloten internetfora of wanneer je sterke privacy instellingen instelt, moet je ervan uitgaan dat alles wat je post op een gegeven moment openbaar kan worden.

Controleer bij het creëren van online accounts welke informatie websites over je verzamelen door hun privacybeleid te controleren en geef enkel die info, die je verplicht moet geven. Als je je zorgen maakt over welke informatie wordt verzameld, gebruik de site dan niet.
Wees je ervan bewust dat er informatie over je wordt verzameld ongeacht de privacy instellingen die je instelt, vooral op gratis diensten zoals Facebook of WhatsApp. Deze diensten baseren hun bedrijfsmodel op het verzamelen van gegevens over wat je doet en met wie je omgaat. Als je echt bezorgd bent over je privacy, gebruik dergelijke gratis websites dan niet.

Beoordeel mobiele apps voordat je ze downloadt en installeert. Komen ze van een betrouwbare aanbieder? Zijn ze al lang beschikbaar? Hebben ze veel positieve beoordelingen? Controleer de toestemmingsvereisten. Moet de mobiele app echt je locatie kennen of toegang krijgen tot al je contacten? Als je twijfelt, kies dan voor een andere app. Zoek naar apps die privacy aanmoedigen en je privacy instellingen geven. Hoewel je misschien meer moet betalen voor een app die je privacy respecteert, kan het de moeite waard zijn.

Overweeg om een Virtual Private Network (VPN) te gebruiken voor je internetverbindingen, vooral wanneer je een openbaar netwerk gebruikt, zoals gratis WiFi. Als je een browser gebruikt, stel dan de privacy instellingen in op privé of incognito om te beperken welke informatie wordt gedeeld, hoe cookies worden gebruikt en opgeslagen, en om je zoekgeschiedenis te beschermen. Overweeg privacy extensies zoals Privacy Badger of browsers met focus op privacy.

Overweeg om anonieme zoekmachines te gebruiken, zoals DuckDuckGo of StartPage. In veel opzichten is privacy iets heel moeilijks om te beschermen, omdat zo veel afhangt van de privacywetten en -voorschriften van het land waarin je woont en de ethiek van de bedrijven waarmee je zaken doet. Hoewel je nooit echt al je privacy kan beschermen in dit technologische tijdperk waarin we leven, zullen deze stappen helpen om de hoeveelheid informatie die over je wordt verzameld te beperken.

privacy instellingen instellen: privacy/manage-privacy-settings/

Bescherming tegen identiteitsdiefstal: training/resources/identity-theft

Virtual private network: networks-vpns

Open source intelligence: yourself-online

Vertaald voor de community door: Andries Bomans
OUCH! Gepubliceerd door SANS Security Awareness en wordt verspreid onder de Creative Commons BY-NC-ND 4.0 license. Het staat u vrij om deze nieuwsbrief te delen of te verspreiden zolang u hem niet verkoopt of wijzigt. Redactionele raad: Walt Scrivens, Phil Hoffman, Alan Waggoner, Les Ridout, Princess Young

Guest Editor Joshua Wright

Guest Editor Joshua Wright

Kenton Smith is een gerespecteerde cyberbeveiligingsconsultant en -adviseur in Calgary, Canada, gespecialiseerd in de ontwikkeling, het beheer en de beoordeling van beveiligingsprogramma’s. Hij geeft les uit het SANS management curriculum en je vindt hem op Twitter onder@kentonsmith of, occasioneel op