Botnet Protection

fabio oyXis2kALVg unsplash

For more than a decade, Constella Intelligence–formerly 4iQ–has been hunting, collecting, and curating breach data, which powers 6 of the top 10 identity theft protection providers, and provides identity intelligence to several partners across a number of use-cases and industries. Our fine-tuned expertise in this space allows us to deliver high-quality and actionable alerts that you can depend on. And while alerts for data exposed in a breach drives tremendous value for several applications, it is well-known that even industry leading provider like Constella cannot always alert on data exposed in a breach right after it happens. Freshly breached data usually remains in the hands of the responsible hacker for his monetary gain, then is eventually passed around on the dark web and underground marketplaces—this often translates into weeks or even months of delay between initial exposure and the end-user being alerted to it.

As a part of our continuous pursuit of maximizing value for our partners, Constella has begun capturing data stolen by botnet malware, specifically Infostealers. This type of malware is making a big comeback, and most notably, can steal any credential used on a victim’s machine, which has a far deeper reach than breached credentials. Not only can this be costly for the average user but can be devastating for an infected corporate-use machine. And so, a timely resolution is of paramount importance.

Constella can alert you to your data being exposed by botnet malware as quickly as a few hours after exposure, with an average response time from exposure to alert in one to seven days. This rapid exposure alerting is critical for all botnet malware victims, as it gives the data owner a fighting chance at changing their exposed passwords before the botnet operator can make malicious use of them. Constella can deliver these timely alerts by ingesting data exposed by over 1 million infected machines per month (and growing), each of which contains on average 38 credential pairs, comprised of 6 unique email addresses.

Getting Started with Constella Botnet Protection

Begin protecting your users immediately with Constella’s Botnet Protection data feed––if you’re already integrated with our Unified Monitoring service, our botnet feed can be enabled without any additional development work. Simply indicate which of your users you’d like to subscribe to this feed (or asks us to enable it for all your users) and immediately begin receiving alerts the same way you already have been.

Our initial rollout of our botnet protection feed is focused on the critical elements: exposed credentials. These will benefit your users in two important ways, one—inform them they’ve been infected by botnet malware, and two—protect them from account takeover attacks by suggesting a password reset on every exposed account. Alerts from this feed will include information about the exposed credentials, the URL for which those credentials were stored, and an informative description of how this data was exposed and a recommendation on how to proceed. These alerts will be triggered by matching an exposed email address or username with an email/username enrolled by the user for continuous monitoring.

In the Near Future

In the near future, we will see some extraordinary enhancements to Constella’s botnet protection data feed, including a higher volume of alerts and additional information about the botnet infection. As we mentioned above, the average Infostealer infected machine contains 38 different credential pairs across 6 different email addresses. We typically see one to two different email addresses monitored by users protected on our platform, which means, the typical user would not be alerted to all of their exposures, should they get infected by Infostealer malware. That’s exactly why the upcoming release of our botnet protection feed will provide all exposed credentials found on one infection machine, so long as one of your user’s provisioned email addresses or usernames matches the data exposed by a botnet. This has a profound significance, as it greatly increases your user’s awareness of their exposures, reminding them of email addresses they may have forgotten about, and protecting them from unseen threats.

Once we’ve rolled out the expanded set of credentials, we will begin enriching the botnet data feed with additional metadata captured by the Infostealer malware. This additional data will include information about the infected machine’s operating system, computer name, computer username, IP address, the file path to the malware on the infected machine, any exposed credit card numbers and files stolen by the malware.

Enhance the protection you provide your users by enrolling in Constella’s botnet protection feed. Deliver timely alerts in near real time following a botnet exposure and protect your users from threats they may not have otherwise detected. Contact us for a demo!

Keon Ramezani

Sr. Sales Engineer