An independent cyber security research organization who specialise in ransomware threat actor tracking, breach notifcation and other specalist cyber security services.
Breach Detection
TTP Today assume the role of potential attackers, employing similar resources and emulating their initial access methods to give you ultra realistic view of the current threat landscape.
Our presence in cybercrime forums allows us to passively collect data offered for sale, and developed personas enable us to privately receive data offers and identify companies who have been breached.
Our researchers identify data for sale utilizing multiple intelligence techniques, aided by inhouse tooling designed to scan and track attacker infrastucture and resouces
This unique approach positions us advantageously, enabling us to capitalize on the dwell time between the initial compromise and the subsequent sale of an organization's compromised data to other malicious actors.
We will alert any company we find and offer further services to help triage the incident, can conduct controlled data buys and where possible facilitate removing data or access from the marketplace/forum.
Us alerting your organistation at this stage can be key to responding to the attack before it escalates further ending up in access handed over to more destructive attacker methods such as ransomware. If you haven't detected further escalation at this stage we can take advantage of attacker "dwell time" before the intial malware or exploit or stolen credentials of an organisation are sold on to other attackers who pay for this access to deploy their own ranmware and other objectives, we prevent this from happening by [getting in the way/blocking the stage]
Threat Intelligence Techniques: Uncovering Breaches
Monitoring for common search terms used by attackers (e.g., okta.com, 1password, vpn).
Purchase Credentials Service: Controlled acquisition of credentials and workstation access to comprehensively understand the extent of the breach and attacker access.
Detection of user credential leaks, providing insights into potential network infiltrations.
Dwell Time
Dwell time, ranging from a brief duration to an extended period, signifies the handover time from one attacker to another. Shorter dwell times often indicate proximity to an initial access broker, while longer times may suggest that the compromised data or access has not been utilized. Our diverse methods capitalize on this dwell time, utilizing threat intelligence to scrutinize various data sources and identify compromised servers.