As part of your Composite Risk Posture Coalition monitors the web and dark web looking for anywhere your assets we sources may be reaching out with known malicious signals. This may come in the form of an infected server, workstation or device on your network or form a third party vendor found via your attack surface. This may also manifest in the form of third party reporting as we also monitor known malicious block lists to alert you if you if any of your assets have landed on them.
What do I do?
1. Verify if the assets detected are yours or if they are one of your vendors, this can be done by searching for the Assets listed in the External Assets under the Attack surface section of your Control Dashboard.
2. Take Action and conduct a thorough investigation to check if the asset has been compromised. Look for signs of unauthorized access, suspicious activities, or any changes that might indicate a security breach.
- Reviewing Logs: Check server and network logs for unusual activities or patterns indicative of misuse.
- Server Configurations: Ensuring that your server configurations are correct and no malware or malicious content is present.
- Internal Scans: If available use security tools to check systems for vulnerabilities or signs of compromise.
To prevent future issues we recommend the following:
- Software Updates: Regularly update all software of your server and applications to patch vulnerabilities.
- Passwords: Use strong, unique passwords and enable two-factor authentication (2FA) to enhance security.
Once you have addressed the issue, contact the provider of the reputation list to request delisting (this might not always be possible and often will decay with time)