HowTo: Dark Web Workflow

Dark Web Reporting Within CyberHoot:

CyberHoot offers dark web monitoring and reporting for its clients by scanning user email addresses against known dark web breach databases. Any exposures found are reported directly through the CyberHoot console and via email notifications to designated administrators. Admins can then choose to follow the recommended workflow outlined in this article to review and address these exposures. Participation in this process is entirely optional and left to the discretion of each individual client.

 What to Do When You Have Dark Web Exposures:

Here’s a high level overview of the steps you may follow to review dark web exposures.

To check the exposures on the Power Platform:

1. Select the customer in which you want to check the exposures for.
2. Click on the “Exposed” box right from the main Dashboard view.

To check the exposures on the Autopilot Platform:

1. Select the customer in which you want to check the exposures for.
2. Click on Users.
3. Click on Exposed Users.

Overall recommendations:

1. Check the date of the exposures, sometimes those are very old and were already taken care of by the user, when in doubt, notify them.
2. Notify the users, informing them to change their passwords and enable 2FA/MFA on the affected accounts.
3. Here’s a sample of text to send to impacted users when using the notify feature within CyberHoot’s Power Platform:“Your accounts have been discovered on the dark web, if you still use these online accounts that have been exposed, it’s recommended that you change their passwords as well as the passwords for any other accounts that share the same password. Don’t forget to enable 2FA/MFA to further enhance their security”

    

4. Acknowledge the exposure on the console.

• Related Articles

• How the "Dark Web Report" and "Manager Compliance Report" Features work in the Power Platform in CyberHoot

  1. How does it work? Dark Web Reports: Whenever a new exposure to a user is found in the dark web, this report will be sent out to both Super Admins and Customer Admins. This report will only report on newly found exposures that have not been ...

• HowTo: Understand CyberHoot AttackPhish Field Definitions and Training Workflow

  This document explains how CyberHoot AttackPhish populates the various tracking fields when running phishing simulations. It defines the user actions that trigger each status and describes when additional training is assigned. Field Definitions Email ...

• HowTo: Add a New Client to CyberHoot’s Power Platform

  This video was created specifically for MSPs with Super Admin access to CyberHoot’s Power Platform and its multi-tenant deployments. Client Administrators will not have access to these menus. This video provides you a quick overview of how to add a ...

• HowTo: Allow-List in BitDefender

  This HowTo article explains how to configure Allow Listing rules in to allow Attack Phishing tests to reach end users using BitDefender. Warning: CyberHoot supports fake email Attack-Phishing for customers. Please keep in mind this approach uses ...

• HowTo: Allow-List in MailProtector

  This HowTo article explains how to configure Allow Listing rules in to allow Attack Phishing tests to reach end users using MailProtector. Warning: CyberHoot supports fake email Attack-Phishing for customers. Please keep in mind this approach uses ...