900 Walt Whitman Road, Suite 304 Melville, NY Office:

Transcription

1

2 W E P R O V I D E Cyber Safe Solutions was designed and built from the ground up to help organizations across multiple verticals to defend against modern day attacks. Unlike other security vendors that strictly push their technology to prevent advanced attacks from occurring, Cyber Safe Solutions takes a proactive approach by focusing on people, process and technology through a defensein-depth model. Our mentality is that there is no single solution or silver bullet that will prevent the current adversaries from compromising business networks. An offense must inform defense approach must be taken via a combination of proper risk assessments, prevention, continuous monitoring, detection and rapid incident response. Our team is dedicated to providing services and solutions for our clients that protect organizations from the latest threats. For an effective cyber defense, Cyber Safe Solutions follows strict guidelines and best industry practices by prioritizing and implementing a list of security controls based upon the latest security framework known as the 20 Critical Security Controls. At Cyber Safe Solutions, our team stays current with the latest security news and threats through newsletters, cyber threat intelligence feeds and attending numerous cyber security conferences, seminars, webcasts and training events. We partner up with leading security vendors and implement security technologies that mitigate the ever changing threat landscape for organizations of all sizes. Our highly skilled team has over 20+ years of experience in building and securing world class network infrastructures for organizations across multiple industries. Our team has also attended thousands of hours of training, attained multiple security certifications and currently hold memberships with InfraGard and HTCIA. If you are looking for a dedicated security advisor that will not only protect your organization from the latest advanced threats, but will also work closely to educate your team throughout the entire process, please visit our Contact Us page to schedule an appointment today. - Vulnerability Scanning & - Security Awareness Training & Phishing - Incident Management Platform 900 Walt Whitman Road, Suite 304 Melville, NY Office:

3 CLICK HERE CLICK HERE CLICK HERE CLICK HERE CLICK HERE

4 Identify Asset Discovery Vulnerability Scanning & Web Application Scanning Security Architecture Review & Risk Protect Advanced Threat Protection for NGFW with Unified Web Application Security Detect Threat Watch 24x7 Continuous Monitoring Security Awareness Training & Phishing Social Engineering Respond Malware Analysis & Remediation Threat Hunting Computer Forensics Incident Management Platform Threat Watch Advanced Threat Protection for Endpoints and Servers Vulnerability Scanning & Web Application Scanning Security Policy Analysis and Threat Intelligence & Incident Malware Analysis & Remediation Threat Hunting Cyber Threat Intelligence Computer Forensics Incident Management Platform Security Architecture Review & Risk Security and Secure File Exchange Web Application Security Next Generation Firewall with Unified Threat Management Dual-Factor Authentication Password Management Biometrics Facial Recognition Software Security Awareness Training & Phishing Social Engineering Penetration Tests HIPAA & PCI Consulting

5 Managed Security Services Threat Watch Advanced Threat Protection for Vulnerability Scanning & - Vulnerability Scanning & Web Application Scanning Security Policy Analysis and - Incident Management Platform

6 Threat Watch Threat Watch -> 24 7 Network Security Monitoring, Continuous Security Monitoring, Detection, and Mitigation for Advanced Persistent Threats - Vulnerability Scanning & The threat landscape is dramatically changing and there has been a significant increase in cyber attacks that have become more sophisticated and much more expensive. Traditional security technologies that focus on prevention continue to fail against modern day attacks. Cyber Safe Solutions Managed Security Service known as Threat Watch provides expert threat analysis through network security monitoring, continuous security monitoring, detection, rapid response and mitigation of the most critical ongoing threats organizations face each and every day. Cyber Safe Solutions Security Operations Center was designed and built inside a fully secure high availability data center with redundant internet, power and cooling. Cyber Safe Solutions Threat Watch Managed Security Service incorporates a Unified Security Management (USM) platform that provides five essential security capabilities in a single console. The security capabilities included are: - Incident Management Platform Vulnerability Assessment Network Vulnerability Testing Remediation Verification Threat Detection Network & Host IDS Wireless IDS File Integrity Monitoring Asset Discovery Active & Passive Network Scanning Asset Inventory Host-based Software Inventory Behavior Monitoring Log Collection Netflow Analysis Service Availability Monitoring Security Intelligence SIEM Event Correlation Incident Cyber Safe Solutions Unified Security Management platform allows for better threat detection for a more effective response.

7 Advanced Threat Protection for - Vulnerability Scanning & A significant number of the successful attacks and breaches occurring recently in the retail industry are the result of endpoints and servers running traditional endpoint antivirus protection. Antivirus is a signature-based technology that will only protect against known malware via a process called blacklisting. Advanced malware or zeroday attacks easily bypass this traditional endpoint security ultimately leading to compromised systems. In order to protect against zero day or advanced persistent threats, organizations must rely on a defense-in-depth strategy that utilizes real-time, signature-less security technology on their endpoints and servers. This strategy is accomplished through a security technique known as application whitelisting. Application whitelisting takes the opposite approach of antivirus solutions by allowing approved software to run on your endpoints and servers while blocking unknown or malicious files. Protecting endpoints and servers through a continuous security life cycle is the key to preventing, detecting and responding to modern day attacks. - Incident Management Platform

8 Vulnerability Scanning & All systems that connect to the internet become an instant target for attack by today s cyber criminals. As the number of hardware and software implementations has increased in today s organizations, so has the number of vulnerabilities. The ongoing pressure to keep up with the competition has caused companies to roll out solutions focusing more on functionality rather than security in mind. The offenders are continually scanning systems all across the globe and your system may be one of the so called low-hanging fruit that they could exploit and use to break in. Cyber Safe Solutions provides vulnerability scanning services utilizing sophisticated security tools to scan your systems and find vulnerabilities before the hackers do. - Vulnerability Scanning & - Incident Management Platform

9 Web Application Scanning Similar to the vulnerabilities on your endpoints and servers, there are also vulnerabilities in web applications that can be exploited by the cyber criminals. Two of the most common vulnerabilities discovered in web applications that continually get exploited by the adversaries are SQL injection and cross-site scripting. Successfully exploiting these vulnerabilities would allow access to sensitive data which could ultimately result in a significant data breach. Cyber Safe Solutions automated web application scanning services can provide many benefits including the discovery and cataloging of all web applications in your environment, identifying vulnerabilities such as SQL injection, XSS and CSRF, and finding potential malware hiding in clients websites. - Vulnerability Scanning & - Incident Management Platform

10 Security Policy Analysis and - Vulnerability Scanning & Although most organizations implement security technologies to combat the never ending threats that they face everyday, having a robust security policy in place is a critical component to a strong cyber defense. Implementing a security policy involves classifying the critical assets that need to be protected, identifying the potential security threats and business risks, and the appropriate levels of protection necessary to properly balance security levels with their costs, business practices and corporate culture. Cyber Safe Solutions will analyze your current security policies to ensure that they are following today s standards and best practices for a strong modern day cyber defense. For organizations with an ad-hoc or informal security policy, Cyber Safe Solutions will develop a security policy that incorporates representatives from multiple business groups to assure that the policy developed supports business practices and is ultimately enforceable. - Incident Management Platform

11 Risk Management Services Security Architecture Review & Risk Security and Secure File Exchange - Vulnerability Scanning & Web Application Security Next Generation Firewall with Unified Dual-factor authentication Password Management Biometrics Facial Recognition Software Security Awareness Training & Phishing Social Engineering Penetration Tests - Incident Management Platform HIPAA & PCI Consulting

12 Security Architecture Review & Risk - Vulnerability Scanning & - Incident Management Platform In order to protect your organization from the continuous and increasing sophisticated attacks in today s world, you first need to understand all of the moving pieces within your organization. Organizations across the world continue to strive for greater innovation and efficiency. In order to become more competitive in today s market, organizations focus on improving productivity and reducing costs through IT solutions, but with that comes an increase in risk. Today s networks are becoming more complex and with complexity come gaps in effective IT security. Effective IT security is a balance between risk, cost and convenience. The most recent surveys show that risks are rising faster than most businesses realize. There are two critical questions facing enterprises looking to defend their data, systems, and infrastructure. How do you assess your value at risk from cyber attacks? How do you evaluate the potential return on investment of cyber defense measures? Answer: Utilizing a risk mitigation and planning product that enables enterprises to understand their cyber risk in financial terms. Profiling your network, assets, threats and malware will give you a clear picture of the risks your network faces and be able to mitigate those risks in a quantified, repeatable way. Make decisions and investments based on finances, not fear. Cyber Safe Solutions risk assessment is based on financial value-at-risk modeling. Through precise configuration of multiple profiles such as malware, defenses, threats and assets, Cyber Safe Solutions is able to predict the probability of losing a calculated dollar amount over a period of time. The results can help you make informed decisions when: Evaluating security investments Creating mitigation strategies Purchasing cyber security insurance Determine ROI before making an investment. Mitigations are provided based on the Council for Cyber Security s 20 Critical Security Controls. The 20 Critical Security Controls provide a vendor neutral framework for describing how much you can buy down your risk with an investment, which areas need to be addressed, and which types of fixes are required. Cyber Safe Solutions risk assessment lets you see how your risk will be reduced by each potential investment you can make to improve your defenses. Armed with this data, you can answer the question, Which set of investments will most cost-effectively reduce my risk? Cyber Safe Solutions will evaluate and review organizations architecture to determine the gaps in security and provide assistance and recommendations to secure those systems through best industry practices and by utilizing leading vendor security solutions.

13 Security and Secure File Exchange - Vulnerability Scanning & Is your organization looking for a simple solution to securely send documents to others? If your answer is yes, Cyber Safe Solutions has a product that offers a radically new way to securely send and receive files, eliminating the need for encryption keys, passwords and software to be installed. You will be able to share files in minutes using 256-bit PGP encryption. OpenPGP is the most widely used encryption standard in the world. In just 3 easy steps, you will be able to send a file securely. Step 1: upload the file, which is encrypted with a key on your computer. Step 2: the product will generate a link which includes a secret value, which will be ed to the recipient directly. Step 3: the recipient clicks the link and downloads a package to their computer. For an extra layer of security to keep the information secure, the product provides multi-factor authentication. When users sign in, they are prompted for a username and password, along with a unique SMS code. Attachments and files will not be blocked or have size limitations, as the product will handle all communications through a web browser. - Incident Management Platform

14 Web Application Security Running web applications in a business is very important, but protecting those websites is very critical. Web applications are a prime target for exploitation via discovered vulnerabilities. Incorporating web application scanners to check for vulnerabilities on an ongoing basis is vital to the overall security of your organization. Cyber Safe Solutions provides a web application security product that detects, tracks, profiles and responds to web attackers through a web intrusion deception system. This web intrusion deception system prevents web attackers in real time and is PCI 6.6 compliant. - Vulnerability Scanning & - Incident Management Platform

15 Next Generation Firewall with Unified - Vulnerability Scanning & Traditional firewalls that strictly rely on IP address and port combination to properly filter network applications is no longer sufficient. Next generation firewalls have the capability of performing deep packet inspection at the application layer. Cyber Safe Solutions utilizes a next generation firewall bundled into a Unified (UTM) platform as part of its modern day cyber defense architecture. Cyber Safe Solutions has partnered with a leading next generation firewall vendor that offers a scalable family of network security appliances. This next generation firewall provides security, performance, stability, and reliability with a cost effective solution for networks of all sizes. In order to protect your organization from modern day attacks, the next generation firewall will need to be properly sized, configured, and implemented while incorporating ongoing threat intelligence. This single solution UTM platform integrates a wide range of services in order to strengthen your overall network security. Some of the services included in this UTM model are: Firewall/VPN, Web Filtering, IPS & Application Control, Integrated Wireless Controller, Advanced Threat Protection (ATP) Anti-Malware, Authentication and Endpoint Protection. Cyber Safe Solutions will provide services and monitoring to manage this next generation firewall to its fullest capability. - Incident Management Platform

16 Dual-Factor Authentication - Vulnerability Scanning & Authentication with the use of just a password is not secure because it does not prove your identity. One of the major problems with using only a password for authentication is that it doesn t prove the person logging in is you. In order to improve the authentication process, you need to add another authentication factor. There are generally three types of authentication factors: something you know, something you are, and something you have. The combination of something you know (password) with something you have (mobile phone, token) reliably confirms your identity. Cyber Safe Solutions provides dual-factor authentication services utilizing a best in breed security product with multiple authentication methods. Users can choose their method during login, utilizing either a login request being sent to their phone with one tap approval, mobile passcodes via a free mobile application, passcodes via SMS, phone call back, or a passcode generated on a hardware token. Cyber Safe Solutions dual-factor authentication integrates with VPNs, cloud apps, on premises apps and more. - Incident Management Platform

17 Password Management - Vulnerability Scanning & With the growth of technology and the use of the internet, more traditional activities are involving the use of websites. Most websites require access using a login and password, which has made it more difficult for users to navigate from site to site in an easy and timely fashion. To counteract the burden of remembering multiple logins and passwords to achieve these activities, users are creating uniform logins and passwords across the different sites. For example, a user may use the same login information for a bank account and a social media account. Hackers are recognizing this trend, and know that if they are successful in compromising one site, the chances of that password being successful across multiple sites is high. Security experts typically describe three types of authentication factors something you know (password or pin number), something you have (secure token), and something you are (biometric solutions like facial recognition, iris scanners, or fingerprints). By utilizing a password manager solution with dual factor authentication, you will only need to remember a Master Password coupled with a mobile device with a secure token for the second form of authentication. Without both items, you will not be able to access all of your websites. The dual-factor authentication device helps protect your account from keylogger programs or other threats, so even if your Master Password were captured, someone would be unable to gain access to your account without this second form of authentication. Cyber Safe Solutions has the experience and expertise to assist our clients with choosing the leader in enterprise password management. - Incident Management Platform

18 Biometrics Facial Recognition Software Biometrics has made tremendous strides in the past couple of years and is quickly becoming the replacement for passwords. One speci fi c biometric solution that has become extremely accurate and affordable for most organizations is facial recognition software. Facial recognition software allows for continuous security after authentication, works in almost any situation including low light, can be overridden if the primary access is not possible,and is supported across multiple platforms. Having the capability to automatically lock a system when the person is no longer in view makes this solution perfect for regulated environments for the financial and healthcare industries. Cyber Safe Solutions partners with a leading provider of facial recognition software and will work with our clients to implement this solution across their entire organization. - Vulnerability Scanning & - Incident Management Platform

19 Security Awareness Training & Phishing - Vulnerability Scanning & A majority of companies have focused on securing their systems through various pieces of security technology due to past events when hackers would try and break in through some sort of hardware device,. Since most of the focus was on the technology, the cyber criminals shifted their attack techniques and now go after the weakest link the human OS. In order to make security a top priority for your employees, security awareness training and user education are the most effective tools for avoiding the rising costs of cybercrime. Cyber Safe Solutions provides continuous security awareness training and education which will help to prevent this shift in attacks. The initial attack begins with a sophisticated phishing that includes a malicious attachment or a link to a malicious website. Over 90% of successful breaches begin with an phishing attack. The way to protect your organization from cyber criminals and enhance your defenses is through phishing tests. Cyber Safe Solutions provides phishing security testing which allows you to find out what percentage of your users is prone to phishing. - Incident Management Platform

20 Social Engineering Social Engineering, in the context of IT security, means to trick someone into doing something that undermines the security of that individual or the entire organization as a whole. Some of the latest polls pertaining to social engineering points to the weakest link in the cyber security chain and that is the human OS. Due to the lack of employee awareness, social engineering has been and will remain the most significant threat vector and preferred way of exploitation and infiltration of an organization by today s adversaries. Cyber Safe Solutions will perform social engineering exercises against organizations to try and gain a foothold into corporate networks and systems. An Executive Report will be provided that will detail how the social engineering exercise was performed and the methodologies utilized throughout the process. It is recommended that Cyber Safe Solutions Phishing Tests and Security Awareness Training be performed as a follow up to the social engineering exercise to strengthen an organization s overall security posture and to mitigate the threat landscape. - Vulnerability Scanning & - Incident Management Platform

21 Penetration Tests - Vulnerability Scanning & - Incident Management Platform Network Penetration Tests Is your network safe from attacks? Find out through Cyber Safe Solutions Penetration Testing Services. Through our simulated attacks on computer systems and networks, we can evaluate your computer and network security posture from both external and internal threats. This testing involves an analysis of systems and devices for potential vulnerabilities due to improper or poor system configuration. Pen Testing can involve active exploitation of security vulnerabilities that are discovered and is generally carried out from the position of a potential attacker or cyber-criminal. Any issues discovered will be presented in a detailed report to the system s owner. Upon completing the assessment, we will discuss the potential business impact and present a range of technical or process related countermeasures that will mitigate risks to your organization. Wireless Penetration Tests With the growing trend of smartphones, tablets and lightweight laptops, there has been a significant increase in demand for wireless access. Wireless networks have extended upon your traditional wired network and it is critical that your wireless network is secure from attacks. An insecure wireless network can pose a security risk to your organization and Cyber Safe Solutions will simulate a hacker and attempt to identify, exploit and penetrate weaknesses discovered within wireless systems. Cyber-criminals use a technique called war driving where they sit in parking lots or drive by your facility and utilize tools that will assist them in finding ways to get into your network. Wireless Penetration Tests will identify vulnerabilities and will provide critical information that will help you secure your wireless devices. Web Application Penetration Tests Websites have been a favorite target for attackers. These attackers leverage simple vulnerabilities in order to gain access to sensitive or confidential information that contains personally identifiable information. There are many common types of attacks that cannot be prevented through traditional firewalls or security controls that are in place. It is critical that organizations perform web application tests on their company websites in order to ensure that they are not susceptible to Cross Site Scripting Attacks, CGI Vulnerabilities, SQL Injection, Password Cracking, Theft of Cookies, Input Validation Attacks, Database Vulnerabilities or just weaknesses in their software design and infrastructure. Cyber Safe Solutions will perform Web Application Testing services which are derived from the Open Web Application Security Project (OWASP). Using open source, proprietary and commercial tools, Cyber Safe Solutions will identify both common and application specific vulnerabilities through both automated scans and manual techniques. Before application testing begins, we will perform network and operating system security tests. Once vulnerabilities are discovered, Cyber Safe Solutions will attempt to exploit them, demonstrate the impact of the weaknesses, and provide recommendations for remediation.

22 HIPAA & PCI Consulting Cyber Safe Solutions provides HIPAA and PCI consulting services to organizations that will not just focus on compliance, but will focus on building out a secure environment utilizing the most current security framework for a strong cyber defense. As noticed in the most recent breaches in the retail industry, those organizations were considered compliant, but unfortunately still experienced a data breach. Checking the box for compliance does not mean your organization is secure and security is not a one-time exercise. Security is an ongoing effort and it needs to adapt to the ever changing threats that organizations face today and Cyber Safe Solutions will provide the expertise to ensure your organization is both compliant and secure. - Vulnerability Scanning & - Incident Management Platform

23 Threat Intelligence & Incident Malware Analysis & Remediation Threat Hunting Cyber Threat Intelligence - Vulnerability Scanning & Computer Forensics Incident Management Platform - Incident Management Platform

24 Malware Analysis & Remediation Cyber Safe Solutions provides automated malware analysis and remediation services that immediately lets organizations know if an artifact (such as a file, url, or IP address) is malicious, how dangerous it is, how to repair it, and the value-at-risk in your enterprise. Cyber Safe Solutions utilizes a cloud service that allows our customers to send us a file from anywhere, which will allow us to analyze, process, and advise on the malicious state of the file. An easy-to-understand report with remediation steps will be provided to tune your defenses to defeat malware targeting your organization. - Vulnerability Scanning & - Incident Management Platform

25 Threat Hunting Although a prevention based cyber defense has been an essential focus for many organizations, it is not enough to protect against active threats in an already compromised environment. The numerous breaches that have made the headlines are indicative of this approach. Cyber Safe Solutions takes an offense informs defense approach by providing threat hunting services to actively investigate for live threats. Cyber Safe Solutions provides effective threat hunting services with the mindset that organizations are already compromised by the adversary (unless proven otherwise) and utilizes skills, processes and technology to successfully track down active threats. - Vulnerability Scanning & - Incident Management Platform

26 Cyber Threat Intelligence Cyber Safe Solutions partners with leading security vendors to provide cyber threat intelligence services which provides internal, external and crowd-sourced intelligence exchange with our customers. Cyber Safe Solutions threat intelligence services utilizes an interactive map that aggregates the latest threat data in real-time which includes top malicious IP s and domains across the entire globe. Being armed with real-time threat intelligence will allow organizations to update their defense strategies to avoid becoming the next targeted attack. - Vulnerability Scanning & - Incident Management Platform

27 Computer Forensics Traditional crime has moved from the street to the computer, yielding a significant increase in demand for computer forensics experts. Computer forensics is an integral piece of an organization s incident response platform once a breach has been detected in the specified environment. The scope of a forensics analysis can vary from a simple retrieval of information to a more in-depth reconstruction of a series of events. Cyber Safe Solutions provides computer forensics services that will allow organizations to determine the full scope of a data breach, whether systems have been truly compromised, and if data has been ex-filtrated. - Vulnerability Scanning & - Incident Management Platform

28 Incident Management Platform Currently, organizations continue to focus most of their attention on prevention security technologies which often fail. In order to improve an organization s cyber defense, a shift towards continuous detection and incident response must be taken to combat today s modern threats. A key to improving response times is through an automated incident response platform that can be utilized by multiple members of a security team within a single dashboard. Cyber Safe Solutions partners with a leading provider of a cloud based incident response platform that allows organizations to characterize, assess and respond to incidents to ensure regulatory compliance and reduce breach risks. Cyber Safe Solutions Incident Management Platform provides the necessary tools for organizations that handle PHI and PII to simplify the complexities of incident response management and to ensure compliance with all state and federal regulations. - Vulnerability Scanning & - Incident Management Platform

29 Resources Advanced Persistent Threat The cyber threat landscape has changed from hackers that were known as script kiddies who used automated programs to wreak havoc on organizations of all sizes. The Advanced Persistent Threat is a set of stealthy and continuous hacking processes that is usually initiated by a group of humans targeting a specific entity. APT is usually referred to a group, such as the government that utilizes sophisticated techniques using malware to exploit vulnerabilities in systems and to establish a persistent process to an external command and control system. The initial attack generally begins with some sort of social engineering tactic to deliver a piece of malware via a spear phishing to an individual user or group of users. The picture shown below describes the steps taken via an APT attack. The 20 Critical Security Controls is a set of best practice guidelines for computer security that came about in 2008 by the U.S. National Security Agency (NSA). The NSA in addition to numerous other government agencies and security experts from private industry came up with a list of controls with priority in mind that would have a significant impact on improving an organization s risk posture against ongoing threats. These 20 controls were designed and intended to be used by organizations to block or mitigate known attacks. The controls were priority based and focused on a smaller number of actionable controls with a higher payoff for a stronger cyber defense. Users of the 20 Critical Controls Security Framework are required to refer to when referring to the 20 Critical Controls in order to ensure that users are employing the most up to date guidance. 1. Inventory of Authorized and Unauthorized Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 4. Continuous Vulnerability Assessment and Remediation 5. Malware Defenses 6. Application Software Security 7. Wireless Access Control 8. Data Recovery Capability 9. Security Skills Assessment and Appropriate Training to Fill Gaps 10. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 11. Limitation and Control of Network Ports, Protocols, and Services 12. Controlled Use of Administrative Privileges 13. Boundary Defense 14. Maintenance, Monitoring, and Analysis of Audit Logs 15. Controlled Access Based on the Need to Know 16. Account Monitoring and Control 17. Data Protection 18. Incident and Management 19. Secure Network Engineering 20. Penetration Tests and Red Team Exercises

30 Resources Cyber Kill Chain The term Cyber Kill Chain which was created by defense company Lockheed Martin has been used by cyber experts to describe the 7 stages of a cyber attack. The following diagram describes each stage starting with preparation, then intrusion and finally ending with an active breach. The reason why prevention fails with today s advanced persistent threats, is due to the fact that most of the focus is on Steps 3-5 through inbound prevention techniques, where detection focuses on steps 6-7.

31 Resources Value of a Hacked PC Brian Krebs (@briankrebs) is an investigative reporter within the cyber security industry. He is best known for his coverage of computer security and cybercrime and has broken numerous high profile data breach stories. In October of 2012, Brian created a blog post and the picture below that details the various ways that cyber criminals can leverage a compromised system and the many malicious uses associated with it. Value of a Hacked Account Brian Krebs (@briankrebs) is an investigative reporter within the cyber security industry. He is best known for his coverage of computer security and cybercrime and has broken numerous high profile data breach stories. In June of 2013, Brian wrote a blog [1] on the Value of a Hacked Account and what the value is to the underground criminal black market. According to Brian, hacked accounts are harvested for the addresses of your contacts which would ultimately be inundated with malware, spam and phishing attacks.