Digital Shadows Insights Blog

The latest advice, opinions and research from our dedicated intelligence and analyst teams

Another SANS Cyber Threat Intelligence Summit is in the books

11 February 2016

Last Thursday we wrapped up the 4th annual SANS Cyber Threat Intelligence (CTI) Summit. I have presented at all four of the summits and I’ve have been fortunate enough to...

Read More

Waiter, there’s a hole in my intelligence collection!

10 February 2016

We’re all swimming in data. There’s data everywhere. From packet captures to reputation feeds, it feels like there is a fire hydrant of data flooding analysts.

Read More

Relevance: The missing ingredient of cyber threat intelligence

9 February 2016

Today we’ve announced the closing of our Series B investment round, led by Trinity Ventures. This $14 million will give us the support to grow our team, further invest in...

Read More

Surviving the threats posed by PoS malware

3 February 2016

These days, you can’t go into a store or mall without being asked to use a point of sale (PoS) system during checkout, versus an antiquated cash register.

Read More

“Largest cyber attack” on Israel lacks power

1 February 2016

On 26 January, Yuval Steinitz, the Israeli Minister of Infrastructure, Energy and Water Resources, announced to the 2016 CyberTech Conference in Tel Aviv that the Israeli Electric Corporation was dealing...

Read More

Why I joined Digital Shadows

28 January 2016

Departing Forrester Research wasn’t an easy decision; it was a great job. I was able to help guide the security strategies of some of the world’s largest and most complex...

Read More

Prêt-à-Porter Shadows

27 January 2016

The early part of any year is a time of reflection on the new devices we were gifted by others (or ourselves) during the holidays.

Read More

Digital Shadows honored as Bloomberg Business Top Innovator

26 January 2016

We're pleased to announce that Bloomberg Business has named Digital Shadows as one of the top breakthrough and disruptive businesses in the UK – in the category of “changing the...

Read More

Escalation in OpKillingBay

25 January 2016

There has been a noticeable recent increase in activity surrounding the OpKillingBay operations - a hacktivist campaign attributed to the Anonymous collective that has been active since 2013.

Read More

Criminal services – Bulletproof hosting

21 January 2016

Cybercrime can be a lucrative business if you do it well. But how do criminals ensure the success of their schemes without interference from law enforcement or industry-led interventions, such...

Read More

Digital Shadows Welcomes Rick Holland as Vice President of Strategy

19 January 2016

Last year was an exciting time for Digital Shadows; we opened our new co-headquarters in San Francisco, achieved over 400% growth in revenue, and more than doubled the size of...

Read More

The Strategic Corporal and Information Security

19 January 2016

For those unfamiliar with the term “strategic corporal”, it sprung out of the conflicts in Afghanistan and Iraq.

Read More

DD4BC Arrests: What Now for Extortion?

15 January 2016

Earlier this week, Europol published a press release stating that an individual suspected of being a “key member” of the extortionist group DD4BC had been arrested, and that a further...

Read More

A Complex Threat Landscape

14 January 2016

Achieving a better understanding of the threat landscape is key for organizations; the better they know their enemies, the better they can align their security postures. But it is hard.

Read More

RATs: Invasion of Your Privacy

12 January 2016

When most people hear the word “RAT” they envision a large rodent that dines in dumpsters while seeking solace in sewers.

Read More

Digital Currency and Getting Paid In The Underground

6 January 2016

It’s been said that money makes the world go round.  People expect to be paid for their time, goods, and services, and cyber criminals are no different.

Read More

Lots to learn? Academia and intelligence

4 January 2016

With the ongoing emergence of CTI you could be forgiven for thinking that the discipline of intelligence was new.

Read More

Criminal Services – Crypting

18 December 2015

In the world of cybercrime, malicious software (malware) plays an important role. But if you’re a cybercriminal, how do you keep your malware from being detected?

Read More

‘Hacker Buba’: Failed extortion, what next?

11 December 2015

An actor identifying itself as "Hacker Buba" recently claimed to have breached Invest Bank and posted purported customer and client information on Twitter as part of an attempt to extort...

Read More

Communicating Intelligence: The Challenge of Consumption

10 December 2015

In my previous blog in this series I discussed the challenge of effectively communicating intelligence, and provided examples of how we inform our clients of individual incidents.

Read More

Communicating Intelligence: Getting the message out

8 December 2015

In my previous blog I discussed some of the challenges associated with communicating intelligence. In this follow up piece, I’ll explain some of the methods we use here at Digital...

Read More

TalkTalk information likely to be discoverable on the dark web

4 December 2015

Last month, TalkTalk disclosed that they been the victim of a cyber attack on its website.

Read More

Communicating Intelligence: A battle of three sides

2 December 2015

Good intelligence depends in large measure on clear, concise writing.

Read More

Criminal Services – Counter Antivirus Services

30 November 2015

Infosecurity Magazine recently reported that two individuals have been arrested in the UK on suspicion of running a website that facilitates the development of malware.

Read More

Activity Based Intelligence – Activating your interest?

25 November 2015

Some threat actors love to make noise. Be it a tweet, a forum post, or a chat room message, communicating in the open often takes place.

Read More

Crackas With Attitude: What We've Learned

23 November 2015

One of the most active actors of the past several months has been a hacktivist group who identify themselves as ‘Crackas With Attitude’ (CWA).

Read More

From CTI to Cyber Situational Awareness: What you should know

16 November 2015

With more attackers trailing the digital shadows of organizations, traditional defenses have proven to be insufficient and organizations are looking at new ways of protecting themselves.

Read More

The Way of Hacking

10 November 2015

In the Japanese martial art of Aikido it is said that "Kurai Dori" is the ability of a skilled practitioner, or "aikidoka", to control the consciousness of an opponent.

Read More

Emerging Markets: Online Extortion Matures via DDoS Attacks

9 November 2015

Unlike scenes from books or movies where shadowy figures hold manila envelopes containing information or photographs pertaining to an unsuspecting victim, few of us in the real world have to...

Read More

Crackas With Attitude strike again?

28 October 2015

Last week, the New York Post reported that hackers had compromised the personal email address of CIA Director, John Brennan.

Read More

TalkTalk: Avoiding the hype

28 October 2015

There has been no shortage of media coverage on the recent TalkTalk cyber attack.  The full implications of the attack are not yet known, but reports suggest it could affect...

Read More

Smilex: Dangers of Poor OpSec

27 October 2015

On 13 Oct 2015, it was revealed in an indictment on the US department of Justice website that Dridex (AKA Bugat and Cridex) activity had been disrupted and charges filed...

Read More

CATER, For Your Threat Intelligence Needs

8 October 2015

Our white paper, Cyber Threat Intelligence: A Buyer’s Guide, provides an overview of current CTI approaches and the types of offerings available.

Read More

Online carding

7 October 2015

There is no shortage of credit card information being sold online. In the past six months alone, our spider (which covers I2P and ToR Darknet overlay networks as well as surface web carding sites) detected thousands of instances of sites offering credit...

Read More

Cyber Situational Awareness: Gain an Attacker’s Eye View

23 September 2015

Our latest white paper defines a different perspective on security – cyber situational awareness.

Read More

Greater capabilities equal greater cyber situational awareness

21 September 2015

In a recent Techworld article, one of our clients said that Digital Shadows SearchLight™ “…gives me “visibility into a world that is outside of my control.” This is the very...

Read More

How the Internet of Things (IoT) is Expanding Your Digital Shadow

10 September 2015

The Internet of Things (IoT) is a development that is the direct result of objects, technology, people that have been provided with unique identifiers, which possess the ability to transfer...

Read More

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

4 September 2015

One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).

Read More

Raising the Stakes - U.S. retaliation for Chinese cyber espionage has the potential for escalation

18 August 2015

Following the Jun 2015 announcement that the U.S. Office of Personnel Management (OPM) had been breached and the personal data of millions of current and former federal employees compromised, a...

Read More

The Intelligence cycle – what is it good for?

13 August 2015

It seems that the concept of ‘intelligence’ is a problem. The definition isn’t agreed, and the industry is peppered with vendors and organisations applying a range or meanings and interpretations.

Read More

OPSEC and Trust in an Underground Cybercriminal Forum

12 August 2015

There are perhaps tens of thousands of forums and sites in the visible and dark webs dedicated to criminal activity.

Read More

Exciting times, exciting team at Digital Shadows

30 July 2015

Yesterday we announced that Stuart McClure, founder and CEO of Cylance, Inc, is joining our Board of Directors. The entire company is excited about his joining us, and James Chappell and I are especially looking forward to working with him as we further grow the company. While we are excited, Stuart’s joining our board is not the only great team news we have at Digital Shadows. Over the last few months we’ve grown our executive leadership team to map to our business goals, and I want to introduce them.

Read More

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

20 July 2015


One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).

Read More

Exploiting is my business...and business is good

13 July 2015

In 2015 we are seeing new trends emerge with respect to Exploit Kits in the wild. These trends are particularly interesting in that they suggest that the frequency of 0-day exploits made available in these kits is growing while the time to integrate said 0-days from the time of discovery to inclusion in the kits is shrinking rapidly.

Read More

Online Extortion - Old Ways, New Tricks

6 July 2015


Extortion is nothing new for organised crime. For centuries, gangs have been operating protection rackets and kidnappings to successfully extract ransom money from their victims. And as with many things in modern life, these old techniques have been successfully brought over to the cyber realm.

Read More

Saudi Arabia MOFA Breach

1 July 2015

A look at the recent MOFA breach.

Read More

What’s In a Name? The Mystery Surrounding the Identity of the Actors Responsible for the Saudi Arabia Breaches

1 July 2015


Recently we wrote about the initial breach of the Ministry of Foreign Affairs of the Kingdom of Saudi Arabia (KSA).  We felt like this was noteworthy for several reasons: 1.  ...

Read More

Kaspersky Labs Discloses Duqu 2.0 Attack

19 June 2015

Today social media channels the world over are a buzz with news of Kaspersky Labs disclosure of the discovery of Duqu 2.0.  This news was significant for many reasons especially...

Read More

Digital Shadows integrates with Maltego through partnership with Malformity Labs

15 June 2015


The need for organizations to focus on their risk exposure is growing daily, and their ability to establish a clear picture of their environments is key to mitigating risk.

Read More

Emerging Markets & Services: Ransomware-as-a-Service

9 June 2015


A look at emerging markets and services, specifically at  ransomeware-as-a-service.

Read More

The Adult Friend Finder Breach: A Recap

27 May 2015


Last week, news quickly spread about a security breach that impacted the casual dating website Adult Friend Finder. Will Gragido. Head of Threat Intelligence for Digital Shadows in the USA, shares his findings.

Read More

The Dangers of Groupthink: Part 2

10 April 2015


This post moves on to the second cause of groupthink and tries to understand how organizational structural faults may result in manifestations of groupthink.

Read More

The Dangers of Groupthink

4 March 2015


Over the next few blog posts we’ll be looking at various types of cognitive bias and suggest ways of dealing with them.

Read More

Analytical Tradecraft at Digital Shadows

5 February 2015


This week my colleague and I attended the SANS Cyber Threat Intelligence conference in Washington DC. It was great to hear more from analysts and CTI users from across the community, as well as mingle with the plethora of vendors who were present. This blog explores some of the themes which arose from discussions on analytical tradecraft.

Read More

Remote working at Digital Shadows

27 January 2015

Here at Digital Shadows we’ve worked hard to assemble the most dedicated and talented development team possible and that has resulted in our team being concentrated here in London, but including members both further afield in the UK and internationally. This means that we’ve had to learn how to work with a distributed team and this post will cover our experiences and some of the utilities we’re making use of to work as efficiently as possible.

Read More

Digital Shadows joins roundtable at 10 Downing Street

9 January 2015


Alastair Paterson, CEO of Digital Shadows, recently visited 10 Downing Street to participate in a roundtable on cyber security. The session brought together leaders from industry, academia and government and sought to address the challenges surrounding cyber security policy.

Read More

Working in multilingual sources

12 November 2014


This post will be about some of the challenges you are likely to face trying to handle data in different languages and how to deal with them. Most of our code is in Java so the examples here will all be written in Java

Read More

Source Evaluation

12 November 2014


To organisations, threat intelligence is about understanding the threat landscape – the various actors and campaigns which conduct cyber attacks – so that when they are specifically targeted it can be detected, mitigation put in place, and the risk to their business reduced. Robust source evaluation minimises the chance of crying wolf, or warning of the wrong threat entirely.

Read More

Even the hackers are targeted by phishers

6 November 2014


We noticed a Tweet from one of the groups we are tracking which claimed that the popular football game FIFA was “offline”. Given the unspecific nature of the Tweet and the lack of any evidence suggesting that the online services of the game had been affected by any kind of cyber attack, we assessed that it was likely a false claim.

Read More

The Intelligence Trinity

30 October 2014


For several years now there has been considerable hype and hubris around the term ‘intelligence’ within the cyber security industry. It feels as if the term has been diluted as its usage has extended to include vendors dealing in a range of issues from bad IPs and Indicators of Compromise, to tip-offs that hacktivist groups are targeting particular sectors and the activities of APT groups, and everything in-between.

Read More

Digital Shadows invited to 10 Downing Street

30 July 2014


Interest in London’s burgeoning tech industry is growing so rapidly that even David Cameron has taken notice; at Pitch10, an event at 10 Downing Street to be held on Thursday 31st July, ten of the most promising digital companies in Britain will pitch their businesses to an audience that includes Cameron himself.

Read More

Watch Dogs – it’s just a game... or is it?

27 May 2014


A new video game called Watch Dogs is offering an interesting take on real life digital shadows. Sounds like a pretty scary world – Watch Dogs’ website proclaims “You are not an individual. You are a data cluster.” But just how accurate is this idea in the world that we live in? At Digital Shadows we protect organisations from data loss and targeted cyber attack.

Read More