Digital Shadows Insights Blog

The latest advice, opinion and research from our dedicated security analyst team.

Data breaches targeting financial services: 2016 so far

26 May 2016

It’s been a busy year for data breaches relating to financial services organizations – we’ve identified claims of breaches for 10 companies in this sector.

Read More

The Plan is Mightier than the Sword – Planning

24 May 2016

Media reports of breaches against major corporations or government agencies typically follow a familiar narrative of "sophisticated" attackers deploying a dazzling array of "cyber weapons" against a hapless target.

Read More

OpIcarus – Increased Claims Against Financial Institutions

23 May 2016

There’s no shortage of online hacktivist operations launched by actors who are seeking to readdress injustices, perceived or actual. Indeed, we have previously posted blogs on such OpIsrael and OpOlympicHacking.

Read More

Goliath ransomware, giant problem or giant con?

17 May 2016

Ransomware can cause big problems for individuals and organizations, but what are the new types of malware that are being advertised on the dark web, are they genuine and what...

Read More

Digital Shadows – The Innovation Continues

17 May 2016

This week, Digital Shadows will turn five years old. Over this time, our product and engineering teams have continually worked with our clients to help better understand the risks that...

Read More

Bozkurt Hackers continue to leak bank data

13 May 2016

A threat actor calling itself “Bozkurt Hackers” posted links to data on Twitter allegedly obtained from a number of banks based in the United Arab Emirates, Bangladesh and Nepal.

Read More


10 May 2016

Artificial Intelligence (AI) is currently going through one of its regular hype bubbles. Another dawn of the super-intelligent machine is upon us.

Read More

Cyber situational awareness: It just makes cents

9 May 2016

For organizations that are looking to secure their online presence, there is no shortage of products on offer.

Read More

Analyzing the 2016 Verizon Data Breach Investigations Report

4 May 2016

Last week Verizon released the 2016 Data Breach Investigations Report. If you haven’t read it yet, I highly recommend that you do so; the Verizon DBIR should be on everyone’s...

Read More

Getting Strategic With Your Threat Intelligence Program

27 April 2016

Tactical feeds have dominated the threat intelligence narrative for many years, but there is an emerging understanding that there must be more to threat intelligence than just open source and...

Read More

The Hacking Team breach – an attacker’s point of view

25 April 2016

On 17 April 2016, two posts were added to Pastebin (one in Spanish, the other in English) detailing the alleged methods and tools used to access the internal network of...

Read More

Continuous monitoring: four considerations

21 April 2016

When striving to understand threats outside of an organization’s boundary, continuous monitoring and real-time alerts are two features that are often talked about.

Read More

Antifragile Security: Bouncing Back Stronger

19 April 2016

Strong, robust, stable, resilience – these are all words associated with a successful security posture. They’re comforting words that serve to gain the confidence of executives.

Read More

URGENT, ACT. RQD: Navigating Business Email Compromise

12 April 2016

Call me phishmail.

Read More

OpIsrael 2016 marked by increase in data compromise

11 April 2016

In our last blog on OpIsrael, we assessed what we were likely to observe on April 7.

Read More

OpIsrael: An Update

6 April 2016

Last month our intelligence team published a blog on the use of ABI in understanding OpIsrael 2016, which suggested that the level of talk was indicative of an active campaign...

Read More

Online credit card shops – a numbers game

5 April 2016

You may have recently read headlines about an online shop that was selling millions of stolen credit cards.

Read More

Dark web: More than just a bastion of criminality

31 March 2016

For many people, the term “dark web” refers to criminal activity on Internet. There are many definitions for what comprises the dark web.

Read More

It's time to put the diligence into your M&A due diligence

30 March 2016

The headlines resulting from the Target/Fazio Mechanical Services and T-Mobile/Experian breaches have raised the awareness around third-party risks.

Read More

Cybersecurity for the nuclear industry – ‘in service modification’ or more systemic change required?

29 March 2016

On the March 15, I was lucky enough to be invited to a round table event at Chatham House in London titled, Security by Design: Mitigating Cyber Security Risks in...

Read More

Cybercriminal Situational Awareness

22 March 2016

The Internet has made keeping up-to-date with current affairs and finding relevant information so much easier.  There's a problem though: cybercriminals are frequently using current affairs, calendar events, and global...

Read More

Uncertainties in the Language of Uncertainty – and why we need to talk about it

17 March 2016

If you know much about Digital Shadows SearchLight, you would know that one of our strengths in the provision of cyber situational awareness is the human in the loop.

Read More

OpIsrael: Looking ahead to April 7 with ABI

15 March 2016

At any one time, there is a host of hacktivist operations announced, discussed and in action.

Read More

Moar Sand!

10 March 2016

Let’s face it, many organizations have their heads in the sand. In some cases this choice is a deliberate one; the temperature down there is cool and your face gets exfoliated.

Read More

Intelligence vs. Infosec: The 3-letter-guy to the rescue?

8 March 2016

Whenever Royal Marines deploy on operations, they take with them their own intelligence analysts. These analysts are fully trained and experienced Marines, meaning they benefit from having been in the...

Read More

The ‘hacker’ talent shortage: What organizations can learn from the recruitment efforts of their attackers

1 March 2016

The seventh annual (ISC)² Global Workforce Survey estimates that there will be a shortage of information security professionals by 2020.

Read More

Aviate, Navigate, Communicate

29 February 2016

I’m an aviation enthusiast. Flying is exhilarating; it gives you a sense of freedom, provides breathtaking views and allows you see the world from a different perspective.

Read More

From cyber espionage to hacker marketing strategies: an overview of Digital Shadows talks at RSA Conference

26 February 2016

It’s not long until this year’s RSA Conference, and Digital Shadows will be in full force, with some of us giving talks.

Read More


25 February 2016

We always want to find someone or something to pin the blame on when a serious data breach occurs.  But is it really that simple?

Read More

Using news reports as a source of intelligence

24 February 2016

It’s often tempting to overplay the importance of exploring dark and deep web sources in providing intelligence value.

Read More

OpOlympicHacking: A hurdle for Rio’s sponsors to vault

22 February 2016

This month Anonymous Brazil and an affiliate group, known as ASOR Hack Team, announced the launch of the hacktivist operation, OpOlympicHacking.

Read More

Why go through the trouble to tumble?

17 February 2016

Today you can purchase a pizza in Berlin and pay for it from a digital wallet located on a computer in Prague.

Read More

Cyber situational awareness and the kill chain

16 February 2016

The concept of the cyber kill chain, in some form or another, has been around for ages. Some love it, and some hate it.

Read More

Another SANS Cyber Threat Intelligence Summit is in the books

11 February 2016

Last Thursday we wrapped up the 4th annual SANS Cyber Threat Intelligence (CTI) Summit. I have presented at all four of the summits and I’ve have been fortunate enough to...

Read More

Waiter, there’s a hole in my intelligence collection!

10 February 2016

We’re all swimming in data. There’s data everywhere. From packet captures to reputation feeds, it feels like there is a fire hydrant of data flooding analysts.

Read More

Relevance: The missing ingredient of cyber threat intelligence

9 February 2016

Today we’ve announced the closing of our Series B investment round, led by Trinity Ventures. This $14 million will give us the support to grow our team, further invest in...

Read More

Surviving the threats posed by PoS malware

3 February 2016

These days, you can’t go into a store or mall without being asked to use a point of sale (PoS) system during checkout, versus an antiquated cash register.

Read More

“Largest cyber attack” on Israel lacks power

1 February 2016

On 26 January, Yuval Steinitz, the Israeli Minister of Infrastructure, Energy and Water Resources, announced to the 2016 CyberTech Conference in Tel Aviv that the Israeli Electric Corporation was dealing...

Read More

Why I joined Digital Shadows

28 January 2016

Departing Forrester Research wasn’t an easy decision; it was a great job. I was able to help guide the security strategies of some of the world’s largest and most complex...

Read More

Prêt-à-Porter Shadows

27 January 2016

The early part of any year is a time of reflection on the new devices we were gifted by others (or ourselves) during the holidays.

Read More

Digital Shadows honored as Bloomberg Business Top Innovator

26 January 2016

We're pleased to announce that Bloomberg Business has named Digital Shadows as one of the top breakthrough and disruptive businesses in the UK – in the category of “changing the...

Read More

Escalation in OpKillingBay

25 January 2016

There has been a noticeable recent increase in activity surrounding the OpKillingBay operations - a hacktivist campaign attributed to the Anonymous collective that has been active since 2013.

Read More

Criminal services – Bulletproof hosting

21 January 2016

Cybercrime can be a lucrative business if you do it well. But how do criminals ensure the success of their schemes without interference from law enforcement or industry-led interventions, such...

Read More

Digital Shadows Welcomes Rick Holland as Vice President of Strategy

19 January 2016

Last year was an exciting time for Digital Shadows; we opened our new co-headquarters in San Francisco, achieved over 400% growth in revenue, and more than doubled the size of...

Read More

The Strategic Corporal and Information Security

19 January 2016

For those unfamiliar with the term “strategic corporal”, it sprung out of the conflicts in Afghanistan and Iraq.

Read More

DD4BC Arrests: What Now for Extortion?

15 January 2016

Earlier this week, Europol published a press release stating that an individual suspected of being a “key member” of the extortionist group DD4BC had been arrested, and that a further...

Read More

A Complex Threat Landscape

14 January 2016

Achieving a better understanding of the threat landscape is key for organizations; the better they know their enemies, the better they can align their security postures. But it is hard.

Read More

RATs: Invasion of Your Privacy

12 January 2016

When most people hear the word “RAT” they envision a large rodent that dines in dumpsters while seeking solace in sewers.

Read More

Digital Currency and Getting Paid In The Underground

6 January 2016

It’s been said that money makes the world go round.  People expect to be paid for their time, goods, and services, and cyber criminals are no different.

Read More

Lots to learn? Academia and intelligence

4 January 2016

With the ongoing emergence of CTI you could be forgiven for thinking that the discipline of intelligence was new.

Read More

Criminal Services – Crypting

18 December 2015

In the world of cybercrime, malicious software (malware) plays an important role. But if you’re a cybercriminal, how do you keep your malware from being detected?

Read More

‘Hacker Buba’: Failed extortion, what next?

11 December 2015

An actor identifying itself as "Hacker Buba" recently claimed to have breached Invest Bank and posted purported customer and client information on Twitter as part of an attempt to extort...

Read More

Communicating Intelligence: The Challenge of Consumption

10 December 2015

In my previous blog in this series I discussed the challenge of effectively communicating intelligence, and provided examples of how we inform our clients of individual incidents.

Read More

Communicating Intelligence: Getting the message out

8 December 2015

In my previous blog I discussed some of the challenges associated with communicating intelligence. In this follow up piece, I’ll explain some of the methods we use here at Digital...

Read More

TalkTalk information likely to be discoverable on the dark web

4 December 2015

Last month, TalkTalk disclosed that they been the victim of a cyber attack on its website.

Read More

Communicating Intelligence: A battle of three sides

2 December 2015

Good intelligence depends in large measure on clear, concise writing.

Read More

Criminal Services – Counter Antivirus Services

30 November 2015

Infosecurity Magazine recently reported that two individuals have been arrested in the UK on suspicion of running a website that facilitates the development of malware.

Read More

Activity Based Intelligence – Activating your interest?

25 November 2015

Some threat actors love to make noise. Be it a tweet, a forum post, or a chat room message, communicating in the open often takes place.

Read More

Crackas With Attitude: What We've Learned

23 November 2015

One of the most active actors of the past several months has been a hacktivist group who identify themselves as ‘Crackas With Attitude’ (CWA).

Read More

From CTI to Cyber Situational Awareness: What you should know

16 November 2015

With more attackers trailing the digital shadows of organizations, traditional defenses have proven to be insufficient and organizations are looking at new ways of protecting themselves.

Read More

The Way of Hacking

10 November 2015

In the Japanese martial art of Aikido it is said that "Kurai Dori" is the ability of a skilled practitioner, or "aikidoka", to control the consciousness of an opponent.

Read More

Emerging Markets: Online Extortion Matures via DDoS Attacks

9 November 2015

Unlike scenes from books or movies where shadowy figures hold manila envelopes containing information or photographs pertaining to an unsuspecting victim, few of us in the real world have to...

Read More

Crackas With Attitude strike again?

28 October 2015

Last week, the New York Post reported that hackers had compromised the personal email address of CIA Director, John Brennan.

Read More

TalkTalk: Avoiding the hype

28 October 2015

There has been no shortage of media coverage on the recent TalkTalk cyber attack.  The full implications of the attack are not yet known, but reports suggest it could affect...

Read More

Smilex: Dangers of Poor OpSec

27 October 2015

On 13 Oct 2015, it was revealed in an indictment on the US department of Justice website that Dridex (AKA Bugat and Cridex) activity had been disrupted and charges filed...

Read More

CATER, For Your Threat Intelligence Needs

8 October 2015

Our white paper, Cyber Threat Intelligence: A Buyer’s Guide, provides an overview of current CTI approaches and the types of offerings available.

Read More

Online carding

7 October 2015

There is no shortage of credit card information being sold online. In the past six months alone, our spider (which covers I2P and ToR Darknet overlay networks as well as surface web carding sites) detected thousands of instances of sites offering credit...

Read More

Cyber Situational Awareness: Gain an Attacker’s Eye View

23 September 2015

Our latest white paper defines a different perspective on security – cyber situational awareness.

Read More

Greater capabilities equal greater cyber situational awareness

21 September 2015

In a recent Techworld article, one of our clients said that Digital Shadows SearchLight™ “…gives me “visibility into a world that is outside of my control.” This is the very...

Read More

How the Internet of Things (IoT) is Expanding Your Digital Shadow

10 September 2015

The Internet of Things (IoT) is a development that is the direct result of objects, technology, people that have been provided with unique identifiers, which possess the ability to transfer...

Read More

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

4 September 2015

One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).

Read More

Raising the Stakes - U.S. retaliation for Chinese cyber espionage has the potential for escalation

18 August 2015

Following the Jun 2015 announcement that the U.S. Office of Personnel Management (OPM) had been breached and the personal data of millions of current and former federal employees compromised, a...

Read More

The Intelligence cycle – what is it good for?

13 August 2015

It seems that the concept of ‘intelligence’ is a problem. The definition isn’t agreed, and the industry is peppered with vendors and organisations applying a range or meanings and interpretations.

Read More

OPSEC and Trust in an Underground Cybercriminal Forum

12 August 2015

There are perhaps tens of thousands of forums and sites in the visible and dark webs dedicated to criminal activity.

Read More

Exciting times, exciting team at Digital Shadows

30 July 2015

Yesterday we announced that Stuart McClure, founder and CEO of Cylance, Inc, is joining our Board of Directors. The entire company is excited about his joining us, and James Chappell and I are especially looking forward to working with him as we further grow the company. While we are excited, Stuart’s joining our board is not the only great team news we have at Digital Shadows. Over the last few months we’ve grown our executive leadership team to map to our business goals, and I want to introduce them.

Read More

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

20 July 2015


One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).

Read More

Exploiting is my business...and business is good

13 July 2015

In 2015 we are seeing new trends emerge with respect to Exploit Kits in the wild. These trends are particularly interesting in that they suggest that the frequency of 0-day exploits made available in these kits is growing while the time to integrate said 0-days from the time of discovery to inclusion in the kits is shrinking rapidly.

Read More

Online Extortion - Old Ways, New Tricks

6 July 2015


Extortion is nothing new for organised crime. For centuries, gangs have been operating protection rackets and kidnappings to successfully extract ransom money from their victims. And as with many things in modern life, these old techniques have been successfully brought over to the cyber realm.

Read More

Saudi Arabia MOFA Breach

1 July 2015

A look at the recent MOFA breach.

Read More

What’s In a Name? The Mystery Surrounding the Identity of the Actors Responsible for the Saudi Arabia Breaches

1 July 2015

Recently we wrote about the initial breach of the Ministry of Foreign Affairs of the Kingdom of Saudi Arabia (KSA).  We felt like this was noteworthy for several reasons: 1.  ...

Read More

Kaspersky Labs Discloses Duqu 2.0 Attack

19 June 2015

Today social media channels the world over are a buzz with news of Kaspersky Labs disclosure of the discovery of Duqu 2.0.  This news was significant for many reasons especially...

Read More

Digital Shadows integrates with Maltego through partnership with Malformity Labs

15 June 2015


The need for organizations to focus on their risk exposure is growing daily, and their ability to establish a clear picture of their environments is key to mitigating risk.

Read More

Emerging Markets & Services: Ransomware-as-a-Service

9 June 2015


A look at emerging markets and services, specifically at  ransomeware-as-a-service.

Read More

The Adult Friend Finder Breach: A Recap

27 May 2015

Last week, news quickly spread about a security breach that impacted the casual dating website Adult Friend Finder. Will Gragido. Head of Threat Intelligence for Digital Shadows in the USA, shares his findings.

Read More

The Dangers of Groupthink: Part 2

10 April 2015

This post moves on to the second cause of groupthink and tries to understand how organizational structural faults may result in manifestations of groupthink.

Read More

The Dangers of Groupthink

4 March 2015

Over the next few blog posts we’ll be looking at various types of cognitive bias and suggest ways of dealing with them.

Read More

Analytical Tradecraft at Digital Shadows

5 February 2015


This week my colleague and I attended the SANS Cyber Threat Intelligence conference in Washington DC. It was great to hear more from analysts and CTI users from across the community, as well as mingle with the plethora of vendors who were present. This blog explores some of the themes which arose from discussions on analytical tradecraft.

Read More

Remote working at Digital Shadows

27 January 2015

Here at Digital Shadows we’ve worked hard to assemble the most dedicated and talented development team possible and that has resulted in our team being concentrated here in London, but including members both further afield in the UK and internationally. This means that we’ve had to learn how to work with a distributed team and this post will cover our experiences and some of the utilities we’re making use of to work as efficiently as possible.

Read More

Digital Shadows joins roundtable at 10 Downing Street

9 January 2015


Alastair Paterson, CEO of Digital Shadows, recently visited 10 Downing Street to participate in a roundtable on cyber security. The session brought together leaders from industry, academia and government and sought to address the challenges surrounding cyber security policy.

Read More

Working in multilingual sources

12 November 2014


This post will be about some of the challenges you are likely to face trying to handle data in different languages and how to deal with them. Most of our code is in Java so the examples here will all be written in Java

Read More

Source Evaluation

12 November 2014


To organisations, threat intelligence is about understanding the threat landscape – the various actors and campaigns which conduct cyber attacks – so that when they are specifically targeted it can be detected, mitigation put in place, and the risk to their business reduced. Robust source evaluation minimises the chance of crying wolf, or warning of the wrong threat entirely.

Read More

Even the hackers are targeted by phishers

6 November 2014


We noticed a Tweet from one of the groups we are tracking which claimed that the popular football game FIFA was “offline”. Given the unspecific nature of the Tweet and the lack of any evidence suggesting that the online services of the game had been affected by any kind of cyber attack, we assessed that it was likely a false claim.

Read More

The Intelligence Trinity

30 October 2014

For several years now there has been considerable hype and hubris around the term ‘intelligence’ within the cyber security industry. It feels as if the term has been diluted as its usage has extended to include vendors dealing in a range of issues from bad IPs and Indicators of Compromise, to tip-offs that hacktivist groups are targeting particular sectors and the activities of APT groups, and everything in-between.

Read More

Digital Shadows invited to 10 Downing Street

30 July 2014


Interest in London’s burgeoning tech industry is growing so rapidly that even David Cameron has taken notice; at Pitch10, an event at 10 Downing Street to be held on Thursday 31st July, ten of the most promising digital companies in Britain will pitch their businesses to an audience that includes Cameron himself.

Read More

Watch Dogs – it’s just a game... or is it?

27 May 2014


A new video game called Watch Dogs is offering an interesting take on real life digital shadows. Sounds like a pretty scary world – Watch Dogs’ website proclaims “You are not an individual. You are a data cluster.” But just how accurate is this idea in the world that we live in? At Digital Shadows we protect organisations from data loss and targeted cyber attack.

Read More