Fluctuation in the exploit kit market – temporary blip or long-term trend?
Exploit kit activity is waning. Collectively these malware distribution tools used to be a prominent method of infection.
All that twitterz is not gold: Why you need to rely on multiple sources of intelligence
Twitter has become an extremely valuable tool for security researchers; experts including Kevin Beaumont and PwnAllTheThings frequently post research findings on the site and following these feeds can be an...
Cybercrime finds a way, the limited impact of AlphaBay and Hansa’s demise
The law enforcement operations that took down the AlphaBay and Hansa marketplaces were meant to strike a sizable blow to the online trade of illegal goods and services.
Reading your texts for fun and profit – how criminals subvert SMS-based MFA
Read almost any cyber security related news and you will start to see why using a password alone isn’t the most secure way of preventing unauthorized access to your account.
What exactly is a threat model, and why organizations should care
Many organizations are exquisitely aware that they are the target of a wide-range of cyber-attacks: from targeted intrusions to mere vandalism.
Fraudsters Scoring Big – an Inside Look at the Carding Ecosystem
In season two of the Netflix series Narcos, Pablo Escobar points out that: “I’m not a rich person.
The Future of Marketplaces: Forecasting the Decentralized Model
Last week we wrote about the disappearance of AlphaBay dark web marketplace and assessed three potential scenarios to look out for next.
AlphaBay disappears: three scenarios to look for next
The AlphaBay dark web marketplace has been inaccessible since 05 Jul 2017. With no substantive explanation from the site’s owners, users have speculated that an either an exit scam (where...
Threat led penetration testing – the past, present and future
Threat led penetration testing is, in essence, using threat intelligence to emulate the tactics, techniques and procedures (TTPs) of an adversary against a real time mission critical system.
Petya-like wormable malware: The “Who” and the “Why”
Late on 27 June, the New York Times reported that a number of Ukrainian banks and Ukrenergo, the Ukrainian state power distributor, had been affected by unidentified malware which caused...
Keep your eyes on the prize: Attack vectors are important but don’t ignore attacker goals
Reporting on intrusions or attacks often dwells on the method that the attackers used to breach the defenses of a particular organization.
Threats from the Dark Web
Despite the hype associated with the dark web, maintaining visibility into it is an important component of a comprehensive digital risk management program.
WannaCry: An Analysis of Competing Hypotheses - Part II
Following the furore of last month’s WannaCry ransomware attacks, Digital Shadows produced an Analysis of Competing Hypotheses (ACH) table to make some initial assessments on the type of actor most...
7 Tips for Protecting Against Account Takeovers
In May 2017, an amalgamation of over 1 billion credentials was uploaded to the Have I Been Pwned database.
WannaCry: An Analysis of Competing Hypotheses
On 12 May 2017, as the WannaCry ransomware spread across computer networks across the world, a variety of explanations also began to worm their way through the information security community.
Digital Shadows' 6th Anniversary
It’s amazing to think that the idea James and I began working on from a kitchen table in London in May 2011 has now become the global cyber security company,...
5 Lessons from WannaCry: Preventing Attacks with Security Engineering
With the recent news storm concerning the "WannaCry" ransomware worm, a great deal of mitigation advice has been provided.
WannaCry: The Early 2000s Called, They Want Their Worms Back
Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen NHS organizations were impacted by the attack, and victims have...
Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords
Passwords have taken a beating over the past several years, and there seems to be little question among leading practitioners that the antiquated method of authentication needs a hefty remodel.
The 3 Pillars of Digital Risk Management: Part 3 - The Top 5 Main Risks of Reputational Damage
In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage, contributes to Digital Risk Management.
The Usual Suspects: Understanding the Nuances of Actors’ Motivations and Capabilities
When it comes to their adversaries, organizations can still fall into the trap of focusing on the ‘usual suspects’.
Liberté, égalité, securité: 4 threats to the French presidential election
French citizens will take to the polls on April 23rd to vote for a new president.
The 3 Pillars of Digital Risk Management: Part 2 - The 6 Main Areas That Contribute to Data Leakage Risks
In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage, contributes to Digital Risk Management.
The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats
Risk is a well-developed concept within cybersecurity. The National Institute of Standards and Technology (NIST) defines the field of risk management as: “The process of identifying risk, assessing risk, and...
All sources are not the same; why diversity is good for intelligence
As we all know, if you listen to just one side of the story, very often you don’t get the full picture.
Monitoring the mobile threat landscape
The UK’s National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) released a joint paper on the cyber threats to UK businesses on March 14th.
OpIsrael hacktivists targeted by unknown threat actor
Ideologically-motivated “hacktivist” actors can present a variety of threats to organizations from defacements, to denial of service attacks and sometimes even data compromise.
Turk Hack Team and the “Netherlands Operation”
Since mid-March, Turk Hack Team have been participating in a new campaign called “Netherlands Operation”, announced via their official Twitter feed.
Tax Fraud in 2017
The IRS recently released an alert that warned tax professionals and taxpayers to be wary of last minute email scams. With April 18 looming, how concerned should individuals and businesses...
Dutch Elections – Looking Back at Cyber Activity
Last week, I wrote about the potential threats to the Dutch national election. But what actually happened?
Five Reasons why Alex Seton VP of Business and Corporate Development, joined Digital Shadows
What a great feeling to find a company that cuts through today’s noisy and crowded security market to address an area that keeps many folks awake at night.
5 Risks Posed By Mobile Applications That SearchLight Helps You Manage
Organizations face a wide range of risks online, including cyber threats, data leakage and reputational damage.
Back to the red pencil – Cyber threats to the Dutch elections
Over the weekend, media reports surfaced about the fears of Russian interference in UK elections, with GCHQ reportedly warning political parties that hackers “steal and leak internal emails or publish...
Learning from the Top Threats Financial Services Faced in 2016
Organizations operating within the financial services industry represent an attractive target for threat actors. Our latest white paper, Threats to Financial Services: Taking Note from 2016, takes a look at...
New “Blaze” exploit kit claims to exploit recent Cisco WebEx vulnerability
A previously undetected exploit kit has been offered for sale on the clear web forum HackForums since February 8, 2017 with the name "Blaze Exploit Kit".
Step by step: The changing face of threat led penetration testing
Organizations are increasingly adopting the threat led approach to penetration testing. This approach essentially advances the boundaries of conventional penetration testing by seeking to adopt the tactics, techniques and procedures...
Sun to set on BEPS/Sundown exploit kit?
On February 13, 2017, the security researcher David Montenegro (@CryptoInsane) posted a series of tweets claiming that the source code for the BEPS exploit kit had been leaked online.
Four Things to Look Out for This Valentine’s Day
Consumers are increasingly moving to the Internet for their holiday purchases—and Valentine’s Day is no exception.
An unusually Swift(tay) malware delivery tactic
While doing some background research into recent reporting by Dr Web on a newly identified version of Mirai, we made an interesting discovery.
F3EAD: Find, Fix, Finish, Exploit, Analyze and Disseminate – the alternative intelligence cycle
The F3EAD cycle (Find, Fix Finish, Exploit, Analyze and Disseminate) is an alternative intelligence cycle commonly used within Western militaries within the context of operations that typically result in lethal...
How the frenzy unfolded: Analyzing various Mongo extortion campaigns
The MongoDB “ransom” pandemic, which has been in the spotlight for the best part of a month, still appears to be affecting MongoDB installations and various campaigns still appear to...
Making Cents of ATM Malware Campaigns – Comparing and Contrasting Operational Methodologies
Throughout 2016 some of the most notable reporting on criminal activity targeting the financial sector related to the use of ATM malware by a group of threat actors identified as...
Dial “M” for malware: Two-factor scamming
Adversaries are developing new ways of attacking you using old forms of communication. Make sure your communication of this issue is equally as effective.
Innovation in the underworld: reducing the risk of ripper fraud
Reputation is incredibly important for business. This also applies to cyber criminals who buy and sell goods and services in online marketplaces.
Known Unknowns: Key Events to Keep Your Eyes Out for in 2017
On Friday, millions will tune in to see Donald Trump inaugurated as the President of the United States.
Why I joined Digital Shadows - Paul Kenealy
Joining Digital Shadows was easy and it stood out head and shoulders above a crowded space.
Two ways to effectively tailor your intelligence products
In my previous blog, “Trump and Intelligence: 6 ways to deal with challenging intelligence consumers,” I focused on six ways to effectively communicate and tailor intelligence to uninformed and/or difficult...
All You Can Delete MongoDB Buffet
A number of extortion actors were detected accessing unauthenticated MongoDB installations and replacing their contents with a ransom note, usually containing an email and Bitcoin address and the usual "we...
10 Ways You Can Prepare for DDoS Attacks in 2017
At the end of last month, we published a paper that forecasted the DDoS landscape for 2017.
Trump and Intelligence: 6 ways to deal with challenging intelligence consumers
It is no secret the President Elect Trump is skeptical of the Intelligence Community (IC). He has openly questioned Russia/US election “hacking” on many occasions. This week he tweeted:
Coming to a Country Near You? The rapid development of the TrickBot trojan
Since the discovery of TrickBot in September 2016, its operators have continued to develop the malware to include the targeting of new locations and customers of new banks.
Mirai: a turning point for hacktivism?
A “digital nuclear attack”. A “zombie apocalypse”. “The end of history. “
Crowdsourced DDoS Extortion – A Worrying Development?
We all know about DDoS extortion – the process is straightforward. Contact the company, threaten to launch a crippling DDoS attack that will happen unless the company pays a ransom.
You should consider forecasts, not predictions
Well it’s that time of year again. Sorry, not the Lexus December to Remember Sales Event (don’t you just love those commercials), rather 2017 prediction season. Vendors and media alike take out their crystal...
The Top Three Most Popular Blogs of 2016
It’s been a great year for the Digital Shadows blog, we started it off winning the “Best New Security Blog or Podcast” at the Security Blogger Awards at RSA Conference.
A Model of Success: Anticipating Your Attackers’ Moves
In a previous blog, we discussed the role of planning in offensive operations and the power that effective planning affords an actor.
Ransomware-as-a-service: The Business Case
It can be tempting to dismiss cybercriminal activity as merely the workings of opportunistic actors looking to make a fast buck.
Windows shopping: 7 threats to look out for this holiday season
Thanksgiving, Black Friday, Cyber Monday, Christmas. There’s a lot of shopping to be done between now and the end of 2016.
Five tips for better email security
While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide simple tips that enable users to improve their online security.
Overexposed and under-prepared; the risks of oversharing online
I have a confession to make.
Top 5 Threats to the Media and Broadcasting Industry
For media and broadcasting organizations, the threat of having their websites forced offline is a significant one.
Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident
On November 6, 2016 multiple UK media outlets reported that the UK-based Tesco Bank had informed approximately 40,000 customers that fraudulent activity had been detected on their accounts between November...
Surveying the criminal market
It’s no secret your personal information and data is valuable to cybercriminals, but is there more of a market for certain types of data than others? During our research into...
Anonymous Poland - Not Your Typical Hacktivist Group
On October 29, 2016 a Twitter account associated with Anonymous Poland began to post tweets claiming to have compromised the network of the Bradley Foundation, a U.S. based charitable organization.
Resilience: Adapt or Fail
“But it ain’t how hard you hit; it’s about how hard you can get hit, and keep moving forward.”- Words made famous by a portrayal of resilience himself, Rocky Balboa.
Rocking the Vote? The effects of cyber activity on the U.S. Election
Contrary to some media reporting, our latest whitepaper finds that cyber activity during the 2016 U.S. presidential election does not appear to have demonstrably altered events in the short-term.
Don’t Break the Internet, Fix Your Smart Devices
The Distributed Denial of Service (DDoS) attack, which targeted DynDNS servers, and literally ‘broke the internet’ for several hours on October 21st, pushed an issue that has been plaguing security...
Targeting of elections; old news, fresh tactics
There has been no shortage of media coverage surrounding U.S. election and the associated nefarious cyber activity.
Squashing domain squatting
Digital Shadows was recently the victim of a domain squat attempt. As we eat our own dog food, we thankfully caught and remediated it quickly.
Balancing the Scales: The PRC's Shift to Symmetrical Engagement
Over the past few years we have observed the beginnings of a fundamental change in how People’s Republic of China (The PRC) engages with adversaries in the information warfare and...
Combatting online crime with “needle-rich haystacks”
At Digital Shadows our analyst team is responsible for providing both tactical situational awareness and broader, strategic awareness to our clients through incident reports, intelligence summaries and specific reports.
Digital Risk Monitoring Is A Service, Not a Distinct Capability
Digital Shadows was recently recognized as a leader in the Forrester Wave on Digital Risk Monitoring.
Do not invite them in: what “human error” can mean in practice
Although you may or may not be a fan of vampire movies, you certainly know that vampires should not be invited into your house.
Phishful Of Dollars: BEC Remains Top Of The Charts
Business email compromise (BEC) is not going away. Since we initially wrote about BEC back in April 2016, we have continued to report on threat actors using tried and trusted...
Swotting up on exploit kit infection vectors
Exploit kit users need to drive web traffic to their landing pages. Without traffic, they can’t exploit vulnerable web users and serve malicious software (the objective of an exploit kit...
Plumbing the Depths: the Telnet protocol
On October 1, 2016 Krebs on Security reported that the source code for the Internet of Things (IoT) botnet malware Mirai had been posted online and was freely available for download.
Five tips to make your passwords better
While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide simple tips that enable users to improve their online security.
Digital risk monitoring can negate ‘indicators of exhaustion’
When I first joined Digital Shadows in January, I wrote about the current state of threat intelligence and how “Indicators of Exhaustion” (IoEs) were overwhelming analysts – and performing denial...
The industrialized uses of breached data
In our first blog, we outlined a number of specific factors that can be used to determine a dataset’s desirability, from the perspective of a malicious cyber actor.
Beauty and the Breach: Leaked Credentials in Context
Our most recent research paper looks at credential compromise, finding more than 5 million leaked credentials online for the world’s biggest 1,000 organizations.
New report: 97 percent of the top 1,000 companies suffer from credential compromise
Data breaches and credential compromise are not new. After all, 2014 was known as the “year of the data breach”. Last year was similarly dubbed the “year of the breach”.
Three easy tips to staying safe online
While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide simple tips that enable users to improve their online security.
Forecasting the exploit kit landscape
We’ve previously written on the most popular vulnerabilities that exploit kits are using. But how might the exploit kit market develop over the next year?
Understanding Exploit Kits’ Most Popular Vulnerabilities
One significant aspect of mitigating the risk posed by exploit kits is keeping software up-to-date. However, for some organizations, knowing what to patch as a priority can be difficult.
Hacktivism, it’s not all DoSing around
Hacktivism isn’t all high levels of low impact activity. There were a number of hacktivist campaigns we detected in the last year that seemed to have had little to no...
Show me the context: The hacking proof of concept
A common feature at security conferences, especially those that demonstrate hacks, is the proof of concept. This typically involves a security researcher showing off an exploit against a vulnerable system.
The cyber defender and attacker imbalance – a disproportionate impact
You might be forgiven for thinking that high-impact cyber-attacks are always the work of well-funded nation states, organized criminal groups or even international terror organizations.
Hybrid cyber/physical criminal operations – where network intrusions meet the physical world
At some stage, almost every crime committed online has a physical element, often when the money obtained is used to purchase commodities.
Security Culture: You’re only as strong as your team
When you’re hurt you feel pain, you see a cut or bruise, and you know that something has happened to you within that very instant.
Bozkurt to Buhtrap: Cyber threats affecting financial institutions in 1H 2016
At the beginning of 2016, it was reported that two suspected members of the DD4BC, a DDoS extortion group, were arrested in Europe.
Four Things We’ve Learned From the Alleged Equation Group Code Leak
The wake of the deeply bizarre auction of toolkits alleged to be from the Equation Group by the self-proclaimed “Shadow Brokers” has fuelled a great deal of speculation on social...
False flags in cyber intrusions – why bother?
False flag operations have long existed in the physical world, a tactic used to make an operation appear to have been planned and executed by someone other than the real perpetrator.
“Air cover” – cybercriminal marketing and the media
For a new or relatively unknown cybercriminal actor looking to sell compromised data, attracting buyers can be a difficult task.
Forecasting OpOlympicHacking
We recently published a report on the eight cybersecurity considerations around Rio 2016. But what have we observed so far, and what do we expect to see in the short...
Overexposure – photos as the missing link
You have heard it all before – recycling passwords for multiple services can be catastrophic. One service being breached and your shared password recovered can lead to the compromise of...
Getting In Gear: Accounting for Tactical and Strategic Intelligence
We’ve written before about how we like to map our services to the intelligence cycle. Of course, the intelligence cycle has its challenges – you only need to look to...
The expansion of the cyber littoral zone and the importance of cyber situational awareness
In military terminology, the littoral zone refers to the area that a naval vessel can impose some kind of effect within, such as landing troops, dropping munitions or projecting electronic...
Thedarkoverlord – losing his patients?
In late June 2016, we observed a spate of attacks allegedly conducted by a vendor named “thedarkoverlord” on the dark web marketplace the Real Deal.
More Data Leaks as part of OpOlympicHacking
In our recent whitepaper, we demonstrated eight cybersecurity considerations around Rio 2016. The paper lays out hacktivism and cybercrime threats that organizations can expect to see throughout the competition.
Gambling with Security in Vegas: Not Your Best Bet
With BSides Las Vegas, Black Hat, and DEF CON around the corner, security is likely at the forefront of many minds in the industry.
Deer.io: Your One-Stop Shop for Cybercrime
Being a cyber criminal is becoming even easier as barriers to entry continue to be lowered.
5 Takeaways From The “Building A Strategic Threat Intelligence Program” Webinar
Last week, the great Mike Rothman (of Securosis fame) and I did a webinar titled: “Building a Strategic Threat Intelligence Program.” Mike is a great person to collaborate with; he...
Tracking the Field: Eight cybersecurity considerations around Rio 2016
Last week, we saw reports of individuals arrested on charges of terrorism ahead of the upcoming games in Rio.
PoodleCorp: in the business of kudos
PoodleCorp claimed to have successfully rendered the servers of the Android and iOS game Pokemon Go offline using several distributed denial of service attacks on 16 Jul 2016.
Towards a(nother) new model of attribution
Actor attribution is a common issue and activity within the world of cybersecurity. At its core, the actor attribution process involves identifying the individual behind a malicious cyber event.
5 Key Lessons From The FDIC’s Breach Disclosure Debacle
Last week, the United States House Science, Space and Technology Committee released the scathing results of the committee’s investigations into data breaches at the Federal Deposit Insurance Corporation (FDIC). The...
Open Source Intelligence versus Web Search: What's The Difference?
“I can get that from Google!” – is a common phrase that has been directed at me during my time as an open source intelligence professional.
Three Tactics Behind Cyber Extortion
As explained in a previous blog, extortion is not new – it’s now just been applied to the digital world in many different forms. In fact, as our extortion whitepaper...
The philosophical difference between the Old and New Schools of the cybercriminal underground
I would recommend that anyone interested in the serious study of criminal activity on the dark web should pick up a copy of James Martin’s Drugs on the Dark Net:...
Your money or your data: Keeping up-to-date with the innovation
DDoS extortion and ransomware attacks have featured heavily in the headlines recently. But the practice of obtaining money through threats is not new.
OPSEC versus branding – the cyber criminal’s dilemma
Like any business, cybercriminals offering criminal services need to develop and maintain a brand and reputation in order to attract customers.
Modern crimeware campaigns – two bytes of the cherry
To a Columbian drug lord, the most valuable commodity is probably cocaine. To many financially motivated cybercriminals, the most valuable commodity is probably data.
Recycling, bad for your environment!
The news is constantly flooded with yet another breach of a high profile vendor. Perhaps the biggest and most publicized recent breach is the exposure of the 2012 LinkedIn breach data.
10 ways to prepare for credential leak incidents
From LinkedIn to MySpace, threat actors like Peace of Mind and Tessa88 have been selling credentials in various criminal dark web locations. Most recently we have seen thedarkoverlord offer up...
Standoff in cyberspace
In physical security terminology, standoff is the term used to refer to the physical distance between a defender and a threat.
Inconsistencies in Intelligence Collection
Amid the rising talk of “intelligence” within the security industry, the concept of intelligence collection has gained traction.
Spidey-sense for the people
If you liked Marvel’s SpiderMan then you will recognize the special Spidey-sense skill that Peter Parker possessed.
Hacktivism: same old, same old?
Cyber activists, or hacktivists, have become a firmly fixed element of the threat landscape since groups like Anonymous, Lulzsec, and the Al Quassam Cyber fighters broke into the mainstream media...
Forecasting the implications for cybersecurity in Britain after Thursday’s referendum
On Thursday, the United Kingdom goes to the polls to vote on one of the most important and contentious referendums Britain has ever seen.
Shining a light on the dark web
The dark web receives more than its fair share of media coverage pertaining to cyber crime.
“Hidden” TeamViewer service advertised on criminal forum
Over the last few weeks, there have been a number of reports of attacks using the remote desktop control software TeamViewer, with many users’ machines being taken over to install...
Forecasting the threat posed by OpIcarus in October 2016
Last week, a third phase of OpIcarus was launched. Dubbed “Project Mayhem”, this new phase has the stated objective of targeting stock exchanges worldwide.
The Plan is Mightier than the Sword – Re(sources)
After having discussed the importance of planning and persistence in APTs, it is important to conclude by considering the significance of resources.
Are you at risk from business email compromise?
Business email compromises (BEC) are on the rise. When I was at Forrester Research, I typically didn’t go more than one month without consulting with organizations that had fallen prey...
Building an Intelligence Capability: Agility, Creativity and Diversity
The Internet is a big old place, full of disparate – and often contradictory – data in various languages, formats and structures.
The OPSEC Opportunity
Operations Security (OPSEC) has long been a key tactic used by commercial and military organizations to protect their privacy and anonymity.
Are you certain you know what risk means?
You’re the person in charge of safety on the Titanic. The designers have told you that this state-of-the-art ship is virtually unsinkable.
The Plan is Mightier than the Sword – Persistence
In the last blog post, I talked about the requirement for planning as part of an APT. Another requirement is the “P” of APT – persistence.
Data breaches targeting financial services: 2016 so far
It’s been a busy year for data breaches relating to financial services organizations – we’ve identified claims of breaches for 10 companies in this sector.
The Plan is Mightier than the Sword – Planning
Media reports of breaches against major corporations or government agencies typically follow a familiar narrative of "sophisticated" attackers deploying a dazzling array of "cyber weapons" against a hapless target.
OpIcarus – Increased Claims Against Financial Institutions
There’s no shortage of online hacktivist operations launched by actors who are seeking to readdress injustices, perceived or actual. Indeed, we have previously posted blogs on such OpIsrael and OpOlympicHacking.
Goliath ransomware, giant problem or giant con?
Ransomware can cause big problems for individuals and organizations, but what are the new types of malware that are being advertised on the dark web, are they genuine and what...
Digital Shadows – The Innovation Continues
This week, Digital Shadows will turn five years old. Over this time, our product and engineering teams have continually worked with our clients to help better understand the risks that...
Bozkurt Hackers continue to leak bank data
A threat actor calling itself “Bozkurt Hackers” posted links to data on Twitter allegedly obtained from a number of banks based in the United Arab Emirates, Bangladesh and Nepal.
ROBOANALYST: THE FUTURE OF THREAT INTELLIGENCE?
Artificial Intelligence (AI) is currently going through one of its regular hype bubbles. Another dawn of the super-intelligent machine is upon us.
Cyber situational awareness: It just makes cents
For organizations that are looking to secure their online presence, there is no shortage of products on offer.
Analyzing the 2016 Verizon Data Breach Investigations Report
Last week Verizon released the 2016 Data Breach Investigations Report. If you haven’t read it yet, I highly recommend that you do so; the Verizon DBIR should be on everyone’s...
Getting Strategic With Your Threat Intelligence Program
Tactical feeds have dominated the threat intelligence narrative for many years, but there is an emerging understanding that there must be more to threat intelligence than just open source and...
The Hacking Team breach – an attacker’s point of view
On 17 April 2016, two posts were added to Pastebin (one in Spanish, the other in English) detailing the alleged methods and tools used to access the internal network of...
Continuous monitoring: four considerations
When striving to understand threats outside of an organization’s boundary, continuous monitoring and real-time alerts are two features that are often talked about.
Antifragile Security: Bouncing Back Stronger
Strong, robust, stable, resilience – these are all words associated with a successful security posture. They’re comforting words that serve to gain the confidence of executives.
OpIsrael 2016 marked by increase in data compromise
In our last blog on OpIsrael, we assessed what we were likely to observe on April 7.
OpIsrael: An Update
Last month our intelligence team published a blog on the use of ABI in understanding OpIsrael 2016, which suggested that the level of talk was indicative of an active campaign...
Online credit card shops – a numbers game
You may have recently read headlines about an online shop that was selling millions of stolen credit cards.
Dark web: More than just a bastion of criminality
For many people, the term “dark web” refers to criminal activity on Internet. There are many definitions for what comprises the dark web.
It's time to put the diligence into your M&A due diligence
The headlines resulting from the Target/Fazio Mechanical Services and T-Mobile/Experian breaches have raised the awareness around third-party risks.
Cybersecurity for the nuclear industry – ‘in service modification’ or more systemic change required?
On the March 15, I was lucky enough to be invited to a round table event at Chatham House in London titled, Security by Design: Mitigating Cyber Security Risks in...
Cybercriminal Situational Awareness
The Internet has made keeping up-to-date with current affairs and finding relevant information so much easier. There's a problem though: cybercriminals are frequently using current affairs, calendar events, and global...
Uncertainties in the Language of Uncertainty – and why we need to talk about it
If you know much about Digital Shadows SearchLight, you would know that one of our strengths in the provision of cyber situational awareness is the human in the loop.
OpIsrael: Looking ahead to April 7 with ABI
At any one time, there is a host of hacktivist operations announced, discussed and in action.
Moar Sand!
Let’s face it, many organizations have their heads in the sand. In some cases this choice is a deliberate one; the temperature down there is cool and your face gets exfoliated.
Intelligence vs. Infosec: The 3-letter-guy to the rescue?
Whenever Royal Marines deploy on operations, they take with them their own intelligence analysts. These analysts are fully trained and experienced Marines, meaning they benefit from having been in the...
The ‘hacker’ talent shortage: What organizations can learn from the recruitment efforts of their attackers
The seventh annual (ISC)² Global Workforce Survey estimates that there will be a shortage of information security professionals by 2020.
Aviate, Navigate, Communicate
I’m an aviation enthusiast. Flying is exhilarating; it gives you a sense of freedom, provides breathtaking views and allows you see the world from a different perspective.
From cyber espionage to hacker marketing strategies: an overview of Digital Shadows talks at RSA Conference
It’s not long until this year’s RSA Conference, and Digital Shadows will be in full force, with some of us giving talks.
WHAT DO YOU MEAN IT WAS AN ACCIDENT?
We always want to find someone or something to pin the blame on when a serious data breach occurs. But is it really that simple?
Using news reports as a source of intelligence
It’s often tempting to overplay the importance of exploring dark and deep web sources in providing intelligence value.
OpOlympicHacking: A hurdle for Rio’s sponsors to vault
This month Anonymous Brazil and an affiliate group, known as ASOR Hack Team, announced the launch of the hacktivist operation, OpOlympicHacking.
Why go through the trouble to tumble?
Today you can purchase a pizza in Berlin and pay for it from a digital wallet located on a computer in Prague.
Cyber situational awareness and the kill chain
The concept of the cyber kill chain, in some form or another, has been around for ages. Some love it, and some hate it.
Another SANS Cyber Threat Intelligence Summit is in the books
Last Thursday we wrapped up the 4th annual SANS Cyber Threat Intelligence (CTI) Summit. I have presented at all four of the summits and I’ve have been fortunate enough to...
Waiter, there’s a hole in my intelligence collection!
We’re all swimming in data. There’s data everywhere. From packet captures to reputation feeds, it feels like there is a fire hydrant of data flooding analysts.
Relevance: The missing ingredient of cyber threat intelligence
Today we’ve announced the closing of our Series B investment round, led by Trinity Ventures. This $14 million will give us the support to grow our team, further invest in...
Surviving the threats posed by PoS malware
These days, you can’t go into a store or mall without being asked to use a point of sale (PoS) system during checkout, versus an antiquated cash register.
“Largest cyber attack” on Israel lacks power
On 26 January, Yuval Steinitz, the Israeli Minister of Infrastructure, Energy and Water Resources, announced to the 2016 CyberTech Conference in Tel Aviv that the Israeli Electric Corporation was dealing...
Why I joined Digital Shadows
Departing Forrester Research wasn’t an easy decision; it was a great job. I was able to help guide the security strategies of some of the world’s largest and most complex...
Prêt-à-Porter Shadows
The early part of any year is a time of reflection on the new devices we were gifted by others (or ourselves) during the holidays.
Digital Shadows honored as Bloomberg Business Top Innovator
We're pleased to announce that Bloomberg Business has named Digital Shadows as one of the top breakthrough and disruptive businesses in the UK – in the category of “changing the...
Escalation in OpKillingBay
There has been a noticeable recent increase in activity surrounding the OpKillingBay operations - a hacktivist campaign attributed to the Anonymous collective that has been active since 2013.
Criminal services – Bulletproof hosting
Cybercrime can be a lucrative business if you do it well. But how do criminals ensure the success of their schemes without interference from law enforcement or industry-led interventions, such...
Digital Shadows Welcomes Rick Holland as Vice President of Strategy
Last year was an exciting time for Digital Shadows; we opened our new co-headquarters in San Francisco, achieved over 400% growth in revenue, and more than doubled the size of...
The Strategic Corporal and Information Security
For those unfamiliar with the term “strategic corporal”, it sprung out of the conflicts in Afghanistan and Iraq.
DD4BC Arrests: What Now for Extortion?
Earlier this week, Europol published a press release stating that an individual suspected of being a “key member” of the extortionist group DD4BC had been arrested, and that a further...
A Complex Threat Landscape
Achieving a better understanding of the threat landscape is key for organizations; the better they know their enemies, the better they can align their security postures. But it is hard.
RATs: Invasion of Your Privacy
When most people hear the word “RAT” they envision a large rodent that dines in dumpsters while seeking solace in sewers.
Digital Currency and Getting Paid In The Underground
It’s been said that money makes the world go round. People expect to be paid for their time, goods, and services, and cyber criminals are no different.
Lots to learn? Academia and intelligence
With the ongoing emergence of CTI you could be forgiven for thinking that the discipline of intelligence was new.
Criminal Services – Crypting
In the world of cybercrime, malicious software (malware) plays an important role. But if you’re a cybercriminal, how do you keep your malware from being detected?
‘Hacker Buba’: Failed extortion, what next?
An actor identifying itself as "Hacker Buba" recently claimed to have breached Invest Bank and posted purported customer and client information on Twitter as part of an attempt to extort...
Communicating Intelligence: The Challenge of Consumption
In my previous blog in this series I discussed the challenge of effectively communicating intelligence, and provided examples of how we inform our clients of individual incidents.
Communicating Intelligence: Getting the message out
In my previous blog I discussed some of the challenges associated with communicating intelligence. In this follow up piece, I’ll explain some of the methods we use here at Digital...
TalkTalk information likely to be discoverable on the dark web
Last month, TalkTalk disclosed that they been the victim of a cyber attack on its website.
Communicating Intelligence: A battle of three sides
Good intelligence depends in large measure on clear, concise writing.
Criminal Services – Counter Antivirus Services
Infosecurity Magazine recently reported that two individuals have been arrested in the UK on suspicion of running a website that facilitates the development of malware.
Activity Based Intelligence – Activating your interest?
Some threat actors love to make noise. Be it a tweet, a forum post, or a chat room message, communicating in the open often takes place.
Crackas With Attitude: What We've Learned
One of the most active actors of the past several months has been a hacktivist group who identify themselves as ‘Crackas With Attitude’ (CWA).
From CTI to Cyber Situational Awareness: What you should know
With more attackers trailing the digital shadows of organizations, traditional defenses have proven to be insufficient and organizations are looking at new ways of protecting themselves.
The Way of Hacking
In the Japanese martial art of Aikido it is said that "Kurai Dori" is the ability of a skilled practitioner, or "aikidoka", to control the consciousness of an opponent.
Emerging Markets: Online Extortion Matures via DDoS Attacks
Unlike scenes from books or movies where shadowy figures hold manila envelopes containing information or photographs pertaining to an unsuspecting victim, few of us in the real world have to...
Crackas With Attitude strike again?
Last week, the New York Post reported that hackers had compromised the personal email address of CIA Director, John Brennan.
TalkTalk: Avoiding the hype
There has been no shortage of media coverage on the recent TalkTalk cyber attack. The full implications of the attack are not yet known, but reports suggest it could affect...
Smilex: Dangers of Poor OpSec
On 13 Oct 2015, it was revealed in an indictment on the US department of Justice website that Dridex (AKA Bugat and Cridex) activity had been disrupted and charges filed...
CATER, For Your Threat Intelligence Needs
Our white paper, Cyber Threat Intelligence: A Buyer’s Guide, provides an overview of current CTI approaches and the types of offerings available.
Online carding
There is no shortage of credit card information being sold online. In the past six months alone, our spider (which covers I2P and ToR Darknet overlay networks as well as surface web carding sites) detected thousands of instances of sites offering credit...
Cyber Situational Awareness: Gain an Attacker’s Eye View
Our latest white paper defines a different perspective on security – cyber situational awareness.
Greater capabilities equal greater cyber situational awareness
In a recent Techworld article, one of our clients said that Digital Shadows SearchLight™ “…gives me “visibility into a world that is outside of my control.” This is the very...
How the Internet of Things (IoT) is Expanding Your Digital Shadow
The Internet of Things (IoT) is a development that is the direct result of objects, technology, people that have been provided with unique identifiers, which possess the ability to transfer...
Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses
One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).
Raising the Stakes - U.S. retaliation for Chinese cyber espionage has the potential for escalation
Following the Jun 2015 announcement that the U.S. Office of Personnel Management (OPM) had been breached and the personal data of millions of current and former federal employees compromised, a...
The Intelligence cycle – what is it good for?
It seems that the concept of ‘intelligence’ is a problem. The definition isn’t agreed, and the industry is peppered with vendors and organisations applying a range or meanings and interpretations.
OPSEC and Trust in an Underground Cybercriminal Forum
There are perhaps tens of thousands of forums and sites in the visible and dark webs dedicated to criminal activity.
Exciting times, exciting team at Digital Shadows
Yesterday we announced that Stuart McClure, founder and CEO of Cylance, Inc, is joining our Board of Directors. The entire company is excited about his joining us, and James Chappell and I are especially looking forward to working with him as we further grow the company. While we are excited, Stuart’s joining our board is not the only great team news we have at Digital Shadows. Over the last few months we’ve grown our executive leadership team to map to our business goals, and I want to introduce them.
Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses
One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).
Exploiting is my business...and business is good
In 2015 we are seeing new trends emerge with respect to Exploit Kits in the wild. These trends are particularly interesting in that they suggest that the frequency of 0-day exploits made available in these kits is growing while the time to integrate said 0-days from the time of discovery to inclusion in the kits is shrinking rapidly.
Online Extortion - Old Ways, New Tricks
Extortion is nothing new for organised crime. For centuries, gangs have been operating protection rackets and kidnappings to successfully extract ransom money from their victims. And as with many things in modern life, these old techniques have been successfully brought over to the cyber realm.
What’s In a Name? The Mystery Surrounding the Identity of the Actors Responsible for the Saudi Arabia Breaches
Recently we wrote about the initial breach of the Ministry of Foreign Affairs of the Kingdom of Saudi Arabia (KSA). We felt like this was noteworthy for several reasons: 1. ...
Kaspersky Labs Discloses Duqu 2.0 Attack
Today social media channels the world over are a buzz with news of Kaspersky Labs disclosure of the discovery of Duqu 2.0. This news was significant for many reasons especially...
Digital Shadows integrates with Maltego through partnership with Malformity Labs
The need for organizations to focus on their risk exposure is growing daily, and their ability to establish a clear picture of their environments is key to mitigating risk.
Emerging Markets & Services: Ransomware-as-a-Service
A look at emerging markets and services, specifically at ransomeware-as-a-service.
The Adult Friend Finder Breach: A Recap
Last week, news quickly spread about a security breach that impacted the casual dating website Adult Friend Finder. Will Gragido. Head of Threat Intelligence for Digital Shadows in the USA, shares his findings.
The Dangers of Groupthink: Part 2
This post moves on to the second cause of groupthink and tries to understand how organizational structural faults may result in manifestations of groupthink.
The Dangers of Groupthink
Over the next few blog posts we’ll be looking at various types of cognitive bias and suggest ways of dealing with them.
Analytical Tradecraft at Digital Shadows
This week my colleague and I attended the SANS Cyber Threat Intelligence conference in Washington DC. It was great to hear more from analysts and CTI users from across the community, as well as mingle with the plethora of vendors who were present. This blog explores some of the themes which arose from discussions on analytical tradecraft.
Remote working at Digital Shadows
Here at Digital Shadows we’ve worked hard to assemble the most dedicated and talented development team possible and that has resulted in our team being concentrated here in London, but including members both further afield in the UK and internationally. This means that we’ve had to learn how to work with a distributed team and this post will cover our experiences and some of the utilities we’re making use of to work as efficiently as possible.
Digital Shadows joins roundtable at 10 Downing Street
Alastair Paterson, CEO of Digital Shadows, recently visited 10 Downing Street to participate in a roundtable on cyber security. The session brought together leaders from industry, academia and government and sought to address the challenges surrounding cyber security policy.
Working in multilingual sources
This post will be about some of the challenges you are likely to face trying to handle data in different languages and how to deal with them. Most of our code is in Java so the examples here will all be written in Java
Source Evaluation
To organisations, threat intelligence is about understanding the threat landscape – the various actors and campaigns which conduct cyber attacks – so that when they are specifically targeted it can be detected, mitigation put in place, and the risk to their business reduced. Robust source evaluation minimises the chance of crying wolf, or warning of the wrong threat entirely.
Even the hackers are targeted by phishers
We noticed a Tweet from one of the groups we are tracking which claimed that the popular football game FIFA was “offline”. Given the unspecific nature of the Tweet and the lack of any evidence suggesting that the online services of the game had been affected by any kind of cyber attack, we assessed that it was likely a false claim.
The Intelligence Trinity
For several years now there has been considerable hype and hubris around the term ‘intelligence’ within the cyber security industry. It feels as if the term has been diluted as its usage has extended to include vendors dealing in a range of issues from bad IPs and Indicators of Compromise, to tip-offs that hacktivist groups are targeting particular sectors and the activities of APT groups, and everything in-between.
Digital Shadows invited to 10 Downing Street
Interest in London’s burgeoning tech industry is growing so rapidly that even David Cameron has taken notice; at Pitch10, an event at 10 Downing Street to be held on Thursday 31st July, ten of the most promising digital companies in Britain will pitch their businesses to an audience that includes Cameron himself.
Watch Dogs – it’s just a game... or is it?
A new video game called Watch Dogs is offering an interesting take on real life digital shadows. Sounds like a pretty scary world – Watch Dogs’ website proclaims “You are not an individual. You are a data cluster.” But just how accurate is this idea in the world that we live in? At Digital Shadows we protect organisations from data loss and targeted cyber attack.
