Blog & Resources

The latest advice, opinion and research from our dedicated intelligence analyst team.

What is DevSecOps and Why Do We Need It?

August 12, 2020 | 4 Min Read

DevSecOps, SecDevOps, and any variation of those words are massively trending topics in tech companies today. People love to talk about it, but what is it?  Start with the word...

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

With the Empire falling, who will take over the throne?

With the Empire falling, who will take over the throne?

September 16, 2020 | 10 Min Read

With the Empire falling, who will take over the throne? Empire Market’s exit scam has dealt a significant blow to...
Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS keys leaked by a developer on GitHub. While this can cause damaging...
Recruitment fraud: Don’t spook your dream candidates this halloween

Recruitment fraud: Don’t spook your dream candidates this halloween

September 10, 2020 | 4 Min Read

Everyone wants their dream job. Some people get it, others think they’ve found it online… the job post looks appealing:...
Not another ransomware blog: Initial access brokers and their role

Not another ransomware blog: Initial access brokers and their role

September 9, 2020 | 5 Min Read

It’s hard to get very far in cyber threat intelligence without discussing ransomware. Actually, it’s almost impossible. Keeping with the...
Cyber espionage: How to not get spooked by nation-state actors

Cyber espionage: How to not get spooked by nation-state actors

September 8, 2020 | 8 Min Read

In all the years I’ve worked in the cybersecurity field (nine if anyone’s counting), I haven’t seen as much reporting...
ShadowTalk Update – New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer Kitten updates

ShadowTalk Update – New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer Kitten updates

September 7, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: New Zealand Stock Exchange faces DDoS, Tesla avoids cyberattack, and Pioneer...
Revisiting Typosquatting and the 2020 US Presidential Election

Revisiting Typosquatting and the 2020 US Presidential Election

September 2, 2020 | 11 Min Read

In October 2019, Digital Shadows’ Photon Research Team embarked on an adventure involving election typosquats that could potentially affect the...
What is DevSecOps and Why Do We Need It?

What is DevSecOps and Why Do We Need It?

August 12, 2020 | 4 Min Read

DevSecOps, SecDevOps, and any variation of those words are massively trending topics in tech companies today. People love to talk...
Dread takes on the spammers – who will come out on top?

Dread takes on the spammers – who will come out on top?

August 28, 2020 | 9 Min Read

Spamming is an irritating and sometimes damaging issue that affects all of us, whether it’s constant emails about dubious products...
Fall of the behemoth: Cybercriminal underground rocked by Empire’s apparent exit scam

Fall of the behemoth: Cybercriminal underground rocked by Empire’s apparent exit scam

August 27, 2020 | 10 Min Read

Summer is generally a relatively quiet time in the cybercriminal underground. It seems that, just like the rest of us,...
“ALEXA, WHO IS THE NUMBER ONE CYBERCRIMINAL FORUM TO RULE THEM ALL?”

“ALEXA, WHO IS THE NUMBER ONE CYBERCRIMINAL FORUM TO RULE THEM ALL?”

August 26, 2020 | 12 Min Read

In June 2020, the administrator of the English-language cybercriminal carding forum Altenen announced a “big victory” for the site in...
RECAP: Discussing the evolution and trends of cybercrime with Geoff White

RECAP: Discussing the evolution and trends of cybercrime with Geoff White

August 25, 2020 | 8 Min Read

In late July 2020, Digital Shadows had the fantastic opportunity to speak with Geoff White on ShadowTalk, Digital Shadows’ threat...
Validate Exposed Credentials with Okta to Save Even More Time

Validate Exposed Credentials with Okta to Save Even More Time

August 24, 2020 | 3 Min Read

SearchLight customers can now automatically validate credential alerts via an integration with Okta, drastically reducing the time required to triage. ...
ShadowTalk Update – Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121

ShadowTalk Update – Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity plus Bureau 121

August 24, 2020 | 3 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: Emotet Gets a Vaccine, NSA Drovorub Advisory, and North Korean Activity...
Dark Web Forums – The new kid on the block

Dark Web Forums – The new kid on the block

August 18, 2020 | 12 Min Read

Introducing DWF There’s a new kid on the block, and their name is Dark Web Forums (DWF). Have they come...
Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

August 17, 2020 | 10 Min Read

Optiv recently released their 2020 Cyber Threat Intelligence Estimate report, which gives organizations a detailed view into the current cyber...
ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

August 17, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source...
It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing domain or an impersonation of the brand, security teams want to take down content...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the Russian-language cybercriminal scene was rocked by the news of an arbitration case involving...
ShadowTalk Update – CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions

ShadowTalk Update – CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU issues first cyber sanctions

August 10, 2020 | 2 Min Read

Listen below 👇👇 ShadowTalk Threat Intelligence Podcast · Weekly: CWT pays ransom, data leaked for 900+ Pulse Secure Servers, EU...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest research from our Photon Research team explores the increasing phenomenon of...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard time learning new tricks, yet researchers have claimed that because...
BitBazaar Market and The Rise of Neptune Market: The End of the Saga spells hope for another

BitBazaar Market and The Rise of Neptune Market: The End of the Saga spells hope for another

August 3, 2020 | 8 Min Read

Those running dark web marketplaces will do almost anything to achieve their desire to make a lot of money or...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk hosts Alex, Kacey, Charles, Alec and Rick. During this episode they cover:...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

However, the level of engagement on Patriarh’s formerly-active threads has dropped significantly since we last shone our spotlight on them....
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion credentials across the open, deep, and dark web. In our recent research piece,...
ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

ShadowTalk Update – Trickbot trojan mishaps, Emotet resurgence, Twitter takeovers, and APT group updates

July 27, 2020 | 2 Min Read

This week’s ShadowTalk hosts Adam, Demi, Stefano and Kim discuss the latest threat intelligence stories. In this episode they cover: ...
Ransomware Trends in Q2: How Threat Intelligence Helps

Ransomware Trends in Q2: How Threat Intelligence Helps

July 22, 2020 | 8 Min Read

If you’re anything like me, it can be a struggle to keep up with the latest ransomware news. Last quarter,...
Jira Atlassian SearchLight   Integration

Jira Atlassian SearchLight   Integration

July 21, 2020 | 2 Min Read

On average, it’s estimated that security teams deploy around 47 cybersecurity solutions and technologies.  That’s more solutions than hours in...
The Rise of OpenBullet: A Deep Dive in the Attacker’s ATO toolkit

The Rise of OpenBullet: A Deep Dive in the Attacker’s ATO toolkit

July 20, 2020 | 9 Min Read

Account takeover (ATO) has become a serious issue for many organizations. Digital Shadows has identified over 15 billion credentials circulating...
Abracadabra! – CryptBB demystifying the illusion of the private forum

Abracadabra! – CryptBB demystifying the illusion of the private forum

July 15, 2020 | 8 Min Read

You wouldn’t usually associate cybercriminal forums with the mysterious “Magic Circle,” (for non-Brits less familiar with the subject, the Magic...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat intelligence and digital risk protection, monitoring for exposed credentials is always one...
Tax Fraud in 2020: Down But Not Out

Tax Fraud in 2020: Down But Not Out

July 13, 2020 | 4 Min Read

After a three month extension, tomorrow marks tax deadline day for the United States. While it may seem that tax...
ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

ShadowTalk Update – PAN-OS Vulnerability, Lazarus Group, BEC scammer “Hushpuppi”, and New Photon ATO Research

July 13, 2020 | 2 Min Read

This week, Digital Shadows team Viktoria, Demelza, Adam and Stefano cover:  PAN-OS Vulnerability (CVE-2020-2021): Impact & Mitigation Magecart Developments: Lazarus...
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t resist We rely on passwords to safeguard those precious accounts that allow us to conduct...
Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the quarter where management demands a nice glossy report with the...
Multiple vs. Exclusive Sales on the Dark Web: What’s in a sale?

Multiple vs. Exclusive Sales on the Dark Web: What’s in a sale?

June 29, 2020 | 9 Min Read

When going out on a shopping spree, you would naturally have different expectations of price, accessibility, quality, and exclusivity of...
ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

ShadowTalk Update – Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO Rick

June 29, 2020 | 2 Min Read

Alex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they...
Introducing Nulledflix – Nulled forum’s own streaming service

Introducing Nulledflix – Nulled forum’s own streaming service

June 23, 2020 | 8 Min Read

Lockdowns implemented during the COVID-19 (aka coronavirus) pandemic have forced people around the world to spend a large part of...
Torigon Forum: A sad case of all show and no go

Torigon Forum: A sad case of all show and no go

June 23, 2020 | 11 Min Read

When we review the ideal template for a successful cybercriminal forum, we are on the lookout for several key factors:...
Modern Software Development and DevSecOps: Despite security controls, data leaks persist

Modern Software Development and DevSecOps: Despite security controls, data leaks persist

June 22, 2020 | 15 Min Read

Quick Synopsis No matter how many software developers you employ, development processes or cultures (such as DevOps or DevSecOps) that...
ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

ShadowTalk Update – Lookback Operators Deploy New Malware Against US Utilities Sector And Honda Cyber Attack

June 22, 2020 | 2 Min Read

Demelza, Viktoria, Adam, and Stefano host this week’s ShadowTalk to bring you the latest threat intelligence stories from the week....
Ensuring order in the underground: Recruiting moderators on cybercriminal forums

Ensuring order in the underground: Recruiting moderators on cybercriminal forums

June 18, 2020 | 10 Min Read

While there have been many predictable consequences of the ongoing global COVID-19 (aka coronavirus) pandemic, few would have foreseen significant...
Reducing technical leakage: Detecting software exposure from the outside-in

Reducing technical leakage: Detecting software exposure from the outside-in

June 16, 2020 | 6 Min Read

Modern Development Practices Leads to Increased Exposure As customers, we can be a bit demanding when it comes to technology...
ShadowTalk Update – Maze Ransomware Alliance, EndGame DDoS Protection Tool, And Ransomware Disguises

ShadowTalk Update – Maze Ransomware Alliance, EndGame DDoS Protection Tool, And Ransomware Disguises

June 15, 2020 | 2 Min Read

Alex is joined by Kacey and Charles this week to chat through the top threat intel stories of the week....
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

1. TI Analyst Augmentation. Very few organizations have access to vast resources that will enable them to build out a...
CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

June 9, 2020 | 7 Min Read

A couple of weeks ago, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation...
New DDoS protection tool advertised on the dark web

New DDoS protection tool advertised on the dark web

June 9, 2020 | 7 Min Read

This blog examines a newly launched DDoS protection filter mechanism dubbed EndGame advertised last week on the dark web community...
SHADOWTALK UPDATE –  HACKTIVIST CHOOSES DESTRUCTION OVER PROFIT W/ RANSOMWARE AND COLLECTION 1 HACKER IDENTIFIED

SHADOWTALK UPDATE – HACKTIVIST CHOOSES DESTRUCTION OVER PROFIT W/ RANSOMWARE AND COLLECTION 1 HACKER IDENTIFIED

June 1, 2020 | 2 Min Read

Pietro, Viktoria, Adam, and Demelza cover this week’s top threat intelligence stories, including a Hacktivist group choosing destruction over profit...
Dark Web Digest: Exploring the risk impact of dark web findings, the evolution of forums, and observed trends

Dark Web Digest: Exploring the risk impact of dark web findings, the evolution of forums, and observed trends

May 29, 2020 | 12 Min Read

This week, Digital Shadows hosted a webinar covering dark web trends that we have recently observed, the risk impact associated...
3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this already been the longest decade ever? Cyber-threat actors are...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was pushed back as a result of COVID19, but thankfully the 2020 Verizon Data...
SHADOWTALK UPDATE – WANNACRY ANNIVERSARY, WORDPRESS PLUGIN VULNERABILITY, AND WELEAKDATA COMPROMISED

SHADOWTALK UPDATE – WANNACRY ANNIVERSARY, WORDPRESS PLUGIN VULNERABILITY, AND WELEAKDATA COMPROMISED

May 18, 2020 | 2 Min Read

The team starts this week’s episode with a retrospective look at WannaCry, discussing some core lessons learned from this ransomware...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant global events, including military and geopolitical tensions and the onset of the COVID-19...
BitBazaar Market: Deception and Manipulation on the Dark Web

BitBazaar Market: Deception and Manipulation on the Dark Web

May 12, 2020 | 8 Min Read

It’s a BitBazaar that they thought they could deceive us!: A Soap opera featuring dark web forums and marketplaces “When...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair E Paterson3 M.Eng With over 215,000 dead globally and with close to 26...
ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

ShadowTalk Update – Competitions On English Forums, Purple Teaming, & Hacker Bribes ‘Roblox’ Insider

May 11, 2020 | 2 Min Read

This week Alex chats with Kacey, Charles, and Rick around competitions we’ve been seeing on English-language cybercriminal forums and how...
Threat Intelligence Feeds: Why Context is Key

Threat Intelligence Feeds: Why Context is Key

May 7, 2020 | 10 Min Read

Key Takeaways: Choosing which threat intelligence feeds to rely on can be a daunting task: Different feeds provide varying levels...
Competitions on English-language cybercriminal forums: A stagnant competition model?

Competitions on English-language cybercriminal forums: A stagnant competition model?

May 5, 2020 | 9 Min Read

Russian-language cybercriminal forums aren’t the only ones to host competitions.  In January 2020, we published a blog about competitions on...
ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

May 1, 2020 | 3 Min Read

Jamie, Adam, and Demelza join Viktoria for this week’s threat intelligence updates. Top stories this week include:– Vulnerability allowed hijacking...
Charitable Endeavors on Cybercriminal Forums

Charitable Endeavors on Cybercriminal Forums

April 28, 2020 | 12 Min Read

One heart-warming aspect of modern society is the increased prevalence of charitable endeavors during times of crisis. Philanthropy has loomed...
ShadowTalk Update – Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment

ShadowTalk Update – Maze Ransomware Infiltrates Cognizant, Czech NCISA Warning, And Third Party Risk Assessment

April 27, 2020 | 3 Min Read

Alex, Kacey, Charles, and Harrison host this week’s ShadowTalk for threat intel updates including Maze ransomware updates, a warning of...
Nulled: The modern cybercriminal forum to go mobile….?

Nulled: The modern cybercriminal forum to go mobile….?

April 22, 2020 | 9 Min Read

What’s more threatening than the thought of a cybercriminal sitting at their laptop and carefully manipulating their way into your...
What ‘The Wire’ can teach us about cybersecurity

What ‘The Wire’ can teach us about cybersecurity

April 21, 2020 | 12 Min Read

In the current era of self-isolation, remote work, and constant tweets offering epidemiological hot takes, now is the perfect time...
ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us from London, Demelza! She joins Viktoria and Jamie for our threat...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing about the video conferencing app Zoom more than ever before. With so...
Top Priorities for 3rd party risk assessments

Top Priorities for 3rd party risk assessments

April 16, 2020 | 6 Min Read

If you’re like me, you’re probably tired of hearing about Zoom in the news. Whether it’s for the recent exploits...
COVID-19, Remote Working, and The Future of Cyber Security

COVID-19, Remote Working, and The Future of Cyber Security

April 15, 2020 | 6 Min Read

The unprecedented global lockdown in the face of COVID-19 has forced companies worldwide to activate emergency business continuity plans, having...
ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

April 13, 2020 | 3 Min Read

Coming to you from Dallas this week – we have Kacey, Harrison, Alex, and Charles. This week the team talks...
How to minimize cybersecurity breaches in 2020

How to minimize cybersecurity breaches in 2020

April 8, 2020 | 9 Min Read

Seriously, don’t click back or close – I promise it’s not another one of those “buy all the newest stuff...
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue critical details of COVID-19, it is imperative to consider the opportunistic behavior of...
ShadowTalk Update – Zoom Zero-Day Vulnerabilities and Fin7 Delivering Malware Via Snail Mail

ShadowTalk Update – Zoom Zero-Day Vulnerabilities and Fin7 Delivering Malware Via Snail Mail

April 6, 2020 | 2 Min Read

Hey all you cool cats and kittens! We’ve got a brand-new threat intel episode for you coming from our virtual podcast studio with Adam, Jamie, and...
Recon: Dark web reconnaissance made to look easy

Recon: Dark web reconnaissance made to look easy

April 3, 2020 | 4 Min Read

Just as the rest of us enjoy the ease of obtaining all sorts of products provided by the countless e-commerce...
Coronavirus as a double-edged sword for cybercriminals: Desperation or opportunity?

Coronavirus as a double-edged sword for cybercriminals: Desperation or opportunity?

April 2, 2020 | 9 Min Read

The ongoing COVID-19 (aka coronavirus) pandemic is having a highly detrimental effect on most businesses and organizations, yet companies linked...
The Digital Risk Underdog: Remediation

The Digital Risk Underdog: Remediation

April 1, 2020 | 4 Min Read

When it comes to evaluating threat intelligence and digital risk solutions, collection has been at the fore of the narrative...
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent during the COVID-19 (Coronavirus) pandemic, many organizations are moving to a virtual workplace. Organizations...
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some Coronavirus threat intel updates including a Threat Model of the Remote Worker and...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation, Digital Shadows highlighted some...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but sometimes nebulous term that is frequently thrown around within the cyber-security arena. The...
Kapusta.World: The fiendish cabbage exemplifying cybercriminal marketing in the modern era

Kapusta.World: The fiendish cabbage exemplifying cybercriminal marketing in the modern era

March 24, 2020 | 8 Min Read

  Over the last few months, the Russian-language cybercriminal landscape has been invaded by cabbages. Or, specifically, one rather friendly-looking...
ShadowTalk Update – Slack Vulnerability, Apollon Dark Web Exit Scam, And Online Brand Protection

ShadowTalk Update – Slack Vulnerability, Apollon Dark Web Exit Scam, And Online Brand Protection

March 23, 2020 | 3 Min Read

We’ve got Adam and Jamie joining Viktoria remotely for this week’s ShadowTalk! The London crew chats through the Slack vulnerability...
COVID-19: Dark Web Reactions

COVID-19: Dark Web Reactions

March 19, 2020 | 5 Min Read

  Digital Shadows has been researching the cybercriminal response to the COVID-19 outbreak sweeping across the globe. We’ve been monitoring...
The Complete Guide to Online Brand Protection

The Complete Guide to Online Brand Protection

March 18, 2020 | 17 Min Read

  I’m not one for cheesy belief statements, but one of Warren Buffet’s, “It takes years to build a reputation...
Apollon Dark Web Marketplace: Exit Scams and DDoS Campaigns

Apollon Dark Web Marketplace: Exit Scams and DDoS Campaigns

March 17, 2020 | 8 Min Read

  Imagine logging on to your favorite e-commerce site, finding your favorite author’s newest book for sale, making the purchase,...
ShadowTalk Update – Necurs Botnet, SMB Vulnerability, Coronavirus Scams, And Dark Web Updates

ShadowTalk Update – Necurs Botnet, SMB Vulnerability, Coronavirus Scams, And Dark Web Updates

March 16, 2020 | 2 Min Read

  Dallas is packing up the podcast… don’t fret. The team is just moving offices. RIP (rest in podcast). The...
How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation

How cybercriminals are taking advantage of COVID-19: Scams, fraud, and misinformation

March 12, 2020 | 9 Min Read

In the wake of large-scale global events, cybercriminals are among the first to attempt to sow discord, spread disinformation, and...
Love Where You Work – Near and Far We Celebrate Our Team

Love Where You Work – Near and Far We Celebrate Our Team

March 12, 2020 | 6 Min Read

#LoveWhereYouWork Entering into 2020 felt a bit like a meteor hitting Earth for me (and I think a lot of...
How One Cybercriminal Forum is Helping to Address Suicide Awareness

How One Cybercriminal Forum is Helping to Address Suicide Awareness

March 10, 2020 | 4 Min Read

  The world can be a stressful place regardless of circumstance. Yet we do not normally associate mental health awareness...
ShadowTalk Update – Banking Trojan Steals Google Authenticator Codes, Ransomware Attacks Epiq, And Tesco Clubcard Fraud

ShadowTalk Update – Banking Trojan Steals Google Authenticator Codes, Ransomware Attacks Epiq, And Tesco Clubcard Fraud

March 9, 2020 | 2 Min Read

Lots of threat intelligence news updates in this week’s ShadowTalk episode with Jamie Collier, Adam Cook, and Viktoria Austin. Top...
Dark Web Search Engine Kilos: Tipping the Scales in Favor of Cybercrime

Dark Web Search Engine Kilos: Tipping the Scales in Favor of Cybercrime

March 5, 2020 | 7 Min Read

  With the recent indictment of Larry Harmon, alleged operator of the Bitcoin tumbling service Helix and darknet search engine...
Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

March 4, 2020 | 5 Min Read

An ever changing perimeter? Over the past few years we have seen the commercial threat landscape evolve from simply combating...
FBI IC3 2019: Cybercrime results in over $3.5 billion in reported losses

FBI IC3 2019: Cybercrime results in over $3.5 billion in reported losses

March 3, 2020 | 8 Min Read

  On February 11th, we were treated to an early surprise: The US Federal Bureau of Investigation (FBI) released its...
ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

March 2, 2020 | 2 Min Read

Coming to you from Dallas this week – we’ve got Charles, Kacey, Harrison, and Alex. First up – 3 data...
Mapping MITRE ATT&CK to the Equifax Indictment

Mapping MITRE ATT&CK to the Equifax Indictment

February 24, 2020 | 6 Min Read

  On Monday, February 10th, the United States Department of Justice (DoJ) released a nine-count indictment alleging that four members...
ShadowTalk Update – OurMine hacks FC Barcelona & Olympics twitter handles, Adsense email extortion, & phishing research

ShadowTalk Update – OurMine hacks FC Barcelona & Olympics twitter handles, Adsense email extortion, & phishing research

February 24, 2020 | 2 Min Read

Adam and Phil join Viktoria to ‘cause a storm’ on this week’s episode. But first – we get a rundown...
The Ecosystem of Phishing: From Minnows to Marlins

The Ecosystem of Phishing: From Minnows to Marlins

February 20, 2020 | 31 Min Read

YOU JUST WON $1,000. CLICK HERE TO CLAIM YOUR REWARD!  IMMEDIATE! NEED WIRE DETAILS. Check out this cat doing cat...
RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions

RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions

February 19, 2020 | 5 Min Read

  RSA Conference is just days away, and as I have done in the past, I thought I’d suggest a...
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

February 18, 2020 | 4 Min Read

  The dust hasn’t quite settled on the Citrix ADC vulnerability technically known as CVE-2019-19781, and affectionately known as “Sh*&rix”...
Cybercriminal Forums on Valentine’s Day – A nice night to “Netflix and steal”…

Cybercriminal Forums on Valentine’s Day – A nice night to “Netflix and steal”…

February 17, 2020 | 6 Min Read

  It’s the night before Valentine’s Day, and it suddenly clicks in your mind that you have totally overlooked one...
ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

February 17, 2020 | 2 Min Read

Roses are red, violets are blue, here’s our threat intel podcast, just for you! Kacey, Charles, Alex, and Harrison have...
The Devil, the Details, and the Analysis of Competing Hypothesis

The Devil, the Details, and the Analysis of Competing Hypothesis

February 13, 2020 | 5 Min Read

  Digital Shadows’ Photon Research Team recently released a comprehensive examination of the Analysis of Competing Hypothesis (ACH) method, in...
ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

February 10, 2020 | 3 Min Read

In this week’s episode, Jamie starts by talking about his recent blog, Cyber Threat Intelligence Frameworks, with 5 rules for...
The Iowa Caucus: Third-Party Apps Can Be Risky Business

The Iowa Caucus: Third-Party Apps Can Be Risky Business

February 6, 2020 | 7 Min Read

  If you’ve seen HBO’s Silicon Valley, then you’re familiar with the epic fails endured by the Pied Piper team....
Red Team Blues: A 10 step security program for Windows Active Directory environments

Red Team Blues: A 10 step security program for Windows Active Directory environments

February 6, 2020 | 9 Min Read

  A fun tweet crossed our path recently, the author asked, “Redteam operators: Which defensive settings have you encountered that...
How to Operationalize Threat Intelligence: Actionability and Context

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020 | 5 Min Read

  In 1988 the idea of a Computer Emergency Response Team was first introduced at Carnegie Mellon University. Fast-forward through...
Dark web travel agencies: Take a trip on the dark side

Dark web travel agencies: Take a trip on the dark side

February 4, 2020 | 11 Min Read

For at least the last two years, an ecosystem of fraud has been perpetrated by cybercriminals against nearly every major...
ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

February 3, 2020 | 3 Min Read

Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison,...
Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?

Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?

January 30, 2020 | 9 Min Read

  You might be feeling the pinch at this time of year… The financial demands of Christmas have taken their...
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

January 29, 2020 | 7 Min Read

  As the cyber threat intelligence (CTI) industry continues to grow, so does the discipline’s thinking tools. Whether your intelligence...
SANS Cyber Threat Intelligence Summit 2020: A Recap

SANS Cyber Threat Intelligence Summit 2020: A Recap

January 28, 2020 | 9 Min Read

  Last week I attended the eighth annual SANS Cyber Threat Intelligence Summit in Crystal City, Virginia. I want to...
ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published

ShadowTalk Update – Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published

January 27, 2020 | 3 Min Read

Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the...
How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

January 23, 2020 | 5 Min Read

  I often get asked to share examples of the types of alerts we send to clients. I work on...
Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas

Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas

January 22, 2020 | 5 Min Read

  I’ve spent over 25 years now in the channel supporting enterprise IT in some form or fashion.  After a...
How the Cybercriminal Underground Mirrors the Real World

How the Cybercriminal Underground Mirrors the Real World

January 21, 2020 | 7 Min Read

Mirror, Mirror, on the wall. Who’s the best cybercriminal of them all? The terms cybercriminal and hacker often conjure up...
ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

January 20, 2020 | 3 Min Read

Kacey, Charles, Alex, and Harrison host this week’s threat intelligence update from Dallas. We kick off with vulnerabilities from the...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the number of suppliers that organizations work and interact with. Using a supplier can...
NSA Vulnerability Disclosure: Pros and Cons

NSA Vulnerability Disclosure: Pros and Cons

January 15, 2020 | 5 Min Read

  On Monday, January 13th, Brian Krebs reported that Microsoft would be releasing “a software update on Tuesday to fix...
CVE-2019-19781: Analyzing the Exploit

CVE-2019-19781: Analyzing the Exploit

January 14, 2020 | 4 Min Read

  On December 17th 2019, CVE-2019-19781 was disclosed. The vulnerability allows for directory traversal and remote code execution on Citrix...
Cryptonite: Ransomware’s answer to Superman…

Cryptonite: Ransomware’s answer to Superman…

January 14, 2020 | 4 Min Read

  Update: It appears that the Cryptonite website is no longer active, such is the rapidly changing nature of cybercrime....
Iran and the United States – start of the long war or return to normal?

Iran and the United States – start of the long war or return to normal?

January 13, 2020 | 9 Min Read

  On 03 Jan 2020, the United States conducted a targeted killing of Major General Qasem Soleimani, commander of the...
ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

ShadowTalk Update – Iranian Cyber Threats, Travelex Ransomware Attack, and Exploit Forum updates

January 10, 2020 | 3 Min Read

We’re back with our weekly ShadowTalk episodes! Viktoria hosts this week and introduces the episode bringing Sammy on to provide...
Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

January 7, 2020 | 6 Min Read

  With the recent news of Qasem Soleimani on Friday 3rd January 2020, many organizations have been reviewing their security...
Iran and Soleimani: Monitoring the Situation

Iran and Soleimani: Monitoring the Situation

January 7, 2020 | 9 Min Read

*This blog has been updated as of Jan 9, 2020.  Welcome to 2020. Have a good holiday? Back to work...
Iranian Cyber Threats: Practical Advice for Security Professionals

Iranian Cyber Threats: Practical Advice for Security Professionals

January 6, 2020 | 8 Min Read

Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United...
ShadowTalk Update – Jingle Bell Ryuk: NOLA Ransomware, Ring Doorbells, and 2020 Predictions

ShadowTalk Update – Jingle Bell Ryuk: NOLA Ransomware, Ring Doorbells, and 2020 Predictions

December 23, 2019 | 3 Min Read

CISO Rick Holland joins our ShadowTalk hosts (Viktoria, Alex, and Harrison) for our holiday special! This week the team covers:...
Top Security Blogs of 2019 from Digital Shadows

Top Security Blogs of 2019 from Digital Shadows

December 20, 2019 | 4 Min Read

  As we approach the end of 2019, we wanted to share some of the most popular security trends and...
The Closure of Market.ms: A Cybercriminal Marketplace Ahead of Its Time

The Closure of Market.ms: A Cybercriminal Marketplace Ahead of Its Time

December 18, 2019 | 9 Min Read

In the world of “what could have been,” the cybercriminal marketplace market[.]ms would be a leader in the cybercriminal underground....
2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

December 18, 2019 | 10 Min Read

  If all the holiday fuss isn’t reminder enough, 2020 is almost upon us. 2019 was an unusual year in...
Forums are Forever – Part 3: From Runet with Love

Forums are Forever – Part 3: From Runet with Love

December 17, 2019 | 24 Min Read

  The rise of alternative technologies hasn’t spelled the end of forums, which seem to be prospering against all odds....
ShadowTalk Update – Tochka Dark Web Market Offline, Market.ms Closes, and Data Leakage Stories

ShadowTalk Update – Tochka Dark Web Market Offline, Market.ms Closes, and Data Leakage Stories

December 16, 2019 | 3 Min Read

Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have...
Threat Intelligence: A Deep Dive

Threat Intelligence: A Deep Dive

December 12, 2019 | 21 Min Read

Welcome to our deep dive on threat intelligence: intended to help security professionals embarking on creating and building a threat...
Forums are Forever – Part 2: Shaken, but not Stirred

Forums are Forever – Part 2: Shaken, but not Stirred

December 10, 2019 | 5 Min Read

  Cybercriminal forums continue to thrive despite law-enforcement takedowns and the emergence of more efficient and secure alternatives. Digital Shadows...
ShadowTalk Update – Cybercriminal Forum Research, Mixcloud Breach, and International Crackdown on RAT Spyware

ShadowTalk Update – Cybercriminal Forum Research, Mixcloud Breach, and International Crackdown on RAT Spyware

December 9, 2019 | 3 Min Read

Viktoria invites Stewart Bertram to kick-off this week’s episode around new cybercrime research we put out on the Modern Cybercriminal...
A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

December 5, 2019 | 9 Min Read

  In an industry prone to going overboard with fear-based marketing, the cyber threat intelligence (CTI) community has a refreshing...
Forums are Forever – Part 1: Cybercrime Never Dies

Forums are Forever – Part 1: Cybercrime Never Dies

December 4, 2019 | 10 Min Read

If one could predict the future back in the late 1990s when the first cybercriminal web forums emerged, few would...
2.3 billion files exposed across online file storage technologies

2.3 billion files exposed across online file storage technologies

December 3, 2019 | 17 Min Read

Originally published May 2019 2.3 billion is a massive number. It’s hard even to wrap your head around; what do...
ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

December 2, 2019 | 3 Min Read

No ShadowTalk podcast episode this week, but updates from the Intelligence Summary are below. Updates from this week’s Intelligence Summary...
Asset Inventory Management: Difficult But Essential

Asset Inventory Management: Difficult But Essential

November 27, 2019 | 4 Min Read

  If it’s one thing that most security professionals can agree on, it’s that asset inventories are one of the...
Probiv: The missing pieces to a cybercriminal’s puzzle

Probiv: The missing pieces to a cybercriminal’s puzzle

November 26, 2019 | 10 Min Read

A husband wants to find out who owns the unknown number that’s been ringing his wife’s cell phone late at...
ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

November 25, 2019 | 3 Min Read

Adam Cook and Viktoria Austin talk through the security and threat intelligence stories of this week including an update around...
Black Friday Deals on the Dark Web: A cybercriminal shopper’s paradise

Black Friday Deals on the Dark Web: A cybercriminal shopper’s paradise

November 21, 2019 | 10 Min Read

  Black Friday. You love it, you hate it, you love to hate it. Whether you’re already getting your finances...
DarkMarket’s Feminist Flight Towards Equality and the Curious Case of Canaries

DarkMarket’s Feminist Flight Towards Equality and the Curious Case of Canaries

November 19, 2019 | 4 Min Read

  In late August, Dark Fail (a Tor onion link repository service) added several onion domains for two new dark...
BSidesDFW 2019: OSINT Workshop Recap

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019 | 5 Min Read

  A few Saturdays ago, we had the pleasure of presenting at BSidesDFW in Fort Worth, Texas. We were all...
ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

November 18, 2019 | 3 Min Read

Dallas is sound effects and all this week with Kacey, Charles, Alex, and Harrison. The team discusses their recent OSINT...
VoIP security concerns: Here to stay, here to exploit

VoIP security concerns: Here to stay, here to exploit

November 14, 2019 | 4 Min Read

  VoIP, or Voice over Internet Protocol, is the protocol via which voice communication and multimedia session are delivered via...
Dynamic CVVs: 2FA 2Furious

Dynamic CVVs: 2FA 2Furious

November 12, 2019 | 5 Min Read

  The security community is quick to highlight the benefits of two-factor authentication (2FA) when it comes to something like...
ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

November 11, 2019 | 3 Min Read

This week the London team looks at the following stories: BlueKeep Exploit Could Rapidly Spread Megacortex Ransomware Changes Windows Passwords...
Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

November 7, 2019 | 3 Min Read

This is a guest blog, authored by Matthew Gardiner, Director of Enterprise Security Campaigns at Mimecast Domain fraud is a widespread...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

November 4, 2019 | 4 Min Read

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information...
Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

October 31, 2019 | 6 Min Read

  With the recent breach that targeted BriansClub, automated vending carts (better known as AVCs), have received significant media attention...
Cybercriminal credit card stores: Is Brian out of the club?

Cybercriminal credit card stores: Is Brian out of the club?

October 31, 2019 | 8 Min Read

  If you’re an avid follower of Digital Shadows’ blogs, or just have a general interest in the cybercriminal landscape,...
Your Cyber Security Career – Press start to begin

Your Cyber Security Career – Press start to begin

October 30, 2019 | 13 Min Read

  October was Cyber Security Awareness month, and as a follow-up, I thought it would be good  to talk about...
Australia Cyber Threat Landscape report (H1 2019)

Australia Cyber Threat Landscape report (H1 2019)

October 29, 2019 | 5 Min Read

Depending on where you are in the world, October is characterized by the onset of a new season and/or fewer...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

October 25, 2019 | 3 Min Read

We’ve got all 3 ShadowTalk hosts in Dallas this week: Harrison Van Riper, Viktoria Austin, and Alex Guirakhoo. The team...
Understanding the Consequences of Data Leakage through History

Understanding the Consequences of Data Leakage through History

October 24, 2019 | 4 Min Read

One of the most interesting aspects of transitioning from high school history teacher to cyber threat intelligence professional is the...
WiFi Security: Dispelling myths of using public networks

WiFi Security: Dispelling myths of using public networks

October 23, 2019 | 9 Min Read

We have all seen many articles, blogs, endless Twitter commentary, and so on about the risks of using public WiFi...
Japan Cyber Threat Landscape report (H1 2019)

Japan Cyber Threat Landscape report (H1 2019)

October 22, 2019 | 5 Min Read

Japan: currently the host of the multi-national sporting event, the Rugby World Cup, and soon to be host of the...
ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

October 18, 2019 | 3 Min Read

Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019 | 9 Min Read

Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019 | 15 Min Read

Typosquatting. It’s a phrase most of us know in the security realm and think we’ve got our hands and minds...
Cybercriminal Forum Developments: Escrow Services

Cybercriminal Forum Developments: Escrow Services

October 15, 2019 | 5 Min Read

Financial transactions made on cybercriminal forums tend to look remarkably similar to transactions made on legitimate platforms. You have a...
ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

October 11, 2019 | 3 Min Read

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top...
ANU Breach Report: Mapping to Mitre ATT&CK Framework

ANU Breach Report: Mapping to Mitre ATT&CK Framework

October 11, 2019 | 14 Min Read

Introduction This week, the Australian National University (ANU) published a report on an intrusion into their networks that occurred in...
Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction

Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction

October 9, 2019 | 5 Min Read

In 1984, science fiction writer William Gibson became the father of the Cyberpunk fiction genre with his novel, Neuromancer. Neuromancer...
ShadowTalk Update – Magecart Five Widens Attack Vectors, Suspected Chinese Threat Actor Targets Airbus Suppliers, and Tortoiseshell Developments

ShadowTalk Update – Magecart Five Widens Attack Vectors, Suspected Chinese Threat Actor Targets Airbus Suppliers, and Tortoiseshell Developments

October 4, 2019 | 3 Min Read

Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly...
Top Threat Intelligence Podcasts to Add to Your Playlist

Top Threat Intelligence Podcasts to Add to Your Playlist

October 3, 2019 | 4 Min Read

Looking for some new threat intelligence podcasts to add to your playlist? Look no further! Our Photon Threat Intelligence Research...
Domain Squatting: The Phisher-man’s Friend

Domain Squatting: The Phisher-man’s Friend

October 1, 2019 | 8 Min Read

In the past we have talked about the internal assessments that we perform here at Digital Shadows. As part of...
ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

September 27, 2019 | 4 Min Read

Viktoria hosts this week’s episode in London with Phillip Doherty and Adam Cook. After a quick debate around the top...
Singapore Cyber Threat Landscape report (H1 2019)

Singapore Cyber Threat Landscape report (H1 2019)

September 26, 2019 | 7 Min Read

Despite being the second smallest country in Asia, Singapore is a global financial and economic hub. On top of this,...
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

September 25, 2019 | 7 Min Read

Between 2012 to mid-2015, U.S. financial institutions, financial services corporations and financial news publishers fell victim to one of the...
DevSecOps: Continued Database Exposures Point to Growing Challenges

DevSecOps: Continued Database Exposures Point to Growing Challenges

September 24, 2019 | 5 Min Read

Last week, we learned that millions of Ecuadorian’s personal details had been exposed by a misconfigured ElasticSearch database. This is...
ShadowTalk Update – Universities still attracting espionage from Iran, SimJacker exploit, NCSC Threat Trends, and Ransomware Updates

ShadowTalk Update – Universities still attracting espionage from Iran, SimJacker exploit, NCSC Threat Trends, and Ransomware Updates

September 20, 2019 | 4 Min Read

It’s Harrison and Alex this week for your threat intelligence updates. The guys first dig into the NCSC’s recent threat...
Nemty Ransomware: Slow and Steady Wins the Race?

Nemty Ransomware: Slow and Steady Wins the Race?

September 19, 2019 | 3 Min Read

As we outlined recently, ransomware is a key theme of the NCSC Cyber Trends Report: it’s a pervasive threat that...
NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

September 18, 2019 | 7 Min Read

The United Kingdom’s National Cyber Security Centre (NCSC) recently released their Incident trends report (October 2018 – April 2019) which...
Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

September 17, 2019 | 8 Min Read

Data breaches are not slowing down. Nobody expects to be a victim, but the data shows the exponential growth in...
ShadowTalk Update – Metasploit Project Publishes Exploit For Bluekeep, plus APT3 and Silence Cybercrime Group Updates

ShadowTalk Update – Metasploit Project Publishes Exploit For Bluekeep, plus APT3 and Silence Cybercrime Group Updates

September 13, 2019 | 4 Min Read

Viktoria Austin is joined by Adam Cook and Phil Dohetry this week in the London office to talk about the...
Dark Web Monitoring: The Good, The Bad, and The Ugly

Dark Web Monitoring: The Good, The Bad, and The Ugly

September 11, 2019 | 20 Min Read

Dark Web Monitoring Overview Gaining access to dark web and deep web sources can be extremely powerful – if you...
Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

September 10, 2019 | 2 Min Read

Back in February, I wrote about how we avoid the term “eat your own dog food” here at Digital Shadows,...
ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

September 9, 2019 | 3 Min Read

Alex, Alec, and Harrison are in the room today discussing 3 top stories from the week. First up – a...
Envoy on a Mission to Bring Stability to the Criminal Underground

Envoy on a Mission to Bring Stability to the Criminal Underground

September 4, 2019 | 3 Min Read

Recent Turbulence in the Underground From the sudden disappearance and ongoing instability issues of KickAss and Torum, to the high...
ShadowTalk Update – More Sodinokibi Activity, Imperva Breach, and Weirdest Food at the Texas State Fair

ShadowTalk Update – More Sodinokibi Activity, Imperva Breach, and Weirdest Food at the Texas State Fair

September 2, 2019 | 3 Min Read

CISO Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday,...
Emotet Returns: How To Track Its Updates

Emotet Returns: How To Track Its Updates

August 26, 2019 | 5 Min Read

What is Emotet? Emotet started life as a banking trojan in 2014; targeting financial information on victim computers. However, over...
ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

August 23, 2019 | 3 Min Read

Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks...
Breach! An Analysis of the Modern Digital Breach, with Cyber Defense Lab’s CEO, Bob Anderson

Breach! An Analysis of the Modern Digital Breach, with Cyber Defense Lab’s CEO, Bob Anderson

August 22, 2019 | 8 Min Read

Just prior to the BlackHat & DEFCON, my colleague Rick Holland and I were fortunate to share some time in...
The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

August 19, 2019 | 6 Min Read

Black Hat and DEFCON are a wrap! Digital Shadows was there in a big way this year and it was...
Black Hat and DEFCON 2019 – Some of our Favorite Sessions

Black Hat and DEFCON 2019 – Some of our Favorite Sessions

August 19, 2019 | 9 Min Read

The team were fortunate to go to Black Hat and DEFCON this year, and we wanted to share back some...
ShadowTalk Update – Nightmare Market in Disarray and SEC Investigation into Data Leak at First American Financial Corp

ShadowTalk Update – Nightmare Market in Disarray and SEC Investigation into Data Leak at First American Financial Corp

August 16, 2019 | 3 Min Read

Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze...
Fresh blow for dark web markets: Nightmare market in disarray

Fresh blow for dark web markets: Nightmare market in disarray

August 13, 2019 | 5 Min Read

Over the past three weeks, Digital Shadows has observed another popular dark web criminal market – Nightmare – experience several...
Recon Village: Panning for gold

Recon Village: Panning for gold

August 1, 2019 | 7 Min Read

Richard will be presenting ‘Asset Discovery: Making Sense of the Ocean of OSINT’ at 13.50 on 9th August 2019 in...
Capital One Breach: What we know and what you can do

Capital One Breach: What we know and what you can do

July 31, 2019 | 5 Min Read

Monday blues. It’s a thing. It’s when you start the week feeling moody because your weekend is over. The feeling...
The Account Takeover Kill Chain: A Five Step Analysis

The Account Takeover Kill Chain: A Five Step Analysis

July 30, 2019 | 17 Min Read

It’s no secret that credential exposure is a growing problem. Take a look at Troy Hunt’s https://www.haveibeenpwned.com – a tool...
ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

July 29, 2019 | 3 Min Read

Christian and Travis sit down with Harrison to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to...
Surviving and Thriving at Blackhat and DEF CON Summer Camp 2019

Surviving and Thriving at Blackhat and DEF CON Summer Camp 2019

July 24, 2019 | 4 Min Read

With BSides, Black Hat and DEF CON (aka Security Summer Camp) fast approaching, I thought I’d do a quick blog...
SearchLight’s Biggest Ever Update: New Ways to Discover, Contextualize, and Prioritize Digital Risks

SearchLight’s Biggest Ever Update: New Ways to Discover, Contextualize, and Prioritize Digital Risks

July 23, 2019 | 6 Min Read

Since founding the company in 2011, we’ve had some memorable milestones: from the first release of SearchLight in 2014, to...
A Growing Enigma: New AVC on the Block

A Growing Enigma: New AVC on the Block

July 19, 2019 | 3 Min Read

This week, in a ground breaking announcement, the Bank of England named Alan Turing the new face of the £50...
ShadowTalk Update – Marriott Faces GDPR Fines, TA505 Global Attacks, Zoom 0-Day, and New Magecart Activity

ShadowTalk Update – Marriott Faces GDPR Fines, TA505 Global Attacks, Zoom 0-Day, and New Magecart Activity

July 12, 2019 | 3 Min Read

Kacey and Alex join Harrison to walk through this week’s threat intelligence stories. Alex walks us through the highlight story this...
Harnessing Exposed Data to Enhance Cyber Intelligence

Harnessing Exposed Data to Enhance Cyber Intelligence

July 11, 2019 | 7 Min Read

  An illicit and lucrative trade has grown on criminal forums across the surface, dark, and deep web – the...
Welcoming NAB Ventures & Scaling SearchLight for Growth

Welcoming NAB Ventures & Scaling SearchLight for Growth

July 9, 2019 | 2 Min Read

Today is an exciting day for Digital Shadows. Earlier this morning, we announced a $10m focused investment to scale our...
Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

July 2, 2019 | 6 Min Read

Whether it’s intellectual property, proprietary code, personal data, or financial information, the goal of information security is to protect those...
ShadowTalk Update – Operation Soft Cell, Libra Cryptocurrency Impersonations, and New Cyber Espionage Activity

ShadowTalk Update – Operation Soft Cell, Libra Cryptocurrency Impersonations, and New Cyber Espionage Activity

June 28, 2019 | 4 Min Read

This week Alex and Phil join Harrison to discuss Operation Soft Cell, a campaign that has been actively compromising telecommunications...
Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

June 27, 2019 | 8 Min Read

The announcements of Facebook’s new cryptocurrency “Libra” and its associated digital wallet “Calibra” have conjured up discussion, debate, criticism, and...
ShadowTalk Update – Google Calendar Phishing, Exim Email Server Vulnerability, and Diversity in Cybersecurity

ShadowTalk Update – Google Calendar Phishing, Exim Email Server Vulnerability, and Diversity in Cybersecurity

June 24, 2019 | 3 Min Read

This week Alex and Jamie chat with Harrison on a cyber-threat campaign involving the abuse of legitimate features in Google...
Leaky SMB File Shares – So Many Bytes!

Leaky SMB File Shares – So Many Bytes!

June 19, 2019 | 5 Min Read

Everyone loves a sequel. If you’re an avid Marvel fan, you’re probably sitting on the edge of your seat waiting...
Managing Digital Risk: 4 Steps to Take

Managing Digital Risk: 4 Steps to Take

June 18, 2019 | 9 Min Read

Organizations are finding it increasingly difficult to know where their data is stored and shared in today’s technology-forward, connected world....
ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

June 17, 2019 | 3 Min Read

This week Harrison is joined by Travis and Alec to discuss the security stories of the week including a fileless malware...
Managing Infosec Burnout: The Hidden Perpetrator

Managing Infosec Burnout: The Hidden Perpetrator

June 10, 2019 | 8 Min Read

The secret of the burnout epidemic lies in how we feel about our stress, not the things that stress us...
ShadowTalk Update – “HiddenWasp” and “BlackSquid” malware, TA505 and Turla actvity, and Too Much Information:The Sequel

ShadowTalk Update – “HiddenWasp” and “BlackSquid” malware, TA505 and Turla actvity, and Too Much Information:The Sequel

June 7, 2019 | 3 Min Read

Alex and Christian join HVR this week to discuss the Linux malware “HiddenWasp” (along with HVR’s hatred of the insect),...
BlueKeep: Cutting through the hype to prepare your organization

BlueKeep: Cutting through the hype to prepare your organization

May 24, 2019 | 8 Min Read

Over the last week we have all been tuning into our news feeds and listening to the security folks chatting...
Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

May 21, 2019 | 6 Min Read

Phishing remains one of the most pervasive threats to enterprise, the simple but effective technique of tricking unassuming users into...
Partnering with SecureLink to help organizations minimize their digital risk

Partnering with SecureLink to help organizations minimize their digital risk

May 15, 2019 | 3 Min Read

Today we announced that SecureLink, one of Europe’s most respected independent cybersecurity and managed service providers, has partnered with Digital...
Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

May 15, 2019 | 15 Min Read

The internet has been aflame with discussions around three leaks of internal information from APT groups attributed with the Islamic...
Cyber Talent Gap: How to Do More With Less

Cyber Talent Gap: How to Do More With Less

May 14, 2019 | 5 Min Read

The challenge facing us today is twofold: not only is the digital footprint of the organizations we want to protect...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 13, 2019 | 4 Min Read

Kacey and Alex join HVR this week to talk through the key stories this week including a new threat group...
Enabling Soi Dog’s Digital Transformation: A Case Study

Enabling Soi Dog’s Digital Transformation: A Case Study

May 8, 2019 | 3 Min Read

At the beginning of this year I was introduced to Spencer Hardy, the IT manager for an animal charity called...
Announcing Digital Shadows’ ISO27001 certification

Announcing Digital Shadows’ ISO27001 certification

May 7, 2019 | 2 Min Read

I’m pleased to announce that Digital Shadows has recently achieved an important compliance milestone for our customers. After a concerted...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 6, 2019 | 3 Min Read

Phil and newcomer Benjamin Newman join Harrison for another edition of the Weekly Intelligence Summary. The guys cover two distinct...
ShadowTalk Update – 4.29.19

ShadowTalk Update – 4.29.19

April 29, 2019 | 3 Min Read

Jamie and Alex are back with Harrison this week to talk about the leak of information related to APT34 on...
FBI IC3: Cybercrime Surges in 2018, Causing $2.7 Billion in Losses

FBI IC3: Cybercrime Surges in 2018, Causing $2.7 Billion in Losses

April 23, 2019 | 4 Min Read

This week, the Federal Bureau of Investigation released its 2018 Internet Crime Complaints Center (IC3). In 2018, the IC3 responded...
ShadowTalk Update – 4.22.19

ShadowTalk Update – 4.22.19

April 22, 2019 | 3 Min Read

This week the team discusses an unidentified threat actor that has obtained data from various personal Outlook, MSN, and Hotmail...
ShadowTalk Update – 4.15.19

ShadowTalk Update – 4.15.19

April 15, 2019 | 4 Min Read

Christian and Jamie join Harrison for another week of ShadowTalk to discuss the FIN6 threat actor reportedly widening its range...
Reducing your attack surface

Reducing your attack surface

April 9, 2019 | 4 Min Read

What is an attack surface According to OWASP, an attack surface “describes all of the different points where an attacker could...
ShadowTalk Update – 4.8.19

ShadowTalk Update – 4.8.19

April 8, 2019 | 3 Min Read

Jamie, Alex and Zuko sit down with Harrison to talk about a story that flew a little under the radar...
Easing into the extortion game

Easing into the extortion game

April 3, 2019 | 4 Min Read

One of the main ideas which flowed through Photon’s most recent research report, A Tale of Epic Extortions, was that cyber...
Predator: Modeling the attacker’s mindset

Predator: Modeling the attacker’s mindset

April 2, 2019 | 6 Min Read

Author: Richard Gold  The phrases “attacker’s mindset” or “think like an attacker” are often used in cyber security to encourage...
Making Some Noise in the Channel

Making Some Noise in the Channel

April 1, 2019 | 3 Min Read

Digital Shadows Channel REV Partner Program shifts into 5th gear and earns the CRN 5-Star Partner Program Guide Award It’s...
ShadowTalk Update – 4.1.19

ShadowTalk Update – 4.1.19

March 29, 2019 | 3 Min Read

Christian and Jamie sit down with Harrison to talk about the compromised Asus server used to distribute backdoor malware to...
Cyber Risks and High-frequency Trading: Conversation with an Insider

Cyber Risks and High-frequency Trading: Conversation with an Insider

March 26, 2019 | 4 Min Read

Research from the Carnegie Endowment for International Peace published this week focused the attention on how financial systems around the...
ShadowTalk Update – 3.25.19

ShadowTalk Update – 3.25.19

March 25, 2019 | 4 Min Read

Harrison chats with Jamie and Alex this week on an attack on Norwegian aluminum and renewable-energy company Norsk Hydro ASA....
Dark Web Typosquatting: Scammers v. Tor

Dark Web Typosquatting: Scammers v. Tor

March 21, 2019 | 7 Min Read

Time and time again, we see how the cybercriminal ecosystem often mirrors what happens in the business world. This can...
How to Secure Your Online Brand

How to Secure Your Online Brand

March 20, 2019 | 4 Min Read

What is online brand security? As we outlined in our Practical Guide to Reducing Digital Risk, the integrity of brand...
ShadowTalk Update – 3.18.19

ShadowTalk Update – 3.18.19

March 18, 2019 | 3 Min Read

Harrison sits down with Rose and Christian for a quick chat about APT40 targeting educational maritime research, as well as...
Detecting Exposed Company Data: The What, Why, and How

Detecting Exposed Company Data: The What, Why, and How

March 12, 2019 | 3 Min Read

What is data loss detection? A fundamental responsibility for any IT security professional is to secure their information assets, be...
ShadowTalk Update – 3.11.19

ShadowTalk Update – 3.11.19

March 11, 2019 | 3 Min Read

This week Jamie and Alex join Harrison to look at Fin6, who has begun regularly targeting card-not-present data on e-commerce...
Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

March 6, 2019 | 7 Min Read

Authors: Simon Hall, Isidoros Monogioudis   Here at Digital Shadows we perform regular purple team exercises to continually challenge and...
ShadowTalk Update – 3.04.19

ShadowTalk Update – 3.04.19

March 4, 2019 | 4 Min Read

This week Rose and Phil join Harrison to discuss a three-stage cryptocurrency mining attack using Mimikatz and Radmin in tandem....
Don’t Take Our Word for It: See for Yourself Why Forrester Named SearchLight a Leader….For Free!

Don’t Take Our Word for It: See for Yourself Why Forrester Named SearchLight a Leader….For Free!

February 27, 2019 | 3 Min Read

Every day cyber security professionals are bombarded with marketing messages from 3,000+ security vendors. It’s a cacophony of catchy tag...
SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

February 26, 2019 | 16 Min Read

In our latest research report, A Tale of Epic Extortions, the Digital Shadows Photon Research Team highlight how cybercriminals abuse our...
ShadowTalk Update – 2.25.19

ShadowTalk Update – 2.25.19

February 25, 2019 | 4 Min Read

This week, Phil and Alex join Harrison to discuss a new malware delivery technique using the Outlook preview panel. Also,...
Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

February 21, 2019 | 3 Min Read

In our most recent research, A Tale of Epic Extortions, the Digital Shadows Photon Research Team approached the topic of...
Six Steps for Security Professionals to make the most out of the RSA Conference

Six Steps for Security Professionals to make the most out of the RSA Conference

February 20, 2019 | 4 Min Read

This year’s RSA Conference is March 4th-7th in San Francisco. As always, it is a long and exhausting week for...
ShadowTalk Update – 2.18.19

ShadowTalk Update – 2.18.19

February 19, 2019 | 3 Min Read

Alex and Jamie matched with Harrison in this Valentine’s week episode of ShadowTalk. We discuss why four different APT groups...
Photon Research Team Shines Light On Digital Risks

Photon Research Team Shines Light On Digital Risks

February 13, 2019 | 2 Min Read

I’m very excited to announce the launch of the Digital Shadows’ Photon Research Team. We have decided to bolster our...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing Digital Risk   Digital Footprints and Digital Shadows Back when Al...
ShadowTalk Update – 2.11.19

ShadowTalk Update – 2.11.19

February 8, 2019 | 3 Min Read

Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma”...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about Digital Risk and Digital Risk Protection. Forrester published their 2018 New...
CISO Spotlight: Security Goals and Objectives for 2019

CISO Spotlight: Security Goals and Objectives for 2019

February 7, 2019 | 6 Min Read

I recently joined our ShadowTalk podcast to discuss 2019 planning and prioritization. If you listen, you will notice that I’m...
You’ve got a digital strategy, but how are you managing digital risks?

You’ve got a digital strategy, but how are you managing digital risks?

February 7, 2019 | 3 Min Read

Download a free copy of Digital Risk: The C-Suite‘s Critical Missing Part of Overall Risk Most C-level executives I speak...
Joining The Market Leader in Digital Risk Protection

Joining The Market Leader in Digital Risk Protection

February 6, 2019 | 3 Min Read

Our marketing department asked me to write a blog on why I joined Digital Shadows.  The obvious response would be...
SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

February 5, 2019 | 7 Min Read

We were fortunate to attend the 2019 SANS DFIR Cyber Threat Intelligence Summit this year, which brings together some of...
ShadowTalk Update – 2.4.19

ShadowTalk Update – 2.4.19

February 4, 2019 | 4 Min Read

This week, Alex Guirakhoo and Jamie Collier join Harrison to discuss APT39, a new Iran-linked espionage group, as well as...
SingHealth Breach Post-mortem: Key Findings

SingHealth Breach Post-mortem: Key Findings

January 29, 2019 | 5 Min Read

On 10 January 2019, Singaporean authorities finally released a report detailing how the attack against Singapore’s largest group of healthcare...
ShadowTalk Update – 1.28.19

ShadowTalk Update – 1.28.19

January 26, 2019 | 3 Min Read

This week Rose, Jamie, and Alex talk with Harrison on a huge data dump called “Collection #1”, containing over 770...
Security Practitioner’s Guide to Email Spoofing and Risk Reduction

Security Practitioner’s Guide to Email Spoofing and Risk Reduction

January 24, 2019 | 13 Min Read

In our previous extended blog, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, we...
Powering Investigations with Nuix Software: The Case of thedarkoverlord and the 9/11 Files

Powering Investigations with Nuix Software: The Case of thedarkoverlord and the 9/11 Files

January 22, 2019 | 6 Min Read

The Panama Papers in 2016 highlighted the challenges facing investigators dealing with large document leaks. With over 11.5 million documents...
ShadowTalk Update – 1.21.19

ShadowTalk Update – 1.21.19

January 19, 2019 | 3 Min Read

This week, Alex Guirakhoo and Philip Doherty join Harrison Van Riper to discuss two recent, unrelated, financially-motivated cyber attack campaigns...
Don’t Just Read Intelligence: Learn From It

Don’t Just Read Intelligence: Learn From It

January 17, 2019 | 5 Min Read

The Importance of Learning in Cyber Security Those unfamiliar with the field of computer security, reading the news headlines about...
Thedarkoverlord runs out of Steem

Thedarkoverlord runs out of Steem

January 16, 2019 | 6 Min Read

On 31 December 2018, the notorious extortion actor known as “thedarkoverlord” announced on Twitter and Reddit that they were in...
ShadowTalk Update – 1.14.19

ShadowTalk Update – 1.14.19

January 14, 2019 | 3 Min Read

We’ve just released our first Weekly Intelligence Summary episode of ShadowTalk. In this new track, Harrison Van Riper will be...
Security Analyst Spotlight Series: Phil Doherty

Security Analyst Spotlight Series: Phil Doherty

January 10, 2019 | 5 Min Read

Organizations rely on Digital Shadows to be an extension of their security team. Our global team of analysts provide relevant...
TV License and Vehicle Tax Fraud: New Year, Same Old Scams

TV License and Vehicle Tax Fraud: New Year, Same Old Scams

January 8, 2019 | 4 Min Read

Over the last week we’ve been tracking several emails impersonating UK services such as “TV Licensing” and “Vehicle Road Tax”....
Four New Year Cyber Security Resolutions

Four New Year Cyber Security Resolutions

January 3, 2019 | 8 Min Read

Another year is upon us in the world of cyber-security, and few things are certain. Commentators are always prone to...
Cyber Threats to Watch in 2019: Key Takeaways from our webinar with the FBI Cyber Squad

Cyber Threats to Watch in 2019: Key Takeaways from our webinar with the FBI Cyber Squad

December 20, 2018 | 5 Min Read

As 2018 comes to a close, Digital Shadows partnered with the FBI’s Cyber Division for a webinar to discuss some...
The Most Popular Security Blog Topics of 2018

The Most Popular Security Blog Topics of 2018

December 18, 2018 | 3 Min Read

It’s been a busy year on the Digital Shadows blog, with almost 150 blogs published since January 1. As we...
ShadowTalk Update – 17.10.2018

ShadowTalk Update – 17.10.2018

December 17, 2018 | 3 Min Read

Following from our recent research, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, the...
Bomb Threat Emails: Extortion Gets Physical

Bomb Threat Emails: Extortion Gets Physical

December 14, 2018 | 4 Min Read

We’ve seen yet another change in tactics for the recent spate of extortion campaigns. Whereas before these emails tried to...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018 | 8 Min Read

Overall, the infosec community has done a relatively good job in securing systems. While a measure of restrained back-patting is...
Digital Shadows New Integration for Splunk

Digital Shadows New Integration for Splunk

December 10, 2018 | 3 Min Read

Today we announced the release of an updated version of our Splunk App, which is now certified for both Splunk...
ShadowTalk Update – 12.10.2018

ShadowTalk Update – 12.10.2018

December 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott...
Using Shadow Search to Power Investigations: Sextortion Campaigns

Using Shadow Search to Power Investigations: Sextortion Campaigns

December 6, 2018 | 3 Min Read

We recently wrote about sextortion campaigns and how they’ve developed their lures over time. As a result of these campaigns,...
2019 Cyber Security Forecasts: Six Things on the Horizon

2019 Cyber Security Forecasts: Six Things on the Horizon

December 5, 2018 | 9 Min Read

The new year is upon us! 2018 brought us Spectre and Meltdown, Russian GRU indictments, and the exposure of 500...
ShadowTalk Update – 12.03.2018

ShadowTalk Update – 12.03.2018

December 3, 2018 | 3 Min Read

Michael Marriott, Dr Richard Gold and Simon Hall discuss our recent findings on threat actors using cracked versions of Cobalt...
Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

November 29, 2018 | 5 Min Read

I’m a big fan of the Cobalt Strike threat emulation software. Here at Digital Shadows, it’s a staple of our...
Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

November 27, 2018 | 3 Min Read

Australian Signals Directorate Essential 8 The Australian Signals Directorate (ASD) has published what it calls the “Essential 8”: a set...
ShadowTalk Update – 11.26.2018

ShadowTalk Update – 11.26.2018

November 26, 2018 | 3 Min Read

With Black Friday kicking off the holiday spending season, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber...
Black Friday and Cybercrime: Retail’s Frankenstein Monster

Black Friday and Cybercrime: Retail’s Frankenstein Monster

November 20, 2018 | 5 Min Read

With every year that passes, Black Friday seems to morph into a creation its original proponents could not have even...
Sextortion 2.0: A New Lure

Sextortion 2.0: A New Lure

November 20, 2018 | 4 Min Read

Back in September we released a blog about the large volume of sextortion email campaigns that were hitting people’s inboxes....
ShadowTalk Update – 11.19.2018

ShadowTalk Update – 11.19.2018

November 19, 2018 | 2 Min Read

Leaked court documents surfaced this week detailing how Italian authorities tried and ultimately failed to identify and convict the vigilante...
Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your company and brand can be targeted by threat actors or groups who...
A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

November 13, 2018 | 5 Min Read

I recently attended the ENISA (European Union Agency for Network and Information Security) Threat Intelligence Workshop held in Brussels on...
ShadowTalk Update – 11.12.2018

ShadowTalk Update – 11.12.2018

November 12, 2018 | 2 Min Read

In this week’s ShadowTalk, we discuss the big vulnerability and exploit stories of the week. The team discuss the Cisco...
To Pay or Not to Pay: A Large Retailer Responds to DDoS Extortion

To Pay or Not to Pay: A Large Retailer Responds to DDoS Extortion

November 8, 2018 | 3 Min Read

Fans of The Sopranos or Goodfellas are well-versed in the world of extortion. Whether it is paying off Tony Soprano...
Security Analyst Spotlight Series: Adam Cook

Security Analyst Spotlight Series: Adam Cook

November 7, 2018 | 6 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts provide relevant...
ShadowTalk Update – 11.05.2018

ShadowTalk Update – 11.05.2018

November 5, 2018 | 3 Min Read

In November 2016, Tesco Bank suffered a series of fraud attacks that allowed cybercriminals to check out with £2.26m (roughly...
81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

November 2, 2018 | 5 Min Read

This morning, the British Broadcasting Corporation (BBC) published an article detailing how online actors had obtained and advertised at least...
Choosing the Right Cyber Security Partner for your Business: A glimpse through Digital Logistix journey searching for a Digital Risk Protection Solution

Choosing the Right Cyber Security Partner for your Business: A glimpse through Digital Logistix journey searching for a Digital Risk Protection Solution

October 31, 2018 | 3 Min Read

This blog was written by Ricardo Martinez, Director of Business Development for Latin America at Digital Logistix. With more than...
The Dark Web: Marketers’ Trick or Threat Intelligence Treat?

The Dark Web: Marketers’ Trick or Threat Intelligence Treat?

October 31, 2018 | 5 Min Read

At this time of the year, you can’t go anywhere without encountering something dark, spooky and mysterious. It all reminds...
ShadowTalk Update – 10.29.2018

ShadowTalk Update – 10.29.2018

October 29, 2018 | 3 Min Read

In this week’s ShadowTalk, Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the...
Cyber Security Awareness Month: Week 4 – Privacy

Cyber Security Awareness Month: Week 4 – Privacy

October 25, 2018 | 6 Min Read

This week in Brussels, Apple’s chief executive Tim Cook somewhat surprisingly castigated how personal data is handled by businesses and...
Bank Discovers Customer Credit Card Numbers Traded Online

Bank Discovers Customer Credit Card Numbers Traded Online

October 23, 2018 | 3 Min Read

Payment card fraud costs banks and merchants nearly $23 billion a year and rising. As consumers spend more money online,...
ShadowTalk Update – 10.22.2018

ShadowTalk Update – 10.22.2018

October 22, 2018 | 3 Min Read

In this week’s ShadowTalk, following on from last week’s conversation on how managed service providers can increase your attack surface,...
Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

October 19, 2018 | 7 Min Read

This week we move onto theme three of Cyber Security Month: recognize cyber scams. The important point here is that...
12.5 Million Email Archives Exposed: Lowering the Barriers for BEC

12.5 Million Email Archives Exposed: Lowering the Barriers for BEC

October 18, 2018 | 4 Min Read

Digital Shadows’ latest research report, Pst! Cybercriminals on the Outlook for Your Emails, highlights the different ways cybercriminals can access corporate...
Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

October 17, 2018 | 7 Min Read

This week, National Cyber Security Awareness Month (NCSAM) focuses on accountability and responsibility within the information security space: “It’s Everyone’s...
ShadowTalk Update – 10.15.2018

ShadowTalk Update – 10.15.2018

October 15, 2018 | 3 Min Read

In ShadowTalk this week, Digital Shadows’ CISO Rick Holland, Richard Gold and Simon Hall join Rafael Amado to discuss the Hidden...
Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

October 11, 2018 | 5 Min Read

This week’s theme for National Cyber Security Awareness Month (NCSAM) is based around encouraging ‘students and others to seek highly...
Phishing Site Impersonates Financial Services Institution

Phishing Site Impersonates Financial Services Institution

October 10, 2018 | 3 Min Read

If the infamous bank robber, Willie Sutton, were alive today and honed his cyber skills, he might turn his attention...
33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy

33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy

October 9, 2018 | 4 Min Read

Last week, I wrote about how cybercriminals are looking to trade corporate emails in their pursuit of conducting Business Email...
ShadowTalk Update – 10.08.2018

ShadowTalk Update – 10.08.2018

October 8, 2018 | 3 Min Read

In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise, Pst!...
Business Email Compromise: When You Don’t Need to Phish

Business Email Compromise: When You Don’t Need to Phish

October 4, 2018 | 4 Min Read

According to the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since...
Cyber Security Awareness Month: Week 1 – Credential Hygiene

Cyber Security Awareness Month: Week 1 – Credential Hygiene

October 3, 2018 | 5 Min Read

It’s the opening week of the annual National Cyber Security Awareness Month (U.S.) and Cyber Security Month (Europe). While good...
Security Analyst Spotlight Series: Christian Rencken

Security Analyst Spotlight Series: Christian Rencken

October 2, 2018 | 5 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts provide relevant...
ShadowTalk Update – 10.01.2018

ShadowTalk Update – 10.01.2018

October 1, 2018 | 3 Min Read

Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the possible implications of Facebook security...
Cybercriminal Marketplaces: Olympus Has Fallen

Cybercriminal Marketplaces: Olympus Has Fallen

September 28, 2018 | 5 Min Read

The Olympus cybercriminal marketplace has been caught up in another PR disaster, with the owners reportedly conducting an exit scam...
Thedarkoverlord Out to KickAss and Cash Out Their Data

Thedarkoverlord Out to KickAss and Cash Out Their Data

September 27, 2018 | 5 Min Read

A user claiming to be the notorious darkoverlord extortionist threat actor has appeared on a dark web cybercriminal forum offering...
10 Things You Didn’t Know You Could Do with Shadow Search™

10 Things You Didn’t Know You Could Do with Shadow Search™

September 25, 2018 | 5 Min Read

You may have seen that we’ve recently released Shadow Search, a new tool that gives you immediate access to both...
ShadowTalk Update – 09.24.2018

ShadowTalk Update – 09.24.2018

September 24, 2018 | 3 Min Read

In ShadowTalk this week, Richard Gold, Simon Hall and Rafael Amado focus on the trade-offs between security and usability, as...
The 2017 FSB indictment and Mitre ATT&CK™

The 2017 FSB indictment and Mitre ATT&CK™

September 20, 2018 | 11 Min Read

On  February 28th, 2017 the US Department of Justice indicted a notorious hacker, Alexsey Belan, and his FSB (Russia’s internal...
Non-traditional State Actors: New Kids on the Block

Non-traditional State Actors: New Kids on the Block

September 18, 2018 | 5 Min Read

Cyber threat reporting sits at a dichotomy. On the one hand, much furor is made of the role of non-state...
ShadowTalk Update – 09.17.2018

ShadowTalk Update – 09.17.2018

September 17, 2018 | 2 Min Read

In this week’s ShadowTalk, Richard Gold and Simon Hall join Michael Marriott to discuss the latest spate of attacks by...
Airline Discovers Trove of Frequent Flyer Accounts Compromised and Posted for Sale Online

Airline Discovers Trove of Frequent Flyer Accounts Compromised and Posted for Sale Online

September 14, 2018 | 3 Min Read

Reward program fraud has been rising in recent years across the aviation industry as well as the entire transportation sector....
MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

September 13, 2018 | 18 Min Read

On 6th September the US Department of Justice (DOJ) unsealed an indictment against a North Korean regime-backed programmer who is...
GAO’s Equifax Post-mortem Report

GAO’s Equifax Post-mortem Report

September 11, 2018 | 5 Min Read

It’s common for the exciting and novel issues that confront security professionals on a daily basis to be hyped up....
ShadowTalk Update – 09.10.2018

ShadowTalk Update – 09.10.2018

September 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and Rafael Amado join Michael Marriott to discuss the latest Department of Justice complaint...
Sextortion – When Persistent Phishing Pays Off

Sextortion – When Persistent Phishing Pays Off

September 6, 2018 | 4 Min Read

You may have heard of a recent surge in sextortion-based phishing campaigns. These campaigns seek to extort victims by threatening...
Online Risks to Fortnite Users

Online Risks to Fortnite Users

September 4, 2018 | 5 Min Read

With an enticing array of viral dance moves, tough weekly challenges and fresh skins, people are going bananas for Fortnite....
ShadowTalk Update – 09.03.2018

ShadowTalk Update – 09.03.2018

September 3, 2018 | 3 Min Read

Not a week goes by without an example where credential stealing, credential reuse, or poor password practices contributed heavily to...
Security Analyst Spotlight Series: Heather Farnsworth

Security Analyst Spotlight Series: Heather Farnsworth

August 30, 2018 | 5 Min Read

Organizations rely on Digital Shadows to be an extension of their security team. Our global team of analysts provide relevant...
Understanding Threat Modelling

Understanding Threat Modelling

August 29, 2018 | 4 Min Read

What is a threat model? Threat modelling, as defined by OWASP, “works to identify, communicate, and understand threats and mitigations...
ShadowTalk Update – 08.27.2018

ShadowTalk Update – 08.27.2018

August 27, 2018 | 3 Min Read

With November’s U.S. midterm elections fast-approaching, we dive into the latest threats and discuss how organizations can understand the threat...
Online Cybercrime Courses: Back to School Season

Online Cybercrime Courses: Back to School Season

August 23, 2018 | 4 Min Read

It’s that time of year again. Summer is drawing to a close and retailers are making the most of the...
Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

August 22, 2018 | 12 Min Read

On August 1, 2018, the US Department of Justice unsealed an indictment against three members of the international cybercrime group...
ShadowTalk Update – 08.20.2018

ShadowTalk Update – 08.20.2018

August 20, 2018 | 3 Min Read

In this week’s ShadowTalk, we dig into ATM fraud. Digital Shadows’ Strategic Intelligence manager Rose Bernard joins Rafael Amado to...
Five Threats to Financial Services: Part Five, Hacktivism

Five Threats to Financial Services: Part Five, Hacktivism

August 15, 2018 | 5 Min Read

OK, so it’s not a sexy as insider threats, banking trojans, phishing campaigns or payment card fraud, but hacktivism is...
Five Threats to Financial Services: Part Four, Payment Card Fraud

Five Threats to Financial Services: Part Four, Payment Card Fraud

August 14, 2018 | 6 Min Read

Payment card information is the lifeblood of the cybercriminal ecosystem. In previous blogs in this series, we’ve focused on how...
ShadowTalk Update – 08.13.2018

ShadowTalk Update – 08.13.2018

August 13, 2018 | 3 Min Read

In this week’s ShadowTalk it’s all things phishing. Rose Bernard and Simon Hall join Rafael Amado to discuss the recent...
Digital Shadows Contributes to Insider Threat Research

Digital Shadows Contributes to Insider Threat Research

August 9, 2018 | 5 Min Read

On July 30, Forrester published its latest research report on malicious insiders, Defend Your Data As Insiders Monetize Their Access....
Five Threats to Financial Services: Phishing Campaigns

Five Threats to Financial Services: Phishing Campaigns

August 8, 2018 | 7 Min Read

In our last blog, we highlighted how banking trojans are a threat to banking customers and small businesses, normally delivered...
ShadowTalk Update – 08.06.2018

ShadowTalk Update – 08.06.2018

August 6, 2018 | 2 Min Read

In this week’s episode, JP Perez-Etchegoyen, CTO of Onapsis, joins Michael Marriott to talk about the exposure of SAP and...
FIN7: Arrests and Developments

FIN7: Arrests and Developments

August 2, 2018 | 6 Min Read

Three alleged members of FIN7 arrested On August 1st, 2018, the US Department of Justice filed criminal charges against three...
Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

August 1, 2018 | 3 Min Read

In my most recent blog post I discussed Digital Shadows’ Women’s Network and how it is helping us shape wider...
Security Spotlight Series: Dr. Richard Gold

Security Spotlight Series: Dr. Richard Gold

July 31, 2018 | 4 Min Read

Organizations rely on Digital Shadows to be an extension of their security team. Our global team provide the latest tooling,...
ShadowTalk Update – 07.30.2018

ShadowTalk Update – 07.30.2018

July 30, 2018 | 3 Min Read

Richard Gold and Rose Bernard join Michael Marriott to talked about updates to the Satori botnet, which has expanded to...
Black Hat USA 2018

Black Hat USA 2018

July 26, 2018 | 2 Min Read

Black Hat USA 2018 is quickly approaching! The conference, one of the world’s leading Information Security events, focuses on the...
Cyber Threats to ERP Applications: Threat Landscape

Cyber Threats to ERP Applications: Threat Landscape

July 24, 2018 | 4 Min Read

What are ERP Applications? Organizations rely on Enterprise Resource Planning (ERP) applications to support business processes. This includes payroll, treasury,...
ShadowTalk Update – 07.23.2018

ShadowTalk Update – 07.23.2018

July 23, 2018 | 3 Min Read

In this week’s ShadowTalk, we discuss the Robert Mueller indictment against 12 Russian individuals for alleged US election interference. However,...
Five Threats to Financial Services: Banking Trojans

Five Threats to Financial Services: Banking Trojans

July 19, 2018 | 5 Min Read

A couple of weeks ago, we learned about a new phishing campaign that delivered Trickbot in an attempt to harvest...
Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

July 17, 2018 | 10 Min Read

A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve...
Digital Risk Protection: Avoid Blind Spots with a More Complete Risk Picture

Digital Risk Protection: Avoid Blind Spots with a More Complete Risk Picture

July 17, 2018 | 5 Min Read

“Digital Shadows leads the pack for digital risk protection providers.” Digital Shadows’ customers have been telling us this for years,...
ShadowTalk Update – 07.16.2018

ShadowTalk Update – 07.16.2018

July 16, 2018 | 2 Min Read

In this week’s ShadowTalk, Digital Shadows’ Russian-speaking security specialist discovered files and source code allegedly related to the Carbanak organized...
Alleged Carbanak Files and Source Code Leaked: Digital Shadows’ Initial Findings

Alleged Carbanak Files and Source Code Leaked: Digital Shadows’ Initial Findings

July 11, 2018 | 6 Min Read

Digital Shadows’ Russian-speaking security team discovered a post from 6 July 2018 on exploit[.]in that provided files and source code...
Security Analyst Spotlight Series: Harrison Van Riper

Security Analyst Spotlight Series: Harrison Van Riper

July 10, 2018 | 6 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts provide relevant...
ShadowTalk Update – 07.09.2018

ShadowTalk Update – 07.09.2018

July 9, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and Simon Hall join Rafael Amado to discuss SSL (Secure Sockets Layer) interception, a...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface Reduction is a powerful tool used to protect and harden environments. It’s a...
ShadowTalk Update – 07.02.2018

ShadowTalk Update – 07.02.2018

July 2, 2018 | 3 Min Read

In this week’s ShadowTalk, following news that a database containing 340 million records has been publicly exposed to the internet,...
Diversity and Digital Shadows Women’s Network

Diversity and Digital Shadows Women’s Network

June 26, 2018 | 3 Min Read

If you haven’t already watched RBG – a movie about the incredible life of U.S. Supreme Court Justice Ruth Bader...
ShadowTalk Update – 06.25.2018

ShadowTalk Update – 06.25.2018

June 25, 2018 | 3 Min Read

In this week’s ShadowTalk, Simon Hall and Richard Gold join Michael Marriott to discuss the merits and perils of attribution,...
How Cybercriminals are Using Messaging Platforms

How Cybercriminals are Using Messaging Platforms

June 21, 2018 | 4 Min Read

Alternative Ways Criminals Transact Online: A Moving Target Last week, the cracking forum (specialized in tools for gaining unauthorized access...
Five Threats to Financial Services: Part One, Insiders

Five Threats to Financial Services: Part One, Insiders

June 19, 2018 | 5 Min Read

The sensitive and financial data held by banks and financial institutions, as well as their centrality to national infrastructure, makes...
ShadowTalk Update – 06.18.2018

ShadowTalk Update – 06.18.2018

June 18, 2018 | 3 Min Read

In ShadowTalk this week, Dr Richard Gold and Simon Hall join Rafael Amado to discuss misconceptions around vulnerabilities and exploits,...
Security Analyst Spotlight Series: Rafael Amado

Security Analyst Spotlight Series: Rafael Amado

June 14, 2018 | 9 Min Read

Organizations rely on Digital Shadows to be an extension of their security team. Our global team of analysts provide relevant...
How Cybercriminals are using Blockchain DNS: From the Market to the .Bazar

How Cybercriminals are using Blockchain DNS: From the Market to the .Bazar

June 12, 2018 | 5 Min Read

Since the takedowns of AlphaBay and Hansa in 2017, the cybercriminal community has been incorporating alternative technologies to improve both...
Shadow Talk Update – 06.11.2018

Shadow Talk Update – 06.11.2018

June 11, 2018 | 3 Min Read

In Shadow Talk this week, Dr Richard Gold joins us to discuss the issue of security debt, a term used...
Threats to the 2018 Football World Cup: Traditional Rules or a New Style of Play?

Threats to the 2018 Football World Cup: Traditional Rules or a New Style of Play?

June 7, 2018 | 7 Min Read

The tension and excitement that precedes all global sporting events is beginning to build towards the start of this year’s...
Market.ms: Heir to the AlphaBay and Hansa throne?

Market.ms: Heir to the AlphaBay and Hansa throne?

June 4, 2018 | 5 Min Read

It’s almost one year since the AlphaBay and Hansa dark web marketplace takedowns, also known as Operation Bayonet. Looking back,...
Shadow Talk Update – 06.04.2018

Shadow Talk Update – 06.04.2018

June 4, 2018 | 3 Min Read

In this week’s Shadow Talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998...
7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

May 30, 2018 | 5 Min Read

Lockpath’s Vice President of Development Tony Rock and I recently conducted a webinar titled “7 Ways the Digital Risk Revolution...
Shadow Talk Update – 05.29.2018

Shadow Talk Update – 05.29.2018

May 29, 2018 | 4 Min Read

The focus in this week’s Shadow Talk is on “VPNFilter”, a modular malware with disruptive functionalities has targeted more than...
Security Analyst Spotlight Series: Rose Bernard

Security Analyst Spotlight Series: Rose Bernard

May 23, 2018 | 5 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts...
A New Approach for Channel Security Consultants

A New Approach for Channel Security Consultants

May 22, 2018 | 5 Min Read

Old school security practices simply don’t fit the new IT environment.  Cloud computing, applications and distributed workforces have changed the...
Shadow Talk Update – 05.21.2018

Shadow Talk Update – 05.21.2018

May 21, 2018 | 3 Min Read

In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to...
Digital Shadows 7th Anniversary – A Look Back

Digital Shadows 7th Anniversary – A Look Back

May 16, 2018 | 4 Min Read

Today marks the 7th anniversary of Digital Shadows. As James and I looked back on the year, we were amazed...
Shadow Talk Update – 05.14.2018

Shadow Talk Update – 05.14.2018

May 14, 2018 | 3 Min Read

In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We...
Offsetting Dunbar by Developing Diversity

Offsetting Dunbar by Developing Diversity

May 8, 2018 | 2 Min Read

Some of you may be familiar with the Dunbar Number, 150, being the maximum amount of relationships one individual can...
Shadow Talk Update – 05.07.2018

Shadow Talk Update – 05.07.2018

May 7, 2018 | 3 Min Read

In this week’s episode Shadow Talk, it’s a vulnerability extravaganza. We cover malicious use of legitimate software, as APT28 is...
The Other Side of the Counter: DDoS, Social Engineering, Spambots and Insider Risks to Criminal Locations

The Other Side of the Counter: DDoS, Social Engineering, Spambots and Insider Risks to Criminal Locations

May 2, 2018 | 5 Min Read

An enduring characteristic of dark web marketplaces is how frequently they’re offline, often through denial of services attacks. While marketplace...
Shadow Talk Update – 04.30.2018

Shadow Talk Update – 04.30.2018

April 30, 2018 | 2 Min Read

In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in...
Digital Shadows Opens New State of the Art London Office in Canary Wharf

Digital Shadows Opens New State of the Art London Office in Canary Wharf

April 26, 2018 | 2 Min Read

When myself and James Chappell set the company up six years ago at a kitchen table in Camden, London, we...
Keys to the Kingdom: Exposed Security Assessments

Keys to the Kingdom: Exposed Security Assessments

April 24, 2018 | 4 Min Read

Organizations employ external consultants and suppliers to perform assessments and penetration tests that help to bolster their overall internal security....
Shadow Talk Update – 04.23.2018

Shadow Talk Update – 04.23.2018

April 23, 2018 | 3 Min Read

This week’s Shadow Talk discusses Russia’s attempts to ban the social messaging app, and also read between the lines of the joint US...
Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

April 18, 2018 | 4 Min Read

For organizations dealing with proprietary information or assets, one of the greatest concerns is the threat of competitors getting hold...
When There’s No Need to Hack: Exposed Personal Information

When There’s No Need to Hack: Exposed Personal Information

April 17, 2018 | 4 Min Read

With Equifax‘s breach of 145 million records still fresh in everyone’s memory and the recent Facebook data privacy controversy, protecting personal...
Shadow Talk Update – 04.16.2018

Shadow Talk Update – 04.16.2018

April 16, 2018 | 5 Min Read

This week’s Shadow Talk discusses a Cisco Smart Install Client flaw exploited in disruption attack, an information leak vulnerability discovered...
Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

April 12, 2018 | 5 Min Read

The recent assassination attempt on former Russian spy Sergey Skripal has led to a deluge of cyber-based conspiracy theories within...
Leveraging the 2018 Verizon Data Breach Investigations Report

Leveraging the 2018 Verizon Data Breach Investigations Report

April 10, 2018 | 5 Min Read

Today, the 11th edition of the Verizon Data Breach Investigations Report (DBIR) has been released. This year’s report includes 53,308...
Introducing Shadow Search – Quickly enable deeper research and investigation

Introducing Shadow Search – Quickly enable deeper research and investigation

April 10, 2018 | 5 Min Read

All enterprises face key challenges in their quest to protect their organization from cyber threats. One challenge I hear consistently...
Shadow Talk Update – 04.09.2018

Shadow Talk Update – 04.09.2018

April 9, 2018 | 4 Min Read

Back from the Easter break, this week’s Shadow Talk discusses what the re-emergence of WannaCry, exposure of Aggregate IQ data,...
One CISO’s Recommendations for Making the Most of RSA Conference Sessions

One CISO’s Recommendations for Making the Most of RSA Conference Sessions

April 9, 2018 | 6 Min Read

Last week, Enterprise Strategy Group (ESG) principal analyst, Jon Oltsik, wrote an article for CSO titled: “RSA Conference: CISOs’ top...
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

April 5, 2018 | 4 Min Read

Our recent report “Too Much Information”, discovered over 1.5 billion files from a host of services, including Amazon S3 buckets,...
Genesis Botnet: The Market Claiming to Sell Bots That Bypass Fingerprinting Controls

Genesis Botnet: The Market Claiming to Sell Bots That Bypass Fingerprinting Controls

April 3, 2018 | 4 Min Read

An emerging criminal market, Genesis store, provides more effective ways to impersonate a victim’s browser activity, focusing on individual bots...
RSA Conference 2018 – Digital Shadows

RSA Conference 2018 – Digital Shadows

March 28, 2018 | 2 Min Read

RSA Conference is almost here! This year’s conference theme is “Now Matters,” looking at the quick impact threats can have...
The Five Families: The Most Wanted Ransomware Groups

The Five Families: The Most Wanted Ransomware Groups

March 27, 2018 | 5 Min Read

Last week we presented a webinar on “Emerging Ransomware Threats and How to Protect Your Data”. Here we discussed the latest...
Shadow Talk Update – 03.26.2018

Shadow Talk Update – 03.26.2018

March 26, 2018 | 4 Min Read

This week’s Shadow Talk discusses what the Cambridge Analytica revelations mean for disinformation and personal privacy, updates to Trickbot, Zeus...
Pop-up Twitter Bots: The Shift to Opportunistic Targeting

Pop-up Twitter Bots: The Shift to Opportunistic Targeting

March 22, 2018 | 4 Min Read

Since the furor surrounding Russia’s alleged use of Twitter bots to influence the 2016 presidential election in the United States,...
Cyber Security as Public Health

Cyber Security as Public Health

March 21, 2018 | 4 Min Read

Public health, one of the great 20th century ideas, has many instructive lessons for cyber security in the 21st. Let’s...
Shadow Talk Update – 03.19.2018

Shadow Talk Update – 03.19.2018

March 19, 2018 | 5 Min Read

This week’s Shadow Talk features the latest techniques in tax return fraud, claimed vulnerabilities in AMD chips, Slingshot malware targeting Mikrotik...
Anonymous and the New Face of Hacktivism: What to Look Out For in 2018

Anonymous and the New Face of Hacktivism: What to Look Out For in 2018

March 13, 2018 | 6 Min Read

The Anonymous collective has been the face of activism since 2008. Since then, the group’s membership, operations, and structure have...
Shadow Talk Update – 03.12.2018

Shadow Talk Update – 03.12.2018

March 12, 2018 | 3 Min Read

This week’s Shadow Talk features more distributed denial of service (DDoS) attacks using Memcached servers, how disinformation is more than...
Ransomware in 2018: 4 Things to Look Out For

Ransomware in 2018: 4 Things to Look Out For

March 8, 2018 | 4 Min Read

Ransomware remains an active threat for organizations into 2018. Last year, large scale attacks like NotPetya and WCry wreaked havoc,...
Pressing For Progress This International Women’s Day

Pressing For Progress This International Women’s Day

March 8, 2018 | 3 Min Read

“Do you think you’re going to be able to handle working with all these men?” One of the few questions...
It’s Accrual World: Tax Return Fraud in 2018

It’s Accrual World: Tax Return Fraud in 2018

March 7, 2018 | 5 Min Read

With just over a month until Tax Deadline Day, individuals are scrambling to get their tax returns submitted. This is...
Shadow Talk Update – 03.05.2018

Shadow Talk Update – 03.05.2018

March 5, 2018 | 3 Min Read

On this week’s Shadow Talk podcast, the Research Team cover CVE-2018-4878 being used in a spam campaign, the HTTPS certificate...
The New Frontier: Forecasting Cryptocurrency Fraud

The New Frontier: Forecasting Cryptocurrency Fraud

March 1, 2018 | 6 Min Read

Not a week goes by without a new case of cryptocurrency fraud making headlines. The most recent example concerned the...
Protecting Your Brand: Return on Investment

Protecting Your Brand: Return on Investment

February 27, 2018 | 3 Min Read

Last week I was joined by Brett Millar, Director of Global Brand Protection for Fitbit, for a webinar on “Protecting...
Shadow Talk Update – 02.26.2018

Shadow Talk Update – 02.26.2018

February 26, 2018 | 3 Min Read

In this week’s podcast, the Digital Shadows Research Team discuss attacks against banks using the SWIFT network, business email compromise...
Threats to the Upcoming Italian Elections

Threats to the Upcoming Italian Elections

February 22, 2018 | 7 Min Read

On 5 March Italian citizens will vanno alle urne to vote in a general election, following the dissolution of the...
Prioritize to Avoid Security Nihilism

Prioritize to Avoid Security Nihilism

February 20, 2018 | 3 Min Read

In many situations associated with cyber security, in particular defending an organization, it is easy to get overwhelmed with not...
Shadow Talk Update – 02.19.2018

Shadow Talk Update – 02.19.2018

February 19, 2018 | 3 Min Read

In this week’s Shadow Talk podcast, the Digital Shadows Research Team analyses new activity from the Lazarus Group, attacks on...
Infraud Forum Indictment and Arrests: What it Means

Infraud Forum Indictment and Arrests: What it Means

February 15, 2018 | 7 Min Read

On 07 February 2018, the U.S. Department of Justice unveiled an indictment from 31 October 2017 against 36 individuals associated...
Cryptojacking: An Overview

Cryptojacking: An Overview

February 13, 2018 | 5 Min Read

What is Cryptojacking? Cryptojacking is the process of hijacking someone else’s browser to mine cryptocurrencies with their computer processing power....
Shadow Talk Update – 12.02.2018

Shadow Talk Update – 12.02.2018

February 12, 2018 | 4 Min Read

With the 2018 Winter Games beginning this week, the Digital Shadows Research Team focused on threats to those traveling to...
2017 Android malware in review: 4 key takeaways

2017 Android malware in review: 4 key takeaways

February 8, 2018 | 4 Min Read

Android mobile devices were an attractive target for malicious activity throughout 2017. The ubiquity of these devices, and the sensitive...
Phishing for Gold: Threats to the 2018 Winter Games

Phishing for Gold: Threats to the 2018 Winter Games

February 6, 2018 | 7 Min Read

Digital Shadows has been monitoring major sporting events since 2014, beginning with the Winter Olympics in Sochi, Russia, and then...
Shadow Talk Update – 02.05.2018

Shadow Talk Update – 02.05.2018

February 5, 2018 | 3 Min Read

In this week’s podcast episode of Shadow Talk, the Digital Shadows Research Team covered a range of activity. Here’s a quick...
Four Ways Criminals Are Exploiting Interest in Initial Coin Offerings

Four Ways Criminals Are Exploiting Interest in Initial Coin Offerings

February 1, 2018 | 5 Min Read

Initial Coin Offerings (ICOs) are a way of crowdfunding cryptocurrencies and cryptocurrency platforms. By the end of 2017, almost $4...
Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

January 30, 2018 | 7 Min Read

I am one of you. I have been in the marketing field for more than 20 years and have seen...
Shadow Talk Update – 01.29.2018

Shadow Talk Update – 01.29.2018

January 29, 2018 | 4 Min Read

In this week’s Shadow Talk podcast episode, the Digital Shadows Research Team covered a range of activity. Here’s a quick...
Data Privacy Day: 8 Key Recommendations for GDPR Readiness

Data Privacy Day: 8 Key Recommendations for GDPR Readiness

January 26, 2018 | 4 Min Read

This Sunday is Data Privacy Day, “an international effort held annually on January 28th to create awareness about the importance...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on SecurityWeek.com.  Vince Lombardi, one of the greatest coaches of all time said, “The achievements of...
Another Year Wiser: Key Dates to Look Out For In 2018

Another Year Wiser: Key Dates to Look Out For In 2018

January 10, 2018 | 4 Min Read

Early last year, we published a blog outlining the events of 2017 that were most likely to attract the attention...
Why All Companies, CEO, CFO, CLO, and Board of Directors Should Require Digital Risk Management to Mitigate Corporate Risk

Why All Companies, CEO, CFO, CLO, and Board of Directors Should Require Digital Risk Management to Mitigate Corporate Risk

January 10, 2018 | 5 Min Read

Cyber attacks on businesses are now weekly news as breaches of data are announced regularly. However, until recently many corporate...
Digital Shadows Launches Weekly Newsletter: “In the Shadows”

Digital Shadows Launches Weekly Newsletter: “In the Shadows”

January 8, 2018 | 2 Min Read

Digital Shadows has just launched a new research-led weekly newsletter, “In the Shadows”, and podcast, “Shadow Talk”. Both highlight key...
GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

January 4, 2018 | 3 Min Read

In 2010, reports emerged that the Information Commissioners’ Office (ICO) could now fine organizations up to £500,000 ($677,000) under the...
Meltdown and Spectre: The Story So Far

Meltdown and Spectre: The Story So Far

January 4, 2018 | 5 Min Read

On Wednesday, rumors surfaced that there were vulnerabilities in the majority of microprocessors, which would allow attackers to access system...
What Attackers Want for Christmas

What Attackers Want for Christmas

December 22, 2017 | 4 Min Read

Our guest author Krampus has a special blog post for the Team with the festive Red colours: Christmas lists are...
OL1MP: A Telegram Bot Making Carding Made Easy This Holiday Season

OL1MP: A Telegram Bot Making Carding Made Easy This Holiday Season

December 21, 2017 | 3 Min Read

Back in July, we published our research on the carding ecosystem, specifically on an online course that teaches carders how...
‘Tis The Season To Do Predictions – The 2018 Cybersecurity Landscape

‘Tis The Season To Do Predictions – The 2018 Cybersecurity Landscape

December 18, 2017 | 3 Min Read

This post originally appeared on Huffington Post. Every year around this time all the security businesses and analysts leap for...
Why I Joined Digital Shadows: Product, Culture and Opportunity

Why I Joined Digital Shadows: Product, Culture and Opportunity

December 13, 2017 | 2 Min Read

Making the decision to join Digital Shadows was actually a relatively straight forward decision for me, as it was impossible...
A New CISO Looking to See How Deep the Rabbit Hole Goes

A New CISO Looking to See How Deep the Rabbit Hole Goes

December 12, 2017 | 2 Min Read

Well it is official, I’m now the Chief Information Security Officer here at Digital Shadows. It has been while since...
Digital Shadows’ Most Popular Blogs of 2017: Analysis of Competing Hypotheses For The Win

Digital Shadows’ Most Popular Blogs of 2017: Analysis of Competing Hypotheses For The Win

December 12, 2017 | 3 Min Read

This time last year, we looked back at the blogs that caught our readers’ attention the most. In 2016, it...
Meet the New Digitalshadows.com

Meet the New Digitalshadows.com

November 29, 2017 | 2 Min Read

This morning we launched the new Digital Shadows website. Our main goal of creating this new website was to make...
Risks to Retail: Cybercriminals Sharing the Joy This Holiday Season

Risks to Retail: Cybercriminals Sharing the Joy This Holiday Season

November 21, 2017 | 3 Min Read

Despite some early deals, Black Friday officially begins on 24th November, kick-starting over a month of consumer spending over the holiday...
GDPR – Not Just a European Concern

GDPR – Not Just a European Concern

November 20, 2017 | 6 Min Read

This post originally appeared on SecurityWeek. The recent Equifax breach that has been all over the news raises an interesting question:...
Fake News is More Than a Political Battlecry

Fake News is More Than a Political Battlecry

November 16, 2017 | 3 Min Read

This week, British Prime Minister Theresa May came out and attacked Russia’s attempt to “weaponize information” in hostile actions against western states....
Why “Have a Safe Trip” Is Taking On Greater Meaning

Why “Have a Safe Trip” Is Taking On Greater Meaning

November 14, 2017 | 5 Min Read

This post originally appeared on SecurityWeek. Have a safe trip! Typically, when we wish someone well before they leave on a...
Know Where to Find Your Digital Risk

Know Where to Find Your Digital Risk

November 10, 2017 | 4 Min Read

This post originally appeared on SecurityWeek. Read more from CEO Alastair Paterson. Approximately 250 years ago Samuel Johnson said, “The next...
Pwnage to Catalonia: Five Things We Know About OpCatalunya

Pwnage to Catalonia: Five Things We Know About OpCatalunya

November 2, 2017 | 5 Min Read

Since October 24th, Digital Shadows has observed an increase in attack claims and social media activity associated with the OpCatalunya...
ICS Security: Strawmen In the Power Station

ICS Security: Strawmen In the Power Station

October 31, 2017 | 5 Min Read

Congrats, it is now almost November and we have nearly made it through Cyber Security Awareness month (and what a...
Extorters Going to Extort: This Time Other Criminals Are the Victims

Extorters Going to Extort: This Time Other Criminals Are the Victims

October 26, 2017 | 3 Min Read

We are increasingly used to the tactic of extorting a company through the threat actor publicly releasing data. The recent...
Women in Security: Where We Are And Where We Need To Go

Women in Security: Where We Are And Where We Need To Go

October 25, 2017 | 7 Min Read

Ada Lovelace, Grace Hopper, Katherine Johnson, Radia Perlman—some of history’s greatest technical minds have been women. However, since the mid-1980s, there...
Trust vs Access: A Tale of Two Vulnerability Classes

Trust vs Access: A Tale of Two Vulnerability Classes

October 20, 2017 | 5 Min Read

It’s been a big week in cyberspace, with high profile crypto vulnerabilities KRACK (affecting WPA2) and ROCA (affecting RSA keys generated by Infineon hardware)...
Key Reinstallation Attacks (KRACK): The Impact So Far

Key Reinstallation Attacks (KRACK): The Impact So Far

October 16, 2017 | 4 Min Read

Today, a series of high-severity vulnerabilities affecting the WiFi Protected Access II (WPA2) protocol were disclosed. Security researchers have developed...
Simply Put, Effective Cybersecurity is the Strength Sum of Its Parts

Simply Put, Effective Cybersecurity is the Strength Sum of Its Parts

October 11, 2017 | 2 Min Read

Today’s cybersecurity landscape, dominated as it is by professional threat actors, state sponsored attackers and hacktivists, requires a more consistent...
Simple Steps to Online Safety

Simple Steps to Online Safety

October 5, 2017 | 4 Min Read

On the heels of some very high-profile and disturbing data breaches, this year’s Cyber Security Awareness Month is timely. This...
Gearing Up For National Cyber Security Awareness Month

Gearing Up For National Cyber Security Awareness Month

October 3, 2017 | 4 Min Read

I’m going to go out on a limb and say that I’m probably not the only one that’s pleased to...
2017 Equifax Breach: Impact and Lessons Learned

2017 Equifax Breach: Impact and Lessons Learned

September 28, 2017 | 3 Min Read

Equifax experienced a data breach that occurred in mid-May 2017, was first discovered on 29 Jul 2017, and was publicly...
PowerShell Security Best Practices

PowerShell Security Best Practices

October 8, 2019 | 9 Min Read

Updated as of October 8, 2019 Threat actors have long since used legitimate tools to infiltrate and laterally move across...
Recognition of Hard Work and Relevance – It’s Time to Go Global

Recognition of Hard Work and Relevance – It’s Time to Go Global

September 20, 2017 | 3 Min Read

The news this morning that Digital Shadows has received $26 million in Series C funding from a number of new investors is...
Bringing Down the Wahl: Three Threats to the German Federal Election

Bringing Down the Wahl: Three Threats to the German Federal Election

September 14, 2017 | 7 Min Read

Hacking has become the boogie man of political election discourse. In Kenya, the recent presidential election result was forcibly annulled...
An Update on the Equifax Data Breach

An Update on the Equifax Data Breach

September 13, 2017 | 8 Min Read

The credit reporting agency Equifax reported on September 7th, that it had been breached. On Friday, we outlined what we knew...
Equifax Breach: The Impact For Enterprises and Consumers

Equifax Breach: The Impact For Enterprises and Consumers

September 8, 2017 | 9 Min Read

What we know about the Equifax breach On September 7th, credit reporting agency Equifax announced “a cybersecurity incident potentially impacting...
Return of the Worm: A Red Hat Analysis

Return of the Worm: A Red Hat Analysis

September 7, 2017 | 4 Min Read

A computer worm is a piece of malware that is designed to replicate itself in order to spread to other...
Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might be Affected and What You Can Do About It

Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might be Affected and What You Can Do About It

September 6, 2017 | 5 Min Read

Whether it was the Mirai botnet and Dyn or the “Cloudbleed” revelations, content delivery networks (CDNs) have been in the...
Bitglass: Compromised Credentials are Just One Way Your Corporate Data is Being Exposed

Bitglass: Compromised Credentials are Just One Way Your Corporate Data is Being Exposed

August 18, 2017 | 2 Min Read

A guest blog from Bitglass, read the original at https://www.bitglass.com/blog/datawatch-beware-of-careless-insiders  Every day, employees around the world use the cloud to perform...
Fluctuation in the Exploit Kit Market – Temporary Blip or Long-Term Trend?

Fluctuation in the Exploit Kit Market – Temporary Blip or Long-Term Trend?

August 16, 2017 | 5 Min Read

Exploit kit activity is waning. Collectively these malware distribution tools used to be a prominent method of infection. They rely...
All That Twitterz Is Not Gold: Why You Need to Rely on Multiple Sources of Intelligence

All That Twitterz Is Not Gold: Why You Need to Rely on Multiple Sources of Intelligence

August 9, 2017 | 3 Min Read

Twitter has become an extremely valuable tool for security researchers; experts including Kevin Beaumont and PwnAllTheThings frequently post research findings...
Cybercrime Finds a Way, the Limited Impact of AlphaBay and Hansa’s Demise

Cybercrime Finds a Way, the Limited Impact of AlphaBay and Hansa’s Demise

August 7, 2017 | 5 Min Read

The law enforcement operations that took down the AlphaBay and Hansa marketplaces were meant to strike a sizable blow to...
Reading Your Texts For Fun and Profit – How Criminals Subvert SMS-Based MFA

Reading Your Texts For Fun and Profit – How Criminals Subvert SMS-Based MFA

August 1, 2017 | 4 Min Read

Why Multi Factor? Read almost any cyber security related news and you will start to see why using a password...
What is a Threat Model, and Why Organizations Should Care

What is a Threat Model, and Why Organizations Should Care

July 31, 2017 | 4 Min Read

Many organizations are exquisitely aware that they are the target of a wide-range of cyber-attacks: from targeted intrusions to mere...
Fraudsters Scoring Big – an Inside Look at the Carding Ecosystem

Fraudsters Scoring Big – an Inside Look at the Carding Ecosystem

July 18, 2017 | 3 Min Read

In season two of the Netflix series Narcos, Pablo Escobar points out that: “I’m not a rich person. I’m a...
The Future of Marketplaces: Forecasting the Decentralized Model

The Future of Marketplaces: Forecasting the Decentralized Model

July 17, 2017 | 4 Min Read

Last week we wrote about the disappearance of AlphaBay dark web marketplace and assessed three potential scenarios to look out...
AlphaBay Disappears: 3 Scenarios to Look For Next

AlphaBay Disappears: 3 Scenarios to Look For Next

July 14, 2017 | 6 Min Read

The AlphaBay dark web marketplace has been inaccessible since 05 Jul 2017. With no substantive explanation from the site’s owners,...
Threat Led Penetration Testing – The Past, Present and Future

Threat Led Penetration Testing – The Past, Present and Future

July 10, 2017 | 5 Min Read

What is Threat Led Penetration Testing? Threat led penetration testing is, in essence, using threat intelligence to emulate the tactics,...
Petya-Like Wormable Malware: The “Who” and the “Why”

Petya-Like Wormable Malware: The “Who” and the “Why”

June 30, 2017 | 7 Min Read

Late on 27 June, the New York Times reported that a number of Ukrainian banks and Ukrenergo, the Ukrainian state...
Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

June 23, 2017 | 5 Min Read

Reporting on intrusions or attacks often dwells on the method that the attackers used to breach the defenses of a...
Threats From the Dark Web

Threats From the Dark Web

June 26, 2017 | 5 Min Read

Despite the hype associated with the dark web, maintaining visibility into it is an important component of a comprehensive digital...
WannaCry: An Analysis of Competing Hypotheses – Part II

WannaCry: An Analysis of Competing Hypotheses – Part II

June 7, 2017 | 7 Min Read

Following the furore of last month’s WannaCry ransomware attacks, Digital Shadows produced an Analysis of Competing Hypotheses (ACH) table to...
7 Tips for Protecting Against Account Takeovers

7 Tips for Protecting Against Account Takeovers

May 22, 2017 | 3 Min Read

In May 2017, an amalgamation of over 1 billion credentials was uploaded to the Have I Been Pwned database. One...
WannaCry: An Analysis of Competing Hypotheses

WannaCry: An Analysis of Competing Hypotheses

May 18, 2017 | 6 Min Read

On 12 May 2017, as the WannaCry ransomware spread across computer networks across the world, a variety of explanations also...
Digital Shadows’ 6th Anniversary

Digital Shadows’ 6th Anniversary

May 16, 2017 | 5 Min Read

It’s amazing to think that the idea James and I began working on from a kitchen table in London in...
5 Lessons from WannaCry: Preventing Attacks with Security Engineering

5 Lessons from WannaCry: Preventing Attacks with Security Engineering

May 16, 2017 | 5 Min Read

With the recent news storm concerning the “WannaCry” ransomware worm, a great deal of mitigation advice has been provided. This...
WannaCry: The Early 2000s Called, They Want Their Worms Back

WannaCry: The Early 2000s Called, They Want Their Worms Back

May 12, 2017 | 3 Min Read

Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen...
Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past several years, and there seems to be little question among leading practitioners...
The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage,...
The Usual Suspects: Understanding the Nuances of Actors’ Motivations and Capabilities

The Usual Suspects: Understanding the Nuances of Actors’ Motivations and Capabilities

April 21, 2017 | 3 Min Read

When it comes to their adversaries, organizations can still fall into the trap of focusing on the ‘usual suspects’. At...
Liberté, égalité, securité: 4 Threats to the French Presidential Election

Liberté, égalité, securité: 4 Threats to the French Presidential Election

April 20, 2017 | 5 Min Read

French citizens will take to the polls on April 23rd to vote for a new president. If, as expected, no...
The 3 Pillars of Digital Risk Management: Part 2 – The 6 Main Areas That Contribute to Data Leakage Risks

The 3 Pillars of Digital Risk Management: Part 2 – The 6 Main Areas That Contribute to Data Leakage Risks

April 18, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage,...
The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National Institute of Standards and Technology (NIST) defines the field of risk management as:...
All Sources Are Not the Same; Why Diversity Is Good for Intelligence

All Sources Are Not the Same; Why Diversity Is Good for Intelligence

April 11, 2017 | 3 Min Read

As we all know, if you listen to just one side of the story, very often you don’t get the...
Monitoring the Mobile Threat Landscape

Monitoring the Mobile Threat Landscape

April 4, 2017 | 4 Min Read

The UK’s National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) released a joint paper on the cyber...
OpIsrael Hacktivists Targeted By Unknown Threat Actor

OpIsrael Hacktivists Targeted By Unknown Threat Actor

March 30, 2017 | 3 Min Read

Ideologically-motivated “hacktivist” actors can present a variety of threats to organizations from defacements, to denial of service attacks and sometimes...
Turk Hack Team and the “Netherlands Operation”

Turk Hack Team and the “Netherlands Operation”

March 29, 2017 | 4 Min Read

Since mid-March, Turk Hack Team have been participating in a new campaign called “Netherlands Operation”, announced via their official Twitter...
Tax Fraud in 2017

Tax Fraud in 2017

March 27, 2017 | 4 Min Read

The IRS recently released an alert that warned tax professionals and taxpayers to be wary of last minute email scams....
Dutch Elections – Looking Back at Cyber Activity

Dutch Elections – Looking Back at Cyber Activity

March 21, 2017 | 3 Min Read

Last week, I wrote about the potential threats to the Dutch national election. But what actually happened? On 14 March...
Five Reasons Why Alex Seton VP of Business and Corporate Development, Joined Digital Shadows

Five Reasons Why Alex Seton VP of Business and Corporate Development, Joined Digital Shadows

March 21, 2017 | 3 Min Read

What a great feeling to find a company that cuts through today’s noisy and crowded security market to address an...
5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

March 14, 2017 | 2 Min Read

Organizations face a wide range of risks online, including cyber threats, data leakage and reputational damage. (You can learn more...
Back to the red pencil – Cyber threats to the Dutch elections

Back to the red pencil – Cyber threats to the Dutch elections

March 13, 2017 | 5 Min Read

Over the weekend, media reports surfaced about the fears of Russian interference in UK elections, with GCHQ reportedly warning political...
Learning from the Top Threats Financial Services Faced in 2016

Learning from the Top Threats Financial Services Faced in 2016

March 8, 2017 | 2 Min Read

Organizations operating within the financial services industry represent an attractive target for threat actors. Here’s three types of threat facing...
New “Blaze” exploit kit claims to exploit recent Cisco WebEx vulnerability

New “Blaze” exploit kit claims to exploit recent Cisco WebEx vulnerability

March 2, 2017 | 4 Min Read

A previously undetected exploit kit has been offered for sale on the clear web forum HackForums since February 8, 2017...
Step by Step: The Changing Face of Threat Led Penetration Testing

Step by Step: The Changing Face of Threat Led Penetration Testing

February 28, 2017 | 4 Min Read

Organizations are increasingly adopting the threat led approach to penetration testing. This approach essentially advances the boundaries of conventional penetration...
Sun to Set on BEPS/Sundown Exploit Kit?

Sun to Set on BEPS/Sundown Exploit Kit?

February 22, 2017 | 4 Min Read

On February 13, 2017, the security researcher David Montenegro (@CryptoInsane) posted a series of tweets claiming that the source code...
Four Things to Look Out for This Valentine’s Day

Four Things to Look Out for This Valentine’s Day

February 14, 2017 | 4 Min Read

Consumers are increasingly moving to the Internet for their holiday purchases—and Valentine’s Day is no exception. According to the National...
An unusually Swift(tay) malware delivery tactic

An unusually Swift(tay) malware delivery tactic

February 9, 2017 | 5 Min Read

While doing some background research into recent reporting by Dr Web on a newly identified version of Mirai, we made...
F3EAD: Find, Fix, Finish, Exploit, Analyze and Disseminate – The Alternative Intelligence Cycle

F3EAD: Find, Fix, Finish, Exploit, Analyze and Disseminate – The Alternative Intelligence Cycle

February 8, 2017 | 4 Min Read

The F3EAD cycle (Find, Fix Finish, Exploit, Analyze and Disseminate) is an alternative intelligence cycle commonly used within Western militaries...
How the Frenzy Unfolded: Analyzing Various Mongo Extortion Campaigns

How the Frenzy Unfolded: Analyzing Various Mongo Extortion Campaigns

February 7, 2017 | 4 Min Read

The MongoDB “ransom” pandemic, which has been in the spotlight for the best part of a month, still appears to...
Ready for the Blitz: Assessing the Threats to Super Bowl LI

Ready for the Blitz: Assessing the Threats to Super Bowl LI

February 2, 2017 | 4 Min Read

Like any major event, Super Bowl LI brings with it the heightened risk of malicious cyber activity. The lead up...
Making Cents of ATM Malware Campaigns – Comparing and Contrasting Operational Methodologies

Making Cents of ATM Malware Campaigns – Comparing and Contrasting Operational Methodologies

January 30, 2017 | 4 Min Read

Throughout 2016 some of the most notable reporting on criminal activity targeting the financial sector related to the use of...
Dial “M” for malware: Two-factor scamming

Dial “M” for malware: Two-factor scamming

January 26, 2017 | 4 Min Read

Adversaries are developing new ways of attacking you using old forms of communication. Make sure your communication of this issue...
Innovation in The Underworld: Reducing the Risk of Ripper Fraud

Innovation in The Underworld: Reducing the Risk of Ripper Fraud

January 23, 2017 | 7 Min Read

Reputation is incredibly important for business. This also applies to cyber criminals who buy and sell goods and services in...
Known Unknowns: Key Events to Keep Your Eyes Out for in 2017

Known Unknowns: Key Events to Keep Your Eyes Out for in 2017

January 19, 2017 | 3 Min Read

On Friday, millions will tune in to see Donald Trump inaugurated as the President of the United States. This will...
Two Ways to Effectively Tailor Your Intelligence Products

Two Ways to Effectively Tailor Your Intelligence Products

January 17, 2017 | 4 Min Read

In my previous blog, “Trump and Intelligence: 6 ways to deal with challenging intelligence consumers,” I focused on six ways...
All You Can Delete MongoDB Buffet

All You Can Delete MongoDB Buffet

January 12, 2017 | 4 Min Read

A number of extortion actors were detected accessing unauthenticated MongoDB installations and replacing their contents with a ransom note, usually...
10 Ways You Can Prepare for DDoS Attacks in 2017

10 Ways You Can Prepare for DDoS Attacks in 2017

January 11, 2017 | 1 Min Read

At the end of last month, we published a paper that forecasted the DDoS landscape for 2017. By using the...
Trump and Intelligence: 6 Ways To Deal With Challenging Intelligence Consumers

Trump and Intelligence: 6 Ways To Deal With Challenging Intelligence Consumers

January 4, 2017 | 4 Min Read

It is no secret the President Elect Trump is skeptical of the Intelligence Community (IC). He has openly questioned Russia/US...
Mirai: A Turning Point For Hacktivism?

Mirai: A Turning Point For Hacktivism?

December 16, 2016 | 5 Min Read

A “digital nuclear attack”. A “zombie apocalypse”. “The end of history. “ Much has been made of Mirai, the recently...
Coming to a Country Near You? The Rapid Development of The TrickBot Trojan

Coming to a Country Near You? The Rapid Development of The TrickBot Trojan

December 16, 2016 | 4 Min Read

Since the discovery of TrickBot in September 2016, its operators have continued to develop the malware to include the targeting...
Crowdsourced DDoS Extortion – A Worrying Development?

Crowdsourced DDoS Extortion – A Worrying Development?

December 13, 2016 | 3 Min Read

We all know about DDoS extortion – the process is straightforward. Contact the company, threaten to launch a crippling DDoS...
You Should Consider Forecasts, Not Predictions

You Should Consider Forecasts, Not Predictions

December 9, 2016 | 4 Min Read

Well it’s that time of year again. Sorry, not the Lexus December to Remember Sales Event (don’t you just love those commercials),...
The Top Three Most Popular Blogs of 2016

The Top Three Most Popular Blogs of 2016

December 8, 2016 | 2 Min Read

It’s been a great year for the Digital Shadows blog, we started it off winning the “Best New Security Blog...
A Model of Success: Anticipating Your Attackers’ Moves

A Model of Success: Anticipating Your Attackers’ Moves

December 1, 2016 | 4 Min Read

In a previous blog, we discussed the role of planning in offensive operations and the power that effective planning affords...
Windows Shopping: 7 Threats To Look Out For This Holiday Season

Windows Shopping: 7 Threats To Look Out For This Holiday Season

November 23, 2016 | 5 Min Read

Thanksgiving, Black Friday, Cyber Monday, Christmas. There’s a lot of shopping to be done between now and the end of...
Ransomware-as-a-service: The Business Case

Ransomware-as-a-service: The Business Case

November 22, 2016 | 4 Min Read

It can be tempting to dismiss cybercriminal activity as merely the workings of opportunistic actors looking to make a fast...
Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident

Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident

November 11, 2016 | 5 Min Read

On November 6, 2016 multiple UK media outlets reported that the UK-based Tesco Bank had informed approximately 40,000 customers that...
Top 5 Threats to the Media and Broadcasting Industry

Top 5 Threats to the Media and Broadcasting Industry

November 11, 2016 | 3 Min Read

For media and broadcasting organizations, the threat of having their websites forced offline is a significant one. We looked beyond DDoS...
Surveying the Criminal Market

Surveying the Criminal Market

November 8, 2016 | 3 Min Read

It’s no secret your personal information and data is valuable to cybercriminals, but is there more of a market for...
Overexposed and Under-Prepared; The Risks of Oversharing Online

Overexposed and Under-Prepared; The Risks of Oversharing Online

November 8, 2016 | 4 Min Read

I have a confession to make. I know where you live. I also know who you’re married to and the...
Five Tips For Better Email Security

Five Tips For Better Email Security

November 8, 2016 | 4 Min Read

While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide...
Resilience: Adapt or Fail

Resilience: Adapt or Fail

October 28, 2016 | 5 Min Read

“But it ain’t how hard you hit; it’s about how hard you can get hit, and keep moving forward.”- Words...
Anonymous Poland – Not Your Typical Hacktivist Group

Anonymous Poland – Not Your Typical Hacktivist Group

October 28, 2016 | 4 Min Read

On October 29, 2016 a Twitter account associated with Anonymous Poland began to post tweets claiming to have compromised the...
Don’t Break the Internet, Fix Your Smart Devices

Don’t Break the Internet, Fix Your Smart Devices

October 25, 2016 | 4 Min Read

The Distributed Denial of Service (DDoS) attack, which targeted DynDNS servers, and literally ‘broke the internet’ for several hours on...