All Posts

Show
The Ecosystem of Phishing: From Minnows to Marlins
February 20, 2020 read more

Towards a(nother) new model of attribution

July 21, 2016

Actor attribution is a common issue and activity within the world of cybersecurity. At its core, the actor attribution process …

read more

5 Key Lessons From The FDIC’s Breach Disclosure Debacle

July 18, 2016

Last week, the United States House Science, Space and Technology Committee released the scathing results of the committee’s investigations into …

read more

Open Source Intelligence versus Web Search: What’s The Difference?

July 11, 2016

“I can get that from Google!” – is a common phrase that has been directed at me during my time …

read more

Three Tactics Behind Cyber Extortion

July 11, 2016

As explained in a previous blog, extortion is not new – it’s now just been applied to the digital world …

read more

Modern crimeware campaigns – two bytes of the cherry

July 5, 2016

To a Columbian drug lord, the most valuable commodity is probably cocaine. To many financially motivated cybercriminals, the most valuable …

read more

10 ways to prepare for credential leak incidents

June 30, 2016

From LinkedIn to MySpace, threat actors like Peace of Mind and Tessa88 have been selling credentials in various criminal dark …

read more

Recycling, bad for your environment!

June 27, 2016

The news is constantly flooded with yet another breach of a high profile vendor. Perhaps the biggest and most publicized …

read more

The philosophical difference between the Old and New Schools of the cybercriminal underground

June 27, 2016

I would recommend that anyone interested in the serious study of criminal activity on the dark web should pick up …

read more

Spidey-sense for the people

June 23, 2016

If you liked Marvel’s SpiderMan then you will recognize the special Spidey-sense skill that Peter Parker possessed. The skill refers …

read more

Forecasting the implications for cybersecurity in Britain after Thursday’s referendum

June 21, 2016

On Thursday, the United Kingdom goes to the polls to vote on one of the most important and contentious referendums …

read more

Shining a light on the dark web

June 21, 2016

The dark web receives more than its fair share of media coverage pertaining to cyber crime. But, amid all of …

read more

Standoff in cyberspace

June 17, 2016

In physical security terminology, standoff is the term used to refer to the physical distance between a defender and a …

read more

OPSEC versus branding – the cyber criminal’s dilemma

June 17, 2016

Like any business, cybercriminals offering criminal services need to develop and maintain a brand and reputation in order to attract …

read more

“Hidden” TeamViewer service advertised on criminal forum

June 17, 2016

Over the last few weeks, there have been a number of reports of attacks using the remote desktop control software …

read more

Your money or your data: Keeping up-to-date with the innovation

June 17, 2016

DDoS extortion and ransomware attacks have featured heavily in the headlines recently. But the practice of obtaining money through threats …

read more

Inconsistencies in Intelligence Collection

June 17, 2016

Amid the rising talk of “intelligence” within the security industry, the concept of intelligence collection has gained traction. However, I’ve …

read more

Are you at risk from business email compromise?

June 6, 2016

Business email compromises (BEC) are on the rise. When I was at Forrester Research, I typically didn’t go more than …

read more

Hacktivism: same old, same old?

June 3, 2016

Cyber activists, or hacktivists, have become a firmly fixed element of the threat landscape since groups like Anonymous, Lulzsec, and …

read more

Building an Intelligence Capability: Agility, Creativity and Diversity

June 2, 2016

The Internet is a big old place, full of disparate – and often contradictory – data in various languages, formats and …

read more

The OPSEC Opportunity

May 31, 2016

Operations Security (OPSEC) has long been a key tactic used by commercial and military organizations to protect their privacy and …

read more

Are you certain you know what risk means?

May 31, 2016

You’re the person in charge of safety on the Titanic. The designers have told you that this state-of-the-art ship is …

read more

Data breaches targeting financial services: 2016 so far

May 26, 2016

It’s been a busy year for data breaches relating to financial services organizations – we’ve identified claims of breaches for 10 …

read more

The Plan is Mightier than the Sword – Re(sources)

May 24, 2016

After having discussed the importance of planning and persistence in APTs, it is important to conclude by considering the significance …

read more

The Plan is Mightier than the Sword – Persistence

May 24, 2016

In the last blog post, I talked about the requirement for planning as part of an APT. Another requirement is …

read more

The Plan is Mightier than the Sword – Planning

May 24, 2016

Media reports of breaches against major corporations or government agencies typically follow a familiar narrative of “sophisticated” attackers deploying a …

read more