Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores
Michael Marriott
Read More From Michael Marriott
September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS keys leaked by a developer on GitHub. While this can cause damaging headlines for the company, fortunately GitHub responded and can now automatically invalidate these API keys when they wind up on public repositories. 

This is great, but limited by two critical factors:

  1. GitHub does not monitor for all API key and secret types, and specifically it does not extend to a number of database stores
  2. This type of monitoring does not help if these keys are exposed across other code repositories or paste sites 

Over a 30-day period, we scanned more than 150 million entities from GitHub, GitLab, and Pastebin. During this time, our technology assessed and categorized almost 800,000 access keys and secrets. What did we find? More than 40% of these were for database stores – the majority not covered by GitHub.

What Leaked Access Keys Matter

Typically, when we think of credentials, the first thing that comes to mind is a username and password widely used by people and other systems to authenticate to systems. But in software, there’s an additional type of security credential – an access key. Access keys can be public or private and, depending on the type of services, provide system authentication to third party or internal systems. Access keys often have broader access than individuals and fewer checks/restrictions on their usage.

Unfortunately, these access keys can be exposed by internal software developers or contractors, who may have not noticed a repository’s settings have changed to public. Indeed, this was the case with recent headlines made by Starbucks and AWS. This is a relatively common occurrence; previous research from North Carolina State University discovered that over 100,000 GitHub repos have leaked API or cryptographic keys.

The misuse of these keys is not hypothetical. Last year, Imperva outlined how a breach resulted by stealing an AWS API key. More recently, in August, researchers discovered malware stealing AWS credentials for the purpose of crypto-mining. 

Hunting for Exposed Keys

Most analyses of exposed access keys have focused on GitHub, and for good reason. There’s an enormous amount of data and leaks we see. However, for this research, we also looked across GitLab and Pastebin to provide a more comprehensive idea of how often keys get exposed. Over a thirty-day period (9th August – 8th September 2020), we searched across approximately 150 million entities across GitHub, GitLab, and Pastebin.

Of the 800,000 access keys assessed in this time period (which included both our historical archive and new commits), we  broke down the 20 key types into four categories: databases, online services, cloud providers, and SSH keys. The breakdown of the number of keys is provided in Figure 1. 

Common types of keys exposed
Figure 1: Most common types of keys exposed 

Database Stores

The potential impact of exposed access keys is most obvious when we consider database stores. If exposed, these types of credentials could allow unauthorized access to company data (including PII) with the permission to expose, destroy or manipulate company data. 

For many years we have witnessed the targeting of MongoDB as part of ransomware campaigns (most recently there were 22,900 MongoDB instances held to ransom). 

But the impacts extend beyond this tactic. Depending on the nature of the data, such unauthorized access could have regulatory consequences, disrupt business critical systems, and damage the reputation of the organization.

We searched for 8 types of API credentials for the following databases: IBM DB2, Microsoft SQL Server, MongoDB, MySQL, Oracle DB, PostgreSQL, RabbitMQ, and Redis. In total, we discovered 129,550 credentials for these 8 database stores, with Redis (37.2%), MySQL (23.8%), and MongoDB (19.3%) the most common.

Database type
Figure 2: A breakdown of the most common type of exposed database store credential

Cloud Providers

The second area outlined in this research focused an analysis of almost 300,000 keys across four types of cloud providers: AWS, Azure storage, Azure SAS, and Google Cloud. 

Successful authentication into these types of environments could allow access to the associated cloud infrastructure, with permission to expose, destroy and/or manipulate sensitive data. The data accessible depends on the services used and could include company information or and internal systems information. Theft of this type of information can be highly valuable for cybercriminals. Furthermore, as we have seen with the recent targeting of AWS keys for crypto mining purposes, there are many ways to monetize this type of access.

Keys exposed for cloud providers
Figure 3: Keys exposed for cloud providers

Online Services

The research focused on the following key types for online services: Google OAuth ID, Mailgun, Microsoft Nuget, Slack (Bot Token, User Token, and Webhook URL), and Stripe. Google OAuth was the clear majority, with 95% of the instances.This is somewhat concerning, given that this can be used to obtain permission from users to store files in their Google Drives.

Due to the high number of Google OAuth ID, these have been omitted from Figure 4 in order to better illustrate the other types of online services. 

Credentials and keys exposed for  online services
Figure 4: Credentials and keys exposed for online services

Of more than 4,000 secret or API keys for online services, the majority (56.9%) were for Slack. These may either be used to trick users into clicking links or disrupt business operations. They include:

  1. A webhook URL, which could be used to post messages directly into a channel within the organization.
  2. Slack Bot token, which would give access to sensitive information on channels and conversations that the bot user is invited to. 
  3. Slack User token, which would give access to the users Slack workspace, e.g. the channels, conversations, users, and reactions.

It’s about more than Slack, of course. Access to a Microsoft Nuget API key, for example, could enable actors to upload malicious packages or delete existing packages from a code repository.

Even though a relatively small number of Stripe secrets were unearthed (274), it can have a high impact. In this case, access could result in the exposure of sensitive financial information, and allow an attacker to modify and delete information within the account. 

Alternatively, a Mailgun secret key could allow use of the API to send, receive and track emails – an incredibly useful type of access for phishing campaigns.

Finding Your Own Keys

For GitHub, there are a few options for gaining this visibility:

  1. Trufflehog. Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
  2. GitRob. Helps find potentially sensitive files pushed to public repositories on Github
  3. GitHub Secret Scanning. GitHub provides monitoring for many of the key types outlined in this blog. Although this doesn’t extend to many of the database stores (Redis, Oracle, MySQL, IBM DB2, and PostgreSQL), it’s a great start. 

Of course, this is about more than just GitHub, and so it’s worth referring to help provided by the technologies themselves. Google, for example, provides helpful guidance on steps to take if you unearth an exposed access key. 

Get in touch to learn more about how we help organizations to detect exposed access keys and other types of technical leakage! You can read more about our technical leakage capability here

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

DarkSide: The new ransomware group behind highly targeted attacks

DarkSide: The new ransomware group behind highly targeted attacks

September 22, 2020 | 8 Min Read

We’ve recently observed the emergence of a...
With the Empire falling, who will take over the throne?

With the Empire falling, who will take over the throne?

September 16, 2020 | 10 Min Read

With the Empire falling, who will take over...
ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

September 14, 2020 | 2 Min Read

This week’s host Kacey is joined by...
Recruitment fraud: Don’t spook your dream candidates this halloween

Recruitment fraud: Don’t spook your dream candidates this halloween

September 10, 2020 | 4 Min Read

Everyone wants their dream job. Some people...
Cyber espionage: How to not get spooked by nation-state actors

Cyber espionage: How to not get spooked by nation-state actors

September 8, 2020 | 8 Min Read

In all the years I’ve worked in the...
Revisiting Typosquatting and the 2020 US Presidential Election

Revisiting Typosquatting and the 2020 US Presidential Election

September 2, 2020 | 11 Min Read

In October 2019, Digital Shadows’ Photon...
What is DevSecOps and Why Do We Need It?

What is DevSecOps and Why Do We Need It?

August 12, 2020 | 4 Min Read

DevSecOps, SecDevOps, and any...
Dread takes on the spammers – who will come out on top?

Dread takes on the spammers – who will come out on top?

August 28, 2020 | 9 Min Read

Spamming is an irritating and sometimes...
RECAP: Discussing the evolution and trends of cybercrime with Geoff White

RECAP: Discussing the evolution and trends of cybercrime with Geoff White

August 25, 2020 | 8 Min Read

In late July 2020, Digital Shadows had the...
Validate Exposed Credentials with Okta to Save Even More Time

Validate Exposed Credentials with Okta to Save Even More Time

August 24, 2020 | 3 Min Read

SearchLight customers can now automatically...
Dark Web Forums – The new kid on the block

Dark Web Forums – The new kid on the block

August 18, 2020 | 12 Min Read

Introducing DWF There’s a new kid on...
Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

August 17, 2020 | 10 Min Read

Optiv recently released their 2020 Cyber...
ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

August 17, 2020 | 2 Min Read

Alex, Kacey, and Charles host this week’s...
It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
Ransomware Trends in Q2: How Threat Intelligence Helps

Ransomware Trends in Q2: How Threat Intelligence Helps

July 22, 2020 | 8 Min Read

If you’re anything like me, it can be a...
Jira Atlassian SearchLight   Integration

Jira Atlassian SearchLight   Integration

July 21, 2020 | 2 Min Read

On average, it’s estimated that security teams...
Abracadabra! – CryptBB demystifying the illusion of the private forum

Abracadabra! – CryptBB demystifying the illusion of the private forum

July 15, 2020 | 8 Min Read

You wouldn’t usually associate cybercriminal...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat...
Tax Fraud in 2020: Down But Not Out

Tax Fraud in 2020: Down But Not Out

July 13, 2020 | 4 Min Read

After a three month extension, tomorrow marks...
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t...
Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the...
Reducing technical leakage: Detecting software exposure from the outside-in

Reducing technical leakage: Detecting software exposure from the outside-in

June 16, 2020 | 6 Min Read

Modern Development Practices Leads to...
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

For those of you who have not yet seen, Gartner...
CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

June 9, 2020 | 7 Min Read

A couple of weeks ago, the United States...
3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair...
Threat Intelligence Feeds: Why Context is Key

Threat Intelligence Feeds: Why Context is Key

May 7, 2020 | 10 Min Read

Key Takeaways: Choosing which threat...
ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

May 1, 2020 | 3 Min Read

Jamie, Adam, and Demelza join Viktoria for this...
What ‘The Wire’ can teach us about cybersecurity

What ‘The Wire’ can teach us about cybersecurity

April 21, 2020 | 12 Min Read

In the current era of self-isolation, remote...
ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing...
Top Priorities for 3rd party risk assessments

Top Priorities for 3rd party risk assessments

April 16, 2020 | 6 Min Read

If you’re like me, you’re probably tired of...
ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

April 13, 2020 | 3 Min Read

Coming to you from Dallas this week - we have...
How to minimize cybersecurity breaches in 2020

How to minimize cybersecurity breaches in 2020

April 8, 2020 | 9 Min Read

Seriously, don’t click back or close – I...
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue...
The Digital Risk Underdog: Remediation

The Digital Risk Underdog: Remediation

April 1, 2020 | 4 Min Read

When it comes to evaluating threat intelligence...
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but...
The Complete Guide to Online Brand Protection

The Complete Guide to Online Brand Protection

March 18, 2020 | 17 Min Read

  I’m not one for cheesy belief...
Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

March 4, 2020 | 5 Min Read

An ever changing perimeter? Over the past few...
ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

March 2, 2020 | 2 Min Read

Coming to you from Dallas this week -...
Mapping MITRE ATT&CK to the Equifax Indictment

Mapping MITRE ATT&CK to the Equifax Indictment

February 24, 2020 | 6 Min Read

  On Monday, February 10th, the United...
The Ecosystem of Phishing: From Minnows to Marlins

The Ecosystem of Phishing: From Minnows to Marlins

February 20, 2020 | 31 Min Read

YOU JUST WON $1,000. CLICK HERE TO CLAIM YOUR...
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

February 18, 2020 | 4 Min Read

  The dust hasn’t quite settled on the...
ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

February 17, 2020 | 2 Min Read

Roses are red, violets are blue, here’s...
The Devil, the Details, and the Analysis of Competing Hypothesis

The Devil, the Details, and the Analysis of Competing Hypothesis

February 13, 2020 | 5 Min Read

  Digital Shadows’ Photon Research Team...
ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

February 10, 2020 | 3 Min Read

In this week’s episode, Jamie starts by...
The Iowa Caucus: Third-Party Apps Can Be Risky Business

The Iowa Caucus: Third-Party Apps Can Be Risky Business

February 6, 2020 | 7 Min Read

  If you’ve seen HBO’s Silicon...
Red Team Blues: A 10 step security program for Windows Active Directory environments

Red Team Blues: A 10 step security program for Windows Active Directory environments

February 6, 2020 | 9 Min Read

  A fun tweet crossed our path recently,...
How to Operationalize Threat Intelligence: Actionability and Context

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020 | 5 Min Read

  In 1988 the idea of a Computer...
ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

February 3, 2020 | 3 Min Read

Rick Holland jumps in to kick-off this...
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

January 29, 2020 | 7 Min Read

  As the cyber threat intelligence (CTI)...
SANS Cyber Threat Intelligence Summit 2020: A Recap

SANS Cyber Threat Intelligence Summit 2020: A Recap

January 28, 2020 | 9 Min Read

  Last week I attended the eighth annual...
How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

January 23, 2020 | 5 Min Read

  I often get asked to share examples of...
ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

January 20, 2020 | 3 Min Read

Kacey, Charles, Alex, and Harrison host...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the...
NSA Vulnerability Disclosure: Pros and Cons

NSA Vulnerability Disclosure: Pros and Cons

January 15, 2020 | 5 Min Read

  On Monday, January 13th, Brian Krebs...
CVE-2019-19781: Analyzing the Exploit

CVE-2019-19781: Analyzing the Exploit

January 14, 2020 | 4 Min Read

  On December 17th 2019, CVE-2019-19781...
Iran and the United States – start of the long war or return to normal?

Iran and the United States – start of the long war or return to normal?

January 13, 2020 | 9 Min Read

  On 03 Jan 2020, the United States...
Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

January 7, 2020 | 6 Min Read

  With the recent news of Qasem Soleimani...
Iran and Soleimani: Monitoring the Situation

Iran and Soleimani: Monitoring the Situation

January 7, 2020 | 9 Min Read

*This blog has been updated as of Jan 9,...
Iranian Cyber Threats: Practical Advice for Security Professionals

Iranian Cyber Threats: Practical Advice for Security Professionals

January 6, 2020 | 8 Min Read

Unless you went very dark for an extended holiday...
2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

December 18, 2019 | 10 Min Read

  If all the holiday fuss isn’t...
Threat Intelligence: A Deep Dive

Threat Intelligence: A Deep Dive

December 12, 2019 | 21 Min Read

Welcome to our deep dive on threat intelligence:...
A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

December 5, 2019 | 9 Min Read

  In an industry prone to going overboard...
2.3 billion files exposed across online file storage technologies

2.3 billion files exposed across online file storage technologies

December 3, 2019 | 17 Min Read

Originally published May 2019 2.3 billion is a...
ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

December 2, 2019 | 3 Min Read

No ShadowTalk podcast episode this week, but...
ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

November 25, 2019 | 3 Min Read

Adam Cook and Viktoria Austin talk through the...
BSidesDFW 2019: OSINT Workshop Recap

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019 | 5 Min Read

  A few Saturdays ago, we had the...
ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

November 18, 2019 | 3 Min Read

Dallas is sound effects and all this week with...
Dynamic CVVs: 2FA 2Furious

Dynamic CVVs: 2FA 2Furious

November 12, 2019 | 5 Min Read

  The security community is quick to...
ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

November 11, 2019 | 3 Min Read

This week the London team looks at the following...
Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

November 7, 2019 | 3 Min Read

This is a guest blog, authored by Matthew...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

November 4, 2019 | 4 Min Read

Adam Cook, Philip Doherty, and Viktoria Austin...
Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

October 31, 2019 | 6 Min Read

  With the recent breach that targeted...
Cybercriminal credit card stores: Is Brian out of the club?

Cybercriminal credit card stores: Is Brian out of the club?

October 31, 2019 | 8 Min Read

  If you’re an avid follower of Digital...
Your Cyber Security Career – Press start to begin

Your Cyber Security Career – Press start to begin

October 30, 2019 | 13 Min Read

  October was Cyber Security Awareness...
Australia Cyber Threat Landscape report (H1 2019)

Australia Cyber Threat Landscape report (H1 2019)

October 29, 2019 | 5 Min Read

Depending on where you are in the world, October...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

October 25, 2019 | 3 Min Read

We’ve got all 3 ShadowTalk hosts in Dallas this...
Understanding the Consequences of Data Leakage through History

Understanding the Consequences of Data Leakage through History

October 24, 2019 | 4 Min Read

One of the most interesting aspects of...
WiFi Security: Dispelling myths of using public networks

WiFi Security: Dispelling myths of using public networks

October 23, 2019 | 9 Min Read

We have all seen many articles, blogs, endless...
Japan Cyber Threat Landscape report (H1 2019)

Japan Cyber Threat Landscape report (H1 2019)

October 22, 2019 | 5 Min Read

Japan: currently the host of the multi-national...
ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

October 18, 2019 | 3 Min Read

Kacey, Charles, Harrison, and Alex kick off this...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019 | 9 Min Read

Honeypots can be useful tools for gathering...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019 | 15 Min Read

Typosquatting. It’s a phrase most of us know in...
ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

October 11, 2019 | 3 Min Read

We’re back in London this week! Viktoria chats...
ANU Breach Report: Mapping to Mitre ATT&CK Framework

ANU Breach Report: Mapping to Mitre ATT&CK Framework

October 11, 2019 | 14 Min Read

Introduction This week, the Australian National...
Top Threat Intelligence Podcasts to Add to Your Playlist

Top Threat Intelligence Podcasts to Add to Your Playlist

October 3, 2019 | 4 Min Read

Looking for some new threat intelligence podcasts...
Domain Squatting: The Phisher-man’s Friend

Domain Squatting: The Phisher-man’s Friend

October 1, 2019 | 8 Min Read

In the past we have talked about the internal...
ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

September 27, 2019 | 4 Min Read

Viktoria hosts this week’s episode in London...
Singapore Cyber Threat Landscape report (H1 2019)

Singapore Cyber Threat Landscape report (H1 2019)

September 26, 2019 | 7 Min Read

Despite being the second smallest country in...
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

September 25, 2019 | 7 Min Read

Between 2012 to mid-2015, U.S. financial...
DevSecOps: Continued Database Exposures Point to Growing Challenges

DevSecOps: Continued Database Exposures Point to Growing Challenges

September 24, 2019 | 5 Min Read

Last week, we learned that millions of...
Nemty Ransomware: Slow and Steady Wins the Race?

Nemty Ransomware: Slow and Steady Wins the Race?

September 19, 2019 | 3 Min Read

As we outlined recently, ransomware is a key...
NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

September 18, 2019 | 7 Min Read

The United Kingdom’s National Cyber Security...
Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

September 17, 2019 | 8 Min Read

Data breaches are not slowing down. Nobody...
Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

September 10, 2019 | 2 Min Read

Back in February, I wrote about how we avoid the...
ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

September 9, 2019 | 3 Min Read

Alex, Alec, and Harrison are in the room today...
Emotet Returns: How To Track Its Updates

Emotet Returns: How To Track Its Updates

August 26, 2019 | 5 Min Read

What is Emotet? Emotet started life as a banking...
ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

August 23, 2019 | 3 Min Read

Charles Ragland (a brand new ShadowTalk-er!) and...
The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

August 19, 2019 | 6 Min Read

Black Hat and DEFCON are a wrap! Digital Shadows...
Black Hat and DEFCON 2019 – Some of our Favorite Sessions

Black Hat and DEFCON 2019 – Some of our Favorite Sessions

August 19, 2019 | 9 Min Read

The team were fortunate to go to Black Hat and...
Recon Village: Panning for gold

Recon Village: Panning for gold

August 1, 2019 | 7 Min Read

Richard will be presenting ‘Asset Discovery:...
Capital One Breach: What we know and what you can do

Capital One Breach: What we know and what you can do

July 31, 2019 | 5 Min Read

Monday blues. It’s a thing. It’s when you...
The Account Takeover Kill Chain: A Five Step Analysis

The Account Takeover Kill Chain: A Five Step Analysis

July 30, 2019 | 17 Min Read

It’s no secret that credential exposure is a...
ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

July 29, 2019 | 3 Min Read

Christian and Travis sit down with Harrison to...
Harnessing Exposed Data to Enhance Cyber Intelligence

Harnessing Exposed Data to Enhance Cyber Intelligence

July 11, 2019 | 7 Min Read

  An illicit and lucrative trade has...
Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

July 2, 2019 | 6 Min Read

Whether it’s intellectual property, proprietary...
Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

June 27, 2019 | 8 Min Read

The announcements of Facebook’s new...
Leaky SMB File Shares – So Many Bytes!

Leaky SMB File Shares – So Many Bytes!

June 19, 2019 | 5 Min Read

Everyone loves a sequel. If you’re an avid...
Managing Digital Risk: 4 Steps to Take

Managing Digital Risk: 4 Steps to Take

June 18, 2019 | 9 Min Read

Organizations are finding it increasingly...
ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

June 17, 2019 | 3 Min Read

This week Harrison is joined by Travis and Alec...
Managing Infosec Burnout: The Hidden Perpetrator

Managing Infosec Burnout: The Hidden Perpetrator

June 10, 2019 | 8 Min Read

The secret of the burnout epidemic lies in how we...
BlueKeep: Cutting through the hype to prepare your organization

BlueKeep: Cutting through the hype to prepare your organization

May 24, 2019 | 8 Min Read

Over the last week we have all been tuning into...
Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

May 21, 2019 | 6 Min Read

Phishing remains one of the most pervasive...
Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

May 15, 2019 | 15 Min Read

The internet has been aflame with discussions...
Cyber Talent Gap: How to Do More With Less

Cyber Talent Gap: How to Do More With Less

May 14, 2019 | 5 Min Read

The challenge facing us today is twofold: not...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 13, 2019 | 4 Min Read

Kacey and Alex join HVR this week to talk through...
Enabling Soi Dog’s Digital Transformation: A Case Study

Enabling Soi Dog’s Digital Transformation: A Case Study

May 8, 2019 | 3 Min Read

At the beginning of this year I was introduced to...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 6, 2019 | 3 Min Read

Phil and newcomer Benjamin Newman join Harrison...
ShadowTalk Update – 4.29.19

ShadowTalk Update – 4.29.19

April 29, 2019 | 3 Min Read

Jamie and Alex are back with Harrison this week...
ShadowTalk Update – 4.22.19

ShadowTalk Update – 4.22.19

April 22, 2019 | 3 Min Read

This week the team discusses an unidentified...
ShadowTalk Update – 4.15.19

ShadowTalk Update – 4.15.19

April 15, 2019 | 4 Min Read

Christian and Jamie join Harrison for another...
Reducing your attack surface

Reducing your attack surface

April 9, 2019 | 4 Min Read

What is an attack surface According to OWASP, an...
ShadowTalk Update – 4.8.19

ShadowTalk Update – 4.8.19

April 8, 2019 | 3 Min Read

Jamie, Alex and Zuko sit down with Harrison to...
Easing into the extortion game

Easing into the extortion game

April 3, 2019 | 4 Min Read

One of the main ideas which flowed through...
Predator: Modeling the attacker’s mindset

Predator: Modeling the attacker’s mindset

April 2, 2019 | 6 Min Read

Author: Richard Gold  The phrases...
ShadowTalk Update – 4.1.19

ShadowTalk Update – 4.1.19

March 29, 2019 | 3 Min Read

Christian and Jamie sit down with Harrison to...
ShadowTalk Update – 3.25.19

ShadowTalk Update – 3.25.19

March 25, 2019 | 4 Min Read

Harrison chats with Jamie and Alex this week on...
Dark Web Typosquatting: Scammers v. Tor

Dark Web Typosquatting: Scammers v. Tor

March 21, 2019 | 7 Min Read

Time and time again, we see how the cybercriminal...
How to Secure Your Online Brand

How to Secure Your Online Brand

March 20, 2019 | 4 Min Read

What is online brand security? As we outlined in...
ShadowTalk Update – 3.18.19

ShadowTalk Update – 3.18.19

March 18, 2019 | 3 Min Read

Harrison sits down with Rose and Christian for a...
Detecting Exposed Company Data: The What, Why, and How

Detecting Exposed Company Data: The What, Why, and How

March 12, 2019 | 3 Min Read

What is data loss detection? A fundamental...
ShadowTalk Update – 3.11.19

ShadowTalk Update – 3.11.19

March 11, 2019 | 3 Min Read

This week Jamie and Alex join Harrison to look at...
Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

March 6, 2019 | 7 Min Read

Authors: Simon Hall, Isidoros...
ShadowTalk Update – 3.04.19

ShadowTalk Update – 3.04.19

March 4, 2019 | 4 Min Read

This week Rose and Phil join Harrison to discuss...
SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

February 26, 2019 | 16 Min Read

In our latest research report, A Tale of Epic...
ShadowTalk Update – 2.25.19

ShadowTalk Update – 2.25.19

February 25, 2019 | 4 Min Read

This week, Phil and Alex join Harrison to discuss...
Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

February 21, 2019 | 3 Min Read

In our most recent research, A Tale of Epic...
ShadowTalk Update – 2.18.19

ShadowTalk Update – 2.18.19

February 19, 2019 | 3 Min Read

Alex and Jamie matched with Harrison in this...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing...
ShadowTalk Update – 2.11.19

ShadowTalk Update – 2.11.19

February 8, 2019 | 3 Min Read

Alex and Jamie join Harrison to discuss how the...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about...
You’ve got a digital strategy, but how are you managing digital risks?

You’ve got a digital strategy, but how are you managing digital risks?

February 7, 2019 | 3 Min Read

Download a free copy of Digital Risk: The...
SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

February 5, 2019 | 7 Min Read

We were fortunate to attend the 2019 SANS DFIR...
ShadowTalk Update – 2.4.19

ShadowTalk Update – 2.4.19

February 4, 2019 | 4 Min Read

This week, Alex Guirakhoo and Jamie Collier join...
SingHealth Breach Post-mortem: Key Findings

SingHealth Breach Post-mortem: Key Findings

January 29, 2019 | 5 Min Read

On 10 January 2019, Singaporean authorities...
ShadowTalk Update – 1.28.19

ShadowTalk Update – 1.28.19

January 26, 2019 | 3 Min Read

This week Rose, Jamie, and Alex talk with...
Security Practitioner’s Guide to Email Spoofing and Risk Reduction

Security Practitioner’s Guide to Email Spoofing and Risk Reduction

January 24, 2019 | 13 Min Read

In our previous extended blog, Tackling Phishing:...
ShadowTalk Update – 1.21.19

ShadowTalk Update – 1.21.19

January 19, 2019 | 3 Min Read

This week, Alex Guirakhoo and Philip Doherty join...
Don’t Just Read Intelligence: Learn From It

Don’t Just Read Intelligence: Learn From It

January 17, 2019 | 5 Min Read

The Importance of Learning in Cyber...
ShadowTalk Update – 1.14.19

ShadowTalk Update – 1.14.19

January 14, 2019 | 3 Min Read

We’ve just released our first Weekly...
Security Analyst Spotlight Series: Phil Doherty

Security Analyst Spotlight Series: Phil Doherty

January 10, 2019 | 5 Min Read

Organizations rely on Digital Shadows to be an...
The Most Popular Security Blog Topics of 2018

The Most Popular Security Blog Topics of 2018

December 18, 2018 | 3 Min Read

It’s been a busy year on the Digital Shadows...
ShadowTalk Update – 17.10.2018

ShadowTalk Update – 17.10.2018

December 17, 2018 | 3 Min Read

Following from our recent research, Tackling...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018 | 8 Min Read

Overall, the infosec community has done a...
ShadowTalk Update – 12.10.2018

ShadowTalk Update – 12.10.2018

December 10, 2018 | 3 Min Read

In this week's ShadowTalk, Rick Holland and...
2019 Cyber Security Forecasts: Six Things on the Horizon

2019 Cyber Security Forecasts: Six Things on the Horizon

December 5, 2018 | 9 Min Read

The new year is upon us! 2018 brought us Spectre...
ShadowTalk Update – 12.03.2018

ShadowTalk Update – 12.03.2018

December 3, 2018 | 3 Min Read

Michael Marriott, Dr Richard Gold and Simon Hall...
Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

November 29, 2018 | 5 Min Read

I’m a big fan of the Cobalt Strike threat...
Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

November 27, 2018 | 3 Min Read

Australian Signals Directorate Essential 8 The...
ShadowTalk Update – 11.26.2018

ShadowTalk Update – 11.26.2018

November 26, 2018 | 3 Min Read

With Black Friday kicking off the holiday...
ShadowTalk Update – 11.19.2018

ShadowTalk Update – 11.19.2018

November 19, 2018 | 2 Min Read

Leaked court documents surfaced this week...
Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your...
A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

November 13, 2018 | 5 Min Read

I recently attended the ENISA (European Union...
ShadowTalk Update – 11.12.2018

ShadowTalk Update – 11.12.2018

November 12, 2018 | 2 Min Read

In this week's ShadowTalk, we discuss the big...
Security Analyst Spotlight Series: Adam Cook

Security Analyst Spotlight Series: Adam Cook

November 7, 2018 | 6 Min Read

Organizations rely on our cyber intelligence...
ShadowTalk Update – 11.05.2018

ShadowTalk Update – 11.05.2018

November 5, 2018 | 3 Min Read

In November 2016, Tesco Bank suffered a series of...
81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

November 2, 2018 | 5 Min Read

This morning, the British Broadcasting...
ShadowTalk Update – 10.29.2018

ShadowTalk Update – 10.29.2018

October 29, 2018 | 3 Min Read

In this week's ShadowTalk, Harrison Van Riper and...
Cyber Security Awareness Month: Week 4 – Privacy

Cyber Security Awareness Month: Week 4 – Privacy

October 25, 2018 | 6 Min Read

This week in Brussels, Apple’s chief executive...
ShadowTalk Update – 10.22.2018

ShadowTalk Update – 10.22.2018

October 22, 2018 | 3 Min Read

In this week's ShadowTalk, following on from last...
ShadowTalk Update – 10.15.2018

ShadowTalk Update – 10.15.2018

October 15, 2018 | 3 Min Read

In ShadowTalk this week, Digital Shadows' CISO...
Phishing Site Impersonates Financial Services Institution

Phishing Site Impersonates Financial Services Institution

October 10, 2018 | 3 Min Read

If the infamous bank robber, Willie Sutton, were...
ShadowTalk Update – 10.08.2018

ShadowTalk Update – 10.08.2018

October 8, 2018 | 3 Min Read

In this week’s Shadow Talk, Rafael Amado joins...
Business Email Compromise: When You Don’t Need to Phish

Business Email Compromise: When You Don’t Need to Phish

October 4, 2018 | 4 Min Read

According to the FBI, Business Email Compromise...
Cyber Security Awareness Month: Week 1 – Credential Hygiene

Cyber Security Awareness Month: Week 1 – Credential Hygiene

October 3, 2018 | 5 Min Read

It’s the opening week of the annual National...
Security Analyst Spotlight Series: Christian Rencken

Security Analyst Spotlight Series: Christian Rencken

October 2, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
ShadowTalk Update – 10.01.2018

ShadowTalk Update – 10.01.2018

October 1, 2018 | 3 Min Read

Rick Holland, CISO of Digital Shadows, joins...
ShadowTalk Update – 09.24.2018

ShadowTalk Update – 09.24.2018

September 24, 2018 | 3 Min Read

In ShadowTalk this week, Richard Gold, Simon Hall...
The 2017 FSB indictment and Mitre ATT&CK™

The 2017 FSB indictment and Mitre ATT&CK™

September 20, 2018 | 11 Min Read

On  February 28th, 2017 the US Department of...
Non-traditional State Actors: New Kids on the Block

Non-traditional State Actors: New Kids on the Block

September 18, 2018 | 5 Min Read

Cyber threat reporting sits at a dichotomy. On...
ShadowTalk Update – 09.17.2018

ShadowTalk Update – 09.17.2018

September 17, 2018 | 2 Min Read

In this week’s ShadowTalk, Richard Gold and...
MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

September 13, 2018 | 18 Min Read

On 6th September the US Department of Justice...
GAO’s Equifax Post-mortem Report

GAO’s Equifax Post-mortem Report

September 11, 2018 | 5 Min Read

It’s common for the exciting and novel issues...
ShadowTalk Update – 09.10.2018

ShadowTalk Update – 09.10.2018

September 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and...
Sextortion – When Persistent Phishing Pays Off

Sextortion – When Persistent Phishing Pays Off

September 6, 2018 | 4 Min Read

You may have heard of a recent surge in...
ShadowTalk Update – 09.03.2018

ShadowTalk Update – 09.03.2018

September 3, 2018 | 3 Min Read

Not a week goes by without an example where...
Security Analyst Spotlight Series: Heather Farnsworth

Security Analyst Spotlight Series: Heather Farnsworth

August 30, 2018 | 5 Min Read

Organizations rely on Digital Shadows to be an...
Understanding Threat Modelling

Understanding Threat Modelling

August 29, 2018 | 4 Min Read

What is a threat model? Threat modelling, as...
ShadowTalk Update – 08.27.2018

ShadowTalk Update – 08.27.2018

August 27, 2018 | 3 Min Read

With November’s U.S. midterm elections...
Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

August 22, 2018 | 12 Min Read

On August 1, 2018, the US Department of Justice...
ShadowTalk Update – 08.20.2018

ShadowTalk Update – 08.20.2018

August 20, 2018 | 3 Min Read

In this week’s ShadowTalk, we dig into ATM...
ShadowTalk Update – 08.13.2018

ShadowTalk Update – 08.13.2018

August 13, 2018 | 3 Min Read

In this week’s ShadowTalk it's all things...
Digital Shadows Contributes to Insider Threat Research

Digital Shadows Contributes to Insider Threat Research

August 9, 2018 | 5 Min Read

On July 30, Forrester published its latest...
Five Threats to Financial Services: Phishing Campaigns

Five Threats to Financial Services: Phishing Campaigns

August 8, 2018 | 7 Min Read

In our last blog, we highlighted how banking...
ShadowTalk Update – 08.06.2018

ShadowTalk Update – 08.06.2018

August 6, 2018 | 2 Min Read

In this week’s episode, JP Perez-Etchegoyen,...
ShadowTalk Update – 07.30.2018

ShadowTalk Update – 07.30.2018

July 30, 2018 | 3 Min Read

Richard Gold and Rose Bernard join Michael...
Cyber Threats to ERP Applications: Threat Landscape

Cyber Threats to ERP Applications: Threat Landscape

July 24, 2018 | 4 Min Read

What are ERP Applications? Organizations rely on...
ShadowTalk Update – 07.23.2018

ShadowTalk Update – 07.23.2018

July 23, 2018 | 3 Min Read

In this week's ShadowTalk, we discuss the Robert...
Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

July 17, 2018 | 10 Min Read

A recent indictment revealed how the GRU...

Digital Risk Protection: Avoid Blind Spots with a More Complete Risk Picture

July 17, 2018 | 5 Min Read

“Digital Shadows leads the pack for digital...
ShadowTalk Update – 07.16.2018

ShadowTalk Update – 07.16.2018

July 16, 2018 | 2 Min Read

In this week's ShadowTalk, Digital Shadows’...
ShadowTalk Update – 07.09.2018

ShadowTalk Update – 07.09.2018

July 9, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface...
ShadowTalk Update – 07.02.2018

ShadowTalk Update – 07.02.2018

July 2, 2018 | 3 Min Read

In this week's ShadowTalk, following news that a...
ShadowTalk Update – 06.25.2018

ShadowTalk Update – 06.25.2018

June 25, 2018 | 3 Min Read

In this week’s ShadowTalk, Simon Hall and...
ShadowTalk Update – 06.18.2018

ShadowTalk Update – 06.18.2018

June 18, 2018 | 3 Min Read

In ShadowTalk this week, Dr Richard Gold and...
Shadow Talk Update – 06.11.2018

Shadow Talk Update – 06.11.2018

June 11, 2018 | 3 Min Read

In Shadow Talk this week, Dr Richard Gold joins...
Shadow Talk Update – 06.04.2018

Shadow Talk Update – 06.04.2018

June 4, 2018 | 3 Min Read

In this week's Shadow Talk, Dr Richard Gold joins...
7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

May 30, 2018 | 5 Min Read

Lockpath’s Vice President of Development Tony...
Shadow Talk Update – 05.29.2018

Shadow Talk Update – 05.29.2018

May 29, 2018 | 4 Min Read

The focus in this week’s Shadow Talk is on...
Security Analyst Spotlight Series: Rose Bernard

Security Analyst Spotlight Series: Rose Bernard

May 23, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
Shadow Talk Update – 05.21.2018

Shadow Talk Update – 05.21.2018

May 21, 2018 | 3 Min Read

In this week’s episode of Shadow Talk, Digital...
Shadow Talk Update – 05.14.2018

Shadow Talk Update – 05.14.2018

May 14, 2018 | 3 Min Read

In this week’s episode Shadow Talk we look at...
Shadow Talk Update – 05.07.2018

Shadow Talk Update – 05.07.2018

May 7, 2018 | 3 Min Read

In this week’s episode Shadow Talk, it’s a...
Shadow Talk Update – 04.30.2018

Shadow Talk Update – 04.30.2018

April 30, 2018 | 2 Min Read

In this week’s episode of Shadow Talk, we cover...
Keys to the Kingdom: Exposed Security Assessments

Keys to the Kingdom: Exposed Security Assessments

April 24, 2018 | 4 Min Read

Organizations employ external consultants and...
Shadow Talk Update – 04.23.2018

Shadow Talk Update – 04.23.2018

April 23, 2018 | 3 Min Read

This week’s Shadow Talk discusses Russia’s...
Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

April 18, 2018 | 4 Min Read

For organizations dealing with proprietary...
When There’s No Need to Hack: Exposed Personal Information

When There’s No Need to Hack: Exposed Personal Information

April 17, 2018 | 4 Min Read

With Equifax‘s breach of 145 million records...
Shadow Talk Update – 04.16.2018

Shadow Talk Update – 04.16.2018

April 16, 2018 | 5 Min Read

This week’s Shadow Talk discusses a Cisco Smart...
Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

April 12, 2018 | 5 Min Read

The recent assassination attempt on former...
Leveraging the 2018 Verizon Data Breach Investigations Report

Leveraging the 2018 Verizon Data Breach Investigations Report

April 10, 2018 | 5 Min Read

Today, the 11th edition of the Verizon Data...
Shadow Talk Update – 04.09.2018

Shadow Talk Update – 04.09.2018

April 9, 2018 | 4 Min Read

Back from the Easter break, this week’s Shadow...
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

April 5, 2018 | 4 Min Read

Our recent report “Too Much Information”,...
Shadow Talk Update – 03.26.2018

Shadow Talk Update – 03.26.2018

March 26, 2018 | 4 Min Read

This week’s Shadow Talk discusses what the...
Shadow Talk Update – 03.19.2018

Shadow Talk Update – 03.19.2018

March 19, 2018 | 5 Min Read

This week’s Shadow Talk features the latest...
Shadow Talk Update – 03.12.2018

Shadow Talk Update – 03.12.2018

March 12, 2018 | 3 Min Read

This week’s Shadow Talk features more...
Ransomware in 2018: 4 Things to Look Out For

Ransomware in 2018: 4 Things to Look Out For

March 8, 2018 | 4 Min Read

Ransomware remains an active threat for...
It’s Accrual World: Tax Return Fraud in 2018

It’s Accrual World: Tax Return Fraud in 2018

March 7, 2018 | 5 Min Read

With just over a month until Tax Deadline Day,...
Shadow Talk Update – 03.05.2018

Shadow Talk Update – 03.05.2018

March 5, 2018 | 3 Min Read

On this week's Shadow Talk podcast, the Research...
Protecting Your Brand: Return on Investment

Protecting Your Brand: Return on Investment

February 27, 2018 | 3 Min Read

Last week I was joined by Brett Millar, Director...
Shadow Talk Update – 02.26.2018

Shadow Talk Update – 02.26.2018

February 26, 2018 | 3 Min Read

In this week’s podcast, the Digital Shadows...
Prioritize to Avoid Security Nihilism

Prioritize to Avoid Security Nihilism

February 20, 2018 | 3 Min Read

In many situations associated with cyber...
Shadow Talk Update – 02.19.2018

Shadow Talk Update – 02.19.2018

February 19, 2018 | 3 Min Read

In this week’s Shadow Talk podcast, the Digital...
Cryptojacking: An Overview

Cryptojacking: An Overview

February 13, 2018 | 5 Min Read

What is Cryptojacking? Cryptojacking is the...
Shadow Talk Update – 12.02.2018

Shadow Talk Update – 12.02.2018

February 12, 2018 | 4 Min Read

With the 2018 Winter Games beginning this week,...
Phishing for Gold: Threats to the 2018 Winter Games

Phishing for Gold: Threats to the 2018 Winter Games

February 6, 2018 | 7 Min Read

Digital Shadows has been monitoring major...
Shadow Talk Update – 02.05.2018

Shadow Talk Update – 02.05.2018

February 5, 2018 | 3 Min Read

In this week’s podcast episode of Shadow Talk,...
Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

January 30, 2018 | 7 Min Read

I am one of you. I have been in the marketing...
Shadow Talk Update – 01.29.2018

Shadow Talk Update – 01.29.2018

January 29, 2018 | 4 Min Read

In this week’s Shadow Talk podcast episode, the...
Data Privacy Day: 8 Key Recommendations for GDPR Readiness

Data Privacy Day: 8 Key Recommendations for GDPR Readiness

January 26, 2018 | 4 Min Read

This Sunday is Data Privacy Day, “an...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on...
GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

January 4, 2018 | 3 Min Read

In 2010, reports emerged that the Information...

Digital Shadows’ Most Popular Blogs of 2017: Analysis of Competing Hypotheses For The Win

December 12, 2017 | 3 Min Read

This time last year, we looked back at the blogs...
GDPR – Not Just a European Concern

GDPR – Not Just a European Concern

November 20, 2017 | 6 Min Read

This post originally appeared...
Why “Have a Safe Trip” Is Taking On Greater Meaning

Why “Have a Safe Trip” Is Taking On Greater Meaning

November 14, 2017 | 5 Min Read

This post originally appeared...
Groupthink

Know Where to Find Your Digital Risk

November 10, 2017 | 4 Min Read

This post originally appeared on SecurityWeek....
equifax research report

2017 Equifax Breach: Impact and Lessons Learned

September 28, 2017 | 3 Min Read

Equifax experienced a data breach that occurred...
powershell

PowerShell Security Best Practices

October 8, 2019 | 9 Min Read

Updated as of October 8, 2019 Threat actors...
equifax breach update

An Update on the Equifax Data Breach

September 13, 2017 | 8 Min Read

The credit reporting agency Equifax...
Equifax Breach Assessment

Equifax Breach: The Impact For Enterprises and Consumers

September 8, 2017 | 9 Min Read

What we know about the Equifax breach On...
Computer Worms Blog

Return of the Worm: A Red Hat Analysis

September 7, 2017 | 4 Min Read

A computer worm is a piece of malware that is...
Credential Exposure Data Loss Blog

Bitglass: Compromised Credentials are Just One Way Your Corporate Data is Being Exposed

August 18, 2017 | 2 Min Read

A guest blog from Bitglass, read the original...
Threat Intelligence Social Media Security

All That Twitterz Is Not Gold: Why You Need to Rely on Multiple Sources of Intelligence

August 9, 2017 | 3 Min Read

Twitter has become an extremely valuable tool for...
Threat Model

What is a Threat Model, and Why Organizations Should Care

July 31, 2017 | 4 Min Read

Many organizations are exquisitely aware that...
Criminal Market Place Bitcoin Virtual Currency

The Future of Marketplaces: Forecasting the Decentralized Model

July 17, 2017 | 4 Min Read

Last week we wrote about the disappearance of...
AlphaBay Hansa Seized

AlphaBay Disappears: 3 Scenarios to Look For Next

July 14, 2017 | 6 Min Read

The AlphaBay dark web marketplace has been...
Penetration Testing

Threat Led Penetration Testing – The Past, Present and Future

July 10, 2017 | 5 Min Read

What is Threat Led Penetration Testing? Threat...
Cyber Criminal Attack Vectors

Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

June 23, 2017 | 5 Min Read

Reporting on intrusions or attacks often dwells...
Wanna Cry Ransomware

WannaCry: An Analysis of Competing Hypotheses – Part II

June 7, 2017 | 7 Min Read

Following the furore of last month’s WannaCry...
Encrypted Files WannaCry

WannaCry: An Analysis of Competing Hypotheses

May 18, 2017 | 6 Min Read

On 12 May 2017, as the WannaCry ransomware spread...
NIST Authentication

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past...
Brand Reputation Digital Risk

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each...
Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National...
Research Intelligence Sources

All Sources Are Not the Same; Why Diversity Is Good for Intelligence

April 11, 2017 | 3 Min Read

As we all know, if you listen to just one side of...
Mobile Threats

Monitoring the Mobile Threat Landscape

April 4, 2017 | 4 Min Read

The UK’s National Cyber Security Centre (NCSC)...
Mobile App Screen

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

March 14, 2017 | 2 Min Read

Organizations face a wide range of risks online,...
Penetration Testing

Step by Step: The Changing Face of Threat Led Penetration Testing

February 28, 2017 | 4 Min Read

Organizations are increasingly adopting the...
Intelligence Cycle

F3EAD: Find, Fix, Finish, Exploit, Analyze and Disseminate – The Alternative Intelligence Cycle

February 8, 2017 | 4 Min Read

The F3EAD cycle (Find, Fix Finish, Exploit,...
Intelligence Sources

Two Ways to Effectively Tailor Your Intelligence Products

January 17, 2017 | 4 Min Read

In my previous blog, “Trump and Intelligence: 6...
Intelligence Consumer Trump

Trump and Intelligence: 6 Ways To Deal With Challenging Intelligence Consumers

January 4, 2017 | 4 Min Read

It is no secret the President Elect Trump is...
Forecasts Cyber Security

You Should Consider Forecasts, Not Predictions

December 9, 2016 | 4 Min Read

Well it’s that time of year again. Sorry, not...
Chess Game

A Model of Success: Anticipating Your Attackers’ Moves

December 1, 2016 | 4 Min Read

In a previous blog, we discussed the role of...
Tesco Bank

Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident

November 11, 2016 | 5 Min Read

On November 6, 2016 multiple UK media outlets...
Social Media Oversharing

Overexposed and Under-Prepared; The Risks of Oversharing Online

November 8, 2016 | 4 Min Read

I have a confession to make. I know where you...
Email Security

Five Tips For Better Email Security

November 8, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Professional Services Digital Shadows

Digital Risk Monitoring Is A Service, Not a Distinct Capability

October 11, 2016 | 2 Min Read

Digital Shadows was recently recognized as a...
Strategic Support Force

Balancing the Scales: The PRC’s Shift to Symmetrical Engagement

October 6, 2016 | 4 Min Read

Over the past few years we have observed the...
Five Tips To Make Your Passwords Better

Five Tips To Make Your Passwords Better

September 26, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Forrester

Digital Risk Monitoring Can Negate ‘Indicators of Exhaustion’

September 26, 2016 | 2 Min Read

When I first joined Digital Shadows in January, I...
breached data

The Industrialized Uses of Breached Data

September 21, 2016 | 4 Min Read

In our first blog, we outlined a number of...
credential compromise

Beauty and the Breach: Leaked Credentials in Context

September 21, 2016 | 4 Min Read

Our analysts recently researched credential...
New report: 97 percent of the top 1,000 companies suffer from credential compromise

New report: 97 percent of the top 1,000 companies suffer from credential compromise

September 20, 2016 | 2 Min Read

Data breaches and credential compromise are not...
SCADA hacks

Show me the context: The hacking proof of concept

September 8, 2016 | 2 Min Read

A common feature at security conferences,...
HackBack

The cyber defender and attacker imbalance – a disproportionate impact

September 6, 2016 | 3 Min Read

You might be forgiven for thinking that...
SWIFT network

Hybrid cyber/physical criminal operations – where network intrusions meet the physical world

August 30, 2016 | 3 Min Read

At some stage, almost every crime committed...
Shadow Brokers

Four Things We’ve Learned From the Alleged Equation Group Code Leak

August 22, 2016 | 4 Min Read

The wake of the deeply bizarre auction of...
False flag operations

False flags in cyber intrusions – why bother?

August 17, 2016 | 3 Min Read

False flag operations have long existed in the...
Wall of Sheep

Gambling with Security in Vegas: Not Your Best Bet

July 27, 2016 | 4 Min Read

With BSides Las Vegas, Black Hat, and DEF CON...
TTPs

Getting In Gear: Accounting for Tactical and Strategic Intelligence

July 26, 2016 | 3 Min Read

We’ve written before about how we like to map...
thedarkoverlord

Thedarkoverlord – losing his patients?

July 26, 2016 | 4 Min Read

In late June 2016, we observed a spate of attacks...
Indicator of Compromise

5 Takeaways From The “Building A Strategic Threat Intelligence Program” Webinar

July 26, 2016 | 3 Min Read

Last week, the great Mike Rothman (of Securosis...
Syrian Electronic Army

Towards a(nother) new model of attribution

July 21, 2016 | 4 Min Read

Actor attribution is a common issue and activity...
breach disclosure

5 Key Lessons From The FDIC’s Breach Disclosure Debacle

July 18, 2016 | 4 Min Read

Last week, the United States House Science, Space...
Lulz Boat

Open Source Intelligence versus Web Search: What’s The Difference?

July 11, 2016 | 4 Min Read

“I can get that from Google!” – is a common...
thedarkoverlord

10 ways to prepare for credential leak incidents

June 30, 2016 | 2 Min Read

From LinkedIn to MySpace, threat actors like...
threat intelligence

Spidey-sense for the people

June 23, 2016 | 5 Min Read

If you liked Marvel’s SpiderMan then you will...
cyberspace

Standoff in cyberspace

June 17, 2016 | 3 Min Read

In physical security terminology, standoff is the...
Intelligence Collection

Inconsistencies in Intelligence Collection

June 17, 2016 | 4 Min Read

Amid the rising talk of “intelligence” within...
intelligence cycle

Building an Intelligence Capability: Agility, Creativity and Diversity

June 2, 2016 | 2 Min Read

The Internet is a big old place, full of...
risk

Are you certain you know what risk means?

May 31, 2016 | 5 Min Read

You’re the person in charge of safety on the...
OpAfrica

Data breaches targeting financial services: 2016 so far

May 26, 2016 | 3 Min Read

It’s been a busy year for data breaches...
Advanced Persistent Threat

The Plan is Mightier than the Sword – Re(sources)

May 24, 2016 | 3 Min Read

After having discussed the importance of planning...
Operational Relay Boxes

The Plan is Mightier than the Sword – Persistence

May 24, 2016 | 5 Min Read

In the last blog post, I talked about the...
Advanced Persistent Threat

The Plan is Mightier than the Sword – Planning

May 24, 2016 | 4 Min Read

Media reports of breaches against major...
Bozkurt Hackers

Bozkurt Hackers continue to leak bank data

May 13, 2016 | 4 Min Read

A threat actor calling itself “Bozkurt...
DBIR

Analyzing the 2016 Verizon Data Breach Investigations Report

May 2, 2016 | 4 Min Read

Last week Verizon released the 2016 Data Breach...
Intelligence Cycle

Getting Strategic With Your Threat Intelligence Program

April 26, 2016 | 4 Min Read

Tactical feeds have dominated the threat...
Artificial Intelligence

Roboanalyst: The Future of Threat Intelligence?

April 25, 2016 | 3 Min Read

Artificial Intelligence (AI) is currently going...
Hacking Team

The Hacking Team breach – an attacker’s point of view

April 22, 2016 | 3 Min Read

On 17 April 2016, two posts were added to...
antifragile security

Antifragile Security: Bouncing Back Stronger

March 21, 2016 | 3 Min Read

Strong, robust, stable, resilience – these are...
VMware

Moar Sand!

March 10, 2016 | 3 Min Read

Let’s face it, many organizations have their...
Human in the Loop

Uncertainties in the Language of Uncertainty – and why we need to talk about it

February 25, 2016 | 4 Min Read

If you know much about Digital Shadows...
3 letter guys

Intelligence vs. Infosec: The 3-letter-guy to the rescue?

February 25, 2016 | 3 Min Read

Whenever Royal Marines deploy on operations, they...
data breach

WHAT DO YOU MEAN IT WAS AN ACCIDENT?

February 25, 2016 | 4 Min Read

We always want to find someone or something to...
DDoS extortion

Using News Reports as a Source of Intelligence

February 23, 2016 | 4 Min Read

It’s often tempting to overplay the importance...
Sans

Another SANS Cyber Threat Intelligence Summit is in the books

February 11, 2016 | 5 Min Read

Last Thursday we wrapped up the 4th annual SANS...
intelligence collection

Waiter, there’s a hole in my intelligence collection!

February 10, 2016 | 3 Min Read

We’re all swimming in data. There’s data...
Digital Shadows Announcement

Relevance: The missing ingredient of cyber threat intelligence

February 8, 2016 | 3 Min Read

Today we’ve announced the closing of our Series...
strategic corporal

The Strategic Corporal and Information Security

January 18, 2016 | 3 Min Read

For those unfamiliar with the term “strategic...
Analyst Education

Lots to learn? Academia and intelligence

January 4, 2016 | 3 Min Read

With the ongoing emergence of CTI you could be...
Intelligence Communication

Communicating Intelligence: The Challenge of Consumption

December 10, 2015 | 4 Min Read

In my previous blog in this series I discussed...
Intelligence Communication

Communicating Intelligence: Getting the message out

December 8, 2015 | 4 Min Read

In my previous blog I discussed some of the...
TalkTalk

TalkTalk Information Likely to be Discoverable on The Dark Web

December 4, 2015 | 3 Min Read

Last month, TalkTalk disclosed that they been the...
Intelligence Communication

Communicating Intelligence: A Battle of Three Sides

December 2, 2015 | 2 Min Read

Good intelligence depends in large measure on...
ABI

Activity Based Intelligence – Activating Your Interest?

November 25, 2015 | 4 Min Read

Some threat actors love to make noise. Be it a...
MitM

The Way of Hacking

November 10, 2015 | 3 Min Read

In the Japanese martial art of Aikido it is said...
ransomware

Emerging Markets: Online Extortion Matures via DDoS Attacks

November 9, 2015 | 5 Min Read

Unlike scenes from books or movies where shadowy...
TalkTalk

TalkTalk: Avoiding The Hype

October 28, 2015 | 4 Min Read

There has been no shortage of media coverage on...
Internet of Things

How the Internet of Things (IoT) is Expanding Your Digital Shadow

September 9, 2015 | 2 Min Read

The Internet of Things (IoT) is a development...
Cyber Intelligence

The Intelligence Cycle – What Is It Good For?

September 9, 2015 | 10 Min Read

It seems that the concept of ‘intelligence’...
multilingual domain

Working In Multilingual Sources

September 8, 2015 | 5 Min Read

Introduction Here at Digital Shadows we collect...
Intelligence Trinity

The Intelligence Trinity

September 8, 2015 | 5 Min Read

My name is Steve and I’ve been working in...
Sources

Source Evaluation

September 8, 2015 | 5 Min Read

My name is Ben and I’ve been working for...
Analytics

Analytical Tradecraft at Digital Shadows

September 8, 2015 | 3 Min Read

This week my colleague and I attended the SANS...
Groupthink

The Dangers of Groupthink

September 7, 2015 | 4 Min Read

In my previous blog post I discussed...
groupthink

The Dangers of Groupthink: Part 2

September 7, 2015 | 5 Min Read

9th April 2015: In my previous blog post I...
Adult Friend Finder

The Adult Friend Finder Breach: A Recap

September 7, 2015 | 5 Min Read

27th May 2015: Last week, news quickly...
Al Hayat

Saudi Arabia MOFA Breach

September 7, 2015 | 5 Min Read

Introduction As of April 2015 there were more...