Blog & Resources 2018

The latest advice, opinion and research from our dedicated intelligence analyst team.

Cyber Threats to Watch in 2019: Key Takeaways from our webinar with the FBI Cyber Squad

December 20, 2018 | 5 Min Read

As 2018 comes to a close, Digital Shadows partnered with the FBI’s Cyber Division for a webinar to discuss some of the cyber security threats and trends we might see in 2019. I joined the FBI for...

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Cyber Threats to Watch in 2019: Key Takeaways from our webinar with the FBI Cyber Squad

Cyber Threats to Watch in 2019: Key Takeaways from our webinar with the FBI Cyber Squad

December 20, 2018 | 5 Min Read

As 2018 comes to a close, Digital Shadows partnered with the FBI’s Cyber Division for a webinar to discuss some...
The Most Popular Security Blog Topics of 2018

The Most Popular Security Blog Topics of 2018

December 18, 2018 | 3 Min Read

It’s been a busy year on the Digital Shadows blog, with almost 150 blogs published since January 1. As we...
ShadowTalk Update – 17.10.2018

ShadowTalk Update – 17.10.2018

December 17, 2018 | 3 Min Read

Following from our recent research, Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It, the...
Bomb Threat Emails: Extortion Gets Physical

Bomb Threat Emails: Extortion Gets Physical

December 14, 2018 | 4 Min Read

We’ve seen yet another change in tactics for the recent spate of extortion campaigns. Whereas before these emails tried to...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018 | 8 Min Read

Overall, the infosec community has done a relatively good job in securing systems. While a measure of restrained back-patting is...
Digital Shadows New Integration for Splunk

Digital Shadows New Integration for Splunk

December 10, 2018 | 3 Min Read

Today we announced the release of an updated version of our Splunk App, which is now certified for both Splunk...
ShadowTalk Update – 12.10.2018

ShadowTalk Update – 12.10.2018

December 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott...
Using Shadow Search to Power Investigations: Sextortion Campaigns

Using Shadow Search to Power Investigations: Sextortion Campaigns

December 6, 2018 | 3 Min Read

We recently wrote about sextortion campaigns and how they’ve developed their lures over time. As a result of these campaigns,...
2019 Cyber Security Forecasts: Six Things on the Horizon

2019 Cyber Security Forecasts: Six Things on the Horizon

December 5, 2018 | 9 Min Read

The new year is upon us! 2018 brought us Spectre and Meltdown, Russian GRU indictments, and the exposure of 500...
ShadowTalk Update – 12.03.2018

ShadowTalk Update – 12.03.2018

December 3, 2018 | 3 Min Read

Michael Marriott, Dr Richard Gold and Simon Hall discuss our recent findings on threat actors using cracked versions of Cobalt...
Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

November 29, 2018 | 5 Min Read

I’m a big fan of the Cobalt Strike threat emulation software. Here at Digital Shadows, it’s a staple of our...
Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

November 27, 2018 | 3 Min Read

Australian Signals Directorate Essential 8 The Australian Signals Directorate (ASD) has published what it calls the “Essential 8”: a set...
ShadowTalk Update – 11.26.2018

ShadowTalk Update – 11.26.2018

November 26, 2018 | 3 Min Read

With Black Friday kicking off the holiday spending season, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber...
Black Friday and Cybercrime: Retail’s Frankenstein Monster

Black Friday and Cybercrime: Retail’s Frankenstein Monster

November 20, 2018 | 5 Min Read

With every year that passes, Black Friday seems to morph into a creation its original proponents could not have even...
Sextortion 2.0: A New Lure

Sextortion 2.0: A New Lure

November 20, 2018 | 4 Min Read

Back in September we released a blog about the large volume of sextortion email campaigns that were hitting people’s inboxes....
ShadowTalk Update – 11.19.2018

ShadowTalk Update – 11.19.2018

November 19, 2018 | 2 Min Read

Leaked court documents surfaced this week detailing how Italian authorities tried and ultimately failed to identify and convict the vigilante...
Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your company and brand can be targeted by threat actors or groups who...
A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

November 13, 2018 | 5 Min Read

I recently attended the ENISA (European Union Agency for Network and Information Security) Threat Intelligence Workshop held in Brussels on...
ShadowTalk Update – 11.12.2018

ShadowTalk Update – 11.12.2018

November 12, 2018 | 2 Min Read

In this week’s ShadowTalk, we discuss the big vulnerability and exploit stories of the week. The team discuss the Cisco...
To Pay or Not to Pay: A Large Retailer Responds to DDoS Extortion

To Pay or Not to Pay: A Large Retailer Responds to DDoS Extortion

November 8, 2018 | 3 Min Read

Fans of The Sopranos or Goodfellas are well-versed in the world of extortion. Whether it is paying off Tony Soprano...
Security Analyst Spotlight Series: Adam Cook

Security Analyst Spotlight Series: Adam Cook

November 7, 2018 | 6 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts provide relevant...
ShadowTalk Update – 11.05.2018

ShadowTalk Update – 11.05.2018

November 5, 2018 | 3 Min Read

In November 2016, Tesco Bank suffered a series of fraud attacks that allowed cybercriminals to check out with £2.26m (roughly...
81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

November 2, 2018 | 5 Min Read

This morning, the British Broadcasting Corporation (BBC) published an article detailing how online actors had obtained and advertised at least...
Choosing the Right Cyber Security Partner for your Business: A glimpse through Digital Logistix journey searching for a Digital Risk Protection Solution

Choosing the Right Cyber Security Partner for your Business: A glimpse through Digital Logistix journey searching for a Digital Risk Protection Solution

October 31, 2018 | 3 Min Read

This blog was written by Ricardo Martinez, Director of Business Development for Latin America at Digital Logistix. With more than...
The Dark Web: Marketers’ Trick or Threat Intelligence Treat?

The Dark Web: Marketers’ Trick or Threat Intelligence Treat?

October 31, 2018 | 5 Min Read

At this time of the year, you can’t go anywhere without encountering something dark, spooky and mysterious. It all reminds...
ShadowTalk Update – 10.29.2018

ShadowTalk Update – 10.29.2018

October 29, 2018 | 3 Min Read

In this week’s ShadowTalk, Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the...
Cyber Security Awareness Month: Week 4 – Privacy

Cyber Security Awareness Month: Week 4 – Privacy

October 25, 2018 | 6 Min Read

This week in Brussels, Apple’s chief executive Tim Cook somewhat surprisingly castigated how personal data is handled by businesses and...
Bank Discovers Customer Credit Card Numbers Traded Online

Bank Discovers Customer Credit Card Numbers Traded Online

October 23, 2018 | 3 Min Read

Payment card fraud costs banks and merchants nearly $23 billion a year and rising. As consumers spend more money online,...
ShadowTalk Update – 10.22.2018

ShadowTalk Update – 10.22.2018

October 22, 2018 | 3 Min Read

In this week’s ShadowTalk, following on from last week’s conversation on how managed service providers can increase your attack surface,...
Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

October 19, 2018 | 7 Min Read

This week we move onto theme three of Cyber Security Month: recognize cyber scams. The important point here is that...
12.5 Million Email Archives Exposed: Lowering the Barriers for BEC

12.5 Million Email Archives Exposed: Lowering the Barriers for BEC

October 18, 2018 | 4 Min Read

Digital Shadows’ latest research report, Pst! Cybercriminals on the Outlook for Your Emails, highlights the different ways cybercriminals can access corporate...
Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

October 17, 2018 | 7 Min Read

This week, National Cyber Security Awareness Month (NCSAM) focuses on accountability and responsibility within the information security space: “It’s Everyone’s...
ShadowTalk Update – 10.15.2018

ShadowTalk Update – 10.15.2018

October 15, 2018 | 3 Min Read

In ShadowTalk this week, Digital Shadows’ CISO Rick Holland, Richard Gold and Simon Hall join Rafael Amado to discuss the Hidden...
Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

October 11, 2018 | 5 Min Read

This week’s theme for National Cyber Security Awareness Month (NCSAM) is based around encouraging ‘students and others to seek highly...
Phishing Site Impersonates Financial Services Institution

Phishing Site Impersonates Financial Services Institution

October 10, 2018 | 3 Min Read

If the infamous bank robber, Willie Sutton, were alive today and honed his cyber skills, he might turn his attention...
33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy

33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy

October 9, 2018 | 4 Min Read

Last week, I wrote about how cybercriminals are looking to trade corporate emails in their pursuit of conducting Business Email...
ShadowTalk Update – 10.08.2018

ShadowTalk Update – 10.08.2018

October 8, 2018 | 3 Min Read

In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise, Pst!...
Business Email Compromise: When You Don’t Need to Phish

Business Email Compromise: When You Don’t Need to Phish

October 4, 2018 | 4 Min Read

According to the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since...
Cyber Security Awareness Month: Week 1 – Credential Hygiene

Cyber Security Awareness Month: Week 1 – Credential Hygiene

October 3, 2018 | 5 Min Read

It’s the opening week of the annual National Cyber Security Awareness Month (U.S.) and Cyber Security Month (Europe). While good...
Security Analyst Spotlight Series: Christian Rencken

Security Analyst Spotlight Series: Christian Rencken

October 2, 2018 | 5 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts provide relevant...
ShadowTalk Update – 10.01.2018

ShadowTalk Update – 10.01.2018

October 1, 2018 | 3 Min Read

Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the possible implications of Facebook security...
Cybercriminal Marketplaces: Olympus Has Fallen

Cybercriminal Marketplaces: Olympus Has Fallen

September 28, 2018 | 5 Min Read

The Olympus cybercriminal marketplace has been caught up in another PR disaster, with the owners reportedly conducting an exit scam...
Thedarkoverlord Out to KickAss and Cash Out Their Data

Thedarkoverlord Out to KickAss and Cash Out Their Data

September 27, 2018 | 5 Min Read

A user claiming to be the notorious darkoverlord extortionist threat actor has appeared on a dark web cybercriminal forum offering...
10 Things You Didn’t Know You Could Do with Shadow Search™

10 Things You Didn’t Know You Could Do with Shadow Search™

September 25, 2018 | 5 Min Read

You may have seen that we’ve recently released Shadow Search, a new tool that gives you immediate access to both...
ShadowTalk Update – 09.24.2018

ShadowTalk Update – 09.24.2018

September 24, 2018 | 3 Min Read

In ShadowTalk this week, Richard Gold, Simon Hall and Rafael Amado focus on the trade-offs between security and usability, as...
The 2017 FSB indictment and Mitre ATT&CK™

The 2017 FSB indictment and Mitre ATT&CK™

September 20, 2018 | 11 Min Read

On  February 28th, 2017 the US Department of Justice indicted a notorious hacker, Alexsey Belan, and his FSB (Russia’s internal...
Non-traditional State Actors: New Kids on the Block

Non-traditional State Actors: New Kids on the Block

September 18, 2018 | 5 Min Read

Cyber threat reporting sits at a dichotomy. On the one hand, much furor is made of the role of non-state...
ShadowTalk Update – 09.17.2018

ShadowTalk Update – 09.17.2018

September 17, 2018 | 2 Min Read

In this week’s ShadowTalk, Richard Gold and Simon Hall join Michael Marriott to discuss the latest spate of attacks by...
Airline Discovers Trove of Frequent Flyer Accounts Compromised and Posted for Sale Online

Airline Discovers Trove of Frequent Flyer Accounts Compromised and Posted for Sale Online

September 14, 2018 | 3 Min Read

Reward program fraud has been rising in recent years across the aviation industry as well as the entire transportation sector....
MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

September 13, 2018 | 18 Min Read

On 6th September the US Department of Justice (DOJ) unsealed an indictment against a North Korean regime-backed programmer who is...
GAO’s Equifax Post-mortem Report

GAO’s Equifax Post-mortem Report

September 11, 2018 | 5 Min Read

It’s common for the exciting and novel issues that confront security professionals on a daily basis to be hyped up....
ShadowTalk Update – 09.10.2018

ShadowTalk Update – 09.10.2018

September 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and Rafael Amado join Michael Marriott to discuss the latest Department of Justice complaint...
Sextortion – When Persistent Phishing Pays Off

Sextortion – When Persistent Phishing Pays Off

September 6, 2018 | 4 Min Read

You may have heard of a recent surge in sextortion-based phishing campaigns. These campaigns seek to extort victims by threatening...
Online Risks to Fortnite Users

Online Risks to Fortnite Users

September 4, 2018 | 5 Min Read

With an enticing array of viral dance moves, tough weekly challenges and fresh skins, people are going bananas for Fortnite....
ShadowTalk Update – 09.03.2018

ShadowTalk Update – 09.03.2018

September 3, 2018 | 3 Min Read

Not a week goes by without an example where credential stealing, credential reuse, or poor password practices contributed heavily to...
Security Analyst Spotlight Series: Heather Farnsworth

Security Analyst Spotlight Series: Heather Farnsworth

August 30, 2018 | 5 Min Read

Organizations rely on Digital Shadows to be an extension of their security team. Our global team of analysts provide relevant...
Understanding Threat Modelling

Understanding Threat Modelling

August 29, 2018 | 4 Min Read

What is a threat model? Threat modelling, as defined by OWASP, “works to identify, communicate, and understand threats and mitigations...
ShadowTalk Update – 08.27.2018

ShadowTalk Update – 08.27.2018

August 27, 2018 | 3 Min Read

With November’s U.S. midterm elections fast-approaching, we dive into the latest threats and discuss how organizations can understand the threat...
Online Cybercrime Courses: Back to School Season

Online Cybercrime Courses: Back to School Season

August 23, 2018 | 4 Min Read

It’s that time of year again. Summer is drawing to a close and retailers are making the most of the...
Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

August 22, 2018 | 12 Min Read

On August 1, 2018, the US Department of Justice unsealed an indictment against three members of the international cybercrime group...
ShadowTalk Update – 08.20.2018

ShadowTalk Update – 08.20.2018

August 20, 2018 | 3 Min Read

In this week’s ShadowTalk, we dig into ATM fraud. Digital Shadows’ Strategic Intelligence manager Rose Bernard joins Rafael Amado to...
Five Threats to Financial Services: Part Five, Hacktivism

Five Threats to Financial Services: Part Five, Hacktivism

August 15, 2018 | 5 Min Read

OK, so it’s not a sexy as insider threats, banking trojans, phishing campaigns or payment card fraud, but hacktivism is...
Five Threats to Financial Services: Part Four, Payment Card Fraud

Five Threats to Financial Services: Part Four, Payment Card Fraud

August 14, 2018 | 6 Min Read

Payment card information is the lifeblood of the cybercriminal ecosystem. In previous blogs in this series, we’ve focused on how...
ShadowTalk Update – 08.13.2018

ShadowTalk Update – 08.13.2018

August 13, 2018 | 3 Min Read

In this week’s ShadowTalk it’s all things phishing. Rose Bernard and Simon Hall join Rafael Amado to discuss the recent...
Digital Shadows Contributes to Insider Threat Research

Digital Shadows Contributes to Insider Threat Research

August 9, 2018 | 5 Min Read

On July 30, Forrester published its latest research report on malicious insiders, Defend Your Data As Insiders Monetize Their Access....
Five Threats to Financial Services: Phishing Campaigns

Five Threats to Financial Services: Phishing Campaigns

August 8, 2018 | 7 Min Read

In our last blog, we highlighted how banking trojans are a threat to banking customers and small businesses, normally delivered...
ShadowTalk Update – 08.06.2018

ShadowTalk Update – 08.06.2018

August 6, 2018 | 2 Min Read

In this week’s episode, JP Perez-Etchegoyen, CTO of Onapsis, joins Michael Marriott to talk about the exposure of SAP and...
FIN7: Arrests and Developments

FIN7: Arrests and Developments

August 2, 2018 | 6 Min Read

Three alleged members of FIN7 arrested On August 1st, 2018, the US Department of Justice filed criminal charges against three...
Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

August 1, 2018 | 3 Min Read

In my most recent blog post I discussed Digital Shadows’ Women’s Network and how it is helping us shape wider...
Security Spotlight Series: Dr. Richard Gold

Security Spotlight Series: Dr. Richard Gold

July 31, 2018 | 4 Min Read

Organizations rely on Digital Shadows to be an extension of their security team. Our global team provide the latest tooling,...
ShadowTalk Update – 07.30.2018

ShadowTalk Update – 07.30.2018

July 30, 2018 | 3 Min Read

Richard Gold and Rose Bernard join Michael Marriott to talked about updates to the Satori botnet, which has expanded to...
Black Hat USA 2018

Black Hat USA 2018

July 26, 2018 | 2 Min Read

Black Hat USA 2018 is quickly approaching! The conference, one of the world’s leading Information Security events, focuses on the...
Cyber Threats to ERP Applications: Threat Landscape

Cyber Threats to ERP Applications: Threat Landscape

July 24, 2018 | 4 Min Read

What are ERP Applications? Organizations rely on Enterprise Resource Planning (ERP) applications to support business processes. This includes payroll, treasury,...
ShadowTalk Update – 07.23.2018

ShadowTalk Update – 07.23.2018

July 23, 2018 | 3 Min Read

In this week’s ShadowTalk, we discuss the Robert Mueller indictment against 12 Russian individuals for alleged US election interference. However,...
Five Threats to Financial Services: Banking Trojans

Five Threats to Financial Services: Banking Trojans

July 19, 2018 | 5 Min Read

A couple of weeks ago, we learned about a new phishing campaign that delivered Trickbot in an attempt to harvest...
Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

July 17, 2018 | 10 Min Read

A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve...
Digital Risk Protection: Avoid Blind Spots with a More Complete Risk Picture

Digital Risk Protection: Avoid Blind Spots with a More Complete Risk Picture

July 17, 2018 | 5 Min Read

“Digital Shadows leads the pack for digital risk protection providers.” Digital Shadows’ customers have been telling us this for years,...
ShadowTalk Update – 07.16.2018

ShadowTalk Update – 07.16.2018

July 16, 2018 | 2 Min Read

In this week’s ShadowTalk, Digital Shadows’ Russian-speaking security specialist discovered files and source code allegedly related to the Carbanak organized...
Alleged Carbanak Files and Source Code Leaked: Digital Shadows’ Initial Findings

Alleged Carbanak Files and Source Code Leaked: Digital Shadows’ Initial Findings

July 11, 2018 | 6 Min Read

Digital Shadows’ Russian-speaking security team discovered a post from 6 July 2018 on exploit[.]in that provided files and source code...
Security Analyst Spotlight Series: Harrison Van Riper

Security Analyst Spotlight Series: Harrison Van Riper

July 10, 2018 | 6 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts provide relevant...
ShadowTalk Update – 07.09.2018

ShadowTalk Update – 07.09.2018

July 9, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and Simon Hall join Rafael Amado to discuss SSL (Secure Sockets Layer) interception, a...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface Reduction is a powerful tool used to protect and harden environments. It’s a...
ShadowTalk Update – 07.02.2018

ShadowTalk Update – 07.02.2018

July 2, 2018 | 3 Min Read

In this week’s ShadowTalk, following news that a database containing 340 million records has been publicly exposed to the internet,...
Diversity and Digital Shadows Women’s Network

Diversity and Digital Shadows Women’s Network

June 26, 2018 | 3 Min Read

If you haven’t already watched RBG – a movie about the incredible life of U.S. Supreme Court Justice Ruth Bader...
ShadowTalk Update – 06.25.2018

ShadowTalk Update – 06.25.2018

June 25, 2018 | 3 Min Read

In this week’s ShadowTalk, Simon Hall and Richard Gold join Michael Marriott to discuss the merits and perils of attribution,...
How Cybercriminals are Using Messaging Platforms

How Cybercriminals are Using Messaging Platforms

June 21, 2018 | 4 Min Read

Alternative Ways Criminals Transact Online: A Moving Target Last week, the cracking forum (specialized in tools for gaining unauthorized access...
Five Threats to Financial Services: Part One, Insiders

Five Threats to Financial Services: Part One, Insiders

June 19, 2018 | 5 Min Read

The sensitive and financial data held by banks and financial institutions, as well as their centrality to national infrastructure, makes...
ShadowTalk Update – 06.18.2018

ShadowTalk Update – 06.18.2018

June 18, 2018 | 3 Min Read

In ShadowTalk this week, Dr Richard Gold and Simon Hall join Rafael Amado to discuss misconceptions around vulnerabilities and exploits,...
Security Analyst Spotlight Series: Rafael Amado

Security Analyst Spotlight Series: Rafael Amado

June 14, 2018 | 9 Min Read

Organizations rely on Digital Shadows to be an extension of their security team. Our global team of analysts provide relevant...
How Cybercriminals are using Blockchain DNS: From the Market to the .Bazar

How Cybercriminals are using Blockchain DNS: From the Market to the .Bazar

June 12, 2018 | 5 Min Read

Since the takedowns of AlphaBay and Hansa in 2017, the cybercriminal community has been incorporating alternative technologies to improve both...
Shadow Talk Update – 06.11.2018

Shadow Talk Update – 06.11.2018

June 11, 2018 | 3 Min Read

In Shadow Talk this week, Dr Richard Gold joins us to discuss the issue of security debt, a term used...
Threats to the 2018 Football World Cup: Traditional Rules or a New Style of Play?

Threats to the 2018 Football World Cup: Traditional Rules or a New Style of Play?

June 7, 2018 | 7 Min Read

The tension and excitement that precedes all global sporting events is beginning to build towards the start of this year’s...
Market.ms: Heir to the AlphaBay and Hansa throne?

Market.ms: Heir to the AlphaBay and Hansa throne?

June 4, 2018 | 5 Min Read

It’s almost one year since the AlphaBay and Hansa dark web marketplace takedowns, also known as Operation Bayonet. Looking back,...
Shadow Talk Update – 06.04.2018

Shadow Talk Update – 06.04.2018

June 4, 2018 | 3 Min Read

In this week’s Shadow Talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998...
7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

May 30, 2018 | 5 Min Read

Lockpath’s Vice President of Development Tony Rock and I recently conducted a webinar titled “7 Ways the Digital Risk Revolution...
Shadow Talk Update – 05.29.2018

Shadow Talk Update – 05.29.2018

May 29, 2018 | 4 Min Read

The focus in this week’s Shadow Talk is on “VPNFilter”, a modular malware with disruptive functionalities has targeted more than...
Security Analyst Spotlight Series: Rose Bernard

Security Analyst Spotlight Series: Rose Bernard

May 23, 2018 | 5 Min Read

Organizations rely on our cyber intelligence analysts to be an extension of their security team. Our global team of analysts...
A New Approach for Channel Security Consultants

A New Approach for Channel Security Consultants

May 22, 2018 | 5 Min Read

Old school security practices simply don’t fit the new IT environment.  Cloud computing, applications and distributed workforces have changed the...
Shadow Talk Update – 05.21.2018

Shadow Talk Update – 05.21.2018

May 21, 2018 | 3 Min Read

In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to...
Digital Shadows 7th Anniversary – A Look Back

Digital Shadows 7th Anniversary – A Look Back

May 16, 2018 | 4 Min Read

Today marks the 7th anniversary of Digital Shadows. As James and I looked back on the year, we were amazed...
Shadow Talk Update – 05.14.2018

Shadow Talk Update – 05.14.2018

May 14, 2018 | 3 Min Read

In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We...
Offsetting Dunbar by Developing Diversity

Offsetting Dunbar by Developing Diversity

May 8, 2018 | 2 Min Read

Some of you may be familiar with the Dunbar Number, 150, being the maximum amount of relationships one individual can...
Shadow Talk Update – 05.07.2018

Shadow Talk Update – 05.07.2018

May 7, 2018 | 3 Min Read

In this week’s episode Shadow Talk, it’s a vulnerability extravaganza. We cover malicious use of legitimate software, as APT28 is...
The Other Side of the Counter: DDoS, Social Engineering, Spambots and Insider Risks to Criminal Locations

The Other Side of the Counter: DDoS, Social Engineering, Spambots and Insider Risks to Criminal Locations

May 2, 2018 | 5 Min Read

An enduring characteristic of dark web marketplaces is how frequently they’re offline, often through denial of services attacks. While marketplace...
Shadow Talk Update – 04.30.2018

Shadow Talk Update – 04.30.2018

April 30, 2018 | 2 Min Read

In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in...
Digital Shadows Opens New State of the Art London Office in Canary Wharf

Digital Shadows Opens New State of the Art London Office in Canary Wharf

April 26, 2018 | 2 Min Read

When myself and James Chappell set the company up six years ago at a kitchen table in Camden, London, we...
Keys to the Kingdom: Exposed Security Assessments

Keys to the Kingdom: Exposed Security Assessments

April 24, 2018 | 4 Min Read

Organizations employ external consultants and suppliers to perform assessments and penetration tests that help to bolster their overall internal security....
Shadow Talk Update – 04.23.2018

Shadow Talk Update – 04.23.2018

April 23, 2018 | 3 Min Read

This week’s Shadow Talk discusses Russia’s attempts to ban the social messaging app, and also read between the lines of the joint US...
Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

April 18, 2018 | 4 Min Read

For organizations dealing with proprietary information or assets, one of the greatest concerns is the threat of competitors getting hold...
When There’s No Need to Hack: Exposed Personal Information

When There’s No Need to Hack: Exposed Personal Information

April 17, 2018 | 4 Min Read

With Equifax‘s breach of 145 million records still fresh in everyone’s memory and the recent Facebook data privacy controversy, protecting personal...
Shadow Talk Update – 04.16.2018

Shadow Talk Update – 04.16.2018

April 16, 2018 | 5 Min Read

This week’s Shadow Talk discusses a Cisco Smart Install Client flaw exploited in disruption attack, an information leak vulnerability discovered...
Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

April 12, 2018 | 5 Min Read

The recent assassination attempt on former Russian spy Sergey Skripal has led to a deluge of cyber-based conspiracy theories within...
Leveraging the 2018 Verizon Data Breach Investigations Report

Leveraging the 2018 Verizon Data Breach Investigations Report

April 10, 2018 | 5 Min Read

Today, the 11th edition of the Verizon Data Breach Investigations Report (DBIR) has been released. This year’s report includes 53,308...
Introducing Shadow Search – Quickly enable deeper research and investigation

Introducing Shadow Search – Quickly enable deeper research and investigation

April 10, 2018 | 5 Min Read

All enterprises face key challenges in their quest to protect their organization from cyber threats. One challenge I hear consistently...
Shadow Talk Update – 04.09.2018

Shadow Talk Update – 04.09.2018

April 9, 2018 | 4 Min Read

Back from the Easter break, this week’s Shadow Talk discusses what the re-emergence of WannaCry, exposure of Aggregate IQ data,...
One CISO’s Recommendations for Making the Most of RSA Conference Sessions

One CISO’s Recommendations for Making the Most of RSA Conference Sessions

April 9, 2018 | 6 Min Read

Last week, Enterprise Strategy Group (ESG) principal analyst, Jon Oltsik, wrote an article for CSO titled: “RSA Conference: CISOs’ top...
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

April 5, 2018 | 4 Min Read

Our recent report “Too Much Information”, discovered over 1.5 billion files from a host of services, including Amazon S3 buckets,...
Genesis Botnet: The Market Claiming to Sell Bots That Bypass Fingerprinting Controls

Genesis Botnet: The Market Claiming to Sell Bots That Bypass Fingerprinting Controls

April 3, 2018 | 4 Min Read

An emerging criminal market, Genesis store, provides more effective ways to impersonate a victim’s browser activity, focusing on individual bots...
RSA Conference 2018 – Digital Shadows

RSA Conference 2018 – Digital Shadows

March 28, 2018 | 2 Min Read

RSA Conference is almost here! This year’s conference theme is “Now Matters,” looking at the quick impact threats can have...
The Five Families: The Most Wanted Ransomware Groups

The Five Families: The Most Wanted Ransomware Groups

March 27, 2018 | 5 Min Read

Last week we presented a webinar on “Emerging Ransomware Threats and How to Protect Your Data”. Here we discussed the latest...
Shadow Talk Update – 03.26.2018

Shadow Talk Update – 03.26.2018

March 26, 2018 | 4 Min Read

This week’s Shadow Talk discusses what the Cambridge Analytica revelations mean for disinformation and personal privacy, updates to Trickbot, Zeus...
Pop-up Twitter Bots: The Shift to Opportunistic Targeting

Pop-up Twitter Bots: The Shift to Opportunistic Targeting

March 22, 2018 | 4 Min Read

Since the furor surrounding Russia’s alleged use of Twitter bots to influence the 2016 presidential election in the United States,...
Cyber Security as Public Health

Cyber Security as Public Health

March 21, 2018 | 4 Min Read

Public health, one of the great 20th century ideas, has many instructive lessons for cyber security in the 21st. Let’s...
Shadow Talk Update – 03.19.2018

Shadow Talk Update – 03.19.2018

March 19, 2018 | 5 Min Read

This week’s Shadow Talk features the latest techniques in tax return fraud, claimed vulnerabilities in AMD chips, Slingshot malware targeting Mikrotik...
Anonymous and the New Face of Hacktivism: What to Look Out For in 2018

Anonymous and the New Face of Hacktivism: What to Look Out For in 2018

March 13, 2018 | 6 Min Read

The Anonymous collective has been the face of activism since 2008. Since then, the group’s membership, operations, and structure have...
Shadow Talk Update – 03.12.2018

Shadow Talk Update – 03.12.2018

March 12, 2018 | 3 Min Read

This week’s Shadow Talk features more distributed denial of service (DDoS) attacks using Memcached servers, how disinformation is more than...
Ransomware in 2018: 4 Things to Look Out For

Ransomware in 2018: 4 Things to Look Out For

March 8, 2018 | 4 Min Read

Ransomware remains an active threat for organizations into 2018. Last year, large scale attacks like NotPetya and WCry wreaked havoc,...
Pressing For Progress This International Women’s Day

Pressing For Progress This International Women’s Day

March 8, 2018 | 3 Min Read

“Do you think you’re going to be able to handle working with all these men?” One of the few questions...
It’s Accrual World: Tax Return Fraud in 2018

It’s Accrual World: Tax Return Fraud in 2018

March 7, 2018 | 5 Min Read

With just over a month until Tax Deadline Day, individuals are scrambling to get their tax returns submitted. This is...
Shadow Talk Update – 03.05.2018

Shadow Talk Update – 03.05.2018

March 5, 2018 | 3 Min Read

On this week’s Shadow Talk podcast, the Research Team cover CVE-2018-4878 being used in a spam campaign, the HTTPS certificate...
The New Frontier: Forecasting Cryptocurrency Fraud

The New Frontier: Forecasting Cryptocurrency Fraud

March 1, 2018 | 6 Min Read

Not a week goes by without a new case of cryptocurrency fraud making headlines. The most recent example concerned the...
Protecting Your Brand: Return on Investment

Protecting Your Brand: Return on Investment

February 27, 2018 | 3 Min Read

Last week I was joined by Brett Millar, Director of Global Brand Protection for Fitbit, for a webinar on “Protecting...
Shadow Talk Update – 02.26.2018

Shadow Talk Update – 02.26.2018

February 26, 2018 | 3 Min Read

In this week’s podcast, the Digital Shadows Research Team discuss attacks against banks using the SWIFT network, business email compromise...
Threats to the Upcoming Italian Elections

Threats to the Upcoming Italian Elections

February 22, 2018 | 7 Min Read

On 5 March Italian citizens will vanno alle urne to vote in a general election, following the dissolution of the...
Prioritize to Avoid Security Nihilism

Prioritize to Avoid Security Nihilism

February 20, 2018 | 3 Min Read

In many situations associated with cyber security, in particular defending an organization, it is easy to get overwhelmed with not...
Shadow Talk Update – 02.19.2018

Shadow Talk Update – 02.19.2018

February 19, 2018 | 3 Min Read

In this week’s Shadow Talk podcast, the Digital Shadows Research Team analyses new activity from the Lazarus Group, attacks on...
Infraud Forum Indictment and Arrests: What it Means

Infraud Forum Indictment and Arrests: What it Means

February 15, 2018 | 7 Min Read

On 07 February 2018, the U.S. Department of Justice unveiled an indictment from 31 October 2017 against 36 individuals associated...
Cryptojacking: An Overview

Cryptojacking: An Overview

February 13, 2018 | 5 Min Read

What is Cryptojacking? Cryptojacking is the process of hijacking someone else’s browser to mine cryptocurrencies with their computer processing power....
Shadow Talk Update – 12.02.2018

Shadow Talk Update – 12.02.2018

February 12, 2018 | 4 Min Read

With the 2018 Winter Games beginning this week, the Digital Shadows Research Team focused on threats to those traveling to...
2017 Android malware in review: 4 key takeaways

2017 Android malware in review: 4 key takeaways

February 8, 2018 | 4 Min Read

Android mobile devices were an attractive target for malicious activity throughout 2017. The ubiquity of these devices, and the sensitive...
Phishing for Gold: Threats to the 2018 Winter Games

Phishing for Gold: Threats to the 2018 Winter Games

February 6, 2018 | 7 Min Read

Digital Shadows has been monitoring major sporting events since 2014, beginning with the Winter Olympics in Sochi, Russia, and then...
Shadow Talk Update – 02.05.2018

Shadow Talk Update – 02.05.2018

February 5, 2018 | 3 Min Read

In this week’s podcast episode of Shadow Talk, the Digital Shadows Research Team covered a range of activity. Here’s a quick...
Four Ways Criminals Are Exploiting Interest in Initial Coin Offerings

Four Ways Criminals Are Exploiting Interest in Initial Coin Offerings

February 1, 2018 | 5 Min Read

Initial Coin Offerings (ICOs) are a way of crowdfunding cryptocurrencies and cryptocurrency platforms. By the end of 2017, almost $4...
Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

January 30, 2018 | 7 Min Read

I am one of you. I have been in the marketing field for more than 20 years and have seen...
Shadow Talk Update – 01.29.2018

Shadow Talk Update – 01.29.2018

January 29, 2018 | 4 Min Read

In this week’s Shadow Talk podcast episode, the Digital Shadows Research Team covered a range of activity. Here’s a quick...
Data Privacy Day: 8 Key Recommendations for GDPR Readiness

Data Privacy Day: 8 Key Recommendations for GDPR Readiness

January 26, 2018 | 4 Min Read

This Sunday is Data Privacy Day, “an international effort held annually on January 28th to create awareness about the importance...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on SecurityWeek.com.  Vince Lombardi, one of the greatest coaches of all time said, “The achievements of...
Another Year Wiser: Key Dates to Look Out For In 2018

Another Year Wiser: Key Dates to Look Out For In 2018

January 10, 2018 | 4 Min Read

Early last year, we published a blog outlining the events of 2017 that were most likely to attract the attention...
Why All Companies, CEO, CFO, CLO, and Board of Directors Should Require Digital Risk Management to Mitigate Corporate Risk

Why All Companies, CEO, CFO, CLO, and Board of Directors Should Require Digital Risk Management to Mitigate Corporate Risk

January 10, 2018 | 5 Min Read

Cyber attacks on businesses are now weekly news as breaches of data are announced regularly. However, until recently many corporate...
Digital Shadows Launches Weekly Newsletter: “In the Shadows”

Digital Shadows Launches Weekly Newsletter: “In the Shadows”

January 8, 2018 | 2 Min Read

Digital Shadows has just launched a new research-led weekly newsletter, “In the Shadows”, and podcast, “Shadow Talk”. Both highlight key...
GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

January 4, 2018 | 3 Min Read

In 2010, reports emerged that the Information Commissioners’ Office (ICO) could now fine organizations up to £500,000 ($677,000) under the...
Meltdown and Spectre: The Story So Far

Meltdown and Spectre: The Story So Far

January 4, 2018 | 5 Min Read

On Wednesday, rumors surfaced that there were vulnerabilities in the majority of microprocessors, which would allow attackers to access system...