Category: Threat Intelligence

Threat Intelligence

Account takeover: Are you opening the door for cyber threat actors?

May 25, 2022 | 6 Min Read

In 2020, our research report on account takeover (ATO) highlighted the risk of using credentials in an unsafe manner, which was being exploited by cyber threat actors to great effect. In the coming...
Account takeover: Are you opening the door for cyber threat actors?

Account takeover: Are you opening the door for cyber threat actors?

May 25, 2022 | 6 Min Read

In 2020, our research report on account takeover (ATO) highlighted the risk of using credentials in an unsafe manner, which...
Vulnerability Intelligence Round Up:  The Good, The Bad, and The Risky

Vulnerability Intelligence Round Up: The Good, The Bad, and The Risky

May 19, 2022 | 6 Min Read

There is a saying derived from Western movies that say whoever draws first, loses the duel. Nick Bohr, a famous...
What we’re reading this month: May 2022

What we’re reading this month: May 2022

May 18, 2022 | 7 Min Read

Where is the year going? It only seems like yesterday that we celebrated the turn of the year, with the...
Advanced persistent threat group feature: Mustang Panda

Advanced persistent threat group feature: Mustang Panda

May 17, 2022 | 7 Min Read

Advanced persistent threat (APT) groups are often tricky to wrap your head around. By their nature, state-associated groups are well-resourced...
Five years after the WannaCry dumpster fire, ransomware remains a global threat

Five years after the WannaCry dumpster fire, ransomware remains a global threat

May 11, 2022 | 7 Min Read

It has been five years since the dumpster fire we all remember as WannaCry. WannaCry is self-propagating ransomware that held...
ALPHV: The First Rust-Based Ransomware

ALPHV: The First Rust-Based Ransomware

May 6, 2022 | 7 Min Read

In late 2021, we observed a new ransomware operation named “ALPHV” (also known as BlackCat) emerge. The group operates as...
Colonial Pipeline One Year Later: What’s Changed?

Colonial Pipeline One Year Later: What’s Changed?

May 4, 2022 | 10 Min Read

For the first half of 2021, ransomware groups looked unstoppable. Ransomware gangs were adding victim after victim on their dark...
The Russia – Ukraine war: Two months in

The Russia – Ukraine war: Two months in

April 28, 2022 | 10 Min Read

The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its...
Opportunity in the midst of chaos: Russian-speaking cybercriminals grapple with sanctions and forum takedowns

Opportunity in the midst of chaos: Russian-speaking cybercriminals grapple with sanctions and forum takedowns

April 27, 2022 | 8 Min Read

As a threat intelligence professional, it’s difficult to ignore how major developments in the real world affect the lives of...
The Power Of Data Analysis In Threat Intelligence – Part 2: Machine Learning

The Power Of Data Analysis In Threat Intelligence – Part 2: Machine Learning

April 21, 2022 | 12 Min Read

This blog is the second part of our Data Analysis in Threat Intelligence series, where we focus on the tools...
What We’re Reading This Month: April 2022

What We’re Reading This Month: April 2022

April 20, 2022 | 7 Min Read

As an intelligence analyst, it’s paramount to stay on top of what’s happening in the world around you. To inform...
Q1 2022 Vulnerability Roundup

Q1 2022 Vulnerability Roundup

April 14, 2022 | 6 Min Read

In the first quarter of 2022, several high-severity vulnerabilities were targeted by threat actors to facilitate malicious campaigns. The first...
 Q1 2022 Ransomware Roundup

 Q1 2022 Ransomware Roundup

April 12, 2022 | 12 Min Read

As the new year has reached the end of its first quarter, it’s time for us to go back and...
Intelligence Collection Plans: Preparation breeds success

Intelligence Collection Plans: Preparation breeds success

April 7, 2022 | 6 Min Read

It’s been a little over a month since I wrote about how intelligence requirements (IRs) can help plan a cyber...
Team A vs Team B: What is Motivating Lapsus$?

Team A vs Team B: What is Motivating Lapsus$?

April 6, 2022 | 8 Min Read

In the past few weeks, the Lapsus$ threat group captured the security community’s attention with a series of brazen and...
Five things we learned from the Conti chat logs

Five things we learned from the Conti chat logs

April 5, 2022 | 11 Min Read

At the end of February, the cybersecurity community was rocked by the appearance of alleged chat logs recording conversations between...
The Power of Data Analysis in Threat Intelligence – Part 1: Data Collection and Data Mining

The Power of Data Analysis in Threat Intelligence – Part 1: Data Collection and Data Mining

March 31, 2022 | 8 Min Read

In 2020, there was an estimated 59 trillion gigabytes of data in the world. Most of which was created in...
Vulnerability Intelligence Round-up: Russia-Ukraine War

Vulnerability Intelligence Round-up: Russia-Ukraine War

March 24, 2022 | 6 Min Read

One month ago, the Russian government began the invasion of Ukraine, triggering one of the most severe security crises in...
Russia’s Second Front: The War on Information

Russia’s Second Front: The War on Information

March 22, 2022 | 9 Min Read

You would think that it would be nearly impossible to industrialize propaganda in the 21st century, especially with the tremendous...
Meet Lapsus$: An Unusual Group in the Cyber Extortion Business

Meet Lapsus$: An Unusual Group in the Cyber Extortion Business

March 17, 2022 | 5 Min Read

In December 2021, a new cyber threat group began attracting the security community’s attention, after conducting several high-profile extortion attacks...
The Russia-Ukraine War And The Revival Of Hacktivism

The Russia-Ukraine War And The Revival Of Hacktivism

March 16, 2022 | 4 Min Read

The international reaction to the Russian invasion of Ukraine has manifested in a few distinct ways, as outlined in our...
Biden’s Executive Order on Crypto: What you need to know

Biden’s Executive Order on Crypto: What you need to know

March 15, 2022 | 7 Min Read

On 9 Mar 2022 US President Biden signed a new executive order (EO) to ensure the responsible development of cryptocurrency...
Can cryptocurrency be used to bypass the impact of sanctions being applied against Russia?

Can cryptocurrency be used to bypass the impact of sanctions being applied against Russia?

March 9, 2022 | 10 Min Read

In an interview on 28 Feb 2022, former Presidential candidate Hillary Clinton criticized several cryptocurrency exchanges that had decided against...
Intelligence Requirements: Planning your cyber response to the Russia-Ukraine war

Intelligence Requirements: Planning your cyber response to the Russia-Ukraine war

March 1, 2022 | 11 Min Read

At the end of last week, Digital Shadow’s CISO, Rick Holland, released his blog Russian Cyber Threats: Practical Advice For...
Cybercriminals React to Ukraine-Russia Conflict

Cybercriminals React to Ukraine-Russia Conflict

February 25, 2022 | 7 Min Read

As the world reacted to Russia’s invasion of Ukraine on 24 Feb 2022, cybercriminals were also formulating their own opinions...
Russian Cyber Threats: Practical Advice For Security Leaders

Russian Cyber Threats: Practical Advice For Security Leaders

February 25, 2022 | 11 Min Read

As I spent Wednesday night doom scrolling into the early hours of the morning, I felt pretty powerless as I...
Russia Invades Ukraine: What happens next?

Russia Invades Ukraine: What happens next?

February 24, 2022 | 5 Min Read

On 23 Feb 2022,  Russian forces started a military operation targeting Ukraine. Reporting indicates that shelling in several Ukrainian cities...
Recruitment Fraud in 2022

Recruitment Fraud in 2022

February 23, 2022 | 3 Min Read

Earlier this month, the FBI released a public service announcement titled “Scammers Exploit Security Weaknesses on Job Recruitment Websites to...
“No cards = no work = no money”: Russian law enforcement’s assault on carding platforms

“No cards = no work = no money”: Russian law enforcement’s assault on carding platforms

February 18, 2022 | 9 Min Read

Arguably the biggest cybersecurity event of the year so far was the Russian Federal Security Service (FSB) arresting suspected members...
Initial Access Brokers in 2021: An Ever Expanding Threat

Initial Access Brokers in 2021: An Ever Expanding Threat

February 16, 2022 | 11 Min Read

To say that 2021 was a turbulent year for security teams would be a massive understatement. Last year, we observed...
Growing Tension Between Russia and Ukraine: Should you be concerned?

Growing Tension Between Russia and Ukraine: Should you be concerned?

February 9, 2022 | 9 Min Read

Russia and Ukraine have had a particularly tense relationship since Russia’s annexation of Crimea in 2014. In the past weeks,...
CVEs You Might Have Missed While Log4j Stole the Headlines

CVEs You Might Have Missed While Log4j Stole the Headlines

February 8, 2022 | 19 Min Read

The past three months have been a particularly challenging time for security teams. 2021 rounded off in the most spectacular...
Beijing 2022: Why you should or shouldn’t care about the Winter Olympics

Beijing 2022: Why you should or shouldn’t care about the Winter Olympics

February 3, 2022 | 9 Min Read

When asked to write about the Winter Olympic Games this year, I immediately thought about my alpine holiday in Niseko....
What We’re Reading This Month – January 2022

What We’re Reading This Month – January 2022

February 2, 2022 | 8 Min Read

January. The month also known as the time of the year where most of the Great New Year’s Resolutions come...
Vulnerability Intelligence: Introducing SearchLight’s Newest Capability

Vulnerability Intelligence: Introducing SearchLight’s Newest Capability

January 31, 2022 | 4 Min Read

Digital Shadows’ new vulnerability intelligence capability brings a unique context to CVEs. Armed with this intelligence, security teams can better...
Life in Prison: The Cybercriminal Perspective

Life in Prison: The Cybercriminal Perspective

January 27, 2022 | 9 Min Read

While some of us might be taking it easy after the excesses of the Christmas period, January certainly hasn’t been...
Vulnerability Intelligence: A Best Practice Guide

Vulnerability Intelligence: A Best Practice Guide

January 26, 2022 | 4 Min Read

Vulnerability intelligence is fast emerging as one of the most valued threat intelligence use cases. It provides information about how...
Ransomware Q4 Overview

Ransomware Q4 Overview

January 19, 2022 | 12 Min Read

2021 has finally come to an end and it is time for us to look back at some of the...
Making Sense of the REvil Arrests

Making Sense of the REvil Arrests

January 14, 2022 | 7 Min Read

On 14 January 2022, our seemingly quiet Friday afternoons were shattered by a piece of breaking news, detailing the arrest...
How Do Ransomware Groups Launder Payments?

How Do Ransomware Groups Launder Payments?

January 10, 2022 | 7 Min Read

Ransomware continued to represent arguably the biggest headache for incident responders and blue teams in 2021, and the upcoming year...