Category: Threat Intelligence

Threat Intelligence

Building successful teams on the cybercriminal underground

September 15, 2021 | 7 Min Read

We’ve all been socialized since childhood to the concept of teamwork. As we progress through life, we see the value collaboration brings. Its benefits are a no-brainer–with more hands on deck, a...
Building successful teams on the cybercriminal underground

Building successful teams on the cybercriminal underground

September 15, 2021 | 7 Min Read

We’ve all been socialized since childhood to the concept of teamwork. As we progress through life, we see the value...
Protecting Against Ransomware: What Role Does Threat Intelligence Play?

Protecting Against Ransomware: What Role Does Threat Intelligence Play?

September 7, 2021 | 4 Min Read

Ransomware actors are thriving at the moment: there is barely a day that goes by without the announcement of a...
The Eeveelution of ShinyHunters: From Data Leaks to Extortions

The Eeveelution of ShinyHunters: From Data Leaks to Extortions

August 26, 2021 | 7 Min Read

Suppose you were one of the lucky people playing Pokémon during its golden age (no, Pokémon GO, we’re not talking...
No Honor Among Thieves: Scamming the Scammers

No Honor Among Thieves: Scamming the Scammers

August 24, 2021 | 5 Min Read

We spoke about this pretty recently on our US edition of the ShadowTalk podcast, but there was a story that...
Supply Chain Attacks in 2021: It Takes a Village

Supply Chain Attacks in 2021: It Takes a Village

August 4, 2021 | 10 Min Read

Big Game Hunting  If you’ve performed any recent research about supply chain attacks, it becomes apparent rather quickly that after...
Initial Access Brokers in Q2

Initial Access Brokers in Q2

August 3, 2021 | 7 Min Read

Back in March 2021, Digital Shadows published a research report titled Initial Access Brokers: An Excess of Access, analyzing  more...
REvil: Analysis of Competing Hypotheses

REvil: Analysis of Competing Hypotheses

July 28, 2021 | 15 Min Read

Until the 13th of July, 2021, things appeared to be going as expected with the threat actors behind REvil (AKA...
Q2 Ransomware Roll Up

Q2 Ransomware Roll Up

July 20, 2021 | 9 Min Read

With the closing of another quarter, it’s once again time to have a look back at the cyber threat landscape...
REvil Ransomware: What’s Next?

REvil Ransomware: What’s Next?

July 15, 2021 | 10 Min Read

When ransomware hits the news cycle, and even the non-cyber security folk have questions, you know it’s gone big. This...
Kaseya Attack Update: What’s Happened Since?

Kaseya Attack Update: What’s Happened Since?

July 14, 2021 | 6 Min Read

A little over a week ago, we wrote a bit about what we knew about the Ransomware-as-a-Service (RaaS) operator group...
Why Domains Matter: Impersonations and Your Brand

Why Domains Matter: Impersonations and Your Brand

July 13, 2021 | 9 Min Read

Recently, we’ve released a few articles on typosquatting, Getting Started with Domain Monitoring Part I, and Part II and a...
Marketo: A Return to Simple Extortion

Marketo: A Return to Simple Extortion

July 8, 2021 | 9 Min Read

The world of ransomware and cyber extortion continues to change dramatically. On the one hand, new ransomware variants and data...
Typosquatting Protection 101

Typosquatting Protection 101

July 1, 2021 | 6 Min Read

What is typosquatting? Typosquatting, also known as domain squatting or URL hijacking, is a type of malicious domain-impersonation attack where...
What We’re Reading This Month

What We’re Reading This Month

June 29, 2021 | 6 Min Read

Ransomware, ransomware, RANSOMWARE! We can’t get away from it. Certainly there’s a fear that focusing too much on one threat...
Threat Actors Living Off the Land

Threat Actors Living Off the Land

June 23, 2021 | 10 Min Read

Don’t underestimate your adversary—there are some security practitioners out there who might dismiss your everyday hackers and threat actors as...
Let’s Talk About Intel Requirements

Let’s Talk About Intel Requirements

June 17, 2021 | 7 Min Read

At Digital Shadows we get excited about intelligence. In fact, we’ve talked about it more than once before. One of...
Cyber Threats to the Online Gaming Industry

Cyber Threats to the Online Gaming Industry

June 15, 2021 | 5 Min Read

Last week, Motherboard reported that source code for FIFA 21 had been stolen from EA sports by hackers. This was...
The Business of Extortion: How Ransomware Makes Money

The Business of Extortion: How Ransomware Makes Money

June 9, 2021 | 8 Min Read

We can’t stop talking about it: Ransomware. It’s dominating a lot of security news for sure, which also means it’s...
On the Rise: Ransomware and the Legal Services Sector

On the Rise: Ransomware and the Legal Services Sector

June 3, 2021 | 8 Min Read

Ransomware has continued to dominate the headlines, new attacks, new groups, new data leak sites, and new tactics. Quarter over...
Cyber Attacks: The Challenge of Attribution and Response

Cyber Attacks: The Challenge of Attribution and Response

June 1, 2021 | 11 Min Read

In December 2020, the world was rocked by an enormous supply chain attack against software provider Solarwinds, which provided unprecedented...
What We’re Reading This Month

What We’re Reading This Month

May 26, 2021 | 6 Min Read

As intelligence analysts, our day-to-day is looking at lots of different information and discovering trends or different viewpoints. The research...
How the Intelligence Cycle Can Help Defend Against Ransomware Attack

How the Intelligence Cycle Can Help Defend Against Ransomware Attack

May 25, 2021 | 14 Min Read

When Tolkien first sat down to write Lord of the Rings, he probably never imagined it would go on for...
Ransomware-as-a-Service, Rogue Affiliates, and What’s Next

Ransomware-as-a-Service, Rogue Affiliates, and What’s Next

May 20, 2021 | 7 Min Read

Generating a chain of unforeseen events, the Colonial Pipeline ransomware attack has drastically altered the broader cyber threat landscape as...
Examining Russian-language Cybercriminal Marketplaces

Examining Russian-language Cybercriminal Marketplaces

May 18, 2021 | 10 Min Read

Our blogs have covered the fate of numerous cybercriminal marketplaces on the clear, deep, and dark web over the years....
Colonial Pipeline Attack Update: Cybercriminal forum XSS, Exploit and RaidForums ban all things ransomware

Colonial Pipeline Attack Update: Cybercriminal forum XSS, Exploit and RaidForums ban all things ransomware

May 14, 2021 | 8 Min Read

One week ago, on 07 May 2021, members of the DarkSide ransomware affiliate program encrypted infrastructure belonging to the US...
Mapping MITRE ATT&CK to the WannaCry Campaign

Mapping MITRE ATT&CK to the WannaCry Campaign

May 12, 2021 | 8 Min Read

Learning from past mistakes is a crucial part of every job. Four years after WannaCry’s outbreak, analyzing which weak security...
Bitcoin and Alternative Cryptos in the Cybercriminal Underground

Bitcoin and Alternative Cryptos in the Cybercriminal Underground

May 11, 2021 | 10 Min Read

The popularity of Bitcoin and cryptocurrencies continue to progress in the modern-day, with drastically surging valuations. Notably, Bitcoin surpassed its...
Tracking Ransomware within SearchLight

Tracking Ransomware within SearchLight

April 29, 2021 | 4 Min Read

“If it ain’t broke, don’t fix it”. As we predicted last year, ransomware has been one of the most successful...
Digital Shadows and XSOAR Powering Automation

Digital Shadows and XSOAR Powering Automation

April 26, 2021 | 5 Min Read

So you’ve got some threat intelligence here, firewall logs, XDR logs, logs from there, alerts from there, digital risk information...
The Top 5 ShadowTalk Episodes of All Time

The Top 5 ShadowTalk Episodes of All Time

April 22, 2021 | 4 Min Read

On 29 April 2020, the Photon Research team Digital Shadows will record our 200th episode of ShadowTalk, our own weekly...
The Emotet Shutdown Explained

The Emotet Shutdown Explained

April 22, 2021 | 5 Min Read

Covered in our previous article on Emotet’s Disruption, Emotet has been seized by law enforcement. Authorities that managed to seize...
Q1 Vulnerability Roundup

Q1 Vulnerability Roundup

April 20, 2021 | 8 Min Read

In the first quarter of 2021, several high-severity vulnerabilities were used as a conduit to solicit several malicious campaigns. This...
Initial Access Brokers Listings Increasing in 2021

Initial Access Brokers Listings Increasing in 2021

April 13, 2021 | 7 Min Read

Since we first published our report Initial Access Brokers: An Excess of Access, Digital Shadows has continued to monitor this...
Applying MITRE ATT&CK to your CTI Program

Applying MITRE ATT&CK to your CTI Program

April 7, 2021 | 5 Min Read

In recent years, there’s been an industry-wide movement to look more externally to predict, prevent, and adapt to threats. This...
New Release: Actionable Threat Intelligence with SearchLight

New Release: Actionable Threat Intelligence with SearchLight

April 6, 2021 | 4 Min Read

This year interest in cyber threat intelligence has risen to an all-time high. High profile events such as the Solarwinds...
The Microsoft Exchange Server Exploit: What Happened Next

The Microsoft Exchange Server Exploit: What Happened Next

April 1, 2021 | 9 Min Read

It may be April Fool’s Day, but zero-day exploits detected in Microsoft Exchange Servers are no joke. It’s now been...
3 Reasons to Download our New Cyber Threat Intelligence Solutions Guide

3 Reasons to Download our New Cyber Threat Intelligence Solutions Guide

March 30, 2021 | 3 Min Read

This blog outlines what you can expect to read in our newly-released Cyber Threat Intelligence: Solutions Guide and Best Practices....
Top Blogs of Q1 2021

Top Blogs of Q1 2021

March 30, 2021 | 10 Min Read

It’s safe to say that the first quarter of 2021 gave strong 2020 vibes. As many places are starting to...
FBI IC3 2020: Cybercrime Causes $4.1 Billion in Losses

FBI IC3 2020: Cybercrime Causes $4.1 Billion in Losses

March 18, 2021 | 7 Min Read

On March 17th, the Federal Bureau of Investigation (FBI) published its 2020 Internet Crimes Complaint Center (IC3) report. This report...
Monitoring for Risks Coming From Suppliers: How SearchLight Helps

Monitoring for Risks Coming From Suppliers: How SearchLight Helps

March 18, 2021 | 4 Min Read

For those looking to monitor risks from third parties, it’s been a stressful few months. Back in December, FireEye released...
Smeltdown 2.0: Revisiting the Spectre and Meltdown Vulnerabilities

Smeltdown 2.0: Revisiting the Spectre and Meltdown Vulnerabilities

March 16, 2021 | 8 Min Read

Note: This blog is a revisit on our 2018 coverage of the Spectre and Meltdown vulnerabilities. You can read further...
No Time for Threat Intel Noise

No Time for Threat Intel Noise

March 1, 2021 | 5 Min Read

I recently hit my fifth anniversary here at Digital Shadows. I’ve been reflecting on how the threat intelligence market has...
5 Ways to Take Action on Threat Intelligence

5 Ways to Take Action on Threat Intelligence

February 18, 2021 | 5 Min Read

The Gartner definition of threat intelligence is “…evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing...
Threat Intelligence Can Be Noisy: SearchLight Helps

Threat Intelligence Can Be Noisy: SearchLight Helps

February 16, 2021 | 6 Min Read

Let’s start with a scenario. You’ve finally convinced the business to begin the journey of building up a threat intelligence...
Emotet Disruption: what it means for the cyber threat landscape

Emotet Disruption: what it means for the cyber threat landscape

February 3, 2021 | 8 Min Read

Last week, the European Union Agency for Law Enforcement Cooperation (EUROPOL) published a press release detailing the operation that led...
DarkMarket’s seizure: the decline of the marketplace?

DarkMarket’s seizure: the decline of the marketplace?

February 2, 2021 | 6 Min Read

Once upon a time, a high-profile dark web marketplace seizure or exit scam would have been big news in the...
Joker’s Stash’s Final Deal: A turning point for AVCs?

Joker’s Stash’s Final Deal: A turning point for AVCs?

January 28, 2021 | 12 Min Read

Back in December 2020, Digital Shadows reported that the Blockchain DNS domains for the infamous carding automated vending cart (AVC)...
Brexit 2021: implications for the security landscape

Brexit 2021: implications for the security landscape

January 27, 2021 | 8 Min Read

Ok I’ll admit it, I feel pretty sorry for Boris Johnson. That doesn’t appear to be a particularly common consensus...
Ransomware: Analyzing the data from 2020

Ransomware: Analyzing the data from 2020

January 26, 2021 | 7 Min Read

Note: This blog is a roundup of our quarterly ransomware series. You can also see our Q2 Ransomware Trends, Q3...
ShadowTalk Update: CISA Security Advisory, IObit Attack, and more SolarWinds!

ShadowTalk Update: CISA Security Advisory, IObit Attack, and more SolarWinds!

January 25, 2021 | 2 Min Read

ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover: Adam and...
Threats to Asset and Wealth Management in 2020-2021

Threats to Asset and Wealth Management in 2020-2021

January 21, 2021 | 10 Min Read

Note: Our findings in this blog stem from analysis of all Q4 2020 cyber threat activity by our in-house research...
Our Top 3 Takeaways from Forrester: Now Tech: External Threat Intelligence Services, Q4 2020

Our Top 3 Takeaways from Forrester: Now Tech: External Threat Intelligence Services, Q4 2020

January 20, 2021 | 4 Min Read

When it comes to selecting an external threat intelligence tool or managed service, “plenty of fish in the sea” is...
Azure AD: Auto Validate Exposed Credentials

Azure AD: Auto Validate Exposed Credentials

January 19, 2021 | 3 Min Read

SearchLight customers can now automatically validate credential alerts via an integration with Azure AD, drastically reducing the time required to...
ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!

January 18, 2021 | 3 Min Read

ShadowTalk hosts Alec, Charles, Austin, and Ivan bring you the latest in threat intelligence. This week they cover: Significant updates...
Targets and Predictions for the COVID-19 Threat Landscape

Targets and Predictions for the COVID-19 Threat Landscape

January 14, 2021 | 7 Min Read

Note: This blog is part of our ongoing coverage of the virus’s impact on the cyber threat intelligence landscape. You...
Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

January 13, 2021 | 9 Min Read

It’s often the case that a sequel to a great book or a remake of a once-popular TV series doesn’t...
ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

ShadowTalk Update: SolarWinds Updates, TicketMaster Fraud, Apex Cyber Attack, and More!

January 11, 2021 | 2 Min Read

ShadowTalk hosts Stefano, Adam and Dylan bring you the latest in threat intelligence. This week they cover: Post-holiday updates on...
ICYMI: SolarWinds Compromise Update

ICYMI: SolarWinds Compromise Update

January 8, 2021 | 7 Min Read

Note: This blog is a follow-up of our previous SolarWinds blog by our in-house threat intelligence team. You can read...
Looking back at 2020: A Year in Review

Looking back at 2020: A Year in Review

January 6, 2021 | 8 Min Read

2020 is truly an extraordinary year (and some aspects worse than others). This year was also made up of some...