WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
The ongoing COVID-19 (aka coronavirus) pandemic is having a highly detrimental effect on most businesses and organizations, yet companies linked with antibacterials and cleaning products, for example, will likely experience record sales. In yet another example of the dark web mirroring real life, the situation is no different in the cybercriminal underground.
Digital Shadows (now ReliaQuest) has observed threat actors operating on cybercriminal forums and marketplaces expressing their worries and a sense of desperation as to how the pandemic will affect their established business models. Some are urgently trying to adapt their offerings to survive in this vastly changed landscape. Other cybercriminals see an opportunity to profit from mass hysteria and panic or take advantage of the increased online exposure that virus-tackling measures have inadvertently caused.
Digital Shadows (now ReliaQuest) has observed threat actors on multiple Russian- and English-language cybercriminal forums initiating threads to discuss the likely impact of coronavirus on established services and offerings and the different types of cybercriminality that might be boosted by this unprecedented situation.
Online carding
Many of us are currently either being forced to self-isolate or are reluctant to leave our homes to visit physical shops, which has led to a huge surge in online transactions as people order deliveries to their doorsteps, a point that has not been missed by cybercriminals.
Example of discussion thread comment
According to data from online bank Starling, online shopping (which usually accounts for less than a third of transactions) outstripped all other forms of spending among the bank’s customers in the United Kingdom for the first time on 24 Mar 2020 (hitting 51.5% of transactions). It appears that these threat actors’ predictions of increased online shopping are being borne out, although it’s too early to quantify the effect of this on cybercrime.
Spreading malware
Current government advice in many countries across the world recommends that people work from home wherever possible, which has dramatically increased online activity.
Club2CRD commentary about increased opportunities for installing malware
Adapting current business models for personal gain
Many users on cybercriminal forums have been discussing or exhibiting ways in which they can adapt their current business models to derive increased profit from the current situation.
Exploit user offering coronavirus-themed fake email and website creation
Marketplace listing offering a coronavirus vaccine
However, it is sometimes unclear whether the changes that cybercriminals are making to their business models are prompted by pure greed or whether they are actually necessary measures for vendors facing real financial challenges.
Vendor announcing store-wide sale on Dread
Cannabis products offered on Dread
These vendors’ advertisements give no indication as to whether the services see an opportunity to profit from people’s boredom while being stuck indoors or fear that their business may be adversely impacted in the coming weeks. Certainly, other forum posts that Digital Shadows (now ReliaQuest) identified indicated a real sense of panic.
The earlier threads discussing COVID-19’s likely effects on the cybercriminal underground contained doom-laden posts as well as the more optimistic comments highlighted above.
Travel and event fraud
In a thread on Verified, one user highlighted travel- and event-related fraud as a sector of the cybercriminal-related economy that could be particularly hard-hit, noting that “people are afraid of flying and the borders are closed”.
Club2CRD travel vendor’s coronavirus-related post
Drops and cashing out
The discussion threads on coronavirus’s impact also highlighted the effect the illness has already had on cybercriminals engaged in bank-related fraud, cashing out, and warehouse or bank drops.
On 17 Mar 2020 Amazon announced that they would be blocking all shipments of products other than food, medicines, and other products deemed “essential” to its warehouses in response to increased demand, meaning that both legitimate and cybercriminal vendors who make use of Amazon’s storage and delivery network to move their goods will no longer be able to ship these non-essential products.
Browsing messages and offerings on cybercriminal forums and marketplaces shows that coronavirus truly is proving to be a double-edged sword for threat actors. Some enterprising cybercriminals may be relishing the increased earning opportunities that the current crisis will bring them, while others will be aghast at the thought of the swift destruction of the business models and reputations that have taken years to develop.
It will be interesting to see how the cybercriminal landscape has altered once the storm has passed, and who has been able to successfully weather the situation.
Check out our other threat intelligence updates around Coronavirus here.