WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 16, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
In late July 2020, Digital Shadows (now ReliaQuest) had the fantastic opportunity to speak with Geoff White on ShadowTalk, Digital Shadows (now ReliaQuest)’ threat intelligence podcast. Geoff is an investigative journalist and the author of Crime Dot Com: From Viruses to Vote Rigging, How Hacking Went Global, an exciting book covering the evolution and trends of cybercrime as a whole, which was released on 10 Aug 2020.
At the beginning of the episode, Geoff commented on the oddness of the “investigative journalist” title – shouldn’t all journalism involve investigative methods? He also mentioned that he couldn’t leave things alone; he’s slightly obsessive over things and always wants to continue digging into his research.
Well, Geoff, researchers at Digital Shadows (now ReliaQuest) couldn’t agree more!
In Crime Dot Com, Geoff reaches back to the hippie-hacking ecosystem in the 1970s in California and pulls the thread to the most recent election rigging incidents in the United States. Since the book covers such an extensive history of cybercrime, it opens the doors to a broader audience, helps connect the dots in the evolution of cybercrime, and underlines trends in the cybercriminal landscape.
Before we dive into the episode, if you’re only here for a quick read, here are the main topics we covered:
Let’s get to it.
As humans, we make biases. Recognizing biases are imperative, and creating systems to gather information, independent of a hypothesis, is instrumental. As researchers, I think it’s fair to say that we’ve all found ourselves wrapped up by a particular bias throughout our investigation – even if you’re convinced that you’re on the right path, you can be completely wrong. Geoff gave us a fun example of one of his experiences:
When WannaCry crippled several systems worldwide in 2017, Geoff started digging to find out who was responsible. He started tracing BTC transactions to a specific wallet, figured out who owned the wallet, and chased the owner down the street. Turns out, it was the wrong guy.
On the flipside, Geoff has plenty of investigative wins as well – he successfully tracked down the person responsible for the Love Bug virus in the Philippines.
While there are many ways of structuring your thinking to remove or reduce the problems that biases create, James Chappell, Digital Shadows (now ReliaQuest)’ Co-Founder and Chief Innovation Officer (CIO), suggests an investigative method coined, “Analysis of Competing Hypotheses.” With this method, you set out as many hypotheses as possible, find the data that supports each theory, and build your conclusion from there. Digital Shadows (now ReliaQuest) has published a few blogs that use Analysis of Competing Hypotheses, specifically regarding the Tesco Bank incident in 2016 and WannaCry in 2017.
It’s essential to speak on the weight that attribution carries throughout our investigations. For example (this is a scary one), your company was breached, and your data was stolen – would you care that it was North Korean nation-state threat actors, or do you care that it was a criminal act and your data is now exposed?
Geoff commented that, as a journalist, he’s massively interested in who is performing these attacks. Yes, there’s an obsession with the how, but learning who did it leads to the why. He added that “if you’re telling a story, you can’t just tell the technical bits of the hack; you want to know about who’s behind it.”
All in all, it’s safe to say that attribution does help and does have value, but confidently assigning attribution to an attack is hard. This brings on the central question of where do you focus your resources? It’s an interesting debate.
Throughout our research, we’ve touched on the volatility of criminal marketplaces and forums, and a crucial part of this ecosystem is trust. Marketplaces can be vulnerable to attacks, law enforcement can take down the site, and technological problems can disrupt the marketplace’s flow. Trust is weaved into all of this; buyers wonder, “can I get the drugs, will I get the cards?” while vendors are curious if they’ll get their money. In turn, forums are trying to find ways to boost or build out different levels of trust: One strategy is to increase a forum user’s trust based on the number of posts they have contributed.
Geoff mentioned that the most innovation from these criminal networks come from trust. They’re created, disrupted, then built up again – it’s a constant evolution, and we have so much to learn. He went on to say that we cannot overestimate the impact on trust and trust networks that criminal marketplace takedowns have. Law enforcement can take something down; there’s a ripple of destruction on trust, then another marketplace comes up.
Just as the cybercriminal ecosystem relies on trust, so do we as a society, and the frightening “trust no one” mindset has affected people throughout the globe. Disinformation and fake news are where significant concerns reside. On the one hand, it’s good that people are becoming more critical of where the news is coming from; they identify the manipulation and filter through what’s happening. Geoff described that if people say, “you can’t trust anyone,” or, “you don’t know who to trust these days,” the disinformation campaigns have won. He added that “people are so skeptical these days that they’ve given up on information, and that’s terrifying; we have to fight against that with every fiber of our being.” Trust is such an integral part of our society, and as soon as you’ve eroded that trust, it can be devastating.
James Chappell commented that it takes eons to build trust. He also gave us a fitting example:
“Trust is like air in a balloon. It takes a long time to pump trust into a balloon, and the more full your balloon is, the more likely it is to burst, and the more explosive the collapse may be.”
As more and more consumers rely on digital services to carry out their daily doings, we have a beneficially digitized society. We also digitized crime without realizing it; the criminals follow the money.
Tracking the rise in cybercrime in conjunction with monitoring the increase of payment cards on the internet has been an exciting study for Geoff; as soon as the money hit the web, the cybercriminals followed.
This conversation introduced an interesting question – is cybercrime a tax on living? The answer to this question can be perceived in many ways; over time, organized cybercrime increased, and it’s inevitable. However, fighting the good fight keeps the “cybercrime tax” on society from growing even more.
At Digital Shadows (now ReliaQuest), we define a distinct difference between the clear, deep, and dark web. That’s expected, right? We’re in the information security business. However, as a journalist looking from the outside, distinguishing the dark web from the deep web from online criminality can be challenging.
As James Chappell put it, the usage of “dark web” can be willy nilly. When it comes to Geoff, it’s refreshing to see a journalist speak on the specifics on what online criminality is rather than bounding them around the term “dark web.”
According to Geoff, you’re inevitably going to get journalists that use “dark web” as shorthand, but it’s getting better. There’s a fine line between getting everything right while explaining the details to the general public, which often involves using shorthand.
Over time, cybercriminal topics have become more mainstream – people are getting more interested in this, especially after the US’s election fraud incident. I think it’s fair to say that as cyber-specific topics continue to be commonly addressed, the difference between online criminality and the “dark web” will become more apparent to the general population.
If you’re interested in reading Geoff White’s book, Crime Dot Com is available on Amazon. We thoroughly enjoyed our conversation with Geoff, and if you haven’t listened to the podcast, feel free to check it out here.