Michael Marriott

Michael Marriott is a research analyst at Digital Shadows, which he joined in late 2014. A strong up-and-comer in cybersecurity, Michael has a passion for security analysis and the trends they indicate, in order to better protect clients. He has written several articles and papers, and designed the “CATER” model of cyber threat intelligence, which is a call to action to the industry for more relevant insights to make threat intelligence less daunting for the end users who rely on it. He holds a BA in History and Masters in Applied Security and Strategy, both from the University of Exeter.​

Posts by Michael Marriott for Digital Shadows Insights Blog:

Gearing up for National Cyber Security Awareness Month

3 October 2017

I’m going to go out on a limb and say that I’m probably not the only one that’s pleased to see the back of September.

Read More

Fraudsters Scoring Big – an Inside Look at the Carding Ecosystem

19 July 2017

In season two of the Netflix series Narcos, Pablo Escobar points out that: “I’m not a rich person.

Read More

7 Tips for Protecting Against Account Takeovers

23 May 2017

In May 2017, an amalgamation of over 1 billion credentials was uploaded to the Have I Been Pwned database.

Read More

The 3 Pillars of Digital Risk Management: Part 3 - The Top 5 Main Risks of Reputational Damage

27 April 2017

In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage, contributes to Digital Risk Management.

Read More

The 3 Pillars of Digital Risk Management: Part 2 - The 6 Main Areas That Contribute to Data Leakage Risks

18 April 2017

In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage, contributes to Digital Risk Management.

Read More

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

13 April 2017

Risk is a well-developed concept within cybersecurity. The National Institute of Standards and Technology (NIST) defines the field of risk management as: “The process of identifying risk, assessing risk, and...

Read More

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

14 March 2017

Organizations face a wide range of risks online, including cyber threats, data leakage and reputational damage.

Read More

Learning from the Top Threats Financial Services Faced in 2016

8 March 2017

Organizations operating within the financial services industry represent an attractive target for threat actors. Our latest white paper, Threats to Financial Services: Taking Note from 2016, takes a look at...

Read More

Known Unknowns: Key Events to Keep Your Eyes Out for in 2017

19 January 2017

On Friday, millions will tune in to see Donald Trump inaugurated as the President of the United States.

Read More

10 Ways You Can Prepare for DDoS Attacks in 2017

11 January 2017

At the end of last month, we published a paper that forecasted the DDoS landscape for 2017.

Read More

Crowdsourced DDoS Extortion – A Worrying Development?

14 December 2016

We all know about DDoS extortion – the process is straightforward. Contact the company, threaten to launch a crippling DDoS attack that will happen unless the company pays a ransom.

Read More

Top 5 Threats to the Media and Broadcasting Industry

15 November 2016

For media and broadcasting organizations, the threat of having their websites forced offline is a significant one.

Read More

Rocking the Vote? The effects of cyber activity on the U.S. Election

27 October 2016

Contrary to some media reporting, our latest whitepaper finds that cyber activity during the 2016 U.S. presidential election does not appear to have demonstrably altered events in the short-term.

Read More

Targeting of elections; old news, fresh tactics

25 October 2016

U.S. Polling Data 440x220 3 min

There has been no shortage of media coverage surrounding U.S. election and the associated nefarious cyber activity.

Read More

New report: 97 percent of the top 1,000 companies suffer from credential compromise

21 September 2016

Leaked Credentials geo 180x110 min

Data breaches and credential compromise are not new. After all, 2014 was known as the “year of the data breach”. Last year was similarly dubbed the “year of the breach”.

Read More

Forecasting the exploit kit landscape

15 September 2016

We’ve previously written on the most popular vulnerabilities that exploit kits are using. But how might the exploit kit market develop over the next year?

Read More

Understanding Exploit Kits’ Most Popular Vulnerabilities

13 September 2016

One significant aspect of mitigating the risk posed by exploit kits is keeping software up-to-date. However, for some organizations, knowing what to patch as a priority can be difficult.

Read More

Bozkurt to Buhtrap: Cyber threats affecting financial institutions in 1H 2016

23 August 2016

At the beginning of 2016, it was reported that two suspected members of the DD4BC, a DDoS extortion group, were arrested in Europe.

Read More

Getting In Gear: Accounting for Tactical and Strategic Intelligence

9 August 2016

We’ve written before about how we like to map our services to the intelligence cycle. Of course, the intelligence cycle has its challenges – you only need to look to...

Read More

Three Tactics Behind Cyber Extortion

13 July 2016

As explained in a previous blog, extortion is not new – it’s now just been applied to the digital world in many different forms. In fact, as our extortion whitepaper...

Read More

Your money or your data: Keeping up-to-date with the innovation

7 July 2016

DDoS extortion and ransomware attacks have featured heavily in the headlines recently. But the practice of obtaining money through threats is not new.

Read More

Shining a light on the dark web

21 June 2016

The dark web receives more than its fair share of media coverage pertaining to cyber crime.

Read More

The Plan is Mightier than the Sword – Re(sources)

9 June 2016

After having discussed the importance of planning and persistence in APTs, it is important to conclude by considering the significance of resources.

Read More

OpIcarus – Increased Claims Against Financial Institutions

23 May 2016

There’s no shortage of online hacktivist operations launched by actors who are seeking to readdress injustices, perceived or actual. Indeed, we have previously posted blogs on such OpIsrael and OpOlympicHacking.

Read More

Goliath ransomware, giant problem or giant con?

17 May 2016

Ransomware can cause big problems for individuals and organizations, but what are the new types of malware that are being advertised on the dark web, are they genuine and what...

Read More

Cyber situational awareness: It just makes cents

9 May 2016

For organizations that are looking to secure their online presence, there is no shortage of products on offer.

Read More

The Hacking Team breach – an attacker’s point of view

25 April 2016

On 17 April 2016, two posts were added to Pastebin (one in Spanish, the other in English) detailing the alleged methods and tools used to access the internal network of...

Read More

Continuous monitoring: four considerations

21 April 2016

When striving to understand threats outside of an organization’s boundary, continuous monitoring and real-time alerts are two features that are often talked about.

Read More

Antifragile Security: Bouncing Back Stronger

19 April 2016

Strong, robust, stable, resilience – these are all words associated with a successful security posture. They’re comforting words that serve to gain the confidence of executives.

Read More

OpIsrael 2016 marked by increase in data compromise

11 April 2016

In our last blog on OpIsrael, we assessed what we were likely to observe on April 7.

Read More

OpIsrael: An Update

6 April 2016

Last month our intelligence team published a blog on the use of ABI in understanding OpIsrael 2016, which suggested that the level of talk was indicative of an active campaign...

Read More

A Complex Threat Landscape

14 January 2016

Achieving a better understanding of the threat landscape is key for organizations; the better they know their enemies, the better they can align their security postures. But it is hard.

Read More

TalkTalk information likely to be discoverable on the dark web

4 December 2015

Last month, TalkTalk disclosed that they been the victim of a cyber attack on its website.

Read More

Crackas With Attitude: What We've Learned

23 November 2015

One of the most active actors of the past several months has been a hacktivist group who identify themselves as ‘Crackas With Attitude’ (CWA).

Read More

Smilex: Dangers of Poor OpSec

27 October 2015

On 13 Oct 2015, it was revealed in an indictment on the US department of Justice website that Dridex (AKA Bugat and Cridex) activity had been disrupted and charges filed...

Read More

CATER, For Your Threat Intelligence Needs

8 October 2015

Our white paper, Cyber Threat Intelligence: A Buyer’s Guide, provides an overview of current CTI approaches and the types of offerings available.

Read More

Online carding

7 October 2015

There is no shortage of credit card information being sold online. In the past six months alone, our spider (which covers I2P and ToR Darknet overlay networks as well as surface web carding sites) detected thousands of instances of sites offering credit...

Read More

The Dangers of Groupthink: Part 2

10 April 2015

This post moves on to the second cause of groupthink and tries to understand how organizational structural faults may result in manifestations of groupthink.

Read More

The Dangers of Groupthink

4 March 2015

Over the next few blog posts we’ll be looking at various types of cognitive bias and suggest ways of dealing with them.

Read More