WEBINAR | From Deal to Defense: Unifying Cybersecurity Post-M&A
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 15, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
There has been no shortage of media coverage on the recent TalkTalk cyber attack. The full implications of the attack are not yet known, but reports suggest it could affect a significant number of TalkTalk’s 4 million customers.
But what does this mean for organizations? It is important not to get swept up in the media storm and gain an understanding of what this means to them. This blog provides an example of how we help our clients to achieve this.
On 22nd October, TalkTalk announced that its website had been hit by a cyber attack on the 21st October. Shortly afterwards, Digital Shadows (now ReliaQuest) detected a post on Pastebin titled “Message from TalkTalk Hackers.” The post included a statement addressed to “Th3 W3b 0f H4r4m” and claimed responsibility for the attack, supposedly demonstrating their success through the publishing of sample TalkTalk user data.
The post contained a statement that used uses Islamic phrases, although the relevance of this was unclear. Furthermore, the actor was unknown and there was little to corroborate the claims. Despite this, the media jumped on the story, quick to paint a sensationalist picture of jihadists targeting the west. The reality was far more complex and required a more nuanced analysis.
The next few days saw a flurry of activity as the data appeared and re-appeared on Pastebin, as well as being offered up on online marketplaces. A host of previously unknown actors surfaced in relation to this growing list of incidents (see our timeline below for an idea).
Digital Shadows SearchLight (now ReliaQuest GreyMatter DRP)™ portal demonstrating the timeline of incidents for the TalkTalk attack.
On 24 October, titled “New message from TalkTalk Hackers” that bore similarities to a previous paste made on 22 October that addressed “Th3 W3b 0f H4r4m“. This time, however, the actor listed “another English Telecom” as the next target and that they would “soon control Europe”. What is more, the post also claimed a link to a Twitter account belonging to a JM511. While it is difficult to verify this actor was responsible, it is possible to look back across history to understand more about this individual.
JM511
In many instances, it is difficult to ascertain the reliability of the claims that arise in such high-profile attacks. It is possible to look back overtime and look at the past form of these actors in order to understand their tactics, techniques and procedures (TTPs), motivations and threat level.
JM511 joined Twitter on 14 October 2010 and has since posted content related to both hacking and hacktivist activity – including operations run by affiliates of the Anonymous collective (although there is no evidence to show that they participate in cyber activity relevant to these operations).
So what do we know about this actor? In 10 August 2015, The Employment Agents Movement (TEAM) was reportedly breached by an actor using the same identifiers as JM511. In this case, the actor stated that they were a “Saudi Arabian Hacker” based in Chicago and tweeted a link to a Pastebin post of the reportedly compromised data on 08 Aug 2015 and named the targeted site. In this incident, there were indications that the likely vector of attack was SQL injection.
Bringing these snippets of information together helps to give organizations greater situational awareness and allows them to assess the threat posed by actors purported to be involved with the TalkTalk attack.
Such large events attracts plenty of media attention, claim and counter-claims. Our job is to avoid the hype to evaluate and assess these claims in order to help our clients understand what this means for them.
The recent TalkTalk attack is just one example of this, an attack that involved many different claims. At the time of writing it is still unclear whether it is one or multiple actors involved.
The ostensible tie to JM511, who have been linked with the use of SQL injection in the past, gives us some insight into what may be happening and helps organizations gain the situational awareness they need to pick out the signal from the noise.