The Ecosystem of Phishing: From Minnows to Marlins

The Ecosystem of Phishing: From Minnows to Marlins
Photon Research Team
Read More From Photon Research Team
February 20, 2020 | 31 Min Read

YOU JUST WON $1,000. CLICK HERE TO CLAIM YOUR REWARD!

 IMMEDIATE! NEED WIRE DETAILS.

Check out this cat doing cat things. Link inside.

One of these email subject lines is a phish, but can you spot it at first glance? Do you know how it was made? Where did it actually come from? If I click it, am I pwned?  

Phishing emails are the most exploited “vulnerabilities” in the modern age of cyber criminality. Phishes have evolved over time, taking on new forms and adding advanced functionality at every stage of their development and delivery scheme. Simple social engineering emails with misspellings and grammatical errors have evolved into nearly undetectable impersonations of the brands that people see coming through their email inboxes every day.

 

The Origins of Phishing <><

One of the most interesting things about phishing is how it got its name. To the surprise of absolutely no one, the nascent days of Internet culture featured cybercrime activity. In the burgeoning America Online (AOL) chat rooms, users would trade stolen accounts and counterfeit software. AOL tried creating detection systems to combat this threat, but they were running into one obstacle in particular.

Users replaced revealing cybercrime terminology with the “<><” symbol as it was the most commonly used HTML tag within AOL messaging systems. Note the similarity? Looks like a fish, right? Right? Phreaking, or phone hacking, was also extremely popular during this time. Combine the two together, and you get “phishing.”  

Did you click that link and read the article? It’s fascinating. We’ll wait. Go ahead.

 

Despite how interesting that factoid may be, we actually have no idea whether it’s true, as the only mention of that symbol in correlation with phishing is from Wikipedia―an unsourced Wikipedia entry, at that. But you were tempted to click the link, weren’t you? Did you?

Phishing key findings and statistics

TLDR – We’ve got an in-depth research piece here for you, but in case you prefer an overview, here’s our quick findings and stats:

  • Barriers to entry | The barriers of entry to phishing attacks can be significantly lowered by the existence of pre-made templates, infrastructure, and tutorials for sale on cybercriminal forums and marketplaces. Phishing tutorials may be purchased on cybercriminal forums and marketplaces at an average cost of $24.83, and the tools needed to conduct an attack can cost under $20. The average cost of a prebuilt page or template is $23.27.
  • Retail and e-commerce | Out of over 100 advertisements for pre-built phishing pages and templates on cybercriminal forums and marketplaces, 29% specifically targeted retail and e-commerce organizations. These were sold for an average of $20.43.
  • Banking | Cloned or templated pages targeting banking organizations comprised 15% of advertisements, but were sold for an average of $67.91. This higher price point is likely due to the sheer financial opportunities that come with stealing credentials to an online banking service. 
  • $2-3 for Phishing Page Templates | The cheapest phishing page templates we found for purchase were for some of the biggest online brands including retailers and social media sites, averaging between $2 and $3.
  • Phishing Users and Tactics | Phishing is one of, if not the most popular attack techniques. It is used by both low-level threat actors as well as nation-state threat groups, and comes in many different forms. Depending on the target chosen, an attacker must select the most appropriate tactics and procedures that have the highest chance of resulting in a successful phish.
  • Phishing Process | This process contains four distinct stages: Creating the phishing email, choosing the distribution method, gathering the data, and cashing out.

Crafting a phishing attack: Buying your equipment

HOOK, LINE, AND SINKER

Now that I’ve hooked you 😉 into reading the rest of this Photon Research Team report, let’s look at phishing as a whole:

  • How phishing emails are created
  • How they’re distributed
  • Attackers’ tactics, techniques, and procedures (TTPs)
  • What success might look like to an attacker

Let’s start off with some data.

Whether an attacker is at the early stages of their phish, or they quickly need to get a phishing page up and running, look no further than the bustling economy that exists on criminal marketplaces. Why make something from scratch when you can buy something that’s likely better and more successful?  

Photon gathered over 100 ads over the last two and a half years from criminal marketplaces like the now defunct AlphaBay and Hansa markets, as well as newer additions like Apollon, Dream Market, and Wall Street. We found that phisherman will pay big bucks for cloned or templated phishing pages for companies within the banking sector, in particular. As you can see in Figure 1 below, cloned pages for banking companies were going for, on average, $67.91. Ecommerce was a distant second at around $20 per page, and social media sites, technology, and email service providers trailed even further below that.

 average cost of phishing templates

Figure 1: Breakdown of average costs of different phishing templates

Even though banking templates/clones were pricey, we detected more ecommerce ads than anything else, accounting for 29% of the advertisements we observed. Banks, email services, social media, and technology followed behind, in that order, as you can see in Figure 2 below. A note on multi-packs: these ads contained several targeted verticals that we discussed, so instead of breaking them out individually, we have classified them into the “multi-pack” category. LeeLoo Dallas would be proud.

 distribution of phishing ads

Figure 2: Breakdown of frequency of different types of templates

Banking was likely the most lucrative because of the obvious answer: you phish a banking login and you’re pretty much guaranteed some money. Ecommerce also makes sense, as people tend to store their payment credentials within their accounts for quick purchases. One interesting outlier we found when drilling into our data, was that investment firms were far and away the most expensive phishing pages to purchase. One ad selling a page for a well-known investment firm went for $550, and the average across five separate ads for another company was just over $338.

This is so expensive though! Attackers can be just as restricted by budgets like the rest of us, and they’re in luck when it comes to purchasing phishing pages. The cheapest phishing page templates we found for purchase were for some of the biggest online brands including retailers and social media sites, averaging between $2 and $3.

Considering the cheap access to high quality phishing pages, nondescript phishing domains available for pennies, and step-by-step walkthroughs, it’s no wonder phishing is so prevalent today.

 

Choosing your target and buying (or creating) the bait

So, what do you need to go phishing?  

Well, if you ask the U.S. Fish & Wildlife Service, you’ll need: A rod and reel, 4- to 12-pound-test monofilament fishing line, a package of fishing weights, fish hooks (number 6-10 size), a plastic or cork bobber, a selection of live bait or fishing lures, and, in some cases, a fishing license (depending on your age, of course).

If you ask on a cybercriminal forum, you’re likely to get a slightly different response. The first stage will almost always involve choosing a target. Are you going after minnows or that elusive 1,000-lb marlin? Knowing this beforehand is important, as different targets require different tactics and tools. For example, a large-scale, more indiscriminate phishing attack (minnows) can be more conducive to the use of impersonal and generic emails cast with a broad net (e.g. a spam botnet). Targeting a high-ranking executive (marlin), on the other hand, might require a more nuanced and personalized approach (e.g. spearphishing). 

Thankfully, there are multiple options available to suit the needs of every phisher, novice or professional. Here are some of the more common phish crafting methods.

 1.Email templates

Popular services (think email and social media platforms) are frequently spoofed in phishing attacks. Millions of people around the world rely on these every day, giving fraudsters a large attack surface. Phishing email templates and social engineering “how-to” guides are commonly sold on criminal forums and marketplaces. These templates can also be combined with phishing kits, allowing attackers to create spoofed login pages that are then linked directly in the phishing email (more on that later on).

As long as you have the money to buy a template, you don’t need to be a sophisticated threat actor to carry out a successful phishing attack. You don’t even need an in-depth understanding of your target. Figure 3 is a screenshot from February 2020 on XSS, a Russian-language forum, showing offers for dedicated phishing tools, including templates and scam pages for many popular services.

Advertisement of phishing tools with templates for well-known sites

Figure 3: Advertisement of phishing tools with templates for well-known sites

Typically, these templates aim to masquerade as legitimate company emails and trick recipients into handing over sensitive information, like credentials; password resets or notifications of suspicious activity are among the most common. The most convincing of these templates aim to be indistinguishable from the real thing, often using the same exact assets (e.g. images, fonts, and wording).

 

Getting sloppy or getting smarter?

You’d think that perfectly executed phishing templates are the way to go. Who would fall victim to an email that’s riddled with graphical and grammatical errors? I’m sure you’ve seen these firsthand: Phishing emails that look catastrophically (and comically) bad, incorrect company logos, missing assets, and formatting that’s all over the place. But attackers are smarter than we sometimes give them credit for. In some cases, the correct play might actually be to distribute deliberately sloppy emails.

Although this might seem counterintuitive, there’s an argument that poorly formatted phishing lures can help weed out the victims that would be less likely to readily hand over their personal information from the get-go.  

Here’s an example:

Poorly formatted Google phishing email

Figure 4: Poorly formatted Google phishing email

It’s not hard to point out the errors in this email: Missing capital letters, bad formatting, sketchy sender and recipient addresses, and a strange Google logo. We (and hopefully you) wouldn’t think twice about ignoring and deleting this email, but we’re also not the target audience.

If a victim fails to see the errors that seem obvious to others, they might also be unaware of the risks of clicking unknown links that send them to fake login pages. As eloquently put by Microsoft: 

“By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.”

There’s also a technical element that attackers have to be aware of. Algorithms like tf-idf, or term frequency–inverse document frequency, parse out the text of a document and assign weight based on the frequency of those specific words as they appear in a collection of other, similar documents. This is used by search engines to rank and score documents based on search queries, but is also used by email spam filters to help identify malicious emails and stop them from ever reaching a user’s main inbox.

By changing up the formatting of a phishing email, such as splitting up words, attackers can try to confuse the logic of spam filter algorithms. This can also explain why some phishing emails throw in Unicode characters to represent letters of the alphabet.

Can you spot the difference between “a” and the Cyrillic character “а”?

Unicode representations have different character codes than regular ASCII, and can help make the difference in determining whether a phishing email is marked as suspicious.

Text randomization service offered for sale on XSS

Figure 5: Text randomization service offered for sale on XSS

 

These tactics are well known in the cybercriminal community. In a post on the XSS Russian-language cybercriminal forum from August 2019, for example, a user asked for advice on how to send phishing emails to a database of 20,000 users that could successfully reach the inboxes of Gmail, Yahoo!, iCloud, and Outlook users. They received a response from another forum user with specific guidance, saying:

  1. 20,000 emails is a small number for mass mailing
  2. Sending the message with no links helps it to bypass spam filters – a link in an email is the first suspicious feature a spam filter looks for
  3. Randomizing the text (indents and spaces) will increase the email’s chances of reaching the inbox
  4. Sending from a corporate server is more successful

XSS user suggesting text randomization to bypass spam filters

Figure 6: XSS user suggesting text randomization to bypass spam filters

2. Phishing-as-a-Service

Another alternative to templates are phishing-as-a-service (PHaaS) options that can allow an attacker to rent the infrastructure needed to conduct phishing attacks. Procuring and setting up backend infrastructure can be time consuming, expensive, and difficult without certain expertise. By outsourcing much of the hard work, phishing capabilities are opened up to those who would not otherwise have them; renting resources for a limited time can be a very economical option.   

PHaaS services are often monetized in familiar ways, offering various monthly subscription tiers, each with different levels of features. Business models with as-a-service offerings on the cybercriminal underground are increasingly mirroring those in real life, and can make all the difference in determining whether a service sinks or swims. Digital Shadows discussed this phenomena in depth in our blog “How the Cybercriminal Underground Mirrors the Real World”.

 Phishing infrastructure rental offered on Exploit 1

Phishing infrastructure rental offered on Exploit2

 Figure 7: Phishing infrastructure rental offered on Exploit

3. Phishing kits

Figuring out the layout of login pages for common online services isn’t difficult. Attackers can either clone these websites or buy pre-made templates, and phishing kits can expedite this process even further.

A phishing kit is an all-in-one tool set that has everything an attacker needs to launch a phishing attack. Think of it as a starter kit that includes a rod, reel, fishing line, hooks, and bait. They can contain ready-built websites with spoofed login pages: All an attacker has to do is choose which service they want to target.

Phishing kits can drastically lower the barrier to enter cybercrime. Users need little to no technical skills to pull off their own phishing attacks, as long as they have the money to shell out for a phishing kit. Some even take to cybercriminal forums to ask for “hackers for hire” to help build phishing pages.

Exploit post from user looking for coder to create phishing pages

 Figure 8: Exploit post from user looking for coder to create phishing pages

 Exploit post from user looking to buy a phishing kit

Figure 9: Exploit post from user looking to buy a phishing kit

 

Phishing kits can be obtained for relatively little money. These are commonly advertised, requested, and discussed on cybercriminal forums―a testament to their popularity.

Free phishing kits offered on Exploit1

Free phishing kits offered on Exploit2

Figure 10: Free phishing kits offered on Exploit[.]in

Distribution of phishing emails: Casting the line

After the preliminary stages of identifying targets and crafting emails, attackers need to decide by what means their phishing emails will be distributed. After all, you’re not going to use the same equipment to catch that marlin as you are some minnow. In most phishing cases, this is largely an automated process. No one wants to sit and hit “send” for tens of thousands of emails. But even when an attacker is only targeting a small number of victims, they still need to ensure that their emails will:

  1. Not end up in the recipient’s spam inbox
  2. Appear to be from a legitimate sender

Whether via public or private infrastructure, emails have to come from somewhere. There are advantages and disadvantages of each, and their use will largely depend on the nature of the phisher’s target.

1. Private infrastructure

Many business email compromise (BEC) attacks involve the use of private victim infrastructure. BEC relies on the attacker being able to successfully impersonate a high-ranking employee. If you receive an email from your boss, it’ll appear more suspicious if it was sent from an unknown third-party email provider rather than from your company’s internal address.

To do this, the attacker can spoof an internal email address, compromise the site’s mail server, or compromise the email account using previously obtained credentials (like through another phishing attack or a public breach database). The former two can require significant technical understanding, whereas the latter can rely on the target being successfully phished or their credentials being previously breached.  

To spoof an email address, an attacker will first have to compromise, create, or find a Simple Mail Transfer Protocol (SMTP) server that allows the spoofed emails to be sent. By changing values in the email’s envelope with a different sender address and then populating the required commands and headers, an attacker can create a spoofed email with relative ease.  

Although that process may sound somewhat complicated, it’s easier to pull off than some other attack techniques. Even though many email providers now have integrated features that let you verify the sender address, email spoofing is still widely used for social engineering campaigns.

Another option for attackers is to compromise a company’s infrastructure and use their SMTP server to distribute phishing emails. Those used to send marketing communications can be attractive targets; heavy outgoing message traffic seems less suspicious if it’s coming from a server typically used for marketing.

As noted in smtpspam’s advice on XSS back in Figure 6, sending emails from corporate mail servers is effective in getting emails to reach a victim’s inbox.  But compromising and modifying a site’s configuration can be time consuming and difficult to do without the necessary technical skills. Less-technically inclined attackers can turn to cybercriminal forums and marketplaces to buy already-compromised servers.

Much like how marketing software (e.g. Marketo, SalesForce) is used in the real world to track inbox and delivery rates, many spam services use similar solutions to monitor the results of their campaigns. These can help attackers optimize their spam efforts by tracking the interactions of the victims. Atomic Email Tracker, for example is a legitimate software, of which cracked versions are frequently listed for sale for as little as $2 USD on cybercriminal marketplaces, or traded for free on forums.

 Atomic Email Tracker interface

Figure 11: Atomic Email Tracker interface

 

2. Public infrastructure

In addition to compromising or piggybacking on an organization’s infrastructure, attackers can also exploit public infrastructure (e.g. email providers) to cast their phishing nets. This might be a simpler option for less-technical adversaries; in many cases, all you need to do is sign up for a free account―until, of course, the provider catches on to your malicious activity.  

The catch is that many major email providers (think Gmail and Outlook) make it difficult to create accounts with the express intent to conduct spam or phishing. Even blocks at the account creation level, like requiring multi-factor authentication (MFA) with a valid, non-burner phone number, can be enough to ward off many would-be attackers. But not all email providers are alike, and some make it much easier to create email accounts for phishing, particularly those hosted in countries with less-than-ideal cooperation with law enforcement.

One of the benefits of using legitimate email providers is that certain filters may be less likely to identify messages as spam. Having a phishing email delivered into the victim’s regular inbox, rather than their spam folder, can make all the difference. MailNinja is an example of an email spam service that uses public infrastructure from the provider mail[.]ru, and its operators claim it can let spam emails reach regular inboxes (as opposed to spam) with a 98% success rate.

MailNinja spam service advertisement on XSS

Figure 12: MailNinja spam service advertisement on XSS

3. Botnets

Ahhh, botnets…the scourge of the Internet. Consisting of a large number of infected devices (think tens, if not hundreds of thousands), they can be used to facilitate a wide range of malicious activity: distributed denial of service (DDoS) attacks, data theft, espionage, and yes, even spam and phishing.

Their strength lies in their numbers. An interconnected network of hundreds of thousands of devices can achieve more than any of them could hope to on their own. With the help of things like email spam databases, attackers can direct phishing emails to a wide surface of potential victims.  

Botnets also help attackers get around IP address blacklists. When suspicious servers get identified, they are put on public blacklists, curated by companies like Spamhaus. Someone distributing spam phishing emails via their own infrastructure runs the risk of their servers being blacklisted. But if botnet activity is identified, the server of the infected device is the one that gets blacklisted instead. And when you have traffic coming from tens of thousands of individual devices, a few being identified and blocked isn’t going to significantly affect your spam distribution.  bots star wars phishing joke

 

For a device to become part of a botnet, it typically has to be infected with malware. If you see where we’re going with this, phishing can even be used to distribute botnet malware, contributing to the cyclical nature of phishing, creating even more compromised devices.  

The circle continues.

In some cases, these botnets can be monetized directly, in the vein of other as-a-service platforms. Botnets for hire give cybercriminals an additional source of revenue, and can be one of the primary motives behind a phishing campaign. Depending on the size and type of botnet, operators can make hundreds of thousands of dollars per year in revenue by monetizing rental services on a “per use basis”.

Post from an Exploit user seeking a botnet partner

Figure 13: Post from an Exploit user seeking a botnet partner

4. Mailing lists

Speaking of spam lists, these have become common place on criminal markets and forums, being traded and sold for malicious use (like phishing attacks). For example, on the popular morally-questionable forum BlackHatWorld, users frequently discuss ways to carry out certain kinds of attacks or even ways to monetize on their illicit gains. For example, see Figures 14 and 15 below.Discussion on BlackHatWorld about monetizing email list 1

Discussion on BlackHatWorld about monetizing email list 2

Figure 14: Discussion on BlackHatWorld about monetizing email list

 Discussion on BlackHatWorld of monetizing high profile email list

Figure 15: Discussion on BlackHatWorld of monetizing high profile email list.

 

How helpful! At this point, the attacker can either run an operation themselves, find a partner in crime, or simply sell their mailing list and be done with it.

In Figure 16 below, pricing for these lists are more valuable depending on the profile of the potential victims. A broad spam list may be listed for cheaper than a highly targeted list.

Ad for 10 million valid email contacts at $12.99

Ad for list of 150,000 “Wealthy UK Men” at 19.99

Figure 16: Top: Ad for 10 million valid email contacts at $12.99
Bottom: Ad for list of 150,000 “Wealthy UK Men” at 19.99

How attackers harvest data from a phishing attack: Reeling in the catch

The bait has been chosen, the line has been set and the attacker has a target on the hook. Now, how to reel the prize in?

1.Phishing pages

As once said by the venerable Jedi master Qui-Gon Jinn: “There’s always a bigger fish”. Phishing attacks don’t end with an email being opened: For a phish to be successful, attackers have to coax information out of the victim. There are several ways to harvest data, and phishing pages are some of the most common.

always a bigger phish 

A popular technique is for attackers to set up an illegitimate website spoofing the company they are using as a phishing lure. For the most part, these don’t even have to be overly complicated: In many cases, a simple login page is enough.

For example, an attacker could create a typo-squatted page with a login field hosted on a subdomain (e.g. login.digitleshadows[.]com). This URL can then be embedded in a phishing email and distributed to potential victims. Once the recipient clicks the link, they’re directed to the spoofed login page. Any credentials entered on the spoofed page are stored and exfiltrated to an attacker-controlled server. So as to not raise suspicions, many phishing pages are also configured to redirect users to the legitimate website of the company after credentials are entered.

Fake Maersk login portal

Figure 17: Fake Maersk login portal

Psssst! We help monitor for phishing pages like this for our clients. Interested in seeing how?
Request a live demo with our team here.

 

Credential harvesting techniques aren’t the only trap you might find on a phishing page; malware can frequently be found lurking in a page’s background―whether a drive-by download being delivered by an exploit kit hosted on the page, or a prompt to download a seemingly too-good-to-be-true “free application”.

Directly cloning websites is also a popular technique among aspiring phishers, and requires little technical skill to get up and running. There are modules within the open-source penetration testing software Metasploit that can directly copy webpages, and other tools were recommended by users of the now-defunct Kickass forum. XDAN CopySite is a service that allows users to enter their domain of choice and produce a static version of the webpage by generating the HTML files of pages hosted on the domain within a matter of seconds.

URL links to XDAN Copy Site shared across forums and messaging appsFigure 18: URL links to XDAN Copy Site shared across forums and messaging apps

 

There are also several open-source tools originally designed for penetration testing that have been adopted for use in phishing attacks. Modlishka, for example, can help automate phishing attacks and bypass MFA. The tool facilitates a kind of man-in-the-middle (MITM) attack by intercepting traffic and acting as a reverse proxy; once the victim enters their credentials for whatever service the attacker is imitating, they are then directed to the legitimate service.

Any MFA tokens requested by the service can also be intercepted by the attacker in real time, allowing them to log in and create “legitimate” sessions. The victim’s information can be harvested without raising any suspicion. Modlishka isn’t the only tool around that can make life easier for the phisher; such open-source tools as Evilginx 2 function in a similar way.

Post from an XSS user requesting help with Evilginx 2 and Modlishka

Figure 19: Post from an XSS user requesting help with Evilginx 2 and Modlishka

2. Malware

Of course, phishing site links aren’t the only things delivered in a phishing email. Malware of all shapes and sizes―including ransomware, credential harvesters, and remote access trojans (RATs)―are all frequently delivered via phishing emails, typically within an email attachment, like a Microsoft Word document or an Adobe PDF file. 

Malware can steal a variety of things from a computer, including credentials, documents, and system resources. Credential harvesting is a common feature of popular malware as it provides the attacker with data that can be easily translated into money in their pockets through fraud (a topic we’ll get to next).

TrickBot

An example of a credential stealer is “TrickBot”, a banking trojan that was first detected in September 2016 and has since been developed to incorporate the targeting of multiple geographies and online services. Its purpose was to gain unauthorized access to customer bank accounts to facilitate fraudulent transactions, but it also targeted users of online services, such as SalesForce and cryptocurrency services.

TrickBot was reportedly delivered via spam emails containing malicious attachments, including some distributed by the “Necurs” botnet, and via the “RIG” exploit kit. In some cases, TrickBot used an exploit called “EternalBlue” (affecting CVE-2017-0144) or Windows API calls to propagate in a local network.

The functions and activities of TrickBot are reportedly very similar to the “Dyre” banking trojan, and researchers identified a connection there: At least one of the developers of Dyre was involved in the development of TrickBot. Widespread targeting and rapid, continuing development meant that the malware represents a medium threat level at the time of writing.

 FormBook


One information stealer is FormBook, which was offered for sale on forums and marketplaces beginning in early 2016, enabling various threat actors to conduct attacks. FormBook was identified in campaigns targeting the aerospace, defense, and manufacturing industries in the United States and South Korea from July to September 2017. Its functions included logging keystrokes, capturing credentials, and taking screenshots. It could also execute additional files, including malicious payloads. The distributor of the malware halted sales on HackForums[.]net on 05 Oct 2017 following use of the malware in email campaigns.

Then there’s botnet recruiters: an especially devious way to get access to victims’ resources. Those victims who have abundant system resources―like Intel’s new Core i512 processor with a terabyte of ram and six SLI graphics cards lined up to handle the newest “Call of Duty”―may not think twice if those resources are running 1% higher than normal. No big deal, right?  

Wrong, for a variety of reasons. That driver they downloaded from a third-party website to run that graphics card was actually malware, designed to recruit their system into a larger pool of systems, controlled by an attacker. This network of bots can conduct DoS attacks, mine cryptocurrency, and hide their own malicious traffic through your network.

“Satori” is a variant of the “Mirai” malware and is used to compromise Internet of Things (IOT) devices to turn them into a botnet. Three variants of the malware have been detected to date. It’s been described as “wormable” because of its use of exploits to target IOT devices, rather than relying on a scanner to identify additional targets after infection.

satori exploit poc

Proof of concept source code for a Satori-controlled exploit was leaked in late December 2017 by an unknown threat actor. To date, the botnet hasn’t been used to conduct malicious activity, and it could be in early construction phase. It has the potential to be used for DoS attacks, distribute spam, and conduct information-gathering activities. Pending further activity by this botnet, it poses a low threat at the time of writing.

 

3. Social engineering

Phishing pages and malware can both be detected and blocked, but direct social engineering is much harder to spot. Detection of the first two rely on technical indicators that point to a specific threat, which can be mitigated automatically by, for example, spam blockers or malware scanners. Social engineering relies on exploits against the human operating the device.

BEC attacks are an extremely common type of social engineering, typically designed for use against a specific target. Digital Shadows has done extensive research around this technique, conducting HUMINT interactions with threat actors to determine methodology. BEC inherently relies on tactics of deception, compromising or spoofing the email account of, for example, a company executive to entice lower-level employees into releasing funds or sensitive documents, as shown in Figures 20 and 21.

 Example of a typical BEC attempt

Figure 20: Example of a typical BEC attempt

Example of a typical BEC attempt 2

Figure 21: Example of a typical BEC attempt

 

Such phishing emails have to be convincing and realistic. An email from someone’s CEO, asking them to transfer money immediately but in a message full of grammar mistakes would almost certainly raise red flags. That’s why some BEC attacks can involve substantial reconnaissance to figure out exactly how a certain person writes.

Of course, BEC isn’t the only form of social engineering that can take place via phishing emails. Let’s look at extortionanother topic Digital Shadows has heavily researched (see our report, Extortion exposed: Sextortion, thedarkoverlord, and SamSam) specifically, a subgenre called sextortion. In the latter half of 2018, Digital Shadows collected information regarding these campaigns, like how widespread they were and the amount of money they were making.

Breakdown of sextortion statistics Figure 22: Breakdown of sextortion statistics

89,000 recipients and $332,000 later, sextortion proved to be a huge hit in the cybercriminal landscape. This kind of extortion uses the previously established method of preying on the victim’s conscience and urging them to respond quickly, but adds another, vicious angle. The phishing email sender claims to have compromising information about the recipient, like sensitive account details for porn websites or even videos of them visiting these sites.

Cashing out a phishing attack: Collect the reward

The most visible aspect of fishing is the catch. This is what gets all the fame and glory in the news, with pictures of fishermen standing around their 1,000-lb marlin, hoisted up on a dock. No one wants to see an empty boat, with tired fishermen and empty lines, or watch them buy bait at the store. To the general masses, it’s all about the catch.

The same is true for phishing. One of the highest-profile breaches in the past few years, the Anthem Healthcare data breach, resulted directly from spearphishing attacks against the company. According to a May 2019 indictment of the alleged attackers, a lot of data was stolen, including personally identifiable information (PII) and confidential business information, which originated from phishing emails and malware infections.

anthem cyber breach

 

This was a really big deal at the time, but that’s just one attack, one breach, one company. Looking at this from a higher level, attackers have various goals when they phish.

Let’s take the example of PII stolen via a phishing attack. PII comes in all shapes and sizes on the dark web, with vendors selling fullz, or complete personal records, or specific items, like passport information, and everything in between. This data can be stolen via any of the methods we’ve outlined aboveinformation-stealing malware, phishing pages designed to harvest information, or direct communications with a victim―but attackers certainly aren’t limited to these methods.

There are a few different paths an attacker can take with a victim’s PII:

  • Direct identity fraudthat is, identity fraud that targets a victim using their already established assets, like bank accountshas been an ongoing issue for years. In a 2019 study, Javelin Research highlighted that even though the number of victims fell between 2017 and 2018, from 16.7 million to 14.4 million, the financial effects were more harsh on its victims; 23% of fraud victims had expenses that didn’t get reimbursed after paying out to fraudsters, an increase over the last year.
  • New-account fraud, by which an attacker uses illicitly gained PII to create new assets, like credit cards or mortgage loans, unbeknownst to the victim, resulted in losses of $3.4 billion in 2018.
  • PII can be resold on dark web forums, as described above. Prices typically depend on the amount of data included with a package, the number of records, and how fresh the data is.
  • Facilitating further attacks is another option for all types of data. PII can be used to send extortion emails for blackmail, or even used to conduct account takeovers.

Breakdown of goals for various types of phishing attack

Figure 23: Breakdown of goals for various types of phishing attack

 

Obviously, PII isn’t the only thing stolen from a phishing attack: Enter the lovely chart in Figure 23! Reading it like “PII can be used for direct identity fraud for profit” or “Credentials stolen through corporate espionage phishing attacks can be used to start a new attack cycle”.

  

5 Phishing Mitigation Tips

Phishing license denied!

““Phish,” he said, “I love you and respect you very much. But I will kill you dead before this day ends.”
― Ernest Hemingway, The Old Man and the Sea, as adapted by Charles Ragland, security engineer, Digital Shadows

All the methods and results we’ve described can start with that first phishing email. Whether it’s a misspelled, poorly formatted message or a well-crafted and carefully researched impersonation email, the spin-off pathways are myriad. This is why phishing remains one of, if not THE, most prevalent attack technique.

Despite this, there’s no surefire silver bullet that can mitigate the phishing threat. We’ve said it before (along with many, many others) and we’ll type it again: If someone solves the phishing problem, 99% of cyber attacks will be mitigated. That’s probably an exaggeration, but you get the idea.

But we live in the here and now, so the Photon Research team has put together a few phishing mitigation strategies that can help companies big and small.

  1. Limit the information your organization and employees share online, including on social media sites. The most successful phishers perform detailed reconnaissance so they can craft the most effective emails and social engineering lures.
  2. Monitor for registrations of typo-squatted domains that attackers can use to impersonate your brand, send spoofed emails, and host phishing pages.
  3. Implement additional security measures, such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM). These can make the spoofing of your domain more difficult. Check out our detailed practitioner’s guide to combating email spoofing risks.
  4. Protect your accounts in case phishers do manage to steal user credentials. Two-factor authentication measures should be mandated across the organization and implemented whenever possible.
  5. Train your employees how to spot phishing emails and, more importantly, give them a clear and recognized reporting method to alert security teams of suspected phishing attempts. Eventually, a phishing email will fall through the net. Employees need to know how to react to these quickly and should not fear any repercussions of being the victim of a social engineering attack.

Thanks for sticking with us through this in-depth phishing piece! If you want to learn more about how Digital Shadows can help your organization, check out our Phishing Protection page or request a demo below.

 

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

With the Empire falling, who will take over the throne?

With the Empire falling, who will take over the throne?

September 16, 2020 | 10 Min Read

With the Empire falling, who will take over...
Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS...
Not another ransomware blog: Initial access brokers and their role

Not another ransomware blog: Initial access brokers and their role

September 9, 2020 | 5 Min Read

It’s hard to get very far in cyber threat...
Cyber espionage: How to not get spooked by nation-state actors

Cyber espionage: How to not get spooked by nation-state actors

September 8, 2020 | 8 Min Read

In all the years I’ve worked in the...
Revisiting Typosquatting and the 2020 US Presidential Election

Revisiting Typosquatting and the 2020 US Presidential Election

September 2, 2020 | 11 Min Read

In October 2019, Digital Shadows’ Photon...
Dread takes on the spammers – who will come out on top?

Dread takes on the spammers – who will come out on top?

August 28, 2020 | 9 Min Read

Spamming is an irritating and sometimes...
Fall of the behemoth: Cybercriminal underground rocked by Empire’s apparent exit scam

Fall of the behemoth: Cybercriminal underground rocked by Empire’s apparent exit scam

August 27, 2020 | 10 Min Read

Summer is generally a relatively quiet time...
“ALEXA, WHO IS THE NUMBER ONE CYBERCRIMINAL FORUM TO RULE THEM ALL?”

“ALEXA, WHO IS THE NUMBER ONE CYBERCRIMINAL FORUM TO RULE THEM ALL?”

August 26, 2020 | 12 Min Read

In June 2020, the administrator of the...
RECAP: Discussing the evolution and trends of cybercrime with Geoff White

RECAP: Discussing the evolution and trends of cybercrime with Geoff White

August 25, 2020 | 8 Min Read

In late July 2020, Digital Shadows had the...
Dark Web Forums – The new kid on the block

Dark Web Forums – The new kid on the block

August 18, 2020 | 12 Min Read

Introducing DWF There’s a new kid on...
Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

August 17, 2020 | 10 Min Read

Optiv recently released their 2020 Cyber...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
Ransomware Trends in Q2: How Threat Intelligence Helps

Ransomware Trends in Q2: How Threat Intelligence Helps

July 22, 2020 | 8 Min Read

If you’re anything like me, it can be a...
The Rise of OpenBullet: A Deep Dive in the Attacker’s ATO toolkit

The Rise of OpenBullet: A Deep Dive in the Attacker’s ATO toolkit

July 20, 2020 | 9 Min Read

Account takeover (ATO) has become a serious...
Abracadabra! – CryptBB demystifying the illusion of the private forum

Abracadabra! – CryptBB demystifying the illusion of the private forum

July 15, 2020 | 8 Min Read

You wouldn’t usually associate cybercriminal...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat...
Tax Fraud in 2020: Down But Not Out

Tax Fraud in 2020: Down But Not Out

July 13, 2020 | 4 Min Read

After a three month extension, tomorrow marks...
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t...
Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the...
Multiple vs. Exclusive Sales on the Dark Web: What’s in a sale?

Multiple vs. Exclusive Sales on the Dark Web: What’s in a sale?

June 29, 2020 | 9 Min Read

When going out on a shopping spree, you would...
Introducing Nulledflix – Nulled forum’s own streaming service

Introducing Nulledflix – Nulled forum’s own streaming service

June 23, 2020 | 8 Min Read

Lockdowns implemented during the COVID-19...
Torigon Forum: A sad case of all show and no go

Torigon Forum: A sad case of all show and no go

June 23, 2020 | 11 Min Read

When we review the ideal template for a...
Ensuring order in the underground: Recruiting moderators on cybercriminal forums

Ensuring order in the underground: Recruiting moderators on cybercriminal forums

June 18, 2020 | 10 Min Read

While there have been many predictable...
Reducing technical leakage: Detecting software exposure from the outside-in

Reducing technical leakage: Detecting software exposure from the outside-in

June 16, 2020 | 6 Min Read

Modern Development Practices Leads to...
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

For those of you who have not yet seen, Gartner...
New DDoS protection tool advertised on the dark web

New DDoS protection tool advertised on the dark web

June 9, 2020 | 7 Min Read

This blog examines a newly launched DDoS...
3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
BitBazaar Market: Deception and Manipulation on the Dark Web

BitBazaar Market: Deception and Manipulation on the Dark Web

May 12, 2020 | 8 Min Read

It's a BitBazaar that they thought they...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair...
Competitions on English-language cybercriminal forums: A stagnant competition model?

Competitions on English-language cybercriminal forums: A stagnant competition model?

May 5, 2020 | 9 Min Read

Russian-language cybercriminal forums aren’t...
Charitable Endeavors on Cybercriminal Forums

Charitable Endeavors on Cybercriminal Forums

April 28, 2020 | 12 Min Read

One heart-warming aspect of modern society is...
Nulled: The modern cybercriminal forum to go mobile….?

Nulled: The modern cybercriminal forum to go mobile….?

April 22, 2020 | 9 Min Read

What’s more threatening than the thought of a...
What ‘The Wire’ can teach us about cybersecurity

What ‘The Wire’ can teach us about cybersecurity

April 21, 2020 | 12 Min Read

In the current era of self-isolation, remote...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing...
Top Priorities for 3rd party risk assessments

Top Priorities for 3rd party risk assessments

April 16, 2020 | 6 Min Read

If you’re like me, you’re probably tired of...
COVID-19, Remote Working, and The Future of Cyber Security

COVID-19, Remote Working, and The Future of Cyber Security

April 15, 2020 | 6 Min Read

The unprecedented global lockdown in the face of...
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue...
Recon: Dark web reconnaissance made to look easy

Recon: Dark web reconnaissance made to look easy

April 3, 2020 | 4 Min Read

Just as the rest of us enjoy the ease of...
Coronavirus as a double-edged sword for cybercriminals: Desperation or opportunity?

Coronavirus as a double-edged sword for cybercriminals: Desperation or opportunity?

April 2, 2020 | 9 Min Read

The ongoing COVID-19 (aka coronavirus) pandemic...
The Digital Risk Underdog: Remediation

The Digital Risk Underdog: Remediation

April 1, 2020 | 4 Min Read

When it comes to evaluating threat intelligence...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but...
COVID-19: Dark Web Reactions

COVID-19: Dark Web Reactions

March 19, 2020 | 5 Min Read

  Digital Shadows has been researching...
The Complete Guide to Online Brand Protection

The Complete Guide to Online Brand Protection

March 18, 2020 | 17 Min Read

  I’m not one for cheesy belief...
Apollon Dark Web Marketplace: Exit Scams and DDoS Campaigns

Apollon Dark Web Marketplace: Exit Scams and DDoS Campaigns

March 17, 2020 | 8 Min Read

  Imagine logging on to your favorite...
Love Where You Work – Near and Far We Celebrate Our Team

Love Where You Work – Near and Far We Celebrate Our Team

March 12, 2020 | 6 Min Read

#LoveWhereYouWork Entering into 2020 felt a bit...
How One Cybercriminal Forum is Helping to Address Suicide Awareness

How One Cybercriminal Forum is Helping to Address Suicide Awareness

March 10, 2020 | 4 Min Read

  The world can be a stressful place...
Dark Web Search Engine Kilos: Tipping the Scales in Favor of Cybercrime

Dark Web Search Engine Kilos: Tipping the Scales in Favor of Cybercrime

March 5, 2020 | 7 Min Read

  With the recent indictment of Larry...
Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

March 4, 2020 | 5 Min Read

An ever changing perimeter? Over the past few...
FBI IC3 2019: Cybercrime results in over $3.5 billion in reported losses

FBI IC3 2019: Cybercrime results in over $3.5 billion in reported losses

March 3, 2020 | 8 Min Read

  On February 11th, we were treated to an...
RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions

RSA Conference 2020: CISO Tips for Making the Most of Conference Sessions

February 19, 2020 | 5 Min Read

  RSA Conference is just days away, and...
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

February 18, 2020 | 4 Min Read

  The dust hasn’t quite settled on the...
Cybercriminal Forums on Valentine’s Day – A nice night to “Netflix and steal”…

Cybercriminal Forums on Valentine’s Day – A nice night to “Netflix and steal”…

February 17, 2020 | 6 Min Read

  It's the night before Valentine's Day,...
How to Operationalize Threat Intelligence: Actionability and Context

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020 | 5 Min Read

  In 1988 the idea of a Computer...
Dark web travel agencies: Take a trip on the dark side

Dark web travel agencies: Take a trip on the dark side

February 4, 2020 | 11 Min Read

For at least the last two years, an ecosystem of...
Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas

Inside Digital Shadows: Davitt Potter Joins as Director of MSSP and Channels in the Americas

January 22, 2020 | 5 Min Read

  I’ve spent over 25 years now in the...
How the Cybercriminal Underground Mirrors the Real World

How the Cybercriminal Underground Mirrors the Real World

January 21, 2020 | 7 Min Read

Mirror, Mirror, on the wall. Who’s the best...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the...
Cryptonite: Ransomware’s answer to Superman…

Cryptonite: Ransomware’s answer to Superman…

January 14, 2020 | 4 Min Read

  Update: It appears that the Cryptonite...
Top Security Blogs of 2019 from Digital Shadows

Top Security Blogs of 2019 from Digital Shadows

December 20, 2019 | 4 Min Read

  As we approach the end of 2019, we...
The Closure of Market.ms: A Cybercriminal Marketplace Ahead of Its Time

The Closure of Market.ms: A Cybercriminal Marketplace Ahead of Its Time

December 18, 2019 | 9 Min Read

In the world of “what could have been,” the...
2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

December 18, 2019 | 10 Min Read

  If all the holiday fuss isn’t...
Forums are Forever – Part 3: From Runet with Love

Forums are Forever – Part 3: From Runet with Love

December 17, 2019 | 24 Min Read

  The rise of alternative technologies...
Forums are Forever – Part 2: Shaken, but not Stirred

Forums are Forever – Part 2: Shaken, but not Stirred

December 10, 2019 | 5 Min Read

  Cybercriminal forums continue to thrive...
Forums are Forever – Part 1: Cybercrime Never Dies

Forums are Forever – Part 1: Cybercrime Never Dies

December 4, 2019 | 10 Min Read

If one could predict the future back in the late...
Asset Inventory Management: Difficult But Essential

Asset Inventory Management: Difficult But Essential

November 27, 2019 | 4 Min Read

  If it’s one thing that most security...
Probiv: The missing pieces to a cybercriminal’s puzzle

Probiv: The missing pieces to a cybercriminal’s puzzle

November 26, 2019 | 10 Min Read

A husband wants to find out who owns the unknown...
Black Friday Deals on the Dark Web: A cybercriminal shopper’s paradise

Black Friday Deals on the Dark Web: A cybercriminal shopper’s paradise

November 21, 2019 | 10 Min Read

  Black Friday. You love it, you hate it,...
DarkMarket’s Feminist Flight Towards Equality and the Curious Case of Canaries

DarkMarket’s Feminist Flight Towards Equality and the Curious Case of Canaries

November 19, 2019 | 4 Min Read

  In late August, Dark Fail (a Tor onion...
BSidesDFW 2019: OSINT Workshop Recap

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019 | 5 Min Read

  A few Saturdays ago, we had the...
VoIP security concerns: Here to stay, here to exploit

VoIP security concerns: Here to stay, here to exploit

November 14, 2019 | 4 Min Read

  VoIP, or Voice over Internet Protocol,...
Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

Combatting Domain-Centric Fraud: Why Mimecast is partnering with Digital Shadows

November 7, 2019 | 3 Min Read

This is a guest blog, authored by Matthew...
Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

October 31, 2019 | 6 Min Read

  With the recent breach that targeted...
Cybercriminal credit card stores: Is Brian out of the club?

Cybercriminal credit card stores: Is Brian out of the club?

October 31, 2019 | 8 Min Read

  If you’re an avid follower of Digital...
Your Cyber Security Career – Press start to begin

Your Cyber Security Career – Press start to begin

October 30, 2019 | 13 Min Read

  October was Cyber Security Awareness...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019 | 9 Min Read

Honeypots can be useful tools for gathering...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019 | 15 Min Read

Typosquatting. It’s a phrase most of us know in...
Cybercriminal Forum Developments: Escrow Services

Cybercriminal Forum Developments: Escrow Services

October 15, 2019 | 5 Min Read

Financial transactions made on cybercriminal...
Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction

Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction

October 9, 2019 | 5 Min Read

In 1984, science fiction writer William Gibson...
Top Threat Intelligence Podcasts to Add to Your Playlist

Top Threat Intelligence Podcasts to Add to Your Playlist

October 3, 2019 | 4 Min Read

Looking for some new threat intelligence podcasts...
Domain Squatting: The Phisher-man’s Friend

Domain Squatting: The Phisher-man’s Friend

October 1, 2019 | 8 Min Read

In the past we have talked about the internal...
Singapore Cyber Threat Landscape report (H1 2019)

Singapore Cyber Threat Landscape report (H1 2019)

September 26, 2019 | 7 Min Read

Despite being the second smallest country in...
Nemty Ransomware: Slow and Steady Wins the Race?

Nemty Ransomware: Slow and Steady Wins the Race?

September 19, 2019 | 3 Min Read

As we outlined recently, ransomware is a key...
Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

September 17, 2019 | 8 Min Read

Data breaches are not slowing down. Nobody...
Dark Web Monitoring: The Good, The Bad, and The Ugly

Dark Web Monitoring: The Good, The Bad, and The Ugly

September 11, 2019 | 20 Min Read

Dark Web Monitoring Overview Gaining access to...
Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

September 10, 2019 | 2 Min Read

Back in February, I wrote about how we avoid the...
Envoy on a Mission to Bring Stability to the Criminal Underground

Envoy on a Mission to Bring Stability to the Criminal Underground

September 4, 2019 | 3 Min Read

Recent Turbulence in the Underground From the...
Emotet Returns: How To Track Its Updates

Emotet Returns: How To Track Its Updates

August 26, 2019 | 5 Min Read

What is Emotet? Emotet started life as a banking...
The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

August 19, 2019 | 6 Min Read

Black Hat and DEFCON are a wrap! Digital Shadows...
Fresh blow for dark web markets: Nightmare market in disarray

Fresh blow for dark web markets: Nightmare market in disarray

August 13, 2019 | 5 Min Read

Over the past three weeks, Digital Shadows has...
Capital One Breach: What we know and what you can do

Capital One Breach: What we know and what you can do

July 31, 2019 | 5 Min Read

Monday blues. It’s a thing. It’s when you...
The Account Takeover Kill Chain: A Five Step Analysis

The Account Takeover Kill Chain: A Five Step Analysis

July 30, 2019 | 17 Min Read

It’s no secret that credential exposure is a...
Surviving and Thriving at Blackhat and DEF CON Summer Camp 2019

Surviving and Thriving at Blackhat and DEF CON Summer Camp 2019

July 24, 2019 | 4 Min Read

With BSides, Black Hat and DEF CON (aka Security...
A Growing Enigma: New AVC on the Block

A Growing Enigma: New AVC on the Block

July 19, 2019 | 3 Min Read

This week, in a ground breaking announcement, the...
Welcoming NAB Ventures & Scaling SearchLight for Growth

Welcoming NAB Ventures & Scaling SearchLight for Growth

July 9, 2019 | 2 Min Read

Today is an exciting day for Digital Shadows....
Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

Extortion, Sale, Reconnaissance, & Impersonation: 4 Ways Your Digital Footprint Enables Attackers

July 2, 2019 | 6 Min Read

Whether it’s intellectual property, proprietary...
Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor

June 27, 2019 | 8 Min Read

The announcements of Facebook’s new...
Managing Digital Risk: 4 Steps to Take

Managing Digital Risk: 4 Steps to Take

June 18, 2019 | 9 Min Read

Organizations are finding it increasingly...
Managing Infosec Burnout: The Hidden Perpetrator

Managing Infosec Burnout: The Hidden Perpetrator

June 10, 2019 | 8 Min Read

The secret of the burnout epidemic lies in how we...
BlueKeep: Cutting through the hype to prepare your organization

BlueKeep: Cutting through the hype to prepare your organization

May 24, 2019 | 8 Min Read

Over the last week we have all been tuning into...
Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser

May 21, 2019 | 6 Min Read

Phishing remains one of the most pervasive...
Partnering with SecureLink to help organizations minimize their digital risk

Partnering with SecureLink to help organizations minimize their digital risk

May 15, 2019 | 3 Min Read

Today we announced that SecureLink, one of...
Cyber Talent Gap: How to Do More With Less

Cyber Talent Gap: How to Do More With Less

May 14, 2019 | 5 Min Read

The challenge facing us today is twofold: not...
Enabling Soi Dog’s Digital Transformation: A Case Study

Enabling Soi Dog’s Digital Transformation: A Case Study

May 8, 2019 | 3 Min Read

At the beginning of this year I was introduced to...
Announcing Digital Shadows’ ISO27001 certification

Announcing Digital Shadows’ ISO27001 certification

May 7, 2019 | 2 Min Read

I'm pleased to announce that Digital Shadows has...
FBI IC3: Cybercrime Surges in 2018, Causing $2.7 Billion in Losses

FBI IC3: Cybercrime Surges in 2018, Causing $2.7 Billion in Losses

April 23, 2019 | 4 Min Read

This week, the Federal Bureau of Investigation...
Easing into the extortion game

Easing into the extortion game

April 3, 2019 | 4 Min Read

One of the main ideas which flowed through...
Predator: Modeling the attacker’s mindset

Predator: Modeling the attacker’s mindset

April 2, 2019 | 6 Min Read

Author: Richard Gold  The phrases...
Making Some Noise in the Channel

Making Some Noise in the Channel

April 1, 2019 | 3 Min Read

Digital Shadows Channel REV Partner Program...
Cyber Risks and High-frequency Trading: Conversation with an Insider

Cyber Risks and High-frequency Trading: Conversation with an Insider

March 26, 2019 | 4 Min Read

Research from the Carnegie Endowment for...
Dark Web Typosquatting: Scammers v. Tor

Dark Web Typosquatting: Scammers v. Tor

March 21, 2019 | 7 Min Read

Time and time again, we see how the cybercriminal...
How to Secure Your Online Brand

How to Secure Your Online Brand

March 20, 2019 | 4 Min Read

What is online brand security? As we outlined in...
Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

March 6, 2019 | 7 Min Read

Authors: Simon Hall, Isidoros...
Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

Extortion Exposed: Sextortion, thedarkoverlord, and SamSam

February 21, 2019 | 3 Min Read

In our most recent research, A Tale of Epic...
Six Steps for Security Professionals to make the most out of the RSA Conference

Six Steps for Security Professionals to make the most out of the RSA Conference

February 20, 2019 | 4 Min Read

This year’s RSA Conference is March 4th-7th in...
Photon Research Team Shines Light On Digital Risks

Photon Research Team Shines Light On Digital Risks

February 13, 2019 | 2 Min Read

I’m very excited to announce the launch of the...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about...
CISO Spotlight: Security Goals and Objectives for 2019

CISO Spotlight: Security Goals and Objectives for 2019

February 7, 2019 | 6 Min Read

I recently joined our ShadowTalk podcast to...
You’ve got a digital strategy, but how are you managing digital risks?

You’ve got a digital strategy, but how are you managing digital risks?

February 7, 2019 | 3 Min Read

Download a free copy of Digital Risk: The...
Joining The Market Leader in Digital Risk Protection

Joining The Market Leader in Digital Risk Protection

February 6, 2019 | 3 Min Read

Our marketing department asked me to write a blog...
SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

February 5, 2019 | 7 Min Read

We were fortunate to attend the 2019 SANS DFIR...
Security Practitioner’s Guide to Email Spoofing and Risk Reduction

Security Practitioner’s Guide to Email Spoofing and Risk Reduction

January 24, 2019 | 13 Min Read

In our previous extended blog, Tackling Phishing:...
Powering Investigations with Nuix Software: The Case of thedarkoverlord and the 9/11 Files

Powering Investigations with Nuix Software: The Case of thedarkoverlord and the 9/11 Files

January 22, 2019 | 6 Min Read

The Panama Papers in 2016 highlighted the...
Don’t Just Read Intelligence: Learn From It

Don’t Just Read Intelligence: Learn From It

January 17, 2019 | 5 Min Read

The Importance of Learning in Cyber...
Thedarkoverlord runs out of Steem

Thedarkoverlord runs out of Steem

January 16, 2019 | 6 Min Read

On 31 December 2018, the notorious extortion...
Security Analyst Spotlight Series: Phil Doherty

Security Analyst Spotlight Series: Phil Doherty

January 10, 2019 | 5 Min Read

Organizations rely on Digital Shadows to be an...
TV License and Vehicle Tax Fraud: New Year, Same Old Scams

TV License and Vehicle Tax Fraud: New Year, Same Old Scams

January 8, 2019 | 4 Min Read

Over the last week we’ve been tracking several...
Four New Year Cyber Security Resolutions

Four New Year Cyber Security Resolutions

January 3, 2019 | 8 Min Read

Another year is upon us in the world of...
Cyber Threats to Watch in 2019: Key Takeaways from our webinar with the FBI Cyber Squad

Cyber Threats to Watch in 2019: Key Takeaways from our webinar with the FBI Cyber Squad

December 20, 2018 | 5 Min Read

As 2018 comes to a close, Digital Shadows...
Bomb Threat Emails: Extortion Gets Physical

Bomb Threat Emails: Extortion Gets Physical

December 14, 2018 | 4 Min Read

We’ve seen yet another change in tactics for...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018 | 8 Min Read

Overall, the infosec community has done a...
Digital Shadows New Integration for Splunk

Digital Shadows New Integration for Splunk

December 10, 2018 | 3 Min Read

Today we announced the release of an updated...
Using Shadow Search to Power Investigations: Sextortion Campaigns

Using Shadow Search to Power Investigations: Sextortion Campaigns

December 6, 2018 | 3 Min Read

We recently wrote about sextortion campaigns and...
2019 Cyber Security Forecasts: Six Things on the Horizon

2019 Cyber Security Forecasts: Six Things on the Horizon

December 5, 2018 | 9 Min Read

The new year is upon us! 2018 brought us Spectre...
Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

November 29, 2018 | 5 Min Read

I’m a big fan of the Cobalt Strike threat...
Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

November 27, 2018 | 3 Min Read

Australian Signals Directorate Essential 8 The...
Black Friday and Cybercrime: Retail’s Frankenstein Monster

Black Friday and Cybercrime: Retail’s Frankenstein Monster

November 20, 2018 | 5 Min Read

With every year that passes, Black Friday seems...
Sextortion 2.0: A New Lure

Sextortion 2.0: A New Lure

November 20, 2018 | 4 Min Read

Back in September we released a blog about the...
Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your...
A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

November 13, 2018 | 5 Min Read

I recently attended the ENISA (European Union...
To Pay or Not to Pay: A Large Retailer Responds to DDoS Extortion

To Pay or Not to Pay: A Large Retailer Responds to DDoS Extortion

November 8, 2018 | 3 Min Read

Fans of The Sopranos or Goodfellas are...
Security Analyst Spotlight Series: Adam Cook

Security Analyst Spotlight Series: Adam Cook

November 7, 2018 | 6 Min Read

Organizations rely on our cyber intelligence...
81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

November 2, 2018 | 5 Min Read

This morning, the British Broadcasting...
The Dark Web: Marketers’ Trick or Threat Intelligence Treat?

The Dark Web: Marketers’ Trick or Threat Intelligence Treat?

October 31, 2018 | 5 Min Read

At this time of the year, you can’t go anywhere...
Cyber Security Awareness Month: Week 4 – Privacy

Cyber Security Awareness Month: Week 4 – Privacy

October 25, 2018 | 6 Min Read

This week in Brussels, Apple’s chief executive...
Bank Discovers Customer Credit Card Numbers Traded Online

Bank Discovers Customer Credit Card Numbers Traded Online

October 23, 2018 | 3 Min Read

Payment card fraud costs banks and merchants...
Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

Cyber Security Awareness Month: Week 3 – Recognize Cyber Scams

October 19, 2018 | 7 Min Read

This week we move onto theme three of Cyber...
12.5 Million Email Archives Exposed: Lowering the Barriers for BEC

12.5 Million Email Archives Exposed: Lowering the Barriers for BEC

October 18, 2018 | 4 Min Read

Digital Shadows’ latest research report, Pst!...
Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

Cyber Security Awareness Month: Week 3 – It’s Everyone’s Job to Ensure Online Safety at Work

October 17, 2018 | 7 Min Read

This week, National Cyber Security Awareness...
Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

Cyber Security Awareness Month: Week 2 – Aiming for Apprenticeships

October 11, 2018 | 5 Min Read

This week’s theme for National Cyber Security...
Phishing Site Impersonates Financial Services Institution

Phishing Site Impersonates Financial Services Institution

October 10, 2018 | 3 Min Read

If the infamous bank robber, Willie Sutton, were...
33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy

33,000 Accounting Inbox Credentials Exposed Online: BEC Made Easy

October 9, 2018 | 4 Min Read

Last week, I wrote about how cybercriminals are...
Business Email Compromise: When You Don’t Need to Phish

Business Email Compromise: When You Don’t Need to Phish

October 4, 2018 | 4 Min Read

According to the FBI, Business Email Compromise...
Cyber Security Awareness Month: Week 1 – Credential Hygiene

Cyber Security Awareness Month: Week 1 – Credential Hygiene

October 3, 2018 | 5 Min Read

It’s the opening week of the annual National...
Security Analyst Spotlight Series: Christian Rencken

Security Analyst Spotlight Series: Christian Rencken

October 2, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
Cybercriminal Marketplaces: Olympus Has Fallen

Cybercriminal Marketplaces: Olympus Has Fallen

September 28, 2018 | 5 Min Read

The Olympus cybercriminal marketplace has been...
Thedarkoverlord Out to KickAss and Cash Out Their Data

Thedarkoverlord Out to KickAss and Cash Out Their Data

September 27, 2018 | 5 Min Read

A user claiming to be the notorious darkoverlord...
10 Things You Didn’t Know You Could Do with Shadow Search™

10 Things You Didn’t Know You Could Do with Shadow Search™

September 25, 2018 | 5 Min Read

You may have seen that we’ve recently released...
The 2017 FSB indictment and Mitre ATT&CK™

The 2017 FSB indictment and Mitre ATT&CK™

September 20, 2018 | 11 Min Read

On  February 28th, 2017 the US Department of...
Airline Discovers Trove of Frequent Flyer Accounts Compromised and Posted for Sale Online

Airline Discovers Trove of Frequent Flyer Accounts Compromised and Posted for Sale Online

September 14, 2018 | 3 Min Read

Reward program fraud has been rising in recent...
MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

September 13, 2018 | 18 Min Read

On 6th September the US Department of Justice...
Sextortion – When Persistent Phishing Pays Off

Sextortion – When Persistent Phishing Pays Off

September 6, 2018 | 4 Min Read

You may have heard of a recent surge in...
Online Risks to Fortnite Users

Online Risks to Fortnite Users

September 4, 2018 | 5 Min Read

With an enticing array of viral dance moves,...
Security Analyst Spotlight Series: Heather Farnsworth

Security Analyst Spotlight Series: Heather Farnsworth

August 30, 2018 | 5 Min Read

Organizations rely on Digital Shadows to be an...
Online Cybercrime Courses: Back to School Season

Online Cybercrime Courses: Back to School Season

August 23, 2018 | 4 Min Read

It’s that time of year again. Summer is drawing...
Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

August 22, 2018 | 12 Min Read

On August 1, 2018, the US Department of Justice...
Five Threats to Financial Services: Part Five, Hacktivism

Five Threats to Financial Services: Part Five, Hacktivism

August 15, 2018 | 5 Min Read

OK, so it’s not a sexy as insider threats,...
Five Threats to Financial Services: Part Four, Payment Card Fraud

Five Threats to Financial Services: Part Four, Payment Card Fraud

August 14, 2018 | 6 Min Read

Payment card information is the lifeblood of the...
Digital Shadows Contributes to Insider Threat Research

Digital Shadows Contributes to Insider Threat Research

August 9, 2018 | 5 Min Read

On July 30, Forrester published its latest...
Five Threats to Financial Services: Phishing Campaigns

Five Threats to Financial Services: Phishing Campaigns

August 8, 2018 | 7 Min Read

In our last blog, we highlighted how banking...
FIN7: Arrests and Developments

FIN7: Arrests and Developments

August 2, 2018 | 6 Min Read

Three alleged members of FIN7 arrested On August...
Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

Diversity of Thoughts in the Workplace: Are You Thinking What I’m Thinking?

August 1, 2018 | 3 Min Read

In my most recent blog post I discussed Digital...
Security Spotlight Series: Dr. Richard Gold

Security Spotlight Series: Dr. Richard Gold

July 31, 2018 | 4 Min Read

Organizations rely on Digital Shadows to be an...
Black Hat USA 2018

Black Hat USA 2018

July 26, 2018 | 2 Min Read

Black Hat USA 2018 is quickly approaching! The...
Cyber Threats to ERP Applications: Threat Landscape

Cyber Threats to ERP Applications: Threat Landscape

July 24, 2018 | 4 Min Read

What are ERP Applications? Organizations rely on...
Five Threats to Financial Services: Banking Trojans

Five Threats to Financial Services: Banking Trojans

July 19, 2018 | 5 Min Read

A couple of weeks ago, we learned about a new...
Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

July 17, 2018 | 10 Min Read

A recent indictment revealed how the GRU...
Alleged Carbanak Files and Source Code Leaked: Digital Shadows’ Initial Findings

Alleged Carbanak Files and Source Code Leaked: Digital Shadows’ Initial Findings

July 11, 2018 | 6 Min Read

Digital Shadows’ Russian-speaking security team...
Security Analyst Spotlight Series: Harrison Van Riper

Security Analyst Spotlight Series: Harrison Van Riper

July 10, 2018 | 6 Min Read

Organizations rely on our cyber intelligence...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface...
Diversity and Digital Shadows Women’s Network

Diversity and Digital Shadows Women’s Network

June 26, 2018 | 3 Min Read

If you haven’t already watched RBG - a movie...
How Cybercriminals are Using Messaging Platforms

How Cybercriminals are Using Messaging Platforms

June 21, 2018 | 4 Min Read

Alternative Ways Criminals Transact Online: A...
Five Threats to Financial Services: Part One, Insiders

Five Threats to Financial Services: Part One, Insiders

June 19, 2018 | 5 Min Read

The sensitive and financial data held by banks...
Security Analyst Spotlight Series: Rafael Amado

Security Analyst Spotlight Series: Rafael Amado

June 14, 2018 | 9 Min Read

Organizations rely on Digital Shadows to be an...
How Cybercriminals are using Blockchain DNS: From the Market to the .Bazar

How Cybercriminals are using Blockchain DNS: From the Market to the .Bazar

June 12, 2018 | 5 Min Read

Since the takedowns of AlphaBay and Hansa in...
Threats to the 2018 Football World Cup: Traditional Rules or a New Style of Play?

Threats to the 2018 Football World Cup: Traditional Rules or a New Style of Play?

June 7, 2018 | 7 Min Read

The tension and excitement that precedes all...
Market.ms: Heir to the AlphaBay and Hansa throne?

Market.ms: Heir to the AlphaBay and Hansa throne?

June 4, 2018 | 5 Min Read

It’s almost one year since the AlphaBay and...
7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

May 30, 2018 | 5 Min Read

Lockpath’s Vice President of Development Tony...
Security Analyst Spotlight Series: Rose Bernard

Security Analyst Spotlight Series: Rose Bernard

May 23, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
A New Approach for Channel Security Consultants

A New Approach for Channel Security Consultants

May 22, 2018 | 5 Min Read

Old school security practices simply don’t fit...
Digital Shadows 7th Anniversary – A Look Back

Digital Shadows 7th Anniversary – A Look Back

May 16, 2018 | 4 Min Read

Today marks the 7th anniversary of Digital...
Offsetting Dunbar by Developing Diversity

Offsetting Dunbar by Developing Diversity

May 8, 2018 | 2 Min Read

Some of you may be familiar with the Dunbar...
Digital Shadows Opens New State of the Art London Office in Canary Wharf

Digital Shadows Opens New State of the Art London Office in Canary Wharf

April 26, 2018 | 2 Min Read

When myself and James Chappell set the company up...
Keys to the Kingdom: Exposed Security Assessments

Keys to the Kingdom: Exposed Security Assessments

April 24, 2018 | 4 Min Read

Organizations employ external consultants and...
Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

April 18, 2018 | 4 Min Read

For organizations dealing with proprietary...
When There’s No Need to Hack: Exposed Personal Information

When There’s No Need to Hack: Exposed Personal Information

April 17, 2018 | 4 Min Read

With Equifax‘s breach of 145 million records...
Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

April 12, 2018 | 5 Min Read

The recent assassination attempt on former...
Leveraging the 2018 Verizon Data Breach Investigations Report

Leveraging the 2018 Verizon Data Breach Investigations Report

April 10, 2018 | 5 Min Read

Today, the 11th edition of the Verizon Data...
Introducing Shadow Search – Quickly enable deeper research and investigation

Introducing Shadow Search – Quickly enable deeper research and investigation

April 10, 2018 | 5 Min Read

All enterprises face key challenges in their...
One CISO’s Recommendations for Making the Most of RSA Conference Sessions

One CISO’s Recommendations for Making the Most of RSA Conference Sessions

April 9, 2018 | 6 Min Read

Last week, Enterprise Strategy Group (ESG)...
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

April 5, 2018 | 4 Min Read

Our recent report “Too Much Information”,...
Genesis Botnet: The Market Claiming to Sell Bots That Bypass Fingerprinting Controls

Genesis Botnet: The Market Claiming to Sell Bots That Bypass Fingerprinting Controls

April 3, 2018 | 4 Min Read

An emerging criminal market, Genesis store,...
RSA Conference 2018 – Digital Shadows

RSA Conference 2018 – Digital Shadows

March 28, 2018 | 2 Min Read

RSA Conference is almost here! This year’s...
The Five Families: The Most Wanted Ransomware Groups

The Five Families: The Most Wanted Ransomware Groups

March 27, 2018 | 5 Min Read

Last week we presented a webinar on “Emerging...
Pop-up Twitter Bots: The Shift to Opportunistic Targeting

Pop-up Twitter Bots: The Shift to Opportunistic Targeting

March 22, 2018 | 4 Min Read

Since the furor surrounding Russia’s alleged...
Cyber Security as Public Health

Cyber Security as Public Health

March 21, 2018 | 4 Min Read

Public health, one of the great 20th century...
Anonymous and the New Face of Hacktivism: What to Look Out For in 2018

Anonymous and the New Face of Hacktivism: What to Look Out For in 2018

March 13, 2018 | 6 Min Read

The Anonymous collective has been the face of...
Pressing For Progress This International Women’s Day

Pressing For Progress This International Women’s Day

March 8, 2018 | 3 Min Read

"Do you think you're going to be able to handle...
It’s Accrual World: Tax Return Fraud in 2018

It’s Accrual World: Tax Return Fraud in 2018

March 7, 2018 | 5 Min Read

With just over a month until Tax Deadline Day,...
The New Frontier: Forecasting Cryptocurrency Fraud

The New Frontier: Forecasting Cryptocurrency Fraud

March 1, 2018 | 6 Min Read

Not a week goes by without a new case of...
Protecting Your Brand: Return on Investment

Protecting Your Brand: Return on Investment

February 27, 2018 | 3 Min Read

Last week I was joined by Brett Millar, Director...
Threats to the Upcoming Italian Elections

Threats to the Upcoming Italian Elections

February 22, 2018 | 7 Min Read

On 5 March Italian citizens will vanno alle urne...
Prioritize to Avoid Security Nihilism

Prioritize to Avoid Security Nihilism

February 20, 2018 | 3 Min Read

In many situations associated with cyber...
Infraud Forum Indictment and Arrests: What it Means

Infraud Forum Indictment and Arrests: What it Means

February 15, 2018 | 7 Min Read

On 07 February 2018, the U.S. Department of...
Cryptojacking: An Overview

Cryptojacking: An Overview

February 13, 2018 | 5 Min Read

What is Cryptojacking? Cryptojacking is the...
2017 Android malware in review: 4 key takeaways

2017 Android malware in review: 4 key takeaways

February 8, 2018 | 4 Min Read

Android mobile devices were an attractive target...
Phishing for Gold: Threats to the 2018 Winter Games

Phishing for Gold: Threats to the 2018 Winter Games

February 6, 2018 | 7 Min Read

Digital Shadows has been monitoring major...
Four Ways Criminals Are Exploiting Interest in Initial Coin Offerings

Four Ways Criminals Are Exploiting Interest in Initial Coin Offerings

February 1, 2018 | 5 Min Read

Initial Coin Offerings (ICOs) are a way of...
Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

January 30, 2018 | 7 Min Read

I am one of you. I have been in the marketing...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on...
Another Year Wiser: Key Dates to Look Out For In 2018

Another Year Wiser: Key Dates to Look Out For In 2018

January 10, 2018 | 4 Min Read

Early last year, we published a blog outlining...
Digital Shadows Launches Weekly Newsletter: “In the Shadows”

Digital Shadows Launches Weekly Newsletter: “In the Shadows”

January 8, 2018 | 2 Min Read

Digital Shadows has just launched a new...
Meltdown and Spectre: The Story So Far

Meltdown and Spectre: The Story So Far

January 4, 2018 | 5 Min Read

On Wednesday, rumors surfaced that there were...
Cybercriminal Christmas Wish List

What Attackers Want for Christmas

December 22, 2017 | 4 Min Read

Our guest author Krampus has a special blog post...
online carding bots

OL1MP: A Telegram Bot Making Carding Made Easy This Holiday Season

December 21, 2017 | 3 Min Read

Back in July, we published our research on the...
‘Tis The Season To Do Predictions – The 2018 Cybersecurity Landscape

‘Tis The Season To Do Predictions – The 2018 Cybersecurity Landscape

December 18, 2017 | 3 Min Read

This post originally appeared on Huffington...
Why I Joined Digital Shadows: Product, Culture and Opportunity

Why I Joined Digital Shadows: Product, Culture and Opportunity

December 13, 2017 | 2 Min Read

Making the decision to join Digital Shadows was...
A New CISO Looking to See How Deep the Rabbit Hole Goes

A New CISO Looking to See How Deep the Rabbit Hole Goes

December 12, 2017 | 2 Min Read

Well it is official, I’m now the Chief...

Digital Shadows’ Most Popular Blogs of 2017: Analysis of Competing Hypotheses For The Win

December 12, 2017 | 3 Min Read

This time last year, we looked back at the blogs...
Meet the New Digitalshadows.com

Meet the New Digitalshadows.com

November 29, 2017 | 2 Min Read

This morning we launched the new Digital Shadows...
Risks to Retail: Cybercriminals Sharing the Joy This Holiday Season

Risks to Retail: Cybercriminals Sharing the Joy This Holiday Season

November 21, 2017 | 3 Min Read

Despite some early deals, Black Friday officially...
Fake News is More Than a Political Battlecry

Fake News is More Than a Political Battlecry

November 16, 2017 | 3 Min Read

This week, British Prime Minister Theresa May...
Why “Have a Safe Trip” Is Taking On Greater Meaning

Why “Have a Safe Trip” Is Taking On Greater Meaning

November 14, 2017 | 5 Min Read

This post originally appeared...
Groupthink

Know Where to Find Your Digital Risk

November 10, 2017 | 4 Min Read

This post originally appeared on SecurityWeek....
OPCATALUNYA

Pwnage to Catalonia: Five Things We Know About OpCatalunya

November 2, 2017 | 5 Min Read

Since October 24th, Digital Shadows has observed...
ICS Security Cyber Aware

ICS Security: Strawmen In the Power Station

October 31, 2017 | 5 Min Read

Congrats, it is now almost November and we have...
cyber extortion

Extorters Going to Extort: This Time Other Criminals Are the Victims

October 26, 2017 | 3 Min Read

We are increasingly used to the tactic of...
women in cyber

Women in Security: Where We Are And Where We Need To Go

October 25, 2017 | 7 Min Read

Ada Lovelace, Grace Hopper, Katherine Johnson,...
cyber vulnerabilities

Trust vs Access: A Tale of Two Vulnerability Classes

October 20, 2017 | 5 Min Read

It's been a big week in cyberspace, with high...
krack attacks

Key Reinstallation Attacks (KRACK): The Impact So Far

October 16, 2017 | 4 Min Read

Today, a series of high-severity vulnerabilities...
Digital Shadows Announcement

Simply Put, Effective Cybersecurity is the Strength Sum of Its Parts

October 11, 2017 | 2 Min Read

Today’s cybersecurity landscape, dominated as...
online safety

Simple Steps to Online Safety

October 5, 2017 | 4 Min Read

On the heels of some very high-profile and...
NCSAM

Gearing Up For National Cyber Security Awareness Month

October 3, 2017 | 4 Min Read

I’m going to go out on a limb and say that...
digital shadows funding

Recognition of Hard Work and Relevance – It’s Time to Go Global

September 20, 2017 | 3 Min Read

The news this morning that Digital Shadows has...
german election threats

Bringing Down the Wahl: Three Threats to the German Federal Election

September 14, 2017 | 7 Min Read

Hacking has become the boogie man of political...
Exploit Kits

Fluctuation in the Exploit Kit Market – Temporary Blip or Long-Term Trend?

August 16, 2017 | 5 Min Read

Exploit kit activity is waning. Collectively...
Criminal Markets Alpha Bay Hansa

Cybercrime Finds a Way, the Limited Impact of AlphaBay and Hansa’s Demise

August 7, 2017 | 5 Min Read

The law enforcement operations that took down the...
Texting SMS Cyber Threats

Reading Your Texts For Fun and Profit – How Criminals Subvert SMS-Based MFA

August 1, 2017 | 4 Min Read

Why Multi Factor? Read almost any cyber security...
Credit Card Fraud

Fraudsters Scoring Big – an Inside Look at the Carding Ecosystem

July 18, 2017 | 3 Min Read

In season two of the Netflix series Narcos, Pablo...
Criminal Market Place Bitcoin Virtual Currency

The Future of Marketplaces: Forecasting the Decentralized Model

July 17, 2017 | 4 Min Read

Last week we wrote about the disappearance of...
exploit kit

Petya-Like Wormable Malware: The “Who” and the “Why”

June 30, 2017 | 7 Min Read

Late on 27 June, the New York Times reported that...
Cyber Criminal Attack Vectors

Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

June 23, 2017 | 5 Min Read

Reporting on intrusions or attacks often dwells...
Dark Web Cyber Crime

Threats From the Dark Web

June 26, 2017 | 5 Min Read

Despite the hype associated with the dark web,...
Account Takeover Credential Stuffing

7 Tips for Protecting Against Account Takeovers

May 22, 2017 | 3 Min Read

In May 2017, an amalgamation of over 1 billion...
Company Anniversary Cyber Security

Digital Shadows’ 6th Anniversary

May 16, 2017 | 5 Min Read

It’s amazing to think that the idea James and I...
WannaCry Ransomware

5 Lessons from WannaCry: Preventing Attacks with Security Engineering

May 16, 2017 | 5 Min Read

With the recent news storm concerning the...
WannaCry Ransomware

WannaCry: The Early 2000s Called, They Want Their Worms Back

May 12, 2017 | 3 Min Read

Earlier today it was revealed that the United...
NIST Authentication

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past...
Brand Reputation Digital Risk

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each...
Threat Actors Cyber Criminals

The Usual Suspects: Understanding the Nuances of Actors’ Motivations and Capabilities

April 21, 2017 | 3 Min Read

When it comes to their adversaries, organizations...
French Election Cyber Threats

Liberté, égalité, securité: 4 Threats to the French Presidential Election

April 20, 2017 | 5 Min Read

French citizens will take to the polls on April...
Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National...
Mobile Threats

Monitoring the Mobile Threat Landscape

April 4, 2017 | 4 Min Read

The UK’s National Cyber Security Centre (NCSC)...
OpIsrael

OpIsrael Hacktivists Targeted By Unknown Threat Actor

March 30, 2017 | 3 Min Read

Ideologically-motivated “hacktivist” actors...
Turk Hack

Turk Hack Team and the “Netherlands Operation”

March 29, 2017 | 4 Min Read

Since mid-March, Turk Hack Team have been...
Tax Fraud

Tax Fraud in 2017

March 27, 2017 | 4 Min Read

The IRS recently released an alert that warned...
Dutch Flag

Dutch Elections – Looking Back at Cyber Activity

March 21, 2017 | 3 Min Read

Last week, I wrote about the potential threats to...
Digital Shadows Announcement

Five Reasons Why Alex Seton VP of Business and Corporate Development, Joined Digital Shadows

March 21, 2017 | 3 Min Read

What a great feeling to find a company that cuts...
Mobile App Screen

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

March 14, 2017 | 2 Min Read

Organizations face a wide range of risks online,...
Dutch Elections Red Pencil

Back to the red pencil – Cyber threats to the Dutch elections

March 13, 2017 | 5 Min Read

Over the weekend, media reports surfaced about...
Financial Threats

Learning from the Top Threats Financial Services Faced in 2016

March 8, 2017 | 2 Min Read

Organizations operating within the financial...
Blaze Exploit Kit

New “Blaze” exploit kit claims to exploit recent Cisco WebEx vulnerability

March 2, 2017 | 4 Min Read

A previously undetected exploit kit has been...
Sunset Stock

Sun to Set on BEPS/Sundown Exploit Kit?

February 22, 2017 | 4 Min Read

On February 13, 2017, the security researcher...
Valentines Day

Four Things to Look Out for This Valentine’s Day

February 14, 2017 | 4 Min Read

Consumers are increasingly moving to the Internet...
Malware Taylor Swift

An unusually Swift(tay) malware delivery tactic

February 9, 2017 | 5 Min Read

While doing some background research into recent...
Mongo DB

How the Frenzy Unfolded: Analyzing Various Mongo Extortion Campaigns

February 7, 2017 | 4 Min Read

The MongoDB “ransom” pandemic, which has been...
Super Bowl 2017

Ready for the Blitz: Assessing the Threats to Super Bowl LI

February 2, 2017 | 4 Min Read

Like any major event, Super Bowl LI brings with...
ATM Malware

Making Cents of ATM Malware Campaigns – Comparing and Contrasting Operational Methodologies

January 30, 2017 | 4 Min Read

Throughout 2016 some of the most notable...
Two Factor Authentication

Dial “M” for malware: Two-factor scamming

January 26, 2017 | 4 Min Read

Adversaries are developing new ways of attacking...
Ripper cc

Innovation in The Underworld: Reducing the Risk of Ripper Fraud

January 23, 2017 | 7 Min Read

Reputation is incredibly important for business....
Calendar Threats for 2017

Known Unknowns: Key Events to Keep Your Eyes Out for in 2017

January 19, 2017 | 3 Min Read

On Friday, millions will tune in to see Donald...
Keyboard

All You Can Delete MongoDB Buffet

January 12, 2017 | 4 Min Read

A number of extortion actors were detected...
Website

10 Ways You Can Prepare for DDoS Attacks in 2017

January 11, 2017 | 1 Min Read

At the end of last month, we published a paper...
Anonymous Hacktivist

Mirai: A Turning Point For Hacktivism?

December 16, 2016 | 5 Min Read

A “digital nuclear attack”. A “zombie...
Trojan

Coming to a Country Near You? The Rapid Development of The TrickBot Trojan

December 16, 2016 | 4 Min Read

Since the discovery of TrickBot in September...
DDoS Extortion

Crowdsourced DDoS Extortion – A Worrying Development?

December 13, 2016 | 3 Min Read

We all know about DDoS extortion – the process...
Top 3 blogs

The Top Three Most Popular Blogs of 2016

December 8, 2016 | 2 Min Read

It’s been a great year for the Digital Shadows...
Chess Game

A Model of Success: Anticipating Your Attackers’ Moves

December 1, 2016 | 4 Min Read

In a previous blog, we discussed the role of...
Retail Cyber Threats

Windows Shopping: 7 Threats To Look Out For This Holiday Season

November 23, 2016 | 5 Min Read

Thanksgiving, Black Friday, Cyber Monday,...
Ransomware as a service

Ransomware-as-a-service: The Business Case

November 22, 2016 | 4 Min Read

It can be tempting to dismiss cybercriminal...
Media and Broadcasting Threats

Top 5 Threats to the Media and Broadcasting Industry

November 11, 2016 | 3 Min Read

For media and broadcasting organizations, the...
Code

Surveying the Criminal Market

November 8, 2016 | 3 Min Read

It’s no secret your personal information and...
Social Media Oversharing

Overexposed and Under-Prepared; The Risks of Oversharing Online

November 8, 2016 | 4 Min Read

I have a confession to make. I know where you...
Email Security

Five Tips For Better Email Security

November 8, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Adaptation

Resilience: Adapt or Fail

October 28, 2016 | 5 Min Read

“But it ain’t how hard you hit; it’s about...
Anonymous Poland

Anonymous Poland – Not Your Typical Hacktivist Group

October 28, 2016 | 4 Min Read

On October 29, 2016 a Twitter account associated...
Device Security

Don’t Break the Internet, Fix Your Smart Devices

October 25, 2016 | 4 Min Read

The Distributed Denial of Service (DDoS) attack,...
American Election Threats

Rocking the Vote? The Effects of Cyber Activity On The U.S. Election

October 25, 2016 | 5 Min Read

Contrary to some media reporting, our latest...
US Polling Data

Targeting of Elections; Old News, Fresh Tactics

October 25, 2016 | 4 Min Read

There has been no shortage of media coverage...
Domain Squatting

Squashing Domain Squatting

October 24, 2016 | 6 Min Read

Digital Shadows was recently the victim of a...
Combatting Online Crime With “Needle-Rich Haystacks”

Combatting Online Crime With “Needle-Rich Haystacks”

October 18, 2016 | 3 Min Read

At Digital Shadows our analyst team is...
4 Tricks to Make a Cybersecurity Training a Treat

4 Tricks to Make a Cybersecurity Training a Treat

October 12, 2016 | 3 Min Read

A Halloween nightmare: Thunderstorms rage...
Professional Services Digital Shadows

Digital Risk Monitoring Is A Service, Not a Distinct Capability

October 11, 2016 | 2 Min Read

Digital Shadows was recently recognized as a...
cyberattacks

Do Not Invite Them In: What “Human Error” Can Mean In Practice

October 6, 2016 | 4 Min Read

Although you may or may not be a fan of vampire...
Plumbing the Depths: the Telnet protocol

Plumbing the Depths: the Telnet protocol

October 3, 2016 | 4 Min Read

On October 1, 2016 Krebs on Security reported...
Exploit kit

Swotting Up On Exploit Kit Infection Vectors

October 3, 2016 | 3 Min Read

Exploit kit users need to drive web traffic to...
Phishful Of Dollars: BEC Remains Top Of The Charts

Phishful Of Dollars: BEC Remains Top Of The Charts

October 3, 2016 | 3 Min Read

Business email compromise (BEC) is not going...
Five Tips To Make Your Passwords Better

Five Tips To Make Your Passwords Better

September 26, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Forrester

Digital Risk Monitoring Can Negate ‘Indicators of Exhaustion’

September 26, 2016 | 2 Min Read

When I first joined Digital Shadows in January, I...
exploit kits

Three easy tips to staying safe online

September 19, 2016 | 4 Min Read

While security is everyone’s responsibility,...
exploit kit

Forecasting the exploit kit landscape

September 15, 2016 | 5 Min Read

We’ve previously written on the most popular...
exploit kit

Understanding Exploit Kits’ Most Popular Vulnerabilities

September 12, 2016 | 2 Min Read

One significant aspect of mitigating the risk...
OpSilence

Hacktivism, it’s not all DoSing around

September 12, 2016 | 4 Min Read

Hacktivism isn’t all high levels of low impact...
SCADA hacks

Show me the context: The hacking proof of concept

September 8, 2016 | 2 Min Read

A common feature at security conferences,...
DD4BC

Bozkurt to Buhtrap: Cyber threats affecting financial institutions in 1H 2016

August 23, 2016 | 3 Min Read

At the beginning of 2016, it was reported that...
security culture

Security Culture: You’re only as strong as your team

August 18, 2016 | 4 Min Read

When you’re hurt you feel pain, you see a cut...
OpOlympicHacking

Forecasting OpOlympicHacking

August 15, 2016 | 3 Min Read

We recently published a report on the eight...
thedarkoverlord

“Air cover” – cybercriminal marketing and the media

August 10, 2016 | 3 Min Read

For a new or relatively unknown cybercriminal...
Photo URL

Overexposure – photos as the missing link

August 3, 2016 | 3 Min Read

You have heard it all before ­– recycling...
OpOlympicHacking

More Data Leaks as part of OpOlympicHacking

July 28, 2016 | 2 Min Read

In our recent research, we demonstrated eight...
Anonymous Brasil

Tracking the Field: Eight cybersecurity considerations around Rio 2016

July 25, 2016 | 2 Min Read

Last week, we saw reports of individuals arrested...
PoodleCorp

PoodleCorp: in the business of kudos

July 22, 2016 | 5 Min Read

PoodleCorp claimed to have successfully rendered...
DDoS

Three Tactics Behind Cyber Extortion

July 11, 2016 | 3 Min Read

As explained in a previous blog, extortion is not...
Dridex

Modern crimeware campaigns – two bytes of the cherry

July 5, 2016 | 3 Min Read

To a Columbian drug lord, the most valuable...
SHA1

Recycling, bad for your environment!

June 27, 2016 | 4 Min Read

The news is constantly flooded with yet another...
Silk Road

The philosophical difference between the Old and New Schools of the cybercriminal underground

June 27, 2016 | 3 Min Read

I would recommend that anyone interested in the...
EU

Forecasting the implications for cybersecurity in Britain after Thursday’s referendum

June 21, 2016 | 4 Min Read

On Thursday, the United Kingdom goes to the polls...
dark web

Shining a light on the dark web

June 21, 2016 | 3 Min Read

The dark web receives more than its fair share of...
OPSEC

OPSEC versus branding – the cyber criminal’s dilemma

June 17, 2016 | 3 Min Read

Like any business, cybercriminals offering...
TeamViewer

“Hidden” TeamViewer service advertised on criminal forum

June 17, 2016 | 5 Min Read

Over the last few weeks, there have been a number...
Cyber extortion

Your money or your data: Keeping up-to-date with the innovation

June 17, 2016 | 2 Min Read

DDoS extortion and ransomware attacks have...
Business email compromises

Are you at risk from business email compromise?

June 6, 2016 | 3 Min Read

Business email compromises (BEC) are on the rise....
OpOlympicHacking

Hacktivism: same old, same old?

June 3, 2016 | 4 Min Read

Cyber activists, or hacktivists, have become a...
OPSEC

The OPSEC Opportunity

May 31, 2016 | 2 Min Read

Operations Security (OPSEC) has long been a key...
Advanced Persistent Threat

The Plan is Mightier than the Sword – Re(sources)

May 24, 2016 | 3 Min Read

After having discussed the importance of planning...
OpIcarus

OpIcarus – Increased Claims Against Financial Institutions

May 23, 2016 | 3 Min Read

There’s no shortage of online hacktivist...
Goliath malware

Goliath ransomware, giant problem or giant con?

May 17, 2016 | 3 Min Read

Ransomware can cause big problems for individuals...
Digital Shadows Announcement

Digital Shadows – The Innovation Continues

May 13, 2016 | 2 Min Read

This week, Digital Shadows will turn five years...
DBIR

Analyzing the 2016 Verizon Data Breach Investigations Report

May 2, 2016 | 4 Min Read

Last week Verizon released the 2016 Data Breach...
OpIsrael

OpIsrael: An Update

April 6, 2016 | 3 Min Read

Last month our intelligence team published a blog...
Email Compromise

URGENT, ACT. RQD: Navigating Business Email Compromise

April 4, 2016 | 3 Min Read

Call me phishmail. Whaling ­– also known as...
dark web

Dark web: More than just a bastion of criminality

March 31, 2016 | 3 Min Read

For many people, the term “dark web” refers...
Mergers and acquisitions

It’s time to put the diligence into your M&A due diligence

March 29, 2016 | 2 Min Read

The headlines resulting from the Target/Fazio...
Automated Vending Carts

Online credit card shops – a numbers game

March 21, 2016 | 3 Min Read

You may have recently read headlines about an...
ASOR Hack Team

OpOlympicHacking: A hurdle for Rio’s sponsors to vault

February 22, 2016 | 3 Min Read

This month Anonymous Brazil and an affiliate...
bitcoin

Why Go Through the Trouble to Tumble?

February 17, 2016 | 3 Min Read

Today you can purchase a pizza in Berlin and pay...
PoS system

Surviving the threats posed by PoS malware

February 2, 2016 | 3 Min Read

These days, you can’t go into a store or mall...
Israeli Cyber Attack

“Largest cyber attack” on Israel lacks power

February 1, 2016 | 3 Min Read

On 26 January, Yuval Steinitz, the Israeli...
Digital Shadows Announcement

Why I joined Digital Shadows

January 28, 2016 | 3 Min Read

Departing Forrester Research wasn’t an easy...
Bloomberg Business

Digital Shadows honored as Bloomberg Business Top Innovator

January 26, 2016 | 1 Min Read

We're pleased to announce that Bloomberg Business...
OpKillngBay

Escalation in OpKillingBay

January 25, 2016 | 3 Min Read

There has been a noticeable recent increase in...
web hosting

Criminal services – Bulletproof hosting

January 21, 2016 | 2 Min Read

Cybercrime can be a lucrative business if you do...
Digital Shadows Announcement

Digital Shadows Welcomes Rick Holland as Vice President of Strategy

January 19, 2016 | 1 Min Read

Last year was an exciting time for Digital...
DD4BC

DD4BC Arrests: What Now for Extortion?

January 15, 2016 | 3 Min Read

Earlier this week, Europol published a press...
exploit kits

A Complex Threat Landscape

January 13, 2016 | 2 Min Read

Achieving a better understanding of the threat...
Remote Access Trojan

RATs: Invasion of Your Privacy

January 11, 2016 | 2 Min Read

When most people hear the word “RAT” they...
cryptocurrencies

Digital Currency and Getting Paid In The Underground

January 6, 2016 | 3 Min Read

It’s been said that money makes the world go...
Malware

Criminal Services – Crypting

December 18, 2015 | 3 Min Read

In the world of cybercrime, malicious software...
Hacker Buba

‘Hacker Buba’: Failed extortion, what next?

December 11, 2015 | 2 Min Read

An actor identifying itself as "Hacker Buba"...
Antivirus

Criminal Services – Counter Antivirus Services

November 30, 2015 | 4 Min Read

Infosecurity Magazine recently reported that two...
Crackas with attitude

Crackas With Attitude: What We’ve Learned

November 23, 2015 | 3 Min Read

One of the most active actors of the past several...
MitM

The Way of Hacking

November 10, 2015 | 3 Min Read

In the Japanese martial art of Aikido it is said...
ransomware

Emerging Markets: Online Extortion Matures via DDoS Attacks

November 9, 2015 | 5 Min Read

Unlike scenes from books or movies where shadowy...
crackas with attitude

Crackas With Attitude strike again?

October 28, 2015 | 2 Min Read

Last week, the New York Post reported that...
DDoS

Smilex: Dangers of Poor OpSec

October 27, 2015 | 3 Min Read

Background On 13 Oct 2015, it was revealed in an...
online carding

Online Carding

October 7, 2015 | 3 Min Read

There is no shortage of credit card information...
OPSEC

OPSEC and Trust In An Underground Cybercriminal Forum

September 9, 2015 | 4 Min Read

Introduction There are perhaps tens of thousands...
Digital Shadows Announcement

Digital Shadows Invited To 10 Downing Street

September 8, 2015 | 2 Min Read

Digital Shadows invited to 10 Downing...
Digital Shadows Announcement

Digital Shadows joins roundtable at 10 Downing Street

September 8, 2015 | 1 Min Read

Digital Shadows invited to 10 Downing...
Remote

Remote working at Digital Shadows

September 8, 2015 | 6 Min Read

This post will cover some of the challenges...
ransomware

Emerging Markets & Services: Ransomware-as-a-Service

September 7, 2015 | 5 Min Read

Emerging Markets & Services:...
duqu 2.0

Kaspersky Labs Discloses Duqu 2.0 Attack

September 7, 2015 | 4 Min Read

Introduction Today social media channels the...
Digital Shadows Announcement

Digital Shadows Integrates With Maltego Through Partnership With Malformity Labs

September 7, 2015 | 4 Min Read

The need for organizations to focus on their risk...
Extortion

Online Extortion – Old Ways, New Tricks

September 7, 2015 | 6 Min Read

Online Extortion - Old Ways, New...
Announcement

Exciting Times, Exciting Team at Digital Shadows

September 4, 2015 | 4 Min Read

Yesterday we announced that Stuart McClure,...
Digital Shadows Announcement

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

September 4, 2015 | 2 Min Read

One of the foundational values of Digital Shadows...
cyber extortion

Exploiting Is My Business…and Business Is Good

September 4, 2015 | 8 Min Read

Introduction Exploit kits are not new to the...