It’s been a busy year on the Digital Shadows blog, with almost 150 blogs published since January 1. As we move into the tail end of 2018, I wanted to share some of the most popular blogs and themes for this year.
US-CERT Draws on Digital Shadows Research
It’s been a pleasure to have had our blogs featured in a couple of US CERT alerts. First, in July, we released research on the growing threats to ERP (Enterprise Resource Planning) Applications, which led to a US CERT alert, Malicious Cyber Activity Targeting ERP Applications, on the same topic.
Second, in October, our advice for securing PowerShell was referenced in US CERT’s note on how five publicly-available tools have been used for malicious purposes. You can read the full advisory here: Publicly Available Tools Seen in Cyber Incidents Worldwide.
MITRE ATT&CK Grows in Popularity
The MITRE ATT&CK framework, which provides a common vocabulary for how to talk about threat intelligence, has grown significantly in popularity and adoption in 2018. Drawing on the many indictments unsealed in 2018, we have published numerous blogs that map public indictments to the MITRE ATT&CK framework, including those against GRU for interference in 2016 US election, FIN7, FSB, and a North Korea Programmer. If you’re tired of reading, check out a podcast we recorded with Katie Nickels, the MITRE ATT&CK Threat Intelligence Lead, on this topic.
Mapping these indictments to the MITRE ATT&CK framework is useful, but it’s also important to map these to our defenses. That’s why we pulled all of these assessments together and mapped them to the ASD Essential 8, helping to understand how we can best mitigate many typical adversary behaviors.
Alarming Amount of Data Exposed
Unsurprisingly, 2018 was yet another year with eye-watering amounts of data exposed with 4.5 billion breached records in the first half of 2018. This was most recently demonstrated through the breach of 500 million Marriott records.
While some data is exposed through intrusions, a staggering amount of information is already inadvertently exposed through employees and third parties. Our “Too Much Information” research discovered over 1.5 billion files from a host of services, including Amazon S3 buckets, rsync, SMB, FTP, NAS drives, and misconfigured websites. Almost all countries are affected, but the United States experienced the most exposure with 239,607,590 files.
There’s plenty more to come in 2019, so don’t forget to stay in touch and subscribe to our threat intelligence emails.