Minimize your digital risk by detecting data loss, securing your online brand, and reducing your attack surface.
A powerful, easy-to-use search engine that combines structured technical data with content from the open, deep, and dark web.
Digital Risk Protection
Read our new practical guide to reducing digital risk.
New report recognizes Digital Shadows for strongest current offering, strategy, and market presence of 14 vendors profiled
Read Full Report
It’s been a great year for the Digital Shadows blog, we started it off winning the “Best New Security Blog or Podcast” at the Security Blogger Awards at RSA Conference. This year we produced a wide range of posts focusing on the activities of hacktivists, cybercriminals and nation state actors. When we looked back at this year’s statistics, there were three blogs that really resonated and caught the attention of our readers.
1. An Analysis of Competing Hypotheses for the Tesco Bank Incident
In November, following reports of fraudulent activity on some Tesco Bank customer accounts, there was a high level of ambiguity around how the attacks were conducted. This made it a good candidate for an Analysis of Competing Hypothesis (ACH). This blog post outlined four hypotheses and assessed the available evidence to ascertain which one was least inconsistent with the information available. This blog was picked up by The Register, who wrote their own article on the findings.
Analytical tradecraft has been popular among readers, with previous blogs on the Intelligence Cycle and Language of Uncertainty having also attracted significant attention.
2. Deer.io: Your One Stop Shop For Cybercrime
While researching the activities of the actor known by the alias “Tessa88”, we came across an outsourced online shop offering called deer.io. Just as we have seen with the DDoS-as-a-service market, there continues to be a lowering of barriers to entry for into the cybercriminal world. This site is a reminder that the dark web does not monopolize criminality, and the clear web can teach us just as much – if not more – about the activities of cybercriminals. This blog was picked up by a range of publications, such as Softpedia, Infosecurity Magazine and SC Magazine.
3. 97 percent of the top 1000 companies suffer from credential compromise
Third, our research into credential exposure revealed the extent to which organizations’ employees have been leaked online. As we continue to see reports of password reuse, the research provided an overview of how adversaries use this information and what you can do to protect yourself. This research went on to be featured in the Financial Times and Fortune.
Check out these three blogs and stayed tuned for some great content coming your way in 2017.
Fig 1: Some items from the Digital Shadows blog that were picked up by the media