It’s been a great year for the Digital Shadows blog, we started it off winning the “Best New Security Blog or Podcast” at the Security Blogger Awards at RSA Conference. This year we produced a wide range of posts focusing on the activities of hacktivists, cybercriminals and nation state actors. When we looked back at this year’s statistics, there were three blogs that really resonated and caught the attention of our readers.
In November, following reports of fraudulent activity on some Tesco Bank customer accounts, there was a high level of ambiguity around how the attacks were conducted. This made it a good candidate for an Analysis of Competing Hypothesis (ACH). This blog post outlined four hypotheses and assessed the available evidence to ascertain which one was least inconsistent with the information available. This blog was picked up by The Register, who wrote their own article on the findings.
While researching the activities of the actor known by the alias “Tessa88”, we came across an outsourced online shop offering called deer.io. Just as we have seen with the DDoS-as-a-service market, there continues to be a lowering of barriers to entry for into the cybercriminal world. This site is a reminder that the dark web does not monopolize criminality, and the clear web can teach us just as much – if not more – about the activities of cybercriminals. This blog was picked up by a range of publications, such as Softpedia, Infosecurity Magazine and SC Magazine.
Third, our research into credential exposure revealed the extent to which organizations’ employees have been leaked online. As we continue to see reports of password reuse, the research provided an overview of how adversaries use this information and what you can do to protect yourself. This research went on to be featured in the Financial Times and Fortune.
Check out these three blogs and stayed tuned for some great content coming your way in 2017.
Fig 1: Some items from the Digital Shadows blog that were picked up by the media