Threat Intelligence Feeds: Why Context is Key

Threat Intelligence Feeds: Why Context is Key
Photon Research Team
Read More From Photon Research Team
May 7, 2020 | 10 Min Read

Key Takeaways:

  • Choosing which threat intelligence feeds to rely on can be a daunting task: Different feeds provide varying levels of raw data and information. Organizations need to have a clear set of requirements in mind to ensure what they pull in can be relevant.
  • Context is king. Understanding how and from where your feeds get their information will help determine the process that turns data points into actionable intelligence.
  • Threat intelligence feeds can be consumed and processed in a variety of ways. Digital Shadows SearchLight and Shadow Search can help enrich information from feeds and provide critical context to power investigations.

What are Threat Intelligence Feeds?

Whether you’re a security operations center (SOC) analyst, part of an incident response team, or just an infosec nerd, you’ve likely felt the pain associated with threat intelligence feeds. On the surface, threat intelligence feeds are precisely what they sound like: Continuously updated feeds that provide external information or data on existing or potential risks and threats. In practice, however, there are a few differences that set different feeds apart from each other. Mainly, the type of content they provide.

Threat intelligence feeds are a bit of a misnomer. Whether they provide hashes, indicators of compromise (IOCs), or domain names, very few feeds provide actual “intelligence.” It is then up to security analysts to take this data or information, process it, and turn it into actionable intelligence (which almost always requires additional effort).

Information vs. intelligence (and to an extent, data). David Bianco’s well known (https://twitter.com/davidjbianco) “Pyramid of Pain” is an excellent way illustrating the types of indicators that are out there, but also how much pain they can cause your adversaries. The “good stuff” is at the top of the pyramid.

The Pyramid of Pain

Data vs. information vs. intelligence

These terms are often used interchangeably, but when it comes to threat intelligence feeds, there are differences. Though they’re called “intelligence” feeds, many consist of information or data, rather than curated intelligence. For defenders, continuous streams of alerts without context can become exhausting, turning indicators of compromise into what Digital Shadows CISO Rick Holland calls “indicators of exhaustion.” Information overload can result in security teams drowning in alerts.

Data can be understood as being raw and unprocessed. Think of these feeds as those who provide data points like IP addresses, URLs, and IOCs. This type of data is useful, but only provides a small part of the story.

Information is data that is structured and given context. This brings data into focus and answers specific questions e.g., is this domain actively hosting malicious content?

Intelligence can be broadly defined as actionable information that is taken in context alongside specific requirements. This is the next step up from information; intelligence can help inform decisions: Being actionable is a critical differentiating factor between intelligence and data/information. Good intelligence allows an organization to prioritize its efforts and take proactive action against cyber threats.

This doesn’t necessarily make feeds that provide raw data useless: They can still play a role in producing intelligence. Often, feeds are the first place groups start on their threat intelligence journey: Less mature security teams may gravitate towards threat intelligence feeds because they seem to be the most accessible, especially when you are budget constrained. But knowing precisely what you are looking for, what problem you want to solve, and also recognizing the limitations of threat intelligence feeds is critical. One of the ways security teams can do this is by establishing intelligence requirements and aligning these to threat intelligence feeds. Practices like threat modeling (structuring thinking around what critical assets an organization has and which are the likely threats to that organization) can streamline this process and provide direction.

This not only makes the daunting task of narrowing down which feeds to use a little bit easier but also helps teams get the most value.

Threat intelligence feeds examples

There are a ton of different threat intelligence feeds out there. This GitHub page is a great resource that has links to over 75 different feeds, as well as useful information on different standardized formats, frameworks, platforms, and services for sharing threat intelligence.

One thing we like about this list is that it highlights the importance of context and analysis we mentioned above:

“A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence.”

Here are a couple of recommended feeds picked by Digital Shadows that have been particularly useful, just be aware of the limitations of threat feeds.

  1. AlienVault OTX
    AlienVault Open Threat Exchange (OTX) (https://twitter.com/OTX) is a crowd-sourced threat intelligence sharing platform. Threat data in OTX is referred to as pulses, which can consist of anything from IOCs to IP addresses: These pulses can be commented on and upvoted by the OTX community. Any contributions are stripped of any identifiers, allowing organizations to safely share their data. OTX also facilitates information sharing via closed communities, where participants can have in-depth discussions on cyber threat trends.

  2. DomainTools
    DomainTools (https://twitter.com/DomainTools) provides a variety of services related to WHOIS and DNS lookups. Their Iris tool is incredibly useful for digital investigations and has an excellent user interface that supports link and association analysis for malicious domains. Though DomainTools isn’t a traditional threat intelligence feed, it is perhaps one of the most topical: DomainTools currently curates a free list of potentially suspicious domains related to the ongoing COVID-19 pandemic to help organizations mitigate against threat actors taking advantage of the pandemic. This list is updated daily, provides domain names, creation dates, risk scores, and currently sits at over 138,000 registered domains.

  3. Abuse.ch
    Abuse.ch (https://twitter.com/abuse_ch) is an excellent non-profit source that maintains different projects which provide data to help protect organizations from various types of malicious activity. This includes MalwareBazaar, which consists of a database of malware types, hashes, and signatures from members of the the infosec community, antivirus vendors, and threat intelligence providers; Feodo Tracker, which shares botnet command-and-control (C2) servers and blocklists associated with the Feodo malware family; I Got Phished, which collects and shares information on known phishing campaigns; SSL Blacklist (SSLBL), which has information on malicious SSL connections and blacklisted SSL certificates used by botnet C2 servers; and URLhaus, which shares malicious URLs that are being used for malware distribution.

  4. The Spamhaus Project
    SpamHaus, created by Steve Linford (https://twitter.com/stevelinford) is a non-profit project that tracks spam and other related cyber threats such as phishing, malware, and botnets. Data from SpamHaus is used by Internet service providers (ISPs) and email providers around the globe to identify and block malicious traffic. The organization also works with law enforcement agencies to identify and pursue spam and malware sources worldwide and compiles profiles, backgrounds, and evidence on spam operators.

  5. PhishTank
    PhishTank is a crowd-sourced anti-phishing service operated by OpenDNS that provides free data as well as API access. PhishTank contributors can submit, verify, track, and share data related to phishing attacks. Their website can also be used to spot-check potentially malicious domains to see if other users have previously reported them.

  6. ThreatMiner
    ThreatMiner, created by Michael Yip (https://twitter.com/michael_yip) is a service designed “to free analysts from data collection and provide intelligence analysts with a portal on which they can carry out their tasks, from reading reports to pivoting and data enrichment – all on a single portal.” It serves as an open-source search engine for information on IOCs such as domains, IP addresses, and malware hashes. Importantly, ThreatMiner also provides critical context for every IOC. As they state:

    “Without contextual information, an IOC is just a data point.”

  7. FireHOL IP Lists
    FireHOL focuses on cybercrime, and analyses and combines various security IP feeds related to cyber attacks, service abuse, malware, botnets, and C2 servers. FireHOL documents their evolution, geo-map, age, retention policy, and overlaps. The IP list combined by FireHOL can be used in conjunction with a firewall to block traffic to and from listed IP addresses.

  8. Shadowserver
    Popular among computer emergency response teams (CERTs), the Shadowserver Foundation (https://twitter.com/Shadowserver) is a non-profit organization that collects and analyzes data on a wide range of cyber threats, including malware and botnet activity; Shadowserver also runs a wide range of honeypots and honeyclients. When an organization subscribes to Shadowserver, they can provide data such as IP addresses, to get tailored reports with detected malicious traffic involving their assets. Report subscribers  can also filter and limit their feeds by various parameters such as geo-coordinates or Autonomous System Number (ASN): This helps ensure that the data you receive is more relevant.

And although not technically a threat intelligence feed, the Malware Information Sharing Platform (MISP) deserves a shoutout. MISP is a free and open-source threat intelligence platform co-financed by the European Union. It allows access to a variety of different feeds and also facilitates collecting, storing, distributing, and sharing IOCs and analyses of malware samples. Intelligence sharing between trusted partners is crucial for identifying threats, as MISP duly notes:

“Quite often similar organisations are targeted by the same Threat Actor, in the same or different Campaign. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enables collaborative analysis and prevents you from doing the work someone else already did before.”

How to enrich threat intelligence feeds with SearchLight

While many of the feeds mentioned in this blog are about the general threat landscape, in contrast, our SearchLight service provides intelligence that is fully tailored to an organization. We work with our customers to build unique collection plans based on their most valuable assets. Alerts from SearchLight are built around specific requirements to ensure they are directly relevant to the threats and risks customers are most concerned with.

Digital Shadows intelligence can also be integrated into a range of platforms. SearchLight integrates with all the leading threat intelligence platforms, such as Anomali, ThreatConnect, ThreatQuotient, and TruStar – as well as with a host of SIEM, Ticketing, SOAR, and Enforcement platforms. You can read all about our various integrations on our dedicated integrations page.

Increasingly, however, organizations have been using the data within SearchLight to enrich further their observables (access to SearchLight also grants access to Cylance Infinity, AlienVault, PhishTank, and Webroot – as well pastes, criminal forum posts, Twitter posts, and other data sources).

Customers can also use Shadow Search to investigate information from SearchLight alerts or threat intelligence feeds and enrich their investigations. For example, if a customer receives an alert on exposed internal employee credentials, they can plug that information into Shadow Search to get critical contextual information on where the data leak originated/has been shared. If SearchLight detects a vulnerability on an organizations’ internet-facing applications, they can pivot into Shadow Search to gain additional context from NIST CVD, ExploitDB, and mentions across criminal locations. Additionally, if a customer uses a feed to gather IOCs about an active cyber campaign targeting their sector, Shadow Search can be used to help build a profile of previous activity or dark web forums and marketplaces where that threat actor is active. For example, this blog we published, Using Shadow Search to Power Investigations: Sextortion Campaigns, provides an overview of how to use Shadow Search to investigate a sextortion attack. These same methodologies can easily be applied to many other types of investigation.

If you want to have a play around with Shadow Search and see what results you get back, you can do so by signing up for Test Drive. This will give you seven days of free access to perform your own searches, as well as see some of the example alerts you would expect to receive.

test drive searchlight

And to stay up to date with our latest news and threat intelligence updates, subscribe to our email list below.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Cybersecurity Awareness Month: Week 3 – Securing Internet- Connected Devices in Healthcare

Cybersecurity Awareness Month: Week 3 – Securing Internet- Connected Devices in Healthcare

October 21, 2020 | 9 Min Read

The healthcare industry is increasingly...
Quarterly Update: Ransomware Trends in Q3

Quarterly Update: Ransomware Trends in Q3

October 19, 2020 | 8 Min Read

As we embark on the final months of 2020,...
Digital Shadows Analysis of Europol’s Cybercrime Report

Digital Shadows Analysis of Europol’s Cybercrime Report

October 14, 2020 | 12 Min Read

In early October 2020, Europol released...
Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

October 14, 2020 | 7 Min Read

This week, National Cyber Security Awareness...
Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations

Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations

October 13, 2020 | 11 Min Read

Since the start of the COVID-19 pandemic,...
Cybersecurity Awareness Month: Week 1 – If you Connect It, Protect It

Cybersecurity Awareness Month: Week 1 – If you Connect It, Protect It

October 8, 2020 | 6 Min Read

This week marks the opening week of the...
Help your development teams keep their keys safe

Help your development teams keep their keys safe

October 7, 2020 | 3 Min Read

Modern development practices are a blessing...
Let’s get ready to tumble! Bitcoin vs Monero

Let’s get ready to tumble! Bitcoin vs Monero

October 6, 2020 | 13 Min Read

Over the past ten years, cryptocurrencies...
Recent arrests and high-profile convictions: What does it mean for the cyber threat landscape?

Recent arrests and high-profile convictions: What does it mean for the cyber threat landscape?

September 30, 2020 | 13 Min Read

In the wonderful world of cyber threat...
Four Ways to Validate Credentials in SearchLight

Four Ways to Validate Credentials in SearchLight

September 29, 2020 | 3 Min Read

Amid the billions of credentials that are...
Cybercriminals Targeting SAP RECON

Cybercriminals Targeting SAP RECON

September 29, 2020 | 5 Min Read

Key takeaways From the discussions that...
Unpicking Cybercriminals’ Personalities – Part 2:  Morality and Forum Dynamics

Unpicking Cybercriminals’ Personalities – Part 2: Morality and Forum Dynamics

September 28, 2020 | 7 Min Read

In the first part of this blog series, we...
RECAP: Discussing deception  with Chris Sanders

RECAP: Discussing deception with Chris Sanders

September 24, 2020 | 3 Min Read

When I was a Forrester Research analyst, I...
Unpicking Cybercriminals’ Personalities – Part 1:  Gender and Nationality

Unpicking Cybercriminals’ Personalities – Part 1: Gender and Nationality

September 23, 2020 | 9 Min Read

It’s easy to fall into the trap of...
DarkSide: The new ransomware group behind highly targeted attacks

DarkSide: The new ransomware group behind highly targeted attacks

September 22, 2020 | 8 Min Read

We’ve recently observed the emergence of a...
ShadowTalk Update – Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel

ShadowTalk Update – Ed Merrett Joins To Talk HackableYou And The Latest In Threat Intel

September 21, 2020 | 2 Min Read

This week’s host Kacey is joined by...
With the Empire falling, who will take over the throne?

With the Empire falling, who will take over the throne?

September 16, 2020 | 10 Min Read

With the Empire falling, who will take over...
Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS...
ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

ShadowTalk Update – The Team Talks Baka, Epic Manchego, and Smaug, Plus Emotet Rides Again

September 14, 2020 | 2 Min Read

This week’s host Kacey is joined by...
Recruitment fraud: Don’t spook your dream candidates this halloween

Recruitment fraud: Don’t spook your dream candidates this halloween

September 10, 2020 | 4 Min Read

Everyone wants their dream job. Some people...
Cyber espionage: How to not get spooked by nation-state actors

Cyber espionage: How to not get spooked by nation-state actors

September 8, 2020 | 8 Min Read

In all the years I’ve worked in the...
Revisiting Typosquatting and the 2020 US Presidential Election

Revisiting Typosquatting and the 2020 US Presidential Election

September 2, 2020 | 11 Min Read

In October 2019, Digital Shadows’ Photon...
What is DevSecOps and Why Do We Need It?

What is DevSecOps and Why Do We Need It?

August 12, 2020 | 4 Min Read

DevSecOps, SecDevOps, and any...
Dread takes on the spammers – who will come out on top?

Dread takes on the spammers – who will come out on top?

August 28, 2020 | 9 Min Read

Spamming is an irritating and sometimes...
RECAP: Discussing the evolution and trends of cybercrime with Geoff White

RECAP: Discussing the evolution and trends of cybercrime with Geoff White

August 25, 2020 | 8 Min Read

In late July 2020, Digital Shadows had the...
Validate Exposed Credentials with Okta to Save Even More Time

Validate Exposed Credentials with Okta to Save Even More Time

August 24, 2020 | 3 Min Read

SearchLight customers can now automatically...
Dark Web Forums – The new kid on the block

Dark Web Forums – The new kid on the block

August 18, 2020 | 12 Min Read

Introducing DWF There’s a new kid on...
Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

Optiv CTIE 2020: COVID-19, cybercrime, and third-party risk

August 17, 2020 | 10 Min Read

Optiv recently released their 2020 Cyber...
ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

ShadowTalk Update – Defaced Subreddits, Intel Leak Drama on Twitter, and HIBP Goes Open-Source

August 17, 2020 | 2 Min Read

Alex, Kacey, and Charles host this week’s...
It’s even easier to initiate takedowns in SearchLight

It’s even easier to initiate takedowns in SearchLight

August 12, 2020 | 3 Min Read

When faced with infringing content, phishing...
Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

Escrow systems on cybercriminal forums: The Good, the Bad and the Ugly

August 11, 2020 | 15 Min Read

Just a few short months ago, the...
Saving the SOC from overload by operationalizing digital risk protection

Saving the SOC from overload by operationalizing digital risk protection

August 5, 2020 | 4 Min Read

As you may have seen last week, the latest...
The story of Nulled: Old dog, new tricks

The story of Nulled: Old dog, new tricks

August 4, 2020 | 9 Min Read

It is often said that old dogs have a hard...
ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

ShadowTalk Update – Garmin ransomware attack, QSnatch malware, and ShinyHunters Stage 2

August 3, 2020 | 3 Min Read

This week it’s a full house with ShadowTalk...
Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

Dark Web Travel Agencies Revisited: The Impact of Coronavirus on the Shadow Travel Industry

July 29, 2020 | 10 Min Read

Back in February, Digital Shadows published...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
Ransomware Trends in Q2: How Threat Intelligence Helps

Ransomware Trends in Q2: How Threat Intelligence Helps

July 22, 2020 | 8 Min Read

If you’re anything like me, it can be a...
Jira Atlassian SearchLight   Integration

Jira Atlassian SearchLight   Integration

July 21, 2020 | 2 Min Read

On average, it’s estimated that security teams...
Abracadabra! – CryptBB demystifying the illusion of the private forum

Abracadabra! – CryptBB demystifying the illusion of the private forum

July 15, 2020 | 8 Min Read

You wouldn’t usually associate cybercriminal...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat...
Tax Fraud in 2020: Down But Not Out

Tax Fraud in 2020: Down But Not Out

July 13, 2020 | 4 Min Read

After a three month extension, tomorrow marks...
From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

From Exposure to Takeover: Part 1. Beg, borrow, and steal your way in

July 7, 2020 | 9 Min Read

Account Takeover: Why criminals can’t...
Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the...
Security Threat Intel Products and Services: Mapping SearchLight

Security Threat Intel Products and Services: Mapping SearchLight

June 10, 2020 | 6 Min Read

For those of you who have not yet seen, Gartner...
CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

CISA and FBI alert: Top vulnerabilities exploited from 2016-2019 and trends from 2020

June 9, 2020 | 7 Min Read

A couple of weeks ago, the United States...
3 Phishing Trends Organizations Should Watch Out For

3 Phishing Trends Organizations Should Watch Out For

May 20, 2020 | 16 Min Read

It’s only May, and is it just me, or has this...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair...
ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

ShadowTalk Update – Microsoft Teams ATO Vulnerability, APT32, & Uptick In Ransomware

May 1, 2020 | 3 Min Read

Jamie, Adam, and Demelza join Viktoria for this...
What ‘The Wire’ can teach us about cybersecurity

What ‘The Wire’ can teach us about cybersecurity

April 21, 2020 | 12 Min Read

In the current era of self-isolation, remote...
ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

ShadowTalk Update – SFO Airport Hack, Fin6, And Sodinokibi Switching From Bitcoin To Monero

April 20, 2020 | 2 Min Read

This week we have new ShadowTalk guest joining us...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing...
Top Priorities for 3rd party risk assessments

Top Priorities for 3rd party risk assessments

April 16, 2020 | 6 Min Read

If you’re like me, you’re probably tired of...
ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

ShadowTalk Update – COVID-19 Third Party App Risks, Zoom, and DarkHotel Hackers

April 13, 2020 | 3 Min Read

Coming to you from Dallas this week - we have...
COVID-19: Risks of Third-Party Apps

COVID-19: Risks of Third-Party Apps

April 7, 2020 | 7 Min Read

As the global community continues to pursue...
The Digital Risk Underdog: Remediation

The Digital Risk Underdog: Remediation

April 1, 2020 | 4 Min Read

When it comes to evaluating threat intelligence...
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

ShadowTalk Update – Remote Worker Threat Model And Cybercrime Updates

March 30, 2020 | 2 Min Read

This week the team looks at some...
COVID-19: Companies and Verticals At Risk For Cyber Attacks

COVID-19: Companies and Verticals At Risk For Cyber Attacks

March 26, 2020 | 8 Min Read

  In our recent blog, How cybercriminals...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but...
ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

ShadowTalk Update – Data Breaches, Stalkerware, and Dopplepaymer ransomware

March 2, 2020 | 2 Min Read

Coming to you from Dallas this week -...
Mapping MITRE ATT&CK to the Equifax Indictment

Mapping MITRE ATT&CK to the Equifax Indictment

February 24, 2020 | 6 Min Read

  On Monday, February 10th, the United...
The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

The evolving story of the Citrix ADC Vulnerability: Ears to the Ground

February 18, 2020 | 4 Min Read

  The dust hasn’t quite settled on the...
ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

ShadowTalk Update – OurMine Hacks, Equifax Indictment, and SWIFT POC attack

February 17, 2020 | 2 Min Read

Roses are red, violets are blue, here’s...
The Devil, the Details, and the Analysis of Competing Hypothesis

The Devil, the Details, and the Analysis of Competing Hypothesis

February 13, 2020 | 5 Min Read

  Digital Shadows’ Photon Research Team...
ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

ShadowTalk Update – CTI Frameworks, Wawa Breach Updates, APT34, and Coronavirus Phishing Scams

February 10, 2020 | 3 Min Read

In this week’s episode, Jamie starts by...
The Iowa Caucus: Third-Party Apps Can Be Risky Business

The Iowa Caucus: Third-Party Apps Can Be Risky Business

February 6, 2020 | 7 Min Read

  If you’ve seen HBO’s Silicon...
Red Team Blues: A 10 step security program for Windows Active Directory environments

Red Team Blues: A 10 step security program for Windows Active Directory environments

February 6, 2020 | 9 Min Read

  A fun tweet crossed our path recently,...
How to Operationalize Threat Intelligence: Actionability and Context

How to Operationalize Threat Intelligence: Actionability and Context

February 5, 2020 | 5 Min Read

  In 1988 the idea of a Computer...
ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

ShadowTalk Update – SANS CTI Summit, Snake Ransomware, CacheOut, and Citrix Vuln Update

February 3, 2020 | 3 Min Read

Rick Holland jumps in to kick-off this...
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks

January 29, 2020 | 7 Min Read

  As the cyber threat intelligence (CTI)...
SANS Cyber Threat Intelligence Summit 2020: A Recap

SANS Cyber Threat Intelligence Summit 2020: A Recap

January 28, 2020 | 9 Min Read

  Last week I attended the eighth annual...
ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

ShadowTalk Update – NSA Vulnerability Disclosure, Ransomware News, and Iran Updates

January 20, 2020 | 3 Min Read

Kacey, Charles, Alex, and Harrison host...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the...
NSA Vulnerability Disclosure: Pros and Cons

NSA Vulnerability Disclosure: Pros and Cons

January 15, 2020 | 5 Min Read

  On Monday, January 13th, Brian Krebs...
CVE-2019-19781: Analyzing the Exploit

CVE-2019-19781: Analyzing the Exploit

January 14, 2020 | 4 Min Read

  On December 17th 2019, CVE-2019-19781...
Iran and the United States – start of the long war or return to normal?

Iran and the United States – start of the long war or return to normal?

January 13, 2020 | 9 Min Read

  On 03 Jan 2020, the United States...
Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8

January 7, 2020 | 6 Min Read

  With the recent news of Qasem Soleimani...
Iran and Soleimani: Monitoring the Situation

Iran and Soleimani: Monitoring the Situation

January 7, 2020 | 9 Min Read

*This blog has been updated as of Jan 9,...
Iranian Cyber Threats: Practical Advice for Security Professionals

Iranian Cyber Threats: Practical Advice for Security Professionals

January 6, 2020 | 8 Min Read

Unless you went very dark for an extended holiday...
Threat Intelligence: A Deep Dive

Threat Intelligence: A Deep Dive

December 12, 2019 | 21 Min Read

Welcome to our deep dive on threat intelligence:...
A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias

December 5, 2019 | 9 Min Read

  In an industry prone to going overboard...
ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

ShadowTalk Update – RIPlace, Trickbot, and Russian-language forum Probiv

December 2, 2019 | 3 Min Read

No ShadowTalk podcast episode this week, but...
ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

ShadowTalk Update – Black Friday Deals on the Dark Web, Phineas Fisher Manifesto, and DarkMarket

November 25, 2019 | 3 Min Read

Adam Cook and Viktoria Austin talk through the...
BSidesDFW 2019: OSINT Workshop Recap

BSidesDFW 2019: OSINT Workshop Recap

November 18, 2019 | 5 Min Read

  A few Saturdays ago, we had the...
ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

ShadowTalk Update – BSidesDFW Recap, Dynamic CVV Analysis, and the Facebook Camera Bug

November 18, 2019 | 3 Min Read

Dallas is sound effects and all this week with...
Dynamic CVVs: 2FA 2Furious

Dynamic CVVs: 2FA 2Furious

November 12, 2019 | 5 Min Read

  The security community is quick to...
ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

ShadowTalk Update – BlueKeep Attacks, Megacortex Ransomware, and Web.com Breach

November 11, 2019 | 3 Min Read

This week the London team looks at the following...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

November 4, 2019 | 4 Min Read

Adam Cook, Philip Doherty, and Viktoria Austin...
Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums

October 31, 2019 | 6 Min Read

  With the recent breach that targeted...
Cybercriminal credit card stores: Is Brian out of the club?

Cybercriminal credit card stores: Is Brian out of the club?

October 31, 2019 | 8 Min Read

  If you’re an avid follower of Digital...
Your Cyber Security Career – Press start to begin

Your Cyber Security Career – Press start to begin

October 30, 2019 | 13 Min Read

  October was Cyber Security Awareness...
Australia Cyber Threat Landscape report (H1 2019)

Australia Cyber Threat Landscape report (H1 2019)

October 29, 2019 | 5 Min Read

Depending on where you are in the world, October...
ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

ShadowTalk Update – Avast Breach Attempt, NordVPN Breach, and Wifi Security Risks

October 25, 2019 | 3 Min Read

We’ve got all 3 ShadowTalk hosts in Dallas this...
WiFi Security: Dispelling myths of using public networks

WiFi Security: Dispelling myths of using public networks

October 23, 2019 | 9 Min Read

We have all seen many articles, blogs, endless...
Japan Cyber Threat Landscape report (H1 2019)

Japan Cyber Threat Landscape report (H1 2019)

October 22, 2019 | 5 Min Read

Japan: currently the host of the multi-national...
ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

ShadowTalk Update – Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability

October 18, 2019 | 3 Min Read

Kacey, Charles, Harrison, and Alex kick off this...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019 | 9 Min Read

Honeypots can be useful tools for gathering...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground

October 16, 2019 | 15 Min Read

Typosquatting. It’s a phrase most of us know in...
ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

ShadowTalk Update – Iran-linked APT35, Skimming by Magecart 4, Rancour, and Emotet Resurgence

October 11, 2019 | 3 Min Read

We’re back in London this week! Viktoria chats...
ANU Breach Report: Mapping to Mitre ATT&CK Framework

ANU Breach Report: Mapping to Mitre ATT&CK Framework

October 11, 2019 | 14 Min Read

Introduction This week, the Australian National...
Top Threat Intelligence Podcasts to Add to Your Playlist

Top Threat Intelligence Podcasts to Add to Your Playlist

October 3, 2019 | 4 Min Read

Looking for some new threat intelligence podcasts...
Domain Squatting: The Phisher-man’s Friend

Domain Squatting: The Phisher-man’s Friend

October 1, 2019 | 8 Min Read

In the past we have talked about the internal...
ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

ShadowTalk Update – Tortoiseshell Targets IT Providers, the Tyurin Indictment, and Emotet’s Return

September 27, 2019 | 4 Min Read

Viktoria hosts this week’s episode in London...
Singapore Cyber Threat Landscape report (H1 2019)

Singapore Cyber Threat Landscape report (H1 2019)

September 26, 2019 | 7 Min Read

Despite being the second smallest country in...
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework

September 25, 2019 | 7 Min Read

Between 2012 to mid-2015, U.S. financial...
Nemty Ransomware: Slow and Steady Wins the Race?

Nemty Ransomware: Slow and Steady Wins the Race?

September 19, 2019 | 3 Min Read

As we outlined recently, ransomware is a key...
NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries

September 18, 2019 | 7 Min Read

The United Kingdom’s National Cyber Security...
Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

Mapping the NIST Cybersecurity Framework to SearchLight: Eating our own BBQ

September 10, 2019 | 2 Min Read

Back in February, I wrote about how we avoid the...
ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

ShadowTalk Update – Ryuk Ransomware, Twitter rids SMS tweets, and Facebook Records Exposed

September 9, 2019 | 3 Min Read

Alex, Alec, and Harrison are in the room today...
Emotet Returns: How To Track Its Updates

Emotet Returns: How To Track Its Updates

August 26, 2019 | 5 Min Read

What is Emotet? Emotet started life as a banking...
ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

ShadowTalk Update – Texas Ransomware Outbreaks and Phishing Attacks Using Custom 404 pages

August 23, 2019 | 3 Min Read

Charles Ragland (a brand new ShadowTalk-er!) and...
The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

The Nouns of Black Hat: People, Places, and Things From Summer Camp 2019

August 19, 2019 | 6 Min Read

Black Hat and DEFCON are a wrap! Digital Shadows...
Black Hat and DEFCON 2019 – Some of our Favorite Sessions

Black Hat and DEFCON 2019 – Some of our Favorite Sessions

August 19, 2019 | 9 Min Read

The team were fortunate to go to Black Hat and...
Recon Village: Panning for gold

Recon Village: Panning for gold

August 1, 2019 | 7 Min Read

Richard will be presenting ‘Asset Discovery:...
The Account Takeover Kill Chain: A Five Step Analysis

The Account Takeover Kill Chain: A Five Step Analysis

July 30, 2019 | 17 Min Read

It’s no secret that credential exposure is a...
ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

ShadowTalk Update – More BlueKeep updates, FSB contractor hacked, and the Enigma Market

July 29, 2019 | 3 Min Read

Christian and Travis sit down with Harrison to...
Harnessing Exposed Data to Enhance Cyber Intelligence

Harnessing Exposed Data to Enhance Cyber Intelligence

July 11, 2019 | 7 Min Read

  An illicit and lucrative trade has...
ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

ShadowTalk Update – XMRig Cryptocurrency Mining, FIN8 Backdoor, and Attacks Against Office 365

June 17, 2019 | 3 Min Read

This week Harrison is joined by Travis and Alec...
Managing Infosec Burnout: The Hidden Perpetrator

Managing Infosec Burnout: The Hidden Perpetrator

June 10, 2019 | 8 Min Read

The secret of the burnout epidemic lies in how we...
BlueKeep: Cutting through the hype to prepare your organization

BlueKeep: Cutting through the hype to prepare your organization

May 24, 2019 | 8 Min Read

Over the last week we have all been tuning into...
Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

Mapping Iran’s Rana Institute to MITRE Pre-ATT&CK™ and ATT&CK™

May 15, 2019 | 15 Min Read

The internet has been aflame with discussions...
Cyber Talent Gap: How to Do More With Less

Cyber Talent Gap: How to Do More With Less

May 14, 2019 | 5 Min Read

The challenge facing us today is twofold: not...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 13, 2019 | 4 Min Read

Kacey and Alex join HVR this week to talk through...
ShadowTalk Update – 5.06.19

ShadowTalk Update – 5.06.19

May 6, 2019 | 3 Min Read

Phil and newcomer Benjamin Newman join Harrison...
ShadowTalk Update – 4.29.19

ShadowTalk Update – 4.29.19

April 29, 2019 | 3 Min Read

Jamie and Alex are back with Harrison this week...
ShadowTalk Update – 4.22.19

ShadowTalk Update – 4.22.19

April 22, 2019 | 3 Min Read

This week the team discusses an unidentified...
ShadowTalk Update – 4.15.19

ShadowTalk Update – 4.15.19

April 15, 2019 | 4 Min Read

Christian and Jamie join Harrison for another...
Reducing your attack surface

Reducing your attack surface

April 9, 2019 | 4 Min Read

What is an attack surface According to OWASP, an...
ShadowTalk Update – 4.8.19

ShadowTalk Update – 4.8.19

April 8, 2019 | 3 Min Read

Jamie, Alex and Zuko sit down with Harrison to...
Predator: Modeling the attacker’s mindset

Predator: Modeling the attacker’s mindset

April 2, 2019 | 6 Min Read

Author: Richard Gold  The phrases...
ShadowTalk Update – 4.1.19

ShadowTalk Update – 4.1.19

March 29, 2019 | 3 Min Read

Christian and Jamie sit down with Harrison to...
ShadowTalk Update – 3.25.19

ShadowTalk Update – 3.25.19

March 25, 2019 | 4 Min Read

Harrison chats with Jamie and Alex this week on...
ShadowTalk Update – 3.18.19

ShadowTalk Update – 3.18.19

March 18, 2019 | 3 Min Read

Harrison sits down with Rose and Christian for a...
ShadowTalk Update – 3.11.19

ShadowTalk Update – 3.11.19

March 11, 2019 | 3 Min Read

This week Jamie and Alex join Harrison to look at...
Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

Purple Teaming with Vectr, Cobalt Strike, and MITRE ATT&CK™

March 6, 2019 | 7 Min Read

Authors: Simon Hall, Isidoros...
ShadowTalk Update – 3.04.19

ShadowTalk Update – 3.04.19

March 4, 2019 | 4 Min Read

This week Rose and Phil join Harrison to discuss...
SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

SamSam But Different: MITRE ATT&CK and the SamSam Group Indictment

February 26, 2019 | 16 Min Read

In our latest research report, A Tale of Epic...
ShadowTalk Update – 2.25.19

ShadowTalk Update – 2.25.19

February 25, 2019 | 4 Min Read

This week, Phil and Alex join Harrison to discuss...
ShadowTalk Update – 2.18.19

ShadowTalk Update – 2.18.19

February 19, 2019 | 3 Min Read

Alex and Jamie matched with Harrison in this...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing...
ShadowTalk Update – 2.11.19

ShadowTalk Update – 2.11.19

February 8, 2019 | 3 Min Read

Alex and Jamie join Harrison to discuss how the...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about...
SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

SANS DFIR Cyber Threat Intelligence Summit 2019 – Extracting More Value from Your CTI Program

February 5, 2019 | 7 Min Read

We were fortunate to attend the 2019 SANS DFIR...
ShadowTalk Update – 2.4.19

ShadowTalk Update – 2.4.19

February 4, 2019 | 4 Min Read

This week, Alex Guirakhoo and Jamie Collier join...
ShadowTalk Update – 1.28.19

ShadowTalk Update – 1.28.19

January 26, 2019 | 3 Min Read

This week Rose, Jamie, and Alex talk with...
ShadowTalk Update – 1.21.19

ShadowTalk Update – 1.21.19

January 19, 2019 | 3 Min Read

This week, Alex Guirakhoo and Philip Doherty join...
Don’t Just Read Intelligence: Learn From It

Don’t Just Read Intelligence: Learn From It

January 17, 2019 | 5 Min Read

The Importance of Learning in Cyber...
ShadowTalk Update – 1.14.19

ShadowTalk Update – 1.14.19

January 14, 2019 | 3 Min Read

We’ve just released our first Weekly...
Security Analyst Spotlight Series: Phil Doherty

Security Analyst Spotlight Series: Phil Doherty

January 10, 2019 | 5 Min Read

Organizations rely on Digital Shadows to be an...
The Most Popular Security Blog Topics of 2018

The Most Popular Security Blog Topics of 2018

December 18, 2018 | 3 Min Read

It’s been a busy year on the Digital Shadows...
ShadowTalk Update – 17.10.2018

ShadowTalk Update – 17.10.2018

December 17, 2018 | 3 Min Read

Following from our recent research, Tackling...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It

December 12, 2018 | 8 Min Read

Overall, the infosec community has done a...
ShadowTalk Update – 12.10.2018

ShadowTalk Update – 12.10.2018

December 10, 2018 | 3 Min Read

In this week's ShadowTalk, Rick Holland and...
2019 Cyber Security Forecasts: Six Things on the Horizon

2019 Cyber Security Forecasts: Six Things on the Horizon

December 5, 2018 | 9 Min Read

The new year is upon us! 2018 brought us Spectre...
ShadowTalk Update – 12.03.2018

ShadowTalk Update – 12.03.2018

December 3, 2018 | 3 Min Read

Michael Marriott, Dr Richard Gold and Simon Hall...
Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

Threat Actors Use of Cobalt Strike: Why Defense is Offense’s Child

November 29, 2018 | 5 Min Read

I’m a big fan of the Cobalt Strike threat...
Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework

November 27, 2018 | 3 Min Read

Australian Signals Directorate Essential 8 The...
ShadowTalk Update – 11.26.2018

ShadowTalk Update – 11.26.2018

November 26, 2018 | 3 Min Read

With Black Friday kicking off the holiday...
ShadowTalk Update – 11.19.2018

ShadowTalk Update – 11.19.2018

November 19, 2018 | 2 Min Read

Leaked court documents surfaced this week...
A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

A Look Back at the ENISA Cyber Threat Intelligence-EU Workshop 2018

November 13, 2018 | 5 Min Read

I recently attended the ENISA (European Union...
ShadowTalk Update – 11.12.2018

ShadowTalk Update – 11.12.2018

November 12, 2018 | 2 Min Read

In this week's ShadowTalk, we discuss the big...
Security Analyst Spotlight Series: Adam Cook

Security Analyst Spotlight Series: Adam Cook

November 7, 2018 | 6 Min Read

Organizations rely on our cyber intelligence...
ShadowTalk Update – 11.05.2018

ShadowTalk Update – 11.05.2018

November 5, 2018 | 3 Min Read

In November 2016, Tesco Bank suffered a series of...
ShadowTalk Update – 10.29.2018

ShadowTalk Update – 10.29.2018

October 29, 2018 | 3 Min Read

In this week's ShadowTalk, Harrison Van Riper and...
Cyber Security Awareness Month: Week 4 – Privacy

Cyber Security Awareness Month: Week 4 – Privacy

October 25, 2018 | 6 Min Read

This week in Brussels, Apple’s chief executive...
ShadowTalk Update – 10.22.2018

ShadowTalk Update – 10.22.2018

October 22, 2018 | 3 Min Read

In this week's ShadowTalk, following on from last...
ShadowTalk Update – 10.15.2018

ShadowTalk Update – 10.15.2018

October 15, 2018 | 3 Min Read

In ShadowTalk this week, Digital Shadows' CISO...
ShadowTalk Update – 10.08.2018

ShadowTalk Update – 10.08.2018

October 8, 2018 | 3 Min Read

In this week’s Shadow Talk, Rafael Amado joins...
Security Analyst Spotlight Series: Christian Rencken

Security Analyst Spotlight Series: Christian Rencken

October 2, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
ShadowTalk Update – 10.01.2018

ShadowTalk Update – 10.01.2018

October 1, 2018 | 3 Min Read

Rick Holland, CISO of Digital Shadows, joins...
ShadowTalk Update – 09.24.2018

ShadowTalk Update – 09.24.2018

September 24, 2018 | 3 Min Read

In ShadowTalk this week, Richard Gold, Simon Hall...
The 2017 FSB indictment and Mitre ATT&CK™

The 2017 FSB indictment and Mitre ATT&CK™

September 20, 2018 | 11 Min Read

On  February 28th, 2017 the US Department of...
Non-traditional State Actors: New Kids on the Block

Non-traditional State Actors: New Kids on the Block

September 18, 2018 | 5 Min Read

Cyber threat reporting sits at a dichotomy. On...
ShadowTalk Update – 09.17.2018

ShadowTalk Update – 09.17.2018

September 17, 2018 | 2 Min Read

In this week’s ShadowTalk, Richard Gold and...
MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

MITRE ATT&CK™ and the North Korean Regime-Backed Programmer

September 13, 2018 | 18 Min Read

On 6th September the US Department of Justice...
ShadowTalk Update – 09.10.2018

ShadowTalk Update – 09.10.2018

September 10, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and...
ShadowTalk Update – 09.03.2018

ShadowTalk Update – 09.03.2018

September 3, 2018 | 3 Min Read

Not a week goes by without an example where...
Security Analyst Spotlight Series: Heather Farnsworth

Security Analyst Spotlight Series: Heather Farnsworth

August 30, 2018 | 5 Min Read

Organizations rely on Digital Shadows to be an...
Understanding Threat Modelling

Understanding Threat Modelling

August 29, 2018 | 4 Min Read

What is a threat model? Threat modelling, as...
ShadowTalk Update – 08.27.2018

ShadowTalk Update – 08.27.2018

August 27, 2018 | 3 Min Read

With November’s U.S. midterm elections...
Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

Mitre ATT&CK™ and the FIN7 Indictment: Lessons for Organizations

August 22, 2018 | 12 Min Read

On August 1, 2018, the US Department of Justice...
ShadowTalk Update – 08.20.2018

ShadowTalk Update – 08.20.2018

August 20, 2018 | 3 Min Read

In this week’s ShadowTalk, we dig into ATM...
ShadowTalk Update – 08.13.2018

ShadowTalk Update – 08.13.2018

August 13, 2018 | 3 Min Read

In this week’s ShadowTalk it's all things...
ShadowTalk Update – 08.06.2018

ShadowTalk Update – 08.06.2018

August 6, 2018 | 2 Min Read

In this week’s episode, JP Perez-Etchegoyen,...
ShadowTalk Update – 07.30.2018

ShadowTalk Update – 07.30.2018

July 30, 2018 | 3 Min Read

Richard Gold and Rose Bernard join Michael...
Cyber Threats to ERP Applications: Threat Landscape

Cyber Threats to ERP Applications: Threat Landscape

July 24, 2018 | 4 Min Read

What are ERP Applications? Organizations rely on...
ShadowTalk Update – 07.23.2018

ShadowTalk Update – 07.23.2018

July 23, 2018 | 3 Min Read

In this week's ShadowTalk, we discuss the Robert...
Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

Mitre ATT&CK™ and the Mueller GRU Indictment: Lessons for Organizations

July 17, 2018 | 10 Min Read

A recent indictment revealed how the GRU...

Digital Risk Protection: Avoid Blind Spots with a More Complete Risk Picture

July 17, 2018 | 5 Min Read

“Digital Shadows leads the pack for digital...
ShadowTalk Update – 07.16.2018

ShadowTalk Update – 07.16.2018

July 16, 2018 | 2 Min Read

In this week's ShadowTalk, Digital Shadows’...
ShadowTalk Update – 07.09.2018

ShadowTalk Update – 07.09.2018

July 9, 2018 | 3 Min Read

In this week’s ShadowTalk, Richard Gold and...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface...
ShadowTalk Update – 07.02.2018

ShadowTalk Update – 07.02.2018

July 2, 2018 | 3 Min Read

In this week's ShadowTalk, following news that a...
ShadowTalk Update – 06.25.2018

ShadowTalk Update – 06.25.2018

June 25, 2018 | 3 Min Read

In this week’s ShadowTalk, Simon Hall and...
ShadowTalk Update – 06.18.2018

ShadowTalk Update – 06.18.2018

June 18, 2018 | 3 Min Read

In ShadowTalk this week, Dr Richard Gold and...
Shadow Talk Update – 06.11.2018

Shadow Talk Update – 06.11.2018

June 11, 2018 | 3 Min Read

In Shadow Talk this week, Dr Richard Gold joins...
Shadow Talk Update – 06.04.2018

Shadow Talk Update – 06.04.2018

June 4, 2018 | 3 Min Read

In this week's Shadow Talk, Dr Richard Gold joins...
7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

7 Ways The Digital Risk Revolution Changes Risk and Compliance – Webinar Key Insights

May 30, 2018 | 5 Min Read

Lockpath’s Vice President of Development Tony...
Shadow Talk Update – 05.29.2018

Shadow Talk Update – 05.29.2018

May 29, 2018 | 4 Min Read

The focus in this week’s Shadow Talk is on...
Security Analyst Spotlight Series: Rose Bernard

Security Analyst Spotlight Series: Rose Bernard

May 23, 2018 | 5 Min Read

Organizations rely on our cyber intelligence...
Shadow Talk Update – 05.21.2018

Shadow Talk Update – 05.21.2018

May 21, 2018 | 3 Min Read

In this week’s episode of Shadow Talk, Digital...
Shadow Talk Update – 05.14.2018

Shadow Talk Update – 05.14.2018

May 14, 2018 | 3 Min Read

In this week’s episode Shadow Talk we look at...
Shadow Talk Update – 05.07.2018

Shadow Talk Update – 05.07.2018

May 7, 2018 | 3 Min Read

In this week’s episode Shadow Talk, it’s a...
Shadow Talk Update – 04.30.2018

Shadow Talk Update – 04.30.2018

April 30, 2018 | 2 Min Read

In this week’s episode of Shadow Talk, we cover...
Shadow Talk Update – 04.23.2018

Shadow Talk Update – 04.23.2018

April 23, 2018 | 3 Min Read

This week’s Shadow Talk discusses Russia’s...
Shadow Talk Update – 04.16.2018

Shadow Talk Update – 04.16.2018

April 16, 2018 | 5 Min Read

This week’s Shadow Talk discusses a Cisco Smart...
Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

Escalation in Cyberspace: Not as Deniable as We All Seem to Think?

April 12, 2018 | 5 Min Read

The recent assassination attempt on former...
Shadow Talk Update – 04.09.2018

Shadow Talk Update – 04.09.2018

April 9, 2018 | 4 Min Read

Back from the Easter break, this week’s Shadow...
Shadow Talk Update – 03.26.2018

Shadow Talk Update – 03.26.2018

March 26, 2018 | 4 Min Read

This week’s Shadow Talk discusses what the...
Shadow Talk Update – 03.19.2018

Shadow Talk Update – 03.19.2018

March 19, 2018 | 5 Min Read

This week’s Shadow Talk features the latest...
Shadow Talk Update – 03.12.2018

Shadow Talk Update – 03.12.2018

March 12, 2018 | 3 Min Read

This week’s Shadow Talk features more...
Shadow Talk Update – 03.05.2018

Shadow Talk Update – 03.05.2018

March 5, 2018 | 3 Min Read

On this week's Shadow Talk podcast, the Research...
Shadow Talk Update – 02.26.2018

Shadow Talk Update – 02.26.2018

February 26, 2018 | 3 Min Read

In this week’s podcast, the Digital Shadows...
Prioritize to Avoid Security Nihilism

Prioritize to Avoid Security Nihilism

February 20, 2018 | 3 Min Read

In many situations associated with cyber...
Shadow Talk Update – 02.19.2018

Shadow Talk Update – 02.19.2018

February 19, 2018 | 3 Min Read

In this week’s Shadow Talk podcast, the Digital...
Cryptojacking: An Overview

Cryptojacking: An Overview

February 13, 2018 | 5 Min Read

What is Cryptojacking? Cryptojacking is the...
Shadow Talk Update – 12.02.2018

Shadow Talk Update – 12.02.2018

February 12, 2018 | 4 Min Read

With the 2018 Winter Games beginning this week,...
Shadow Talk Update – 02.05.2018

Shadow Talk Update – 02.05.2018

February 5, 2018 | 3 Min Read

In this week’s podcast episode of Shadow Talk,...
Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

Why Marketing Leaders Must Take Action To Manage Digital Risk And Protect Their Brand

January 30, 2018 | 7 Min Read

I am one of you. I have been in the marketing...
Shadow Talk Update – 01.29.2018

Shadow Talk Update – 01.29.2018

January 29, 2018 | 4 Min Read

In this week’s Shadow Talk podcast episode, the...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on...

Digital Shadows’ Most Popular Blogs of 2017: Analysis of Competing Hypotheses For The Win

December 12, 2017 | 3 Min Read

This time last year, we looked back at the blogs...
Why “Have a Safe Trip” Is Taking On Greater Meaning

Why “Have a Safe Trip” Is Taking On Greater Meaning

November 14, 2017 | 5 Min Read

This post originally appeared...
Groupthink

Know Where to Find Your Digital Risk

November 10, 2017 | 4 Min Read

This post originally appeared on SecurityWeek....
powershell

PowerShell Security Best Practices

October 8, 2019 | 9 Min Read

Updated as of October 8, 2019 Threat actors...
Computer Worms Blog

Return of the Worm: A Red Hat Analysis

September 7, 2017 | 4 Min Read

A computer worm is a piece of malware that is...
Threat Intelligence Social Media Security

All That Twitterz Is Not Gold: Why You Need to Rely on Multiple Sources of Intelligence

August 9, 2017 | 3 Min Read

Twitter has become an extremely valuable tool for...
Threat Model

What is a Threat Model, and Why Organizations Should Care

July 31, 2017 | 4 Min Read

Many organizations are exquisitely aware that...
Criminal Market Place Bitcoin Virtual Currency

The Future of Marketplaces: Forecasting the Decentralized Model

July 17, 2017 | 4 Min Read

Last week we wrote about the disappearance of...
AlphaBay Hansa Seized

AlphaBay Disappears: 3 Scenarios to Look For Next

July 14, 2017 | 6 Min Read

The AlphaBay dark web marketplace has been...
Penetration Testing

Threat Led Penetration Testing – The Past, Present and Future

July 10, 2017 | 5 Min Read

What is Threat Led Penetration Testing? Threat...
Cyber Criminal Attack Vectors

Keep Your Eyes on the Prize: Attack Vectors are Important But Don’t Ignore Attacker Goals

June 23, 2017 | 5 Min Read

Reporting on intrusions or attacks often dwells...
Wanna Cry Ransomware

WannaCry: An Analysis of Competing Hypotheses – Part II

June 7, 2017 | 7 Min Read

Following the furore of last month’s WannaCry...
Encrypted Files WannaCry

WannaCry: An Analysis of Competing Hypotheses

May 18, 2017 | 6 Min Read

On 12 May 2017, as the WannaCry ransomware spread...
NIST Authentication

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past...
Brand Reputation Digital Risk

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each...
Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National...
Research Intelligence Sources

All Sources Are Not the Same; Why Diversity Is Good for Intelligence

April 11, 2017 | 3 Min Read

As we all know, if you listen to just one side of...
Mobile App Screen

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

March 14, 2017 | 2 Min Read

Organizations face a wide range of risks online,...
Penetration Testing

Step by Step: The Changing Face of Threat Led Penetration Testing

February 28, 2017 | 4 Min Read

Organizations are increasingly adopting the...
Intelligence Cycle

F3EAD: Find, Fix, Finish, Exploit, Analyze and Disseminate – The Alternative Intelligence Cycle

February 8, 2017 | 4 Min Read

The F3EAD cycle (Find, Fix Finish, Exploit,...
Intelligence Sources

Two Ways to Effectively Tailor Your Intelligence Products

January 17, 2017 | 4 Min Read

In my previous blog, “Trump and Intelligence: 6...
Intelligence Consumer Trump

Trump and Intelligence: 6 Ways To Deal With Challenging Intelligence Consumers

January 4, 2017 | 4 Min Read

It is no secret the President Elect Trump is...
Forecasts Cyber Security

You Should Consider Forecasts, Not Predictions

December 9, 2016 | 4 Min Read

Well it’s that time of year again. Sorry, not...
Chess Game

A Model of Success: Anticipating Your Attackers’ Moves

December 1, 2016 | 4 Min Read

In a previous blog, we discussed the role of...
Tesco Bank

Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident

November 11, 2016 | 5 Min Read

On November 6, 2016 multiple UK media outlets...
Email Security

Five Tips For Better Email Security

November 8, 2016 | 4 Min Read

While security is everyone’s responsibility,...
Professional Services Digital Shadows

Digital Risk Monitoring Is A Service, Not a Distinct Capability

October 11, 2016 | 2 Min Read

Digital Shadows was recently recognized as a...
Strategic Support Force

Balancing the Scales: The PRC’s Shift to Symmetrical Engagement

October 6, 2016 | 4 Min Read

Over the past few years we have observed the...
Forrester

Digital Risk Monitoring Can Negate ‘Indicators of Exhaustion’

September 26, 2016 | 2 Min Read

When I first joined Digital Shadows in January, I...
SCADA hacks

Show me the context: The hacking proof of concept

September 8, 2016 | 2 Min Read

A common feature at security conferences,...
HackBack

The cyber defender and attacker imbalance – a disproportionate impact

September 6, 2016 | 3 Min Read

You might be forgiven for thinking that...
SWIFT network

Hybrid cyber/physical criminal operations – where network intrusions meet the physical world

August 30, 2016 | 3 Min Read

At some stage, almost every crime committed...
False flag operations

False flags in cyber intrusions – why bother?

August 17, 2016 | 3 Min Read

False flag operations have long existed in the...
TTPs

Getting In Gear: Accounting for Tactical and Strategic Intelligence

July 26, 2016 | 3 Min Read

We’ve written before about how we like to map...
Indicator of Compromise

5 Takeaways From The “Building A Strategic Threat Intelligence Program” Webinar

July 26, 2016 | 3 Min Read

Last week, the great Mike Rothman (of Securosis...
Syrian Electronic Army

Towards a(nother) new model of attribution

July 21, 2016 | 4 Min Read

Actor attribution is a common issue and activity...
Lulz Boat

Open Source Intelligence versus Web Search: What’s The Difference?

July 11, 2016 | 4 Min Read

“I can get that from Google!” – is a common...
threat intelligence

Spidey-sense for the people

June 23, 2016 | 5 Min Read

If you liked Marvel’s SpiderMan then you will...
cyberspace

Standoff in cyberspace

June 17, 2016 | 3 Min Read

In physical security terminology, standoff is the...
Intelligence Collection

Inconsistencies in Intelligence Collection

June 17, 2016 | 4 Min Read

Amid the rising talk of “intelligence” within...
intelligence cycle

Building an Intelligence Capability: Agility, Creativity and Diversity

June 2, 2016 | 2 Min Read

The Internet is a big old place, full of...
risk

Are you certain you know what risk means?

May 31, 2016 | 5 Min Read

You’re the person in charge of safety on the...
Advanced Persistent Threat

The Plan is Mightier than the Sword – Re(sources)

May 24, 2016 | 3 Min Read

After having discussed the importance of planning...
Operational Relay Boxes

The Plan is Mightier than the Sword – Persistence

May 24, 2016 | 5 Min Read

In the last blog post, I talked about the...
Advanced Persistent Threat

The Plan is Mightier than the Sword – Planning

May 24, 2016 | 4 Min Read

Media reports of breaches against major...
Intelligence Cycle

Getting Strategic With Your Threat Intelligence Program

April 26, 2016 | 4 Min Read

Tactical feeds have dominated the threat...
Artificial Intelligence

Roboanalyst: The Future of Threat Intelligence?

April 25, 2016 | 3 Min Read

Artificial Intelligence (AI) is currently going...
antifragile security

Antifragile Security: Bouncing Back Stronger

March 21, 2016 | 3 Min Read

Strong, robust, stable, resilience – these are...
VMware

Moar Sand!

March 10, 2016 | 3 Min Read

Let’s face it, many organizations have their...
Human in the Loop

Uncertainties in the Language of Uncertainty – and why we need to talk about it

February 25, 2016 | 4 Min Read

If you know much about Digital Shadows...
3 letter guys

Intelligence vs. Infosec: The 3-letter-guy to the rescue?

February 25, 2016 | 3 Min Read

Whenever Royal Marines deploy on operations, they...
data breach

WHAT DO YOU MEAN IT WAS AN ACCIDENT?

February 25, 2016 | 4 Min Read

We always want to find someone or something to...
DDoS extortion

Using News Reports as a Source of Intelligence

February 23, 2016 | 4 Min Read

It’s often tempting to overplay the importance...
Sans

Another SANS Cyber Threat Intelligence Summit is in the books

February 11, 2016 | 5 Min Read

Last Thursday we wrapped up the 4th annual SANS...
intelligence collection

Waiter, there’s a hole in my intelligence collection!

February 10, 2016 | 3 Min Read

We’re all swimming in data. There’s data...
Digital Shadows Announcement

Relevance: The missing ingredient of cyber threat intelligence

February 8, 2016 | 3 Min Read

Today we’ve announced the closing of our Series...
strategic corporal

The Strategic Corporal and Information Security

January 18, 2016 | 3 Min Read

For those unfamiliar with the term “strategic...
Analyst Education

Lots to learn? Academia and intelligence

January 4, 2016 | 3 Min Read

With the ongoing emergence of CTI you could be...
Intelligence Communication

Communicating Intelligence: The Challenge of Consumption

December 10, 2015 | 4 Min Read

In my previous blog in this series I discussed...
Intelligence Communication

Communicating Intelligence: Getting the message out

December 8, 2015 | 4 Min Read

In my previous blog I discussed some of the...
TalkTalk

TalkTalk Information Likely to be Discoverable on The Dark Web

December 4, 2015 | 3 Min Read

Last month, TalkTalk disclosed that they been the...
Intelligence Communication

Communicating Intelligence: A Battle of Three Sides

December 2, 2015 | 2 Min Read

Good intelligence depends in large measure on...
ABI

Activity Based Intelligence – Activating Your Interest?

November 25, 2015 | 4 Min Read

Some threat actors love to make noise. Be it a...
MitM

The Way of Hacking

November 10, 2015 | 3 Min Read

In the Japanese martial art of Aikido it is said...
Internet of Things

How the Internet of Things (IoT) is Expanding Your Digital Shadow

September 9, 2015 | 2 Min Read

The Internet of Things (IoT) is a development...
Cyber Intelligence

The Intelligence Cycle – What Is It Good For?

September 9, 2015 | 10 Min Read

It seems that the concept of ‘intelligence’...
multilingual domain

Working In Multilingual Sources

September 8, 2015 | 5 Min Read

Introduction Here at Digital Shadows we collect...
Intelligence Trinity

The Intelligence Trinity

September 8, 2015 | 5 Min Read

My name is Steve and I’ve been working in...
Sources

Source Evaluation

September 8, 2015 | 5 Min Read

My name is Ben and I’ve been working for...
Analytics

Analytical Tradecraft at Digital Shadows

September 8, 2015 | 3 Min Read

This week my colleague and I attended the SANS...
Groupthink

The Dangers of Groupthink

September 7, 2015 | 4 Min Read

In my previous blog post I discussed...
groupthink

The Dangers of Groupthink: Part 2

September 7, 2015 | 5 Min Read

9th April 2015: In my previous blog post I...