Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
As you’d imagine, our talented team of intelligence analysts spend a considerable amount of time reading different material each month, in order to stay abreast of the latest developments within our industry. This puts the team in the best place to provide answers to the important questions that our clients need to know about. Some articles that have taken our attention this month can be seen below.
In the 29-page report, published on 22 Jun 2022, Microsoft detailed lessons learned from the battles along the various fronts of cyberspace in the Russia-Ukraine war of 2022.
The report provides insight into five key areas of the cyberwar. It details the value of Cloud technology in protecting Ukraine’s digital operations and data assets. By moving their digital infrastructure to the Cloud, Ukraine minimized the impact that attacks on their physical infrastructure would have on the country’s ability to stay online and operate effectively. It showed how technological advances in internet-connected end-point protection since the NotPetya attacks in 2017 had enabled Ukraine to more quickly push out protective software code to the country’s digital infrastructure. It was interesting to visualize the different TTPs used by Russia’s various security agencies, as well as the time and locations of significant cyberattacks laid over a map of Ukraine. Fans of Liveuamap take note.
Microsoft provides some interesting statistics in their report regarding attacks on allied governments outside of Ukraine. Notably, since the start of the war, Russia had seen a 29 percent success rate when attempting to gain initial access to targeted organizations, with Poland being the top target geography, and following a successful intrusion they were able to exfiltrate an organization’s data 25 percent of the time.
Perhaps most interestingly, the report details Russia’s complex and deep-rooted global cyber-influence operations coordinated in support of the war effort and their goals in the various targeted geographies and spheres of influence. It shows how Russia deployed different narratives and “fake news” similarly to how they deploy malware, and how the information war and cyberwar go hand-in-hand. It certainly shed further light on why I was seeing different headlines depending on the language in which I was reading the news.
Most importantly, the report shows how both the public and private sectors must work together to increase their cyber defensive capabilities, and calls for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.
Overall, the report is a comprehensive and insightful review of the cyberwar in Ukraine, a topic often presented in too little or too much detail, and is certainly required reading for any threat intelligence professional!
Check out Microsoft’s report here.
So it’s been a pretty challenging month in the world of cryptocurrency, however, if we’re being honest, the factors impacting the latest spectacular crash are clearly wider than the cryptocurrency market itself. Macro-economic factors like the skyrocketing inflation rate and the decisions taken by the Federal Reserve, are clearly having the biggest impact on investments of all kinds. There are however a number of factors that had hardly helped, notably the catastrophic collapse of LUNA, the decision by cryptocurrency loan company Celsius to pause users’ ability to withdrawals (drawing several comparisons with Northern Rock, if you’re old enough to remember that), in addition to liquidity problems also affecting crypto hedge fund company Three Arrows Capital (3AC); 3AC have since been forced into liquidation this week.
We should also mention the “almost funny because it’s so bad” decisions taken by Solana (SOL) based borrowing and lending provider Solend, who found themselves in a liquidity crisis of their own. A large account holder—also known as a whale account— on Solend who held an outstanding loan of $108 million worth of US Dollar Coin (USDC) and Tether (USDT), collateralized in SOL. With the price of SOL dropping like a stone, the whales loan risked being liquidated. In doing so, this risked the ability of Solend to continue operations.
A subsequent rush to buy SOL at such low prices could have also crashed the network, which in turn would have inevitably left many investors rushing to offload other cryptocurrency assets, in turn aggravating a further crash. Solend eventually were able to work with the whale to redistribute its Solana bets into other Solana outposts, however a catastrophe was only narrowly avoided.
One of the best articles I’ve read this month summarizing these recent problems was a blog published on Medium, highlighting the problems affecting these service providers in the past month. While of course, we should prioritize our daily news scans across mainstream news providers, there’s also value in picking up pieces from independent content creators, particularly in something as nuanced as crypto. Learn all about the recent issues within crypto here.
“AvosLocker” ransomware was first observed in June 2021 when it was advertised as an affiliate program on the Reddit-style cybercriminal site “Dread”. Often referred to as ransomware-as-a-service, ransomware operators create affiliate programs rent their malware to other cybercriminals, known as affiliates, to carry out attacks in exchange for a percentage of the ransom payments. AvosLocker features multithreaded encryption and the ability to overwrite files instead of creating copies. It also has the capability to reboot compromised devices in safe mode before beginning encryption. Many applications, including security tools, will not run in safe mode making it easier to encrypt system files. In their recent blog, “Avos ransomware group expands with new attack arsenal”, Cisco Talos provides a technical overview of their analysis of a recent month-long AvosLocker campaign.
In their article, authors Flavio Costa, Chris Neal, and Guilherme Venere dive into the newly discovered attack techniques, tactics, and procedures used by AvosLocker in a recent campaign. The group appears to have expanded their toolset and capabilities including a new AvosLocker ransomware variant that targets Linux environments. Although AvosLocker typically gains initial access via spam email campaigns, during the analyzed attack they exploited the “Log4Shell” vulnerabilities in public-facing ESXi servers.
Throughout the attack, AvosLocker tried several times to gain an additional foothold in the target network including the use of several secondary payloads and malicious tools including PowerShell, the “DarkComet” remote access trojan (RAT), and the “Mimikatz” credential stuffing malware. There were several legitimate commercial tools used in the attack such as the adversary emulation tools Cobalt Strike and Silver as well as the software deployment tool PDQ Deploy.
The victim network had security tools that were misconfigured. Talos researchers stress the importance of ensuring tools are configured correctly to prevent a prolific ransomware group such as AvosLocker from carrying out a successful attack.
Read more about Avos here.
This is the stuff us analysts love to do: Researching and learning more about the myriad threats out there, and contextualizing them with the world around us. We love cyber threat intelligence!
Find out more about the intelligence we provide in SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) with a 7-day test drive, or contact us to schedule a demo to learn more about your use cases and how intelligence might make a difference for you.