White Papers and Research

At Digital Shadows, we are passionate about collaborative research and creating educational materials to advance security and support our community.

Mirai and the Future cover page

Mirai and the Future: Forecasting the DDoS Landscape 2017

Since the release of the Mirai source code, the tactic of DDoS has gained notoriety and has been portrayed as a "digital nuclear attack" and "zombie apocalypse" by elements of the press. Of course, the potential impact of DDoS is dependent on many factors. 

This paper explores the three motivations for threat actors looking to use DDoS as a tactic, the cone of plausibility as a way to look across current trends, identify drivers and outline different scenarios, forecasts that can help you understand the probable and plausible threats posed by DDoS in 2017, and what organizations need to think about in order to prepare for possible threats. 

Get Report Now

Shooting the Messenger cover min

Shooting the Messenger: Understanding the Threats to the Media and Broadcasting Industry

Get an overview of the threats to broadcasting and media organizations in 2016 and learn steps to take to prevent and mitigate potential threats. 

Get Report Now

Rocking the Vote cover page min

Rocking the Vote: Have cyber threats impacted the 2016 U.S. presidential election?

This election season has been rife with media noise regarding cyber activity impacting both of the major party candidates. From Hillary Clinton’s leaked emails to hacktivist campaigns targeting each candidate, this paper will explore the major cyber security-related events surrounding the election and whether these cyber incidents have had a material impact on the polls.

Get Report Now

Forrester cover image wp page min

The Forrester Wave™: Digital Risk Monitoring, Q3 2016

Digital risk monitoring solutions continuously track social, mobile, and web channels to measure, detect, and mitigate all forms of corporate risk - both physical and digital. These tools improve the time to respond to risk events and add protection layers over known digital assets. 

 In this report, Forrester will identify and evaluate the top vendors in this market, the key factors when evaluating digital risk solutions, and why Digital Shadows SearchLight showcases "the digital risk dashboard of the future." 

Access Report Now

Compromised Credentials cover image min min

Compromised Credentials: Learn From the Exposure of the World's 1,000 Biggest Companies

This report analyzes the top 1,000 companies in the Forbes Global 2000 list to understand how the world's biggest companies have been affected by these breaches, to identify trends across regions and industries, and to explore how threat actors are making use of these compromised credentials. 

Get Report Now

5 Considerations When Purchasing Threat Intelligence cover image min

5 Considerations When Purchasing Threat Intelligence: The CATER Model

In order to pick through the noisy Cyber Threat Intelligence (CTI) industry, buyers of CTI should use CATER as a guide to assessing vendors across five categories. 

Download PDF

Inthebusinessofexploitationreport 1 min

In the Business of Exploitation: An analysis of exploit kit payloads, features and common vulnerabilities

This report assesses 22 exploit kits to understand the most frequently exploited software. We looked for trends within the exploitation of vulnerabilities by these 22 kits to show what vulnerabilities had been exploited most widely, coupled with how active each exploit kit was, in order to inform our assessment.

Get White Paper Now

From Bozkurt to Buhtrap cover thumbnail min

From Bozkurt to Buhtrap: Cyber threats affecting financial institutions in 1H 2016

In this paper we look at the activity we have detected across hacktivism, cybercrime and targeted attacks, between January and the end of June 2016. Armed with this intelligence of current trends, we are able to provide projections for activity we might see against the financial service industry in Q3 2016. 

Get White Paper Now

Tracking the Field cover thumbnail min

Tracking the Field: Eight Cybersecurity Considerations around Rio 2016

As the world’s biggest security event arrives in Rio, so does the threat of cyber attack. Read to learn the top eight attacks we expect to see from cyber criminals and hacktivists surrounding the 2016 games.

Get White Paper Now

3 Stages of DDoS Extortion Cover Page min

The 3 Typical Stages of DDoS Extortion

One of the most popular means to facilitate extortion is through DDoS attacks. These types of attacks typically target business-critical websites in order to increase the likelihood of payment and can have crippling effects on organizations. In this 1-pager, we discuss the three typical stages of DDoS extortion. 

Download 1 Page PDF

Ransomware and Cyber Extortion min

Ransomware and Other Cyber Extortion: Preventing and mitigating increasingly targeted attacks

In this white paper, you will gain an understanding of some of the most active extortion actors, as well as the motivations, tools and processes they possess. Readers will also be able to compare and contrast variants of ransomware and learn how to prevent and mitigate these threats. 

Get White Paper Now

NEW OReilly Patrolling the Dark Net min

O’Reilly: Patrolling the Dark Net

In this O’Reilly report, authors Greg Fell and Mike Barlow explore both the benign and malevolent activities of the dark net, and the dark web, to explain the surprising origin of the dark net, how criminals use the dark net to steal and store vital information, and how you can patrol this not-so-secret domain to detect and thwart intruders. 

Get Report Now

NEW new 5 Step OPSEC thumbnail min

A 5-Step OPSEC Program For Defenders

Strong OPSEC should be a cornerstone of your strategy. In this 2-page paper you will learn the 5-step OPSEC program that you can tailor to mature your organization's OPSEC capabilities. 

 

Get 2 Page Paper Now

Securosis Building a Threat Intelligence Program min

Securosis: Building a Threat Intelligence Program

In this white paper, you will learn how to build and implement a strategic threat intelligence program that will help you achieve relevant information for quicker detection, as well as the additional capabilities and service considerations that go beyond traditional threat intelligence feeds. This paper was independently researched and written by Securosis, and Digital Shadows is a sponsor of the finished product. 

Get White Paper Now

OPSEC Paper thumbnail websitebanner min

The OPSEC Opportunity: Understand adversary OPSEC to improve your security program

In this white paper, you will learn five steps to mature your OPSEC capabilities and recommended scenarios to consider so you can improve OPSEC.

Get Report Now

ROI of Cyber SItuational Awareness min

Analyzing the ROI of Cyber Situational Awareness

See how the right approach can help prevent, detect and contain cyber-related incidents by analyzing an organization through an “attacker’s eye view.” 

Download our free ROI analysis report to learn more. 

Get Report Now

Cyber Threats Targeting Mergers and Acquisitions cover image min

Cyber Threats Targeting Mergers and Acquisitions

While mergers and acquisitions propel companies forward, the M&A process also fuels significant opportunities for cyber criminals. Failure to secure sensitive information during this time opens the door to threat actors looking to profit by exploiting financial markets and proprietary intellectual property. 

In this report, Digital Shadows examines cyber risks as a result of the M&A process and how to mitigate them. 

Download PDF

ESG Threat Intelligence As Part of Cyber Situational Awareness min

ESG Report: Threat Intelligence as Part of Cyber Situational Awareness

Despite an increase in investment, cybersecurity initiatives around threat intelligence consumption and sharing remain immature, and many organizations don't have the people, processes, or technologies to operationalize threat intelligence in a timely manner. To overcome this deficit, CISOs must strive for cyber situational awareness.  

Read the latest research report from Enterprise Strategy Group (ESG) to learn more.

Get Report Now

Financial Sector Threats thumbnail min

Financial Sector Threats: 2015 Year in Review

The financial services industry is among the most heavily targeted sectors by threat actors. In order to better defend against these unrelenting and increasingly malicious attacks, financial institutions must continually strive to understand the threats and the actors behind them. 

In this report, Digital Shadows has aggregated and analyzed threat activity in the financial sector in 2015. 

Download PDF

451 Research Is your sensitive data lurking on the dark web min

Is your sensitive data lurking on the ‘dark Web’? Digital Shadows knows

A seemingly never-ending string of data breaches has triggered a renewed interest in data security. Preventive measures are no longer enough to protect your organization. Thus, we are seeing a growing movement to combine data security with other methods such as threat protection and analytics that enable a more holistic approach to securing data throughout the attack cycle. 

Learn how Digital Shadows can help you by scanning the ‘dark’ and public Web for signs of data loss or imminent attacks to achieve cyber situational awareness in this vendor profile by 451 Research.

Download PDF

Cyber Situational Awareness whitepaper min

Cyber Situational Awareness: Gain an 'Attacker's Eye View' of your Organization

Organizations need new ways to protect themselves. While cyber threat intelligence (CTI) has helped evolve the effectiveness of our defenses by providing a better understanding of threats and threat actors, we need to do more. Data feeds, vulnerability feeds, indicators of compromise (IOCs) and profiles of threats and research reports will continue to be pertinent.

But what’s lacking is cyber situational awareness that provides a more holistic and specific view of threats and vulnerabilities relevant to your organization.

Get White Paper Now

Cyber Threat Intelligence Buyers Guide Thumbnail min

Cyber threat intelligence: A buyer's guide

Now, more than ever, organizations are seeking to understand which threat actors pose a viable threat to their assets and business operations. In order to gain insight into this uncertain environment, several steps must be undertaken all of which can be informed by cyber threat intelligence (CTI).

This paper provides an overview of current CTI approaches and types of offerings available. It does so by looking at the rise of digital business in today’s world and at the impact that threat intelligence has had on the market.

Get Buyer's Guide Now

iot whitepaper min

How the Internet of Things is Expanding Your Digital Shadow

Over the past few years, the growth of the Internet of Things (IoT) has been phenomenal. This promises to vastly enhance the way everyday tasks are carried out. But there also exist security concerns with the IoT. It is likely that people will seek to harvest data from these devices and exploit misconfigured devices.

This paper addresses these very concerns and provides recommendations so that individuals and businesses can embrace the IoT with confidence.

Get White Paper Now