White Papers and Research

At Digital Shadows, we are passionate about collaborative research and creating educational materials to advance security and support our community.

ESG Digital Risk Management Paper Cover min

ESG: The Pressing Need for Digital Risk Management

There is good and bad news around cybersecurity these days. The good news is that many CEOs and corporate boards no longer accept “good enough” security, and are willing to invest in best practices and leading security defenses to protect their organizations. So what’s the bad news? Many organizations continue to think of cyber-risk in terms of internal network penetration rather than as a more comprehensive strategy that includes all digital assets - websites, social networks, VIP and third-party partner exposure, etc. To address these risks, CISOs and risk officers must adopt a thorough digital risk management strategy that includes monitoring, filtering, prioritizing, and responding to threats across the public Internet and dark web. Digital Shadows specializes in this area and can help organizations with digital risk mitigation. 

Download Now

Online Carding Cover min

Inside Online Carding Courses Designed for Cybercriminals

Digital Shadows lifts the lid on sophisticated Russian language e-learning credit card fraud courses allowing aspiring criminals to make $12,000 in monthly earnings and pointing to the increased sophistication of the professional cybercriminal ecosystem as fraudsters seek to up-skill themselves.

Get Report Now

Account Takeover cover image min 1

Protect Your Customer and Employee Accounts: 7 Ways to Mitigate the Growing Risks of Account Takeovers

97% of the world's largest 1,000 organizations had their credentials exposed in 2016.

Billions of leaked credentials are exposed online every year. Cybercriminals are increasingly turning to credential stuffing tools to automate attempts at account takeover, making these leaked credentials very useful for them.

Read our report to learn:

  • Common targets for these attacks
  • Tools attackers use to automate account takeovers
  • How to monitor the activities of cyber criminals who conduct account takeovers
  • Measures to implement to ensure your organization is better protected

Get Report Now

Digital Risk Management Cover Page

Digital Risk Management: Identifying and Responding to Risks Beyond the Boundary

Organizations’ digital footprints are expanding and changing at an overwhelming rate. Attackers are using this information to exploit organizations and launch their attacks.  

Traditional security solutions that focus on the perimeter can’t address these risks by themselves because the boundary is disappearing. 

Learn how Digital Shadows can help you manage your digital risk, minimize your digital shadow and protect against:

  • Cyber threats
  • Data exposure
  • Reputational damage

Get White Paper Now

cover image Threats to Financial Services min

Threats to Financial Services: Taking Note From 2016

Financial institutions represent an attractive target for all types of threat actors including those who are ideologically motivated, financially motivated or directed by national interests. 

This paper assess: 

  • Threats faced by financial institutions
  • Expectations of their developments to existing tactics, techniques and procedures
  • Main drivers influencing threat activity against financial institutions
  • How these drivers are likely to develop in 2017

Get Report Now

Mirai and the Future cover page

Mirai and the Future: Forecasting the DDoS Landscape 2017

Since the release of the Mirai source code, the tactic of DDoS has gained notoriety and has been portrayed as a "digital nuclear attack" and "zombie apocalypse" by elements of the press. Of course, the potential impact of DDoS is dependent on many factors. 

This paper explores the three motivations for threat actors looking to use DDoS as a tactic, the cone of plausibility as a way to look across current trends, identify drivers and outline different scenarios, forecasts that can help you understand the probable and plausible threats posed by DDoS in 2017, and what organizations need to think about in order to prepare for possible threats. 

Get Report Now

Shooting the Messenger cover min

Shooting the Messenger: Understanding the Threats to the Media and Broadcasting Industry

Get an overview of the threats to broadcasting and media organizations in 2016 and learn steps to take to prevent and mitigate potential threats. 

Get Report Now

Compromised Credentials cover image min min

Compromised Credentials: Learn From the Exposure of the World's 1,000 Biggest Companies

This report analyzes the top 1,000 companies in the Forbes Global 2000 list to understand how the world's biggest companies have been affected by these breaches, to identify trends across regions and industries, and to explore how threat actors are making use of these compromised credentials. 

Get Report Now

5 Considerations When Purchasing Threat Intelligence cover image min

5 Considerations When Purchasing Threat Intelligence: The CATER Model

In order to pick through the noisy Cyber Threat Intelligence (CTI) industry, buyers of CTI should use CATER as a guide to assessing vendors across five categories. 

Download PDF

Inthebusinessofexploitationreport 1 min

In the Business of Exploitation: An analysis of exploit kit payloads, features and common vulnerabilities

This report assesses 22 exploit kits to understand the most frequently exploited software. We looked for trends within the exploitation of vulnerabilities by these 22 kits to show what vulnerabilities had been exploited most widely, coupled with how active each exploit kit was, in order to inform our assessment.

Get White Paper Now

3 Stages of DDoS Extortion Cover Page min

The 3 Typical Stages of DDoS Extortion

One of the most popular means to facilitate extortion is through DDoS attacks. These types of attacks typically target business-critical websites in order to increase the likelihood of payment and can have crippling effects on organizations. In this 1-pager, we discuss the three typical stages of DDoS extortion. 

Download 1 Page PDF

Ransomware and Cyber Extortion min

Ransomware and Other Cyber Extortion: Preventing and mitigating increasingly targeted attacks

In this white paper, you will gain an understanding of some of the most active extortion actors, as well as the motivations, tools and processes they possess. Readers will also be able to compare and contrast variants of ransomware and learn how to prevent and mitigate these threats. 

Get White Paper Now

NEW OReilly Patrolling the Dark Net min

O’Reilly: Patrolling the Dark Net

In this O’Reilly report, authors Greg Fell and Mike Barlow explore both the benign and malevolent activities of the dark net, and the dark web, to explain the surprising origin of the dark net, how criminals use the dark net to steal and store vital information, and how you can patrol this not-so-secret domain to detect and thwart intruders. 

Get Report Now

NEW new 5 Step OPSEC thumbnail min

A 5-Step OPSEC Program For Defenders

Strong OPSEC should be a cornerstone of your strategy. In this 2-page paper you will learn the 5-step OPSEC program that you can tailor to mature your organization's OPSEC capabilities. 

 

Get 2 Page Paper Now

Securosis Building a Threat Intelligence Program min

Securosis: Building a Threat Intelligence Program

In this white paper, you will learn how to build and implement a strategic threat intelligence program that will help you achieve relevant information for quicker detection, as well as the additional capabilities and service considerations that go beyond traditional threat intelligence feeds. This paper was independently researched and written by Securosis, and Digital Shadows is a sponsor of the finished product. 

Get White Paper Now

OPSEC Paper thumbnail websitebanner min

The OPSEC Opportunity: Understand adversary OPSEC to improve your security program

In this white paper, you will learn five steps to mature your OPSEC capabilities and recommended scenarios to consider so you can improve OPSEC.

Get Report Now

Cyber Threats Targeting Mergers and Acquisitions cover image min

Cyber Threats Targeting Mergers and Acquisitions

While mergers and acquisitions propel companies forward, the M&A process also fuels significant opportunities for cyber criminals. Failure to secure sensitive information during this time opens the door to threat actors looking to profit by exploiting financial markets and proprietary intellectual property. 

In this report, Digital Shadows examines cyber risks as a result of the M&A process and how to mitigate them. 

Download PDF

451 Research Is your sensitive data lurking on the dark web min

Is your sensitive data lurking on the ‘dark Web’? Digital Shadows knows

A seemingly never-ending string of data breaches has triggered a renewed interest in data security. Preventive measures are no longer enough to protect your organization. Thus, we are seeing a growing movement to combine data security with other methods such as threat protection and analytics that enable a more holistic approach to securing data throughout the attack cycle. 

Learn how Digital Shadows can help you by scanning the ‘dark’ and public Web for signs of data loss or imminent attacks in this vendor profile by 451 Research.

Download PDF

Cyber Threat Intelligence Buyers Guide Thumbnail min

Cyber threat intelligence: A buyer's guide

Now, more than ever, organizations are seeking to understand which threat actors pose a viable threat to their assets and business operations. In order to gain insight into this uncertain environment, several steps must be undertaken all of which can be informed by cyber threat intelligence (CTI).

This paper provides an overview of current CTI approaches and types of offerings available. It does so by looking at the rise of digital business in today’s world and at the impact that threat intelligence has had on the market.

Get Buyer's Guide Now