Digital Shadows Insights Blog

The latest advice, opinion and research from our dedicated security analyst team.

Recognition of hard work and relevance – it’s time to go global

20 September 2017

The news this morning that Digital Shadows has received $26 million in Series C funding from a number of new investors is testament to the hard work the whole team...

Read More

Bringing down the Wahl: three threats to the German federal election

14 September 2017

Threats to German Elections 2017

Hacking has become the boogie man of political election discourse. In Kenya, the recent presidential election result was forcibly annulled after the opposition alleged voting systems had been hacked.

Read More

An update on the Equifax data breach

13 September 2017

The credit reporting agency Equifax reported on September 7th, that it had been breached. On Friday, we outlined what we knew at the time, which was replete with intelligence gaps.

Read More

Equifax breach: The impact for enterprises and consumers

8 September 2017

On September 7th, credit reporting agency Equifax announced “a cybersecurity incident potentially impacting approximately 143 million U.S.

Read More

Return of the Worm: A Red Hat Analysis

7 September 2017

A computer worm is a piece of malware that is designed to replicate itself in order to spread to other machines.

Read More

Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might be Affected and What You Can Do About It

6 September 2017

Whether it was the Mirai botnet and Dyn or the “Cloudbleed” revelations, content delivery networks (CDNs) have been in the news recently.

Read More

Bitglass: Compromised credentials are just one way your corporate data is being exposed

22 August 2017

A guest blog from Bitglass, read the original at https://www.bitglass.com/blog/datawatch-beware-of-careless-insiders 

Read More

Fluctuation in the exploit kit market – temporary blip or long-term trend?

16 August 2017

Exploit kit activity is waning. Collectively these malware distribution tools used to be a prominent method of infection.

Read More

All that twitterz is not gold: Why you need to rely on multiple sources of intelligence

10 August 2017

Twitter has become an extremely valuable tool for security researchers; experts including Kevin Beaumont and PwnAllTheThings frequently post research findings on the site and following these feeds can be an...

Read More

Cybercrime finds a way, the limited impact of AlphaBay and Hansa’s demise

8 August 2017

The law enforcement operations that took down the AlphaBay and Hansa marketplaces were meant to strike a sizable blow to the online trade of illegal goods and services.

Read More

Reading your texts for fun and profit – how criminals subvert SMS-based MFA

3 August 2017

Read almost any cyber security related news and you will start to see why using a password alone isn’t the most secure way of preventing unauthorized access to your account.

Read More

What exactly is a threat model, and why organizations should care

1 August 2017

Many organizations are exquisitely aware that they are the target of a wide-range of cyber-attacks: from targeted intrusions to mere vandalism.

Read More

Fraudsters Scoring Big – an Inside Look at the Carding Ecosystem

19 July 2017

In season two of the Netflix series Narcos, Pablo Escobar points out that: “I’m not a rich person.

Read More

The Future of Marketplaces: Forecasting the Decentralized Model

18 July 2017

Last week we wrote about the disappearance of AlphaBay dark web marketplace and assessed three potential scenarios to look out for next.

Read More

AlphaBay disappears: three scenarios to look for next

14 July 2017

The AlphaBay dark web marketplace has been inaccessible since 05 Jul 2017. With no substantive explanation from the site’s owners, users have speculated that an either an exit scam (where...

Read More

Threat led penetration testing – the past, present and future

11 July 2017

Threat led penetration testing is, in essence, using threat intelligence to emulate the tactics, techniques and procedures (TTPs) of an adversary against a real time mission critical system.

Read More

Petya-like wormable malware: The “Who” and the “Why”

30 June 2017

Late on 27 June, the New York Times reported that a number of Ukrainian banks and Ukrenergo, the Ukrainian state power distributor, had been affected by unidentified malware which caused...

Read More

Keep your eyes on the prize: Attack vectors are important but don’t ignore attacker goals

29 June 2017

Reporting on intrusions or attacks often dwells on the method that the attackers used to breach the defenses of a particular organization.

Read More

Threats from the Dark Web

27 June 2017

Despite the hype associated with the dark web, maintaining visibility into it is an important component of a comprehensive digital risk management program.

Read More

WannaCry: An Analysis of Competing Hypotheses - Part II

7 June 2017

Following the furore of last month’s WannaCry ransomware attacks, Digital Shadows produced an Analysis of Competing Hypotheses (ACH) table to make some initial assessments on the type of actor most...

Read More

7 Tips for Protecting Against Account Takeovers

23 May 2017

In May 2017, an amalgamation of over 1 billion credentials was uploaded to the Have I Been Pwned database.

Read More

WannaCry: An Analysis of Competing Hypotheses

18 May 2017

On 12 May 2017, as the WannaCry ransomware spread across computer networks across the world, a variety of explanations also began to worm their way through the information security community.

Read More

Digital Shadows' 6th Anniversary

17 May 2017

It’s amazing to think that the idea James and I began working on from a kitchen table in London in May 2011 has now become the global cyber security company,...

Read More

5 Lessons from WannaCry: Preventing Attacks with Security Engineering

16 May 2017

With the recent news storm concerning the "WannaCry" ransomware worm, a great deal of mitigation advice has been provided.

Read More

WannaCry: The Early 2000s Called, They Want Their Worms Back

12 May 2017

Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen NHS organizations were impacted by the attack, and victims have...

Read More

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

9 May 2017

Passwords have taken a beating over the past several years, and there seems to be little question among leading practitioners that the antiquated method of authentication needs a hefty remodel.

Read More

The 3 Pillars of Digital Risk Management: Part 3 - The Top 5 Main Risks of Reputational Damage

27 April 2017

In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage, contributes to Digital Risk Management.

Read More

The Usual Suspects: Understanding the Nuances of Actors’ Motivations and Capabilities

25 April 2017

When it comes to their adversaries, organizations can still fall into the trap of focusing on the ‘usual suspects’.

Read More

Liberté, égalité, securité: 4 threats to the French presidential election

20 April 2017

French citizens will take to the polls on April 23rd to vote for a new president.

Read More

The 3 Pillars of Digital Risk Management: Part 2 - The 6 Main Areas That Contribute to Data Leakage Risks

18 April 2017

In this 3-part blog series, we discuss how each of the 3 pillars, Cyber Threat, Data Leakage, and Reputational Damage, contributes to Digital Risk Management.

Read More

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

13 April 2017

Risk is a well-developed concept within cybersecurity. The National Institute of Standards and Technology (NIST) defines the field of risk management as: “The process of identifying risk, assessing risk, and...

Read More

All sources are not the same; why diversity is good for intelligence

11 April 2017

As we all know, if you listen to just one side of the story, very often you don’t get the full picture.

Read More

Monitoring the mobile threat landscape

4 April 2017

The UK’s National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) released a joint paper on the cyber threats to UK businesses on March 14th.

Read More

OpIsrael hacktivists targeted by unknown threat actor

30 March 2017

Ideologically-motivated “hacktivist” actors can present a variety of threats to organizations from defacements, to denial of service attacks and sometimes even data compromise.

Read More

Turk Hack Team and the “Netherlands Operation”

29 March 2017

Since mid-March, Turk Hack Team have been participating in a new campaign called “Netherlands Operation”, announced via their official Twitter feed.

Read More

Tax Fraud in 2017

27 March 2017

The IRS recently released an alert that warned tax professionals and taxpayers to be wary of last minute email scams. With April 18 looming, how concerned should individuals and businesses...

Read More

Dutch Elections – Looking Back at Cyber Activity

22 March 2017

Last week, I wrote about the potential threats to the Dutch national election. But what actually happened?

Read More

Five Reasons why Alex Seton VP of Business and Corporate Development, joined Digital Shadows

21 March 2017

What a great feeling to find a company that cuts through today’s noisy and crowded security market to address an area that keeps many folks awake at night.

Read More

5 Risks Posed By Mobile Applications That SearchLight Helps You Manage

14 March 2017

Organizations face a wide range of risks online, including cyber threats, data leakage and reputational damage.

Read More

Back to the red pencil – Cyber threats to the Dutch elections

13 March 2017

Red pencil elections

Over the weekend, media reports surfaced about the fears of Russian interference in UK elections, with GCHQ reportedly warning political parties that hackers “steal and leak internal emails or publish...

Read More

Learning from the Top Threats Financial Services Faced in 2016

8 March 2017

Organizations operating within the financial services industry represent an attractive target for threat actors. Our latest white paper, Threats to Financial Services: Taking Note from 2016, takes a look at...

Read More

New “Blaze” exploit kit claims to exploit recent Cisco WebEx vulnerability

2 March 2017

A previously undetected exploit kit has been offered for sale on the clear web forum HackForums since February 8, 2017 with the name "Blaze Exploit Kit".

Read More

Step by step: The changing face of threat led penetration testing

28 February 2017

Organizations are increasingly adopting the threat led approach to penetration testing. This approach essentially advances the boundaries of conventional penetration testing by seeking to adopt the tactics, techniques and procedures...

Read More

Sun to set on BEPS/Sundown exploit kit?

22 February 2017

On February 13, 2017, the security researcher David Montenegro (@CryptoInsane) posted a series of tweets claiming that the source code for the BEPS exploit kit had been leaked online.

Read More

Four Things to Look Out for This Valentine’s Day

14 February 2017

Valentines Day Gifts

Consumers are increasingly moving to the Internet for their holiday purchases—and Valentine’s Day is no exception.

Read More

An unusually Swift(tay) malware delivery tactic

10 February 2017

While doing some background research into recent reporting by Dr Web on a newly identified version of Mirai, we made an interesting discovery.

Read More

F3EAD: Find, Fix, Finish, Exploit, Analyze and Disseminate – the alternative intelligence cycle

9 February 2017

The F3EAD cycle (Find, Fix Finish, Exploit, Analyze and Disseminate) is an alternative intelligence cycle commonly used within Western militaries within the context of operations that typically result in lethal...

Read More

How the frenzy unfolded: Analyzing various Mongo extortion campaigns

7 February 2017

The MongoDB “ransom” pandemic, which has been in the spotlight for the best part of a month, still appears to be affecting MongoDB installations and various campaigns still appear to...

Read More

Ready for the Blitz: Assessing the threats to Super Bowl LI

2 February 2017

 

Read More

Making Cents of ATM Malware Campaigns – Comparing and Contrasting Operational Methodologies

1 February 2017

Throughout 2016 some of the most notable reporting on criminal activity targeting the financial sector related to the use of ATM malware by a group of threat actors identified as...

Read More

Dial “M” for malware: Two-factor scamming

26 January 2017

Mobile Security min

Adversaries are developing new ways of attacking you using old forms of communication. Make sure your communication of this issue is equally as effective.

Read More

Innovation in the underworld: reducing the risk of ripper fraud

24 January 2017

Reputation is incredibly important for business. This also applies to cyber criminals who buy and sell goods and services in online marketplaces.

Read More

Known Unknowns: Key Events to Keep Your Eyes Out for in 2017

19 January 2017

On Friday, millions will tune in to see Donald Trump inaugurated as the President of the United States.

Read More

Why I joined Digital Shadows - Paul Kenealy

18 January 2017

Joining Digital Shadows was easy and it stood out head and shoulders above a crowded space.

Read More

Two ways to effectively tailor your intelligence products

17 January 2017

In my previous blog, “Trump and Intelligence: 6 ways to deal with challenging intelligence consumers,” I focused on six ways to effectively communicate and tailor intelligence to uninformed and/or difficult...

Read More

All You Can Delete MongoDB Buffet

12 January 2017

A number of extortion actors were detected accessing unauthenticated MongoDB installations and replacing their contents with a ransom note, usually containing an email and Bitcoin address and the usual "we...

Read More

10 Ways You Can Prepare for DDoS Attacks in 2017

11 January 2017

At the end of last month, we published a paper that forecasted the DDoS landscape for 2017.

Read More

Trump and Intelligence: 6 ways to deal with challenging intelligence consumers

4 January 2017

It is no secret the President Elect Trump is skeptical of the Intelligence Community (IC). He has openly questioned Russia/US election “hacking” on many occasions. This week he tweeted:

Read More

Coming to a Country Near You? The rapid development of the TrickBot trojan

22 December 2016

shutterstock 248596792 min 1

Since the discovery of TrickBot in September 2016, its operators have continued to develop the malware to include the targeting of new locations and customers of new banks.

Read More

Mirai: a turning point for hacktivism?

20 December 2016

Mirai and Hacktivism

A “digital nuclear attack”. A “zombie apocalypse”. “The end of history. “

Read More

Crowdsourced DDoS Extortion – A Worrying Development?

14 December 2016

We all know about DDoS extortion – the process is straightforward. Contact the company, threaten to launch a crippling DDoS attack that will happen unless the company pays a ransom.

Read More

You should consider forecasts, not predictions

12 December 2016

Well it’s that time of year again. Sorry, not the Lexus December to Remember Sales Event (don’t you just love those commercials), rather 2017 prediction season. Vendors and media alike take out their crystal...

Read More

The Top Three Most Popular Blogs of 2016

8 December 2016

It’s been a great year for the Digital Shadows blog, we started it off winning the “Best New Security Blog or Podcast” at the Security Blogger Awards at RSA Conference.

Read More

A Model of Success: Anticipating Your Attackers’ Moves

1 December 2016

Planning

In a previous blog, we discussed the role of planning in offensive operations and the power that effective planning affords an actor.

Read More

Ransomware-as-a-service: The Business Case

29 November 2016

Ransomware 1 min

It can be tempting to dismiss cybercriminal activity as merely the workings of opportunistic actors looking to make a fast buck.

Read More

Windows shopping: 7 threats to look out for this holiday season

23 November 2016

windows shopping min

Thanksgiving, Black Friday, Cyber Monday, Christmas. There’s a lot of shopping to be done between now and the end of 2016.

Read More

Five tips for better email security

22 November 2016

While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide simple tips that enable users to improve their online security.

Read More

Overexposed and under-prepared; the risks of oversharing online

17 November 2016

I have a confession to make.

Read More

Top 5 Threats to the Media and Broadcasting Industry

15 November 2016

For media and broadcasting organizations, the threat of having their websites forced offline is a significant one.

Read More

Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident

11 November 2016

Tesco Bank Logo

On November 6, 2016 multiple UK media outlets reported that the UK-based Tesco Bank had informed approximately 40,000 customers that fraudulent activity had been detected on their accounts between November...

Read More

Surveying the criminal market

10 November 2016

It’s no secret your personal information and data is valuable to cybercriminals, but is there more of a market for certain types of data than others? During our research into...

Read More

Anonymous Poland - Not Your Typical Hacktivist Group

8 November 2016

On October 29, 2016 a Twitter account associated with Anonymous Poland began to post tweets claiming to have compromised the network of the Bradley Foundation, a U.S. based charitable organization.

Read More

Resilience: Adapt or Fail

30 October 2016

“But it ain’t how hard you hit; it’s about how hard you can get hit, and keep moving forward.”- Words made famous by a portrayal of resilience himself, Rocky Balboa.

Read More

Rocking the Vote? The effects of cyber activity on the U.S. Election

27 October 2016

Contrary to some media reporting, our latest whitepaper finds that cyber activity during the 2016 U.S. presidential election does not appear to have demonstrably altered events in the short-term.

Read More

Don’t Break the Internet, Fix Your Smart Devices

26 October 2016

The Distributed Denial of Service (DDoS) attack, which targeted DynDNS servers, and literally ‘broke the internet’ for several hours on October 21st, pushed an issue that has been plaguing security...

Read More

Targeting of elections; old news, fresh tactics

25 October 2016

U.S. Polling Data 440x220 3 min

There has been no shortage of media coverage surrounding U.S. election and the associated nefarious cyber activity.

Read More

Squashing domain squatting

24 October 2016

Digital Shadows was recently the victim of a domain squat attempt. As we eat our own dog food, we thankfully caught and remediated it quickly.

Read More

Balancing the Scales: The PRC's Shift to Symmetrical Engagement

20 October 2016

Over the past few years we have observed the beginnings of a fundamental change in how People’s Republic of China (The PRC) engages with adversaries in the information warfare and...

Read More

Combatting online crime with “needle-rich haystacks”

18 October 2016

Needle in the haystack

At Digital Shadows our analyst team is responsible for providing both tactical situational awareness and broader, strategic awareness to our clients through incident reports, intelligence summaries and specific reports.

Read More

4 Tricks to Make a Cybersecurity Training a Treat

13 October 2016

security awareness training

A Halloween nightmare:

Read More

Digital Risk Monitoring Is A Service, Not a Distinct Capability

12 October 2016

Digital Shadows was recently recognized as a leader in the Forrester Wave on Digital Risk Monitoring.

Read More

Do not invite them in: what “human error” can mean in practice

11 October 2016

Although you may or may not be a fan of vampire movies, you certainly know that vampires should not be invited into your house.

Read More

Phishful Of Dollars: BEC Remains Top Of The Charts

6 October 2016

Business Email Compromise

Business email compromise (BEC) is not going away. Since we initially wrote about BEC back in April 2016, we have continued to report on threat actors using tried and trusted...

Read More

Swotting up on exploit kit infection vectors

4 October 2016

Exploit kit users need to drive web traffic to their landing pages. Without traffic, they can’t exploit vulnerable web users and serve malicious software (the objective of an exploit kit...

Read More

Plumbing the Depths: the Telnet protocol

3 October 2016

Internet of Things Telnet min

On October 1, 2016 Krebs on Security reported that the source code for the Internet of Things (IoT) botnet malware Mirai had been posted online and was freely available for download.

Read More

Five tips to make your passwords better

29 September 2016

Password Generater min

While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide simple tips that enable users to improve their online security.

Read More

Digital risk monitoring can negate ‘indicators of exhaustion’

28 September 2016

When I first joined Digital Shadows in January, I wrote about the current state of threat intelligence and how “Indicators of Exhaustion” (IoEs) were overwhelming analysts – and performing denial...

Read More

The industrialized uses of breached data

27 September 2016

In our first blog, we outlined a number of specific factors that can be used to determine a dataset’s desirability, from the perspective of a malicious cyber actor.

Read More

Beauty and the Breach: Leaked Credentials in Context

22 September 2016

Our most recent research paper looks at credential compromise, finding more than 5 million leaked credentials online for the world’s biggest 1,000 organizations.

Read More

New report: 97 percent of the top 1,000 companies suffer from credential compromise

21 September 2016

Leaked Credentials geo 180x110 min

Data breaches and credential compromise are not new. After all, 2014 was known as the “year of the data breach”. Last year was similarly dubbed the “year of the breach”.

Read More

Three easy tips to staying safe online

20 September 2016

While security is everyone’s responsibility, it’s not always easy to get right. Our “Security Best Practices” blog series will provide simple tips that enable users to improve their online security.

Read More

Forecasting the exploit kit landscape

15 September 2016

We’ve previously written on the most popular vulnerabilities that exploit kits are using. But how might the exploit kit market develop over the next year?

Read More

Understanding Exploit Kits’ Most Popular Vulnerabilities

13 September 2016

One significant aspect of mitigating the risk posed by exploit kits is keeping software up-to-date. However, for some organizations, knowing what to patch as a priority can be difficult.

Read More

Hacktivism, it’s not all DoSing around

12 September 2016

Hacktivism isn’t all high levels of low impact activity. There were a number of hacktivist campaigns we detected in the last year that seemed to have had little to no...

Read More

Show me the context: The hacking proof of concept

8 September 2016

A common feature at security conferences, especially those that demonstrate hacks, is the proof of concept. This typically involves a security researcher showing off an exploit against a vulnerable system.

Read More

The cyber defender and attacker imbalance – a disproportionate impact

6 September 2016

You might be forgiven for thinking that high-impact cyber-attacks are always the work of well-funded nation states, organized criminal groups or even international terror organizations.

Read More

Hybrid cyber/physical criminal operations – where network intrusions meet the physical world

1 September 2016

At some stage, almost every crime committed online has a physical element, often when the money obtained is used to purchase commodities.

Read More

Security Culture: You’re only as strong as your team

24 August 2016

When you’re hurt you feel pain, you see a cut or bruise, and you know that something has happened to you within that very instant.

Read More

Bozkurt to Buhtrap: Cyber threats affecting financial institutions in 1H 2016

23 August 2016

At the beginning of 2016, it was reported that two suspected members of the DD4BC, a DDoS extortion group, were arrested in Europe.

Read More

Four Things We’ve Learned From the Alleged Equation Group Code Leak

22 August 2016

The wake of the deeply bizarre auction of toolkits alleged to be from the Equation Group by the self-proclaimed “Shadow Brokers” has fuelled a great deal of speculation on social...

Read More

False flags in cyber intrusions – why bother?

18 August 2016

False flag operations have long existed in the physical world, a tactic used to make an operation appear to have been planned and executed by someone other than the real perpetrator.

Read More

“Air cover” – cybercriminal marketing and the media

17 August 2016

For a new or relatively unknown cybercriminal actor looking to sell compromised data, attracting buyers can be a difficult task.

Read More

Forecasting OpOlympicHacking

15 August 2016

We recently published a report on the eight cybersecurity considerations around Rio 2016. But what have we observed so far, and what do we expect to see in the short...

Read More

Overexposure – photos as the missing link

11 August 2016

You have heard it all before ­– recycling passwords for multiple services can be catastrophic. One service being breached and your shared password recovered can lead to the compromise of...

Read More

Getting In Gear: Accounting for Tactical and Strategic Intelligence

9 August 2016

We’ve written before about how we like to map our services to the intelligence cycle. Of course, the intelligence cycle has its challenges – you only need to look to...

Read More

The expansion of the cyber littoral zone and the importance of cyber situational awareness

4 August 2016

In military terminology, the littoral zone refers to the area that a naval vessel can impose some kind of effect within, such as landing troops, dropping munitions or projecting electronic...

Read More

Thedarkoverlord – losing his patients?

2 August 2016

In late June 2016, we observed a spate of attacks allegedly conducted by a vendor named “thedarkoverlord” on the dark web marketplace the Real Deal.

Read More

More Data Leaks as part of OpOlympicHacking

1 August 2016

In our recent whitepaper, we demonstrated eight cybersecurity considerations around Rio 2016. The paper lays out hacktivism and cybercrime threats that organizations can expect to see throughout the competition.

Read More

Gambling with Security in Vegas: Not Your Best Bet

28 July 2016

With BSides Las Vegas, Black Hat, and DEF CON around the corner, security is likely at the forefront of many minds in the industry.

Read More

Deer.io: Your One-Stop Shop for Cybercrime

27 July 2016

Being a cyber criminal is becoming even easier as barriers to entry continue to be lowered.

Read More

5 Takeaways From The “Building A Strategic Threat Intelligence Program” Webinar

26 July 2016

Last week, the great Mike Rothman (of Securosis fame) and I did a webinar titled: “Building a Strategic Threat Intelligence Program.” Mike is a great person to collaborate with; he...

Read More

Tracking the Field: Eight cybersecurity considerations around Rio 2016

25 July 2016

Last week, we saw reports of individuals arrested on charges of terrorism ahead of the upcoming games in Rio.

Read More

PoodleCorp: in the business of kudos

25 July 2016

PoodleCorp claimed to have successfully rendered the servers of the Android and iOS game Pokemon Go offline using several distributed denial of service attacks on 16 Jul 2016.

Read More

Towards a(nother) new model of attribution

21 July 2016

Actor attribution is a common issue and activity within the world of cybersecurity. At its core, the actor attribution process involves identifying the individual behind a malicious cyber event.

Read More

5 Key Lessons From The FDIC’s Breach Disclosure Debacle

19 July 2016

Last week, the United States House Science, Space and Technology Committee released the scathing results of the committee’s investigations into data breaches at the Federal Deposit Insurance Corporation (FDIC).  The...

Read More

Open Source Intelligence versus Web Search: What's The Difference?

14 July 2016

“I can get that from Google!” – is a common phrase that has been directed at me during my time as an open source intelligence professional.

Read More

Three Tactics Behind Cyber Extortion

13 July 2016

As explained in a previous blog, extortion is not new – it’s now just been applied to the digital world in many different forms. In fact, as our extortion whitepaper...

Read More

The philosophical difference between the Old and New Schools of the cybercriminal underground

12 July 2016

I would recommend that anyone interested in the serious study of criminal activity on the dark web should pick up a copy of James Martin’s Drugs on the Dark Net:...

Read More

Your money or your data: Keeping up-to-date with the innovation

7 July 2016

DDoS extortion and ransomware attacks have featured heavily in the headlines recently. But the practice of obtaining money through threats is not new.

Read More

OPSEC versus branding – the cyber criminal’s dilemma

6 July 2016

Like any business, cybercriminals offering criminal services need to develop and maintain a brand and reputation in order to attract customers.

Read More

Modern crimeware campaigns – two bytes of the cherry

5 July 2016

To a Columbian drug lord, the most valuable commodity is probably cocaine. To many financially motivated cybercriminals, the most valuable commodity is probably data.

Read More

Recycling, bad for your environment!

5 July 2016

The news is constantly flooded with yet another breach of a high profile vendor. Perhaps the biggest and most publicized recent breach is the exposure of the 2012 LinkedIn breach data.

Read More

10 ways to prepare for credential leak incidents

30 June 2016

From LinkedIn to MySpace, threat actors like Peace of Mind and Tessa88 have been selling credentials in various criminal dark web locations.  Most recently we have seen thedarkoverlord offer up...

Read More

Standoff in cyberspace

29 June 2016

In physical security terminology, standoff is the term used to refer to the physical distance between a defender and a threat.

Read More

Inconsistencies in Intelligence Collection

28 June 2016

Amid the rising talk of “intelligence” within the security industry, the concept of intelligence collection has gained traction.

Read More

Spidey-sense for the people

23 June 2016

If you liked Marvel’s SpiderMan then you will recognize the special Spidey-sense skill that Peter Parker possessed.

Read More

Hacktivism: same old, same old?

22 June 2016

Cyber activists, or hacktivists, have become a firmly fixed element of the threat landscape since groups like Anonymous, Lulzsec, and the Al Quassam Cyber fighters broke into the mainstream media...

Read More

Forecasting the implications for cybersecurity in Britain after Thursday’s referendum

21 June 2016

On Thursday, the United Kingdom goes to the polls to vote on one of the most important and contentious referendums Britain has ever seen.

Read More

Shining a light on the dark web

21 June 2016

The dark web receives more than its fair share of media coverage pertaining to cyber crime.

Read More

“Hidden” TeamViewer service advertised on criminal forum

17 June 2016

Over the last few weeks, there have been a number of reports of attacks using the remote desktop control software TeamViewer, with many users’ machines being taken over to install...

Read More

Forecasting the threat posed by OpIcarus in October 2016

14 June 2016

Last week, a third phase of OpIcarus was launched. Dubbed “Project Mayhem”, this new phase has the stated objective of targeting stock exchanges worldwide.

Read More

The Plan is Mightier than the Sword – Re(sources)

9 June 2016

After having discussed the importance of planning and persistence in APTs, it is important to conclude by considering the significance of resources.

Read More

Are you at risk from business email compromise?

6 June 2016

Business email compromises (BEC) are on the rise. When I was at Forrester Research, I typically didn’t go more than one month without consulting with organizations that had fallen prey...

Read More

Building an Intelligence Capability: Agility, Creativity and Diversity

2 June 2016

The Internet is a big old place, full of disparate – and often contradictory – data in various languages, formats and structures.

Read More

The OPSEC Opportunity

1 June 2016

Operations Security (OPSEC) has long been a key tactic used by commercial and military organizations to protect their privacy and anonymity.

Read More

Are you certain you know what risk means?

31 May 2016

You’re the person in charge of safety on the Titanic. The designers have told you that this state-of-the-art ship is virtually unsinkable.

Read More

The Plan is Mightier than the Sword – Persistence

31 May 2016

In the last blog post, I talked about the requirement for planning as part of an APT. Another requirement is the “P” of APT – persistence.

Read More

Data breaches targeting financial services: 2016 so far

26 May 2016

It’s been a busy year for data breaches relating to financial services organizations – we’ve identified claims of breaches for 10 companies in this sector.

Read More

The Plan is Mightier than the Sword – Planning

24 May 2016

Media reports of breaches against major corporations or government agencies typically follow a familiar narrative of "sophisticated" attackers deploying a dazzling array of "cyber weapons" against a hapless target.

Read More

OpIcarus – Increased Claims Against Financial Institutions

23 May 2016

There’s no shortage of online hacktivist operations launched by actors who are seeking to readdress injustices, perceived or actual. Indeed, we have previously posted blogs on such OpIsrael and OpOlympicHacking.

Read More

Goliath ransomware, giant problem or giant con?

17 May 2016

Ransomware can cause big problems for individuals and organizations, but what are the new types of malware that are being advertised on the dark web, are they genuine and what...

Read More

Digital Shadows – The Innovation Continues

17 May 2016

This week, Digital Shadows will turn five years old. Over this time, our product and engineering teams have continually worked with our clients to help better understand the risks that...

Read More

Bozkurt Hackers continue to leak bank data

13 May 2016

A threat actor calling itself “Bozkurt Hackers” posted links to data on Twitter allegedly obtained from a number of banks based in the United Arab Emirates, Bangladesh and Nepal.

Read More

ROBOANALYST: THE FUTURE OF THREAT INTELLIGENCE?

10 May 2016

Artificial Intelligence (AI) is currently going through one of its regular hype bubbles. Another dawn of the super-intelligent machine is upon us.

Read More

Cyber situational awareness: It just makes cents

9 May 2016

For organizations that are looking to secure their online presence, there is no shortage of products on offer.

Read More

Analyzing the 2016 Verizon Data Breach Investigations Report

4 May 2016

Last week Verizon released the 2016 Data Breach Investigations Report. If you haven’t read it yet, I highly recommend that you do so; the Verizon DBIR should be on everyone’s...

Read More

Getting Strategic With Your Threat Intelligence Program

27 April 2016

Tactical feeds have dominated the threat intelligence narrative for many years, but there is an emerging understanding that there must be more to threat intelligence than just open source and...

Read More

The Hacking Team breach – an attacker’s point of view

25 April 2016

On 17 April 2016, two posts were added to Pastebin (one in Spanish, the other in English) detailing the alleged methods and tools used to access the internal network of...

Read More

Continuous monitoring: four considerations

21 April 2016

When striving to understand threats outside of an organization’s boundary, continuous monitoring and real-time alerts are two features that are often talked about.

Read More

Antifragile Security: Bouncing Back Stronger

19 April 2016

Strong, robust, stable, resilience – these are all words associated with a successful security posture. They’re comforting words that serve to gain the confidence of executives.

Read More

URGENT, ACT. RQD: Navigating Business Email Compromise

12 April 2016

Call me phishmail.

Read More

OpIsrael 2016 marked by increase in data compromise

11 April 2016

In our last blog on OpIsrael, we assessed what we were likely to observe on April 7.

Read More

OpIsrael: An Update

6 April 2016

Last month our intelligence team published a blog on the use of ABI in understanding OpIsrael 2016, which suggested that the level of talk was indicative of an active campaign...

Read More

Online credit card shops – a numbers game

5 April 2016

You may have recently read headlines about an online shop that was selling millions of stolen credit cards.

Read More

Dark web: More than just a bastion of criminality

31 March 2016

For many people, the term “dark web” refers to criminal activity on Internet. There are many definitions for what comprises the dark web.

Read More

It's time to put the diligence into your M&A due diligence

30 March 2016

The headlines resulting from the Target/Fazio Mechanical Services and T-Mobile/Experian breaches have raised the awareness around third-party risks.

Read More

Cybersecurity for the nuclear industry – ‘in service modification’ or more systemic change required?

29 March 2016

On the March 15, I was lucky enough to be invited to a round table event at Chatham House in London titled, Security by Design: Mitigating Cyber Security Risks in...

Read More

Cybercriminal Situational Awareness

22 March 2016

The Internet has made keeping up-to-date with current affairs and finding relevant information so much easier.  There's a problem though: cybercriminals are frequently using current affairs, calendar events, and global...

Read More

Uncertainties in the Language of Uncertainty – and why we need to talk about it

17 March 2016

If you know much about Digital Shadows SearchLight, you would know that one of our strengths in the provision of cyber situational awareness is the human in the loop.

Read More

OpIsrael: Looking ahead to April 7 with ABI

15 March 2016

At any one time, there is a host of hacktivist operations announced, discussed and in action.

Read More

Moar Sand!

10 March 2016

Let’s face it, many organizations have their heads in the sand. In some cases this choice is a deliberate one; the temperature down there is cool and your face gets exfoliated.

Read More

Intelligence vs. Infosec: The 3-letter-guy to the rescue?

8 March 2016

Whenever Royal Marines deploy on operations, they take with them their own intelligence analysts. These analysts are fully trained and experienced Marines, meaning they benefit from having been in the...

Read More

The ‘hacker’ talent shortage: What organizations can learn from the recruitment efforts of their attackers

1 March 2016

The seventh annual (ISC)² Global Workforce Survey estimates that there will be a shortage of information security professionals by 2020.

Read More

Aviate, Navigate, Communicate

29 February 2016

I’m an aviation enthusiast. Flying is exhilarating; it gives you a sense of freedom, provides breathtaking views and allows you see the world from a different perspective.

Read More

From cyber espionage to hacker marketing strategies: an overview of Digital Shadows talks at RSA Conference

26 February 2016

It’s not long until this year’s RSA Conference, and Digital Shadows will be in full force, with some of us giving talks.

Read More

WHAT DO YOU MEAN IT WAS AN ACCIDENT?

25 February 2016

We always want to find someone or something to pin the blame on when a serious data breach occurs.  But is it really that simple?

Read More

Using news reports as a source of intelligence

24 February 2016

It’s often tempting to overplay the importance of exploring dark and deep web sources in providing intelligence value.

Read More

OpOlympicHacking: A hurdle for Rio’s sponsors to vault

22 February 2016

This month Anonymous Brazil and an affiliate group, known as ASOR Hack Team, announced the launch of the hacktivist operation, OpOlympicHacking.

Read More

Why go through the trouble to tumble?

17 February 2016

Today you can purchase a pizza in Berlin and pay for it from a digital wallet located on a computer in Prague.

Read More

Cyber situational awareness and the kill chain

16 February 2016

The concept of the cyber kill chain, in some form or another, has been around for ages. Some love it, and some hate it.

Read More

Another SANS Cyber Threat Intelligence Summit is in the books

11 February 2016

Last Thursday we wrapped up the 4th annual SANS Cyber Threat Intelligence (CTI) Summit. I have presented at all four of the summits and I’ve have been fortunate enough to...

Read More

Waiter, there’s a hole in my intelligence collection!

10 February 2016

We’re all swimming in data. There’s data everywhere. From packet captures to reputation feeds, it feels like there is a fire hydrant of data flooding analysts.

Read More

Relevance: The missing ingredient of cyber threat intelligence

9 February 2016

Today we’ve announced the closing of our Series B investment round, led by Trinity Ventures. This $14 million will give us the support to grow our team, further invest in...

Read More

Surviving the threats posed by PoS malware

3 February 2016

These days, you can’t go into a store or mall without being asked to use a point of sale (PoS) system during checkout, versus an antiquated cash register.

Read More

“Largest cyber attack” on Israel lacks power

1 February 2016

On 26 January, Yuval Steinitz, the Israeli Minister of Infrastructure, Energy and Water Resources, announced to the 2016 CyberTech Conference in Tel Aviv that the Israeli Electric Corporation was dealing...

Read More

Why I joined Digital Shadows

28 January 2016

Departing Forrester Research wasn’t an easy decision; it was a great job. I was able to help guide the security strategies of some of the world’s largest and most complex...

Read More

Prêt-à-Porter Shadows

27 January 2016

The early part of any year is a time of reflection on the new devices we were gifted by others (or ourselves) during the holidays.

Read More

Digital Shadows honored as Bloomberg Business Top Innovator

26 January 2016

We're pleased to announce that Bloomberg Business has named Digital Shadows as one of the top breakthrough and disruptive businesses in the UK – in the category of “changing the...

Read More

Escalation in OpKillingBay

25 January 2016

There has been a noticeable recent increase in activity surrounding the OpKillingBay operations - a hacktivist campaign attributed to the Anonymous collective that has been active since 2013.

Read More

Criminal services – Bulletproof hosting

21 January 2016

Cybercrime can be a lucrative business if you do it well. But how do criminals ensure the success of their schemes without interference from law enforcement or industry-led interventions, such...

Read More

Digital Shadows Welcomes Rick Holland as Vice President of Strategy

19 January 2016

Last year was an exciting time for Digital Shadows; we opened our new co-headquarters in San Francisco, achieved over 400% growth in revenue, and more than doubled the size of...

Read More

The Strategic Corporal and Information Security

19 January 2016

For those unfamiliar with the term “strategic corporal”, it sprung out of the conflicts in Afghanistan and Iraq.

Read More

DD4BC Arrests: What Now for Extortion?

15 January 2016

Earlier this week, Europol published a press release stating that an individual suspected of being a “key member” of the extortionist group DD4BC had been arrested, and that a further...

Read More

A Complex Threat Landscape

14 January 2016

Achieving a better understanding of the threat landscape is key for organizations; the better they know their enemies, the better they can align their security postures. But it is hard.

Read More

RATs: Invasion of Your Privacy

12 January 2016

When most people hear the word “RAT” they envision a large rodent that dines in dumpsters while seeking solace in sewers.

Read More

Digital Currency and Getting Paid In The Underground

6 January 2016

It’s been said that money makes the world go round.  People expect to be paid for their time, goods, and services, and cyber criminals are no different.

Read More

Lots to learn? Academia and intelligence

4 January 2016

With the ongoing emergence of CTI you could be forgiven for thinking that the discipline of intelligence was new.

Read More

Criminal Services – Crypting

18 December 2015

In the world of cybercrime, malicious software (malware) plays an important role. But if you’re a cybercriminal, how do you keep your malware from being detected?

Read More

‘Hacker Buba’: Failed extortion, what next?

11 December 2015

An actor identifying itself as "Hacker Buba" recently claimed to have breached Invest Bank and posted purported customer and client information on Twitter as part of an attempt to extort...

Read More

Communicating Intelligence: The Challenge of Consumption

10 December 2015

In my previous blog in this series I discussed the challenge of effectively communicating intelligence, and provided examples of how we inform our clients of individual incidents.

Read More

Communicating Intelligence: Getting the message out

8 December 2015

In my previous blog I discussed some of the challenges associated with communicating intelligence. In this follow up piece, I’ll explain some of the methods we use here at Digital...

Read More

TalkTalk information likely to be discoverable on the dark web

4 December 2015

Last month, TalkTalk disclosed that they been the victim of a cyber attack on its website.

Read More

Communicating Intelligence: A battle of three sides

2 December 2015

Good intelligence depends in large measure on clear, concise writing.

Read More

Criminal Services – Counter Antivirus Services

30 November 2015

Infosecurity Magazine recently reported that two individuals have been arrested in the UK on suspicion of running a website that facilitates the development of malware.

Read More

Activity Based Intelligence – Activating your interest?

25 November 2015

Some threat actors love to make noise. Be it a tweet, a forum post, or a chat room message, communicating in the open often takes place.

Read More

Crackas With Attitude: What We've Learned

23 November 2015

One of the most active actors of the past several months has been a hacktivist group who identify themselves as ‘Crackas With Attitude’ (CWA).

Read More

From CTI to Cyber Situational Awareness: What you should know

16 November 2015

With more attackers trailing the digital shadows of organizations, traditional defenses have proven to be insufficient and organizations are looking at new ways of protecting themselves.

Read More

The Way of Hacking

10 November 2015

In the Japanese martial art of Aikido it is said that "Kurai Dori" is the ability of a skilled practitioner, or "aikidoka", to control the consciousness of an opponent.

Read More

Emerging Markets: Online Extortion Matures via DDoS Attacks

9 November 2015

Unlike scenes from books or movies where shadowy figures hold manila envelopes containing information or photographs pertaining to an unsuspecting victim, few of us in the real world have to...

Read More

Crackas With Attitude strike again?

28 October 2015

Last week, the New York Post reported that hackers had compromised the personal email address of CIA Director, John Brennan.

Read More

TalkTalk: Avoiding the hype

28 October 2015

There has been no shortage of media coverage on the recent TalkTalk cyber attack.  The full implications of the attack are not yet known, but reports suggest it could affect...

Read More

Smilex: Dangers of Poor OpSec

27 October 2015

On 13 Oct 2015, it was revealed in an indictment on the US department of Justice website that Dridex (AKA Bugat and Cridex) activity had been disrupted and charges filed...

Read More

CATER, For Your Threat Intelligence Needs

8 October 2015

Our white paper, Cyber Threat Intelligence: A Buyer’s Guide, provides an overview of current CTI approaches and the types of offerings available.

Read More

Online carding

7 October 2015

There is no shortage of credit card information being sold online. In the past six months alone, our spider (which covers I2P and ToR Darknet overlay networks as well as surface web carding sites) detected thousands of instances of sites offering credit...

Read More

Cyber Situational Awareness: Gain an Attacker’s Eye View

23 September 2015

Our latest white paper defines a different perspective on security – cyber situational awareness.

Read More

Greater capabilities equal greater cyber situational awareness

21 September 2015

In a recent Techworld article, one of our clients said that Digital Shadows SearchLight™ “…gives me “visibility into a world that is outside of my control.” This is the very...

Read More

How the Internet of Things (IoT) is Expanding Your Digital Shadow

10 September 2015

The Internet of Things (IoT) is a development that is the direct result of objects, technology, people that have been provided with unique identifiers, which possess the ability to transfer...

Read More

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

4 September 2015

One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).

Read More

Raising the Stakes - U.S. retaliation for Chinese cyber espionage has the potential for escalation

18 August 2015

Following the Jun 2015 announcement that the U.S. Office of Personnel Management (OPM) had been breached and the personal data of millions of current and former federal employees compromised, a...

Read More

The Intelligence cycle – what is it good for?

13 August 2015

It seems that the concept of ‘intelligence’ is a problem. The definition isn’t agreed, and the industry is peppered with vendors and organisations applying a range or meanings and interpretations.

Read More

OPSEC and Trust in an Underground Cybercriminal Forum

12 August 2015

There are perhaps tens of thousands of forums and sites in the visible and dark webs dedicated to criminal activity.

Read More

Exciting times, exciting team at Digital Shadows

30 July 2015

Yesterday we announced that Stuart McClure, founder and CEO of Cylance, Inc, is joining our Board of Directors. The entire company is excited about his joining us, and James Chappell and I are especially looking forward to working with him as we further grow the company. While we are excited, Stuart’s joining our board is not the only great team news we have at Digital Shadows. Over the last few months we’ve grown our executive leadership team to map to our business goals, and I want to introduce them.

Read More

Digital Shadows and ThreatConnect Partner to Help Customers Improve Security Defenses

20 July 2015

One of the foundational values of Digital Shadows is the appreciation and value we put on our collaboration with customers and our coordination with our strategic business partners. It is because of this value that we’re delighted to announce today that we’ve entered into a new partnership with ThreatConnect, the leading provider of security software and services including the ThreatConnect® Threat Intelligence Platform (TIP).

Read More

Exploiting is my business...and business is good

13 July 2015

In 2015 we are seeing new trends emerge with respect to Exploit Kits in the wild. These trends are particularly interesting in that they suggest that the frequency of 0-day exploits made available in these kits is growing while the time to integrate said 0-days from the time of discovery to inclusion in the kits is shrinking rapidly.

Read More

Online Extortion - Old Ways, New Tricks

6 July 2015

Extortion is nothing new for organised crime. For centuries, gangs have been operating protection rackets and kidnappings to successfully extract ransom money from their victims. And as with many things in modern life, these old techniques have been successfully brought over to the cyber realm.

Read More

Saudi Arabia MOFA Breach

1 July 2015

A look at the recent MOFA breach.

Read More

What’s In a Name? The Mystery Surrounding the Identity of the Actors Responsible for the Saudi Arabia Breaches

1 July 2015

Recently we wrote about the initial breach of the Ministry of Foreign Affairs of the Kingdom of Saudi Arabia (KSA).  We felt like this was noteworthy for several reasons: 1.  ...

Read More

Kaspersky Labs Discloses Duqu 2.0 Attack

19 June 2015

Today social media channels the world over are a buzz with news of Kaspersky Labs disclosure of the discovery of Duqu 2.0.  This news was significant for many reasons especially...

Read More

Digital Shadows integrates with Maltego through partnership with Malformity Labs

15 June 2015

The need for organizations to focus on their risk exposure is growing daily, and their ability to establish a clear picture of their environments is key to mitigating risk.

Read More

Emerging Markets & Services: Ransomware-as-a-Service

9 June 2015

A look at emerging markets and services, specifically at  ransomeware-as-a-service.

Read More

The Adult Friend Finder Breach: A Recap

27 May 2015

Last week, news quickly spread about a security breach that impacted the casual dating website Adult Friend Finder. Will Gragido. Head of Threat Intelligence for Digital Shadows in the USA, shares his findings.

Read More

The Dangers of Groupthink: Part 2

10 April 2015

This post moves on to the second cause of groupthink and tries to understand how organizational structural faults may result in manifestations of groupthink.

Read More

The Dangers of Groupthink

4 March 2015

Over the next few blog posts we’ll be looking at various types of cognitive bias and suggest ways of dealing with them.

Read More

Analytical Tradecraft at Digital Shadows

5 February 2015

This week my colleague and I attended the SANS Cyber Threat Intelligence conference in Washington DC. It was great to hear more from analysts and CTI users from across the community, as well as mingle with the plethora of vendors who were present. This blog explores some of the themes which arose from discussions on analytical tradecraft.

Read More

Remote working at Digital Shadows

27 January 2015

Here at Digital Shadows we’ve worked hard to assemble the most dedicated and talented development team possible and that has resulted in our team being concentrated here in London, but including members both further afield in the UK and internationally. This means that we’ve had to learn how to work with a distributed team and this post will cover our experiences and some of the utilities we’re making use of to work as efficiently as possible.

Read More

Digital Shadows joins roundtable at 10 Downing Street

9 January 2015

Alastair Paterson, CEO of Digital Shadows, recently visited 10 Downing Street to participate in a roundtable on cyber security. The session brought together leaders from industry, academia and government and sought to address the challenges surrounding cyber security policy.

Read More

Working in multilingual sources

12 November 2014

This post will be about some of the challenges you are likely to face trying to handle data in different languages and how to deal with them. Most of our code is in Java so the examples here will all be written in Java

Read More

Source Evaluation

12 November 2014

To organisations, threat intelligence is about understanding the threat landscape – the various actors and campaigns which conduct cyber attacks – so that when they are specifically targeted it can be detected, mitigation put in place, and the risk to their business reduced. Robust source evaluation minimises the chance of crying wolf, or warning of the wrong threat entirely.

Read More

Even the hackers are targeted by phishers

6 November 2014

We noticed a Tweet from one of the groups we are tracking which claimed that the popular football game FIFA was “offline”. Given the unspecific nature of the Tweet and the lack of any evidence suggesting that the online services of the game had been affected by any kind of cyber attack, we assessed that it was likely a false claim.

Read More

The Intelligence Trinity

30 October 2014

For several years now there has been considerable hype and hubris around the term ‘intelligence’ within the cyber security industry. It feels as if the term has been diluted as its usage has extended to include vendors dealing in a range of issues from bad IPs and Indicators of Compromise, to tip-offs that hacktivist groups are targeting particular sectors and the activities of APT groups, and everything in-between.

Read More

Digital Shadows invited to 10 Downing Street

30 July 2014

Interest in London’s burgeoning tech industry is growing so rapidly that even David Cameron has taken notice; at Pitch10, an event at 10 Downing Street to be held on Thursday 31st July, ten of the most promising digital companies in Britain will pitch their businesses to an audience that includes Cameron himself.

Read More

Watch Dogs – it’s just a game... or is it?

27 May 2014

A new video game called Watch Dogs is offering an interesting take on real life digital shadows. Sounds like a pretty scary world – Watch Dogs’ website proclaims “You are not an individual. You are a data cluster.” But just how accurate is this idea in the world that we live in? At Digital Shadows we protect organisations from data loss and targeted cyber attack.

Read More