May 30 Webinar | SOC Talk: Automating Threat Response
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
May 01, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
I’m sure we can all agree that this year has been busy for anyone who had anything, even remotely, to do with security. The year 2021 started off with a bang as we all dealt with the fallout from a handful of Exchange bugs, dealt with the repercussions of the Accellion and Kaseya attacks, and saw ransomware splashed on the news and just about every media publication out there. And just when we thought we could coast through the last couple of weeks, the Log4j vulnerabilities dropped like a bomb. To paraphrase a couple of popular Tweets and memes floating around, this year has been a helluva decade.
Our own Photon team has been busy this year. Between investigating the internets for signs of breaches and attacks, reading the tea leaves of forum chatter, and writing reports and intelligence updates for our clients, we found the time to bring you relevant articles about what’s happening in the news and other important information.
In the spirit of Spotify’s year in review and the data mining results from your favorite social media and fitness apps, we decided to talk a little bit about the blogs y’all found important and relevant. While we won’t be able to tell you what your musical aura is, how many stairs you’ve climbed, or which photo of yours got the most likes, we can tell you what was interesting. As one important shout out, kudos to our very own Ivan, who contributed to two of these blogs!
Side note: We also discovered that some other interesting people were reading our stuff.
So without much further ado, here are the top 5 blogs that you found important, timely, and relevant this year. Here comes the countdown!
Ah, yes, the necessary evil that is social media sometimes. Back in April we did a bit of a deep dive talking about how a leak of over 500 million users’ data happened and what the potential fallout meant. The data was likely scraped public data, as well as some other information that was typically not available publicly. The purported threat actor had exploited a vulnerability (later patched by Facebook) that allowed the mass export of user data from between 2019-2020.
Our team had discovered listings of this data for sale for the bargain price of $25,000, which had interest from criminal actors. Later, the information made it to another popular forum for the unbelievable price of around $3, where it became one of the most viewed threads. From there, the data scattered to the winds, where it was reposted elsewhere and became freely available to just about anyone.
While the breach likely resulted in phishing, smishing, and other social engineering attempts; at this point, it’s better to assume most or all of the information is already out there and the better question is how to secure yourself now. With the more important pieces of data exposed being phone numbers and emails, we always recommend using strong authentication with your email accounts, such as strong passwords and multifactor authentication wherever possible, to beware of attachments, and to be careful answering texts or calls from unknown or unexpected numbers.
Read more here.
Cryptocurrency, much like QR codes, podcasts, and memes, really has had quite the “glow up” in recent years, especially as the pandemic forced people to find new interesting things and hobbies. Given how unstable crypto can be (and how hot the topic is), back in June, Photon took a peek at what was happening on criminal forums when it comes to cryptocurrencies.
The danger is that there are likely a lot of n00bs flocking to crypto without doing the proper due diligence, which opens people up to all kinds of scams and attacks. We discovered that some of the common attacks included reverse proxy phishing (essentially a man-in-the-middle attack involving domain spoofs), cryptojacking (pwning a computer to allow an unsuspecting user to mine for someone else), dusting (monitoring small transactions over several wallets to discover users), and clipping (redirects a transaction to a malicious, or attacker-controlled wallet).
We covered some of the techniques and talked about mitigations and other things to think about to keep people and their hard-earned crypto safe. As society moves on to other interesting, imaginary or intangible things to assign value (I see you, NFTs), and cryptocurrency continues to remain popular, this article stays pretty relevant, even six months later.
I thought I’d managed to almost make it out of 2021 without writing about ransomware again. Thanks to Log4j, I thought I’d made it.
This blog is important because while it was definitely a banner year for the ransomware operators out there, the time between roughly Q2 and Q3 was incredibly important. During that 6-month period, we saw the rise and fall of several prominent operators, a bunch of unprecedented attacks (Colonial, JBS, and Kaseya), record-breaking extortion demands, a bunch of rebrands, some notable gossip, and a lot of the media, researchers, government officials, non-security folk, Twitterati, and anyone else staying up on the news collectively gasping a very loud “WTF?”
I won’t be able to give this blog or its accompanying research its full due here, but the tl;dr is that if you were an industrial goods or technology company based in the US, there’s a pretty good chance one of about two dozen ransomware groups attacked you. As we look towards 2022 and reviewing the trends of Q4, I’m secretly hoping we don’t have the same scale as this year. Ransomware’s going to be around for awhile, but let’s just try and keep it a little more manageable, k?
Read more here, or check out the full threat report.
Counterintelligence is the process of understanding what an adversary knows about the blue team, which often includes what news stories are of interest, what people are talking about, vulnerabilities, and talk about countermeasures or signatures that might counter an adversary’s threat. In cybersecurity it’s no different, as we’ve discovered that not only are cybercriminals avid readers of a lot of the usual trade publications, they’re paying attention to research and other commentary around vulnerabilities and exploits. They share information, either freely or after exchanging currency, and they contribute to the market for exploits.
A lot of this plays into the research we started on vulnerability intelligence back in October. As the days passed, we found some interesting threads: the zero-day market is very expensive and cutthroat, some ransomware groups are probably as well-funded as some countries, the fact that the black hats out there are likely renting out exploits, and that those old vulnerabilities still get exploited. Also, unsurprisingly, some of the old forum hands are schooling the newbies on how to do bad things.
This blog was part of a series, and definitely worth a look as we examined the world of vulnerability intelligence, but getting to understand some key themes in the underground helped add context to why things like an Apache or Windows vulnerability can be a really bad thing.
Read more here, or check out the research paper here.
Besides having one of the best beards and speaking voices at Digital Shadows (now ReliaQuest), Michael Marriott is also one of our more prolific writers. Back in February, he brought us a great blog on solving the problem of making threat intelligence useful to enterprises. Nearly a year later, the advice still holds up.
The short version of this (and it still won’t do any justice) is to make threat intelligence actionable by letting software do the things to filter and make information relevant, let the people work on the true positives and real threats, and (to paraphrase a popular Python course) automate the boring stuff.
Look, it’s hard building a CTI team or program. Getting the buy-in or budget is only half the battle because the true test is making the information matter to the end user. Or making other data useful as a result of threat intelligence. Either way, it’s not an easy task under the best conditions sometimes, and the pressure to show a return on investment might become very real on day 3 of having the shiny new toy.
If you’re starting to become a threat intelligence consumer, or about to, this is a great blog to consider.
At the time of this writing, we’re just nine days away from bidding 2021 adieu. We’re hopefully through the worst part of the Log4j crisis, so here’s to hoping it’ll be a quiet respite for a short time. In the spirit of holiday cheer where soldiers from both sides fighting on the European battlefield in both world wars sang songs to each other during a ceasefire, let’s just all close up our laptops and call it good until 2022.If, for some reason, these articles have got you wanting to know more about threat intelligence, we’ve got you covered with a no-obligation 7-day test drive of SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) to see how even more intelligence works for you. Also, if you’re an organization with some pretty specific needs or use cases, there’s a chance we’ve got a solution for you, so contact us for a demo.