Solutions
Go Back

Make Security Possible

Reduce Alert Noise and False Positives

Boost your team's productivity by cutting down alert noise and false positives.

Automate Security Operations

Boost efficiency, reduce burnout, and better manage risk through automation.

Dark Web Monitoring

Online protection tuned to the need of your business.

Maximize Existing Security Investments

Improve efficiencies from existing investments in security tools.

Beyond MDR

Move your security operations beyond the limitations of MDR.

Secure with Microsoft 365 E5

Boost the power of Microsoft 365 E5 security.

Force-Multiply Your Security Operations

Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore Our Solutions
Security Operations Platform
Go Back

The GreyMatter Platform

Detection Investigation Response

Modernize Detection, Investigation, Response with a Security Operations Platform.

Threat Hunting

Locate and eliminate lurking threats with ReliaQuest GreyMatter

Threat Intelligence

Find cyber threats that have evaded your defenses.

Model Index

Security metrics to manage and improve security operations.

Breach and Attack Simulation

GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.

Digital Risk Protection

Continuous monitoring of open, deep, and dark web sources to identify threats.

Phishing Analyzer

GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.

Unify and Optimize Your Security Operations

ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Explore the GreyMatter Platform
Resources
Go Back

Resources

Blog

Company Blog

Case Studies

Brands of the world trust ReliaQuest to achieve their security goals.

Data Sheets

Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.

eBooks

The latest security trends and perspectives to help inform your security operations.

Industry Guides and Reports

The latest security research and industry reports.

Podcasts

Catch to the latest cybersecurity perspectives, tutorials and industry discussions with various guest speakers.

Solution Briefs

A deep dive on how ReliaQuest GreyMatter addresses security challenges.

Threat Advisories

The latest threat research report from ReliaQuest Photons research team.

Upcoming & On-Demand Webinars

Upcoming and on-demand webinars addressing the latest challenges and solutions security analysts must know.

White Papers

The latest white papers focused on security operations strategy, technology & insight.

Videos

Current and future SOC trends presented by our security experts.

ReliaQuest Resource
Center

From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Resource Center
Company
Go Back

Company

About ReliaQuest

We bring our best attitude, energy and effort to everything we do, every day, to make security possible.

Executive Leadership

Security is a team sport.

Careers

Join our world-class team.

Press and Media Coverage

ReliaQuest newsroom covering the latest press release and media coverage.

Become a Channel Partner

When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.

Contact Us

How can we help you?

A Mindset Like No Other in the Industry

Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Search
Go Back

Generic selectors

Exact matches only

Exact matches only

Search in title

Search in title

Search in content

Search in content

Search in excerpt

Post Type Selectors
Hidden

Hidden

Hidden

Hidden

Back to blog

Shadow Talk Update – 06.04.2018

admin 4 June 2018

Threat Intelligence

In this week’s Shadow Talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998 the L0pht members delivered a cybersecurity hearing to the United States Senate, warning that any one person in their group could take down the Internet within 30 minutes. 20 years on, we look back on what has and hasn’t changed in the world of information security. In Part II, the team covers recent reporting on the use of military-style tactics such as war gaming and intelligence fusion centers in the financial services industry. We ask whether such tactics are effective, and whether smaller organizations can also employ the techniques being used by some of the world’s largest enterprises.

BackSwap malware switches bank transfer recipient

BackSwap deployed browser manipulation techniques against Microsoft Windows-operating machines to target Polish online banking users. The malware was delivered in spam campaigns with the “Nemucod” downloader attached, simulating modified legitimate applications. Once installed, the malware used innovative techniques to identify user browsing information and specific banking transfers by using event hooks in the Windows message loop. A malicious JavaScript file was then injected into the URL address field, then swapped intended transfer recipient details for those of attacker-controlled accounts. The technique works across multiple browsers, and bypasses browser protection mechanisms. The campaign remains active, and BackSwap’s methods will likely be adapted by other banking malware developers.

Canadian banks’ customer data allegedly stolen

In two instances that are likely linked, threat actors reportedly informed the Bank of Montreal and Canadian Imperial Bank of Commerce subsidiary Simplii that they had obtained customer data through an undisclosed method. The legitimacy of the claims could not be independently verified, but statements from the affected banks suggested that the attackers had obtained credible data for up to 90,000 individuals. Some media outlets reportedly received notice of extortion demands against the financial institutions, although the banks did not confirm receiving such demands and they may have been sent to the press by an unrelated, opportunistic threat actor. At the time of writing, any information on TTPs used in any associated breach is unknown, as is the date of any breach that may have occurred.

Chilean bank services disrupted by virus

Banco de Chile confirmed that an undisclosed virus had affected the bank’s networks on 24 May 2018. Reportedly, malware had infected workstations and other assets, thereby disrupting branch and telephone services. Social media posts, apparently made by Banco de Chile customers, also indicated service interruptions to Web platforms, and possible social engineering activity, such as phishing scams. However, the bank stated that customer accounts and transaction security had not been compromised. There have been no details of any TTPs reported, but, given Banco de Chile’s statements, the malware appeared to be disruptive, and could have been used to obscure other malicious activity. It is highly likely that more reporting will emerge in the short to medium term (one week to three months).

US-CERT reveals current Lazarus Group activity

The United States Computer Emergency Readiness Team (US-CERT) released an advisory detailing “HIDDEN COBRA” (aka Lazarus Group) malware that has reportedly been used since 2009. The advisory described “Joanap” (a backdoor trojan) and “Brambul” (a Server Message Block worm), which have been previously associated with the same threat group. US-CERT also highlighted new and ongoing activity associated with the group, including targeted sectors and geographies.