“If it ain’t broke, don’t fix it”. As we predicted last year, ransomware has been one of the most successful business models for cybercriminals in the last year, who have made huge sums from extorting thousands of businesses. It’s of little surprise our most read Photon research, Q1 Ransomware Roundup is on this very topic. […]
In recent years, there’s been an industry-wide movement to look more externally to predict, prevent, and adapt to threats. This shift has resulted in increased demand and consumption of cyber threat intelligence, but it’s often challenging to operationalize. Just reading about a malware a threat actor uses or purchasing access to profiles on the specific […]
This year interest in cyber threat intelligence has risen to an all-time high. High profile events such as the Solarwinds Attack or Microsoft Exchange exploit stole headlines and security practitioners. Cyber Threat Intelligence (CTI) is critical to understanding your threat landscape, but it is far too often relegated to browsing the latest intelligence news with […]
It may be April Fool’s Day, but zero-day exploits detected in Microsoft Exchange Servers are no joke. It’s now been four weeks since Microsoft announced threat actors were exploiting four zero-day vulnerabilities, collectively known as the “ProxyLogon” vulnerabilities. At the time, we wrote a blog mapping MITRE ATT&CK to the Microsoft Exchange exploits, but a […]
Note: This blog is a part of our MITRE ATT&CK Mapping series in which we map the latest major threat intelligence incidents to the MITRE ATT&CK framework. You can view similar postings such as Mapping MITRE ATT&CK to the DPRK Financial Crime Indictment, Compromised RDP Sales, or Sandworm’s APT Campaign. On 02 March 2021, Microsoft […]
Note: This blog is a part of our MITRE ATT&CK Mapping series in which we map the latest major threat intelligence incidents to the MITRE ATT&CK framework. You can view similar postings such as Mapping MITRE ATT&CK to Compromised RDP Sales, Sandworm’s APT Campaign, or see our previous mapping of North Korean regime-backed programmers here. […]
Digital Shadows (now ReliaQuest) recently published a free research paper titled Initial Access Brokers: An Excess of Access, outlining the emergence of these murky figures in the ransomware ecosystem. Ransomware operators typically procure hundreds of available accesses to organizations across every vertical from these Initial Access Brokers. Digital Shadows (now ReliaQuest) analyzed more than 500 […]
On Thursday, October 15th, the United States Department of Justice (DoJ) indicted six Russian military officers connected to the SandWorm advanced persistent threat (APT) group, a threat group attributed to Russia’s Main Intelligence Directorate (GRU). The indictment alleged that the men belonged to Military Unit 77445 of the GRU and coordinated a destructive cyber campaign […]
On Monday, February 10th, the United States Department of Justice (DoJ) released a nine-count indictment alleging that four members of China’s People’s Liberation Army (PLA) were responsible for the 2017 intrusion into the credit reporting agency Equifax. Digital Shadows (now ReliaQuest) covered the breach when it happened over several blogs and a podcast, all […]
With the recent news of Qasem Soleimani on Friday 3rd January 2020, many organizations have been reviewing their security posture with an eye to how resilient they are against state-backed attackers such as APT33 and APT34. One of our preferred set of mitigation strategies is the “Essential 8” published by the Australian Signals Directorate […]