Security operations metrics provide a way to measure progress in improving maturity and communicate the state of your security operations program within your organization. A key metric that many ReliaQuest customers rely on is using the MITRE ATT&CK® framework to measure detection coverage. Started in 2013, MITRE ATT&CK is a publicly accessible knowledge base of […]
It has been five years since the dumpster fire we all remember as WannaCry. WannaCry is self-propagating ransomware that held hundreds of thousands of devices around the world hostage in 2017. While the WannaCry attack was catastrophic, the worm-like ransomware attack also served as a lesson for cybercriminals and network defenders alike. From a cybercriminal’s […]
Learning from past mistakes is a crucial part of every job. Four years after WannaCry’s outbreak, analyzing which weak security practices allowed this ransomware to proliferate is pivotal in trying to avoid similar events in the future. This blog focuses on mapping MITRE ATT&CK to the WannaCry campaign and will discuss some of the key […]
“If it ain’t broke, don’t fix it”. As we predicted last year, ransomware has been one of the most successful business models for cybercriminals in the last year, who have made huge sums from extorting thousands of businesses. It’s of little surprise our most read Photon research, Q1 Ransomware Roundup is on this very topic. […]
In recent years, there’s been an industry-wide movement to look more externally to predict, prevent, and adapt to threats. This shift has resulted in increased demand and consumption of cyber threat intelligence, but it’s often challenging to operationalize. Just reading about a malware a threat actor uses or purchasing access to profiles on the specific […]
This year interest in cyber threat intelligence has risen to an all-time high. High profile events such as the Solarwinds Attack or Microsoft Exchange exploit stole headlines and security practitioners. Cyber Threat Intelligence (CTI) is critical to understanding your threat landscape, but it is far too often relegated to browsing the latest intelligence news with […]
It may be April Fool’s Day, but zero-day exploits detected in Microsoft Exchange Servers are no joke. It’s now been four weeks since Microsoft announced threat actors were exploiting four zero-day vulnerabilities, collectively known as the “ProxyLogon” vulnerabilities. At the time, we wrote a blog mapping MITRE ATT&CK to the Microsoft Exchange exploits, but a […]
This blog outlines what you can expect to read in our newly-released Cyber Threat Intelligence: Solutions Guide and Best Practices. Download a full copy of the guide to learn more about the Intelligence Cycle, free resources, and Digital Shadows (now ReliaQuest)’ approach to CTI. What is Cyber Threat Intelligence? According to Gartner, Cyber Threat Intelligence […]
Note: This blog is a part of our MITRE ATT&CK Mapping series in which we map the latest major threat intelligence incidents to the MITRE ATT&CK framework. You can view similar postings such as Mapping MITRE ATT&CK to the DPRK Financial Crime Indictment, Compromised RDP Sales, or Sandworm’s APT Campaign. On 02 March 2021, Microsoft […]
Note: This blog is a part of our MITRE ATT&CK Mapping series in which we map the latest major threat intelligence incidents to the MITRE ATT&CK framework. You can view similar postings such as Mapping MITRE ATT&CK to Compromised RDP Sales, Sandworm’s APT Campaign, or see our previous mapping of North Korean regime-backed programmers here. […]