Solutions
Go Back

Make Security Possible

Reduce Alert Noise and False Positives

Boost your team's productivity by cutting down alert noise and false positives.

Automate Security Operations

Boost efficiency, reduce burnout, and better manage risk through automation.

Dark Web Monitoring

Online protection tuned to the need of your business.

Maximize Existing Security Investments

Improve efficiencies from existing investments in security tools.

Beyond MDR

Move your security operations beyond the limitations of MDR.

Secure with Microsoft 365 E5

Boost the power of Microsoft 365 E5 security.

Secure Multi-Cloud Environments

Improve cloud security and overcome complexity across multi-cloud environments.

Secure Mergers and Acquisitions

Control cyber risk for business acquisitions and dispersed business units.

Force-Multiply Your Security Operations

Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore Our Solutions
Security Operations Platform
Go Back

The GreyMatter Platform

Detection Investigation Response

Modernize Detection, Investigation, Response with a Security Operations Platform.

Threat Hunting

Locate and eliminate lurking threats with ReliaQuest GreyMatter

Threat Intelligence

Find cyber threats that have evaded your defenses.

Model Index

Security metrics to manage and improve security operations.

Breach and Attack Simulation

GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.

Digital Risk Protection

Continuous monitoring of open, deep, and dark web sources to identify threats.

Phishing Analyzer

GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.

Unify and Optimize Your Security Operations

ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Explore the GreyMatter Platform
Resources
Go Back

Resources

Blog

Company Blog

Case Studies

Brands of the world trust ReliaQuest to achieve their security goals.

Data Sheets

Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.

eBooks

The latest security trends and perspectives to help inform your security operations.

Industry Guides and Reports

The latest security research and industry reports.

Podcasts

Catch to the latest cybersecurity perspectives, tutorials and industry discussions with various guest speakers.

Solution Briefs

A deep dive on how ReliaQuest GreyMatter addresses security challenges.

Threat Advisories

The latest threat research report from ReliaQuest Photons research team.

Upcoming & On-Demand Webinars

Upcoming and on-demand webinars addressing the latest challenges and solutions security analysts must know.

White Papers

The latest white papers focused on security operations strategy, technology & insight.

Videos

Current and future SOC trends presented by our security experts.

ReliaQuest Resource
Center

From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Resource Center
Company
Go Back

Company

About ReliaQuest

We bring our best attitude, energy and effort to everything we do, every day, to make security possible.

Executive Leadership

Security is a team sport.

Careers

Join our world-class team.

Press and Media Coverage

ReliaQuest newsroom covering the latest press release and media coverage.

Become a Channel Partner

When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.

Contact Us

How can we help you?

A Mindset Like No Other in the Industry

Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Search
Go Back

Generic selectors

Exact matches only

Exact matches only

Search in title

Search in title

Search in content

Search in content

Search in excerpt

Post Type Selectors
Hidden

Hidden

Hidden

Hidden

Back to blog

What We’re Reading This Month: July 2022

Chris Morgan 27 July 2022

Roll up roll up, it’s that time of the month again, where our team of analysts provide the articles and literary pieces that kept them burning the midnight oil. This month we’ve got a report identifying supply chain security risks, methods by which threat actors exploit your psychological biases, and of course, ransomware. Check out these articles below.

Chris: Anchore 2022 Software Supply Chain Security Report

One thing that caught my attention this month was Anchore’s annual report on software supply chains, identifying trends regarding supply-chain attacks. According to Anchore, the proportion of organizations impacted by supply-chain incidents was as high as 62%, a remarkable figure that really demonstrates the massive risk facing businesses in 2022. The report was constructed following responses provided by 428 business executives, with the survey conducted between December 3 and December 22, 2021; the majority of the responses received by Anchore were conducted on or following the Log4 j incident, which also will likely have influenced the scoring.

One issue identified in the report was an increased use of software containers within businesses. The term containers refers to packages of software that contain all of the necessary elements to run in any environment. In this way, containers virtualize the operating system and run anywhere, from a private data center to the public cloud, or even on a developer’s personal laptop. Containers benefit their users with workload portability and overall efficiency. Anchore’s report identified that 88% of respondents planned to increase container use, while 31% of that number planned to increase it significantly.

An area of development that could greatly assist with supply-chain risk, is implementation of software-bill of materials (SBOMs). SBOMs were a key part of President Biden’s Executive Order on improving cybersecurity, which you might remember from May 2021. SBOMs refers to a formal record containing the details and supply chain relationships of various components used in building software. Essentially it enumerates the components within a product, much in the same way you get a list of ingredients in food packaging. Within the survey, Anchor identified that only 18% of respondents had complete SBOMs for all of their applications, which makes it much more difficult to respond to a plethora of threats, including supply-chain attacks and zero-day vulnerabilities. How can you assess your risk, if you don’t know if you use the susceptible component? SBOMs are likely to become much more of a hot topic and commonplace in the future, which was identified by 74% of respondents expecting to increase their use of SBOMs within the next 12 months.

Overall the report was a useful insight in the current landscape of supply-chain risk and how businesses plan to tackle the many problems associated with suppliers. Check out Anchore’s report here.

Fearghal: Gone Phishing—Decision Making Biases and Cyber Attackers

As the cybersecurity of computer systems evolves and advances, one part remains lacking—the human component. In a paper issued on November 2021, authors Chelsea K Johnson, Robert S Guzwiller and Kimbley Ferguson-Walter illuminate how threat actors are mindful of the cognitive biases and heuristics (mental shortcuts) in our decision-making, exploiting them to achieve their goals. One such example is the default effect, which suggests that people will revert to previously made decisions when making a choice in a familiar situation to reduce the amount of mental processing needed.

This can be reflected in users’ choice of passwords, which are often the same as or variants of previous passwords; you might have heard us refer to this problem before. Hackers exploit this tendency to conduct automated credential stuffing, whereby variations of a known password can be mass tested to gain access to accounts where credentials have been reused. The default choice can be influenced by choice architecture—how the options are presented. For example, regarding the creation of a new password, user ID, and password fields can be designed so that they do not allow the user to repeat their default ID or password, in order to reduce the success of credential stuffing.

However, these psychological pitfalls can also be harnessed to obstruct and deter threat actors. Current research has suggested overwhelming malicious actors with distracting information to bolster security; this is known as “honeypotting tarpits”. Through generating appealing, yet falsified, documents and data within a secured network, attackers could be made to sift through large volumes of information which they must subsequently verify. This slows down the decision-making process of attackers, making them more vulnerable to detection and could even be used to misdirect their efforts.

The underlying psychology of this tactic involves the exploitation of the sunk cost fallacy and loss aversion. Costs already spent, in terms of time and effort, are seen as ‘sunk’ and carry less weight than current investments of hacking efforts. Likewise, loss aversion relates to the notion that avoiding losses is preferable to acquiring gains when deciding between the two. An example of this might be an attacker spending too much time in an element of key terrain, such as the domain controller, rather than going through another route. The idea of changing terrains appears costly, particularly as a lot of time and effort has already been spent and a new terrain might be riskier. Ultimately, understanding errors in human decision-making processes is key to the evolution of defensive techniques in cybersecurity. This can inform industrial practice to improve employee decision-making and reduce the effectiveness of cyberattacks.
Check out the report on cognitive bias here and layer 8 tarpits here.

Ivan: Observations on ALPHV

In a new article written by Sophos, the IT security company revealed detailed information about attacks conducted by the “Alphv” (aka “BlackCat”) ransomware group, including their tactics, techniques, and procedures (TTPs); you might also remember our recent blog detailing Alphv. Sophos observed that Alphv has followed a consistent pattern of attacks in the past few months, which consisted of the threat group breaking into victim’s networks by exploiting unpatched or outdated vulnerabilities in virtual private networks (VPNs) and firewall devices.

In two cases observed by Sophos, the Alphv group exploited two vulnerabilities that dated back to 2018, and in another two cases, vulnerabilities from 2021 were exploited. The vulnerabilities allowed the threat actors to obtain VPN credentials from the memory of firewall devices, and then these credentials were used to log in the VPN as an authorized user. The researchers also noted that most targeted VPN accounts did not use multifactor authentication, and in one case the credentials were stolen via a spearphishing email attack.

When inside the network, Sophos reported that the group used remote desktop protocol (RDP) to move laterally between devices and brute-force attacks over the VPN to target Admin accounts. Much of the lateral movement by Alphv was allegedly built into the ransomware executable, allowing it to spread itself to windows machines. The group also used “Brute Ratel” in its attacks, a penetration testing tool that has become a popular alternative to Cobalt Strike for cybercriminals.

This article was very interesting, and it highlights some of the key, but often overlooked, risks we see in security today. Many of the vulnerabilities exploited by Alphv likely had patches available, and accounts targeted did not have two-factor authentication; if you’re getting DeJa’Vu, we’ve talked about the importance of vulnerability intelligence at length before. Patch management and strong password policies that enforce two-factor would also have helped mitigate some of these risks. In addition, password policies should also require users to change password frequently, as leaked credentials can also be used to access VPNs. Other mitigation techniques that would have helped to minimize the effects of Alphv attacks include network segmentation, applying the principle of least privilege, and monitoring of remote-access tools that are often used or abused by threat actors.

Since the release of Alphv, the group has posted more than 140 victims to its data-leak site, and over the past two quarters (Q1 and Q2 2022), Alphv has been one of the top 4 most active ransomware groups. With the recent closure of large groups like “Conti”, it is likely that Alphv will rise to become one of the top ransomware groups active today, which could result in the group attracting many more skilled affiliates. Alphv highlights that many common attack vectors still remain highly effective and regular security best practices can go a long way in preventing large cyber attacks like ransomware incidents.

Check out the blog from Sophos here.