As intelligence analysts, our day-to-day is looking at lots of different information and discovering trends or different viewpoints. The research might be for generating a product such as a blog or a client request-for-information, or maybe it’s a pet project to investigate further over time, or perhaps the research sits in a long-forgotten folder as there just wasn’t enough data to lead to an interesting conclusion. It may even just be us nerding out about the intelligence cycle. Sometimes the tip-off on activity comes via your own resources. Still, there are times when other researchers or even journalists have the fastest and best access to critical information.
At Digital Shadows (now ReliaQuest), in addition to our own data collection, we’re constantly scouring the internet for various blogs and news articles to drive intelligence updates that help us and our clients stay ahead of the latest threats and trends. We usually come across blogs and articles that get us excited and thinking. Usually, these blogs have a “back-to-basics” theme related to security or intelligence or give us a different perspective about a particular event. However, given all of the recent news about ransomware attacks, we’re steering away from that for sanity’s sake to talk about the articles that probably flew under the radar. These writers have valuable information and informative writing to give us all something to consider. Or, to paraphrase an old C+C Music Factory song from the mid-’90s, these are the blogs that make you go “Hmmmmm…”
1. Cyber Self-Defense Is Not Complicated
Anomali’s AJ Nash wrote a piece about how we need to think about our own self-reliance and self-defense regarding security. Sometimes the security tools don’t catch everything, and users genuinely are the last line of defense–and sometimes even the first and only defense.
“…There is no reason you should not be the protector of your information.” (Anomali)
With so much news revolving around some very public and extensive ransomware attacks lately, I know there have been lots of questions lately about cybersecurity between me and other friends and colleagues in the industry. Much of it is probably due in part to all of the press it’s receiving.
AJ does an excellent job for end-users by describing the various threats, putting them into easy-to-digest terms, and discussing various applications, techniques, and other technologies that can help mitigate user and enterprise security risk. My favorite takeaway line from AJ is, “with all the free tools offered and all the techniques to put into action, there is no reason you should not be the protector of your information.”
We wholeheartedly agree, AJ, especially in past blogs we’ve written about making better passwords and keeping your PII safe. Also, for visual data geeks like me, this article includes a helpful graphic that explains why passwords should be complicated and why lengthy passwords do matter. It boils down to whether you would like an attacker to spend 30 seconds cracking your passwords or 30 million years. We prefer the latter option.
Read it here.
2. Domain Blooms: Identifying Domain Name Themes Targeted By Threat Actors
John Conwell and Tim Helming over at DomainTools did all of us in threat intelligence an absolute service by diving into a phenomenon that many of us have tried to understand since the start of the pandemic last year. Essentially, trying to figure out how various scammers and threat actors were attempting to weaponize the COVID pandemic, especially in relation to malicious websites and domains. We saw it happening daily in a previous life, but trying to attribute it and track it in a formulaic way was tough. Having it make sense to customers and being somewhat actionable and predictive was also a challenge.
“Mapping out the online response to different world events is the first step in being able to identify what themes threat actors are targeting…” (DomainTools)
Well, these guys just blew the doors off the phenomenon while also blowing my mind. The article addresses “domain blooms,” which often result after a major world event. In the wake of a significant event, such as the outbreak of COVID, attackers latch on to specific phrasing or words more than others due to more frequent use and turn that against the general public. They may also use a type of algorithm that generates different permutations to give several domains for attackers to exploit. The tricky part is that while these are legitimate domains being registered in many cases, in some cases, they’re speculators trying to make money from parked domains or, more likely, in use to serve a malicious purpose.
The key is understanding where the malicious domains are amidst all the noise of legitimate ones being registered and how an attacker might use them.
Either way, the research is fascinating and adds more context to getting ahead of the campaigns and attackers out there, especially in the future. Pro tip: Beware, there is math in the article, so for those of you who are still wary of equations, you may want to skip that section.
Read it here.
3. Rick Holland Talks Executive Orders
At Digital Shadows (now ReliaQuest), we love when Rick Holland steps to the mic to drop bars because he usually finds a great way to explain strategy and perspective for cybersecurity. These are some of the skills needed to become a pretty good CISO and intel and security professional.
“Think of the EO as a good first step in what I hope will be the last wake-up call in a long line of wake-up calls.” —Rick Holland, CISO at Digital Shadows (now ReliaQuest)
In any case, our fearless leader recently wrote a guest column for SC Magazine that manages to boil down almost 20 pages of Executive Order government-speak into a very readable summary and opinion. In short, Rick applauds the call to action but also worries about whether there will be enough cooperation in government and industry to make all of the concerns and implementations work and whether there will be enough patience and funding to go around to help drive these initiatives. The timing of the EO is fitting, given how much we’re talking about cybersecurity now as a society. Still, Rick also brings up the notion that this should be hopefully the last time we have to do this for a while. Many previous government-led and industry-centered changes helped foster innovation: They helped drive better standards from which we all benefit now. Hopefully, they will continue to get us better at security.
Read it here.
We hope to continue this series so that you can see some gems from the brilliant minds at work on the security problems we’re all facing. If you think you might be facing some challenges with personal information exposed on the web or have concerns about your domains being used maliciously, SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) can help you look at where your risk is with a free demo request.