Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
Threat Advisories
The latest threat research report from ReliaQuest Threat Research research team.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Where is the year going? It only seems like yesterday that we celebrated the turn of the year, with the end of May also coming up fast. With that turn of the month, it is of course time for our team of talented analysts to give an update on what’s caught their attention this month.
So 2022 has not been an ideal year for investors in cryptocurrency, with the market tanking in the last month to levels not seen since 2020. But what is the reason for this? Bank of America’s global crypto and digital asset strategist Alkesh Shah blames this downward trend on rising inflation, interest rate hikes, and geopolitical instability caused by Russia’s invasion of Ukraine.
Much of what I’ve read this month has related to the cryptocurrency—including the recent crash—and its impact on cyber risk. Several times this year we have seen cryptocurrencies targeted by threat actors. In January 2022, Crypto.com lost $30 million from 483 digital wallets by bypassing their Two Factor Authentication. In March 2022, the Ronin Network was breached, losing over $625 million dollars due to an attacker using hacked private keys to make withdrawls. This incidents carried over form several impactful incidents last year. In August 2021, Poly Network had a vulnerability that was exploited and allowed unauthorized executions for multiple transactions that totaled $600 million. Within a month, the Poly Network hacker returned the funds and was in contact with Poly, stating that they were trying to “contribute to the security of the Poly project in my personal style”. While this instance may have ended with no one getting hurt, this is not always the case when threat actors target cryptocurrencies.
So where do we go from here? The market is pretty unstable, and that instability in many ways contributes towards an escalating cyber risk for investors. One step being taken to combat the attacks on cryptocurrency can be found in the 2023 budget proposal from the US Government, which would allocate $52 million to fight ransomware and the misuse of cryptocurrency. This push strengthens the fact that cyber security should be at the forefront of the world of cryptocurrency and decentralised finance (DeFi). Digital Risk monitoring companies will likely play a big role in the mitigation of threats and risk dealing with cryptocurrency.
It has been three months since a Ukrainian cyber security researcher began leaking information about the inner workings of the Conti ransomware group. The “Conti Leaks” exposed chat logs with over 60,000 messages sent between members of ransomware gang as well as source code. Due to this exposure, it was only a matter of time before new techniques or tools emerged from the group. Proofpoint’s recent blog, “This isn’t Optimus Prime’s Bumblebee but it’s Still Transforming” provides a technical overview of a new malware loader associated with Conti, the “Bumblebee”.
In their article, authors Kelsey Merriman and Pim Trouerbach dive into recently tracked campaigns attributed to two initial access broker (IAB) groups; “TA578” and “TA579”. Proofpoint has been tracking both groups for a while and they are known for distributing different malware loaders via email-based campaigns. Malware loaders are malicious programs used to download additional malware onto an infected device. Prior to March, both of these threat groups were primarily distributing “BazarLoader” (aka BazaLaoder) and “IcedID”, but have since switched and began using the Bumblebee loader. TA578 and TA579 have been associated with malware payloads attributed to ransomware campaigns, primarily Conti and Diavol ransomware.
Bumblebee is written in C++ has sophisticated defense evasion techniques such as anti-virtualization. Security tools and sandboxes often use virtual machines (VM) to execute potentially malicious code. Anti-virtualization techniques refer to mechanisms in malware to detect virtual environments so the malware can avoid detonating malicious code. This not only avoids setting off alarms during the attack, but it also makes it harder to analyze the malware.
Proofpoint researcher believe Bumblebee may have replaced BazarLoader due to the timing with Conti Leaks, the disappearance of BazarLoader, and multiple threat groups adopting the tool. Given its association with Conti—who we reported as the second most active ransomware group in Q1 2022 and Q4 2021—its definitely a malware that you should keep on your radar.
Read about it here.
The Dark Web is notorious for being an sinister portion of the internet, reportedly rife with drug vendors, hitmen, and other illicit content. Overarching narratives maintain that the Dark Web serves solely as an online realm for cybercriminals. While these sorts of transactions do occur, there are also less egregious platforms with more benign intentions. Social media networks have been popping up on Tor browsers, many of which having parallels to social media on the clear web. This includes sites with profiles, friend lists, messaging services, and user interaction. It is possible that this transition of social media to the Dark Web is centered around privacy concerns and government attempts to regulate online content. Given the nature of the Dark Web, multiple social media networks are still littered with group chats and pages dedicated to the distribution of illegal services and content.
One of the main parallels of social media on the dark web is mirrored platforms. These social media networks recreate popular platforms such as Facebook and Twitter and provide identical functionality. These platforms go one step further and extend what already exists by centering their attention on security. After the last few years of stories being released about data breaches, selling private information, and more, security and users’ privacy are becoming increasingly important. For example, Facebook onion, which lives on the Dark Web, functions precisely the same as the clear web version, without keeping logs.
As expected by the Dark Web, it is not all for the greater good. With these platforms being mostly unmoderated, the distribution of illegal content becomes widespread. Distribution of illicit pornography, credit card details, and videos showing extreme violence can easily be viewed with just a couple of clicks.
Dark socials can be hard to generalize as users often initiate sites’ trends. Socials such as the now inactive ‘Connect’ promoted free speech surrounding antifascism and antisexism to counter societal hierarchies. Other sites keep up with trends by selling fake COVID-19 passports or vaccines online. The anonymity of the dark web inherently supports the functioning of dark socials as cybercriminals and activists can escape to a community much like the ones we use with Instagram and Twitter – simply without the risk of identification.
Ultimately Dark Web socials act as a medium between social networking and typical Dark Web content fueled by anonymity and identity protection. The fast-paced nature of the Dark Web has shown us that sites can be taken down in the blink of an eye. Although replacement links are often posted, the information is gone along with user interactions – thus making them hard to monitor. Due to a perceived loss of privacy at the hands of big tech companies and government regulation, Dark Web socials facilitate engaging political discussions – appealing to cybercriminals and activists alike. With the current stigma associated with clear web privacy, emerging platforms may change the way we view the dark web by providing a private, secure environment in which users operate.
This is the stuff analysts love to do: Researching and learning more about the myriad threats out there, and contextualizing them with the world around us. We love all things cyber threat intelligence.
Find out more about the intelligence we provide in SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) with a 7-day test drive, or contact us to schedule a demo to learn more about your use cases and how intelligence might make a difference for you.