A recent indictment revealed how the GRU (Russia’s Military Intelligence agency) used both influence operations and network intrusions to achieve its policy aims. More precisely, the GRU weaponized the use of the network intrusions in its influence operations. The indictment goes into detail about the TTPs (Tactics, Techniques and Procedures) used by the attackers and it is worthwhile to pay careful attention to the adversary tradecraft that was used and how it can be defended against. For this blog we have used the MITRE ATT&CK™ framework as our methodology to play back the findings of the indictment: https://www.digitalshadows.com/blog-and-research/mitre-attck-and-the-mueller-gru-indictment-lessons-for-organizations/
Too Much Information Misconfigured FTP, SMB, Rsync, and S3 Buckets Exposing 1.5 Billion Files
Digital Shadows finds 1.5 billion business and consumer files exposed online – just one month before busine...
Error - something went wrong!
Other content in this Stream
Top Cyber Threats to the Technology Sector
The nature of the services offered by technology companies means they often collect sensitive customer data and supply critical communication infrastructure to their clients.
The Modern Cybercriminal Forum
We took a deep-dive into the cybercriminal underground to investigate the persistence of forums, uncovering several reasons they remain attractive amid appealing alternatives.
Detecting Spoof Domains - Domain Infringement | Case Study
See how one global retailer detected almost 2,000 domains impersonating their brand.
Weekly Intelligence Summary 05 Dec - 12 Dec 2019
“Lazarus Group” has been linked to a new trojanized Mac OS X application, demonstrating the threat group’s preference for employing OS X malware over the past two years.
Digital Risk Protection: Forrester New Wave Report
Digital Shadows Named a "Leader" in 2018 Forrester New Wave for Digital Risk Protection
Tochka Dark Web Market Offline, Market.ms Closes, And Data Leakage Stories
Alex, Harrison, Kacey, and Charles chat this week on some dark web and cybercriminal updates, data leakage stories that have hit the news, plus a GDPR story where an ISP was hit with a €9.6...
Threat Intelligence: A Deep Dive
Welcome to our deep dive on threat intelligence: intended to help security professionals embarking on creating and building a ...
Forums are Forever – Part 1: Cybercrime Never Dies
The survival of the cybercriminal forum in the face of new, more secure technologies and constant pressure from law enforcement does not come as a surprise to researchers at Digital Shadows.
Forums are Forever – Part 2: Shaken, but not Stirred
Part 2 looks at cybercriminal forum users’ resistance to moving away from the forum model.
A Threat Intelligence Analyst’s Guide to Today’s Sources of Bias
This blog seeks to rebalance intelligence tradecraft discussions by highlighting some of the less glamorous everyday sources of bias that are too often overlooked.
A Practical Guide to Reducing Digital Risk
This practical guide provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
Dark Web Marketplace Trends 2019
Our team of researchers recently dug into the different popular dark web marketplaces to understand which marketplaces are gaining the most traction and what is being sold on these cybercriminal platf
Probiv: The missing pieces to a cybercriminal’s puzzle
in the cybercriminal underground, there’s a service (and even a dedicated platform) that enables anyone to obtain sensitive information via insiders: Probiv.
Asset Inventory Management: Difficult But Essential
Asset inventories are one of the most important things to get right. Done correctly, they give you the best insight into your potential attack surface and identify where to focus your efforts.
Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums
We’re all familiar with forums and marketplaces (we use them in our daily lives – think Reddit, eBay, or Amazon, for example), but what exactly is an AVC? What do they look like?
Cybercriminal credit card stores: Is Brian out of the club?
In this blog, we determine whether this targeted attack on BriansClub will impact the wider cybercriminal credit carding landscape, and speculate whether it could galvanize the community to push anoth
SecDevOps: Continued Database Exposures Point to Growing Challenges
Last week, we learned that millions of Ecuadorian’s personal details had been exposed by a misconfigured ElasticSearch database. This is ...
WiFi Security: Dispelling myths of using public networks
In this blog we are going to review where this view of dangerous public WiFi networks came from, how close it comes to reality, and how to actually protect yourself from the real dangers which can occ
Too Much Information: The Sequel | New Research