The Photon Research Team have used the MITRE ATT&CK™ framework to map the tactics, techniques, and procedures detailed in the indictment and provide key lessons for organizations to take away. Additional on the tooling used for the SamSam ransomware attacks are available in the Avoiding the Shakedown section of our “A Tale of Epic Extortions” research report.The Photon Research Team have used the MITRE ATT&CK™ framework to map the tactics, techniques, and procedures detailed in the indictment and provide key lessons for organizations to take away. Additional on the tooling used for the SamSam ransomware attacks are available in the Avoiding the Shakedown section of our “A Tale of Epic Extortions” research report
Blog | The Intelligence Cycle – What Is It Good For?
A walk through the five steps of the intelligence cycle according to Digital Shadows.
Other content in this Stream
Understand threat actors, their behavior, and the assets they target.
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
Weekly Intelligence Summary 10 Oct - 17 Oct 2019
In the spotlight this week is the “Simjacker” exploit, publicly disclosed in September 2019 and now potentially affecting entities across 29 countries.
Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability
Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version of Chopped). Then we dig into the hot topics of the week.
Typosquatting and the 2020 U.S. Presidential election
Photon Research Team thought it would be interesting to use this pool of candidates as a backdrop for research into typosquatted domains
Top Threat Intelligence Podcasts to Add to Your Playlist
Looking for some new threat intelligence podcasts to add to your playlist? Look no further! Our Photon Threat Intelligence Research team shares their top tracks.
Threat Intelligence Time Management and Prioritization: An Interview with Xena Olsen
Rick Holland and Harrison Van Riper interview Xena Olsen in this episode of ShadowTalk. The team focus their discussion on how to get timely, but effective intelligence out the door.
ANU Breach Report: Mapping to Mitre ATT&CK Framework
We decided to map this intrusion to the Mitre ATT&CK framework, as we have done previously for:
The Tyurin Indictment- Mapping To The Mitre ATT&CK™ Framework
Director of Security Engineering, Richard Gold, joins Viktoria Austin in this special episode of ShadowTalk to look at the attacker goals, their TTPs, and map this to the Mitre PRE-ATT&CK and...
Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction
How can the modern network of .onion marketplaces be understood through novels about a cyberpunk dystopia? The answer is in how dark web marketplaces grow and die.
Magecart Five Widens Attack Vectors, Targeting of Airbus Suppliers, & Tortoiseshell Developments
Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the...
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework
When the attacker, Andrei Tyurin, pleaded guilty, we thought we could look at the attacker goals, their TTPs and map this to the Mitre PRE-ATT&CK and ATT&CK framework.
Domain Squatting: The Phisher-man’s Friend
Simon talks about how easy it is to conduct domain squatting and typosquatting, and how little monitoring still goes on around them in the industry.
NCSC Cyber Threat Trends Report: Analysis of Attacks Across UK Industries
The United Kingdom’s National Cyber Security Centre (NCSC) recently released their Incident trends report (October 2018 – April 2019) which ...
Digital Risk Protection and Threat Intelligence: An Overview
Hear from co-founder of Digital Shadows, James Chappell, as he walks through the differences between Digital Risk Protection and Cyber Threat Intelligence. Resources Center: https://resources.digita
Tortoiseshell Targets IT Providers, The Tyurin Indictment, And Emotet’s Return
The team digs into the first story of the week: Tortoiseshell Group (a newly identified threat group) has reportedly conducted some supply chain attack campaigns against 11 IT providers in Saudi Arabi
Dark Web Monitoring: The Good, The Bad, and The Ugly
Gaining access to dark web and deep web sources can be extremely powerful – if you focus on relevant use cases. The most successful strategies we observe have clear requirements, such as fraud detecti
Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise
Data breaches are not slowing down. Nobody expects to be a victim, but the data shows the exponential growth in ...
Singapore Cyber Threat Landscape report (H1 2019)
Despite being the second smallest country in Asia, Singapore is a global financial and economic hub. On top of this, ...
6 Considerations When Purchasing Threat Intelligence