For many of us the past year and a half has shifted up all sense of normalcy. Our homes became much more than just a roof over our heads, they became our office, classroom, gym, restaurant and so much more. The piece that made it all work? Your computer. Your computer has given you the ability …
Development teams have no shortage of stress. If you’re a developer, you likely have deadlines constantly looming over you while you also struggle to make changes and updates to existing software. But there are only so many hours in the workday, and you probably have to spend some of those hours attending meetings, answering emails, …
Most of us have heard Apple’s famous phrase of “There’s an app for that” but there could be such a thing as too many apps. Although the intentions behind a plethora of apps may be to manage your day more efficiently they may be working in the exact opposite way for you. All the notifications …
Are All Your Apps Actually Killing Your Productivity? Read More »
With the rapidly evolving world of work and the shift to remote work, many people are making significant changes to their lifestyles to improve their quality of life. What that means to each individual is a unique circumstance, for some, the flexibility of remote work means saving time with no commute, for others, it is …
A Guide to Virtual Onboarding for Employees and Employers Read More »
If you’ve ever tried to track down a message, you know how frustrating it can be. It’s especially challenging if you have more than one email account. You might have logins for work and home, as well as additional accounts that you only occasionally check. It gets even more complicated if your email accounts cross …
Looking Back at 2021 2021 has shaped our lives in so many ways, including how we work and collaborate. ‘Remote first’ reigned supreme while hybrid work surfaced as teams transitioned back to the office. As we reflect on this past year, we couldn’t be more proud of this global community and everything we have accomplished …
Microsoft Office 365 comes with a handy feature. One subscription can be on multiple devices. Through work, you’ll probably have a solo sign-in that you can use on your smartphone and computer, but at home, a family account will get you up to six different accounts to spread across your household. Having all those logins …
By Mark Arena, CEO of Intel 471. Following my previous blog post that compared the incident-centric and actor-centric approaches to cyber threat intelligence, this post will detail a number of ways we can potentially observe our adversary. I’ll preface this post by saying that prioritizing and identifying who the adversary is, their motivations, their intentions …
Cyber Threat Intelligence: Observing the adversary Read More »
By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the security industry mostly appears to take the view that indicators of compromise (IOCs) are the best approach to initiate/drive the intelligence process. If we take a step back and look at traditional intelligence concepts, we will find the following definition …
By Mark Arena, CEO of Intel 471. There are many definitions of what is an intelligence requirement but the definition to me that is most accurate is: “Any subject, general or specific, upon which there is a need for the collection of information, or the production of intelligence.” Ref:http://www.thefreedictionary.com/intelligence+requirement With the above definition I want …
Cyber threat intelligence requirements: What are they,… Read More »
By Mark Arena, CEO of Intel 471. Significant numbers of security and threat intelligence vendors spruik their intelligence or data as being the most actionable but is it? In this post I’ll hope to make the argument that whether intelligence is actionable or not is really up to the consumer of said intelligence, not the …
Actionable intelligence — Is it a capability problem… Read More »
By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the big question that comes to mind when evaluating intelligence or intelligence collection, external from a vendor or internally generated, is whether it is relevant to me and my organization. If you read my previous posts, you would have seen that …
Cyber threat intelligence: Why should I be worried… Read More »
By Mark Arena, CEO of Intel 471. Who hacked the Democratic National Committee? I’ll preface this post by saying that I possess no information on this incident beyond what has been mentioned in open sources. This post is my personal opinion and is based on my experience researching and tracking both state and non-state cyber …
By Mark Arena, CEO of Intel 471. A lot has been said, blogged and marketed on WannaCry ransomware with many pointing fingers at who they think might be behind it. The objective of this blog isn’t to critique, support or disprove any specific hypothesis. The goal is to highlight what it means to be a …
By Mark Arena, CEO of Intel 471. This week’s incident with Petya/NotPetya/GoldenEye/Nyetya/Petrwrap has reignited the debate about how security companies name malware. In my opinion, the security industry’s use of different names for the same thing isn’t good for either customers or the industry at large, and it’s something that could be solved without too …
By Mark Arena, CEO of Intel 471. I recently read an article which claimed the “criminal underworld” was dropping its use of Bitcoin. In the past month, Intel 471 has looked closely at the criminal underground to identify if Bitcoin was still strong in its use and whether there were any up-and-coming cryptocurrencies that were …
No, the criminal underground isn’t dropping its use of… Read More »
By Michael DeBolt, VP of Intelligence of Intel 471. It’s not deep. It’s not dark. It’s not the ominous underside of an iceberg. The deep and dark web, or simply the “underground,” as we like to call it at Intel 471, is an organized ecosystem of products, services and goods consisting of real life suppliers …
Melting the deep and dark web myth and why we hate the… Read More »
By Michael DeBolt, VP of Intelligence of Intel 471. Our industry talks a lot about intelligence requirements. Yet I’ve noticed over the years a lack of practical advice being shared about how to actually work with or implement intelligence requirements as a fundamental component of a cyber threat intelligence (CTI) program. In a future blog, …
Intelligence requirements: Moving from concept to… Read More »
By Michael DeBolt, Vice President of Intelligence. In the last blog, I outlined three key benefits of a requirements-driven intelligence program. We also looked at three challenges that are preventing many programs from moving from concept to practice. If you didn’t read it, here’s the TL;DR version: I promised also to share details of how …
Introducing Intel 471’s Cybercrime Underground General… Read More »
By the Intel 471 Intelligence Analysis team. Our lives continue to be inundated with emails, mobile applications and websites that promise to deliver critical information related to the Coronavirus Disease 2019 (COVID)-19 pandemic threatening millions of people across the globe. Fear surrounding the disease has been exploited by attackers with adverse intentions who have launched …
Malicious actors leverage Coronavirus Disease 2019… Read More »
By the Intel 471 Malware Intelligence team. Background The following write-up is our analysis of an attack attempted against one of our employees this week. At no point was our employee’s system at risk of being compromised. Interestingly, the employee’s email address only had been used in very few instances externally. We are releasing this …
Analysis of an attempted attack against Intel 471 Read More »
By the Intel 471 Malware Intelligence team. Summary REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725. REvil is highly configurable and allows operators to customize the way it behaves …
REvil Ransomware-as-a-Service: An analysis of a… Read More »
By the Intel 471 Malware Intelligence team. One of the more notable relationships in the world of cybercrime is that between Emotet, Ryuk and TrickBot. This loader-ransomware-banker trifecta has wreaked havoc in the business world over the past two years, causing millions of dollars in damages and ransoms paid. Our Malware Intelligence team receives a …
Understanding the relationship between Emotet, Ryuk… Read More »
By the Intel 471 Intelligence team. Cybercriminals’ exploitation of the global Coronavirus Disease 2019 (COVID-19) pandemic (in phishing lures, for example) has been covered widely in the media. But one underreported aspect is how the coronavirus itself is impacting cybercrime actors, their activities and their infrastructure. Our research of the underground marketplace and these actors …
COVID-19 pandemic: Through the eyes of a cybercriminal Read More »
By the Intel 471 Malware Intelligence team. Summary The REvil ransomware-as-a-service (RaaS) operation continues to impact businesses worldwide. The threat actors responsible for developing and maintaining the malware have released an updated ransomware, namely version 2.2. In this short blog post, we will cover the significant changes from the previous version, which we covered in …
Ten articles before and after You need to adjust your patch priorities! Coronavirus having minimal impact on prices, demand,… Iran’s domestic espionage: Lessons from recent data… Flowspec – TA505’s bulletproof hoster of choice Prioritizing “critical” vulnerabilities: A threat… Changes in REvil ransomware version 2.2 COVID-19 pandemic: Through the eyes of a cybercriminal Understanding the relationship …
Some business people might say the security folks don’t understand the dollar impact of taking a system offline. The reality is in business often time is money and quantifying the cost of key systems being taken offline is a real thing. Some security folks might also say that your business folks don’t understand or care …
Coronavirus Disease 2019 (COVID-19) continues to surround our everyday lives and its presence remains a topic of interest and discussion within underground forums. In the earlier days of the pandemic, we took a look at how attackers were leveraging the fear surrounding the disease to launch campaigns such as business email compromise (BEC), phishing and …
Coronavirus having minimal impact on prices, demand,… Read More »
By the Intel 471 Global Research Team. In the last decade, Iran has undergone a quiet revolution. Since the“Green Movement” uprising in 2009, more Iranians have dared to openly oppose their regime. The reasons include accusations of elections tampering, global sanctions, increased inflation, heavy investment of state funds in the nuclear and arming programs, and …
Iran’s domestic espionage: Lessons from recent data… Read More »
By the Intel 471 Intelligence Analysis team. Here at Intel 471 we spend a fair amount of time tracking malicious infrastructure providers. In the world of cybercrime the malicious infrastructure provider, or Bulletproof Hoster (BPH) as they are called in the underground marketplace, is a core enabling service that often gets little attention from threat …