Blog_Header.jpg

IntSights' Blog

On May 12, 2017, WannaCry ransomware surprised the world and began spreading across hundreds of thousands of computers around the globe. To build the attack, WannaCry’s creators exploited an EternalBlue vulnerability, which was stolen by the Shadow Brokers from the NSA (National Security...

With the cybersecurity threat landscape growing and evolving rapidly, many enterprises and other large organizations are seeking more effective ways to protect themselves and their employees from these threats. Threat intelligence platforms can help you take a more proactive approach to managing...

Last week, Brian Krebs, who runs the popular security blog KrebsOnSecurity, published some interesting research about how employees are posting corporate login credentials within tools that are exposed to web searches. In particular, he looked at Trello.com, a popular collaboration and project...

As cyber attacks continue to grow in size, scope and complexity, organizations across the world are forced to find new ways to protect themselves and mitigate these cyber threats. This has given rise to many Cyber Threat Intelligence (CTI) solutions and services, which all serve the purpose of...

In recent years, DevOps, the culture and practice of automating and monitoring the development life cycle, has enabled delivering software increasingly faster and shortening the time to market. Many companies have transitioned to working in a CI/CD cycle, continuously releasing software on a...

Cyber threat intelligence has become a key component of any cyber security strategy because it provides a new dimension of visibility, monitoring and intelligence gathered from multiple source across the clear, deep and dark web. Many CISO’s consider cyber threat intelligence  to be an essential...

OilRig is an Iranian-linked Advanced Persistent Threat (APT) group, which also goes by the names of Cobalt Gypsy, Twisted Kitten and Crambus. The group was identified in 2015 and is believed to be linked to the Iranian Intelligence agency and the Islamic Revolutionary Guard Corps (IRGC). At...

Origin country: Russia

IntSights Cyber Intelligence Guides RSAC 2018 Attendees Through Dark Web Tour

Origin country: UnknownOther names: “TSB”, “TheShadowBrokers”First seen: 2016Famous attacks: “Attack on Equation group – NSA”TTP’s: Data Leakage, Vulnerability Exploit

Origin country: North KoreaOther Names: Hidden CobraRelated Subgroups: "Bluenoroff", "Andariel"First Seen: 20017Famous attacks: "Bangladesh SWIFT attack" "Taiwan Heist" "WannaCry Ransomware" TTP's: Back Door, Malware, DDoS, Trojan, Vulnerability Exploit, Data Leakage, Exploit Kit 

IntSight’s “CRT” researchers have discovered evidence that suggests a global phishing attack is being planned against “Minecraft” users.  At the time of this blog’s posting, it is not known who is planning the attack. Evidence of an attack in the planning stages consists of a list of 268 email...

Just this past week, news surfaced about Russian hacking group, Fancy Bear, targeting defense contractors’ personal email accounts to steal secrets on some of the most forward-leaning, advanced U.S. technologies.

[Reader’s Note:] This is the fourth and final installment in a series of blog posts describing a four-step process for using open source threat intelligence (OSINT) to create effective defenses against nation-state attackers. Check out Part One, Part Two or Part Three of the series if you missed...