Cybersecurity white papers, data sheets, webinars, videos and more

October 12, 2023

SecurityScorecard Cybersecurity Data Incorporated into S&P Global Market Intelligence’s Newly Launched Supplier Risk Indicator™

Harnessing Metrics to Minimize Supply Chain Risk The world around us is often a reflection of who we are and what we value. The same can be said for businesses. It’s no longer enough to be resilient, trustworthy, and secure your own organization; the companies you do business… Read More

Services

September 28, 2023

Qualitative vs. Quantitative Cybersecurity Risk Assessment: What’s the Difference?

Risk mitigation is at the heart of cybersecurity. By connecting to the Internet, implementing upgraded IT systems, or adding a new vendor to your organization, you are automatically exposing your business to some level of cyber risk. With outsourcing on the rise and a growing reliance on vendors who are… Read More

Tech Center

September 20, 2023

What is the Cost of Cyber Liability Insurance?

In today’s digital age, where businesses rely heavily on technology and data, the risk of cyberattacks and data breaches has become a constant concern. These incidents can lead to significant financial losses, damage to a company’s reputation, and even legal liabilities. To mitigate these risks, many businesses turn to cyber liability insurance. But… Read More

Cyber Insurance

Executive Viewpoint

Tech Center

September 12, 2023

Using a Standardized Approach for Measuring Cybersecurity in Government

Last week at the annual Billington CyberSecurity Summit in Washington, DC, officials from government agencies gathered with industry leaders to discuss cyber threats, as well as geopolitics and issues of national security. One of the highlights was a fireside chat on Friday with Anne Neuberger, deputy national security adviser for… Read More

Public Sector

August 15, 2023

6 Myths About Cybersecurity Ratings (and 1 Truth): The Current State Of The Cybersecurity Ratings Industry And Where It Can Improve

Today, electricity is so ubiquitous that it’s difficult to perform even basic tasks without it. But when electricity was first introduced, it took decades for broad acceptance and adoption because it was misunderstood and misused. Slowly, the benefits began to outweigh the cons. As with any innovation, there are setbacks,… Read More

Security Ratings

July 12, 2023

What is Cyber Threat Hunting?

Cyber threat hunting is a proactive security strategy that involves searching for threats within a network before they can cause significant damage. Unlike traditional methods, which are reactive and wait for an alert before taking action, threat hunters seek to actively identify and mitigate hidden threats that have… Read More

Cyber Threat Intelligence

Tech Center

June 20, 2023

SecurityScorecard Identifies Infrastructure Linked to Widespread MOVEit Vulnerability Exploitation

Executive Summary Following our initial efforts to identify detections and mitigations for the new vulnerability affecting the MOVEit file transfer service, SecurityScorecard has continued investigating the potential impacts of the exploit and identified a population of MOVEit servers that threat actors likely compromised. Our continued investigation revealed the presence of the… Read More

Cyber Threat Intelligence

June 7, 2023

Three Steps to Prevent a Cybersecurity Breach from MOVEit Exploit: SecurityScorecard’s investigation into Zellis reach uncovers 2,500 exposed MOVEit servers across 790 organizations

We will update this post as we continue to learn more. Refresh the page to make sure you have the most current version Executive Summary The recent breach at Zellis, a popular payroll provider, serves as a wake-up call for enterprises to prioritize comprehensive third-party risk management. SecurityScorecard leveraged… Read More

Cyber Threat Intelligence

April 14, 2023

Prepare for Zero-Day Threats: Military and Private Sector Leaders Share Their Insights

Preparing for zero-day threats within your organization and within your supply chain can be difficult. Leading cybersecurity experts Major General John F. Wharton, (US Army retired); Oleg Strizhak, Shell’s Digital Supply Chain Risk Manager; and Sam Curry, the CISO of Zscaler, recently sat down with… Read More

Cyber Threat Intelligence

Public Sector

April 12, 2023

7 Factors that Drive Cyber Risk: New Research from Marsh McLennan and SecurityScorecard

The expanding attack surface of an increasingly interconnected digital world comes with a high degree of risk due to ransomware, phishing attempts, supply chain attacks, data breaches, and other cyber incidents. And while many organizations recognize the need for cyber insurance, a recent Forrester Research report found that only 55%… Read More

Cyber Insurance

April 4, 2023

6 Ways To Use SecurityScorecard APIs and Integrations

Optimize your security workflows and deliver intelligence everywhere you work with the largest ecosystem of integrated technology partners in cyber risk ratings. SecurityScorecard provides Application Programming Interface (API) access for all our data allowing you to get more contextual security insights, app integrations, and detailed information about your current or… Read More

Security Ratings

February 7, 2023

SecurityScorecard releases list of Killnet open proxy IP addresses

In the wake of Killnet’s latest DDoS attack on U.S. hospitals on January 30, SecurityScorecard has made its KillNet open proxy IP blocklist available to the public. This list is the product of the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team’s ongoing research into KillNet. We released this list… Read More

Cyber Threat Intelligence

February 1, 2023

Close Encounters of the Third- (and Fourth-) Party Kind: The Blog

With organizations becoming increasingly digitally connected, a lack of visibility into their vendors’ security diligence has made exploiting these relationships a go-to tactic for cybercriminals. So, what can organizations do to minimize risk stemming from their business ecosystems? New research from SecurityScorecard, the global leader in cybersecurity… Read More

Supply Chain Cyber Risk

October 6, 2022

What is Cyber Risk Quantification? A Comprehensive Guide

As cybercriminals discover new ways to expand the threat landscape, cyber security professionals need to be able to predict their next move and stay ahead of evolving cyber threats. But in order to do so, businesses must be aware of their vulnerabilities, have a clear view of their cybersecurity… Read More

Cyber Insurance

Executive Viewpoint

Tech Center

September 28, 2022

SecurityScorecard Partners with JCDC to Democratize Continuous Monitoring and Cybersecurity Risk Management

Cybersecurity is a team sport, and SecurityScorecard is proud to partner with the Joint Cyber Defense Collaborative (JCDC) to share cyber threat information in defense of public and private critical infrastructure. Established in August 2021 by the Cybersecurity and Infrastructure Security Agency’s (CISA) Director Jen Easterly, JCDC recently celebrated… Read More

Public Sector

September 2, 2022

TTPs Associated With a New Version of the BlackCat Ransomware

Executive summary The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an… Read More

Cyber Threat Intelligence

STRIKE Team

August 31, 2022

Analysis of APT35 infrastructure reveals interest in Egyptian Shipping Companies

Executive Summary SecurityScorecard has identified domains resolving to Iran-linked Advanced Persistent Threat (APT) infrastructure, likely to be used to support phishing campaigns against Egypt-based shipping and marine services companies. In at least three instances, Iran-linked APT actors may have gained unauthorized access to the DNS configuration of legitimate domains to… Read More

STRIKE Team

August 2, 2022

Was the Explosion at Freeport LNG a Result of a Russian Cyber Attack?

Executive Summary On June 8, an explosion–which some commentators hypothesized was the result of a Russian cyber attack–took place at Freeport LNG’s liquefied natural gas (LNG) export facility in Quintana, Texas. SecurityScorecard’s platform revealed a number of vulnerabilities an attacker could have exploited. SecurityScorecard researchers observed some traffic involving Freeport… Read More

STRIKE Team

July 22, 2022

New: SecurityScorecard Extension for Chrome

Note: On August 27th, 2025, we removed the SecurityScorecard Chrome Extension from the Chrome Web Store as part of our continuous effort to streamline our platform and offer the best experience. This extension no longer fits with our platform access model. You can access the same functionality within the… Read More

Security Ratings

June 22, 2022

What is Vendor Tiering? Tips to Improve Your Vendor Risk Management

Over the last few years, supply chain attacks have increased in number and sophistication. As companies accelerate their digital transformation strategies, managing third and fourth-party risk and a complete look into their security posture becomes more important to securing data and meeting mission-critical compliance requirements. According to one survey, … Read More

Tech Center

May 25, 2022

KillNet Utilizes CC-Attack: A Quick & Dirty DDoS Method

Executive Summary SecurityScorecard Threat Research & Intelligence analysis of a publicly available attack script known as CC-Attack, leveraged in the recent DDoS campaigns by KillNet, reveals the script automates the process of using open proxy servers to relay attacks. These proxy servers help to preserve the anonymity of… Read More

Cyber Threat Intelligence

STRIKE Team