Cybersecurity white papers, data sheets, webinars, videos and more

June 7, 2023

Three Steps to Prevent a Cybersecurity Breach from MOVEit Exploit: SecurityScorecard’s investigation into Zellis reach uncovers 2,500 exposed MOVEit servers across 790 organizations

We will update this post as we continue to learn more. Refresh the page to make sure you have the most current version Executive Summary The recent breach at Zellis, a popular payroll provider, serves as a wake-up call for enterprises to prioritize comprehensive third-party risk management. SecurityScorecard leveraged… Read More

Cyber Threat Intelligence

April 14, 2023

Prepare for Zero-Day Threats: Military and Private Sector Leaders Share Their Insights

Preparing for zero-day threats within your organization and within your supply chain can be difficult. Leading cybersecurity experts Major General John F. Wharton, (US Army retired); Oleg Strizhak, Shell’s Digital Supply Chain Risk Manager; and Sam Curry, the CISO of Zscaler, recently sat down with… Read More

Cyber Threat Intelligence

Public Sector

April 12, 2023

7 Factors that Drive Cyber Risk: New Research from Marsh McLennan and SecurityScorecard

The expanding attack surface of an increasingly interconnected digital world comes with a high degree of risk due to ransomware, phishing attempts, supply chain attacks, data breaches, and other cyber incidents. And while many organizations recognize the need for cyber insurance, a recent Forrester Research report found that only 55%… Read More

Cyber Insurance

April 4, 2023

6 Ways To Use SecurityScorecard APIs and Integrations

Optimize your security workflows and deliver intelligence everywhere you work with the largest ecosystem of integrated technology partners in cyber risk ratings. SecurityScorecard provides Application Programming Interface (API) access for all our data allowing you to get more contextual security insights, app integrations, and detailed information about your current or… Read More

Security Ratings

February 7, 2023

SecurityScorecard releases list of Killnet open proxy IP addresses

In the wake of Killnet’s latest DDoS attack on U.S. hospitals on January 30, SecurityScorecard has made its KillNet open proxy IP blocklist available to the public. This list is the product of the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team’s ongoing research into KillNet. We released this list… Read More

Cyber Threat Intelligence

February 1, 2023

Close Encounters of the Third- (and Fourth-) Party Kind: The Blog

With organizations becoming increasingly digitally connected, a lack of visibility into their vendors’ security diligence has made exploiting these relationships a go-to tactic for cybercriminals. So, what can organizations do to minimize risk stemming from their business ecosystems? New research from SecurityScorecard, the global leader in cybersecurity… Read More

Supply Chain Cyber Risk

October 6, 2022

What is Cyber Risk Quantification? A Comprehensive Guide

As cybercriminals discover new ways to expand the threat landscape, cyber security professionals need to be able to predict their next move and stay ahead of evolving cyber threats. But in order to do so, businesses must be aware of their vulnerabilities, have a clear view of their cybersecurity… Read More

Cyber Insurance

Executive Viewpoint

Tech Center

September 28, 2022

SecurityScorecard Partners with JCDC to Democratize Continuous Monitoring and Cybersecurity Risk Management

Cybersecurity is a team sport, and SecurityScorecard is proud to partner with the Joint Cyber Defense Collaborative (JCDC) to share cyber threat information in defense of public and private critical infrastructure. Established in August 2021 by the Cybersecurity and Infrastructure Security Agency’s (CISA) Director Jen Easterly, JCDC recently celebrated… Read More

Public Sector

September 2, 2022

TTPs Associated With a New Version of the BlackCat Ransomware

Executive summary The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an… Read More

Cyber Threat Intelligence

STRIKE Team

August 31, 2022

Analysis of APT35 infrastructure reveals interest in Egyptian Shipping Companies

Executive Summary SecurityScorecard has identified domains resolving to Iran-linked Advanced Persistent Threat (APT) infrastructure, likely to be used to support phishing campaigns against Egypt-based shipping and marine services companies. In at least three instances, Iran-linked APT actors may have gained unauthorized access to the DNS configuration of legitimate domains to… Read More

STRIKE Team

August 2, 2022

Was the Explosion at Freeport LNG a Result of a Russian Cyber Attack?

Executive Summary On June 8, an explosion–which some commentators hypothesized was the result of a Russian cyber attack–took place at Freeport LNG’s liquefied natural gas (LNG) export facility in Quintana, Texas. SecurityScorecard’s platform revealed a number of vulnerabilities an attacker could have exploited. SecurityScorecard researchers observed some traffic involving Freeport… Read More

STRIKE Team

July 22, 2022

New: SecurityScorecard Extension for Chrome

Note: On August 27th, 2025, we removed the SecurityScorecard Chrome Extension from the Chrome Web Store as part of our continuous effort to streamline our platform and offer the best experience. This extension no longer fits with our platform access model. You can access the same functionality within the… Read More

Security Ratings

June 22, 2022

What is Vendor Tiering? Tips to Improve Your Vendor Risk Management

Over the last few years, supply chain attacks have increased in number and sophistication. As companies accelerate their digital transformation strategies, managing third and fourth-party risk and a complete look into their security posture becomes more important to securing data and meeting mission-critical compliance requirements. According to one survey, … Read More

Tech Center

May 25, 2022

KillNet Utilizes CC-Attack: A Quick & Dirty DDoS Method

Executive Summary SecurityScorecard Threat Research & Intelligence analysis of a publicly available attack script known as CC-Attack, leveraged in the recent DDoS campaigns by KillNet, reveals the script automates the process of using open proxy servers to relay attacks. These proxy servers help to preserve the anonymity of… Read More

Cyber Threat Intelligence

STRIKE Team

March 7, 2022

Understanding the Basics of Cyber Insurance: What You Need to Know

Data breaches and cybercrime are all too common. And in recent years, ransomware attacks have caused many organizations to face hefty extortion payments, legal fees, and reputational damage – not to mention the major headache that comes with each. Cyber insurance has become a powerful tool in the world of… Read More

Cyber Insurance

Executive Viewpoint

Tech Center

December 6, 2021

First-Party vs Third-Party Cyber Insurance: What’s the Difference?

Often it’s not a question of if your business will experience a data breach, but when. Hackers are always looking for new ways to take advantage of weak networks or trick employees into falling prey to their schemes. And if your business operates computer systems or handles sensitive data regularly,… Read More

Cyber Insurance

Executive Viewpoint

Tech Center

May 12, 2021

Integrating Cybersecurity into Business Continuity Planning

Organizations can no longer afford to wait until a threat is identified to start worrying about their cybersecurity risk management program. A cyber attack can cause a major business disruption across departments and severely impact day-to-day operations, both in the short and long term. For this reason, as organizations build… Read More

Tech Center

March 24, 2021

The Ultimate Data Breach Response Plan

In a hyper-connected world, security breaches continue to increase in size and scope. Cybersecurity threats come in various forms, from social engineering to database vulnerability exploitation. With that in mind, potential damages caused by these data breaches… Read More

Services

Tech Center

March 16, 2021

How to Resolve Findings on Your SecurityScorecard Rating

Benjamin Franklin once said, “in this world, nothing is certain except death and taxes.” However, if he were here today, he would likely add cybersecurity risk to that list. Regardless of cybersecurity program maturity or IT infrastructure complexity, every organization faces digital security threats. Managing risk is an… Read More

Security Ratings

March 8, 2021

34 Resources for Employee Cybersecurity Training

Cybersecurity is a team effort. Most people have heard the adage, “there’s no ‘I’ in ‘team’,” but many companies struggle to create a workplace rallying cry when it comes to information security. Every organization has different needs, both from budget and compliance standpoints. Like every other aspect of cybersecurity, no… Read More

Tech Center