Unveiling TITAN AI: A New Era of Threat-Informed Third-Party Risk Management
Request a demo Get started for free

Resources

Cybersecurity white papers, data sheets, webinars, videos and more

Resource Library

Clear filters

The Increase in Ransomware Attacks on Local Governments

January 8, 2024

The Increase in Ransomware Attacks on Local Governments
What makes organizations in the public sector vulnerable to ransomware?
Public Sector
STRIKE Team
Third-Party Data Breaches in the Energy Sector

January 8, 2024

Third-Party Data Breaches in the Energy Sector
Learn more in this resource.
School District Attack Illustrates Ongoing Threat of Ransomware to Public Education

January 8, 2024

School District Attack Illustrates Ongoing Threat of Ransomware to Public Education
Interested in reading the report later? Download it. Download Now Executive Summary After a large U.S. school district recently announced that it had suffered a ransomware attack, SecurityScorecard consulted in-house data and strategic partnership sources to enrich the public reporting on the incident. Many of… Read More
Public Sector
A detailed analysis of the Menorah malware used by APT34

January 8, 2024

A detailed analysis of the Menorah malware used by APT34
Executive summary Menorah malware was used by the APT34 group, which targeted organizations in the Middle East and was discovered by Trend Micro in August this year. The malware creates a mutex to ensure that only one copy is running at a single time. It extracts the hostname and… Read More
Cyber Risk Intelligence Update: Hacktivist Involvement in Israel-Hamas War Reflects Possible Shift in Threat Actor Focus

January 8, 2024

Cyber Risk Intelligence Update: Hacktivist Involvement in Israel-Hamas War Reflects Possible Shift in Threat Actor Focus
The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has continued its monitoring of threat actors involved in the war between Israel and Hamas and has integrated this monitoring into its ongoing deep and dark web (DDW) collections. Key takeaways Analysis of these collections appears, as of… Read More
A Deep Dive Into ALPHV/BlackCat Ransomware

January 8, 2024

A Deep Dive Into ALPHV/BlackCat Ransomware
Executive summary ALPHV/BlackCat is the first widely known ransomware written in Rust. The malware must run with an access token consisting of a 32-byte value (–access-token parameter), and other parameters can be specified. The ransomware comes with an encrypted configuration that contains a list of services/processes to be stopped,… Read More
STRIKE Team
Brute Force Attempts May Have Preceded Ransomware Attack on School District

January 7, 2024

Brute Force Attempts May Have Preceded Ransomware Attack on School District
Executive Summary: Vice Society Ransomware Group Attack Following reports that an attack by the Vice Society ransomware group was responsible for disrupting a US school district’s operations, SecurityScorecard researchers reviewed available data from internal sources and strategic partnerships. SecurityScorecard’s platform revealed that the school district suffered from issues that our… Read More
Public Sector
STRIKE Team
Cyber Threat Intelligence Update: New Claims of Attacks Against Israeli SCADA Systems

December 14, 2023

Cyber Threat Intelligence Update: New Claims of Attacks Against Israeli SCADA Systems
Executive Summary SecurityScorecard’s ongoing collections from hacktivist channels involved in cyber activity provoked by the conflict in Gaza highlight the international scope of the conflict, with hacktivist groups in Indonesia and Malaysia claiming attacks against organizations in Israel and allied states. As in the other channels SecurityScorecard analyzed… Read More
Cyber Risk Intelligence: SecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs

December 14, 2023

Cyber Risk Intelligence: SecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs
Executive Summary On July 11th, 2023, Microsoft disclosed that a threat actor had obtained a Microsoft private encryption key that allowed attackers to generate tokens enabling access to customers’ Exchange Online and Outlook[.]com accounts. Subsequent research found that the compromised key could have granted access to a wider… Read More
Japan’s Nikkei 225 Index: The State of Cybersecurity in Japan

December 12, 2023

Japan’s Nikkei 225 Index: The State of Cybersecurity in Japan
This research presents an analysis of the cybersecurity landscape of the Nikkei 225 index. Companies were ranked based on various factors, such as network security, potential malware exploits, and patching cadence.
Cyber Threat Intelligence
Security Ratings
Cyber Risk Intelligence: Idaho National Laboratory Data Breach

December 5, 2023

Cyber Risk Intelligence: Idaho National Laboratory Data Breach
On November 20, a spokesperson for Idaho National Laboratory (INL) confirmed that it had suffered a data breach. The confirmation followed the SiegedSec threat actor group’s circulation of claims that it had “accessed hundreds of thousands of user, employee and citizen data” on social media and hacking forums.
Public Sector
Energy Sector Cybersecurity Report: Navigating Third-Party Cyber Risk

December 5, 2023

Energy Sector Cybersecurity Report: Navigating Third-Party Cyber Risk
SecurityScorecard threat researchers have identified that 90% of the world’s largest energy companies experienced a third party breach in the past 12 months. Fueling the global economy and daily life, reliance on the energy sector elevates it as a prime target for cyberattacks.
Cyber Threat Intelligence
Cyber Risk Intelligence: Iran-Linked Attack on U.S. Water Treatment Facility

December 4, 2023

Cyber Risk Intelligence: Iran-Linked Attack on U.S. Water Treatment Facility
On November 25, a U.S. municipal water authority confirmed that one of its booster stations had suffered an attack by a threat actor group known as CyberAv3ngers, which analysts believe acts in support of Iranian geopolitical interests.
Public Sector
Cyber Risk Intelligence: Exploitation of CVE-2023-47246

November 17, 2023

Cyber Risk Intelligence: Exploitation of CVE-2023-47246
Executive Summary On November 8, SysAid disclosed that the Cl0p ransomware group had exploited a previously unknown vulnerability, now tracked as CVE-2023-47246, in SysAid’s on-premise IT Service Management (ITSM) software. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team consulted SecurityScorecard’s Attack Surface Intelligence data and a… Read More
A Deep Dive into Cactus Ransomware

October 20, 2023

A Deep Dive into Cactus Ransomware
Executive summary Cactus ransomware was discovered in March 2023. The malware creates a mutex called “b4kr-xr7h-qcps-omu3cAcTuS” to ensure that only one copy is running at a time. Persistence is achieved by creating a scheduled task named “Updates Check Task”. The ransomware requires an AES key to decrypt the encrypted public… Read More
New Deep and Dark Web Collections Regarding the Israel-Hamas War

October 20, 2023

New Deep and Dark Web Collections Regarding the Israel-Hamas War
Executive Summary With the outbreak of the ongoing war between Israel and Hamas, SecurityScorecard rapidly expanded its deep and dark web (DDW) collections to include messaging channels affiliated with Hamas and other militant groups. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team combined automated analysis of these collections… Read More
Cyber Risk Intelligence: Cyber Activity, Israeli Industrial Control Systems, and the Israel-Hamas War

October 16, 2023

Cyber Risk Intelligence: Cyber Activity, Israeli Industrial Control Systems, and the Israel-Hamas War
Executive Summary Following the outbreak of war between Israel and Hamas on October 7, 2023, a wide variety of threat actors began claiming responsibility for cyberattacks against entities linked to both sides of the conflict. Thus far, the attacks claimed by hacktivist groups have been relatively weak in both… Read More
Cyber Threat Intelligence
Attack Surface Intelligence Identifies Additional Cuba Ransomware-Linked Indicators of Compromise

September 28, 2023

Attack Surface Intelligence Identifies Additional Cuba Ransomware-Linked Indicators of Compromise
Executive Summary Following the publication of a report regarding the Cuba ransomware group’s recent activities, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team leveraged SecurityScorecard’s unique data to enrich the indicators of compromise (IoCs) linked to this activity. STRIKE Team researchers identified additional IoCs not explicitly linked… Read More
A Detailed Analysis of the Money Message Ransomware

September 14, 2023

A Detailed Analysis of the Money Message Ransomware
Learn more in this resource.
SecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs

August 16, 2023

SecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs
On July 11th, 2023, Microsoftdisclosed that a threat actor hadobtained a Microsoft private encryption key that allowed attackersto generate tokens enabling accessto customers’ Exchange Online andOutlook[.]com accounts.Subsequent research found that thecompromised key could have grantedaccess to a wider variety of applications including Azure Active Directory,SharePoint, Teams, and OneDrive.
A technical analysis of the Underground ransomware deployed by Storm-0978

August 14, 2023

A technical analysis of the Underground ransomware deployed by Storm-0978
Executive summary The Underground ransomware is the successor of the Industrial Spy ransomware and was deployed by a threat actor called Storm-0978. The malware stops a target service, deletes the Volume Shadow Copies, and clears all Windows event logs. The files are encrypted using the 3DES algorithm, with the… Read More