Cybersecurity white papers, data sheets, webinars, videos and more

Research

Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education

Following Microsoft’s identification of Flax Typhoon, a new threat actor group believed to conduct espionage on behalf of the People’s Republic of China (PRC), the STRIKE Team used SecurityScorecard’s data to investigate the IoCs Microsoft supplied in its report. This investigation yielded a collection of new IP addresses featuring the same TLS certificates that Microsoft linked to Flax Typhoon.\r\n\r\n

Cyber Threat Intelligence

Public Sector

Research

Daixin Team Ransomware Group Claimed Airline Ransomware Attack

Executive Summary An information security researcher reported on November 20 that the Daixin Team ransomware group had claimed that a recent attack against an airline had resulted in a breach exposing the personal data of all airline employees and five million passengers. Following this report, the SecurityScorecard Threat Research,… Read More

Cyber Threat Intelligence

Public Sector

Research

Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services

Executive Summary A U.S. county government announced on September 11 that a recent cyber incident strongly resembling a ransomware attack had disrupted its online services. SecurityScorecard researchers identified evidence suggesting two possible (and not mutually exclusive) paths by which the threat actors may have accessed county systems: Two… Read More

Cyber Threat Intelligence

Public Sector

Research

Microsoft ProxyNotShell Zero Days

Prepared by: Rob Ames, Staff Threat Researcher, Jared M. Smith, Ph.D., Senior Director of Threat Research, Ryan Sherstobitoff, SVP of Threat Intelligence

メディア掲載

ScanNetSecurity: ISP やクライドプロバイダー向け ～ SecurityScorecard が業種別レーティングサービス提供

通信事業者、インターネットサービスプロバイダー、クラウドプロバイダー向けに開発した業種別セキュリティレーティングサービスを発表した。

Japanese

Press

SecurityScorecard Appoints Tenable Co-Founder as Senior Advisor

SecurityScorecard today announced the appointment of Renaud Deraison, Co-Founder of Tenable and a pioneer of vulnerability management, as Senior Advisor and Chairman of its Corporate Advisory Board.

Blog

Introducing the Cyber Resilience Scorecard: SecurityScorecard Finds Global Cyber Risk and GDP Closely Linked

SecurityScorecard has published the first Cyber Resilience Scorecard, offering leaders and decision-makers a comprehensive and global view of global cyber risk. SecurityScorecard identified a strong correlation between a country’s cyber risk exposure and GDP, which underscores that a nation’s economic prosperity is deeply intertwined with its ability to navigate the complex landscape of cyber threats.

Cyber Threat Intelligence

Press

Davos 2024: Global Cyber Risk and GDP Closely Linked, New SecurityScorecard Research Reveals

SecurityScorecard, a global leader in Security Ratings, released the world’s first Cyber Resilience Scorecard at the World Economic Forum Annual Meeting. The Cyber Resilience Scorecard provides an unprecedented view of global cybersecurity risk, arming leaders with data-driven insights to safeguard the world’s economies.

Research

Cyber Conflict And The Erosion Of Trust: Introducing the Cyber Resilience Scorecard

Our report explores the intricate dynamics between cyber threats, economic resilience, and the vital component of societal trust.

Cyber Threat Intelligence

Research

Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days

The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has identified new infrastructure that appears to be linked to the threat actor group tracked as Volt Typhoon. Volt Typhoon is a state-sponsored group based in China that typically focuses on espionage and information gathering. Approximately 30% of the Cisco RV320/325 devices observed by SecurityScorecard in a 37-day period may have been compromised by Volt Typhoon.

Cyber Threat Intelligence

Ebook

Evolve from Risk Management to Risk Intelligence

Proven Strategies to Drive a Risk Intelligence Program in Your Organization

White Papers

DORA and Cyber Risk: A New Framework for Third-Party Risk in the European Union

DORA is an effort to build resilience within the financial service sector by requiring financial services organizations to establish and monitor networks of trust amongst themselves and their ICT vendors. However, trust requires verification through monitoring and transparency.

Attack Surface Management

Cyber Threat Intelligence

DORA

Research

SecurityScorecard Validation Assessment Summary

Online found SecurityScorecard’s footprinting to be very accurate. Over the course of testing Online evaluated SecurityScorecard’s data for a total of 13 unique, unrelated, and randomly selected domains and found SecurityScorecard’s attribution process to have an accuracy of 95%. The accuracy for positively attributing IP Addresses was found to be 94% while for DNS Records it was found to be 100%.

Blog

Threat Intelligence Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days

The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has been investigating covert infrastructure linked to Volt Typhoon, a state-sponsored threat actor group believed to act on behalf of the People’s Republic of China. The group conducts multiple types of cyberattacks, but its use of compromised small office and home office (SOHO) equipment such as routers and firewalls is a recurring theme.

Cyber Threat Intelligence

Press

Canadian Centre for Cyber Security and SecurityScorecard Establish Partnership to Strengthen Cyber Resilience and Secure Critical Infrastructure

Cyber Centre pioneers real-time visibility of national critical infrastructure using nationwide implementation of security ratings, credit scores of the digital world.

Research

North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel

This SecurityScorecard threat research sheds light on a significant cyber attack attributed to North Koreans tate-sponsored actors known as Andariel, emphasizing the critical role that South Korea plays both as a target and a source of infrastructure for these threat actors.

Cyber Threat Intelligence

Blog

Vendor Risk Management vs Third Party Risk Management vs Enterprise Risk Management: What’s the Difference?

Third-Party, Vendor, and Enterprise Risk Management are often used interchangeably, but they are not always the same. Learn which is right for your business.

Tech Center

Press

SecurityScorecard and Industry Leaders Deliver Industry-Specific Security Ratings for Telecommunications, Internet Service Providers, and Cloud Providers

SecurityScorecard today announced the industry’s first security ratings developed exclusively for telecommunications, internet service providers, and cloud providers. Through close collaboration with industry leaders, SecurityScorecard sets a new standard for cybersecurity across these critical sectors.

Security Ratings

Blog

7 Incident Response Metrics and How to Use Them

A robust incident response plan provides quantitative data. Check out these seven incident response metrics and how to use them.

Tech Center

Press

業界大手企業と共同で通信事業者、インターネットサービスプロバイダー、クラウドプロバイダー向けの業種別セキュリティレーティングを提供

Learn more in this resource.

Japanese

Blog

SecurityScorecard 10 Risk Factors Explained

Trust begins with transparency. Check out SecurityScorecard’s ten risk factors, which are explained in an easy-to-understand manner that enables business and IT leaders to create meaningful conversations around cybersecurity risk and compliance.

Tech Center