Research
-
Research
New Deep and Dark Web Collections Regarding the Israel-Hamas War
October 20, 2023More Details -
Research
Cyber Risk Intelligence: Cyber Activity, Israeli Industrial Control Systems, and the Israel-Hamas War
October 16, 2023More DetailsCyber Threat Intelligence -
Research
Attack Surface Intelligence Identifies Additional Cuba Ransomware-Linked Indicators of Compromise
September 28, 2023More Details -
Research
SecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs
August 16, 2023On July 11th, 2023, Microsoftdisclosed that a threat actor hadobtained a Microsoft private encryption key that allowed attackersto generate tokens enabling accessto customers’ Exchange Online andOutlook[.]com accounts.Subsequent research found that thecompromised key could have grantedaccess to a wider variety of applications including Azure Active Directory,SharePoint, Teams, and OneDrive.
More Details -
Research
A technical analysis of the Underground ransomware deployed by Storm-0978
August 14, 2023More Details -
Research
Cybersecurity and Executive (dis)Orders: Cognitive and Systemic Risk in the Boardroom
August 5, 2023This Board Risk Report focuses on what boards of directors can do to understand the nature of cognitive and systemic risk, their impact at the board level, better understand the unique dimensions of cyber risk, and understand emerging principles for modern cybersecurity governance
More Details -
Research
A Technical Analysis Of The Quasar Forked Rat Called Void Rat
July 17, 2023VoidRAT is based on the open-source RAT called Quasar. The malware steals information from web browsers and applications such as FileZilla and WinSCP. It also implements a keylogger functionality that saves and exfiltrates the pressed keys.
More Details -
Research
Android Malware on the Rise – A case study of AhMyth RAT
June 21, 2023The malicious application is based on the open-source Android RAT called AhMyth. The following commands are implemented: taking pictures, exfiltrating phone call logs and phone contacts, stealing files and SMS messages from the phone, tracking the device’s location, recording audio, and sending SMS messages. The network communication with the C2 server is done by switching from HTTP to WebSocket via the Socket.IO library.
More DetailsVlad Pasca
-
Research
Close Encounters in the Finance Sector
May 25, 2023It’s often said that cyber defenses are only as strong as the weakest link, which applies equally to individual organizations and their supply chains. Headlines of breaches stemming from third (and fourth) parties routinely testify to the truth behind the adage. As a result, most finance firms know the risks imposed by these “close encounters” with third and fourth parties. But what can be done about those risks? SecurityScorecard and the Cyentia Institute recently teamed up to analyze data collected on over 230,000 organizations for clues about the underlying conditions exacerbating third- and fourth-party risk. We measured the extent of digital supply chains, investigated the prevalence of security incidents among third- and fourthparty vendors, and explored the effects of that exposure to gain insights on better managing risk.
More Details