Unveiling TITAN AI: A New Era of Threat-Informed Third-Party Risk Management
Request a demo Get started for free

Resources

Cybersecurity white papers, data sheets, webinars, videos and more

Resource Library

Clear filters

A Deep Dive Into Medusa Ransomware

January 11, 2024

A Deep Dive Into Medusa Ransomware
The Increase in Ransomware Attacks on Local Governments

January 8, 2024

The Increase in Ransomware Attacks on Local Governments
Executive Summary of Local Government Ransomware Attacks SecurityScorecard’s threat research team undertook a broad survey of recent developments in ransomware activity affecting the state and local government and education (SLED) sectors. The ALPHV/BlackCat and LockBit 2.0 ransomware groups appear to have been responsible for a notable portion of activity targeting… Read More
Public Sector
STRIKE Team
Third-Party Data Breaches in the Energy Sector

January 8, 2024

Third-Party Data Breaches in the Energy Sector
School District Attack Illustrates Ongoing Threat of Ransomware to Public Education

January 8, 2024

School District Attack Illustrates Ongoing Threat of Ransomware to Public Education
Interested in reading the report later? Download it. Download Now Executive Summary After a large U.S. school district recently announced that it had suffered a ransomware attack, SecurityScorecard consulted in-house data and strategic partnership sources to enrich the public reporting on the incident. Many of… Read More
Public Sector
A detailed analysis of the Menorah malware used by APT34

January 7, 2024

A detailed analysis of the Menorah malware used by APT34
Executive summary Menorah malware was used by the APT34 group, which targeted organizations in the Middle East and was discovered by Trend Micro in August this year. The malware creates a mutex to ensure that only one copy is running at a single time. It extracts the hostname and… Read More
Cyber Risk Intelligence Update: Hacktivist Involvement in Israel-Hamas War Reflects Possible Shift in Threat Actor Focus

January 7, 2024

Cyber Risk Intelligence Update: Hacktivist Involvement in Israel-Hamas War Reflects Possible Shift in Threat Actor Focus
The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has continued its monitoring of threat actors involved in the war between Israel and Hamas and has integrated this monitoring into its ongoing deep and dark web (DDW) collections. Key takeaways Analysis of these collections appears, as of… Read More
A Deep Dive Into ALPHV/BlackCat Ransomware

January 7, 2024

A Deep Dive Into ALPHV/BlackCat Ransomware
Executive summary ALPHV/BlackCat is the first widely known ransomware written in Rust. The malware must run with an access token consisting of a 32-byte value (–access-token parameter), and other parameters can be specified. The ransomware comes with an encrypted configuration that contains a list of services/processes to be stopped,… Read More
STRIKE Team
Brute Force Attempts May Have Preceded Ransomware Attack on School District

January 7, 2024

Brute Force Attempts May Have Preceded Ransomware Attack on School District
Executive Summary: Vice Society Ransomware Group Attack Following reports that an attack by the Vice Society ransomware group was responsible for disrupting a US school district’s operations, SecurityScorecard researchers reviewed available data from internal sources and strategic partnerships. SecurityScorecard’s platform revealed that the school district suffered from issues that our… Read More
Public Sector
STRIKE Team
Cyber Risk Intelligence: Cyber Activity, Israeli Industrial Control Systems, and the Israel-Hamas War

January 5, 2024

Cyber Risk Intelligence: Cyber Activity, Israeli Industrial Control Systems, and the Israel-Hamas War
SECURITYSCORECARD STRIKE THREAT INTELLIGENCE Executive Summary Following the outbreak of war between Israel and Hamas on October 7, 2023, a wide variety of threat actors began claiming responsibility for cyberattacks against entities linked to both sides of the conflict. Thus far, the attacks claimed by hacktivist groups have been… Read More
Cyber Threat Intelligence
KillNet Operations Against U.S. Targets Persist With Attempted Airport Website Attacks

January 5, 2024

KillNet Operations Against U.S. Targets Persist With Attempted Airport Website Attacks
Executive Summary In October, BleepingComputer reported that the websites of several airports were experiencing service disruptions after KillNet announced that it would target airports throughout the U.S. Researchers leveraged NetFlow data to identify traffic that may reflect a DDoS attack by KillNet. By consulting SecurityScorecard’s internal threat intelligence… Read More
Public Sector
Cyber Risk Intelligence: Exploitation of CVE-2023-47246

January 5, 2024

Cyber Risk Intelligence: Exploitation of CVE-2023-47246
Executive Summary On November 8, SysAid disclosed that the Cl0p ransomware group had exploited a previously unknown vulnerability, now tracked as CVE-2023-47246, in SysAid’s on-premise IT Service Management (ITSM) software. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team consulted SecurityScorecard’s Attack Surface Intelligence data and a… Read More
A Deep Dive into Cactus Ransomware

January 5, 2024

A Deep Dive into Cactus Ransomware
Executive summary Cactus ransomware was discovered in March 2023. The malware creates a mutex called “b4kr-xr7h-qcps-omu3cAcTuS” to ensure that only one copy is running at a time. Persistence is achieved by creating a scheduled task named “Updates Check Task”. The ransomware requires an AES key to decrypt the encrypted public… Read More
New Deep and Dark Web Collections Regarding the Israel-Hamas War

January 5, 2024

New Deep and Dark Web Collections Regarding the Israel-Hamas War
Executive Summary With the outbreak of the ongoing war between Israel and Hamas, SecurityScorecard rapidly expanded its deep and dark web (DDW) collections to include messaging channels affiliated with Hamas and other militant groups. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team combined automated analysis of these collections… Read More
Cyentia Fast and Frivolous

January 5, 2024

Cyentia Fast and Frivolous
In many ways, cybersecurity is a race. We race against the actions of malicious adversaries. We race to shore up defenses after the latest headlines of impending cyber doom. We race to fill staffing gaps, streamline processes, and keep up with the latest technologies. We race to assess an ever-growing… Read More
Cyentia Institute and SecurityScorecard Research Report: Close Encounters of the Third (and Fourth) Party Kind

January 5, 2024

Cyentia Institute and SecurityScorecard Research Report: Close Encounters of the Third (and Fourth) Party Kind
Cyber Threat Intelligence Update: New Claims of Attacks Against Israeli SCADA Systems

January 5, 2024

Cyber Threat Intelligence Update: New Claims of Attacks Against Israeli SCADA Systems
Executive Summary SecurityScorecard’s ongoing collections from hacktivist channels involved in cyber activity provoked by the conflict in Gaza highlight the international scope of the conflict, with hacktivist groups in Indonesia and Malaysia claiming attacks against organizations in Israel and allied states. As in the other channels SecurityScorecard analyzed… Read More
A Deep Dive Into the APT28’s stealer called CredoMap

January 5, 2024

A Deep Dive Into the APT28’s stealer called CredoMap
Executive summary: CredoMap APT28 Malware CredoMap is a stealer developed by the Russian APT28/Sofacy/Fancy Bear that was used to target users in Ukraine in the context of the ongoing war between Russia and Ukraine. The malware was initially discovered by Google and CERT-UA. The threat actor… Read More
Attack Surface Intelligence Identifies Additional Cuba Ransomware-Linked Indicators of Compromise

January 4, 2024

Attack Surface Intelligence Identifies Additional Cuba Ransomware-Linked Indicators of Compromise
Executive Summary Following the publication of a report regarding the Cuba ransomware group’s recent activities, the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team leveraged SecurityScorecard’s unique data to enrich the indicators of compromise (IoCs) linked to this activity. STRIKE Team researchers identified additional IoCs not explicitly linked… Read More
Cyber Risk Intelligence: SecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs

January 4, 2024

Cyber Risk Intelligence: SecurityScorecard Analysis of Traffic Involving Storm-0558 IoCs
Executive Summary On July 11th, 2023, Microsoft disclosed that a threat actor had obtained a Microsoft private encryption key that allowed attackers to generate tokens enabling access to customers’ Exchange Online and Outlook[.]com accounts. Subsequent research found that the compromised key could have granted access to a wider… Read More
Addressing the Trust Deficit in Critical Infrastructure

January 4, 2024

Addressing the Trust Deficit in Critical Infrastructure
Global Cybersecurity Risk Measurement and Transparency are Key Despite a decade or more of increased focus on cybersecurity in boardrooms, legislatures, and the media, cyber resilience is getting worse, not better. Increasing cyberattacks and highly publicized breaches have undermined the public’s trust in the resilience of our societies, prompting business… Read More
A technical analysis of the Underground ransomware deployed by Storm-0978

January 4, 2024

A technical analysis of the Underground ransomware deployed by Storm-0978
Executive summary The Underground ransomware is the successor of the Industrial Spy ransomware and was deployed by a threat actor called Storm-0978. The malware stops a target service, deletes the Volume Shadow Copies, and clears all Windows event logs. The files are encrypted using the 3DES algorithm, with the… Read More