Anomali Blog

Weekly Threat Briefing

WTB: Oracle Patches Apache Vulnerabilities

The intelligence in this week's iteration discuss the following threats: APT, Banking trojan, Data breach, Malspam, Mobile, Ransomware, Spear phishing, Typosquatting, and Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsOracle...
Read More


Anomali Enterprise SIEM Splunk Threat Intelligence Platform

Give Splunk (And Your Security Team) A Helping Hand With Threat Intelligence

Performance is often one of the biggest gripes I hear from Splunk users. Even after spending time carefully architecting a distributed search environment, running it on top-of-the-range hardware, and carefully assigning user permissions, Splunk searches can still often run painfully slowly.This scenario is particularly true of security use-cases where...
Read More


Anomali Enterprise Threat Intelligence Platform

Addressing Threat Blindness

In just four years since launching Anomali we’ve seen Threat Intelligence become a standard element of enterprise security programs. Last week we published a Ponemon Institute report on “The Value of Threat Intelligence” (our 2nd year sponsoring this research) – in it we found:80%of enterprises...
Read More


Malware Research

How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground

By Vitali Kremez, Flashpoint and Travis Farral, AnomaliIt’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that...
Read More


Weekly Threat Briefing

WTB: CCleanup, A Vast Number of Machines at Risk

The intelligence in this week’s iteration discuss the following threats: Adware, Compromise, Data Breach, Malspam, Malicious Plugin, Phishing, and Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCCleanup: A Vast...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

The Second Annual Ponemon Study - The Value of Threat Intelligence

Today we released our findings from the Ponemon Study, “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies." The Ponemon Institute surveyed over a thousand IT security professionals on a range of threat intelligence topics. Results show that organizations are rapidly incorporating...
Read More


Malware

Hacker Tactics - Part 2: Supply Chain Attacks

Adversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.On June 27th, 2017, the NotPetya malware campaign initiated in Ukraine and rapidly spread around the globe. NotPetya devastated...
Read More


Weekly Threat Briefing

WTB: Equifax Breach: Sensitive Info, SSNs of 44% of U.S. Consumers Accessed by Attackers

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Data breach, Malspam, Misconfigured database, Phishing, and Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsAdmin Accounts...
Read More


Threat Intelligence Platform

Improve Security Through People in Four Simple Steps

Organizations have an incredible variety of security solutions to choose from to protect their networks. A walk down the showroom floor at RSA or BlackHat can be downright overwhelming (both the product explanations and the swag). Whatever solutions your security team deploys though it’s important to remember that...
Read More


Weekly Threat Briefing

WTB: US Government Site Was Hosting Ransomware

The intelligence in this week’s iteration discuss the following threats: Bitpaymer, Cobian RAT, KHRAT, Locky Ransomware, Malspam, Sarahah, Turla and WireX. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsUS Government...
Read More


Anomali Enterprise Malware

Hacker Tactics - Part 1: Domain Generation Algorithms

Coauthored by Evan Wright and Payton BushAdversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.What are DGAs?DGAs are code that programmatically produce a list...
Read More


Malware Weekly Threat Briefing

WTB: US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks

The intelligence in this week’s iteration discuss the following threats: APTs, Cybercriminals, Data leaks, Exploit kits, Malspam, Malware, Mobile, Ransomware, Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsUS Arrests...
Read More


Cyber Threat Intelligence STAXX

Anomali Limo - Take the Fast Lane to Threat Intelligence

Far from being just a buzzword, threat intelligence has proven to be a valuable asset to security teams. 78% of respondents polled from The Value of Threat Intelligence: Ponemon Study, stated that threat intelligence was critical for a strong security posture. One of the difficulties with threat intelligence isn’t...
Read More


Cyber Threat Intelligence

IPs Aren’t People

If you watch a lot of CSI Cyber or hacking movies you might be lead to believe that the IP address is the missing link between an activity on the Internet and identifying who acted. In reality this is rarely the case.There are at least 4 common technologies that obscure...
Read More


Weekly Threat Briefing

WTB: Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly

Trending ThreatsThe intelligence in this week’s iteration discuss the following threats: APT, Exploit Kit, Malspam, Phishing, Ransomware, Underground Markets, Vulnerabilities, and Zero-days. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Cryptocurrency Miner...
Read More


Cyber Threat Intelligence SIEM Splunk ThreatStream

ThreatStream Matches As Notable Events in Splunk? Here’s How…

In a previous post I showed how the Anomali ThreatStream Splunk app can integrate with Splunk's own Enterprise Security app to provide analysts with familiar and powerful investigation workflows. Since the post was published I've received a number of emails from the Anomali community asking;...
Read More


Weekly Threat Briefing

WTB: Malspam Continues to Push Trickbot Banking Trojan

The intelligence in this week’s iteration discuss the following threats: Adware, APT, Data breach, Data leak, Malspam, Phishing, and Spear phishing. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCVE-2017-0199:...
Read More


Cyber Threat Intelligence

Six Ways to Help Improve your Security Posture

A strong cybersecurity program is quickly becoming one of the most important investments a company can make. In the wake of numerous corporate breaches over the last few years, all users are on higher alert about the safety of their sensitive data. Whatever the size or maturity level of your...
Read More


Weekly Threat Briefing

WTB: WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware

The intelligence in this week’s iteration discuss the following threats: APT, Data Breach, Exploit Kits, Malspam, Mobile, Phishing, Ransomware, and Spyware. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCampaign Leads...
Read More


Cyber Threat Intelligence Splunk Threat Intelligence Platform ThreatStream

Automate Your Workflows With Threat Intelligence Alerts in Slack

Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools,...
Read More


Get the latest threat intelligence news in your email.