Anomali Blog

Anomali Blog

Cyber Threat Intelligence

Mind the Threat Intelligence Gap With a Strong Cybersecurity Strategy

85% say Threat Intelligence is important for a strong security posture but 41% say they have not made progress in the effectiveness of Threat Intelligence data. This comes from a recent 2019 study carried out by the Ponemon institute with over 1000 IT Security Practitioners in North America and the U.K.The difference...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

The intelligence in this week’s iteration discuss the following threats: APT, APT platform, Banking trojan, Botnet, Malspam, Phishing, Spear phishing, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Cyber Threat Intelligence

Level Up Your SOC - Focus On People, Process, and Technology

IntroductionA Security Operations Center (SOC) is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s cybersecurity posture while preventing, detecting, analysing and responding to security incidents with the aid of technology and well-defined processes and procedures. The success of your...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Cybercriminals Spoof Major Accounting and Payroll Firms in Tax Season Malware Campaigns

The intelligence in this week’s iteration discuss the following threats: Backdoor, FIN6, LockerGoga, MageCart, Malicious applications, Malspam, Phishing, Ransomware, Ryuk, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Threat Intelligence Platform

Unlock Your Threat Data with the Enrichment SDK

A few months back, Anomali released a set of SDKs that greatly expanded our ability to deliver content within the platform, and with integrated systems. One of those SDKs – focusing on enrichments – was introduced to provide a straightforward means for adding contextual information.In the threat intel world,...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Planet Hollywood Owner Suffers Major POS Data Breach

The intelligence in this weekís iteration discuss the following threats: Cryptocurrency, Data breach, Elfin, Emotet, Gustuff, Lazarus, Magento, Malware, Misconfigured databases, Ransomware, Trojans, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Russian State Hackers Phish Euro Governments Ahead of Elections

The intelligence in this weekís iteration discuss the following threats: APT28, APT32, Cryptominer, FIN7, IoT, MageCart, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence

Anomali Joins No More Ransom Partnership Ecosystem

On the 25th of March, Anomali is proud to announce a supporting partnership with No More Ransom (NMR). Anomali innovates intelligence-driven solutions that address cyber security challenges to achieve a more secure world. NMR is a non-commercial public-private initiative launched in July 2016 which created a common portal containing relevant information...
Read More


Research

“Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution

Executive SummaryIn January 2019, researchers from Anomali Labs and Saudi Telecom Company (STC) observed a spike in phishing websites impersonating the Saudi Arabian Ministry of Interior’s e-Service portal known as “Absher”. Further analysis uncovered a broader phishing campaign targeting four different Kingdom of Saudi Arabia government...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware

The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malspam, Malware, Phishing, Point-of-Sale, Ransomware, RAT, Supply chain, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

Rocke Evolves Its Arsenal With a New Malware Family Written in Golang

SummaryThe “Rocke group”, a Chinese threat actor group who specializes in cryptojacking, has shifted gears on how they’re stealing your cycles. Rocke is actively updating and pushing a new dropper using Pastebin for Command and Control (C2). Recent updates to the C2 as of March 1...
Read More


Cyber Threat Intelligence

Threat Actor - A Love Story

The BreachIt’s 5am on a Saturday morning, you’re soundly sleeping after a hectic week as CISO of a large organization. Suddenly, the phone rings and wakes you up. The voice on the phone says one of the most dreaded phrases, “You need to get...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Email Verification Service Takes Itself Offline After 800 Million Records Get Publicly Exposed

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT40, Backdoor, Chafer, Data breach, IRIDIUM, Phishing, Malware, RATs, Ransomware, Vulnerabilities and Whitefly. The IOCs related to these stories are attached...
Read More


Anomali at RSA Conference 2019 - Better than Ever

This year's theme for RSA Conference 2019 was Better - better connections, better solutions, and a better digital world. After a full week of RSA activities and festivities, we're feeling better than ever about the incredible advances in the industry and the community's shared goal to make...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: North Korean Hackers Go On Phishing Expedition Before Trump-Kim Summit

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Attack vector, Botnet, Credential-stealer, Phishing, Spear phishing, Targeted attacks, Threat group, Trojan, and Vulnerabilities. The IOCs related to these stories...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: The Facebook Login Phishing Campaign Can Even Trick Savvy Users

The intelligence in this weekís iteration discuss the following threats: APT28, APT-C-36, Cryptominer, Data breach, Fbot, KEYMARBLE backdoor, Malware, Mimikatz, Phishing, RADMIN, Ransomware, Rietspoof, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors

In late February 2019, Anomali Labs researchers discovered a malicious server hosting two separate phishing campaigns targeting government contractors desiring to do business with two U.S. federal government agencies. In both instances, the phisher created faux landing pages mimicking the Department of Transportation eProcurement login portal and the Department of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Chinese Facial Recognition Database Exposes 2.5m People

The intelligence in this week’s iteration discuss the following threats: APT, Data-theft, Malspam, Malware, Phishing, targeted attacks, Trojan, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More


Research

Phishing Campaign Spoofs United Nations and Multiple Other Organizations

Anomali Labs researchers recently discovered a phishing site masquerading as a login page for the United Nations (UN) Unite Unity, a single sign-on (SSO) application used by UN staff. When visitors attempt to login into the fraudulent page, their browser is redirected to an invitation for a film viewing at...
Read More


Research

Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme

On February 15th, 2019, Anomali Labs researchers found an active phishing page masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The illegitimate portal <hxxps://www[.]txdot[.]gov[.]us.e-bid.sync.auth.moovindancestudio[.]com/secure/user-login/login[.]php> is being hosted on a suspected compromised server...
Read More


Get the latest threat intelligence news in your email.