Anomali Blog
How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground
By Vitali Kremez, Flashpoint and Travis Farral, AnomaliIt’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that...
Read More
WTB: CCleanup, A Vast Number of Machines at Risk
The intelligence in this week’s iteration discuss the following threats: Adware, Compromise, Data Breach, Malspam, Malicious Plugin, Phishing, and Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCCleanup: A Vast...
Read More
Cyber Threat Intelligence Threat Intelligence Platform
The Second Annual Ponemon Study - The Value of Threat Intelligence
Today we released our findings from the Ponemon Study, “The Value of Threat Intelligence: The Second Annual Study of North American and United Kingdom Companies." The Ponemon Institute surveyed over a thousand IT security professionals on a range of threat intelligence topics. Results show that organizations are rapidly incorporating...
Read More
Hacker Tactics - Part 2: Supply Chain Attacks
Adversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.On June 27th, 2017, the NotPetya malware campaign initiated in Ukraine and rapidly spread around the globe. NotPetya devastated...
Read More
WTB: Equifax Breach: Sensitive Info, SSNs of 44% of U.S. Consumers Accessed by Attackers
The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Data breach, Malspam, Misconfigured database, Phishing, and Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsAdmin Accounts...
Read More
Improve Security Through People in Four Simple Steps
Organizations have an incredible variety of security solutions to choose from to protect their networks. A walk down the showroom floor at RSA or BlackHat can be downright overwhelming (both the product explanations and the swag). Whatever solutions your security team deploys though it’s important to remember that...
Read More
WTB: US Government Site Was Hosting Ransomware
The intelligence in this week’s iteration discuss the following threats: Bitpaymer, Cobian RAT, KHRAT, Locky Ransomware, Malspam, Sarahah, Turla and WireX. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsUS Government...
Read More
Hacker Tactics - Part 1: Domain Generation Algorithms
Coauthored by Evan Wright and Payton BushAdversaries are constantly changing and improving how they attack us. In this six-part series we'll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.What are DGAs?DGAs are code that programmatically produce a list...
Read More
Malware Weekly Threat Briefing
WTB: US Arrests Chinese Man Involved With Sakula Malware Used in OPM and Anthem Hacks
The intelligence in this week’s iteration discuss the following threats: APTs, Cybercriminals, Data leaks, Exploit kits, Malspam, Malware, Mobile, Ransomware, Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsUS Arrests...
Read More
Cyber Threat Intelligence STAXX
Anomali Limo - Take the Fast Lane to Threat Intelligence
Far from being just a buzzword, threat intelligence has proven to be a valuable asset to security teams. 78% of respondents polled from The Value of Threat Intelligence: Ponemon Study, stated that threat intelligence was critical for a strong security posture. One of the difficulties with threat intelligence isn’t...
Read More
IPs Aren’t People
If you watch a lot of CSI Cyber or hacking movies you might be lead to believe that the IP address is the missing link between an activity on the Internet and identifying who acted. In reality this is rarely the case.There are at least 4 common technologies that obscure...
Read More
WTB: Cryptocurrency Miner Uses WMI and EternalBlue To Spread Filelessly
Trending ThreatsThe intelligence in this week’s iteration discuss the following threats: APT, Exploit Kit, Malspam, Phishing, Ransomware, Underground Markets, Vulnerabilities, and Zero-days. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Cryptocurrency Miner...
Read More
Cyber Threat Intelligence SIEM Splunk ThreatStream
ThreatStream Matches As Notable Events in Splunk? Here’s How…
In a previous post I showed how the Anomali ThreatStream Splunk app can integrate with Splunk's own Enterprise Security app to provide analysts with familiar and powerful investigation workflows. Since the post was published I've received a number of emails from the Anomali community asking;...
Read More
WTB: Malspam Continues to Push Trickbot Banking Trojan
The intelligence in this week’s iteration discuss the following threats: Adware, APT, Data breach, Data leak, Malspam, Phishing, and Spear phishing. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCVE-2017-0199:...
Read More
Six Ways to Help Improve your Security Posture
A strong cybersecurity program is quickly becoming one of the most important investments a company can make. In the wake of numerous corporate breaches over the last few years, all users are on higher alert about the safety of their sensitive data. Whatever the size or maturity level of your...
Read More
WTB: WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware
The intelligence in this week’s iteration discuss the following threats: APT, Data Breach, Exploit Kits, Malspam, Mobile, Phishing, Ransomware, and Spyware. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCampaign Leads...
Read More
Cyber Threat Intelligence Splunk Threat Intelligence Platform ThreatStream
Automate Your Workflows With Threat Intelligence Alerts in Slack
Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools,...
Read More
Hackers Make it Personal
It’s only Tuesday morning and it’s already been an interesting week in cybersecurity. First we learned about an attack on a major security company, targeting their research analysts. The goal of “Operation #leaktheanalyst,” apparently, is to name researchers and, in their own words: &ldquo...
Read More
WTB: Wallet-snatch hack: ApplePay ‘vulnerable to attack’, claim researchers
The intelligence in this week’s iteration discuss the following threats: Android Trojans, ApplePay, CowerSnail, Lipizzan, Ransomware, UniCredit Breach, Ursnif, Veritaseum, and Windows Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats
...
Read More
Halt the Sidecar Bear’s infrastructure with Intel 471 and Anomali Threatstream
By Mark Arena, Intel 471 and Travis Farral, AnomaliWe’ve all seen the research into Fancy Bear (aka APT28, Sofacy etc) which is likely a group sponsored by or a part of the Russian government. They even have their own website. Research into these groups is predominantly reactive.Typical...
Read More
