Anomali Blog
WTB: Energetic Bear/Crouching Yeti: attacks on servers
The intelligence in this week's iteration discuss the following threats: Adblocker Malware, APT28, ARS VBS Loader, Desert Scorpion, DNS Hijacking, Mukstik, PBot, Roaming Mantis, SquirtDanger, Stresspaint, and XiaoBa. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential...
Read More
Cyber Threat Intelligence Threat Intelligence Platform ThreatStream
Anomali at RSA Conference 2018
It’s the last day of RSA Conference 2018, and what a week it’s been!We made a few announcements....We’re collaborating with Microsoft Intelligent Security Graph (ISG) to bring new security insights into threat data for joint customers. The integration pairs threat intelligence from Anomali...
Read More
WTB: Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw
The intelligence in this week’s iteration discuss the following threats: Account Breaches, Cisco Smart Install, IcedID Banking Trojan, IIS Cryptojacking, Operation Parlament, Spear Phishing and WebMonitor RAT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential...
Read More
The Intersection of Threat Intelligence and Business Objectives
Intelligence exists as a supporting function. It always has a purpose – to inform decision making and drive action. In the government this is inherently understood and the value of intelligence is easy to derive. However, businesses often struggle to determine the value of their threat intelligence team/organization/processes...
Read More
WTB: Cisco Protocol Abused by Nation State Hackers
The intelligence in this week’s iteration discuss the following threats: APT, Botnet, Breach, Credit card theft, Cryptocurrency-miner, Data leak, Data theft, DDoS, Fake updates, Malicious extensions, Phishing, Spear phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be...
Read More
Introducing the Newly Certified ThreatStream QRadar App
Here at Anomali we have over 30 out-of-the box integrations, from SIEMs to endpoints and everything in between. Our QRadar integration is one of our most popular.The QRadar app and Content Pack available to ThreatStream customers provide security analysts visibility into threats within their network by matching and enriching...
Read More
WTB: Panera Bread Leaks Millions of Customer Records
This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Credit card theft, Data leak, Malspam, Mobile malware, RAT, Targeted attacks, Threat group, Underground markets, and Vulnerabilities. The...
Read More
Secretary Ray Mabus Joins Anomali Advisory Board
We’re thrilled to announce that former Secretary of the U.S. Navy, Ray Mabus, will be the newest advisory board member at Anomali. Secretary Mabus has had a remarkable career, serving as the 60th Governor of Mississippi from 1988 to 1992 and the United States Ambassador to Saudi Arabia from 1994...
Read More
WTB: Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested In Spain
The intelligence in this week’s iteration discuss the following threats: 419 Scams, Cobalt Gang, GhostMiner, Guccifer 2.0, Orbitz Breach and TeleRat. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsMastermind Behind EUR 1 Billion...
Read More
What is Operational Threat Intelligence?
This is the third blog in a series called, “What is Threat Intelligence?”. The first blog in the series can be found here and the second on strategic intelligence can be found here. Stay tuned for future installments in this series.In our previous blog we...
Read More
WTB: Zenis Ransomware Encrypts Your Data & Deletes Your Backups
The intelligence in this week’s iteration discuss the following threats: APT28, Bitcoin Theft, Hancitor, Hanwha Camera Vulnerabilities, MuddyWater, OceanLotus, Samba Vulnerability and Sigma Ransomware. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More
Cybersecurity’s Juggling Act
Organizations are challenged with juggling what seems to be a three-ring circus of issues related to either implementing or managing an existing cyber threat intelligence program. I say three ring circus because, by definition, a three-ring circus has three separate areas where performances occur at the same time. I...
Read More
WTB: APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS
The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Banking trojan, Cryptocurrency malware, Malspam, Mobile malware Phishing, Spear phishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious...
Read More
Hacker Tactics - Part 4: Cryptominers
Adversaries are constantly changing and improving how they attack us. In this six-part series we’ll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.Cryptocurrencies, like Bitcoin or Ethereum, have become exponentially more popular over the last year. Due to the...
Read More
Cyber Threat Intelligence Research
Research: Potential and Realized Threats to the United Kingdom
Anomali recently conducted research to assess the threat landscape of the United Kingdom and determine where adversaries may choose to focus their attention. The report examines various Critical National Infrastructures such as communications, defence, civil nuclear, etc. and identifies past and potential attacks.Findings indicate that diversification of companies, largely...
Read More
WTB: GitHub Survived the Biggest DDoS Attack Ever Recorded
The intelligence in this week’s iteration discuss the following threats: APT, Cyber espionage, Credit and debit card theft, Data breach, Data theft, DDoS attacks, Malicious applications, Misconfigured database, Mobile malware, POS malware, Spear phishing, and Targeted attacks. The IOCs related to these stories are attached to the WTB...
Read More
Measuring the Effectiveness of Threat Feeds
We do a lot of important and sometimes complicated things as we try to defend organizations from cyber attacks. One thing that often gets left behind, or at least isn’t done as effectively as it could be, is measuring what we do and how well we do it....
Read More
We’re All Vulnerable in the Internet of Things
A short while ago, if you’d asked me which countries in the world were the least vulnerable to cyber security breaches, I would have said “the richest ones, of course! They can afford all the security software, hardware and threat intelligence they want!” And yet the...
Read More
WTB: OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan
The intelligence in this week’s iteration discuss the following threats: APT37, ASMI Bypassing, Bank Account Breaches, Business Email Compromises, Cryptojacking, NetwiredRC, OilRig, OMG Botnet and QuasarRAT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious...
Read More
Cyber Threat Intelligence Malware Research ThreatStream
A Timeline of APT28 Activity
APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More
