Research Categories | Anomali Blog

BLOG

Category: Research

Cyber Threat Intelligence Research

Threatscape of the US Election

Cyber attacks and political elections within the US are frequently heard together in the same sentence following the 2016 presidential election. Media outlets are ramping up their efforts to cover the 2018 midterm elections for the 115th Congress, often including online mediums such as social media. This can create an information overload...
Read More


Cyber Threat Intelligence Research

Cyber Countdown to November 6…

Securing US State and Territory Voter Registration and Information WebsitesExecutive SummaryLess than a week away from November 6, 2018, US midterm elections is arguably one of the most important election cycles in history where political parties battle for control of the two chambers of Congress. Additionally, thirty-six state governors,...
Read More


Cyber Threat Intelligence Research

New .republican and .democrat Domains Offer New Ways to Fake Out Voters

IntroductionElection cycles in the US are widely publicized on various forms of media sources but this publicity brings with it inherent risk. A campaign’s online presence is critical as more voters turn to the Internet to learn about candidates, compare positions, and prepare to vote. However, this...
Read More


Research

Estimated 35 Million Voter Records For Sale on Popular Hacking Forum

Anomali Labs researchers in close partnership with Intel 471, a leading cybercrime intelligence provider, have uncovered a widespread unauthorized information disclosure of US voter registration databases. To be clear, this voter information is made generally available to the public for legitimate uses. Anomali and Intel 471 researchers discovered dark web communications offering...
Read More


Cyber Threat Intelligence Malware Research

Evaluating the Threatscape One Year After NotPetya Ransomware Attack

The NotPetya cyber-attack occurred a little over a month after WannaCry, targeting Ukrainian organisations.The attack was initiated utilising a corrupted update for an accounting and tax software that was almost exclusively used throughout every organisation, private and public, in the country. The malware employed the same SMB exploit that...
Read More


Cyber Threat Intelligence Research

Anomali Labs Research Shows Email-Based Attacks Continue to Threaten Election Security

The Anomali Labs team today published research on the potential for email-based attacks against election infrastructure. The new report, “Can Lightning Strike the US Elections Twice?: Email Spoofing Threat to the 2018 US Midterm Elections,” reveals that most US states have vulnerabilities that would allow email spoofing...
Read More


Cyber Threat Intelligence Research

What the US-Turkey Escalation Means for Cybersecurity

The recent escalation in US-Turkish political relations has important implications and will likely result in cybersecurity responses. The Anomali Labs research team has published a report providing an overview of the crisis, the key players involved, and analysis of potential cybersecurity reactions.The political tension between the US and Turkey...
Read More


Cyber Threat Intelligence Malware Research Threat Intelligence Platform

Analyzing WannaCry a Year After the Ransomware Attack

The cyber-attack known as WannaCry first broke out in May of 2017 and was unprecedented in its scope and impact. It utilized a Microsoft Windows vulnerability that was leaked by a cyber threat group, the Shadow Brokers, and despite Microsoft releasing a patch for the vulnerability, many organizations failed to apply...
Read More


Cyber Threat Intelligence Research

Cyber Threats Lurk at Large Events: Prepare for the 2018 FIFA World Cup

From Maradona’s “Hand of God,” to USA’s “Dos a Cero” defeat over Mexico, to Zidane’s infamous head-butt, the World Cup never ceases to amaze. With many of the world’s top players looking to take the field and make...
Read More


Anomali Enterprise Cyber Threat Intelligence Research

DreamBot Campaign Dreams Big

SummaryBeginning late April, Anomali Labs observed a phishing campaign distributing malicious documents containing macros to download DreamBot, a variant of Ursnif. The downloaded DreamBot payload turned out to be a stealthy keylogger, contrary to previously observed behavior from this malware family. The campaign, which lasted several weeks, continually rotated...
Read More


Cyber Threat Intelligence Malware Research

APT 29 - Put up your Dukes

Have you ever heard the phrase “put up your dukes” and wondered how on Earth that could equate to putting up your fists for a fight? You wouldn’t be alone in wondering. Etymologists studying this phrase have concluded that this expression, like many others that are...
Read More


Cyber Threat Intelligence Research

Research: Potential and Realized Threats to the United Kingdom

Anomali recently conducted research to assess the threat landscape of the United Kingdom and determine where adversaries may choose to focus their attention. The report examines various Critical National Infrastructures such as communications, defence, civil nuclear, etc. and identifies past and potential attacks.Findings indicate that diversification of companies, largely...
Read More


Cyber Threat Intelligence Malware Research ThreatStream

A Timeline of APT28 Activity

APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More


Cyber Threat Intelligence Research

Taking the cyber No-Fly list to the skies

In our last post, we talked about how companies can use the concept of a No-Fly list to keep malicious actors out of their networks. So how does a cyber No-Fly list work in a real situation? We spoke with one of our customers, Alaska Airlines, about how they make...
Read More


Research

North Korean Cybersecurity Profile

North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea...
Read More


Cyber Threat Intelligence Research

How the No-Fly List Approach Can Be Used to Improve Cybersecurity

We’ve all heard of the No-Fly List. Managed by the FBI’s Terrorist Screening Center, the list bans people on it from boarding commercial aircraft within, into, or out of the United States. The No-Fly List is only one tactic that the U.S. uses in its...
Read More


Research

The 2018 Winter Olympics in PyeongChang, South Korea and Impact to the Cyber Threat Landscape

Major events like the Winter Olympics attract a lot of attention from fans all around the world.  For three weeks fans will watch in person, on televisions, and online to follow the various competitive events. This attention is attractive to advertisers but it’s also attractive to cyber...
Read More


Cyber Threat Intelligence Malware Research

Welcoming Draft 2, version 1.1 of the NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) is a set of standards, best practices, and recommendations for improving cybersecurity and managing cybersecurity risk at the organizational level. Since original publication in 2014, the Framework, although voluntarily for the private sector and enterprise, has been widely adopted across the globe. Research by NIST...
Read More


Malware Research

The Rise of Malware Using Legitimate Services for Communications

Malware often includes the ability to communicate with attacker controlled systems on the Internet from within compromised networks. This gives the attacker several important capabilities.Some examples of this communication include:Receive “heartbeats” to maintain an inventory of compromised systems Send Remote control commands and receive the results...
Read More


Cyber Threat Intelligence Malware Research

12 Days of Threats

On the first day of Christmas a hacker stole from me, Thousands in my favorite cryptocurrency… On the second day of Christmas a hacker stole from me, Two plain-text passwords and thousands in my favorite cryptocurrency...We’re sure by now you’ve heard too much Christmas...
Read More


Get the latest threat intelligence news in your email.