Anomali Blog
Cybersecurity’s Juggling Act
Organizations are challenged with juggling what seems to be a three-ring circus of issues related to either implementing or managing an existing cyber threat intelligence program. I say three ring circus because, by definition, a three-ring circus has three separate areas where performances occur at the same time. I...
Read More
WTB: APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS
The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Banking trojan, Cryptocurrency malware, Malspam, Mobile malware Phishing, Spear phishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious...
Read More
Hacker Tactics - Part 4: Cryptominers
Adversaries are constantly changing and improving how they attack us. In this six-part series we’ll explore new or advanced tactics used by threat actors to circumvent even the most cutting-edge defenses.Cryptocurrencies, like Bitcoin or Ethereum, have become exponentially more popular over the last year. Due to the...
Read More
Cyber Threat Intelligence Research
Research: Potential and Realized Threats to the United Kingdom
Anomali recently conducted research to assess the threat landscape of the United Kingdom and determine where adversaries may choose to focus their attention. The report examines various Critical National Infrastructures such as communications, defence, civil nuclear, etc. and identifies past and potential attacks.Findings indicate that diversification of companies, largely...
Read More
WTB: GitHub Survived the Biggest DDoS Attack Ever Recorded
The intelligence in this week’s iteration discuss the following threats: APT, Cyber espionage, Credit and debit card theft, Data breach, Data theft, DDoS attacks, Malicious applications, Misconfigured database, Mobile malware, POS malware, Spear phishing, and Targeted attacks. The IOCs related to these stories are attached to the WTB...
Read More
Measuring the Effectiveness of Threat Feeds
We do a lot of important and sometimes complicated things as we try to defend organizations from cyber attacks. One thing that often gets left behind, or at least isn’t done as effectively as it could be, is measuring what we do and how well we do it....
Read More
We’re All Vulnerable in the Internet of Things
A short while ago, if you’d asked me which countries in the world were the least vulnerable to cyber security breaches, I would have said “the richest ones, of course! They can afford all the security software, hardware and threat intelligence they want!” And yet the...
Read More
WTB: OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan
The intelligence in this week’s iteration discuss the following threats: APT37, ASMI Bypassing, Bank Account Breaches, Business Email Compromises, Cryptojacking, NetwiredRC, OilRig, OMG Botnet and QuasarRAT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious...
Read More
Cyber Threat Intelligence Malware Research ThreatStream
A Timeline of APT28 Activity
APT28 (aka Fancy Bear, aka Pawn Storm, aka Sednit, aka Sofacy, aka Group 74, aka Sednit, aka Sofacy, aka Strontium, aka Threat Group-4127) finds its way into the news with some regularity. Most recently the group claimed to have released documents from the International Luge Federation. APT28 is probably best known...
Read More
WTB: Jenkins Miner: One of the Biggest Mining Operations Ever Discovered
The intelligence in this week’s iteration discuss the following threats: AWS Leaks, Breaches, Cryptominers, Exit Scams, Google AdWords, Jenkins server vulnerabilities, Lazarus Group, Rapid Ransomware and Telegram Messenger vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs...
Read More
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream
Heads Up! A Phishing Attack Early Warning System
You're probably familiar with Anomali's Threat Bulletins. If not, go and have a read of our most recent one covering "TODO." Threat Bulletins provide information about an event to derive information detailing the tactics, techniques, and procedures used by the attacker. This helps you to...
Read More
Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream
Generating Your Own Threat Intelligence Feeds in ThreatStream
Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched...
Read More
Cyber Threat Intelligence Research
Taking the cyber No-Fly list to the skies
In our last post, we talked about how companies can use the concept of a No-Fly list to keep malicious actors out of their networks. So how does a cyber No-Fly list work in a real situation? We spoke with one of our customers, Alaska Airlines, about how they make...
Read More
WTB: Olympic Destroyer Takes Aim At Winter Olympics
The intelligence in this week’s iteration discuss the following threats: Compromised server, Cryptocurrency miner, Data theft, Malspam, Phishing, Targeted attacks, Underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More
Getting into Tech…for the Non-Technical
My name is Teddy Powers. I have worked for Anomali (formerly ThreatStream) for almost the last three years and it’s been one of the best experiences of my life. But if you looked at my résumé or LinkedIn, much like anyone else, you’d...
Read More
North Korean Cybersecurity Profile
North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea...
Read More
Cyber Threat Intelligence Research
How the No-Fly List Approach Can Be Used to Improve Cybersecurity
We’ve all heard of the No-Fly List. Managed by the FBI’s Terrorist Screening Center, the list bans people on it from boarding commercial aircraft within, into, or out of the United States. The No-Fly List is only one tactic that the U.S. uses in its...
Read More
WTB: Android Devices Targeted by New Monero-Mining Botnet
The intelligence in this week’s iteration discuss the following threats: Botnet, Cryptocurrency miner, Cyber espionage, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsAndroid Devices Targeted...
Read More
The 2018 Winter Olympics in PyeongChang, South Korea and Impact to the Cyber Threat Landscape
Major events like the Winter Olympics attract a lot of attention from fans all around the world. For three weeks fans will watch in person, on televisions, and online to follow the various competitive events. This attention is attractive to advertisers but it’s also attractive to cyber...
Read More
WTB: Tax Identity Theft Awareness Week
The intelligence in this week’s iteration discuss the following threats: APT, Cryptocurrency miners, Phishing, Ransomware, Remote Access Trojan, Targeted attacks, Tax-related malicious activity, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.
...
Read More
