Category: Recorded Future

Key Takeaways Know your enemy. Understanding threat actor TTPs is essential for an effective information security program. Don’t be over reliant on a single source. The best security teams identify threat actor TTPs by combining intelligence from multiple sources. Don’t confuse data with intelligence. Sources that provide unprocessed data will end up costing you in…

Creating a threat intelligence capability can be a challenging undertaking, and not all companies are ready for it. Businesses that run successful threat intelligence teams generally: Collect externally available data on threats and correlate it with internal events. Be aware of threats driving proactive security controls. Establish proactive internal hunting for unidentified threats. Invest in…

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware. Observing these, as with any type of cyber attack, can provide early warning signs of…

For some, winning in Las Vegas is a longshot. But as the sun sets on Black Hat 2016, Recorded Future is counting our chips after a very successful week. At the Recorded Future booth, we had many insightful conversations with attendees and completed too-many-to-count demos of our threat intelligence solution. Since Black Hat is known…

On June 13 we announced the beta release of Intel Card Extensions that enable all-source threat analysis with our new intelligence partners. We’re proud to announce that these extensions are now generally available to all Recorded Future customers. Many thanks to our beta testers for providing valuable feedback. As a result, we’ve improved several of…

Analysis Summary Russian APTs regularly target Microsoft products with 55% of exploited vulnerabilities targeting versions of Office, Windows, and Internet Explorer products. Targeting widely adopted software provides the path of least resistance for a state-sponsored actor. Microsoft Office vulnerability targeting is in line with heavy use of spear phishing by Russian actors including APT28. Decoy…

Key Takeaways Monitoring external libraries (in your production code base) for vulnerabilities is a daunting task, and an enterprise infrastructure is close to unmanageable without the correct tools. Here we introduce an open source prototype system for gathering information about running code, using Recorded Future for determining which components are risky — the system also…

Nothing is hotter than the Nevada desert in August. Except for our booth at Black Hat 2016, that is! Sure, “threat intelligence” is big industry buzzword, but do you really understand how you can use it in your organization to identify indicators of compromise or imminent threats? Are you able to demonstrate the effectiveness of…

Key Takeaways The internet is the single greatest learning resource ever created. Whether you’re looking into specific attack vectors or aiming to learn from others’ mistakes, the web should be your first port of call. Keeping abreast of proprietary information leaks and “adversary chatter” from the open, deep, and dark web will help you to…

In part one of our web shell series we analyzed recent trends, code bases, and explored defensive mitigations. In part two we investigate a new web shell created by Chinese-speaking actors. On March 26, 2016, Recorded Future’s natural language processing (NLP) engine produced an alert for Cknife. Recorded Future alert showing Cknife reference. Background A…