Category: Threat Intelligence

Security awareness and strategic threat intelligence are mandatory elements of any organization’s ability to ward off cyber events. The threat landscape can appear vast and unwieldy, putting additional barriers in the way of creating a successful threat intelligence program. During a recent webinar, Joe Walbert and Mike Kirk, senior information security analysts with TIAA, explained…

Activity Based Intelligence, or ABI, is an intelligence methodology developed out of the wars in Iraq and Afghanistan used to discover and disambiguate entities (e.g., people of interest) in an increasingly data-rich environment (most of it unclassified and open source). It is geospatial in nature, because it seeks to link entities and events through their…

Every hour of every day you are either hunting or being hunted. The only question you have to ask is which side do you want to be on?Eric Cole, PhD, SANS Analyst and Network Security Expert 86% of IT professionals say that their organization is now involved in some kind of threat hunting. Today, businesses…

Key Takeaways Understanding the four main threat actor types is essential to proactive defense. Cyber criminals are motivated by money, so they’ll attack if they can profit. Hacktivists want to undermine your reputation or destabilize your operations. Vandalism is their preferred means of attack. State-sponsored attackers are after information, and they’re in it for the…

Key Takeaways Know your enemy. Understanding threat actor TTPs is essential for an effective information security program. Don’t be over reliant on a single source. The best security teams identify threat actor TTPs by combining intelligence from multiple sources. Don’t confuse data with intelligence. Sources that provide unprocessed data will end up costing you in…

Creating a threat intelligence capability can be a challenging undertaking, and not all companies are ready for it. Businesses that run successful threat intelligence teams generally: Collect externally available data on threats and correlate it with internal events. Be aware of threats driving proactive security controls. Establish proactive internal hunting for unidentified threats. Invest in…

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware. Observing these, as with any type of cyber attack, can provide early warning signs of…

For some, winning in Las Vegas is a longshot. But as the sun sets on Black Hat 2016, Recorded Future is counting our chips after a very successful week. At the Recorded Future booth, we had many insightful conversations with attendees and completed too-many-to-count demos of our threat intelligence solution. Since Black Hat is known…

On June 13 we announced the beta release of Intel Card Extensions that enable all-source threat analysis with our new intelligence partners. We’re proud to announce that these extensions are now generally available to all Recorded Future customers. Many thanks to our beta testers for providing valuable feedback. As a result, we’ve improved several of…

Analysis Summary Russian APTs regularly target Microsoft products with 55% of exploited vulnerabilities targeting versions of Office, Windows, and Internet Explorer products. Targeting widely adopted software provides the path of least resistance for a state-sponsored actor. Microsoft Office vulnerability targeting is in line with heavy use of spear phishing by Russian actors including APT28. Decoy…