Threat Intelligence

Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Threat Intelligence / Industry Updates

We Detected and Analyzed Thousands of CCTV-, Firewall-, and SCADA-themed Domains & Subdomains

Did you know that a comprehensive subdomain database can give you 69,383 fully qualified domain names (FQDNs) with the string "firewall," 241,654 FQDNs for "cctv," and 19,048 FQDNs for "scada"? That data can give cybersecurity researchers possible starting points for an article or even a full-blown research paper. more

How Reverse IP Lookup API Can Help Detect Connected Domains

In 2020, reports say 94% of malware were delivered via email. Phishing remains a threat, as it accounts for more than 80% of security incidents that can cost victims almost US$18,000 per minute. more

Come April, Nothing Is Certain Except Phishing and Taxes

In the past years, threat actors have made it a point to prey on U.S. taxpayers using phishing emails supposedly from the Internal Revenue Service (IRS). The goal is often to trick victims into giving their login credentials to various platforms. This year is no different. more

Expanding the List of Artifacts for the Recent JPMorgan Chase Squatting Campaign

On 13 March, IBM X-Force Exchange published nine artifacts -- three domain names and six IP addresses -- related to a squatting campaign targeting JPMorgan Chase and its stakeholders. We dug deeper into the list in hopes of publicizing additional artifacts that users may need to be wary of. more

An In-Depth Look at the Risks Kozow.com Subdomains May Pose to Internet Users

Kozow[.]com hosts the website of free dynamic Domain Name System (DNS) service provider Dynu Systems. It has been cited for ties to several malicious activities over the past few months. To see if it would be a good idea for organizations to consider blocking the domain from their networks, we collated a list of kozow[.]com subdomains and subjected them to deeper scrutiny. more

How Do You Choose the Best Threat Intelligence Platform for Your Company?

Experts often say every cyber threat intelligence team needs a threat intelligence platform, but what is it really and how do you choose the best one for your company? Andreas Sfakianakis, in his recent SANS Institute CTI Summit 2021 talk titled "Excelling at Threat Intelligence Platform Requirements," inspired us to take a deeper look. more

Keeping Track of Ramnit through Artifact Expansion

Ramnit stands out as a malware as it continues to evolve and requires cybersecurity experts and law enforcement agents to stay alert. Variants have been recently detected, so that security companies such as Prevailion advise organizations to keep Ramnit on their radar. more

A List of Potential Attack Artifacts for the Top 3 Phished Brands in 2020

In a recent study INKY subjected around 657 million emails in 2020 and found almost 5 million phishing campaigns, more than 590,000 of which were brand impersonations. It then came up with a list of the top 25 most phished brands in a 2021 report. more

A Look at Recent Attacks on K-12 Distance Learning Providers Using Domain Intelligence

As early as December of last year, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) received reports of several cyber attacks targeting K-12 distance learning institutions. more

SolarWinds Cyber Intel Analysis Part 2: A Look at Additional CISA-Published IoCs

A few weeks back, we added unpublicized artifacts to the list of indicators of compromise (IoCs) published by both FireEye and Open Source Context back in December 2020. Some would have thought that would put a stop to the havoc the SolarWinds threat actors have been wreaking, but the group targeted Malwarebytes just recently according to a company report. more