Threat Intelligence

Alleviating BlackEnergy-Enabled DDoS Attacks

BlackEnergy first appeared in 2007. Designed to launch distributed denial-of-service (DDoS) attacks or download customized spam or banking data-stealer plug-ins, it was again used to target the State Bar of Georgia last May

Insights Into an Active Spam Domain Portfolio

Malicious spam, possibly the oldest kind of cyber threat, likely remains one of enterprises' biggest security concerns. Regardless of form and affected device, clicking a malicious link embedded in a spam email or downloading a malware-laden attachment can lead to financial, data, or identity theft.

Should Cracks and Keygens Remain a Cybersecurity Concern?

Cracks and keygens have long been a problem for software vendors in that they allow users to install their products without needing to pay for a legitimate license. As the Internet and website development advanced and became more accessible, the number of sites offering software cracking tools grew.

On the Frontlines of the Syrian Electronic Army’s Digital Arsenal

The Syrian Electronic Army (SEA) is a group of threat actors that have been around since 2011. Some of their possible victims are PayPal, eBay, Twitter, media outlets, and some U.S. government websites.

The Inner Workings of the Russian Business Network

The Russian Business Network (RBN) claimed to be a legitimate Internet service provider (ISP) back in 2006. Shortly after establishing its business, however, it gained notoriety for hosting the sites owned by spammers, malware operators, distributed denial-of-service (DDoS) attackers, and other cybercriminals.

Probing an Active Digital Trail of Iranian Hackers

WhoisXML API threat researcher Dancho Danchev obtained a publicly accessible list of email addresses known to be owned and used by Iranian hackers. The email addresses led us to more than 4,400 domain names, any of which can be weaponized and used in phishing, credential theft, and other forms of cyber attacks.

Who Could Be Behind the Latest GitHub-Hosted Malware Infrastructure?

GitHub is a popular code repository used by almost all software developers. Anyone can access it to share their code with practically anyone interested. Unfortunately, not every GitHub user is trustworthy. It has, in fact, been used to host malware at least a couple of times.

Tracing the Digital Footprint of Iran’s Mabna Hackers

In 2018, nine Mabna hackers were indicted by a U.S. grand jury for their involvement in different instances of cybercrime. Their victims included about 320 universities and over 50 private, government, and nongovernmental organizations in several countries.

Profiling the Massive Infrastructure Behind the Democratic National Committee Cyberintrusion

The Democratic National Committee (DNC) breach was a high-profile cyber attack in recent history. Years later, the cybersecurity community can still benefit from insights and actionable intelligence relevant to the attack. In line with this, WhoisXML API threat researcher Dancho Danchev dove deep into the DNS system intrusion using publicly available indicators of compromise (IoCs). We further enriched his findings, allowing us to uncover:

Is Your Software a Top Impersonation Target?

Anything conveniently obtainable online is often ripe for cybercriminal picking, and that's certainly true for the most commonly used software. We can't live without them, after all, if we are to thrive and not just survive in the digital world.