by Mike Clark | Jan 3, 2017 | Blog, Cybersecurity, Threat Intelligence
Examining Ricochet Effects of Spear phishing Campaigns POSTED BY MIKE CLARK There are many ways your organization can be affected by a spear phishing attack beyond the obvious – being the direct target. For example, a doppelgänger of your domain could be used to send...
by Mike Clark | Dec 19, 2016 | Blog, Cybersecurity, Threat Intelligence
Investigating Spear Phish Incidents with ThreatQ: Part 1 POSTED BY MIKE CLARK Part 1 – Identifying a system talking to a malicious site found in a spear phish email Spear phishing is a form of social engineering and undoubtedly one of the most successful and...
by Leon Ward | Dec 14, 2016 | Blog, Threat Intelligence
ThreatQ's "Signature" Difference POSTED BY LEON WARD A signature can provide a lot more than detection alone. Some can also contain a wealth of data that you can use to better understand an attack, the methods the attacker employs, and also the toolset they use. The...
by Mike Clark | Nov 28, 2016 | Blog, Threat Intelligence
Flipping TQ on its back as a File Integrity Management System to Discover Webshells POSTED BY MIKE CLARK In August of 2015, Dell SecureWorks released a fascinating report on a threat group they track as TG-3390. The TG-3390 write-up shows the adversary group often...
by Ryan Trost | Oct 20, 2016 | Blog, Threat Intelligence
Alert Fatigue – “Paralysis by Analysis” POSTED BY RYAN TROST I was recently chatting with a friend who runs a SOC in the UK and our conversation turned to one of his constant challenges – “alert fatigue.” For those not familiar with the term, alert fatigue is when an...
by Mike Clark | Sep 13, 2016 | Blog, Threat Intelligence
Using ThreatQuotient to Discover and Prevent POS Malware POSTED BY MIKE CLARK Eddie Bauer is just the latest victim in a spate of malware attacks on Point of Sale (POS) devices which are proving to be high value targets for cyber criminals. These devices contain very...
