INTEL 471

  • You need to adjust your patch priorities!

    May 20, 2020 by

    By the Intel 471 Intelligence Analysis team. Some business people might say the security folks don’t understand the dollar impact of taking a system offline. The reality is in business often time is money and quantifying the cost of key systems being taken offline is a real thing. Some security folks might also say that… Read more

  • Changes in REvil ransomware version 2.2

    May 4, 2020 by

    By the Intel 471 Malware Intelligence team. Summary The REvil ransomware-as-a-service (RaaS) operation continues to impact businesses worldwide. The threat actors responsible for developing and maintaining the malware have released an updated ransomware, namely version 2.2. In this short blog post, we will cover the significant changes from the previous version, which we covered in… Read more

  • COVID-19 pandemic: Through the cybercriminal’s eyes

    April 30, 2020 by

    By the Intel 471 Intelligence team. Cybercriminals’ exploitation of the global Coronavirus Disease 2019 (COVID-19) pandemic (in phishing lures, for example) has been covered widely in the media. But one underreported aspect is how the coronavirus itself is impacting cybercrime actors, their activities and their infrastructure. Our research of the underground marketplace and these actors… Read more

  • Understanding the relationship between Emotet, Ryuk and TrickBot

    April 14, 2020 by

    By the Intel 471 Malware Intelligence team. One of the more notable relationships in the world of cybercrime is that between Emotet, Ryuk and TrickBot. This loader-ransomware-banker trifecta has wreaked havoc in the business world over the past two years, causing millions of dollars in damages and ransoms paid. Our Malware Intelligence team receives a… Read more

  • REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation

    March 31, 2020 by

    By the Intel 471 Malware Intelligence team. Summary REvil aka Sodinokibi, Sodin is a ransomware family operated as a ransomware-as-a-service (RaaS). Deployments of REvil first were observed in April 2019, where attackers leveraged a vulnerability in Oracle WebLogic servers tracked as CVE-2019-2725. REvil is highly configurable and allows operators to customize the way it behaves… Read more

  • Analysis of an attempted attack against Intel 471

    March 25, 2020 by

    By the Intel 471 Malware Intelligence team. Background The following write-up is our analysis of an attack attempted against one of our employees this week. At no point was our employee’s system at risk of being compromised. Interestingly, the employee’s email address only had been used in very few instances externally. We are releasing this… Read more

  • Malicious actors leverage Coronavirus Disease 2019 fear to increase business

    March 18, 2020 by

    By the Intel 471 Intelligence Analysis team. Our lives continue to be inundated with emails, mobile applications and websites that promise to deliver critical information related to the Coronavirus Disease 2019 (COVID)-19 pandemic threatening millions of people across the globe. Fear surrounding the disease has been exploited by attackers with adverse intentions who have launched… Read more

  • Introducing Intel 471’s Cybercrime Underground General Intelligence Requirements (CU-GIR): a common framework to address a common challenge

    February 25, 2020 by

    By Michael DeBolt, Vice President of Intelligence. In the last blog, I outlined three key benefits of a requirements-driven intelligence program. We also looked at three challenges that are preventing many programs from moving from concept to practice.  If you didn’t read it, here’s the TL;DR version: I promised also to share details of how… Read more

  • Intelligence requirements: Moving from concept to practice

    February 13, 2020 by

    By Michael DeBolt, VP of Intelligence of Intel 471. Our industry talks a lot about intelligence requirements. Yet I’ve noticed over the years a lack of practical advice being shared about how to actually work with or implement intelligence requirements as a fundamental component of a cyber threat intelligence (CTI) program. In a future blog,… Read more

View all posts