Melting the ‘deep and dark web’ myth and why we hate the phrase

By Michael DeBolt, VP of Intelligence of Intel 471. It’s not deep. It’s not dark. It’s not the ominous underside of an iceberg. The deep and dark web, or simply the “underground,” as we like to call it at Intel 471, is an organized ecosystem of products, services and goods consisting of real life suppliersContinue reading “Melting the ‘deep and dark web’ myth and why we hate the phrase”

No, the criminal underground isn’t dropping its use of Bitcoin anytime soon

By Mark Arena, CEO of Intel 471. I recently read an article which claimed the “criminal underworld” was dropping its use of Bitcoin. In the past month, Intel 471 has looked closely at the criminal underground to identify if Bitcoin was still strong in its use and whether there were any up-and-coming cryptocurrencies that wereContinue reading “No, the criminal underground isn’t dropping its use of Bitcoin anytime soon”

Naming malware: What’s in a name?

By Mark Arena, CEO of Intel 471. This week’s incident with Petya/NotPetya/GoldenEye/Nyetya/Petrwrap has reignited the debate about how security companies name malware. In my opinion, the security industry’s use of different names for the same thing isn’t good for either customers or the industry at large, and it’s something that could be solved without tooContinue reading “Naming malware: What’s in a name?”

Being a cyber threat intelligence analyst and operating in the fog of uncertainty

By Mark Arena, CEO of Intel 471. A lot has been said, blogged and marketed on WannaCry ransomware with many pointing fingers at who they think might be behind it. The objective of this blog isn’t to critique, support or disprove any specific hypothesis. The goal is to highlight what it means to be aContinue reading “Being a cyber threat intelligence analyst and operating in the fog of uncertainty”

Who hacked the Democratic National Committee?

By Mark Arena, CEO of Intel 471. Who hacked the Democratic National Committee? I’ll preface this post by saying that I possess no information on this incident beyond what has been mentioned in open sources. This post is my personal opinion and is based on my experience researching and tracking both state and non-state cyberContinue reading “Who hacked the Democratic National Committee?”

Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches

By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the security industry mostly appears to take the view that indicators of compromise (IOCs) are the best approach to initiate/drive the intelligence process. If we take a step back and look at traditional intelligence concepts, we will find the following definitionContinue reading “Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches”

Cyber threat intelligence requirements: What are they, what are they for and how do they fit in the…

By Mark Arena, CEO of Intel 471. There are many definitions of what is an intelligence requirement but the definition to me that is most accurate is: “Any subject, general or specific, upon which there is a need for the collection of information, or the production of intelligence.” Ref:http://www.thefreedictionary.com/intelligence+requirement With the above definition I wantContinue reading “Cyber threat intelligence requirements: What are they, what are they for and how do they fit in the…”

Actionable intelligence — Is it a capability problem or does your intelligence provider suck?

By Mark Arena, CEO of Intel 471. Significant numbers of security and threat intelligence vendors spruik their intelligence or data as being the most actionable but is it? In this post I’ll hope to make the argument that whether intelligence is actionable or not is really up to the consumer of said intelligence, not theContinue reading “Actionable intelligence — Is it a capability problem or does your intelligence provider suck?”

Cyber threat intelligence: Why should I be worried about threats that aren’t specifically…

By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the big question that comes to mind when evaluating intelligence or intelligence collection, external from a vendor or internally generated, is whether it is relevant to me and my organization. If you read my previous posts, you would have seen thatContinue reading “Cyber threat intelligence: Why should I be worried about threats that aren’t specifically…”

Cyber Threat Intelligence: Observing the adversary

By Mark Arena, CEO of Intel 471. Following my previous blog post that compared the incident-centric and actor-centric approaches to cyber threat intelligence, this post will detail a number of ways we can potentially observe our adversary. I’ll preface this post by saying that prioritizing and identifying who the adversary is, their motivations, their intentionsContinue reading “Cyber Threat Intelligence: Observing the adversary”