COVID-19 pandemic: Through the cybercriminal’s eyes

By the Intel 471 Intelligence team. Cybercriminals’ exploitation of the global Coronavirus Disease 2019 (COVID-19) pandemic (in phishing lures, for example) has been covered widely in the media. But one underreported aspect is how the coronavirus itself is impacting cybercrime actors, their activities and their infrastructure. Our research of the underground marketplace and these actorsContinue reading “COVID-19 pandemic: Through the cybercriminal’s eyes”

Melting the ‘deep and dark web’ myth and why we hate the phrase

By Michael DeBolt, VP of Intelligence of Intel 471. It’s not deep. It’s not dark. It’s not the ominous underside of an iceberg. The deep and dark web, or simply the “underground,” as we like to call it at Intel 471, is an organized ecosystem of products, services and goods consisting of real life suppliersContinue reading “Melting the ‘deep and dark web’ myth and why we hate the phrase”

No, the criminal underground isn’t dropping its use of Bitcoin anytime soon

By Mark Arena, CEO of Intel 471. I recently read an article which claimed the “criminal underworld” was dropping its use of Bitcoin. In the past month, Intel 471 has looked closely at the criminal underground to identify if Bitcoin was still strong in its use and whether there were any up-and-coming cryptocurrencies that wereContinue reading “No, the criminal underground isn’t dropping its use of Bitcoin anytime soon”

Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches

By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the security industry mostly appears to take the view that indicators of compromise (IOCs) are the best approach to initiate/drive the intelligence process. If we take a step back and look at traditional intelligence concepts, we will find the following definitionContinue reading “Cyber Threat Intelligence: Comparing the incident-centric and actor-centric approaches”

Cyber threat intelligence requirements: What are they, what are they for and how do they fit in the…

By Mark Arena, CEO of Intel 471. There are many definitions of what is an intelligence requirement but the definition to me that is most accurate is: “Any subject, general or specific, upon which there is a need for the collection of information, or the production of intelligence.” Ref:http://www.thefreedictionary.com/intelligence+requirement With the above definition I wantContinue reading “Cyber threat intelligence requirements: What are they, what are they for and how do they fit in the…”

Cyber threat intelligence: Why should I be worried about threats that aren’t specifically…

By Mark Arena, CEO of Intel 471. When it comes to cyber threat intelligence, the big question that comes to mind when evaluating intelligence or intelligence collection, external from a vendor or internally generated, is whether it is relevant to me and my organization. If you read my previous posts, you would have seen thatContinue reading “Cyber threat intelligence: Why should I be worried about threats that aren’t specifically…”

Cyber Threat Intelligence: Observing the adversary

By Mark Arena, CEO of Intel 471. Following my previous blog post that compared the incident-centric and actor-centric approaches to cyber threat intelligence, this post will detail a number of ways we can potentially observe our adversary. I’ll preface this post by saying that prioritizing and identifying who the adversary is, their motivations, their intentionsContinue reading “Cyber Threat Intelligence: Observing the adversary”