A common problem in the world of digital forensics and insider threat investigations is that employees can use a third-party application, like WeChat, to exfiltrate data from a network, or to communicate with malicious third parties. More often than not, the employee...
The Challenge A technology company approached Nisos after it appeared some of their source code and intellectual property was leaked. The client discovered the issue after identifying a series of emails that had been sent to one of their engineers from a foreign...
Has Your Company Assessed the Possible Risk to Its Brand and Leadership? Violent white supremacist movements have been undergoing a strong resurgence since 2013. Does your company have eyes on this emerging threat? If not, Nisos has the experience and proprietary...
The Challenge A job recruiting platform approached Nisos to determine the severity and authenticity of an affiliate recruiting company that appeared to be involved with disinformation and foreign nation state espionage efforts. The foreign nation state was suspected...
A “selector” is not a generally defined term in enterprise security, but selectors are important for understanding open source intelligence and investigations in the digital realm. Building on our previous technical blog defining a selector, we will be diving deeper...
The Challenge Malicious foreign actors were creating automated tools to abuse an e-commerce client’s platform. Using that automated process the threat actors were able to mass create and bulk manage accounts, run advertisements, and use credit cards. With those credit...
Password reuse is one of the most pervasive security concerns for information security teams in enterprise. It’s an easy way for an adversary to gain initial access if two factor authentication is not properly implemented and more importantly, provides the ability to...
Every hour of every day, criminals, nation states, and fraudsters around the world commit attacks using phone numbers, email addresses, and social media handles. We call these “selectors,” i.e. the technical attributes of an online entity. On the other side of the...
While some organizations may view third party breach usernames and passwords as important indicators to prevent unauthorized access to their own networks, larger organizations are using two factor authentication for securing their perimeters by locking down...
Strong intelligence is the base of adversary attribution; nothing can replace the holistic picture created by technical indicators in combination with HUMINT and OSINT sources. While many cyber threat intelligence teams focus on technical events and indicators that...
Can Audio Deepfakes Really Fake a Human? Audio deepfakes are the new frontier for business compromise schemes and are becoming more common pathways for criminals to deceptively gain access to corporate funds. Nisos recently investigated and obtained an original...
In the era of data-driven decision making, the value of threat intelligence and interest in establishing or expanding threat intelligence programs is growing rapidly. However, the growing availability and access to data is outpacing the ability of these threat...
While cyber threat analysts are critical to determine what cyber threats are relevant to their respective organizations so they can take the appropriate action, open source intelligence (OSINT) and investigations can often be the added value to address the “how”,...
As co-founders, Justin and I have had thousands of conversations about Nisos with prospects, clients, investors, and peers in the cybersecurity and investigations industry. The question always comes up, “How are you different?” One of the challenges with...
With limited time and resources for a SOC to prioritize threats for additional research, Mars CISO Andrew Stanley gives several important factors when considering adversarial context with regard to the “who, how, and why” of attribution. Chasing After Ransomware is a...
In the previous two articles in this series, we examined the Iranian and Nigerian Advanced Persistent Threats (APTs) under a sociohistorical lens in order to better understand the various drivers that instigate their threat activity. Today, we examine Russia under the...
Continuing with Nisos’ series on providing context to enable actionable outcomes for Security Operations Centers (SOCs), we examine the differences between signature and personality-based attributions and how each plays a role for enterprises in prioritization efforts...
Having examined the underpinnings of Iranian culture and the nexus with its corresponding Advanced Persistent Threat (APT), we turn our eyes towards Africa. Often overlooked as an APT, elements of postcolonial realities in Nigeria have contributed to an advanced...
Major organizations with significant intellectual property and brand name reputation face a constant onslaught of targeted cyber attacks and information operations campaigns, but often lack the capability to attain context-based attribution - the ability to define the...
The recent tweet of a doctored photo, turned into a GIF and nicknamed “Sloppy Joe”, of US presidential candidate Joe Biden has prompted controversy over whether the image qualifies as a deepfake, which would make it the first used in a US election cycle. President...
The Challenge A technology company’s (the Client) proprietary information was leaked to unauthorized third parties presumably from an identified disgruntled employee. The Client required assistance in determining with certainty whether such actions could be directly...
The Challenge Huddled around keyboards half a world away, a shadowy group of technically-savvy criminals devised techniques to hide from system administrators and run internet scams that defrauded a client out of hundreds of thousands of dollars in revenue every...
The Challenge A healthcare technology company (the Client) suffered a wide-scale destructive compromise after an attacker targeted the Client’s backend point of sale technology and deleted all customer data. Why Nisos In addition to the primary forensics firm that was...
The Challenge A technology company (the Client) with thousands of employees across the globe was under attack by a nation-state level adversary. They requested Nisos’ assistance to provide critical intelligence to detect indicators and respond to the attack. Given the...
The Challenge A multinational manufacturer (The Client) came to Nisos for help responding to an unusual incident. An unauthorized user opened a trouble ticket in the Client’s internal IT ticketing system. In the ticket, the actor demonstrated access to sensitive...
This paper examines the illicit ecosystem for deep fakes.Their technology evolution and migration paths from surface web to deep and dark sites, and uncover some of the actors creating and disseminating these videos. Nisos undertook research into deep fake technology...
While researching advanced persistent threats (APTs), the common analytic angle has always been to identify malware and infrastructure techniques, tactics, and procedures (TTPs), and to develop detections. While this is effective for big player APTs such as Russia and...
Subscribe to our blog to get notified of updates in your inbox.