The Challenge A technology company approached Nisos after it appeared some of their source code and intellectual property was leaked. The client discovered the issue after identifying a series of emails that had been sent to one of their engineers from a foreign...
Adversary Research
White Supremacist Movements Are Exploding
Has Your Company Assessed the Possible Risk to Its Brand and Leadership? Violent white supremacist movements have been undergoing a strong resurgence since 2013. Does your company have eyes on this emerging threat? If not, Nisos has the experience and proprietary...
Disrupting Nation-State Recruiting and Disinformation Efforts on Job Site Platform
The Challenge A job recruiting platform approached Nisos to determine the severity and authenticity of an affiliate recruiting company that appeared to be involved with disinformation and foreign nation state espionage efforts. The foreign nation state was suspected...
Using Selectors For Open Source Intelligence
A “selector” is not a generally defined term in enterprise security, but selectors are important for understanding open source intelligence and investigations in the digital realm. Building on our previous technical blog defining a selector, we will be diving deeper...
Mitigating Advanced Threat Actors: Acquiring and Analyzing Malicious Tools to Stop Fraud
The Challenge Malicious foreign actors were creating automated tools to abuse an e-commerce client’s platform. Using that automated process the threat actors were able to mass create and bulk manage accounts, run advertisements, and use credit cards. With those credit...
The Myth of Complex Passwords
Password reuse is one of the most pervasive security concerns for information security teams in enterprise. It’s an easy way for an adversary to gain initial access if two factor authentication is not properly implemented and more importantly, provides the ability to...
What is a Selector in the World of Digital Crime?
Every hour of every day, criminals, nation states, and fraudsters around the world commit attacks using phone numbers, email addresses, and social media handles. We call these “selectors,” i.e. the technical attributes of an online entity. On the other side of the...
How to Use Breach Credentials to Support Intelligence Collection and Attribution
While some organizations may view third party breach usernames and passwords as important indicators to prevent unauthorized access to their own networks, larger organizations are using two factor authentication for securing their perimeters by locking down...
Five Critical Data Source Considerations for Adversary Attribution
Strong intelligence is the base of adversary attribution; nothing can replace the holistic picture created by technical indicators in combination with HUMINT and OSINT sources. While many cyber threat intelligence teams focus on technical events and indicators that...
The Rise of Synthetic Audio Deepfakes
Can Audio Deepfakes Really Fake a Human? Audio deepfakes are the new frontier for business compromise schemes and are becoming more common pathways for criminals to deceptively gain access to corporate funds. Nisos recently investigated and obtained an original...
Establishing a System to Collect, Enrich, and Analyze Data to Generate Actionable Intelligence
In the era of data-driven decision making, the value of threat intelligence and interest in establishing or expanding threat intelligence programs is growing rapidly. However, the growing availability and access to data is outpacing the ability of these threat...
Advancing OSINT to Turn Data into Intelligence
While cyber threat analysts are critical to determine what cyber threats are relevant to their respective organizations so they can take the appropriate action, open source intelligence (OSINT) and investigations can often be the added value to address the “how”,...
The Nisos Dogpile
As co-founders, Justin and I have had thousands of conversations about Nisos with prospects, clients, investors, and peers in the cybersecurity and investigations industry. The question always comes up, “How are you different?” One of the challenges with...
Managed Intelligence: Four Factors for Building Adversarial Context
With limited time and resources for a SOC to prioritize threats for additional research, Mars CISO Andrew Stanley gives several important factors when considering adversarial context with regard to the “who, how, and why” of attribution. Chasing After Ransomware is a...
Know Your Adversary: Russian APTs
In the previous two articles in this series, we examined the Iranian and Nigerian Advanced Persistent Threats (APTs) under a sociohistorical lens in order to better understand the various drivers that instigate their threat activity. Today, we examine Russia under the...
Managed Intelligence: An Overview on Signature and Personality-Based Attributions to Mitigate Risk for the Business
Continuing with Nisos’ series on providing context to enable actionable outcomes for Security Operations Centers (SOCs), we examine the differences between signature and personality-based attributions and how each plays a role for enterprises in prioritization efforts...
Know Your Adversary: The Criminal Underworld in Nigeria
Having examined the underpinnings of Iranian culture and the nexus with its corresponding Advanced Persistent Threat (APT), we turn our eyes towards Africa. Often overlooked as an APT, elements of postcolonial realities in Nigeria have contributed to an advanced...
Managed Intelligence: Transitioning Cyber Threat Information to Actionable Threat Intelligence Provides Critical Context
Major organizations with significant intellectual property and brand name reputation face a constant onslaught of targeted cyber attacks and information operations campaigns, but often lack the capability to attain context-based attribution - the ability to define the...
Tracing the Technology Origin of a Presidential Candidate Deepfake
The recent tweet of a doctored photo, turned into a GIF and nicknamed “Sloppy Joe”, of US presidential candidate Joe Biden has prompted controversy over whether the image qualifies as a deepfake, which would make it the first used in a US election cycle. President...
Malicious Insider Leaking Information to the Unauthorized Third Parties
The Challenge A technology company’s (the Client) proprietary information was leaked to unauthorized third parties presumably from an identified disgruntled employee. The Client required assistance in determining with certainty whether such actions could be directly...
Attributing E-Crime Syndicates Adds Critical Context
The Challenge Huddled around keyboards half a world away, a shadowy group of technically-savvy criminals devised techniques to hide from system administrators and run internet scams that defrauded a client out of hundreds of thousands of dollars in revenue every...
Countering Destruction to Save a Business
The Challenge A healthcare technology company (the Client) suffered a wide-scale destructive compromise after an attacker targeted the Client’s backend point of sale technology and deleted all customer data. Why Nisos In addition to the primary forensics firm that was...
Actively Countering Advanced Persistent Threats with External Telemetry
The Challenge A technology company (the Client) with thousands of employees across the globe was under attack by a nation-state level adversary. They requested Nisos’ assistance to provide critical intelligence to detect indicators and respond to the attack. Given the...
Eight Hours to Attribution
The Challenge A multinational manufacturer (The Client) came to Nisos for help responding to an unusual incident. An unauthorized user opened a trouble ticket in the Client’s internal IT ticketing system. In the ticket, the actor demonstrated access to sensitive...
Deep Fakes
This paper examines the illicit ecosystem for deep fakes.Their technology evolution and migration paths from surface web to deep and dark sites, and uncover some of the actors creating and disseminating these videos. Nisos undertook research into deep fake technology...
Know Your Adversary: Iran
While researching advanced persistent threats (APTs), the common analytic angle has always been to identify malware and infrastructure techniques, tactics, and procedures (TTPs), and to develop detections. While this is effective for big player APTs such as Russia and...
Stay up to the minute
Subscribe to our blog to get notified of updates in your inbox.