A “selector” is not a generally defined term in enterprise security, but selectors are important for understanding open source intelligence and investigations in the digital realm. Building on our previous technical blog defining a selector, we will be diving deeper into selectors and how they enable external threat hunting, attribution, and open source intelligence analysis.
5 min read
8 min read
Password reuse is one of the most pervasive security concerns for information security teams in enterprise. It’s an easy way for an adversary to gain initial access if two factor authentication is not properly implemented and more importantly, provides the ability to move laterally in a network and escalate privileges, thus compromising critical data.
Below is a deep dive into the art of passwords, and how this can play out in both directions.
7 min read
Every hour of every day, criminals, nation states, and fraudsters around the world commit attacks using phone numbers, email addresses, and social media handles. We call these “selectors,” i.e. the technical attributes of an online entity.
1 min read
While some organizations may view third party breach usernames and passwords as important indicators to prevent unauthorized access to their own networks, larger organizations are using two factor authentication for securing their perimeters by locking down internet-facing services where the mere availability of these credentials are less actionable.
4 min read
Strong intelligence is the base of adversary attribution; nothing can replace the holistic picture created by technical indicators in combination with HUMINT and OSINT sources.
6 min read
Can Audio Deepfakes Really Fake a Human?
Audio deepfakes are the new frontier for business compromise schemes and are becoming more common pathways for criminals to deceptively gain access to corporate funds. Nisos recently investigated and obtained an original attempted deepfake synthetic audio used in a fraud attempt against a technology company. The deepfake took the form of a voicemail message from the company’s purported CEO, asking an employee to call back to “finalize an urgent business deal.” The recipient immediately thought it suspicious and did not contact the number, instead referring it to their legal department, and as a result the attack was not successful.
3 min read
In the era of data-driven decision making, the value of threat intelligence and interest in establishing or expanding threat intelligence programs is growing rapidly. However, the growing availability and access to data is outpacing the ability of these threat intelligence programs to leverage and operationalize it.
According to a recent Gartner report, “the value of (threat intelligence) services is sometimes constrained by the customer’s ability to afford, absorb, contextualize, and, especially, use the information provided by the services.” 1
5 min read
An Inside Look at Advanced Attacker TTPs and the Danger of Relying on Industry-based Threat Intelligence
Many organizations use threat intelligence from industry peers to prioritize vulnerability management and assign criticality when there is not enough existing information directly about their organization or their organization’s critical assets. While this is a natural political response to frame the narrative to allow budgetary approval to build certain aspects of the security program, organizations need to defend specific to their own technology stack and assets, incorporate the proper tooling around this stack, and be able to log events at scale.
If a security program indicates that their industry peers are being targeted by a variety of different threats broken down by industry, the narrative around this argument will likely be a more persuasive argument for non-technical business executives approving budgets.
5 min read
Threat intelligence feeds have become popular, and a company's ability to track threats outside of its own environment is better than ever. With these improvements though, has come an increasing demand on security professionals to select and manage the right combination of tools to achieve their desired outcomes.
Here is a brief look at the history of the cyber threat intelligence industry, and where we might go from here.
1 min read
Argument - fierce, bold, and impassioned - has been at the heart of our American democracy since the founding. British censorship (colonists could speak without prior restraint but then be charged with sedition or libel) compelled the drafters of the Bill of Rights to include freedom of speech as part of the First Amendment to the US Constitution.
Heated disagreement and even misinformation are as rampant on today’s internet as they were in the taverns and meeting halls of the colonies. This speech is rightly protected. But because of the sacredness of this right, it is disinformation – deliberate attempts by foreign and domestic actors to spread falsehoods in order to achieve a political end – that concerns us here at Nisos and that we leverage our capabilities to fight.