One of the many dangerous tools in cybercriminals’ arsenals is OSINT. In this post, we explain what it is, the danger it poses, and how to guard your company against OSINT. What is OSINT? OSINT stands for open-source intelligence. That is, the collection and analysis of data obtained from publicly accessible information channels. Such sources can basically be anything: newspapers and magazines, television and radio, data published by official organizations, scientific research, conference reports, etc. Nowadays, of course, such intelligence is primarily based on information scraped from the in ..read more

Naming products and services – and also their many different functions and features – in the infosec domain is, in a word, tricky. Why? Complexity… Cybersecurity: it’s not a one-dimensional object like, say, a boat. There are different sized boats, but besides things like that, a boat is mostly always a boat. But in infosec, how can all that a modern system of enterprise cybersecurity does be labeled simply, catchily (if that’s at all possible), and so as to be reasonably easy to understand? And how can you differentiate one security system from another? Often it’s difficult explaining such di ..read more

Initially, SIEM systems were created as a tool to collect information about security events within infrastructure and analyze them using external data on known cyberthreats. And for a long time, they did their job just fine. However, as both threats and the information security industry evolve, more and more threat-intelligence feeds are appearing on the market. And what’s more, their structures are significantly changing. It has become obvious to many experts that a new tool that allows navigating threat-intelligence flows is required for SIEMs to work effectively. Why did SIEM need an assist ..read more

For many companies, “threat intelligence” means only indicators of compromise data and information on specific cybercriminal tools. But in fact, threat intelligence implies a much deeper knowledge about threat actors, including tracking their activity on the network. Sometimes this information allows you to not only to get an idea of the criminal methods and tactics, but also to prevent a cybercrime. A vivid example is the recent case of a Latin American country’s central bank. What happened While studying cybercriminal activity, our experts learned that one group managed to access the bank’s ..read more

Cybercriminals have many schemes that involve the creation of malicious or phishing domains. They can use those domains in attacks on your customers, partners or even your employees. That is why from time to time companies need to block a dangerous domain, and some of them faces such threats quite often. Usually takedown of a malicious domain is not impossible, but it requires certain expertise and a lot of time. But usually when you identify such a threat, you do not have time to waste — it can lead to a loss of revenue, reputational damages, loss of customer trust, data leaks, and more ..read more

In terms of daily workload, few infosec roles compare with that of a security operations center (SOC) analyst. We know this firsthand, which is why we pay special attention to developing tools that can automate or facilitate their work. Following our recent upgrade of Kaspersky CyberTrace to a full-fledged threat intelligence (TI) platform, here we demonstrate how a SOC analyst can use this tool to study the attack kill chain. For example, suppose someone uses a workstation on the corporate network to visit a website that is flagged as malicious. The company’s security solutions detect the inc ..read more

Often, employees of security operation centers and information security departments turn to Kaspersky specialists for expert help. We analyzed the most common reasons for such requests and created a specialized service that helps customers to ask a question directly to an expert in the area they need. Why you might need expert help The threat of cyberattacks is growing all the time as cybercriminals find ever more ways to achieve their goals, discovering new hardware and software vulnerabilities in applications, servers, VPN gateways, and operating systems and immediately weaponizing them. Hun ..read more

No company is immune to every sophisticated attack. For example, any company might face a takedown by zero-day vulnerabilities or nonstandard, complex tools. To successfully repel an advanced attack and minimize negative consequences, prepare today for the challenges your cybersecurity team could encounter tomorrow. Predicting a specific attack is, of course, impossible, so our colleagues decided to study the experiences of other companies, interviewing representatives of a variety of companies for our IT Security Economics 2021 report. What the respondents had in common was they had all suffe ..read more

Protecting airport information systems from cyberincidents is no trivial task. Even a relatively minor glitch can lead to chaos, flight delays, and lawsuits from disgruntled passengers. As a good illustration of the phenomenon, the 2016 Delta Airlines computer system crash caused trouble for hundreds of thousands of people around the world. Facing massive expenses and operational dysfunction, airport administration scrambles to prevent chaos following an attack. It’s no wonder that airports represent such attractive targets for ransomware attacks. Another reason airports draw criminal attentio ..read more

A year ago I addressed cybersecurity specialists to let them know about a new tool we’d developed. Our Open Threat Intelligence Portal (OpenTIP) offers the same tools for analysis of complex threats (or merely suspicious files) as our GReAT cyberninjas use. And lots of other folks use them now too, testing zillions of files every month. But a lot has changed in the past year, with practically the whole world having to work remotely because of coronavirus, which in turn makes life more difficult for cybersecurity experts. Maintaining the security of corporate networks has become a hundred times ..read more