@BushidoToken Threat Intel

  The scourge of ransomware continues primarily because of three main reasons: Ransomware-as-a-Service (RaaS), cryptocurrency, and safe havens. RaaS platforms enable aspiring cybercriminals to join a gang and begin launching attacks with a support system that help extract ransom payments from their victims. Cryptocurrency enables cybercriminals to receive funds from victims around the world without the option to freeze or refund them due to the immutable nature of the virtual funds. Safe havens are countries that permit cybercriminals to launch attacks without immediate fear of arrest, enabling them to earn vast fortunes through ransomware campaigns. With these three challenges in mind, law enforcement and governments have a very difficult job to do when it comes to fighting ransomware but fight it they must. In this blog we shall recall what counter-ransomware activities took place in 2024, analyse their effectiveness, and assess how the landscape shall evolve as a result. ...

Introduction The aim of this blog is to highlight the 2024 global cybersecurity trends that defenders can study to prepare themselves for the threats of 2025. The Top 10 Cyber Threats of 2024 had several interesting themes, such as aggressive cyber espionage campaigns from Russia and China, new cases of state-sponsored cybercrime from Iran and North Korea, ground breaking ransomware attacks, and multiple disruption events that were notable. #1 The Snowflake Campaign This year, Snowflake was the center of a historic data breach campaign . Snowflake is a cloud-hosted service that allows companies to store huge datasets. In May, up to 165 customers had their databases accessed and stolen using valid login credentials. In June, the stolen data was offered on the English-speaking cybercrime community known as BreachForums, which was resurrected following a takedown by the FBI earlier in the year. The aftermath of the Snowflake campaign has been staggering. The publicly known impact ...

Introduction Cyber Threat Intelligence (CTI) analysts come from diverse backgrounds, and their roles can vary a lot depending on the type of organisation they work for. The path to becoming a CTI analyst can follow one of several routes, such as moving from Security Operations Center (SOC) and other information security roles, joining from university, or from law enforcement or military backgrounds. I’ve also met many who have radically changed trades and reskilled from jobs such as secondary school teachers to bar and hotel staff with great success. CTI teams can also vary significantly in their structure and focus. Some analysts work for vendors, providing intelligence to multiple clients across industries like, for example, Recorded Future’s Insikt Group. Others serve as defenders within a single company, working to protect that organization’s assets like, for example Equinix’s ETAC team. There are analysts who operate within government agencies as well, such as intelligence, se...