@BushidoToken Threat Intel

Introduction to Infrastructure Pivoting Pivoting on infrastructure is a handy skill for cyber threat intelligence (CTI) analysts to learn. It can help to reveal the bigger picture when it comes to malware, phishing, or network exploitation campaigns. Infrastructure pivoting essentially is the act of looking for more systems an adversary has created. The main benefit of this pursuit is the identification of additional targets or victims, more tools or malware samples, and ultimately new insights about the adversary’s capabilities. If done correctly, being able to pivot on adversary infrastructure will be very useful during incident response (IR) engagements. For example, it may lead to being able to attribute the intrusion to a known adversary. This will help others during an IR engagement understand the level of threat posed to the victim organisation. Receiving Threat Data To be able to pivot on adversary infrastructure, threat data is needed such as the intelligence shared ...

  The scourge of ransomware continues primarily because of three main reasons: Ransomware-as-a-Service (RaaS), cryptocurrency, and safe havens. RaaS platforms enable aspiring cybercriminals to join a gang and begin launching attacks with a support system that help extract ransom payments from their victims. Cryptocurrency enables cybercriminals to receive funds from victims around the world without the option to freeze or refund them due to the immutable nature of the virtual funds. Safe havens are countries that permit cybercriminals to launch attacks without immediate fear of arrest, enabling them to earn vast fortunes through ransomware campaigns. With these three challenges in mind, law enforcement and governments have a very difficult job to do when it comes to fighting ransomware but fight it they must. In this blog we shall recall what counter-ransomware activities took place in 2024, analyse their effectiveness, and assess how the landscape shall evolve as a result. A...