Digital Shadows

Digital Shadows provides cyber situational awareness to help organizations protect against cyber attacks, loss of intellectual property, and loss of brand and reputational integrity. We are jointly headquartered in London and San Francisco. Digital Shadows helps large multi-national organizations in sectors including finance, retail, pharmaceuticals and oil and gas. Our flagship solution, Digital Shadows SearchLight,is a scalable and easy-to-use data analysis platform that provides a complete view of an organization's digital footprint and the profile of its attackers. SearchLight is complemented with support from our world-class intelligence operations team to ensure extensive coverage, tailored intelligence and frictionless deployment. Digital Shadows helps our customers see their organizations through an "attacker's eye view" and keep their assets and reputation intact.

Our Website:

Latest Content From Digital Shadows

Whitepaper: Shooting the Messenger: Understanding the Threats to the Media and Broadcasting Industry

by Digital ShadowsNov 16, 2016

Amid all of the noise, it's often tricky for organizations to identify and prioritize the threats they face online. Organizations in the media and broadcasting industry are no exception.

This paper explores:
- Trends in the threats seen in 2016 for broadcasting and media organizations
- The steps that can be taken to prevent and mitigate potential threats

Whitepaper: Compromised Credentials: Learn from the Exposure of the World's 1,000 Biggest Companies

by Digital ShadowsSep 21, 2016

Barely a week goes by without reports of a leaked database. For the companies that are breached, the reputational, brand and financial implications are clear.

But how vast are the breaches, who is being targeted and why, and what is being done with the data?

Our new report analyzes the top 1,000 companies in the Forbes 2000 list to:
- Understand how the world's biggest companies have been affected by these breaches
- Identify trends across regions and industries
- Explore how threat actors are making use of these compromised credentials

Whitepaper: From Bozkurt to Buhtrap: Cyber Threats Affecting Financial Institutions in 1H 2016

by Digital ShadowsSep 09, 2016

Despite recent activity surrounding the healthcare industry, organizations in the financial services industry continue to face a wide variety of cyber threats. The first half of 2016 saw plenty of cyber threats targeted at, and relevant to, the financial services industry. In order to stay ahead of these threats, organizations must develop situational awareness of them.

This paper explores:
- Activity we have detected across hacktivism, cybercrime and targeted attacks.
- The motivation and tactics, techniques and procedures of the threat actors targeting the financial services sector.
- Projections for activity we might see against the financial service industry in Q3 2016.

Whitepaper: Ransomware and other Cyber Extortion: Preventing and mitigating increasingly targeted attacks

by Digital ShadowsSep 09, 2016

Extortion is the practice of obtaining something, especially money, through force or threats.

There are three main tactics behind cyber extortion: the threat of distributed denial of service (DDoS), the threat of data compromise and ransomware. Especially for organizations whose websites are revenue generating, these actors can cause enormous problems and their attacks can be very costly.

In this paper we will:

- Identify some of the most active extortion actors.
- Understand the motivations, tools and processes used by these actors.
- Compare and contrast different variants of ransomware.
- Learn how to prevent and mitigate these threats.

Whitepaper: O'Reilly: Patrolling the Dark Net

by Digital ShadowsSep 09, 2016

In this O'Reilly report, authors Greg Fell and Mike Barlow explore both the benign and malevolent activities of the dark net, and the dark web, to explain:
- The surprising origin of the dark net
- How criminals use the dark net to steal and store vital information
- How you can patrol this not-so-secret domain to detect and thwart intruders

Whitepaper: The OPSEC Opportunity: Understand adversary OPSEC to Improve Your Security Program

by Digital ShadowsSep 09, 2016

Operations Security (OPSEC) has been a key tactic used by commercial and military organizations to protect privacy and anonymity throughout history. Criminals, however, use OPSEC as a means to an end - avoiding detection, maintaining availability of their attack infrastructure, and retaining access to environments they have compromised.

Lapses in OPSEC can have significant implications for defenders and attackers alike. Organizations all too often unknowingly expose confidential information that increase risks.

In this paper you will learn:
- How OPSEC drives security, privacy and anonymity
- How OPSEC mistakes can be costly
- How adversaries approach OPSEC
- A 5-step OPSEC program for defenders
- How to build resilience into your OPSEC program

Whitepaper: Cyber Threats Targeting Mergers and Acquisitions

by Digital ShadowsSep 09, 2016

Global merger and acquisition activity reached record-breaking deal values in 2015 at over $4 trillion. These high levels of activity are expected to continue, making it all the more important to secure sensitive information. Failure to do so opens the door to threat actors looking to profit by exploiting financial markets and proprietary intellectual property.

This paper examines:
- Cyber risks or possible degradation to a company's security posture due to the M&A process
- Historical cases of threat actors
- Likely threats across the five-stages that companies typically go through during a merger or acquisition
- How to better understand the threats faced with M&A and how to mitigate accordingly

Whitepaper: In the Business of Exploitation

by Digital ShadowsSep 09, 2016

Understanding the most commonly exploited software and the most frequently targeted vulnerabilities can aid in mitigating the threat posed by exploit kits. Assuming that exploit kits remain profitable for threat actors, it is likely that exploits for further vulnerabilities will be implemented in the future.

This paper explores:
- 22 exploit kits in order to understand the most frequently exploited software.
- Trends within the exploitation of vulnerabilities.
- Which vulnerabilities are most widely exploited and active.