Anomali detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand the adversary, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. Anomali enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs worldwide.

For more information, visit our website below and follow us on Twitter @Anomali

Our Website:

Latest Content From Anomali

Research Report: Cybersecurity Insider 2018 Threat Intelligence Report

by AnomaliNov 29, 2018

77% of respondents say that threat intelligence is very to extremely important to their organization's overall security posture.

Threat intelligence has become a significant weapon in the fight against cybersecurity threats, and a large majority of organizations have made it a key part of their security strategies.

Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats.

Organizations utilize threat intelligence tools when facing cyber threats such as phishing, zero-day attacks, insider attacks, advanced persistent threats, and malware. Other challenges include threat detection, gaining full visibility into all assets and vulnerabilities, and lack of advanced security staff.

Get the full report from Cybersecurtiy Insider and Anomali.

Whitepaper: STIX/TAXII: What You Need to Know

by AnomaliNov 28, 2018

Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII)

The old adage of "sharing is caring" is paramount within the cyber threat intelligence community. Quick and in-depth transfer of knowledge between individuals, organizations, products, and platforms can lead to improved prevention and mitigation of cyber-attacks. There are many sources of information possible for acquiring such knowledge, but sharing opens many questions:

•How best to share this information and what should the information look like?
•What structure will ensure that it is quickly and efficiently parsed?
•How can you guarantee that the information you share is detailed and accurate?

Cyber threat sharing protocols called Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Intelligence Information (TAXII) have been developed in response to these questions. The establishment of STIX/TAXII is an open, community-driven effort that provides free specifications to aid in the automated expression of cyber threat information.

Download this whitepaper to learn more about these essential tools.

Whitepaper: NotPetya: One Year Later

by AnomaliNov 28, 2018

This whitepaper examines the NotPetya cyber-attack that occurred in late June 2017. Almost immediately following the WannaCry cyberattack, the NotPetya malware affected countries and organizations around the globe that had strikingly similar repercussions and lessons to take away.

We analyzed how organizations implemented policy or procedural changes, if any, immediately following WannaCry as well as within the past year to improve their resilience to the ever-changing cyber threat landscape.

This whitepaper looks at NotPetya in detail by:
•Examining NotPetya
•Outlining the technical analysis of the NotPetya malware
•Assessing the consequences the attack had on affected organizations
•Discussing the lessons organizations need to take away from this specific cyber incident
•Get up to date on NotPetya, download the paper.

Whitepaper: Threatscape of the US Election

by AnomaliNov 28, 2018

Cyber Attacks Targeting Political Elections Are In Full Swing

The aftermath of the 2016 US Presidential election left many Americans questioning the integrity of the election infrastructure. Fast-forward to the US 2018 midterm election, and you'd be hard-pressed to avoid seeing security researchers and media outlets discussing threats posed to nation's election infrastructure.

A wide range of threat actors pose risks to the elections from sophisticated, state-sponsored Advanced Persistent Threat (APT) groups, to hacktivist groups, and less sophisticated threat actors (script kiddies). The potential attack vectors can vary depending on the complexity and skill of the culpable group, however, there are a series of common vectors that will remain constant.

The objective of this report is to discuss the current state of election risk and the beliefs amongst security researchers regarding the security of the US election infrastructure and the plethora of threats posed to it. We'll also explore the various groups who are known to attack election infrastructure or who have threat capabilities.


Research Report: United States of America Cybersecurity Profile from Anomali Labs

by AnomaliOct 22, 2018

The most powerful country in the world has one of the oldest and most sophisticated cybersecurity programs. Attributed to attacks against countries like Iran, including Stuxnet. The United States has a track record of using offensive techniques against potential threats to national security.

The United States has an increasingly complex foreign policy climate, which is likely to create events in which offensive cyber-attacks will be weighed as an option. In order for cyber defenses to prepare for adversaries at the individual, organized-crime, and government level, they must understand how the country tactically operates and why they strategically choose to do so.

This research report from Anomali Labs provides a thorough examination of the United States, including:

• Current Political, Economic, and Security Landscape
• National Cyber Strategy
• Intelligence Apparatus
• Previous Activity
• Future Concerns: China, Russia, Iran, DPRK, Pakistan

Download the full profile.

Research Report: SANS 2018 Threat Hunting Survey Results

by AnomaliOct 22, 2018

Threat Hunting is Not Simply a Compromise Assessment or Continuous Security Monitoring

Ultimately, threat hunting is an approach that drives security benefits across the organization by making sure that human adversaries are met by human defenders who are taking full advantage of the environment that they defend.

Top survey findings:

• Threat intelligence leads threat hunting
• Trained staff are key to running threat hunting engagements
• Hunting showing that organizations are using intelligence properly
• Threat hunting is helping organizations find threats more effectively

Get the report to find out about the top findings and how to implement good threat hunting practices.

Research Report: The Changing Landscape of U.S. Election Security

by AnomaliOct 22, 2018

Protecting the Sanctity of the Ballot Box Against Cyberthreats Depends On Legislation, Enforcement, and Sharing Up-To-Date Threat Intelligence Data

Confidence in the honesty of election system has hit record lows, yet the federal executive branch still has not articulated an overarching strategy and plan of action to secure them. Disparate election systems operate with little standardization and no unified oversight, making them particularly vulnerable in the face of growing cybersecurity threats.

Government entities will need to ensure that every citizen has the right to secure vote, in order to ensure that all constituents have confidence that their votes will count.

Here are some of the issues addressed:

• The varying levels of cyber-readiness at the state and municipal levels
• Different legislation that has passed or halted around election security
• How threat intelligence technology can be adopted as the first line of defense

Get the report!

Whitepaper: Turkish Hacktivists Respond to US Sanctions: Anomali Labs Cyber Threat Brief

by AnomaliOct 22, 2018

Escalation Between Turkey and the US Provokes a Response from Cyber Groups

The recent escalation in tensions between the United States and Turkey over the detention of pastor Andrew Brunson has prompted Turkish patriotic hacktivists groups to target American websites.

Historically, the two most prominent hacktivist groups Aslan Neferler Tim (ANT) and Turk Hack Team (THT) have reacted to political issues impacting Turkey, by targeting the perceived adversary with low-level nuisance attacks such as web defacements and Distributed Denial of Service attacks (DDoS). As the political situation deteriorates, Anomali expects to see an increase in hacktivist related activity targeting American websites.

This brief will run through a few key points of the escalation, with a focus on the Turkish hacktivist groups ANT and THT.

Read the brief for the latest on Turkey and US relations.

Whitepaper: WannaCry: One Year Later

by AnomaliOct 01, 2018

This white paper analyses the WannaCry ransomware attack that occurred in May 2017. It delves into how things have evolved in the past year to observe whether companies and organizations have modified and changed to address the issues WannaCry highlighted. The report investigates the technical aspects of the attack, the consequences for organizations, and the lessons learned.

Good cybersecurity behaviors like immediately implementing critical patches to systems, utilizing multi-factor authentication, having cold backup storage that is frequently updated, adequate training for employees is critical to reducing the likelihood that your organization has of being impacted by significant cyber-attacks.

It has been observed that organizations that utilize these practices and policies are at a considerably lower risk of being affected by threat actors. These practices effectively improve organizational security from a variety of fronts and remain the best way that companies can improve their cyber resilience.

Whitepaper: Email Spoofing a Threat to the 2018 Midterm Elections

by AnomaliSep 13, 2018

Can Lightning Strike the US Elections Twice?

Based on the research findings, close to 96% of the evaluated State, District of Columbia, and Territory elections offices and online voter registration sites remain highly susceptible to email spoofing attacks.

Anomali Labs reviewed the last two years of election-related threat reporting from government agencies, vendors, and news media. We found that phishing and spear-phishing (highly personalized, targeted phishing) emails are often a pre-cursor for obtaining unauthorized access to target systems and networks, presumably for election interference purposes.

The team evaluated and defined, three authentication protocols, one DNS resolution security control, two secure mail server controls. They recommend implementing email security controls such as SPF, DKIM, DMARC, STARTTLS, DNSSEC, and DANE to ensure the integrity and confidentiality of election site email systems and remove common attack vectors from threat actors' arsenals.

Review the findings before the midterms.