Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.



Anomali detects adversaries and tells you who they are. Organizations rely on the Anomali Threat Platform to detect threats, understand the adversary, and respond effectively. Anomali arms security teams with machine learning optimized threat intelligence and identifies hidden threats targeting their environments. Anomali enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs worldwide.

For more information, visit our website below and follow us on Twitter @Anomali

Our Website:

Latest Content From Anomali

Research Report: SANS 2020 Cyber Threat Intelligence Survey Results

by AnomaliMar 27, 2020

The Maturation of Cyber Threat Intelligence (CTI)

This year's survey had a record number of respondents (1,006) and the highest ever reporting of Cyber Threat Intelligence (CTI) programs within organizations. 2020 showed 80% of respondents reporting that they produce or consume CTI, an increase of 10% to last year.

As the field reaches maturity, understanding and improving the effectiveness of CTI programs will become more critical. This paper focuses on why finding the right people and tools for a Cyber Threat Intelligence (CTI) program is crucial, the intelligence cycle process, as well as the value and inhibitors of CTI.

Key takeaways from this year's survey:

• Collaboration is key
• Not all processes require the same level of automation
• The necessary data and tools change as CTI teams evolve
• Requirements are taking hold and are a staple of mature teams
• A community of consumers and producers contribute to CTI

Read this year's report to learn more about how to keep your CTI program moving forward.

Research Report: Osterman Research-Nation-State Attack Survey: Top CISO Concerns

by AnomaliMar 27, 2020

The Situation Between the United States and Iran is Influencing CISO's Security Strategy and Operations.

Nation-state attacks--in which military of non-military government entities seek to infiltrate other governments, enterprises, or non-commercial organizations--are on the rise. For example, Microsoft revealed in mid-2019 that 8,000 of its enterprise customers had been targeted by these types of attacks during the previous twelve months.

Nation-state attacks are especially worrisome after kinetic incidents, such as the January 2020 altercations between the United States and Iran. While some nation-state attacks are driven by political aims, many are driven by industrial espionage, intelligence gathering, and other malicious goals.

To determine the extent of concern and readiness for nation-state attacks in enterprise-level organizations, Osterman Research conducted an in-depth survey of CISOs. Download the full Osterman Research Survey Report to learn what they discovered. To determine the extent of concern and readiness for nation-state attacks in enterprise-level organizations, Osterman Research conducted an in-depth survey of CISOs. Download the full Osterman Research Survey Report to learn what they discovered.

Whitepaper: The Lure of PSD2: Anomali Threat Research

by AnomaliJan 23, 2020

While PSD2 Legislation Aims at Reducing Payment Fraud for the Financial Industry, Threat Actors See an Opportunity to Lure New Phishing Victims

PSD2 is a directive aimed at regulating payment services with the intention to make cross-border payments in the EU as easy, efficient, and secure as payments within a member state. PSD2 builds on the previous legislation, and the UK Financial Conduct Authority (FCA) has agreed to a phased roll-out plan to full compliance by March 2021. As efforts within the financial sector work toward implementation, cyber threat actors and groups are using PSD2 as an opportune theme to target and strike.

This whitepaper highlights recent notable findings to raise awareness of malicious activity across financial institutions, electronic money institutions, and payment institutions throughout Europe. We'll cover:

• Key findings and active threats
• Analysis of malicious PSD2 lure tactics
• IOCs for your security teams to proactively monitor

Read the full report to reduce the potential impact of PSD2 phishing lures.

Whitepaper: Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine

by AnomaliJan 23, 2020

Russia-Sponsored APT Group, Gamaredon (Primitive Bear), Believed Responsible for Ukraine Targeting

The Anomali Threat Research (ATR) team has identified malicious activity that they believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group, Gamaredon (Primitive Bear). Lure documents observed appear to target Ukrainian entities such as diplomats, government employees, military officials, and more.

The object of this report is to highlight new Gamaredon tactics, techniques, and procedures (TTP) and share indicators of compromise (IOCs) to the security community for awareness and further analysis. You'll find:

• Current targeting landscape
• Lure document analysis
• Technical IOCs associated with the campaign

Learn about the indicated risk to Ukrainian government entities by APT threat group Gamaredon (Primitive Bear).

Whitepaper: Phishing Campaign Targets Multiple U.S. and International Government Procurement Services

by AnomaliJan 23, 2020

Global Phishing Campaign Spoofs Multiple Government Procurement Services With Credential Harvesting

Anomali researchers have identified a credential harvesting campaign designed to steal the login credentials for multiple government procurement services from a range of countries. The procurement services are used by multiple public sector organizations to match buyers and suppliers.

This whitepaper aims to provide an overview of the discovered phishing campaign, as Anomali researchers consider it likely that the actors will continue to target these services in the future. We'll cover:

• The targeted landscape and spoofed organizations
• Lure documents and credential harvesting sites
• Threat Infrastructure Analysis
• Specific indicators of compromise (IOCs) associated with the campaign

Read the full report to understand the possible motivations of this phishing campaign.

Research Report: SC Media Expert Focus: The Community Approach to Sharing Security Intel

by AnomaliOct 16, 2019

When Everyone Participates—Sharing and ISACs Can Be a Vital Source of Security Intelligence

Information Sharing Analysis Centers (ISACs) are private sector organizations that are sometimes known as Information Sharing and Analysis Organizations (ISAOs). They are one of the most effective weapons against mass cyberattacks, but companies often join ISACs without a firm plan in place on how to interact and leverage threat intel for the biggest return.

The key challenge ISACs face is getting members to understand that its intelligence is only valuable if everyone gives and receives. ISACs can deliver huge security benefits to companies, but it requires cooperation and active participation on the part of all members. An ISAC's effectiveness is predicated on seeing rivals as teammates in fighting attackers.

Read the full Expert Focus from SC Media and Anomali.

Research Report: SANS 2019 SOC Survey

by AnomaliOct 16, 2019

SANS Common and Best Practices for Security Operations Centers (SOC)

Lack of skilled staff, budget, and effective automation are the most commonly cited reasons for failing to achieve excellence in existing SOCs. To gain management support for resources, SOC managers need to move beyond quantity-based metrics to business-relevant metrics.

In this survey, senior SANS instructor and course author Christopher Crowley, along with advisor and SANS director of emerging technologies John Pescatore, provide objective data to security leaders who are looking to establish a SOC or optimize an existing one.

Get an overview of common and best practices, defendable metrics that can be used to justify SOC resources to management, and which key areas SOC managers can prioritize to increase the effectiveness and efficiency of security operations.

See how your SOC stacks up to others, get the full report.

Research Report: SANS 2019 Top New Attacks and Threat Report

by AnomaliOct 16, 2019

Basic Security Hygiene Practices are Key to Avoiding the Majority of Commodity Attacks

There is no shortage of media coverage of cybersecurity breaches and outages, and there are many places to find statistics about how many attacks were launched in cyberspace. What is harder to find is expert advice on areas that are worth focusing your resource and efforts on in an effort to protect your organization.

This SANS whitepaper analyzes a baseline of breach and malware data from the past year and goes further to summarize expert opinions from SANS instructors on the emerging threats to look out for in 2019 and beyond. SANS experts cover the areas they believe will have the highest impact for the future, in addition to mitigation advice for each.

Areas include:

  • DNS Related Attacks
  • Domain Fronting
  • Targeted Cloud-Based Personal Attacks
  • Management Infrastructure/Embedded Hardware Attacks

Get the full report and focus your efforts when protecting your organization.

E-Book: Managing Threat Intelligence Playbook

by AnomaliOct 16, 2019

Threat Intelligence for Improved Cyber Threat Mitigation and Accelerated Remediation

Understanding threat intelligence and implementing a threat intelligence solution to enhance your cybersecurity strategy should not be an intimidating process. With a solid plan, your transition to threat intelligence can be smooth, useful, and insightful. This ebook covers the basic steps for successfully adding threat intelligence to your environment, and how to avoid underutilizing it:

  • What Challenges Do Threat Intelligence Platforms Address?
  • What to Look for in a Threat Intelligence Platform?
  • How Threat Management Fits Into the Security Lifecycle
  • Anomali Altitude™
  • Case Studies

Get the eBook and achieve your threat intelligence and management goals.

Whitepaper: Organizing the Hunt for Cyber Threats with MITRE ATT&CK

by AnomaliMar 14, 2019

The first step to outsmarting your enemies-- think like them

Today's security teams are fully occupied reacting to the volumes of organizational data on potential malicious activity. Responding to a high volume of alarms can leave very little time for strategy or improving the overall security environment.

Organizations are harnessing MITRE ATT&CK to understand their adversaries and strengthen their defenses. The ATT&CK framework structures comprehensive information on attacker tactics and techniques to help you keep track of, and defend against, the evolving nature of cyber threats.

Learn how you can use MITRE ATT&CK to:

• Provide better insights into threat intelligence
• Reveal gaps and weaknesses in your security infrastructure
• Develop heightened detection and mitigation controls

Get the report now.