CYBER THREAT INTELLIGENCE BLOG

From Data Leaks to Bot-led Takeovers: Understanding Leaked Credentials vs Compromised Accounts

If we had a nickel for every time someone asked us the difference between leaked credentials and compromised accounts… Well, we’d be able to treat the team to a packet of Oreos one of these days. Why does it matter? Well, according to CISA, 54% of cyberattacks involve the use of valid accounts. As a result, understanding the risk of compromised accounts and leaked credentials is critical.  This article tackles the terms head-on, and discusses how threat actors get their hands on sensitive account details, diving deep into the different types of vulnerability and what they mean for protecting your organization.
2024 in Cybercrime_ KELA Predictions

2024 in Cybercrime: KELA Predictions

While some cybercriminals are on their holiday vacations (yes, we observed zero new ransomware victims on New Year’s Eve), the lull won’t continue long. Ahead of the new battles of 2024, KELA elaborates on the most expected trends in cybercrime for this year.

Your Compromise Is Confirmed: How Threat Actors Access Hotel Accounts on Booking.com

Over the last few months, several phishing campaigns were spotted using compromised credentials of hotels and homeowners. Particularly interesting is a widespread operation that employs these credentials to contact guests on Booking.com via their internal messenger (1, 2, 3, 4). In a fraudulent message, the attackers impersonate a hotel and lure victims into visiting a malicious phishing page designed to steal their credit card details.

5 Questions About Hamas-Israel War

As we approach the end of 2023, the Hamas-Israel war still rages on, and so do cyberattacks accompanying it. KELA selected 5 questions out of those we’ve been asked by our clients and partners (aside from “how are you?”) in the past 70+ days, and represent the cybersecurity angle of a physical war.

5 Questions (and Answers) About the Kyivstar Attack

Following a cyberattack on December 12, 2023, Kyivstar, a major Ukrainian mobile network operator, faced a significant digital crisis. The incident has been discussed as one of the most powerful attacks on a telecommunication organization. Confusing claims surfaced from hacktivist groups like Killnet and its successor, Deanon Club, along with Solntsepek. In this blog, KELA dives into the details of the Kyivstar cyberattack, exploring the conflicting stories and the potential involvement of a Russian nation-state actor.

KELA is Named One to Watch in the Data Enrichment Category of Snowflake’s 2023 Next-Generation Cybersecurity Applications Report!

Data enrichment is the process of pairing security event data with non-event data and deriving useful information to translate raw data into meaningful and actionable insights to improve an organization’s security. This process gives security analysts more context about the data their security tools are ingesting and what’s happening in their environment.

Uncovering Your Adversaries with KELA’s Threat Actors Hub

The cybercrime landscape is constantly evolving with sophisticated threats and risks, but the heart of the cybercrime ecosystem is built on threat actors. Being the brains behind each cyber incident, they are responsible for ransomware attacks, data breaches, building new malware, and aiming to compromise corporate networks. Threat actors are a wide range of players, from nation-state actors to script kiddies.  This blog delves into KELA’s new module – Threat Actors and details how CTI analysts can leverage it for their everyday tasks.  The module allows security teams to monitor, identify, and track threat actors in the cybercrime landscape, understand their TTPs and connections with other actors. It further delivers actionable intelligence on their motivations, aliases, tools, contact details, and activity in cybercrime forums.