Topic: Cyber investigations and threat intelligence

Russia Ukraine Crisis Overview
June 10, 2022
As a result of Russia’s invasion of Ukraine, cyber threats are likely to increase. Read the latest from our threat intelligence team.
Overreliance on GPS Carries Risk for Everyone
By Nellie Ohr
January 10, 2022
Accenture discusses what are the risks of GPS (global positioning system) and the steps to take to defend against those threats. Read more.
Karakurt rises from its lair
By Cyber Investigations, Forensics and Response (CIFR)
December 10, 2021
New threat group Karakurt begins operations. Learn about this financially motivated group, how it operates and how to mitigate its attacks. Learn more.
Dark Web Reconnaissance-as-a-Service Thriving
By Paul Mansfield
December 6, 2021
Accenture explores services cyber criminals buy to facilitate their attacks and ways to limit the success of such services. Read more.
Who are latest targets of cyber group Lyceum?
By Accenture Cyber Threat Intelligence
Prevailion
November 9, 2021
Accenture shares our new findings of a hacking group Lyceum’s latest attacks as it expands its targets and how to mitigate them. Read more.
Diving into double extortion campaigns
By Cyber Investigations, Forensics and Response (CIFR)
Accenture Cyber Threat Intelligence
November 1, 2021
Accenture explores Big-Game extortion campaigns focused on the attack timeline and countdown the days leading up to ransomware deployment. Read more.
Moving Left of the Ransomware Boom
By Accenture Cyber Threat Intelligence
VMWare Security Business Unit
October 11, 2021
Accenture and VMware collaborate using MITRE ATT&CK to document ransomware gang TTPs prior to ransomware to help teams mitigate and respond to a compromise.
Containerize Your IR Timelining
By Mark McCurdy
Jeffrey Beley
Cyber Investigations, Forensics and Response (CIFR)
September 21, 2021
Accenture explains how Incident Response timelining made easy using Docker Plaso to process artifacts from a large list of source types. Read more.
Partnering to Stop Cybercrime: Countering the Cyber Extortionists
By Accenture Cyber Threat Intelligence
Amanda Richmond
August 2, 2021
Accenture and VMware collaborate using MITRE ATT&CK to document ransomware gang TTPs and Time to Ransom to help mitigate and respond to a compromise. Read more.
Follow the Indicators of Compromise (IOC) Breadcrumbs
By Casey Gately
July 23, 2021
Accenture explores unlike breadcrumbs that you can sweep up and throw away, you can’t do that with Indicators of Compromise (IOC) crumbs. Read more.
Cyber threat intelligence: What threat trends tell us
By Howard Marshall
July 15, 2021
The Accenture Cyber Threat Intelligence team has examined recent threat trends and offers expert perspectives on what to do about them. Read the blog.
Journey into the unknown: Threats to business travel after COVID-19
By Paul Mansfield
June 7, 2021
As vaccinations roll out and international travel resumes, Accenture reveals threat actors will look to exploit business travelers & travel industry. Read more.
Exploiting multi-factor authentication: Criminals further evolving their tactics to compromise protected accounts
By Howard Marshall
April 26, 2021
Accenture talks about the multi-factor authentication (MFA) to prevent account theft as passwords are often not enough for account protection. Read more.
Why it‘s good for cybercriminals if we all get connected
By Joshua Ray
April 22, 2021
Accenture reveals organizations can withstand the security challenges in connectivity by sharing knowledge and developing standardized systems. Read more.
Preparing for the next big supply chain compromise: 5 possible things organizations can do now
By Accenture Cyber Threat Intelligence
Application Security Advisory Services
March 29, 2021
Accenture reveals supply chain breaches are increasing in frequency with 40% of cyberattacks occurring through the cloud or managed service provider. Read more.
It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims
By Jeffrey Beley
Eric Welling
Ryan Leininger
Accenture Cyber Threat Intelligence
March 26, 2021
Accenture reveals an unknown threat group is using self-proclaimed Hades ransomware in cybercrime operations that have impacted three victims. Read more.
Understanding today’s cyber threatscape–How to tackle cyber fraud
By Sanjeev Shukla
March 19, 2021
Accenture Security leaders at a techUK webinar discussed rising trends, including threats from emerging tech and how to tackle cyber fraud. Read more.
How cybercriminals are finding new ways for us to “stand and deliver“
By Joshua Ray
March 17, 2021
Cybercriminals are using sophisticated approaches to demand ransomware. Read Accenture's blog to know-how.
Cloudy with a chance of mischief: How cybercriminals are accessing cloud resources
By Paul Mansfield
March 10, 2021
Accenture reveals cybercriminals are targeting organizations lacking cloud security measures as more companies move their operations to the cloud. Read more.
Hard lessons learned: Threat intel takeaways from the community response to Solarigate
By Alexandrea Berninger
February 16, 2021
Accenture's blog shows what can we learn as cyber threat intelligence providers from the SolarWinds breach & better communicate about cyber threats. Read more.
Looking back to see the future: CIFR DeLorean—2021 edition
By Jeffrey Beley
Heather Larrieu
Ryan Leininger
February 10, 2021
Looking back at incident response data collected by Accenture’s Cyber Investigations and Forensic Response team in 2020, we predict trends for 2021. Read more.
Ready-made cybercrime is the latest security threat
By Joshua Ray
January 29, 2021
Accenture's 2020 Cyber Threatscape report reveals that cybercriminals use both masked and noisy cyberattacks to complicate threat detection. Read more.
Machete adopts LokiRat as part of their toolset
By Edson Sierra
Hannah Meyerfeld
December 23, 2020
Accenture Cyber Threat Intelligence observed Machete, a Spanish-speaking cyber-espionage threat group, integrate LokiRat code into their toolset. Learn more.
How new sophisticated attacks threaten our favorite places
By Joshua Ray
December 17, 2020
Cybercriminals are finding ways to attack the platforms that we use and love. Learn more.
Tracking and combatting an evolving danger: Ransomware extortion
By Paul Mansfield
December 15, 2020
More companies are being targeted with various new extortion techniques and ransomware gangs are accumulating large profits. Learn more.
Four things CISOs should be doing right now
By Piyush Jain
December 7, 2020
Accenture's blog explains four tips for CISOs who want to ensure security is implemented throughout their organization and is effective. Read more.
Win the hearts of incident responders with Windows logging
By Mark McCurdy
November 30, 2020
Accenture's blog describes how to leverage Windows logging for incident response. Read more.
Why you need to stay safe working from home
By Joshua Ray
November 16, 2020
Accenture's blog takes close look at the first trend from the 2020 Cyber Threatscape Report—how COVID-19 accelerates the need for adaptive security. Read more.
Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
By Accenture Cyber Threat Intelligence
October 28, 2020
Turla, identified internally by Accenture Cyber Threat Intelligence as Belugasturgeon, targets government organizations using custom malware. Read more.
Shady deals: The destructive relationship between network access sellers and ransomware groups
By Paul Mansfield
Thomas Willkan
October 12, 2020
Ransomware groups are taking advantage of opportunities to purchase network access on dark web forums to compromise networks and unleash malware. Learn more.
State-aligned adversaries and COVID-19: How has COVID-19 impacted your strategic cyber threat model?
By Ed Williams
October 7, 2020
Accenture's blog discusses the importance of reviewing a strategic threat model now as organisations work to understand the pandemic’s impact. Read more.
Active defense: Sweep the leg!
By Ryan Leininger
Medicus Riddick III
October 1, 2020
Accenture's blog shares how your organization can better prepare for a proactive defense posture. Read more.
All aboard! How hackers are moving in on the transit sector
By Howard Marshall
June 22, 2020
Accenture's blog reveals public transportation systems can face a range of threats from financially and politically motivated cyberthreat actors. Read more.
Threat actors update phishing techniques to take advantage of cloud transitions
By Heather Larrieu
May 27, 2020
Accenture Security CIFR team has seen threat actors update their phishing techniques to take advantage of the rapid adoption of cloud-based SaaS. Read more.
Look out, C2 communications: PXJ may be coming for you
By Nancy Strutt
May 18, 2020
Accenture iDefense analysts have uncovered details about command-and-control communications in a dangerous new PXJ ransomware variant. Read more.
Extortion entrepreneurs: How cybercriminals are bullying businesses
By Paul Mansfield
May 8, 2020
In this blog post, Accenture's Paul Mansfield describes various threat actor tactics used to extort organisations. Read more.
Citrix virtual hard disk analysis: Don't miss coins in your swap
By Mark McCurdy
Lawrence McDonald
Heather Larrieu
April 24, 2020
The Accenture Security Cyber Investigation and Forensics Response (CIFR) team investigated a potential exploit of a Citrix NetScaler appliance. Read more.
New Click2Gov Threat: Sophisticated, Sneaky and Dangerous
By Alireza Salimi
Jeffrey Beley
April 14, 2020
Accenture's CIFR team investigates new Click2Gov breaches attempted by the hackers responsible for the 2017 and 2018 threats as well. Read more.
Looking back to see the future: CIFR DeLorean - 2020 Edition
By Ryan Leininger
February 26, 2020
iDefense analyzes 2019 Cyber Investigation and Forensics Response (CIFR) data and predicts trends for 2020. Learn more.
E-commerce under attack
By Paul Mansfield
December 2, 2019
This blog explains some of the ways e-commerce businesses are targeted and actions both customers and businesses can take to mitigate these threats. Read more.
Threat hunting: Disrupting advanced adversaries
By Jeffrey Beley
Ryan Leininger
September 18, 2019
This blog post takes a deep dive into Accenture’s threat hunting approach, exploring the phases of the cycle and sharing a recent case study.
New version of MegaCortex targets business disruption
By Leo Fernandes
August 5, 2019
iDefense engineers identified and analyzed an updated version of the dangerous ransomware MegaCortex. Learn more.
What’s the cyber future for financial services?
By Valerie Abend
April 26, 2019
Our report, “Future cyber threats: Extreme but plausible threat scenarios in Financial Services,” describes cyber attack scenarios for financial services.
Care and feeding of your active threats
By Cyber Investigations, Forensics and Response (CIFR)
March 11, 2019
If you want your organization to experience well-established active cyber threats, keep these lessons in mind. Read more.
Mudcarp's focus on submarine technologies
By Accenture Cyber Threat Intelligence
March 5, 2019
iDefense analysts have likely identified the contractor targeted by the threat group MUDCARP, in addition to supply chain assets, universities and labs.
SNAKEMACKEREL delivers SedUploader malware
By Accenture Cyber Threat Intelligence
February 13, 2019
This blog post intends to provide early indication and warning notice about an opportunity for SNAKEMACKEREL actors to conduct attacks. Learn more.
Threat hunting: Improving resilience with an intelligence-driven, hypothesis-based approach
By Justin Harvey
Ryan Leininger
February 5, 2019
Accenture's approach to threat hunting combines actionable intelligence with testable hypotheses to drive outcome-based operations. Learn more.
Pond Loach delivers BadCake malware
By Accenture Cyber Threat Intelligence
January 17, 2019
During 2018, iDefense observed several events likely attributed to the POND LOACH threat group, an adversary that has likely been active since 2013. Learn more.
SNAKEMACKEREL delivers Zekapab malware
By Accenture Cyber Threat Intelligence
November 29, 2018
iDefense analysts identified a campaign by SNAKEMACKEREL using a BREXIT-themed lure document to deliver the Zekapab first-stage malware. Learn more.
iDefense Anomali Detect ’18 recap
By Accenture Cyber Threat Intelligence
October 16, 2018
Members of Accenture's Cyber Threat Intelligence team presented original research on a group called MUDCARP at the 3rd annual Anomali Detect conference.
Goldfin security alert
By Joshua Ray
August 2, 2018
A series of cyberattacks using a malware family called SOCKSBOT was used by a threat group in an 18-month-long campaign dubbed Goldfin. Learn more.
Hogfish alert
By Joshua Ray
April 23, 2018
HOGFISH, also known as APT10, is an espionage threat group that has been heavily targeting Japan and Western organizations since as early as 2009. Learn more.
Monero/WannaMine alert
By Joshua Ray
March 22, 2018
Monero is rapidly becoming the cryptocurrency of choice in the cybercriminal underground economy. Learn more.
Elise malware alert
By Joshua Ray
January 28, 2018
After the first attack in 2015, a new form of the Elise malware has been identified by the iDefense team in Accenture Security. Learn more.
TRITON/TRISIS malware alert
By Joshua Ray
January 23, 2018
TRITON (also known as TRISIS or HatMan) is a destructive malware and framework that can alter and disrupt operations of safety instrumented systems. Learn more.
CRASHOVERRIDE malware alert
By Joshua Ray
January 10, 2018
Examination of a power outage in Kiev, Ukraine in December 2016 identified a malware framework known as CRASHOVERRIDE or INDUSTROYER. Learn more.
WANACRYPT0R malware alert
By Joshua Ray
May 20, 2017
In May 2017, the WanaCrypt0r/WannaCry ransomware attack affected 47 National Health Service trusts in the U.K. Learn more.
View All
ALL TOPICS
Subscription Center
Subscribe to Accenture's Cyber defense blog Subscribe to Accenture's Cyber defense blog
Subscribe