Find all of our content intended to enrich your understanding of the Cyber industry
We provide you with expert content such as our monthly and quarterly reports on the state of the threat, our webinars but also feedback from users of our XDR, CTI and TIP platform.
News highlights
Dynamics of ransomware activity in Q1 2022
Discover the dynamics of the ransomware attacks SEKOIA monitored since early 2022. Some unusual shifts in the top affected countries and sectors in just one click.
The “Command & Control” infrastructures of cyber attackers observed in 2021
Discover the "Command & Control" infrastructures used by cybercriminal or state sponsored threat actors to carry out their cyber-attack campaigns.
Threat status reports
Dynamics of ransomware activity in Q1 2022
Discover the dynamics of the ransomware attacks SEKOIA monitored since early 2022. Some unusual shifts in the top affected countries and sectors in just one click.
The “Command & Control” infrastructures of cyber attackers observed in 2021
Discover the "Command & Control" infrastructures used by cybercriminal or state sponsored threat actors to carry out their cyber-attack campaigns.
NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
Discover in this report everything about the new infection chain of NOBELIUM, the intrusion set behind the SolarWonds supply-chain attack.
Iranian nation-state operators are (re)turning to ransomware
Discover in this analysis: 1- It’s not All quiet on the Iranian front. 2- Deploying ransomware - to what end? 3- Moses Staff - the latest example of an ideologically-driven extortion scheme.
FLINT about REvil attack on Kaseya
Discover our FLINT about REvil attack on Kaseya including an in-depth analysis of the attack, Course of actions to prevent risks, IoCs & Technical Details, Tactics, Techniques & Procedures (ATT&CK).
Webinars
Demos
Case study
Cyber threats targeting online banking services: focus on Cerberus
Discover an overview of the cyber threats targeting the banking industry,
the evolution of a popular mobile banking malware and a technical analysis of Cerberus.
Glossary
XDR
(eXtended Detection & Response)
XDR (eXtended Detection & Response) designates a holistic approach to cybersecurity operational. It stands out for its ability to consolidate and automate on a unified SaaS platform all data, analyzes and responses to cyber threats, regardless of their origin, supplier or specialization.
SIEM
(Security Information and Event Management)
A SIEM (Security Information and Event Management) is an IT security tool that is used to collect, store and analyze large volumes of log data from all sources in the enterprise. It is used to take advantage of each of these data (collected) to identify and analyze, from a platform, the events and/or incidents that may take place on the company's computer network.
EDR
(Endpoint Detection and Response)
EDR stands for Endpoint Detection and Response. The term EDR first appeared in 2013 in an analysis by the consulting firm Gartner. Analyzing the fact that hackers primarily target employee workstations, Gartner has introduced the concept of “Endpoint Detection and Response” to designate a security solution to detect and remedy cyber threats targeting endpoints (computer, server).
CTI
(Cyber Threat Intelligence)
Cyber Threat Intelligence (CTI) defines cyber threat research, analysis and modeling. It'is used to prevent and detect computer attacks.
IoC
(Indicator of compromise)
IoC (Indicator of compromise) is qualified technical data that makes it possible to detect malicious activities on an information system. These indicators can be based on data of various types, for example: a file hash, a signature, an IP address, a URL, a domain name… but in all cases, the technical data alone (observable, see this word) is not enough to talk about IoC.
SOC
(Security Operations Center)
Security Operations Center (SOC) is an organizational structure dedicated to the implementation of all the security operations of an organization against cyberattacks. These actions include the supervision and protection of an organization’s information system (workstations, networks, website, applications, databases, etc.)
SOAR
(Security Orchestration, Automation and Response)
A Security Orchestration Automation and Response system covers three major functions: response, orchestration, and automation of computer security systems. Along with SIEM and CTI, this is one of the three main functions of a SOC.
STIX
(Structured Threat Information eXpression)
STIX (Structured Threat Information eXpression) is an open standard describing objects of interest in the field of defensive computer warfare, and the links they can maintain between them.
CERT
(Computer Emergency Response Team)
The primary mission of a CERT is to contain computer security incidents, minimize their impact on the organization's operations and reputation, and facilitate post-crisis remediation and reconstruction.
Firewall
(Firewall)
A firewall is a network security system that helps protect your computer from unauthorized access. It does this by blocking incoming and outgoing requests to your computer, based on rules that the network administrator has predefined.
ISAC
(Information Sharing and Analysis Center)
ISAC (Information Sharing and Analysis Center) is a non-profit organization that provides a central resource capable of gathering information on cyber threats against critical infrastructures and share them with its members.
Shadow IT
()
Shadow IT is a term used to refer to hardware and software deployed by employees within an organization without the knowledge or approval of its IT department.
Traffer
(Worker in the underground community)
From the Russian word “Траффер”, also referred to as “worker” in the underground community, traffers are responsible for redirecting user’s traffic to malicious content (malware, fraud, phishing, scam, etc.) operated by others.
