WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
In this months episode of the what we’re reading series, we deep dive into an investigation into Russia’s military intelligence service (GRU), the recent Ethereum merge, and tracking the Russia -Ukraine war in Liveuamap. Check out the key takeaways from the team below.
Late last month, Bellingcat released findings from an investigation into an alleged agent from Russia’s military intelligence service, the GRU. The joint investigation by Bellingcat, Der Spiegel, The Insider, and La Repubblica reads like a spy novel: Filled with deception, exotic locales, and tragic backstories. Although the agent under investigation is no James Bond— despite their shared love for fast cars—the report is fascinating in its demonstration of open-source intelligence (OSINT) practices, as well as the benefits and dangers of online data breaches.
According to the investigation, Maria Adela Kuhfeldt Rivera—real name Olga Kolobova—was a GRU spy based in Naples, Italy, home of one the North Atlantic Treaty Organization (NATO)’s Allied Joint Force Commands. Bearing the backstory of a Russia-raised Peruvian-German socialite, jeweller, and philanthropist, Kolobova managed to charm and befriend senior NATO officers in the city. After nearly a decade abroad, she returned to Russia for unknown reasons in 2018, ending her operations.
The information about Kolobova was acquired from a variety of sources. Passport information was purchased from online Russian black markets. Her GRU affiliation was confirmed using call record metadata. Considerable information about Kolobova’s movements and social network was acquired using open-source information such as social media and news sources. Her real identity was discovered using Microsoft Azure’s facial recognition tool, AND confirmed against a leaked database of Russian drivers’ licenses.
This investigation goes to show both the use of, and challenges posed by open-source intelligence. As cyber threat intelligence researchers, we are always looking for new techniques to improve our investigations. But what well-meaning investigators can discover may also be exploited by threat actors for more nefarious purposes, such as VIP impersonation, identity theft, and extortion. Governments, companies, and individuals should take note of the ways in which data can be used demonstrated in this article and take measures against them accordingly.
The full investigation is available here.
Yes another Chris contribution to this series and another opportunity to talk about cryptocurrencY. This time, we’re mentioning what is likely the biggest crypto event of 2022, the Ethereum merge. The merge, which took place on 12 September 2022, refers to the move of the world’s second largest cryptocurrency from proof of work to proof of stake; i.e. changing the consensus method of validating the ledger of transactions. Within proof of work (PoW), consensus is achieved through cryptomining, with miners competing to solve a computational problem. Any miner that solves the problem updates the ledger by appending a new block to the chain, and gets newly minted coins in return. This requires an enormous amount of computing power and, thus, energy consumption.
Proof of stake (PoS) instead allows users to instead act as the consensus mechanism through using their investments in Ethereum’s native coins, ETH. ETH that is locked up, or “Staked” in a smart contract, allows users to act as validators for transactions. The validator is then responsible for checking that new blocks propagated over the network are valid and occasionally creating and propagating new blocks themselves. PoS is used among several other leading crypto projects, including Cardano, Solana, and Avalanche.
Fundamentally, PoS has one enormous advantage over PoW, in that it is enormously less taxing from an energy perspective. By moving to PoS, Ethereum is reportedly now 99.9% more energy efficient. To put this into perspective, Ethereum before the merge, consumed around 83.89 TWh of electricity each year. This is equivalent to the consumption of a medium-sized country such as Finland, highlighting the enormous improvement in energy consumption that the move to PoS will bring.
The Merge has been on the timeline for many years, with many crypto enthusiasts wondering if this monumental event would ever take place. Well as of 15 September 2022, its finally here. There’s a great summary of the recent changes, including the benefits and incentives to new traders, on Coindesk.com. Check out the article here.
Since Russia invaded Ukraine on 24 Feburary 2022, it’s been difficult to keep track of exactly what’s going on. The information war remains as complicated as ever, and though we can almost watch the war in real time via combat footage uploaded to Telegram, it’s difficult to separate truth from rumor and visualize territorial, materiel, and personal gains and losses. This doesn’t just apply to government representatives, who have their own agenda and—especially in the case of Russia—frequently distort the truth or outright lie for propaganda purposes. This also applies to the thousands of military bloggers (milbloggers) who contribute their analysis, opinions, and predictions of the military situation from behind the fog of war.
I’ve been monitoring Live Universal Awareness Map (Liveuamap), a leading independent global news and information site that monitors activities on online geographic maps. This is particularly useful for locations with ongoing armed conflicts, with the service developed by Ukrainian software engineers. The map provides real-time (or as close to real-time as possible) updates on artillery strikes, troop movements, aircraft sorties, state announcements, and cyberattacks, which are all independently verified. This week the map showed that following Russia’s announcement of partial mobilization—that will see roughly 300,000 reservists called up—all tickets for direct flights for 21-22 Sep 2022 from Moscow, to the capitals of Turkey, Armenia, Uzbekistan, and Azerbaijan, had sold out. Additionally, it showed that the mobilization notice will now be sent to eligible men via paper notices, and identified that the Russian state services digital portal “GosUslugi” website is partially down.
The Liveuamap system tracks authors of social media posts of interest by identifying their former posts, number of activities, whom they follow and applies filter techniques to extract relevant information. When an accumulation of correlated messages about an event occurring at a location passes thresholds defined by the algorithms, the situation is listed for human intervention. At least two Liveuamap members decide whether the information about the event is valid, and whether it should be used on the map or if further verification is needed.
In addition to the ongoing war in Ukraine, the service has covered armed conflicts in many countries and regions, with over 30 maps with comments in eight languages. Furthermore, users can toggle a “Cyberwar” view that covers ongoing attacks and the effects of previous attacks in the cybersphere, which included attacks on critical infrastructure at the onset of the invasion.
In recent days I’ve found it particularly useful for visualizing the conflicts that have broken out between Armenia and Azerbaijan, and between Kyrgyzstan and Tajikistan. I’d highly recommend Liveuamap as a “one-stop-shop” for getting an accurate and unbiased overview of ongoing conflicts.
Check out the Liveuamap service here.
This is the stuff us analysts love to do: Researching and learning more about the myriad threats out there, and contextualizing them with the world around us. We love cyber threat intelligence!
Find out more about the intelligence we provide in SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) with a 7-day test drive, or contact us to schedule a demo to learn more about your use cases and how intelligence might make a difference for you.