External Threat Landscape Management – The Neuro-Center of Cyber Defense

The traditional review cycle that assumes risks are well-known, quantifiable, and fixed for a period of time, may have served organizations well in the first two decades of web 2.0, but it is no longer adequate in an environment where cyber threats are not static and constantly evolving. To help customers navigate this complex threat landscape, CYFIRMA has redefined threat intelligence beyond static data feeds to encompass predictive, contextualized, and actionable insights that enable organizations to gain full visibility of their digital assets, attack surface, and vulnerabilities. At CYFIRMA, we define this new approach as External Threat Landscape Management (ETLM), which serves as the neuro-center of cyber defense today. This paper details CYFIRMA’s ETLM approach, data model, and use cases. It outlines problem statements that ETLM can solve and demonstrates why conventional threat intelligence is not working.


D3 Security Integration with CYFIRMA

D3 NextGen SOAR integrates with CYFIRMA’s DeCYFIR, a leading external threat landscape management platform. CYFIRMA’s visibility into external threats combines cyber intelligence, vulnerability intelligence, attack surface intelligence, and digital risk exposure. These insights and alerts enable D3’s automated workflows across the entire technology ecosystem. Joint users can proactively uncover risks and act rapidly to disrupt impending attacks.


KuppingerCole’s Executive View on DeCYFIR

Reactive security measures respond to cyberattacks that have already happened. While cybersecurity spending is increasing, cyberattacks are also becoming more frequent. To mitigate risks and prevent potential attacks, proactive actions must be combined with reactive actions. CYFIRMA offers an external threat landscape management solution that possesses predictive and intelligence-based cybersecurity capabilities to provide insights into the attackers’ perspective. KuppingerCole’s analysts provide their unbiased review of DeCYFIR in this paper.


Cyber Research on the Malicious Use of Discord

CYFIRMA Research team has uncovered known threat actors who have been abusing the Discord platform to carry out their nefarious cyber activities. The research also shows hackers using Discord as a communication platform, a marketplace to buy and sell tools, setup botnet and C2 servers, host malicious files, and more. This research paper outlines the ways hackers have used Discord as part of their attack infrastructure and the reasons why it has become an enabler of many cyberattacks.


Hikvision Surveillance Cameras Vulnerabilities

CYFIRMA researchers have observed, as per the sample analysed, thousands of Hikvision cameras still being used, which are vulnerable and could be exploited by cybercriminals.

Hangzhou Hikvision Digital Technology Co., Ltd., often shortened to Hikvision, is a Chinese state-owned manufacturer and supplier of video surveillance equipment for civilian and military purposes, headquartered in Hangzhou, Zhejiang. Hikvision is a provider of Industrial IoT sensors technologies, and active in the education, and retail industries, amongst other critical infrastructure segments.


The Origins of APT 41 and ShadowPad Lineage

When the CYFIRMA research team began its work on tracking APT41, it became apparent that there is a rich history to be learned as part of any attempt to understand this APT. This history allowed us to trace the lineage of the ShadowPad modular malware kit back to the early 2000s while finding its likely exclusive use in the current day by the reformed Chinese military. This paper focus on tracking its early history, connections, and legacies to provide useful CTI context to current-day TTPs and campaigns.


Keksec and EnemyBot – From Edgy Teenagers To Serious Cybercriminals

EnemyBot is a Linux-based botnet attributed to a threat group Keksec which is also known as Kek Security. The group is known for exploiting vulnerabilities to attack multiple architectures with polymorphic tools that include Linux and Windows payloads as well as custom Python malware to carry out crypto mining and Distributed Denial of Service (DDoS) attacks. The group adopts a Build, Operate and Distribute model for its operation, enhancing its malware with leaked botnet source codes (Mirai and Gafgyt), establishing a botnet to conduct DDoS attacks, and selling developed malware in underground forums to generate revenue. This research paper outlines the group’s evolution, history of cyberattacks, technical analysis and observed exploits.


Mirai – The Botnet that Made IoT Dangerous

Mirai is a self-propagating botnet malware created by Paras Jha and his friends Josiah White and Dalton Norman. Their operation was aimed almost exclusively at Minecraft servers and other gaming services. Yet, due to its massive firepower, it managed to take down parts of core network infrastructures during its attacks, wreaking mayhem around the globe. It wasn’t the first malware targeting IoT devices and connecting them to a malicious botnet. It was, however, the first to do it in a highly efficient way, causing high-profile incidents and even sparking fear of nation-state cyber assault. Read this whitepaper to understand how Mirai works and its legacy of destruction.


DeCYFIR for Splunk Datasheet

DeCYFIR is an external threat landscape management platform combining cyber threat intelligence with attack surface discovery and digital risk protection to deliver predictive, personalized, contextual, outside-in, and multi-layered intelligence. This empowers security teams with a complete view of their external threat landscape and ensures their cybersecurity posture is robust, resilient, and able to counter emerging cyber threats.


DeCYFIR for ServiceNow Datasheet

DeCYFIR for ServiceNow App Empowers ITSM teams with relevant cyber threat insights to fend off cyberattacks.


KuppingerCole Report Whitepaper

To stay ahead of cybercriminals, “knowing the enemy and knowing yourself” is key to building effective defenses. Organizations must have full visibility to their external threat landscape and be aware of potential attacks targeting them. This predictive capability allows organizations to focus on the biggest risk to avert the most damaging fallout. Download this whitepaper by KuppingerCole Analysts to learn how to get ahead of cybercriminals.


CYFIRMA predicts 10 cyber security trends for 2022

CYFIRMA Cybersecurity Predictions 2022

In 2022, cybercriminals will continue to evolve their modus operandi – attaining greater sophistication and modifying their tactics, techniques, and procedures to outsmart cyber defenders. With the development and wider adoption of radical new technologies like 5G, cryptocurrencies and industrial robotics, attackers will find renewed motivation to diversify, with attacks that are not easy to foresee and difficult to mitigate. In simple terms, cyber defenders will quickly realize the inevitable fact: No surface is out of the cybercriminals’ reach and influence! This whitepaper covers the emerging threats from kinetic cyberattacks, collaboration among state actors, cyber risk related to mobile devices, and how cybercrime will become an investment-worthy asset class.


The Case for External Threat Landscape Management

Cybersecurity strategies need to reconsider the applicability and value of external threat intelligence and how it can strengthen cyber posture as a whole and improve risk reporting to business stakeholders. Being aware of data “in the wild” can be an incredibly valuable tool for both the business and the cyber security team. For businesses, it provides improved risk-reporting capabilities, something that regulators across the globe are starting to explore. For the cybersecurity team it can help identify unknown vulnerabilities, allowing them to prepare for an imminent breach or offer more information about the credibility of their own strategy and execution. Visibility of the external threat landscape holds immense value to prevent cybercriminals from gaining ground resulting in costly data breaches and other penalties.


DeCYFIR Datasheet

From executive to management and security operations center, DeCYFIR is a cloud-based threat visibility and intelligence SaaS platform that empowers both business and technology leaders to drive growth and innovation while keeping data and assets safe from cybercriminals.  The cyber-intelligence platform is designed to defend your organization by uncovering your attack surfaces, building your digital risk profile, and using personalized cyber-intelligence to predict imminent attacks.



DeTCT Datasheet

Digital risk has grown by leaps and bounds with the mass migration to digital formats. Cybersecurity leaders face the daunting challenge of identifying digital footprints which have been compromised. The speed at which an exposed digital risk is uncovered can determine the extent of the damage to brand, reputation, and finance. Contain and minimize the fallout with DeTCT by CYFIRMA.


Most active ransomware operators and their exploits in 2021

Most Active Ransomware Operators  and their Exploits in 2021

This e-book aims to introduce the leading players in this space today. This paper will provide readers insights into the modus operandi, tactics, techniques, and procedures (TTPs) as well as situational awareness into the ransomware dangers that could be lurking in their threat landscape.


Cyber Threats to SMBs in APAC

Cyberthreats to SMBs in APAC

SMBs now clearly face enough cyberattacks which requires them to think about the vitality of drawing a prevention and response plan. We take a deep dive into the digitization drive of SMBs and the associated cybersecurity risks, gaps, and challenges. The paper covers the technologies that can help SMBs mitigate risk and build a stronger cyber posture.


The impact of external threat intelligence on risk profiles

The Impact of External Threat Intelligence on Risk Profiles

Cybersecurity is now a globally-acknowledged boardroom challenge, but strategies globally fallshort of being effective.  Too much emphasis is placed on protection,without a full understanding of the threat landscape. Cybersecurity is no longer a “business as usual” department because what we all face is cyberwarfare. By reframing our understanding of what we are contending with, strategies would change.


The rising danger of cyber threats in the healthcare industry

The Rising Danger of Cyber Threats in the Healthcare Industry

The healthcare industry has undergone a massive digital shift with the COVID-19 pandemic the key driving force in recent times. From clinicians to pharmaceutical companies, the entire ecosystem and value chain has moved to a highly inter-connected model. And along with it, digital risks and cyber threats have increased in tandem. This whitepaper cast the light on the latest cyberattacks targeting the healthcare industry, specific hacking groups who are focused in extracting maximum benefit, their techniques, tactics and procedures, as well as ongoing campaigns at the point of writing. This paper is meant for cyber defenders who want a deeper understanding of the latest cyber threats and be better equipped to protect their people, data and assets.


Cyber warfare: decoding threats for nations and businesses

Cyber Warfare – Decoding Threats for Nations and Businesses

Over the past two decades, businesses, governments and the general public have all witnessed an unprecedented growth of digitization and digital economy. From designing critical infrastructure to selling and buying of an ink pen worth a few dollars, all this can be done on a digital platform. The threat actors and their attack surfaces have evolved, expanded, and now replacing the traditional combat warfare with a new tack – The Cyber Warfare. This whitepaper answers some of the most frequently and inquisitively asked questions about the What, Where, When, and How of Cyber Warfare. We shed light on the fact that although there’s a country vs country angle to Cyber Warfare, the enterprises and businesses in these countries bear the brunt of their respective governments and decision makers. This tack of warfare can bring down governments as it not only affects the public infrastructure but also private businesses and enterprises.


Tokyo 2020 Olympics – threat landscape

Tokyo Olympics Threat Landscape

This document profiles the cyber threat landscape of the Tokyo 2020 Olympics which was postponed to 2021. The report covers threat actors’ activities, attack vectors, geographical adversaries, potential targets, and impending threats.


Challenges of the "digital normal" in the post-pandemic world

Challenges of the Digital Normal

Across industries, companies are downsizing operations and putting employees on furlough or issuing pink slips. Some countries have resumed manufacturing, though on a reduced scale. The airlines have just reopened bookings in some regions. All US states have reopened, and people are getting back to work. While we see green shoots and a glimmer of hope, business will never be the same again. Economists warn that it will take a decade to restore the world economy to pre-Covid levels. Read how businesses are transforming and the impact on cybersecurity.


Sea and Japan – threat landscape report 2020

SEA and Japan Threat Landscape Report 2020/2021

The threat landscape in Southeast Asia and Japan is fast evolving due to the changing geopolitical dynamics, Covid-19 pandemic and the emergence of digital businesses. Find out the top attack methods, trends in malware, threats actors and their exploits, as well as predictions for the coming months.


India threat landscape report 2020

India Threat Landscape Report 2020/2021

The digitally savvy, and the youthful population lives the mobile-first, hyper-connected lifestyle that creates a big attack surface for cybercriminals. While digital adoption is breaking new grounds, the corresponding cyber maturity is low and not keeping pace with the technological strides. All these factors are prompting more nations – especially India’s geopolitical foes – to partake in the cyber game targeting India. The Big 3 – namely China, North Korea, and Russia, authoritarian regimes that are suspected of aiding state-sponsored cybercriminal activities – have shown interest in breaching India’s security perimeters. This report highlights the various cybersecurity insights drawn from this region.


CYFIRMA predicts 10 cyber security trends for 2021

CYFIRMA’s 10 Cybersecurity Predictions for 2021

The post-pandemic world will see digital risk gaining momentum as cybercriminals sharpen their saw with new attack methods fueled by vulnerabilities presented in the digital normal. Cybercriminal activities could mirror Hollywood, deep fake technology will become the new weapon of choice, supply chain attacks will gain momentum, ‘multi-morphic’ malware will evade detection, cybercriminals would not only impersonate identities but the entire IT ecosystem. Read the details of our predictions here.