Blog

The Blueliv blog is home to the latest threat intelligence analysis, content from investigations, corporate news, information about our modular cyberthreat intelligence solutions, and more. Take some time to explore the archives and perspectives from our intelligence analysts and management team.

financial-services
Top security concerns for the Financial Services industry in 2020
Following on from the release of our whitepaper earlier this week, a survey has concluded that the Banking and Financial Services sector is struggling with a skills shortage along with the sheer volume of threats and alerts as it continues its ongoing battle against cybercrime. This is according to...
cyberthreat-intelligence-financial-services-banking
Follow the money: cyberthreat intelligence for Banking & Financial services
Banks and financial services handle some of the most valuable information to cybercriminals, from account and credit card data to sensitive PII (personally identifiable information). As such, these organizations remain at the forefront for risk as cybercriminals become increasingly sophisticated and malicious in their methods. A new generation of...
Breaches, Billions and Bitcoin – a look back on threats in 2019
2019 has been full of high-profile data breaches that have exposed credentials and personal data from millions of people and companies. And while many of these are ‘new releases’ that have stemmed from new cyberattacks, others are ‘compilations’ of records harvested over a far longer period and dumped onto...
malware campaign
Malware campaign targeting banks in Spain and Latin America
We have been tracking the footprint of an actor conducting a campaign targeting Latin American and Spanish users in recent months. The immediate objective of the campaign is the installation of a banking trojan on the users’ systems, with the goal of stealing sensitive financial information that can be...
resilience
What does good resilience look like?
Business leaders can learn a lot about cyberdefense by studying how a lioness protects her cubs. Like any mother, she puts up the stiffest defenses against all known forms of attack. But she will also take care to instill resilience in her offspring in case, inevitably, those defenses at...
research-blog
Spanish consultancy Everis suffers BitPaymer ransomware attack: a brief analysis
On 4th November 2019 researchers and the media reported a massive ransomware attack against several Spanish companies. Some of this news was exaggerated as it transpired that just two companies confirmed a security incident. However, both companies were attacked by a different threat actor.  This blog post will seek to clarify some details concerning the attack against Everis, which was different to...
cybersecurity-congress-2019
Barcelona Cybersecurity Congress 2019: some key takeaways
Last week our home city hosted the Barcelona Cybersecurity Congress (#BCNCyberCon19), the second edition of an event focused on bringing together key cybersecurity players and industry professionals from around Europe. Our Head of Threat Intelligence, Jose Miguel Esparza, was invited to present at a roundtable on the final day,...
Roast the perfect blend of automation and human intelligence
For those who enjoy a good cup of coffee, many more would surely choose a barista-made brew than take their chances from a vending machine. Automation, so the argument goes, is not a panacea. This coffee analogy is often brought out in debates about the emergence of security automation...
threat intel industry
Threat Exchange Network blog: October 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting IOCs...
corporate-blueliv
Blueliv shortlisted for three Security Excellence Awards for 2019
We are pleased to announced that we have been named as finalists by Computing.co.uk in their Security Excellence Awards. This year we have made the shortlist in three categories: Security Vendor of the Year Enterprise Security Award Enterprise Threat Detection Award This recognition builds on our success winning two...
threat intel industry
Demystifying threat intelligence: Part II
Following from our previous blog post, we seek to clear up some of the confusion around what threat intelligence (TI) is and is not in today’s market landscape. Here are the second 5 of 10 points that today’s threat intelligence absolutely is not. Threat intelligence is NOT just an...
threat intel industry
Demystifying threat intelligence: part I
As threat intelligence (TI) continues to evolve and mature, some outdated preconceptions remain. Much of this can be ascribed to the growing spectrum of TI suppliers offering different variations of the same basic concept; no wonder many customers are unsure. At one end, threat intelligence is pushing boundaries and...
Blueliv selected by EIT Digital as one of Europe’s best deep tech scaleups
Blueliv has been selected by EIT Digital, a leading European player in innovation and entrepreneurial education, as a finalist in its pan-European competition EIT Digital Challenge. The competition focuses on scaleups with deep tech products that leverage sophisticated, hard-to-reproduce digital technologies that fuel the digital transformation. A total of...
threat intel industry
State of the market: Threat Intel in 2019
Lifting the veil The threat intelligence market is growing rapidly but there is still some haziness in organizations’ understanding of the segment. Many consider threat intelligence the answer to thwarting the increasingly complex and devastating cyberattacks that plague organizations and individuals, but few understand exactly what it means beyond...
Cyberthreat intelligence retail
The cost of doing business: cyberthreat intelligence for retail & e-commerce
The internet has changed the way that goods and services are bought and sold. The retail and e-commerce sector continues to undergo rapid transformation as consumer expectation increases. We demand high quality experiences, products and services, on desktop and on mobile. On the back end, analytic engines, third-party integrations...
threat intel industry
Threat Exchange Network blog: August 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
threat intel industry
Threat Exchange Network blog: July 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
research-blog
An analysis of a spam distribution botnet: the inner workings of Onliner Spambot
  Table of contents Introduction Modular Design Worker Module Onliner Custom XOR key generation algorithm Checker SMTP Module Mailer Module Conclusion IOCs   Introduction Successful cybercrime campaigns make use of different elements working together to achieve their common goal. In the case of Onliner, the spambot appears to be...
EuskalHack
Last week, Blueliv was invited to participate in the fourth edition of EuskalHack in San Sebastián. Geared towards sharing information, the event hosted presentations focused on new discoveries, personal projects and tools from different disciplines in cybersecurity. These included both red team and blue team activities, both sharing information...
Evolution of Malware and Threat Actors
The world of malware and cybercrime has evolved a great deal in the last decade. The following blog post tracks this evolution, expanding on intelligence accessible through Threat Compass. The more we understand about the motivations and TTPs of threat actors, the stronger defenses we can build against cybercrime....
research-blog
Old tricks still work
There are many well-known anti-VM / anti-sandbox tricks in targeted malware. However, most up-to-date sandboxes have fixed them, or they can be fixed easily by modifying the VM in which the malware sample will run. In this article we will examine a particular technique that exploits a design flaw...
Blueliv als Finalist bei den GIT Security Awards 2020 ausgezeichnet
***English below*** Blueliv wurde als Finalist bei den GIT Security Awards 2020 ausgezeichnet. Unsere Flaggschifflösung Threat Compass wurde in der Kategorie A „IT Security and Safety for Automation, Cyber Security“ nominiert. Eine Expertenjury aus Vertretern zahlreicher deutscher Fachverbände (BHE, TÜV, VDMA, ZVEI), Systemintegratoren und Endanwendern brachte unsere modulare Threat...
threat intel industry
Threat Exchange Network blog: May 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
Data breach under GDPR: one year later
The European Union General Data Protection Regulation (GDPR) came into force on 25th May 2018. Just over a year later, European data protection regulators have reported nearly 90,000 data breach notifications so far, and notably these are only those which have been legally disclosed. Law firm DLA Piper recently suggested...
Shining a light on the darknet
A common visualization for the Internet is an iceberg. The indexed ‘surface’ web is less than 10% of what is visible, but 90% is non-indexed and known as the deep web. A small subset of the deep web includes hidden information and services: the dark web, or darknet. It’s...
Sweet Dream(s): An examination of instability in the darknet markets
These past few weeks in cyber underground news have seen the surprising hat trick of the passage of the self-imposed deadline for the closure of the notorious Dream Market, the law enforcement seizure of Valhalla Market, and the law enforcement takedown and arrests of admins associated with the Wall Street Market.  Many of the trends observed following...
industry-blog
Threat Exchange Network blog: April 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting...
Threat Actor activity: a quick recap
In our recent Threat Landscape Report we profiled several active threat actors which have made an impact over the past year. All of the threat actors in this article remain under close observation. Sharing this intelligence is part of our ongoing mission to collaborate with industry peers, enrich the...
research-blog
Where is Emotet? Latest geolocation data
Emotet is an old malware threat that continues to affect many users and companies around the world. Once a machine has been infected, a number of things can happen—but typically, new malware is deployed and credentials are stolen. Emotet’s business model is based on distribution groups – the stolen...
Fraud and cybercrime in Latin America: an evolving threat landscape
Internet penetration is rapidly increasing in Latin America. Mobile usage is commonplace, and more people own bank accounts than ever before which means online transactions are also on the rise. This is great news for innovative Latin American companies, and consequently, cybercriminals targeting them. With higher levels of growth...
Selling FormBook
Our home city Barcelona hosted BSides last week, where the information security community across Europe gathered discuss the current security landscape. Members of our Labs team were invited to present research into FormBook, one of the most notorious info-stealers and form-grabbers in recent years. The fight against cybercrime is...
Blueliv announces technical alliance with MrLooquer
We are excited to announce our latest technical alliance, following founders Fran Gomez and Rafa Sanchez’ presentation at this year’s RootedCon in Madrid. MrLooquer, a fellow Spanish cybersecurity company, provides valuable information to help organizations manage their risk accurately. Their technology discovers and analyses IPv4 and IPv6 assets covering...
industry-blog
Threat Exchange Network blog: March 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by exporting these...
Taking stock: RSA Conference 2019
Last week’s RSA Conference in San Francisco was one of the busiest ever, drawing tens of thousands of information security professionals, law enforcement and academics from around the world. RSA is always a great barometer of how the cybersecurity market is evolving at a global level, and this year...
Overview and thoughts about Shamoon3 toolkit
Introduction On August 15, 2012, a computer attack left “out of the box” about 30,000 Windows systems of the Saudi Aramco oil company. The incident had a significant impact on businesses processes and production at the company, which took weeks to return to normal activity. The malware deployed in...
Annual Cyberthreat Landscape report shines spotlight on credential theft and expanding Latin America market
Today we launch our Annual Cyberthreat Landscape Report for 2018-19, providing insights into emerging and evolving cybersecurity trends. By sharing intelligence and collaborating with the industry, we are in a much better position to fight cybercrime this year. The report reveals that botnet stolen credentials increased by a staggering fifty...
Threat intelligence for healthcare: how to get the most out of your investment
Healthcare C-suite leaders are facing challenging times. This is the most breached sector globally, accounting for 24% of all cases investigated by Verizon. Valuable patient data, mission critical but exposed digital endpoints and strict compliance requirements all add to the cybersecurity challenge. This is where threat intelligence (TI) can...
Sales of AZORult grind to an AZOR-halt
Author of Popular Credential Stealer Announces End of Sales Key Points In late December, the author of the AZORult stealer publicly stated that he would be ending sales of the malware. AZORult has been advertised on Russian-language cybercrime forums since at least 2016 and has become fairly popular among...
Real-time threat detection and why timing is the key to threat intelligence
You wouldn’t sit idle under siege. However, when it comes to confronting real-time cyberthreats, it is what some businesses are doing – oftentimes without even realizing it. Organizations are increasingly finding themselves targets of cybercrime, carried out by hacktivists, nation states, or financially motivated criminals. In fact, on average...
Blueliv partners with e92plus, the UK channel’s leading cybersecurity value-added distributor
We are delighted to announce that we have partnered with e92plus as a key distributor to help grow our channel business in the UK. e92plus is the leading cybersecurity VAD for the UK channel, whose extensive cybersecurity knowledge and experience will enable VARs and MSSPs to benefit from using our solutions...
threat intel industry
Threat Exchange Network blog: January 2019
The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by...
financial sector
Effective threat intelligence for the financial sector
Financial sector CISOs and security teams face a tough challenge. They need to keep the organization  safe from the huge volume of indiscriminate threats that are unfortunately the price of doing business on the internet today. But they must also ensure they’re as resilient as possible to targeted, sophisticated...
Why threat intelligence helps CISOs make better security decisions
In just a few short years, the discipline of threat intelligence (TI) has grown from something on the cutting edge of cybersecurity, to a must-have feature for any CISO serious about effectively managing online risk. Allowing organizations to finally move from a reactive to a proactive posture, it can...
Top 10 Criteria for Buying the Best Threat Intelligence Solutions
CISOs are busy people. The chances are you’re balancing a variety of tasks: from communication with the board, to managing incident response, organization-wide training strategies, and a growing regulatory compliance burden driven by the GDPR and EU NIS Directive. This leaves little time to spend on due diligence to...
What does threat mitigation mean in practice?
Cyber threats have reached epidemic proportions. In the UK for example, nearly half (43%) of all businesses polled by the government in 2018 said they’d suffered a security breach or attack in the previous 12 months — and the real figure could be much higher. One vendor said it...
Threat intelligence tools your cybersecurity team needs
Threat intelligence (TI) is a vital capability for any IT security department. If used effectively, it can offer CISOs the ability to take security from a reactive to a proactive posture, enabling them to better manage cyber risk and support the business-wide digital transformation agenda. But the major caveat...
How to choose the right Threat Intelligence for your organization
Today’s CISOs face an unprecedented range of pressures. They are tasked with creating the secure foundation on which the success of boardroom-led digital transformation efforts rest. They must manage a growing volume and variety of risks across networks, applications, clouds, endpoints, servers and supply chains. And they must do...
threat intel industry
Threat Exchange Network blog: November 2018
Our community is growing daily – become a member for free and contribute to the network. The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month. Join for free today – in addition to...
corporate-blueliv
Changing the channel: some significant updates for our strategic partners
New team members, new wins and partner portal upgrades to deliver better services The past year, we have been making numerous improvements to our Strategic Partnership Program, to help Distributors, MSSPs and VARs sell our modular threat intelligence solutions to customers. In January, the relaunch of our multi-market program...
Blueliv receives double honors at Computing Security Excellence Awards
We have been recognized for industry leadership and promoting new collaborative models in Enterprise Security and Enterprise Threat Detection categories We are thrilled to announce today two significant award wins at the Computing.co.uk Security Excellence Awards: the Enterprise Security and Enterprise Threat Detection categories for 2018. The independent panel...
Threat intelligence
What is Threat Intelligence and why is it important?
Index Introduction What threat intelligence isn’t ‘Data’ ‘Information’ What threat intelligence is? Gathering Processing and actionable delivery Integration, visualization and dissemination Categories of threat intelligence Tactical Operational Strategic When to use threat intelligence Before an attack During an attack After an attack The benefits of real-time, dynamic threat intelligence...
research-blog
CryptoAPI in Malware
For a considerable period, cryptography algorithms with varying levels of complexity have been detected in most malware families. Many have different purposes, from decrypting configuartions carried by the malware or downloaded from a server, to encrypting communications with C2s, to encrypting user files in the case of ransomware, and...
Managing cyber-risk: Cyberthreat intelligence and the Insurance sector
Organizations in all sectors face increasingly virulent and sophisticated cyberthreats on a weekly, if not daily basis. The insurance sector is particularly at risk.  From organized criminal groups seeking PII (personally identifiable information), financial account data and anything else that can be monetized, to hacktivists trying disrupt the day-to-day...
threat intel industry
North American credential theft industry records substantial quarterly increase, against declines in Europe and Asia
141% increase in compromised credentials detected in North America during Blueliv quarterly analysis Fewer compromised European and Asian credentials detected over same period (22% and 36% decreases respectively) LokiPWS malware family distribution continues to increase faster than Pony this quarter Our latest quarterly credential theft analysis follows the initial...
corporate-blueliv
Blueliv shortlisted for four of Computing’s Security Excellence Awards
Following our recent recognition as Threat Intelligence Company of the Year 2018 by Cybersecurity Breakthrough, we are pleased to announce that we have been named Finalists in the following categories by Computing’s Security Excellence Awards: Security Vendor of the Year – SME Enterprise Security Award Enterprise Threat Detection Award...
Demo Free Trial Community Newsletter