» Blog

This is one of a series of posts addressing key threats to the retail sector in an attempt to identify which information assets and systems must be protected, and to examine the value of identifying adversaries and intelligence consumers. Today, the most serious data breaches and disruptions result from well-planned, complex attacks that target specific…

Threat actors are increasingly targeting supply chain organizations to get around ever more hardened corporate perimeters, modifying their products to achieve a range of potential effects, such as cyber espionage, organizational disruption or demonstrable financial impact. According to a recent report by the National Counterintelligence and Security Center (NCSC), software supply chain infiltration has already…

BlackHat USA is one of the world’s leading information security events, providing attendees with the very latest in research, development and trends. This year’s conference was no different and delivered its attendees with an extensive amount of valuable insight. The RH-ISAC Threat Intelligence Team had the pleasure of attending and has provided a brief summary…

We’re just about two months away from the 2018 Retail Cyber Intelligence Summit in Denver. The RH-ISAC will have organized more than 20 sessions to help members better prepare for future challenges in cyber security. This year’s Summit follows our tradition of an RH-ISAC member-driven agenda with sessions on operational metrics, APTs, incident response planning…

Numerous attack campaigns in the past couple of months have demonstrated a common tactic used by cybercriminals and state-sponsored attackers alike―credential harvesting. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage either stolen, default or weak credentials. While credential harvesting is often seen as equivalent to phishing, it uses different…