Silent Push

Adversaries are constantly obfuscating their attacks and changing their TTPs, causing most contemporary IOC-based threat intelligence to quickly become stale and out of date. Now, the need for preemptive threat intelligence is more prominent than ever. Thankfully, the solution to this problem is simple... A comprehensive Threat Intelligence strategy should combine Indicators of Future Attack (IOFAs) with other sources of intelligence, such as threat reports, threat hunting, and human intelligence – think threat intelligence on steroids. ?? So, what is an IOFA? ?? IOFAs are domains, IP addresses and DNS records that indicate attacker behavior and intent, meaning security teams can identify and neutralize threats BEFORE they’re weaponized. Learn more about how you can incorporate IOFAs into your security operations here: https://hubs.ly/Q02VQdsx0 #silentpush #IOFAs #threatintelligence #CTI #cybersecurity

Stay on top of emerging threats. Register for critical research alerts from Silent Push: https://hubs.ly/Q02ZlmKb0 #threatresearch #threatintelligence #silentpush #IOFA

Our team at Silent Push has been tracking "Illegal Online Pharmacies" and working to put together a feed of over 2,500 of their current domains for our clients. These sites sell everything from 'Viagra' to pain pills & even websites selling steroids. More details @ https://lnkd.in/gFipM4MY Our report comes on the heels of the DEA's successful September 30, 2024 "Operation Press Your Luck" - some details from the Drug Enforcement Administration @ https://lnkd.in/gJdPZ278 18 individuals were charged, 100 lbs. of Fentanyl was found along with 215 lbs. of meth -- which was being put into pills. I've personally tracked these "Canadian Pharmacy Scams" for years -- they constantly rotate domains and they are being promoted through various web spam -- sometimes just classic comment spam -- other times using open redirect vulns or by compromising subdomains and hosting spam content. As a threat analyst, typically the "fun stuff" to track are serious APT groups or cybercrime groups doing novel things. But these illegal online pharmacies have killed people, they are spreading very dangerous drugs to mostly poorer audiences, and they have been getting away with it for decades now. But fortunately for the good folks, these online illegal pharmacies have countless fingerprints connecting their sites -- and their strategy to constantly move domains creates opportunities to track their new infrastructure. I'm proud our team is helping defenders find these sites for takedowns. Our public blog post has additional details and we released a small sample of the dedicated IPs @ https://lnkd.in/ggrnp8Y4 Many threat analysts will likely be able to pivot into all or nearly all of the sites we're tracking by studying the hosts mapped to those dedicated IPs. God speed and good luck with your takedown efforts! ??

NEW THREAT BLOG ?? "Not what the doctor ordered": Building on DEA research, our analysts uncovered 2,500+ Indicators of Future Attack (IOFA) domains and IPs actively hosting illegal pharmacy content, largely on US-based ASNs with Dynadot and Russian nameservers. Read now: https://hubs.ly/Q02Z8XhN0 #DEA #cybersecurity #threatresearch #IOFA #threatintelligence

Infrastructure Variance...what is it? Why is it important? Unique to Silent Push, 'Infrastructure Variance' refers to three key data elements that help defenders track changing infrastructure: ?? ASN Diversity - a list of ASNs associated with the domain ?? IP Diversity - visual timeline of IP infrastructure used overtime ?? NS Changes - nameserver data (associated nameservers, nameserver domain density, nameserver reputation scores) Why is it important? You are now able to track these variances in one place under 'Total View', supporting the identification of patterns to stop attacks before they escalate. ??? ??? Enrich any domain for yourself to see this tool in action with our free Community Edition: https://hubs.ly/Q02Z4Yx20 #threathunting #cybersecurity #silentpush #threatactor #CTI

?? THREAT BLOG: "ViserBank" templates used to spoof big-name banks ?? https://hubs.ly/Q02YYlBx0 Silent Push Threat Analysts have discovered that Envato - one of the Internet's largest digital asset marketplaces - are selling website templates under the name of "ViserBank" that are being used to spoof big-name banks, and propagate financial phishing activity. Organizations targeted include Capital One, Wells Fargo, Bank of America, JPMorgan Chase, Santander Bank, and Virgin Money. Most of the malicious websites are extremely low quality, and are engaged in active phishing campaigns attempting to steal user data, including identity documents and banking credentials. Silent Push are tracking ViserBank-related activity via proprietary content scans using Silent Push Web Scanner. Actionable ViserBank intelligence is being provided to Silent Push Enterprise customers via two dedicated IOFA feeds. ?? Read our blog: https://hubs.ly/Q02YYlBx0 ?? Free Community Edition account: https://hubs.ly/Q02YYhBJ0 #phishing

We're growing! Ready to take the next step in your career? Explore our careers page to see current opportunities, and stay tuned for new postings ?? ?? https://hubs.ly/Q02YH4MW0 #cybersecuritycareers #silentpush #threatintelligence

Missed it? Check out our recent research on ClickFix malware ?? https://hubs.ly/Q02YwgTl0 We've built on research by GoDaddy into the ClickFix fake browser update malware, and constructed two bulk data feeds to track affected sites (Enterprise users, check it out here ??) https://hubs.ly/Q02Yw9qn0 Read our blog for a full breakdown. #clickfix #malware #IOFA #silentpush #threatintelligence

Missed it? Check out our recent research on Triad Nexus/FUNNULL CDN ?? We recently discovered a large DGA-based domain cluster we're calling "Triad Nexus" that's involved in suspect Chinese gambling operations, retail scams, fake trading app activity, linked to the June 2024 pollyfill[.]io JavaScript supply chain attack, and featuring hundreds of thousands of live IOFAs. Read the full blog: https://hubs.ly/Q02Ydwcg0 We've been tracking FUNNULL's involvement in various threat campaigns for over 2 years, going back to a fake trading app scam we invest in 2022. Keep your eye out for a series of follow-up blogs that dig deeper into Triad Nexus TTPs and infrastructure.?? ?? Register for Community Edition: https://hubs.ly/Q02YdqPB0 #threatintelligence #cybercrime

TODAY AT 11AM EST! Join our webinar and become an expert at leveraging Silent Push's preemptive threat intelligence capabilities. ?? It's not too late to register! Register: https://hubs.ly/Q02Yb3gv0 ? Upgrade your preemptive threat detection skills ? Get access to insider platform tips & tricks from our experts ? Have any and all of your questions answered in our Q&A session Stay one-step-ahead of threats as we prepare for the holiday season... ???♂? Date: TODAY! Time: 11am (EST) Location: Virtual Materials required: Snacks ?? See you there! #cybersecurity #threatintelligence #IOFA #silentpush #CTI