Where’s this data coming from?
The Recorded Future Cyber Daily email identifies specific technical indicators published recently that are currently trending in noteworthy ways. These IT security trends are culled from reporting by over 750,000 web sources across seven languages (as of October 2016).
What’s the difference between the (free) Cyber Daily and the Premium Cyber Daily I receive as a client?
The Cyber Daily Basic and Plus versions are complimentary resources for thousands of information security professionals. The Premium Cyber Daily version is for client of Recorded Future only and includes the more content, including more data per category, risk scores for vulnerabilities and suspicious IPs, and categories not included in the free versions (e.g., Corporate Targets, Emerging Malware, Cyber Operations).
How can I get more info?
Click on any listed title entity in the email (i.e., company name, threat actor, operation name, malware, vulnerability, or IP address) to open up a new Recorded Future table view specific to that entity. to do more research and learn more about why that entity was identified in our report.
What is “Threat Research from Insikt Group”?
Insikt Group is the Recorded Future threat research team. Intelligence in this section includes both recent posts on the Insikt Group blog, and recently published analyst notes with TTP leads, indicators, and other current intelligence.
What are “Hits”?
The “Hit” count refers to the number of documents that reference that particular entity in Recorded Future’s data set during the previous 24 hours.
What defines “Related”?
Many sections contain a “Related” line. These values are products or technologies that appear prominently in the most recent reporting on this vulnerability. Some products and technologies come from Recorded Future’s curated taxonomies while others are detected based on language patterns. This is helpful in surfacing novel or less frequently discussed technology concepts, at the cost of some false-positive noise.
What defines “Corporate Targets”?
What defines “Threat Actors”?
This section highlights entities, both organizations and people, assigned a “threat actor” attribute that generated significant amounts of event reporting during the previous 24 hours.
What defines “Exploited Vulnerabilities”?
This section highlights identified vulnerabilities reported during the past 24 hours with language indicating malcode activity. These language indicators range from security research (“reverse engineering,” “proof of concept”) to malicious exploitation (“exploited in the wild,” “weaponized”). These vulnerabilities are usually different from the overall top vulnerabilities in the following section.
What defines “Cyber Operations”?
This section highlights Cyber Operations -- typically of a hacktivist nature -- recently reported in the media sources we monitor.
What defines “Malware in Cyber Attacks”?
This section highlights malware recently reported as used in cyber attack events. This section is oriented toward awareness of malware being reported as currently in use by threat actors.
What defines “Emerging Malware”?
This section highlights malware with high number of recent mentions, irrespective of whether there is a specific cyber attack event involved. Because of the broader filter criteria, malware listed in this section will have higher hit counts than in the "Malware in Cyber Attacks" section.
What defines “Vulnerabilities”?
This section highlights cyber vulnerabilities recently reported in the media sources we monitor. In addition, Recorded Future's Vulnerability Risk Score is included in the entry.
What defines “Exploited Vulnerabilities”?
This section highlights cyber vulnerabilities recently reported with exploits. As a result of the narrower definition, hit counts in this section will be lower than in the previous "Vulnerabilities" section. Recorded Future's Vulnerability Risk Score is included in the entry.
What defines “Suspicious IP Addresses”?
This section highlights IP addresses that have recently been reported with language indicating malicious activity. These language indicators include terms such as “malicious” and “exploit” or mention of IP addresses co-occurring with any malware entity. Recorded Future's IP Risk Score is included in the entry.
We’ll apply an “Emerging” label next to any IP address which Recorded Future recently detected for the first time.