Our Weekly Intelligence Snapshot (Weekly) delivers pertinent intelligence straight to the end user. Our Weekly is delivered every Thursday evening CET and covers Geopolitical and Cyber findings relevant to our clients and observed over a seven-day calendar period. The Weekly includes analysis on vulnerabilities (exploitation and zero-days), cyber incidents (data breaches, hacktivism) and current threats (ransomware, botnet), as well threat actor activity (Advanced Persistent Threat, malware kit development, campaigns).
Quickly understanding what matters the most, and what it means to you
Our Weekly covers both Open Source Intelligence (OSINT) and internal CYBINT/TECHINT sources. This means that we acknowledge publicly available intelligence, while also introducing our clients to our exclusive in-house investigations.
As each event covered in the Weekly is vetted by analysts for relevance, it is important to us that you understand why we chose to cover it. In addition to the event description, analysts provide a “So What” assessment enabling decision makers to grasp the importance of the discussed topic quickly and efficiently.
The Weekly is written by analysts who follow an internal high standard writing style based on the APA Style.
Understanding the Geopolitical context
Our key differentiator is including an analysis of Geopolitical events in addition to cyber events. Why do we care? Cyber trends can be greatly influenced by politics, diplomacy, economics, and more. Understanding this possible cause and effect relationship helps our analysts determine – in some cases – motivation and attribution, as well as helping us to forecast how events will evolve as global tensions rise and fall.
Weekly Intelligence Snapshot: It is all in the details
Selected by Our Analysts
To help combat information overload, our analysts select only those Open Source Intelligence events that are pertinent to the audience of the Weekly Intelligence Snapshot. This initial vetting is based on multiple factors, but includes cross-sector and opportunistic attacks, highly targeted campaigns pertaining to client sectors, vulnerabilities in widely used products, and more.
Direct and to the Point
Our analysts answer the who, what, when, where, why, and how of each current event, enabling decision makers to quickly ingest and action the intelligence effectively and efficiently.
Beyond the written text, our analysts apply metadata tags to further qualify the content. Tags include MITRE ATT&CK techniques, malware kits, country/industry/company impacted, Indicators of Compromise, attribution confidence, and more.
To help combat “fake news” and address the challenges of low-quality information, all our sources undergo a source and information reliability assessment. To do this, we apply NATO’s Admiralty Code scoring system, which is composed of two elements: source reliability and information reliability.
When appriopriate, OSINT and internal investigation reporting will also have an analyst assessment applied to it. This note helps the end user with understanding the “So What” of the event, why it is applicable, and current exposure of – and risk to – their assets.
Recommended Course of Actions
To help facilitate end-user action, the analyst will always apply a recommended course of action applicable to the discussed event. This course of action may address how to handle vulnerabilities, a data breach, vulnerable web servers, phishing campaigns, and more.
Link to Mercury
To help ensure our finished intelligence is always up-to-date, users can access each event 27/7/365 via our in-house threat intelligence portal – Mercury. Clients have access to any event update, metadata tags, additional analyst notes IOCs and more, at their fingertips and available through our in-house ticketing system.
Next Week Event Outlook
The Weekly Intelligence Snapshot includes a dedicated Outlook section for Analysts to provide:
A near-future forecast for discussed events to help decision makers plan for a threat’s evolution in the short-term.
A calendar of events taking place in the next seven days that may disrupt or enrich the threat landscape (i.e. security conferences, elections, policy decisions).
Our Weekly can be downloaded in PDF format to carry as a hard copy to your next meeting or viewed digitally on the go via your mobile device or computer. The digital copy allows for readers to easily navigate the interactive links for MITRE ATT&CK tags, source and Portal URL, and more.
Readers can access every event covered in the Weekly on Mercury, our Threat Intelligence Portal. Mercury houses additional data enrichment for each event that is not displayed in the PDF format. Here, readers can access information like event IOCs, metadata tags, and even pivot off the event in search of similar, previously reported findings.
Automation, standardization, and easy consumption is key to our business. As such, our Weekly and each covered events technical information (e.g. IOCs, MITRE ATT&CK tags) and data enrichment metadata (Industry, Country, Attack Vectors) can be consumed via MISP.
Do you run a local info-sharing community and desire to empower your capabilities to your members? We can facilitate you with content and dedicated resources to make this happen.
Is your organization expecting a Weekly reporting from your CTI team? Leave it to us, you can customize our Weekly with your brand and disseminate it internally at your convenience.
Do you think that our reporting might get through to your audience if written in their native language? We natively speak more than seven languages, inquire to see if we can help you reach your audience.