Conficker May Not be a Riskā€¦But its Host is!

Jason Lewis, Chief Intelligence and Collections Officer - August 26, 2014

My recent blog post on infections on the CHS network generated a lot of questions and criticism. The most common response to the post was that Conficker is dead and evidence that it exists is irrelevant. There are multiple variants... Read More


Where there are Breaches, there are Infections

Jason Lewis, Chief Intelligence and Collections Officer - August 21, 2014

Community Health Systems (CHS) recently announced their network of 206 Hospitals was hacked impacting the information of 4.5 million patients. On the surface, one would think that a company that deals with patient information would be vigilant about security, considering... Read More


Behind the Scenes of a Failed Phishing Attempt

Steven Weinstein, Malware Researcher - June 20, 2014

One of our customers recently asked us to analyze a phishing email claiming to be from Wells Fargo that was well enough crafted to bypass their spam filters. What makes this phishing attempt unique is where the link actually sends... Read More


VirusTotal + Maltego = Visualizing Actionable Malware IOCs

Steven Weinstein, Malware Researcher, Lookingglass - May 14, 2014

Setting up your own malware zoo and collecting all indicators of compromise related to those samples of malware can be time consuming and expensive. While there's a long list of benefits to doing this on your own, it doesn't make... Read More


Shaping the Threat Intelligence Management Market

Chris Coleman - April 17, 2014

There has been significant chatter recently about threat intelligence management – specifically how a platform for managing such should be defined. Two industry analysts, Dr. Anton Chuvakin, of Gartner and Rick Holland, of Forrester have weighed in early and often on this... Read More


Lookingglass Malware Researcher Steven Weinstein Provides Guidance on 'Incident Intelligence' Using ScoutVision

Steven Weinstein - April 14, 2014

I Think We’ve Seen This Before… …Why “Incident Intelligence” is Imperative  Lately, customers have been asking me how threat intelligence can enrich their incident response processes and how the right intelligence can make them more effective. As a former full... Read More


Using Network and Threat Data Chaining to Discover Malicious Infrastructure and Deliver Context

Jason Lewis - March 12, 2014

Recently on his blog, computer-forensics researcher and Malcovery Security co-founder Gary Warner wrote about an increase in spam and a list of IPs heavily involved. Malformity Labs wrote a followup on data chaining, which involves linking hashes with the IPs.... Read More


Lookingglass Issues Special Alert Linking Major Cybercrime Organization to IT Infrastructure at Sochi

Chris Coleman - February 07, 2014

Investigation reveals connection to Russian Business Network, a known reseller of stolen identities. Special Alert: We at Lookingglass are seeing significant new criminal activity positioned in the Sochi region of Russia. This is a serious threat. For those traveling to the... Read More


2013: A Year that Will Dictate the Future of Cyber Security

Chris Coleman - January 08, 2014

The past year was all about unprecedented concerns about Internet privacy, nation state espionage and (of course) breaches. 2013 will be remembered as a monumental and potentially catalyzing year for cyber security and possibly for the Internet as we know... Read More