The IT Nerd

SOCRadar, a global leader in extended threat intelligence and cybersecurity, announced an expansion of its MSSP program to help partners scale operations, automate threat workflows, and improve service delivery. As part of its program, SOCRadar is now offering free AI Agent and Automation Training to educate partners about AI agents and GenAI technologies to help streamline their SOC, threat intelligence and vulnerability management processes. Platform-agnostic, the training equips MSSP partners with hands-on skills to build their own AI-powered workflows regardless of the tools they currently use.

Additional program enhancements include multi-tenant licensing, MSSP-specific threat intelligence use cases, a Multi-Tenant Management Console, and customizable External Threat Assessment Reports. The expanded program was officially launched at Infosecurity Europe.

SOCRadar’s AI agents are intelligent automation components embedded in its Extended Threat Intelligence (XTI) platform. These agents use Large Language Models (LLMs) and automation scripts to perform complex, multi-step cybersecurity workflows. Unlike traditional scripts or static rules, SOCRadar’s AI agents can dynamically analyze data, make contextual decisions, and execute actions across multiple systems—reducing analyst workload while increasing speed and accuracy. MSSPs can create “smart workflows” by defining goals and guardrails for each agent. The agents then use planning, reasoning, and learning techniques to carry out tasks such as threat detection, enrichment, alert correlation, or vulnerability prioritization.

Key Benefits of SOCRadar’s Framework for MSSPs include:

• Automate threat intelligence, SOC, and vulnerability management tasks
• Reduce analyst workload while accelerating detection and response
• Improve decision accuracy and reduce false positives
• Enable continuous monitoring across clients without growing headcount
• Increase scalability and profitability while maintaining service quality

This week, the experts at SOCRadar published an in-depth analysis into one of the most quietly dangerous threats in cyber today: stealer logs. 

Infostealer malware like RedLine, Lumma, and Vidar are being used to silently steal credentials, browser session cookies, and crypto wallets from infected machines, and then package that data into searchable logs sold across Telegram, dark web markets, and hacker forums.

The analysis takes a look at: 

1. What stealer logs are and what data is collected through them.
2. The top 10 attacks involving stealer logs, including the MGM and Caesars breaches via Okta in 2023. 
3. Real-world use cases of stealer log exploitation. 
4. How stealer logs are traded on the dark web. 
5. And a breakdown of which regions are most impacted.

For full details, please visit the analysis here: https://socradar.io/stealer-logs-everything-you-need-to-know/

This week, researchers at SOCRadar released their 2025 USA Threat Landscape Report. This report, based on data collected between April 2024 through March 2025, analyzes several aspects of the current US threat landscape including ransomware threats, stealer logs statistics, phishing breaches, and DDoS stats. 

Key findings include: 

• Information services, finance, and public administration sectors are the most targeted industries, both in phishing and dark web threats.
• Selling and sharing stolen data dominate dark web forums, representing over 93% of activities, signaling an active criminal marketplace.
• Data and unauthorized access are the top commodities, with 57.46% of dark web posts related to stolen databases.
• RansomHub, PLAY Ransomware, and Akira are leading ransomware groups targeting the US, but a diverse set of other actors make up the majority.
• Phishing attacks heavily target the Crypto/NFT, information services, and public sector, leveraging fake pages that increasingly use HTTPS (76.4%) to appear legitimate.
• Stealer logs show massive credential exposure, with over 630,000 email/password pairs leaked, alongside credit card data and victim IP addresses.
• Popular domains compromised include Reddit, Bing, Instagram, Facebook, and Amazon, highlighting the targeting of mainstream platforms.

For full details, the report can be read here: https://socradar.io/wp-content/uploads/2025/05/USA-Threat-Landscape-Report-2025.pdf

 SOCRadar today introduced SOCRadar Copilot, an AI-powered cybersecurity assistant designed to enhance platform efficiency, share knowledge and insights, and automate routine security operations. It will help time-strapped security teams to streamline security processes and reporting, all while continuously learning, adapting and evolving to help security teams be proactive and future-proof their defenses against evolving risks. SOCRadar Copilot was officially announced at RSAC 2025.

Stress has become symptomatic of cybersecurity teams, especially as threats increase in volume and become more sophisticated. Statistics show that 70% of SOC teams are emotionally overwhelmed by security alert volumes, with 55% admitting that they aren’t entirely confident in their ability to prioritize and respond to threats. There’s concern that stress and overwhelm could lead to burnout, a big problem within the cybersecurity industry that contributes to low talent retention rates, loss of productivity and staff being signed off sick. Security teams need tools and partners that can cut through noise, reduce false positives and help them to prioritize the threats that matter.

SOCRadar Copilot aims to support security teams so that they can focus on the threats that matter. Core features of SOCRadar Copilot include:

• AI-Powered Help and Insights – SOCRadar Copilot gives security teams access to round the clock, instant, in-platform answers, recommendations, knowledge, and insights.
• Smart Task Automation – SOCRadar Copilot helps teams to easily configure smart workflows to enable AI agents to perform automated platform tasks and functions which once had been time-consuming, like threat intelligence analysis.
• Automatically Reduce Alarm Noise – The AI engine automatically filters out irrelevant alarms and prioritizes significant threats.

SOCRadar Copilot is a dynamic cybersecurity partner that proactively helps teams to anticipate and counter future threats by continuously learning, adapting and evolving using the latest threat intelligence and insight. SOCRadar Copilot accelerates and enhances cybersecurity operations by filtering noise, prioritizing critical information, reducing manual workloads, and streamlining decision-making, reporting, and intelligence analysis.

SOCRadar Copilot is made up of three key components that are available to users:

• AI Assistant Chatbot – Provides users with comprehensive cybersecurity support, including general knowledge, strategic advice, data-driven insights, platform assistance, threat analysis, and vulnerability information.
• AI Insights Everywhere – AI-driven insights integrated throughout the platform streamline cybersecurity workflows by enhancing alarm management, threat intelligence, vulnerability response, dark web analysis, and supply chain risk mitigation. In practice, in dark web monitoring, for example, AI helps analyze and summarize key points, while in alarm management, it supports prioritization.
• AI Agents – AI agents autonomously perform advanced tasks, including detecting phishing websites through domain analysis and acting as automated analysts correlating threat data with known attack patterns.

SOCRadar Copilot will be commercially available in May in two different versions: Light and Pro. The Copilot Light model is free and offers customers platform training, assistance, and support with usage. The Copilot Pro model includes special advanced Agentic AI applications designed to solve specific problems using various Copilot AI Agents. Demos of the product will be available throughout the RSA Conference 2025 (April 28 – May 1) in booth 5484.

In celebration of Earth Day, SOCRadar has announced that, for every person who downloads a SOCRadar Dark Web Report between April 22-29, a new tree will be planted. 

To contribute to this Earth Day initiative, you can run a scan of your dark web exposure here:https://hubs.la/Q03jfzLc0 By the end of the week, you will also receive a certificate showcasing your contribution. 

This initiative has been going along for several years now and coincides with SOCRadar’s promise to plant a tree for every person who reports a bug on their platform. This dark web report instantly finds out if your organization’s data has been exposed on dark web forums, the black market, leak sites, or Telegram channels. 

SOCRadar this week released research diving a new cyber campaign by Storm-2372, a Russian state-backed group which has recently been exploiting device code phishing to bypass MFA and infiltrate high value targets such as government, defense, healthcare, and financial institutions across the US, UK, and more. 

In this blog, the researchers outline what device code phishing is, how it works, who is being targeted, key indicators of compromise, as well as mitigation strategies. 

For full details, the research can be read here: https://socradar.io/storm-2372-russian-apt-using-device-code-phishing-in-advanced-attacks/