Search
Close this search box.
Check Your Exposure
See Your Data

Cybercrime Security Research

SpyCloud Labs is a focused cybercrime research group dedicated to uncovering and analyzing the most intricate patterns from the criminal underground. We nerd out on all things breach, malware, and threat actor-related – and are hellbent on making the internet a safer place for all. This is a space for our experts to share our latest research findings as well as best practices and solutions for organizations to better their defenses.

Learn more about the backstory behind SpyCloud Labs in our launch announcement.

Latest security research

Dig in with us as we analyze digital underground collections, reverse-engineer malware, and identify threat actor patterns.

3 Infostealers to Watch

3 New Infostealers to Watch This Year

We’ve added three new Windows infostealer malware families to our recaptured data repository. Learn about Xehook, Meduza, and Elusive.
Read more
SpyCloud Labs SpaxMedia

How the Threat Actors at SpaxMedia Distribute Malware Globally

Threat actors are using PPI networks to distribute malware families like LummaC2 and Atomic Stealer. Our researchers analyzed one of them – SpaxMedia – and here’s what we found.
Read more
SpyCloud Labs Chinese Cybercrime

“Pantsless Data”: Decoding Chinese Cybercrime TTPs

SpyCloud Labs research uncovered unique Chinese threat actor TTPs for persistent data access, data acquisition, and data exfiltration.
Read more

Webinars and videos

Tune in to hear new and interesting research insights from our experts, first-hand.

The Illicit Chinese Pantsless Data Trade

The Illicit Chinese "Pantsless Data" Trade

This webinar covers new SpyCloud Labs research that digs into unique Chinese threat actor TTPs for persistent data access, data acquisition, and data exfiltration.

Watch now
Webinar

Ransomware Reality Check: The New Landscape

This webinar breaks down the most important findings from SpyCloud’s 2023 Ransomware Defense Report, and what your organization can do to get ahead of emerging cyber threats.

Watch now

About our mission

Watch for a quick overview of our research process and the big plans we have in store for disrupting cybercrime.

Meet the research team

The fuel behind our efforts is a talented team of analysts and researchers relentlessly focused on connecting the dots as threat actors pivot and change.

Trevor Hilligoss

Trevor served nine years in the U.S. Army and has an extensive background in federal law enforcement, tracking threat actors for both the DoD and FBI. He is a member of the Joint Ransomware Task Force and serves in an advisory capacity for multiple cybersecurity-focused non-profits. He has spoken at numerous US and international cyber conferences, holds multiple federal and industry certifications in the field of cybersecurity, and is a recipient of the President's Volunteer Service Award for volunteer service aimed at countering cyber threats. Trevor is the Vice President of SpyCloud Labs

Wallis Romzek, PhD

Dr. Wallis Romzek is an applied mathematician who has spent the last decade leveraging Big Data and machine learning to tackle problems in the information and cybersecurity spaces. Most recently, her work has focused on tracking and characterizing cybercrime and its potential victims for SpyCloud and a number of government organizations. She is SpyCloud’s Principal Data Scientist.

James

James is a self taught reverse engineer with published analyses featured by ZDNet, ThreatPost, BleepingComputer and other publications. They have experience reversing popular mailstealers/malspam families like Emotet, IcedID, and were a recipient of the the President's Volunteer Services Award in 2023 for public reversing work done on these families. They are currently tracking all things infostealer at SpyCloud.

Kyla Cardona

Kyla is a U.S. military veteran from the Air Force, Marines, and Army, holds a BS in Computer Information Systems and multiple cybersecurity certifications including Security+, CEH, CySA+, and Splunk. Specializing in Terrorism and Homeland Security certifications coupled with extensive Chinese OSINT training, she possesses a strong sense and understanding of geopolitical cyber threats in China’s digital landscape. Kyla is a Staff Security Researcher at SpyCloud, with a focus on cyber threats in China and other cybercrimes occurring within deep/dark web illicit communities.

Joe Roosen

Joe spent 20 years in various system administration, consulting and design roles in information technology but eventually shifted his focus to security and thwarting cybercrime. What started as a volunteer passion project in 2017 with the Cryptolaemus group fighting Emotet has now turned into a full-fledged information security career. Joe works as the Security Research Manager at SpyCloud Labs now leading his team to collect all of the data breaches and leaks possible. "Gotta catch them all!"

Aurora Johnson

Aurora is an information security researcher and cybersecurity policy expert who worked as a Senior Analyst for CISA before joining SpyCloud as Responsible Disclosure Coordinator. She manages the program to alert organizations when SpyCloud finds their sensitive breached, leaked, or exposed data through its collections. Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem and was a recipient of the President’s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats.

Mike Dausin

Mike has a long-standing fascination with leveraging data to solve security problems and has spent the last 20+ years writing security and automation tools and analytics at Dell, TippingPoint, Arbor Networks, and Alert Logic. Now as Data Analysis Manager at SpyCloud, he leads the Security Data Analytics team and is responsible for taming the chaos of raw breach data.

Katie Fox

With two degrees in mostly unrelated fields, Katie found her way into the cybersecurity sector six years ago. She found her passion in malware analysis and never looked back. Katie now works as a Security Researcher at SpyCloud Labs, attempting to collect as much leaked data as possible.

Ashley Allocca

Ashley has a background in cyber threat intelligence and holds an M.S. in Cybersecurity from Fordham University, which has been designated as a center of excellence for cybersecurity by the NSA and DHS. She is a Staff Security Researcher at SpyCloud, where her research is focused on emerging threats within cybercriminal and illicit communities, with a focus on Arabic- and Russian-language groups.

Yashar H.

Yashar is a GIAC Certified Forensic Analyst (GCFA) and a former SOC/Incident Response analyst who dabbles in security research and reverse engineering in his free time. At SpyCloud, he works as a Staff Security Data Analyst, focusing primarily on processing breach data for the SpyCloud Cybercrime Analytics Engine.

Daniel

Daniel is hyper-focused on developing new methods to automate the collections process and acquire more data from criminal communities. He is a Senior Security Researcher at SpyCloud Labs.

Jakob S.

Jakob is a trained software engineer and a recent newcomer to the cybersecurity realm. He works as a Junior Security Data Analyst on the SpyCloud Labs parsing team.

Paul S.

Paul S. is from the UK and is a biochemist with a PhD in medical research. He decided to leave the life of medical research behind to become a sysadmin for the Crown. It was there he found a love of taking apart phishing campaigns and thwarting bad actors. Paul now hunts phish for a living as our latest Staff Security Researcher.

Meet the research team

The fuel behind our efforts is a talented team of analysts and researchers relentlessly focused on connecting the dots as threat actors pivot and change.

Trevor Hilligoss

Trevor served nine years in the U.S. Army and has an extensive background in federal law enforcement, tracking threat actors for both the DoD and FBI. He is a member of the Joint Ransomware Task Force and serves in an advisory capacity for multiple cybersecurity-focused non-profits. He has spoken at numerous US and international cyber conferences, holds multiple federal and industry certifications in the field of cybersecurity, and is a recipient of the President's Volunteer Service Award for volunteer service aimed at countering cyber threats. Trevor is the Vice President of SpyCloud Labs

Wallis Romzek, PhD

Dr. Wallis Romzek is an applied mathematician who has spent the last decade leveraging Big Data and machine learning to tackle problems in the information and cybersecurity spaces. Most recently, her work has focused on tracking and characterizing cybercrime and its potential victims for SpyCloud and a number of government organizations. She is SpyCloud’s Principal Data Scientist.

James

James is a self taught reverse engineer with published analyses featured by ZDNet, ThreatPost, BleepingComputer and other publications. They have experience reversing popular mailstealers/malspam families like Emotet, IcedID, and were a recipient of the the President's Volunteer Services Award in 2023 for public reversing work done on these families. They are currently tracking all things infostealer at SpyCloud.

Kyla Cardona

Kyla is a U.S. military veteran from the Air Force, Marines, and Army, holds a BS in Computer Information Systems and multiple cybersecurity certifications including Security+, CEH, CySA+, and Splunk. Specializing in Terrorism and Homeland Security certifications coupled with extensive Chinese OSINT training, she possesses a strong sense and understanding of geopolitical cyber threats in China’s digital landscape. Kyla is a Staff Security Researcher at SpyCloud, with a focus on cyber threats in China and other cybercrimes occurring within deep/dark web illicit communities.

Joe Roosen

Joe spent 20 years in various system administration, consulting and design roles in information technology but eventually shifted his focus to security and thwarting cybercrime. What started as a volunteer passion project in 2017 with the Cryptolaemus group fighting Emotet has now turned into a full-fledged information security career. Joe works as the Security Research Manager at SpyCloud Labs now leading his team to collect all of the data breaches and leaks possible. "Gotta catch them all!"

Aurora Johnson

Aurora is an information security researcher and cybersecurity policy expert who worked as a Senior Analyst for CISA before joining SpyCloud as Responsible Disclosure Coordinator. She manages the program to alert organizations when SpyCloud finds their sensitive breached, leaked, or exposed data through its collections. Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem and was a recipient of the President’s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats.

Mike Dausin

Mike has a long-standing fascination with leveraging data to solve security problems and has spent the last 20+ years writing security and automation tools and analytics at Dell, TippingPoint, Arbor Networks, and Alert Logic. Now as Data Analysis Manager at SpyCloud, he leads the Security Data Analytics team and is responsible for taming the chaos of raw breach data.

Katie Fox

With two degrees in mostly unrelated fields, Katie found her way into the cybersecurity sector six years ago. She found her passion in malware analysis and never looked back. Katie now works as a Security Researcher at SpyCloud Labs, attempting to collect as much leaked data as possible.

Ashley Allocca

Ashley has a background in cyber threat intelligence and holds an M.S. in Cybersecurity from Fordham University, which has been designated as a center of excellence for cybersecurity by the NSA and DHS. She is a Staff Security Researcher at SpyCloud, where her research is focused on emerging threats within cybercriminal and illicit communities, with a focus on Arabic- and Russian-language groups.

Yashar H.

Yashar is a GIAC Certified Forensic Analyst (GCFA) and a former SOC/Incident Response analyst who dabbles in security research and reverse engineering in his free time. At SpyCloud, he works as a Staff Security Data Analyst, focusing primarily on processing breach data for the SpyCloud Cybercrime Analytics Engine.

Daniel

Daniel is hyper-focused on developing new methods to automate the collections process and acquire more data from criminal communities. He is a Senior Security Researcher at SpyCloud Labs.

Jakob S.

Jakob is a trained software engineer and a recent newcomer to the cybersecurity realm. He works as a Junior Security Data Analyst on the SpyCloud Labs parsing team.

Paul S.

Paul S. is from the UK and is a biochemist with a PhD in medical research. He decided to leave the life of medical research behind to become a sysadmin for the Crown. It was there he found a love of taking apart phishing campaigns and thwarting bad actors. Paul now hunts phish for a living as our latest Staff Security Researcher.

Meet the research team

Trevor Hilligoss

Trevor served nine years in the U.S. Army and has an extensive background in federal law enforcement, tracking threat actors for both the DoD and FBI. He is a member of the Joint Ransomware Task Force and serves in an advisory capacity for multiple cybersecurity-focused non-profits. He has spoken at numerous US and international cyber conferences, holds multiple federal and industry certifications in the field of cybersecurity, and is a recipient of the President's Volunteer Service Award for volunteer service aimed at countering cyber threats. Trevor is the Vice President of SpyCloud Labs

Wallis Romzek, PhD

Dr. Wallis Romzek is an applied mathematician who has spent the last decade leveraging Big Data and machine learning to tackle problems in the information and cybersecurity spaces. Most recently, her work has focused on tracking and characterizing cybercrime and its potential victims for SpyCloud and a number of government organizations. She is SpyCloud’s Principal Data Scientist.

James

James is a self taught reverse engineer with published analyses featured by ZDNet, ThreatPost, BleepingComputer and other publications. They have experience reversing popular mailstealers/malspam families like Emotet, IcedID, and were a recipient of the the President's Volunteer Services Award in 2023 for public reversing work done on these families. They are currently tracking all things infostealer at SpyCloud.

Kyla Cardona

Kyla is a U.S. military veteran from the Air Force, Marines, and Army, holds a BS in Computer Information Systems and multiple cybersecurity certifications including Security+, CEH, CySA+, and Splunk. Specializing in Terrorism and Homeland Security certifications coupled with extensive Chinese OSINT training, she possesses a strong sense and understanding of geopolitical cyber threats in China’s digital landscape. Kyla is a Staff Security Researcher at SpyCloud, with a focus on cyber threats in China and other cybercrimes occurring within deep/dark web illicit communities.

Joe Roosen

Joe spent 20 years in various system administration, consulting and design roles in information technology but eventually shifted his focus to security and thwarting cybercrime. What started as a volunteer passion project in 2017 with the Cryptolaemus group fighting Emotet has now turned into a full-fledged information security career. Joe works as the Security Research Manager at SpyCloud Labs now leading his team to collect all of the data breaches and leaks possible. "Gotta catch them all!"

Aurora Johnson

Aurora is an information security researcher and cybersecurity policy expert who worked as a Senior Analyst for CISA before joining SpyCloud as Responsible Disclosure Coordinator. She manages the program to alert organizations when SpyCloud finds their sensitive breached, leaked, or exposed data through its collections. Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem and was a recipient of the President’s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats.

Mike Dausin

Mike has a long-standing fascination with leveraging data to solve security problems and has spent the last 20+ years writing security and automation tools and analytics at Dell, TippingPoint, Arbor Networks, and Alert Logic. Now as Data Analysis Manager at SpyCloud, he leads the Security Data Analytics team and is responsible for taming the chaos of raw breach data.

Katie Fox

With two degrees in mostly unrelated fields, Katie found her way into the cybersecurity sector six years ago. She found her passion in malware analysis and never looked back. Katie now works as a Security Researcher at SpyCloud Labs, attempting to collect as much leaked data as possible.

Ashley Allocca

Ashley has a background in cyber threat intelligence and holds an M.S. in Cybersecurity from Fordham University, which has been designated as a center of excellence for cybersecurity by the NSA and DHS. She is a Staff Security Researcher at SpyCloud, where her research is focused on emerging threats within cybercriminal and illicit communities, with a focus on Arabic- and Russian-language groups.

Yashar H.

Yashar is a GIAC Certified Forensic Analyst (GCFA) and a former SOC/Incident Response analyst who dabbles in security research and reverse engineering in his free time. At SpyCloud, he works as a Staff Security Data Analyst, focusing primarily on processing breach data for the SpyCloud Cybercrime Analytics Engine.

Daniel

Daniel is hyper-focused on developing new methods to automate the collections process and acquire more data from criminal communities. He is a Senior Security Researcher at SpyCloud Labs.

Jakob S.

Jakob is a trained software engineer and a recent newcomer to the cybersecurity realm. He works as a Junior Security Data Analyst on the SpyCloud Labs parsing team.

Paul S.

Paul S. is from the UK and is a biochemist with a PhD in medical research. He decided to leave the life of medical research behind to become a sysadmin for the Crown. It was there he found a love of taking apart phishing campaigns and thwarting bad actors. Paul now hunts phish for a living as our latest Staff Security Researcher.

Driven by SpyCloud Cybercrime Analytics

The purpose of SpyCloud Labs is to relentlessly analyze the active tactics we’re seeing among cybercriminals and look ahead in the evolution of these practices. We use Cybercrime Analytics to illuminate exposures relating to employee and customer credentials, cookies, PII, and other stolen assets so you can protect your organization.

0 +
Billion
Recaptured
Assets
0 K+

Breaches

0 +
Billion
Assets Ingested Monthly
0 +

Malware
Families

Get the latest research

Sign up to receive regular updates from SpyCloud, including new cybercrime research, product updates, and security resources.
Follow us on x

SpyCloud is the leader in operationalizing Cybercrime Analytics to protect businesses from cyberattacks, safeguard employee and consumer identities, and power cybercrime investigations.

SpyCloud, Inc.

2130 S Congress Ave
Austin, Texas 78704
Call: 1-800-513-2502

PLATFORM
COMPANY
SOLUTIONS
  • By use case
  • By function
  • By industry
RESOURCES
  • Know more
  • See more
PARTNERS

©2024 SpyCloud, Inc. All Rights Reserved

Cookie Preferences

[2024 REPORT] The biggest identity threats to have on your radar. Read Now

Got it!
X
Search
Close this search box.

SpyCloud's 2024 Identity Exposure Report is here!

Each year, SpyCloud researchers analyze the billions of identity assets we recapture from the darknet and provide insights of the threats and tactics bad actors are using to change the game on cybercrime. Check out what we uncovered.
SpyCloud 2024 Identity Exposure Report
View the full report