This is Episode 4 of Threat Intelligence Hot Shots. Sr. Threat Intelligence Analyst, Alex Ryan, and Peter discuss the recent shutdown of breach forums by the FDI, the increasing pace of advanced techniques and target scope of Russian state-sponsored threat actors, and two new vulnerabilities for Dealing routers. They advise limiting access to these devices and keeping them up to date with patches and admin password changes. They also mention a competition to name a movie. This week we looked at: Russian state sponsored threat actors. Vulnerabilities in KEV and D-Link This is Episode 5 of Threat Intelligence Hot Shots, Senior threat intelligence analyst, Alex Ryan, discusses a critical vulnerability in Chromium that allows exploit codes to escape the isolation mechanism of the browser. The vulnerability can be exploited through a carefully crafted HTML page, which can be delivered through phishing links, search engine optimization, or ads on trusted platforms. Ryan provides tips on how to detect the attack and establish persistence. The focus for Episode 6 is on attacks on water utilities by Chinese and Russian state-sponsored actors, targeting PLC and HMI devices with weak passwords and known vulnerabilities. The threat is increasing, with advisories from government entities warning about the attacks. The threat actors are using living off the land techniques, such as power show commands and PS exec, and data exfiltration over unencrypted channels like FTP. The solution is to use a zero-trust architecture and isolate the systems. In this Episode 7 of Threat Intelligence Hot shots, featuring senior analyst Alex Ryan. They discuss the emergence of a new ransomware group called RansomHub, which has quickly become a major player in the ransomware landscape due to its veteran operators and fast expansion. The malware is highly obfuscated and difficult to detect, and its advanced features include rebooting devices into safe mode to avoid detection by host-based detections and EDRs. The best defense is to patch active directory servers and use browser isolation to prevent initial access. In Episode 8 of Threat Intelligence Hot Shots Weekly, featuring Senior Threat Intelligence Analyst Alex Ryan. This week's focus is on info stealers, which have become a major concern due to their ability to steal data and credentials. The impact of an info stealer is demonstrated through the recent Snowflake incident, where data was stolen and sold on breached forums. The summary provides insights on how info stealers work and how to protect against them. Episode 9, Alex Ryan discusses the idea of data consolidation and mining of breached data, which can be used by threat actors for social engineering and pretexting. The data can be used for credential theft, extortion, and malicious insider attacks. AI can be used to strip out usernames and passwords, and to create authentic emails to target individuals. Users are becoming more susceptible to social engineering, and it is important to remove automatic logins from profiles. Episode 10 we look at the top three ransomware players for the past week and the past couple of weeks are discussed, along with a new botnet named Zergeca that is made for denial of service attacks. Denial of service attacks are becoming more frequent and sophisticated, and are being used to target the financial sector and healthcare facilities associated with military support. The Olympics, World Cup, and political gatherings like NATO and G2 summit may also be targeted. Defenses against these attacks are discussed. Episode 11, we discuss the recent AT&T data breach, which exposed metadata about telephone calls and text messages for about 110 million people. The breach occurred on April 19th, but the FBI requested that the reporting be delayed to give people time to change their numbers. The breach could put people in danger, especially those in espionage, politics, or journalism. The summary also covers a critical vulnerability in the legacy authentication protocol, RADIUS, which could have a huge impact on network devices.
No comments:
Post a Comment