Posts

Tracking Adversaries: Ghostwriter APT Infrastructure

Image
Introduction to Infrastructure Pivoting Pivoting on infrastructure is a handy skill for cyber threat intelligence (CTI) analysts to learn. It can help to reveal the bigger picture when it comes to malware, phishing, or network exploitation campaigns. Infrastructure pivoting essentially is the act of looking for more systems an adversary has created. The main benefit of this pursuit is the identification of additional targets or victims, more tools or malware samples, and ultimately new insights about the adversary’s capabilities. If done correctly, being able to pivot on adversary infrastructure will be very useful during incident response (IR) engagements. For example, it may lead to being able to attribute the intrusion to a known adversary. This will help others during an IR engagement understand the level of threat posed to the victim organisation. Receiving Threat Data To be able to pivot on adversary infrastructure, threat data is needed such as the intelligence shared ...

Analysis of Counter-Ransomware Activities in 2024

Image
  The scourge of ransomware continues primarily because of three main reasons: Ransomware-as-a-Service (RaaS), cryptocurrency, and safe havens. RaaS platforms enable aspiring cybercriminals to join a gang and begin launching attacks with a support system that help extract ransom payments from their victims. Cryptocurrency enables cybercriminals to receive funds from victims around the world without the option to freeze or refund them due to the immutable nature of the virtual funds. Safe havens are countries that permit cybercriminals to launch attacks without immediate fear of arrest, enabling them to earn vast fortunes through ransomware campaigns. With these three challenges in mind, law enforcement and governments have a very difficult job to do when it comes to fighting ransomware but fight it they must. In this blog we shall recall what counter-ransomware activities took place in 2024, analyse their effectiveness, and assess how the landscape shall evolve as a result. ...

Top 10 Cyber Threats of 2024

Image
Introduction The aim of this blog is to highlight the 2024 global cybersecurity trends that defenders can study to prepare themselves for the threats of 2025. The Top 10 Cyber Threats of 2024 had several interesting themes, such as aggressive cyber espionage campaigns from Russia and China, new cases of state-sponsored cybercrime from Iran and North Korea, ground breaking ransomware attacks, and multiple disruption events that were notable. #1 The Snowflake Campaign This year, Snowflake was the center of a historic data breach campaign . Snowflake is a cloud-hosted service that allows companies to store huge datasets. In May, up to 165 customers had their databases accessed and stolen using valid login credentials. In June, the stolen data was offered on the English-speaking cybercrime community known as BreachForums, which was resurrected following a takedown by the FBI earlier in the year. The aftermath of the Snowflake campaign has been staggering. The publicly known impact ...

Cyber Threat Intelligence for Autodidacts

Image
Introduction Cyber Threat Intelligence (CTI) analysts come from diverse backgrounds, and their roles can vary a lot depending on the type of organisation they work for. The path to becoming a CTI analyst can follow one of several routes, such as moving from Security Operations Center (SOC) and other information security roles, joining from university, or from law enforcement or military backgrounds. I’ve also met many who have radically changed trades and reskilled from jobs such as secondary school teachers to bar and hotel staff with great success. CTI teams can also vary significantly in their structure and focus. Some analysts work for vendors, providing intelligence to multiple clients across industries like, for example, Recorded Future’s Insikt Group. Others serve as defenders within a single company, working to protect that organization’s assets like, for example Equinix’s ETAC team. There are analysts who operate within government agencies as well, such as intelligence, se...