Showing posts from February, 2020

OSINT blog: Exposed PII

“Information does not have to be secret to be valuable. Whether in the blogs we browse, the broadcasts we watch, or the specialized journals we read, there is an endless supply of information that contributes to our understanding of the world. The Intelligence Community generally refers to this information as Open Source Intelligence (OSINT)” - Central Intelligence Agency, United States of America The story for this blog is based on true events surrounding an OSINT investigation I undertook. The mission included two companies, one software developer, and over 100 employees who had their personally identifiable information ( PII ) exposed online. This was an investigation on behalf of a large company that has been a victim of Emotet attack campaigns, and has been targeted by state-level threat actors (also known as APTs).  For the purpose of this blog, let us call this large company: “Company A” Part of my work involves monitoring for threats that face Company A a

The most dangerous malware in the world: Emotet

To earn the title ‘most dangerous malware in the world’ is not a simple task, due to the abundance of cybercriminals and nation state threat actors who are continuously working towards that goal too. However, it is not something you can wave proudly as it requires anonymity and the capability to operate with impunity from locale in which you reside, or without that country's knowledge (very unlikely). The usual suspects on the world stage of malware development can include Russia, China, North Korea, and Iran. But other groups pop up here and there such as, the US and UK for example, or even Israel, which like to do it with discretion - unlike their counterparts. At this moment in time, Emotet is widely believed by the security industry to be the most dangerous in the world. First identified in 2014, this Trojan downloader has gripped the security community since its return in September 2019, after a several month long Summer vacation . Emotet has a complex infection

Deep-Dive: The Lazarus Group

“The North Korean-based Lazarus Group is a state-sponsored hacking organization responsible for some of the costliest computer intrusions in history, including the cyber attack on Sony Pictures Entertainment, a series of attacks targeting banks across the world that collectively attempted to steal more than one billion dollars, and the WannaCry ransomware attack that affected tens of thousands of computer systems across the globe. ” - Federal Bureau of Investigation, US Department of Justice. Although it may seem unusual to those outside of the security industry, North Korea presents one of the greatest cyber threats on the global stage, to the financial sector, to critical infrastructure, to multinational conglomerates, and it will employ cyber-espionage and cyber-warfare against the regime's opposition. The main way security researchers and vendors track North Korean activity is through attributing attacks to the Lazarus advanced persistent threat (APT). However, this gr