@BushidoToken Threat Intel

Artwork by @laelcillustrate As someone who works in the cybersecurity industry and reports on new cyber attacks daily, there are not many threats from the internet that can actually scare me. However, Andy Greenberg’s Sandworm did just that. This book uncovers some of the first recorded instances of cyber warfare attributed to Russia’s Main Intelligence Directorate or GRU. The elite hackers that make up this military unit are the definition of an advanced persistent threat (APT). This vastly resourced group, mainly targets Russia’s neighbours such as Ukraine, Estonia, and Georgia. It is now commonly referred to and recognised by the USA, the UK, and NATO as Sandworm and is responsible for some of the most terrible cyberattacks in the last few years. Attacks such as NotPetya, Industroyer/Crash Override, Bad Rabbit, and Olympic Destroyer were all attributed to Sandworm. It’s tactics, techniques, and procedures (TTPs) have overlapped with another well-known Russian cyberespionag

I was recently introduced to this nice feature of urlscan.io which lets you search phishing pages via image hashes. I quickly realised how this could be a powerful tool.  A hash, by definition, is the unique numerical fingerpint made of the total sum of a file's components. Hashing a file includes using an algorithm that calculates a unique fixed-size bit string value from the file. It was then shown to me that you could take the file hash of an image from a website and then use it to find all websites that contain the same hash and image.  Most phisherman are lazy and will just steal the contents of an entire website, clone it, and host it on their own server to begin harvesting credentials from unsuspecting victims. I decided to test how useful this feature was from a site (gov.uk) that is often used to scam victims out of their payment details, personally identifiable information (PII), and other sensitive data. I chose to use the logo from the site: 

“Cyber espionage is a form of cyber attack that steals classified, sensitive data or intellectual property to gain an advantage over a competitive company or government entity.”  - VMWare Carbon Black Recent news surrounding cyber espionage acts attributed to the US and China have reinvigorated my interest in the state of cyber relations between the two superpowers.  It all started with APT1’s disclosure by Mandiant back in 2004. Ever since Chinese cyber espionage campaigns have been waged against the US and Western world. It is now well-documented that the Chinese government has state-sponsored hacking groups to infiltrate companies with some of the most valuable intellectual property out there. China may justify this how it chooses, the fact remains the government is still targeting private enterprises to steal sensitive information and industrial secrets. However, the US has also partaken in its fair share of cyber espionage directly against Chinese government en

State-sponsored groups and cybercriminal gangs continue to benefit from the global confusion and concern surrounding the coronavirus. Due to the contagious nature of the virus it is causing more and more people to work from home, dramatically increasing the threat surface with potential victims leaving home devices unprotected by corporate detection systems. The World Health Organisation (WHO) has now issued a global warning for the rise in coronavirus-themed phishing emails impersonating the organisation. As COVID-19 spreads around the world, the Global Business Travel Association (GBTA) stated the virus could cost the tourism industry some $47 billion per month. Airlines and package tour operators agree, with the International Air Transport Association (IATA) predicting almost $30 billion in lost flight sales.  There are fears that China’s economy will contract by more than forecast in the first quarter after the country’s manufacturing sector reported record low activity