Showing posts from 2022

Ofgem Energy Bill Rebate Phishing Fraud

  On 3 February 2022, the The UK Office of Gas and Electricity Markets (Ofgem) issued a warning that there has been a "record increase in global gas prices" which saw an "energy price cap rise of 54% "; adding that " Ofgem knows this rise will be extremely worrying for many people ". That last sentence is precisely why phishing threat actors are beginning to use Ofgem-themed lures as a pretext for phishing attacks to target and defraud UK-based users online.  On 17 May 2022, Ofgem issued a warning  " of a scam email claiming to be from Ofgem asking for bank details so customers can get a rebate ". This was followed by an alert from UK Action Fraud stating it has  received "over 750 reports in just four days about these fake O fgem  emails". The UK NCSC also included the warning in its Weekly Threat Report. On 20 May 2022, while researching newly phishing pages a recently created Ofgem-themed page was discovered submitted to URLscan.

Gamer Cheater Hacker Spy

The title of this blog is a homage to the film Tinker Tailor Soldier Spy and presents the fact that video games and cheating is also tied to hacking and spying. It is a common trope in cybersecurity that professionals first became interested in the field through an encounter while playing games.  Speaking personally, I first became enthralled with hacking in 2008 by matching against some modders using hacked weapons while playing  Halo 3   (my favourite game of all time). This blog aims to highlight why monitoring the video game industry is important for cyber threat intelligence analysts hunting down the latest threats. Video games and hacking are very intertwined. Many hackers start out by creating cheats for games, and have to play the games to begin with to learn how to hack them.  There are also several notable incidents whereby hacking in video games escalated to become critical issues for the software development industry and enterprise security realms. This includes zero-day ex

Lessons from the Conti Leaks

  If you wanted to learn how an organized cybercriminal operation worked, look no further than the threat group known as Conti. The recent leaks of the group's chat logs have uncovered an unprecedented wealth of information and insights into how these veteran cybercriminals organize themselves.  Cyber Threat Intelligence (CTI) vendors and independent researchers have spent weeks poring over the Conti leaked chat logs and have uncovered dozens of very significant findings.  In this blog, I didn't want to duplicate what is already known (too much). I wanted to share some of the findings that I thought were the most interesting to me. To rapidly get up to speed on the Conti Leaks, I highly recommend other researchers to read the work in the following blogs: ht

One Way Or Another: Initial Access Vectors

  Artwork by  @laelcillustrate The aim of this blog is to highlight initial access techniques that you’ve potentially not heard of before. You're u nlikely to find these in the Mitre ATT&CK framework and these are pretty u nlikely to happen day-to-day, but they are perfectly valid for persistent attackers. How to implement detection for these techniques also d epends on your threat model and who is trying to target you or your organisation.  Traditional initial access techniques for common threats such as Ransomware operators or Advanced Persistent Threat (APT) groups include  phishing for credentials, malicious spam containing malware, obtaining RDP credentials via brute force or purchasing them from underground markets, and exploiting a vulnerability in a public-facing system.  The techniques discussed in this blog, however, r equires a bit more determination, opportunism, and lateral thinking. >> I've added some " Bushido comments"  offering my own opini