Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Impact: When Attackers Just Want to Watch the World Burn

In our journey through the MITRE ATT&CK framework, we’ve explored how attackers gain access, establish persistence, and steal data. But what happens when adversaries decide to break things, or to show the defenders that they are in charge? This last post covers ATT&CK’s Impact tactic – the cyber equivalent of leaving a calling card, often with devastating consequences.

Continue reading

Exfiltration: The Attacker’s Great Escape with Your Data

In our Collection post, we examined how attackers collect valuable information within a compromised environment. Once adversaries have gathered their loot, the next crucial step is to smuggle it out. This brings us to the MITRE ATT&CK tactic of Exfiltration. Let’s explore how various threat actors, from cyber criminals to nation-state operatives, execute this critical phase of their operations.

Continue reading

What’s Causing Mike’s Indigestion Now? We’re obsessed with the wrong snowflakes (28 June 2024)

Good day, folks! Another week, another headline-grabbing security incident seems to be dominating the discussion. And I am not talking about Tim Weah’s testy red card vs. Panama, or whatever comes out of the debate tonight. I am talking about a slow boiling issue that impacts all of us. After the last month’s buildup, Snowflake is in the spotlight, but don’t be fooled – this isn’t just about one company’s identity problems, and it has ripples through many. Let’s dive into why Snowflake’s woes are a wake-up call for all of us, and what else it might mean for how we tackle

Continue reading

Command and Control: This is Major Tom to Ground Control

In our last post, we explored how attackers gather valuable information through the Collection tactic. Once adversaries have a foothold and have collected data, they need a way to maintain control over compromised systems and coordinate their activities. In military operations, you’ll see a mix of overt and covert forms of communications. But we know they are happening. Without them, the various units involved would be uncoordinated and the attack would fail before major objectives could be accomplished. Cyber adversaries need this sustained control as well. Payloads are unable to act autonomously for long. And exfiltrating data without it is futile. This is where the next MITRE ATT&CK Tactic comes into play: Command and Control (C2). Let’s dive into how attackers use C2 to orchestrate their operations and why it’s a critical component of almost every sophisticated cyber attack.

Continue reading

What’s causing Mike’s Indigestion now? Someone’s entered the “find out” stage (20 June 2024)

Good day, folks! It’s been more of the same for security practitioners around the world. Increasing rates of ransom, leaks, and vulnerability announcements continue to climb. That said, interesting new news hit this week, with mixed results for cyber crime outfits. Let’s talk about ALPHV and Scattered Spider and look at some good guidance on MFA. We’ll also take a look at the other fun developments.

Continue reading
« Older posts
Verified by MonsterInsights