Good morning folks! I have some updates on the threat side of things that I think are interesting and might help in conversations with your friends and colleagues.

We’re now entering the “Find Out” phase. I guess this is growing up?

Who’s scared now?

Scattered Spider, the folks thought behind the MGM and Caesars breaches, are under some serious pressure! The FBI is turning up the heat on the folks who brought us novel vishing attacks and exposed some Okta soft spots. Looks like those knuckleheads are US and UK based, which does not bode well for them. This might explain why they have been a little quiet of late.

  • Want to know more? https://www.theregister.com/2023/11/17/fbi_scattered_spider_action/
  • Want to get nerdy? see their TTPs outlined here – https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/

Victim Shaming indeed

In the “brazen idea no one had on their bingo card” department, the ransomware outfit AlphV decided that they were not getting enough of a reaction from a recent target, and decided to step up the pressure to pay by reporting the victim to the SEC for not providing a timely disclosure! It could be that they overplayed their hand – in the complaint they brought up the SEC rule about filing within 4 days of noticing a breach, but too bad for the bad guys, this rule isn’t yet in effect (give it a month). Still though, the gall of these folks? They know that Uber and Solarwinds CISO legal action have folks spooked too. And unlike Scattered Spider, these folks are safely operating in Russia, free of consequences. Unreal.

  • Want to know more?: https://arstechnica.com/security/2023/11/ransomware-group-reports-victim-it-breached-to-sec-regulators/
  • Want to get nerdy? Learn about these d-bags and lock them out – https://www.ic3.gov/Media/News/2022/220420.pdf

Tak for the Knowledge share, mine venner!

The Danish org SektorCERT provided an amazing report on a recent critical infrastructure attack that they saw. This is a fascinating look at the timeline and TTPs involved, and is a great example of sharing lessons learned that can really benefit others. The most striking thing is the efforts to avoid detection, involvement of Sandworm, and references to one of the only two good submarine movies made.

Things I am keeping an eye on myself?

  • Mr. Cooper (a mortgage service company) was hit with an outage now known to be a cyber incident.
  • We talk a ton about AI, but mark my words – quantum will be our next big topic soon enough. This Europol brief does a great job explaining the nuances of this huge disrupter!
  • Lloyds of London is warning about the severity of a cyber attack against payment systems costing our world economy upwards of $3.5 TRILLION in a hypothetical scenario. That is a lot of cash, but I am sure the cryptocurrency fans have us covered (?).
  • If you use services like Grammerly, good luck. We already have concerns over their potential use of the data they scan to be your remedial English teacher, but now there are serious OAuth flaws in it and other platforms. Yet another reason to have segmented accounts for different SaaS applications!

I hope you all have a great weekend, and please feel free to reach out if you need to shoot the breeze about any of the above!