Amateur Security Archaeologists, trying not to break things.

Category: Security (Page 2 of 14)

What’s causing Mike’s Indigestion now? Someone’s entered the “find out” stage (20 June 2024)

Good day, folks! It’s been more of the same for security practitioners around the world. Increasing rates of ransom, leaks, and vulnerability announcements continue to climb. That said, interesting new news hit this week, with mixed results for cyber crime outfits. Let’s talk about ALPHV and Scattered Spider and look at some good guidance on MFA. We’ll also take a look at the other fun developments.

Continue reading

Collection: How Attackers Gather the Loot Before Being Caught

In last week’s post, we tool at look at how attackers move laterally. They do this to get to their goals and to better entrench themselves. Whether the adversary is an APT or special forces unit, gathering information is critical to the success of any mission. If there are exceptions, they’re probably limited to bombardments (in physical warfare) or Denial of Service (DoS) attacks (in cyber). It’s tough to have long-lasting effects without going further than those brute-force attacks. FThe information may be the end goal, or it may be essential to achieving it. The next MITRE ATT&CK tactic is Collection. Let’s look at how almost every adversary on the very diverse spectrum of threats needs it.

Continue reading

What’s causing Mike’s Indigestion now? Do you recall, Central Park in Fall? (13 June 2024)

Good evening, folks! It has been a while since my last news update. You probably recall that these have gotten a lot longer over time, so in an effort to respect our time, I will change my approach and aim for shorter. Lots to unpack lately, but one of the headline grabbers is all about setting bad precedents in ransomware response. Microsoft made one of the most confusing decisions for ‘security’ that anyone has seen, and we’re also going to have a lot more AI-related news, so let’s buckle up!

Continue reading

Lateral Movement: a ruthless pivot from invasion to infection!

It has been almost a month since my last MITRE ATT&CK Tactic-focused entry, and I apologize! When we discussed Discovery, we saw many ways adversaries explore the target environment after Initial Access. Depending on the threat, that information might be used for any number of malicious goals. Threat actors locate files and credentials of interest and uncover details of defenses and configurations. They could learn compromising information about a victim. Many aim to gain illicit access into victim’s financial or intellectual property. Almost every threat actor plans on expanding their reach and to pivot throughout an environment. This “lateral movement” allows the attacker to spread activities out, impact more systems, and achieve even greater levels of persistence. Whether a cyber adversary or an invading army, lateral movement is essential to many other goals or tactics. So let’s take a look at how the ATT&CK tactic of Lateral Movement works!

Continue reading

Discovery: Now what do we have here?

The 9th tactic in the MITRE ATT&CK Enterprise Matrix is a fun one. ATT&CK’s Discovery is essential in any operation. No matter how solid the recon efforts are prior, circumstances change. All of the preparation in the world can’t replace updated intelligence. To be effective and achieve the end goals, adversaries need to dig deeper and gain knowledge of the environment. Both physical adversaries and cyber adversaries practice this behavior, but with slightly different stakes. In both cases, the discovery efforts not only help refocus the operation and steer towards objectives, but it also offers intel that can help the adversary cover their tracks. Let’s take a look at how discovery happens and what it can bring!

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights