Red-Team is the best simulation you can do to improve your network security against APTs.
Active Directory has existed since Windows 2000 Server edition. It was designed to give companies and their users a great UX for single sign-on and easy integration with other applications. For a normal Active Directory Domain User, it’s like having a Google search engine inside yellow pages:
This enables the attacker to gather information without raising alarms in the target environment. The hacker uses reconnaissance to learn where sensitive data is and what the high privileged accounts are so that he can formulate a plan. From Microsoft’s perspective, this is not a vulnerability or security issue since it’s by design that they allow other great functionalities to work for the domain environment. From a hacker’s perspective, this “Google Search” of the company’s domain is GOLD. Read More..
1. People are still the most vulnerable asset in the organization:
a. 1 in 14 users were tricked into opening an attachment or following a link
b. 80% of hacking-related breaches leveraged either stolen and/or weak passwords
APT32 (aka Ocean Lotus), a threat actor observed by FireEye since 2014 allegedly connected to the Vietnamese state, is targeting multinational businesses with interests in Vietnam, both from the private sector and from government related institutes.
Among the victims, you can find technology infrastructure, network security, consulting firms, banking, media, hospitality, consumer products, government agencies, research institutes, maritime agencies, sea construction, shipping enterprises, and even journalists, activists, regime dissidents and bloggers.
It’s been a few days since the ransomware WannaCry wreaked havoc across the globe. Now after few nights of rest and reflection, I want to look at what this incident means for the state of cyber security.
According to an announcement from the Israel National Cyber Defense Authority, from April 19 to April 24, there was an ongoing attack on more than 120 Israeli academic, pharmaceutical, and government organizations. A total of 250 phishing emails were involved in the attack.
According to almost every cyber security vendor, the biggest trend in the last few years is the use of Non-Malware attacks. Scripting languages are becoming more prominent than before—a few lines of PowerShell code can be used as a full hacking toolkit, open source hacking frameworks based on PowerShell and Python are easily accessible, and the bad guys are taking advantage of the “new reality” we’re living in.
The main goal for nation-state actors working for intelligence purposes is to establish a consistent and reliable digital presence. Whether or not they have an active operation, they need to be ready to launch a campaign at any time. To do so, they need to be deployed all the time.
APT10—allegedly a Chinese threat actor—has come up in the news recently, this time running a campaign known as Operation “Cloud Hopper”.
Chinese actors are the main suspect based on malware compilation time and interactive hacking activities, but there’s a chance that this is a deception attempt to manipulate the forensics evidence.
Edward Snowden was right about CIA hacking activities: they are going to lose control of their “weaponized gun” — and it’s going to be ugly.
On March 7th, 8,761 documents and files were leaked from the CIA to Wikileaks introducing the scope and direction of the CIA’s global covert hacking program, its malware arsenal, and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products: Apple iPhone, Google Android, Microsoft Windows, and even Samsung smart TVs, which are turned into covert microphones.