Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top 5 News Stories
Cybercriminals Look for Telegram Alternative
Cybercriminals are seeking alternatives to Telegram due to increased scrutiny and law enforcement collaboration following the arrest of its founder, Pavel Durov, and his subsequent pledge to combat illegal activities on the app.
Top 4 takeaways:
👮 Telegram has since implemented new content moderation policies that are affecting cybercriminal activities and raising concerns operational security for cybercriminals.
😈 Despite this, many criminals remain on Telegram due to its extensive features, like encrypted messaging, and large user base.
📲 Some are considering platforms like Jabber, Tox, Matrix, and Session, but none fully match Telegram’s functionality for illegal activities.
👀 The shift presents challenges and opportunities for cyber researchers tracking criminal activities.
U.S. Telecoms Companies Hacked to Target Government Wiretapping Platform
U.S. telecom giants AT&T, Verizon, and Lumen Technologies were hacked by the Chinese threat group Salt Typhoon
Top takeaways:
🇺🇸 The attackers targeted systems handling wiretapping requests from the U.S. government.
🛜 The breach, believed to have lasted months, aimed to collect sensitive internet traffic.
🌎 Apart from breaching service providers in the U.S. Salt Typhoon also may have hacked similar entities in other countries, predominantly in Southeast Asia.
🕵️ Investigations are ongoing to assess the scale of data exfiltration and how the hackers gained access, potentially through vulnerabilities in Cisco routers.
Vulnerable APIs and Bot Attacks Cost $186 Billion Annually
Businesses are losing between $94 to $186 billion annually due to vulnerable APIs and bot attacks.
Top takeaways:
💰 The report from Imperva examines the financial toll of API and bot attacks, estimating that such threats could cost businesses billions annually. It outlines how vulnerable APIs and bot-driven attacks lead to data breaches, service disruptions, and revenue losses.
🌎 These security threats, especially targeting large enterprises, account for a significant portion of global cyber incidents.
📈 API insecurity and automated bot abuse are increasingly interconnected, with bots exploiting API vulnerabilities for malicious activities like credential stuffing and DDoS attacks.
🛡️ To mitigate risks, companies need robust API security and bot management strategies.
GoldenJackal APT Targets European Government Air-Gapped Systems
Hackers have successfully breached European government air-gapped systems using custom malware, revealing significant vulnerabilities in supposedly secure networks.
Key takeaways
🛡️ An APT group, GoldenJackal, exploited air-gapped systems with tailored malware, demonstrating a leap in cyber espionage tactics.
🔗 The attackers utilized USB drives to transfer malware between internet-connected and isolated systems, bypassing physical security measures.
📂 The malware, including tools like GoldenDealer and GoldenRobo, focused on stealing sensitive data like emails, encryption keys, and documents.
🔍 Two distinct sets of custom tools were used over different attacks, indicating an evolving and sophisticated threat landscape.
🌐 The activity, detected from 2019 to 2024, underscores the persistent and adaptive nature of cyber threats against high-security environments.
Telephone-Based Malware Delivery Tactics Unveiled by Intel471
Attackers now use phone calls to trick victims into downloading malware, bypassing traditional cyber defenses. Intel471 reports on this evolving threat where your phone becomes the front line.
Key takeaways:
📞 Direct Contact: Attackers are initiating contact via phone calls, posing as legitimate entities to lead victims into downloading malicious software, exploiting human trust.
📧 Multi-Channel Approach: Beyond just calls, there’s a noted use of emails and messages to create a false sense of urgency or legitimacy, pushing for immediate action from the victim.
🛡️ Defense Evasion: This method sidesteps many current cybersecurity measures focused on digital entry points, making detection and prevention more challenging.
🧑🤝🧑 Social Engineering: The technique heavily relies on social engineering, where psychological manipulation convinces individuals to compromise their own security.
🔍 Research Insight: Intel471’s analysis indicates an increase in these tactics, suggesting a trend where attackers leverage direct human interaction over purely technical exploits.
Top Tips of the Week
Threat Intelligence
- Collaborate with CTI teams from different industries. Gain insights into diverse threat landscapes and enhance overall detection capabilities.
- Incorporate CTI into cyber crisis management plans. Use real-time intelligence to inform crisis response and mitigation efforts.
- Integrate CTI with threat modeling. Identify potential threats early in the development process for stronger security postures.
- Regularly review and update threat intelligence policies. Adapt to evolving threats and ensure alignment with organizational goals
Threat Hunting
- Stay informed on threat intelligence trends. Knowledge of emerging techniques empowers more effective threat detection.
Custom Tooling
- Stay informed about emerging technologies. Leverage new tools and frameworks to enhance the capabilities of your custom solutions.
- Collaborate with threat hunting teams for custom tool development. Enhance tools with capabilities that align with proactive threat detection strategies.
Feature Article
MISP (Malware Information Sharing Platform and Threat Sharing) is an open-source threat intelligence platform that allows you to share, collate, analyze, and distribute threat intelligence.
Today, you learn to use this API to make the most of your MISP instance. You will see how to get statistics about your MISP instance, search for attributes and events, and visualize data you’ve added to your instance.
Learning Resources
Discover the Power of AI Prompting
AI is here to stay. You need to learn how to use it. Discover how a single AI prompt can be the key to crafting perfect content across platforms like LinkedIn, Twitter, YouTube, and more!
With the “Role, Task, Context” method, you can guide AI to consistently produce accurate, engaging, and platform-specific content. Whether you’re writing blog posts, social media updates, or even YouTube scripts, this method saves you time and effort while ensuring quality results every time.
Create Stunning Infographics Using AI
Transform your ideas into stunning visuals in seconds with Napkin AI, a revolutionary tool that brings complex concepts to life effortlessly! In this YouTube video, the creator demonstrates how to use this free AI tool to turn a simple text outline into dynamic visual diagrams in just a few clicks.
Whether you’re working on sales funnels, infographics, or onboarding flows, Napkin AI offers numerous customizable styles—from ladders to process funnels—that can fit your needs. No graphic design skills required!
Cybercriminals Unite: The Dynamic Duo of Russian and Western Hackers!
In the fascinating presentation, Will Thomas delves into the growing collaboration between Russian and Western hackers. Focusing on the “ransomware gig economy,” the video explains how this dark partnership involves initial access brokers, ransomware affiliates, and ransomware operators working together.
From notorious groups like Lapsus$ to Evil Corp, he reveals how teenage hackers from the West collaborate with Russian cybercrime organizations to launch devastating ransomware attacks on major corporations like Microsoft, Uber, and Coinbase.
Unlock the Power of NotebookLM
Whether you’re managing projects, tracking personal hobbies, or making important life decisions, NotebookLM is your go-to tool for staying organized and efficient. With its ability to transcribe, summarize, and even create audio briefings from your materials, it’s perfect for handling complex industries or even daily personal tasks.
From business strategies to health tracking, the versatility of NotebookLM makes it a game-changer for anyone juggling multiple projects or trying to stay ahead in today’s fast-paced world. This video explores 10 innovative use cases for NotebookLM, from creating personalized podcasts to competitive market research and even decision-making processes.
Personal Notes
🤔 This week, the team and I concluded our MISP YouTube series and started work on videos focused on key cyber threat intelligence topics. The shift from technical demonstrations to explainer videos has been a new challenge because you cannot just rely on screen records to tell a story. Instead, B-roll, VFX, and graphics need to come together to provide a compelling narrative.
Also, this week, I discovered the reading library website Packt. I have read a few of their books before but this week I found out they had a pretty cool reading library equipped with a great eBook reader, AI tools, and more. It made consuming technical content easy!
I recommend giving the platform a try if you enjoy reading about technical topics, anything from AI to programming to cyber security.
As always, enjoy the learning resources and have a great weekend!
