Triaging the Week 002

Triaging the Week

Hello there 👋

Welcome back to the Kraven Security weekly newsletter. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!

This week we saw a growth in China’s influencer campaign as it seeks to exchange cash for content that promotes its agenda (so China’s basically a YouTuber now). The week was also littered with ransomware news from double dip attacks on hospitals to Lazarus Group’s cryptohacks take home pay being revealed (it’s a lot). We even saw a space agency struggling to secure Active Directory. Does that mean securing AD is harder that rocket science 🤷

Let’s jump into this week’s top news stories.

Top 5 News Stories

News Stories

Story #1: China’s influencer game just got much bigger!

An eye-opening policy brief by the Australian Strategic Policy Institute (ASPI) reveals how Beijing is fostering foreign alliances with influencers for propaganda purposes. According to ASPI, China is granting access to its massive online market in exchange for content that promotes its agenda and spreads its desired narratives worldwide. This means influencers get to tap into China’s internet and global platforms, opening up a world of opportunities for them. 

(I can confirm that I am not a Chinese influence… yet).

Source: The Register

Story #2: Healthcare Giant Hit Twice by the Same Gang

Not once but twice! Healthcare giant Henry Schein has experienced not one but two cyberattacks this month from the BlackCat/ALPHV ransomware gang. This comes after their network was breached in October as well. 

This story demonstrates the importance of strong incident response and thorough clean-up after a ransomware incident!

Source: Bleeping Computer

Story #3: Google Chromes 6th Zero-Day in 2023 is Being Exploit

Another week, another Chrome zero-day. Google has released an emergency update to fix their 6th zero-day that has been exploited in 2023. It is likely this one has been exploited in spyware attacks targeting high-profile individuals like journalists and opposition politicians.

Make sure you update your Chrome web browser! 

Source: Bleeping Computer

Story #4: Japan’s Space Agency Comes Under Attack

Active Directory is hard to secure, even for space agencies!

In a revealing update on cyber security challenges faced by national agencies, Japan’s Space Exploration Agency (JAXA) has disclosed a significant cyber attack. While managing outer space complications due to an electrical fault, JAXA’s encounter with this cyber security threat highlights the ongoing risks in cyberspace for even the most secure organizations. 

This incident has prompted a critical look at their Active Directory infrastructure as they investigate the breach’s origin. 

Source: The Register

Story #5: North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

In a revealing analysis, the notorious Lazarus Group, with ties to the DPRK, has been identified as a major player in cryptocurrency theft, amassing an estimated $3 billion since 2017. This strategic move towards digital asset heists comes as the group seeks innovative ways to bypass international sanctions. 

The full scope of these cyber activities highlights the increasingly sophisticated landscape of cryptocurrency security threats. This is a grave reminder of the persistent threats in digital finance.

Source: Recorded Future

Learning Resources

Learning Resources

John Hammond and LiveOverflow Debate the Ethics of Hacking

John Hammond and LiveOverflow had a fascinating conversation on the ethical concerns around phishing, malware development, and hacking this week. Be sure to give it a listen when you get a chance!

Kostas Takes You Behind the Scenes of His Threat Hunting Methodology

In his latest blog post, the awesome Kostas of DFIR Report fame takes you behind the scenes of his threat hunting methodology. It details the daily grind of a threat hunter, showcases his investigative process step-by-step, and offers unique insights you can learn from.

Behind the Scenes: The Daily Grind of Threat Hunter

Wade Wells Gives Epic Presentation on Getting Started with CTI

A great presentation from Wild West Hacking Fest (WWHF) by Wade Wells was showcased on the Antisyphon Training YouTube channel. It details how to get started in cyber threat intelligence. It is an excellent resource for anyone looking to break into the field or wanting to know more about what CTI analysts actually do.

Advent of Cyber 2023 Kicks off Today

The month-long cyber security challenge offers daily hands-on exercises to help you learn new cyber skills and interact with the larger community. Whether you’re a seasoned cybersecurity professional or just beginning your cyber adventure, this is the perfect chance to hone your skills, unravel new techniques, and connect with like-minded enthusiasts.

I always recommend doing it to those just starting out in cyber (or if you want to replace your chocolate advent calendar).

TryHackMe | Advent of Cyber 2023

Feature Article

The Ultimate Cyber Security Notetaking App

📢 Exciting News! Discover the Ultimate Cyber Security Notetaking App: Polarity🚀

In this digital age of online work, managing information is crucial. That’s why I am thrilled to share with you the ultimate notetaking app developed specifically for cyber security professionals: Polarity. Say goodbye to juggling multiple tools and welcome a unified application that enhances your workflows.

Polarity is a powerful search tool that integrates with internal and external data sources, allowing you to search your organization’s resources simultaneously. Need information on a domain name? Polarity will comb through datasets and return everything you need in one place. Plus, you can build your own custom integrations specific to your company.

But that’s not all! Polarity’s notetaking capabilities are tailor-made for cyber security professionals. Add annotations to enrich your discovered information and avoid duplicating analysis efforts, and tag items to track threat actors, campaigns, incidents, and more.

Read Now

Personal Notes

Personal Notes

🤔 Another week has blown by at Kraven. The final big push to get the website up and running has come to an end with QA being complete. Can’t wait to announce it very soon! 

We also had a big push on getting automations in-place to help is deliver more content, more efficiently and to provide you with greater value. With the launch of the new website imminent this gives us the opportunity to expand our repertoire and teach you the skills needed to succeed in threat intelligence, threat hunting, and building your own custom tools.

I personally took a deep dive into cloud computing this week, a fascinating technology which is awesome to learn about. I recommend everyone take the free AWS courses on offer and add another skill to their toolbelt. Hopefully, there will be some content on using the cloud in the future.

Have a great weekend and get going on Advent of Cyber!

Back to top arrow

Interesting in Learning More?

Learn the dark arts of red teaming

If you want more of a challenge, take on one of their certification exams and land your next job in cyber:

Learn more cyber security skills

If you’re looking to level up your skills even more, have a go at one of their certifications: