Triaging the Week 005

Triaging the Week

Hello there 👋

Welcome back to the Kraven Security weekly newsletter. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!

The final week before Christmas has gone out with a bang. We saw adversaries using new tradecraft as they abuse GitHub for command and control, the FBI executing a major disruption operation against the Blackcat (ALPHV) ransomware gang, and the Lapsus hacker getting a life sentence to hospital. 

At Kraven we have continued our series on cyber threat intelligence (CTI) definitions and key concepts. The series is focused on providing you with the fundamental knowledge and language to succeed in CTI and we look forward to releasing more articles in 2024!

Let’s jump into this week’s top news stories.


Top 5 News Stories

News Stories

Story #1: MongoDB Comes Under Attack

The database company MongoDB disclosed a recent cyber attack that led to the exposure of customer data. The company detected the breach Wednesday (December 13th) and found the hacker gained access to customer account metadata and contact information. The investigation is still ongoing. MongoDB recommend:

  • “be vigilant of social engineering and phishing attacks” 
  • “implement MFA” if you are not already doing so

Source: Bleeping Computer

Story #2: The Top 7 Trends Shaping Software as a Service (SaaS) in 2024

As we round out 2023, let’s take a look at the top 7 trends shaping SaaS security in 2024 according to The Hacker News. As SaaS becomes the backbone of corporate IT, it’s crucial to stay updated on the latest developments in security. Here are the top trends influencing the state of SaaS Security for 2024 — and what you can do about it.

Source: The Hacker News

Story #3: Hackers Abuse GitHub to Evade Detection and Control Victims

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. Adversaries have occasionally used public infrastructure services (e.g. Dropbox, Google Drive, OneDrive, Discord, etc.), but using GitHub represents an evolution in this trend. The abuse of Git Gists and commit messages for command delivery is an emerging threat to be aware of.

Source: Reversing Labs

Story #4: FBI Disrupts Blackcat (ALPHV) Ransomware Operations

The FBI achieved a significant milestone in the fight against cyber threats by disrupting the Blackcat ransomware operation and creating a decryption tool. The US security service managed to conduct operations that led to them gaining access to ALPHV’s infrastructure, siphon decryption keys, and help 500 victims recover their files for free (saving approximately $68 million in ransom demands).

Source: US Department of Justice (DOJ)

Story #5: Lapsus$ Hacker Sentenced Indefinitely to a Hospital

Hacker Arion Kurtaj who was one of the leading members in the Lapsus$ hacking group has been sentenced  to life in a secure hospital. The teenager was involved in the group’s hacking spree in 2022-2023 which saw them compromise Rockstar Studios (makers of Grand Theft Auto), Nvidia , BT/EE, Samsung, and more. 

Some people (mainly outside of the cyber community) are calling for the kid to get a job. However, this is a stark reminder of the responsibility and trust needed to be considered a cyber security professional. As this kids found out, play stupid games and win stupid prizes.

Source: BBC News


Feature Article

What is Cyber Threat Intelligence?

Excited to share this quick guide to Cyber Threat Intelligence (CTI)!

You’ve heard about CTI, but do you really know what it is and how it empowers organizations in the cyber security landscape? This quick guide demystifies CTI, diving into its key components and how it’s used. Discover how CTI enhances security operations, streamlines incident response capabilities, and more!

Dive in and learn more about CTI here.

Read Now


Learning Resources

Learning Resources

IAM and Detection Engineering

Sekoia released a great article this week that dives into the importance of IAM event detection, explaining why it is essential in today’s cybersecurity world and how it can enable organizations to proactively protect their systems, data and sensitive information. Check it out if you have a role in securing any cloud environment!

Source: Sekoia

Triad of Success: Education, Experience, and Networking

Wade Wells walks you through how to be successful in the cyber security industry by combining education, experience, and networking. Definitely worth a watch if you are looking to jump into the industry or move up the ladder.

Microsoft Releases Incident Response Guide

Microsoft has released an updated incident response guide that details the best practices for security teams and leaders! The guide walks you through all the stages of an incident, from planning to remediation, and uses a real-life example for demonstrations. Give it a read if you have to respond to cyber incidents in your organization.

Source: Microsoft Security

Comptia Security+ Exam Practice Questions and Tips

The CompTIA Security+ exam tests your cyber security knowledge across a wide range of topics to ensure you are ready for an entry-level role. The best way to prepare for this exam is by studying and answering CompTIA Security+ practice questions.

Practice questions help you assess your current knowledge, allow you to identify areas that need improving, and let you accurately determine if you are ready to take the real exam. They are an essential piece of preparing for your Security+ exam.

This article gives you a taste of what to expect on the real exam by providing multiple-choice and performance-based (PBQ) practice questions. You can interactively test your knowledge using these questions across all five of the Security+ domains. This is not an exhaustive list of everything you will be tested on in the Security+ exam. Just a glimpse of what to expect.

Source: StationX

Learn to Deploy AWS Resources with Terraform

This demonstration shows you how to use an Infrastructure as Code (IaC) tool (Terraform) to create an AWS development environment. The automated deployment of lab environments is a huge topic in cyber security and a useful skill to master.

Elevate Your Cyber Threat Intelligence Skills for Free

MITRE has awesome free training that covers what the MITRE ATT&CK framework is and how you can use it for threat intelligence. The material is delivered in video lectures you can easily follow along with and even includes exercises for you to practice your new skills. 

Source: MITRE ATT&CK


Personal Notes

Personal Notes

🤔 That will do it for 2024! At Kraven we are taking a break for the holidays, no article or newsletter next week unfortunately. However, we will be back at starting the first week in 2024 and hope you are ready for more great learning content. 

This year has been a rollercoaster at Kraven. The company was founded, we built a website, and started a newsletter! This allowed us to reach our aim of delivering high value content around cyber threat intelligence, threat hunting, and crafting custom tools. In 2024 we want to continue this effort and expand our content offering. We plan on delivering more content, better content, and even expanding to new platforms like YouTube. Till then happy holidays everyone!

P.S.

I encourage everyone to take a break over Christmas and recharge their batteries. Cyber security is a challenging industry that can wear you down. Taking care of yourself and getting away from the computer occasionally is important. Have a great Christmas!

Back to top arrow

Interesting in Learning More?

Learn the dark arts of red teaming

If you want more of a challenge, take on one of their certification exams and land your next job in cyber:

Learn more cyber security skills

If you’re looking to level up your skills even more, have a go at one of their certifications: