Triaging the Week 006

Triaging the Week

Hello there 👋

Welcome back to the Kraven Security weekly newsletter. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!

Firstly, I hope you enjoyed some time off over Christmas, ate lots of good food, and had a merry time! Numerous 2023 wrap-up articles came out of the break, perhaps the most interesting one being the top 10 AI security stories, given the boom in AI tools we saw this past year. 

The first week of 2024 was packed with news stories. We saw an Australian court get hacked and their court hearings leaked, the Mandiant X account got taken over and replaced with a crypto scam, and after a slew of ransomware reports in December, a New Zealand-based infosec company asked for a total ban on ransomware payments. If anything is guaranteed in 2024, ransomware will grow and someone will try to sell you an AI-empowered security tool!


Top 5 News Stories

News Stories

Story #1: Top 10 AI Security Stories of 2023

2023 was the year of AI, but how did it impact cyber security? Check out the top 10 AI cyber security stories of 2023 in this great roundup by Infosecurity Magazine. From privacy concerns with ChatGPT to scary deepfakes and the looming disinformation threat. Catch up with everything AI and stay ahead of the game!

Infosecurity Magazine

Story #2: Australian Court Exposed in Ransomware Attack

Australia’s Court Services Victoria (CSV) was the victim of a Qilin ransomware that exposed sensitive court readings. The attack was detected on December 21, 2023, and it is believed court hearings as far back as November 1, 2023, have been impacted. Qilin is an emerging ransomware operation that saw increased activity towards the end of 2023.

This attack highlights the vulnerability of the public sector and a growing need to invest in protecting the people’s data. Can we get a “people’s champion” of public sector cyber security?

Bleeping Computer

Story #3: Is a Formal Ban on Ransomware Payments Coming?

After another record-breaking year for digital extortion and the average demand at $1.5 million, Emsisoft has called for a complete ban on ransom payments. The New Zealand-based infosec firm seeks industry and government support to tackle ransomware head-on. They claim a total ban on payment is the only solution to the ransomware problem.

What are your thoughts on banning ransomware payments? Will it help fight back against the ransomware epidemic, or is it a stance many can’t afford to take?

Emsisoft

Story #4: Mandiant X Account Hacked

The X (Twitter) account of Mandiant, a leading cybersecurity firm and Google subsidiary, was compromised today to promote a cryptocurrency scam. The scam changed the X handle, promoted the Phantom crypto wallet, and redirected users to a phishing page. Mandiant regained control of their account and restored it several hours later.

It will be interesting to find out how the attackers got access to the account but may be more interesting to consider the damage a more sophisticated threat actor could have done (rather than just a vanilla crypto scam). 

Bleeping Computer

Story #5: What Are the Threats Paris 2024 Faces?

The Paris 2024 Summer Olympics starts in a few months. The Sekoia team looked at some of the threats this major sporting event faces based on evolving technologies, geopolitical issues, and cybercrime.  If you are curious about what new threats this Summer Olympics faces, read the article!

Sekoia.io


Feature Article

The cyber threat intelligence lifecycle

Analyzing cyber threat intelligence can be hard. You are often overwhelmed with data, drowned in overlapping connections, and unclear where to start or when to finish your analysis. To help guide their analysts through the maze, intelligence organizations across the globe use the intelligence lifecycle.

The intelligence lifecycle is a structured approach to collecting, analyzing, and distributing intelligence. It acts as a template that analysts can follow to produce or consume intelligence. The cyber security industry has adapted this lifecycle to suit its needs by creating the cyber threat intelligence (CTI) lifecycle. 

This article is your essential guide to the CTI lifecycle. You will learn about its six stages, how this model is used in the real world, and how you can get the most out of it. Let’s jump in!

Read Now


Learning Resources

Learning Resources

The Complete Guide on Python for Cyber Security (2024)

Unlocking Python for Cyber Security: Proven Success

Cyber security is a hot topic right now. There are huge data breaches every week, lucrative job opportunities, and a need for skilled professionals. With everyone trying to jump into the industry or move up the ladder, you need something to set yourself apart. Using Python for cyber security can be just that.

Python is a general-purpose programming language that you can use to build cyber security tools, automate repetitive tasks, and even create fully-fledged exploits! It can be used across many different areas of cyber security, from penetration testing to incident response. The best part is that the language is relatively easy to learn and use for beginners.

Let’s explore how you can use Python for cyber security and add a boost to your existing skillset. 

StationX 

Cybersecurity Is Being REVOLUTIONIZED By This Man – The Cyber Mentor

A great interview between The Cyber Mentor (Heath Adams) and Caleb McMurtrey on his popular YouTube show StudioSec. They delve into running a cyber security business, creating a penetration testing certification, and more.

How to Perform Network Penetration Testing in 2024

How to Perform Network Penetration Testing

A network penetration test is one of an organization’s fundamental security assessments. This essential guide will teach you how to perform network penetration testing, the eight key phases involved, and the goals network pentests strive to achieve.

The article focuses on performing an internal or assumed breach test where you have already gained initial access to an organization’s internal network. This is a common assumption in real-world assessments as it allows the testing team to spend more time finding vulnerabilities. No time is wasted trying to gain initial through a phishing email or exploiting a zero-day.

Let’s jump in and discover how to perform network penetration testing.

StationX 

Do you use a SaaS product?

SaaS Security

Look at five ways to reduce the security risks of Software as a Service (SaaS) products and start 2024 on the right track. Reducing risk is always the first step you should take in bolstering your cyber security posture!

The Hacker News


Personal Notes

Personal Notes

🤔 We enjoyed a nice festive break over the holiday season, but we are now back at it and working harder than ever to deliver high-quality content so you can excel at cyber threat intelligence, threat hunting, and building custom tools. 

We have big plans for 2024. We will continue to deliver weekly blog articles, keep our weekly newsletter coming out every Friday, and provide daily updates on the top news stories from the cyber world so you can keep up-to-date with the industry (check out my X or LinkedIn page for these). However, we will also be adding a whole bunch of new things and trying out new initiatives, so keep an eye out for these. The first of these is video content!  

I wish everyone success in 2024. I believe that you can crush this year and achieve your goals. It’s great to have you on the journey with us, and if there is any way we can help you (mentoring, coaching, or just general advice), please reach out. 

Back to top arrow

Interesting in Learning More?

Learn the dark arts of red teaming

If you want more of a challenge, take on one of their certification exams and land your next job in cyber:

Learn more cyber security skills

If you’re looking to level up your skills even more, have a go at one of their certifications: