Hello there, Mr Bond 👋
Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
It has been a busy week in cyber, especially if you have an X account. Numerous X (formerly Twitter) have been taken over to promote crypto scams by crypto Drainer-as-a-Service gangs. We also discovered just how much North Korea (DPKR) had stolen in crypto attacks last year, a staggering $600M, and learned that Chain had cracked Apple’s AirDrop technology to maintain its strict censorship laws.
However, it is not all doom and gloom. The #100DaysofYara challenge started and saw some truly epic contributions by the security community to raise awareness of the Yara project and empower cyber security professionals to hunt for malware in their environments. Check out the Learning Resources section to learn more.
Top 5 News Stories
Story #1: North Korea Steals $600M in Cryptocurrency in 2023
Threat actors associated with North Korea stole a staggering $600 million worth of cryptocurrency in 2023. Despite a 30% reduction from their previous year’s haul, the DPRK was responsible for almost one-third of all funds stolen in crypto attacks last year.
Cryptocurrency will likely remain a high-value target for DPRK in 2024 to fund government operations. Hopefully, continued investment in security will reduce how much they can steal.
Story #2: X Accounts Are Under Siege
The official Netgear and Hyundai MEA Twitter/X accounts and over 160,000 followers have been recently compromised to promote cryptocurrency wallet drainer malware. This comes just after the official Mandiant account was taken over last week.
It does not look good for X. Accounts are being hijacked, there is a constant stream of malicious ads, and spam bots are becoming unmanageable for individual users. Do companies need to do more to protect their social media accounts, or is the impact on their brand minimal?
Story #3: NIST Warns of AI’s Security and Privacy Risks
The U.S. National Institute of Standards and Technology (NIST) has issued warnings regarding the security and privacy risks associated with the rapid deployment of AI systems. The agency discusses the potential for attackers to manipulate training data, exploit vulnerabilities in AI systems, and exfiltrate sensitive personal information from the data.
NIST concludes there is no “foolproof method” for protecting AI from misdirection, and serious research needs to be done to secure this emerging technology.
Story #4: China Claims It Has Cracked Apple’s AirDrop
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple’s AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. AirDrop is a technology often used in China to get around strict censorship laws because it requires cellular service and uses Bluetooth and a private Wi-Fi network to send images and photos between devices.
It will be interesting to see how Apple responds to this. Will they beef up their AirDrop encryption, will a backroom deal be done with China so they can continue selling their devices, or will this escalate into a geopolitical issue?
Story #5: US Hospitals Must Meet Security Standards for Federal Funding
The U.S. government is set to propose new rules requiring hospitals to meet basic cybersecurity standards to qualify for federal funding. This comes as hospitals and health clinics across the US continue to be menaced by ransomware. Last year 141 hospital facilities were hit by ransomware, up from 25 in 2022.
This seems like a well-intentioned incentive, but implementing security standards is not always easy. Trained cyber security professionals and technology are required. On a limited budget, how are hospitals going to pay for this?
Feature Article
I am excited to share a comprehensive “What Are Intelligence Requirements?” guide for cyber threat intelligence teams!
This article breaks down the key elements, the role, and the process of creating effective intelligence requirements. It dives into the details and equips you with the power to start creating your own intelligence requirements.
Learning Resources
Introducing Yara Toolkit
Yara Toolkit is an online platform dedicated to all things Yara. It is an epic contribution to the cyber security community by Thomas Roccia as part of the #100DaysofYara challenge that is currently happening. The challenge is designed to get people interested, using, and contributing to the Yara malware hunting project. Definitely worth checking out the challenge and this handy tool!
Top Hacking Books of 2024
Check out this interview between David Bombal and the legendary web pentester Jason Haddix. They discuss the best resources to learn penetration testing in 2024 and go over the top books you should invest your time in reading. The list includes both paid and free resources!
Validate Your Detections
Atomic Red Team is an awesome open-source project that lets you test your detections. It supports various detection analytics, can be run on numerous platforms, and the tests are freely available! For example, check out this article on testing your defenses against behaviors commonly associated with SocGholish.
WiFi Hacking
Check out this great video by Network Chuck on how hackers attack WiFi networks. He walks you through attacking WiFi networks on three different levels, from noob to hipster to pro. Definitely worth a watch if you want to learn about WiFi attack techniques!
The No More Ransomware Project
A free decryptor has been released, effectively ending the Babuk Tortilla ransomware. Security experts have shared an updated decryptor for the Babuk ransomware family, offering a solution for victims of the Tortilla variant. This development comes as crooks failed to update encryption after three years, making the job of experts straightforward.
This decryptor was released as part of the Europol-run No More Ransom project. It is an awesome project driven by public and private sector cooperation to combat ransomware. Check it out to learn how ransomware decryptors are built!
Personal Notes
🤔 Content, content, and more content! That is the current focus at Kraven Security as we aim to continue to produce more high-quality content related to cyber threat intelligence (CTI), threat hunting, and custom tooling.
This week, we released another installment of our popular CTI Definition and Key Concepts series discussing intelligence requirements: what they are and how to make good ones. That said, we have put out a lot of theoretical articles recently and are looking to release a few more practical ones in the coming weeks on MITRE’s CTI Blueprints project and malware configuration parsers.
Aside from written content, we also have been investing in audio and visual tools to help us create premium education content to be posted on YouTube! A goal for 2024 is to release video content to suit the needs of our audience better and spread our free learning resources further. Hopefully, it won’t be long till you start seeing some pretty pictures. 🤩