Triaging the Week 008

Triaging the Week

Hello there 👋

Welcome back to the Kraven Security weekly newsletter. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!

This week we saw defenders fighting back against malware. GrapheneOS, the popular security-focused Android-based OS, discussed mitigations they will add to combat firmware exploits, while security researchers released lightweight scripts to detect infamous iOS spyware. 

We also saw ransomware making the headlines again with an attack on a Calvià, a popular European holiday destination and historic town on the Spanish island of Majorca. To defend against this ongoing threat, I recommend reading Cyberint’s 2023 Ransomware Report. It details the top targeted industries and countries while forecasting what we will likely see in 2024. 

Let’s jump in!


Top 5 News Stories

News Stories

Story #1: GrapheneOS Plans to Use Frequent Auto-Reboots to Block Firmware Exploits

The privacy and security-focused Android-based OS, GrapheneOS, plans to tackle firmware exploits by introducing frequent Android auto-reboots. This feature is designed to make exploiting firmware flaws more difficult by consistently re-engaging security mechanisms that an attacker may have disabled.

This feature will protect from illegal data recovery or mobile threats that do not have effective persistence mechanisms. However, constantly having your phone reboot may negatively affect the user experience. Is it worth trading experience user for security?

Bleeping Computer

Story #2: The Top 3 New Ransomware Gangs to Watch Out for in 2024

Ransomware victims increased by 55.5% last year as gangs continued to evolve their tactics, techniques, and procedures (TTPs) and attack a wider range of targets. We also saw new players in the industry, like 3AM, Rhysida, and The Akira Group, who brought new TTPs and challenged the dominant groups like LockBit 3.0, Cl0p, and AlphV.

Read Cyberint’s 2023 Ransomware Report for the top targeted industries and countries, a breakdown of the top 3 ransomware groups, ransomware families worth noting, newcomers to the industry, notable 2023 campaigns, and 2024 forecasts.

The Hacker News

Story #3: Discover How MacOS Malware Evades XProtect Detection

Info-stealing malware is rapidly evolving to evade XProtect detection on MacOS devices. XProtect is the built-in anti-malware system on MacOS that works in the background to scan downloaded files and apps for known malware signatures. Despite Apple constantly updating the tool’s malware database, malware authors have been able to bypass it almost instantly! 

This article dives into some of the ways malware authors can bypass XProtect by looking at KeySteal, Atomics, and CherryPie malware. 

SentinelOne

Story #4: Ransomware Attack Extorts Majorca City Calvià for $11M

The latest high-profile victim of ransomware is Calvià City Council, a popular European holiday destination and historic town on the Spanish island of Majorca. This attack resulted in an $11M extortion and disrupted crucial municipal services. 

This is another example of ransomware targeting an ill-equipped public service that lacks the people, processes, or technology to combat the rising threat ransomware poses to anyone operating online. The repercussions of this attack would have been more severe if it had taken place during peak tourism season. Perhaps something we will see this summer.

Majorca Daily Bulletin

Story #5: Detect iOS Spyware on Your iPhone Using iShutdown Scripts

Security researchers at Kaspersky have found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log. This system log file stores reboot events and tracks the time a process needs to terminate and their identifier (PID). Using this log file, it is possible to identify malware infections. 

The researchers have released three Python scripts that can help automate the process of analyzing the Shutdown.log file and recognize potential signs of malware infection. Definitely worth a look if you are doing any mobile forensics work.

Securelist


Top Tips of the Week

Threat Intelligence

  • Collaborate with industry-ISACs. Contribute to and benefit from shared threat intelligence in your specific sector.
  • Embrace a threat-centric mindset. Infuse threat intelligence into your organization’s DNA for a proactive cybersecurity culture.
  • Foster a culture of accountability in CTI. Ensure that insights lead to concrete actions and improvements.

Threat Hunting

  • Focus on continuous improvement. Regularly assess and enhance your threat hunting processes for optimal effectiveness.
  • Foster a culture of collaboration in cyber threat hunting. Engage with internal and external teams to share insights and enhance collective defense. 

Custom Tooling

  • Create custom tools with a focus on user empowerment. Provide users with features and capabilities that enhance their cybersecurity efforts.
  • Implement regular code reviews for custom tools. Gain insights, identify improvements, and ensure code quality.

Feature Article

The Indicator Lifecycle

Learn about the Indicator Lifecycle and how to maximize its potential in your cyber threat intelligence work. 

Indicators are vital, and using them effectively is key – that’s why I’m thrilled to introduce you to this insightful blog post. Discover what indicators are, how to utilize them, and their role in threat intelligence. Plus, you’ll get a comprehensive guide to the indicator lifecycle and a case study to practice with. This is a must-read for anyone in the cyber security field!

Read Now


Learning Resources

Learning Resources

Discover the Power of the Linux Find Command

A great video from Tom Hudson (aka TomNomNom) on the Linux Find command. He beautifully explains the basics and then showcases how to use this command in your daily work.  Mastering these will improve your cyber security skills regardless of whether you are defending or attacking systems!

How to Use AI for Social Engineering Hacking (2024 Guide)

This guide will teach you how to use AI for social engineering. You will learn how this revolutionary technology can transform your old and stale phishing emails into comprehensive social engineering engagements that can convince even the most security-conscious targets. All with minimal effort or time on your part!

Social engineering tests the human element of security. You build an emotive pretext, deliver it to an unsuspecting victim, and trick them into doing your bidding. AI has propelled social engineering to new heights. It makes building complex social engineering campaigns easier, faster, and more effective with its ability to generate text, media, and voice that mimics a real human.

Let’s jump in and learn how to use AI to enhance our social engineering campaigns!

StationX

Top 10 Hacking Tools of 2024

Check out this awesome discussion between David Bombal and Occupy the Web on the top 10 hacking tools for 2024. They take a deep dive into the tools you should learn to enter the industry and demo each one.

Qubes OS – The world’s most secure Operating System

Check out this great video by Network Chuck on why Qubes OS is dubbed the world’s most secure operating system. This practical demo walks you through installation, its security features, and everyday use cases. I will try this out for my daily work investigating malware and suspicious domains!


Personal Notes

Personal Notes

🤔 This week has been focused on email marketing at Kraven. We have been busy assessing how to deliver high-quality, personalized content to our customers and have settled on the email marketing software Mailer Lite. This software allows us to tailor our communications with customers to deliver learning resources from which you will benefit. No more vague emails that waste your time.

The team has also been busy exploring threat intelligence and threat-hunting tools. One is a revolutionary new CTI reporting project from MITRE Engenuity’s Center for Threat-Informed Defense called CTI Blueprint. Find out more about this project and how it can benefit you in an upcoming blog post. 

At Kraven, we are always looking for new tools to evaluate, build content around, and give our insights on how they could help you. Please reach out if you have any tools you would like us to look at!

Back to top arrow

Interesting in Learning More?

Learn the dark arts of red teaming

If you want more of a challenge, take on one of their certification exams and land your next job in cyber:

Learn more cyber security skills

If you’re looking to level up your skills even more, have a go at one of their certifications: