Hello there 👋
Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top 5 News Stories
AI-Driven Ransomware FunkSec Targets 85 Victims with Double Extortion
FunkSec, an emergent AI-assisted ransomware group, has rapidly escalated its attacks, claiming over 85 victims with a novel approach of low ransom demands and data sales. This group blends cybercrime with hacktivist ideologies, using AI to refine their malware operations.
Key takeaways:
🧠 AI Assistance: FunkSec employs artificial intelligence to enhance its ransomware operations, allowing for rapid tool development and adaptation.
🔒 Double Extortion: The group not only encrypts data but also steals it, using this as leverage for ransom, which can be as low as $10,000.
🌍 Global Impact: With victims in countries like the U.S., India, Italy, and more, FunkSec has shown significant reach and impact across continents.
📂 Data Leak Site: FunkSec uses a Tor-based site to publicize breaches, including tools for DDoS attacks, indicating their involvement in broader cyber activities.
🧑💻 Hacktivism Blend: There are signs of hacktivist motives intertwined with their criminal activities, complicating the group’s profile and motivations.
🎯 Threat Hunting Package: https://buff.ly/40uC1OP
Microsoft Discovers macOS Bug Allowing Malicious Kernel Driver Installation
Microsoft has uncovered a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. This flaw, which could lead to undetectable malware and unauthorized system access, has been patched by Apple in recent updates.
Key takeaways:
🔧 SIP Bypass: The bug enables attackers to circumvent macOS’s System Integrity Protection, allowing the installation of persistent malware with root access.
🛡️ Security Risks: Malicious kernel drivers can replace TCC databases, granting access to private user data and operating undetected by security software.
🍎 Apple’s Response: Apple has addressed this vulnerability in macOS Monterey 12.0.1, Big Sur 11.6.1, and security updates for Catalina.
🔍 Discovery: Microsoft’s security researchers found the flaw, which was part of a series of similar vulnerabilities in macOS’s security mechanisms over the years.
📅 Updates: Users are urged to update their macOS systems to the latest security patches to mitigate this threat.
Ransomware Exploits AWS Feature to Encrypt S3 Buckets
Ransomware attackers are now abusing AWS’s Server-Side Encryption with Customer-Provided Keys (SSE-C) to lock down data in S3 buckets. This sophisticated attack method encrypts data, making recovery impossible without the ransom payment, as only the attackers control the encryption keys.
Key takeaways:
🔐 Exploited Feature: Attackers use AWS’s SSE-C feature, where encryption keys are provided by the customer, to encrypt data in S3 buckets.
💻 Ransomware Strategy: By holding the encryption keys, attackers ensure that data can’t be accessed or decrypted without paying the ransom.
🚨 Threat Level: This approach, dubbed by some as the “Codefinger” method, significantly increases the difficulty and cost of data recovery for victims.
🕵️♂️ Investigations: Security firms like Halcyon have noted this trend, highlighting the need for enhanced security measures in cloud environments.
🔍 Monitoring: AWS users are advised to closely monitor S3 bucket activities and encryption settings to detect and respond to such threats quickly.
Hackers Use FastHTTP for High-Speed Microsoft 365 Password Attacks
Hackers are employing the FastHTTP Go library to launch high-speed password spray attacks against Microsoft 365, evading rate limits through concurrent requests. This method has achieved a success rate of 9.7% in targeting enterprise accounts.
Key takeaways:
🏃♂️ Speed Advantage: The use of FastHTTP allows for rapid password attempts, bypassing traditional rate-limiting defenses.
🔒 Password Spray: Attackers use this technique to try common passwords across a large number of accounts, increasing the likelihood of success.
📈 Success Rate: With a 9.7% success rate, the attack has proven effective against Microsoft 365 enterprise accounts.
🌐 Global Impact: This attack vector is seen targeting Microsoft 365 users worldwide, highlighting the need for enhanced security measures.
🛡️ Security Recommendations: Microsoft 365 administrators are urged to implement multi-factor authentication (MFA) and monitor for unusual login activity.
🎯 Threat Hunting Package: https://buff.ly/4gT2Im1
OAuth Flaw Enables Access to Abandoned Accounts
A flaw in Google’s OAuth system allows attackers to gain unauthorized access to accounts tied to abandoned domains. By purchasing these defunct domains, attackers can recreate accounts and access services where the original accounts were linked.
Key takeaways:
🔐 OAuth Vulnerability: Google’s OAuth login system has a flaw where domain ownership is used for authentication, allowing access if the domain is repurchased.
🔗 Service Access: Attackers can use this to log into SaaS platforms like Slack, Notion, and Zoom where the abandoned accounts were previously linked.
🚨 Millions At Risk: Given the number of startups that fail, millions of potentially compromised accounts exist if their domains are not securely managed post-shutdown.
🕵️♂️ Exploitation: The issue stems from using domain claims rather than unique user identifiers, enabling access when domain ownership changes hands.
🛡️ Mitigation: Google is revisiting this issue, but service providers are also encouraged to implement stricter account provisioning methods.
Top Tips of the Week
Threat Intelligence
- Collaborate with industry ISACs for sector-specific CTI. Contribute and benefit from collective defense efforts.
- Use CTI to assess and mitigate risks associated with emerging technologies. Stay ahead of potential threats in evolving tech landscapes.
- Monitor emerging threats through CTI. Stay ahead by adapting defenses to new tactics and techniques.
- Collaborate with CTI vendors for specialized expertise. Leverage external partnerships to enhance threat intelligence capabilities.
Threat Hunting
- Simulate real-world attacks through red teaming exercises. Identify vulnerabilities and enhance cyber threat hunting capabilities.
- Implement threat intelligence in incident response. Proactive measures are as crucial as swift and effective responses.
Custom Tooling
- Collaborate with compliance teams for custom tool development. Ensure that tools align with regulatory requirements and industry standards.
Feature Video
The Analysis of Competing Hypotheses (ACH) is a structured analytical technique that empowers you to make robust decisions through logical reasoning and critical evaluation. It thoroughly compares and contrasts multiple hypotheses to generate a complete
explanation informed by the available evidence. It is a must-learn technique if you want to become a cyber threat intelligence analyst or improve your intelligence analysis skills, and this guide will teach you everything you need to know.
Learning Resources
13 Unsettling Tech Trends for 2025
It was CES this week and we were greeted with amazing technology from mind-boggling AI tech to unbelievable robotics. But where is it all going in 2025?
This entertaining video from Fireship explores transformative technological trends anticipated in 2025 and the ethical dilemmas, economic shifts, and potential threats they represent.
If you’re in tech, don’t miss this eye-opening exploration of where we might be heading!
Want to Create Cyber Security Content?
I preach that if you want to get ahead in your career and grow your skillset… produce content!
One way you can do this is by creating videos that demonstrate your technical skills while helping others learn. Starting your video editing journey can feel daunting, but this video offers a clear roadmap to master the craft. It takes you from the basics to organizing your work and creating effective habits to become an efficient editor.
If you’re new to video editing or want to get started creating cyber security videos, watch now!
Are You Using Automation?
Automation is king! Learn how you can master automation using make.com in this practical guide.
See how you can leverage this powerful platform tool to save time and enhance your productivity by creating scenarios for everything from lead generation to recruitment.
These workflows demonstrate how simple automations can eliminate repetitive tasks, allowing businesses to focus on growth and innovation or individuals to get more done in their day.
Simple Tips for Mastering Notion
I am a big fan of Notion. I use it to organize my work, streamline my workflow with automations, and maintain my knowledge base.
Notion can be overwhelming at first, but this video highlights 8 practical tips to streamline your workflow by leveraging dynamic buttons, synced blocks, and even Notion AI. These simple adjustments can significantly improve efficiency and help you stay on top of tasks.
If you use Notion, or looking for an organization tool, check out this video!
