Month: June 2021

Cybersecurity Daily News for June 30, 2021

Writing

The latest headlines brought to you Wednesday, June 30th, 2021, include; Cobalt Strike Usage Explodes Among Cybercrooks; HSE secures orders to get details of those who downloaded cyber attack information; and cybersecurity firm, Tesorion, releases Lorenz ransomware decryptor.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for June 29, 2021

Writing

The latest headlines brought to you Tuesday, June 29th, 2021, include; New Nobelium threat actor activity; If You’re Part Of A Data Breach, You Probably Don’t Know It; and Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

(ISC)2 Offering Free Ransomware Training Until July 31, 2021

If you’re a regular visitor to roguesecurity.ca then you’ve probably heard of (ISC)2. (ISC)2 is an international, non-profit organization that provides certifications, networking, and continuing education for security professionals. (ISC)2 is the organisation responsible for some of the most popular certifications in the information security industry including the CISSP (Certified Information Systems Security Professional).

Until July 31st, 2021, (ISC)2 is offering their Ransomware: Identify, Protect, Detect, Recover course completely free to the general public, not just members! Courses available from (ISC)2 are always available for free to members, but is normally a cost of $649 USD / year for complete access to all PDI courses.

Ransomware: Identify, Protect, Detect, Recover is a 2-hour course, with over 40 security expert instructors. Those who successful complete the course are able to claim a 25% discount on future training!

During this 2-hour course, you will learn the major distinctions between ransomware and malware, the key characteristics of ransomware attacks, and the protection strategies and remediation plans for ransomware attacks that should be in place ahead of time.

Ransomware: Identify, Protect, Detect, Recover Course Outline

Cybersecurity Daily News for June 28, 2021

Writing

The latest headlines for Monday, June 28th, 2021, include; a ransomware attack at Maryland WSSC Water; Data breach at yearbook, graduation supplier; and are security teams out of control?

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Indicators of Compromise (IOC) and How Security Professionals use them to defend against threats

If you’ve been in a security field that involves incident response/threat hunting, you’ve probably heard of the term “indicator of compromise” (IOC). In computer forensics, an IOC is an artifact that can be observed on a network or a host that indicates, with a relatively high level of confidence, a computer intrusion.

Not all artifacts from a cyber event will be considered an IOC. Artifacts that are left during an attempted, but perhaps not successful, intrusion are known as precursors. While an IOC can help to identify an intrusion that may have already occurred, a precursor can help to identify when an intrusion may be in the process of occurring.

What Do We Consider An Indicator of Compromise?

Indicators of compromise can range from a simple string to a series of actions performed in a certain order. Here is a comprehensive list of examples of different types of IOCs.

  • IP Address
  • Domain Name
  • URL
  • Website Name
  • File Hash
  • User/Account Name
  • Service and Process Names
  • Registry Key, Path, and Value
  • Directory Path
  • Virus Signature
  • “Strings” within a file
  • DNS txt record abnormalities
  • Files referencing /etc
  • System API Call

While those pieces of data can be easily found using a variety of security tools, there are also a number of behaviours that may indicate an instrusion.

  • Unusual/Unaccounted for outbound traffic
  • Unusual/Unaccounted for traffic between client networks (subnets)
  • Privileged account anomalous usage
  • User account active from anomalous IPs
  • Excessive failed logins
  • Activity from unexpected geographic regions
  • Increased traffic to specific resource
  • Baseline changes in RDBMS activity
  • Change in web browsing requests / request habits
  • Well known port vs. application usage
  • Encryption should be used over normally encrypted ports
  • Unexplainable Registry and File system changes
  • Malformed, overy short, and anomalous DNS requests
  • Patching that didn’t follow the official Change Management schedule
  • Changes to mobile platforms
  • Unexplained file creation
  • Web Browsing spikes and anomalous traffic patterns during irregular times
  • Service changes
  • Anomalous account management activity
  • Anomalous firetransfers
  • Changes to file permissions
  • Changes outside of normal maintenance hours
  • Access to URLs outside of the Alexa Top 1 Million
  • High CPU usage

There are a number of other behaviours that I’m sure you can think of that may also be an indicator of compromise. One of the best sources for techniques that that can be used to build a larger list of behaviours is the Mitre ATT&CK Enterprise Techniques matrix.

How Is This Information Valuable to a Security Professional?

Security monitoring is not a perfect science and relies on security professionals to create, tune, and update the various security tools that are used to detect information security threats, including a tool known as the Security Information and Event Management (SIEM) system. A SIEM is a key tool for Security Operations teams that ingests, manipulates, and displays logs from various services and provides security professionals a perfect tool for investigating security incidents.

Security professionals in the monitoring and detection role can use an indicator of compromise to build alerts and detection content based on real-world events and detections. This is an essential part within any SOC program, and is a proactive approach to cyber defense. Using IOCs in your environment is also a reactive approach to cyber defense, but can help to identify threats in your environment that may have been missed initially. For example:

A security professional will take a list of IOCs related to a recent data breach performed by Darkside, and investigated by FireEye. FireEye, like many security companies, publish intelligence data for use by others.

The security professional will take that list and not only include those IOCs within existing detection content, but they'll also review historical logs for the aforementioned IOCs which can give the security team a limited amount of certainty that the environment wasn't previously impacted by a newly detectable threat.

IOC Standards

IOCs are a type of open source intelligence (OSINT) and are available from many sources in many formats. You may get something as simple as a list of IP Addresses, however, there has been some work over the years to create a standard way of creating, storing, and sharing indicators of compromise.

STIX (Structured Threat Information eXpression)
TAXII (Trusted Automated eXchange of Intelligence Information)

Essentially, both STIX and TAXI offer the same results; they just do it in different ways. STIX uses relationships between objects to build intelligence, while TAXII utilizes collections within a more standard client-server distribution model. Many SIEM tools can ingest both STIX and TAXII feeds for automated intelligence gathering and for updating IOC block lists.

Cybersecurity Daily News for June 27, 2021

Writing

The latest headlines for Sunday, June 27th, 2021, include; Canadians have lost $4.9 billion to ransomware attacks in past year; Crackonosh malware using gamers to mine crypto; Windows 11 to require Microsoft Account for logins.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for June 26, 2021

Writing

In today’s news; Bell Canada notifies customers of data breach; more details on Mercedes-Benz data breach; Mississippi student data leaked in Questar data breach.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for June 25, 2021

Writing

In today’s news; cyber attacks involving Huawei devices in Canada increased after Meng Wanzhou arrest; Mercedes U.S. announces 1,000 customers affected in data breach; and municipalities crippled by ransomware.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Addressing Cybersecurity Skills Gap Through Neurodiversity

Originally posted to Social Media in response to, “Addressing the cybersecurity skills gap through neurodiversity“, posted at TechCrunch.com

You don’t need to tell us the power of being neurodivergent. Did you know that Rogue Security’s owner/operator, Justin Robinson, has Attention Deficit Hyperactivity Disorder (ADHD)?

Given a comfortable and supportive environment, as well as a topic that interests us (Cybersecurity); and what happens is that the behaviours that are frequently called “symptoms” of our disorders, are experienced less often, or even completely flip!

“My inattention becomes hyperfocus, my random thoughts become a brainstorm for the ages, and what you think is procrastination is actually extremely well-tuned mental preparation. And oh boy am I passionate!” ~ Justin Robinson

Given an uncomfortable environment, like anyone, we will be frustrated, depressed, anxious, and even bored! Our needs are simply different, and in some cases may seem unnecessary for an adult. Our comforts are different too, and our discomforts occur more often. Give us a break on that last one, we simultaneously hate change in routine, but love experiencing different things and can become bored when doing the same thing over and over again.

“Neurodiverse minds are usually great at finding the needle in the haystack, the small red flags and minute details that are critical for hunting down and analyzing potential threats. Other strengths include pattern recognition, thinking outside the box, attention to detail, a keen sense of focus, methodical thinking and integrity.” ~ Referenced from article

Rogue Security Social Media Posting

Cybersecurity Daily News for June 24, 2021

Writing

In today’s news; nearly 100% of companies experienced a cloud data breach in past 18-months; TidalHealth/BayHealth data breach; and Conti ransomware leaks police files taken during Tulsa ransomware event. DreamHost mistake leads to 815-million website owner records.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily news articles produced by Rogue Security Intelligence Services from a number of sources around the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up