
Colin Bastable
CEO /*=$expert->feature_status*/ ?>
Lucy Security
Comments Dotted :
36
December 14, 2020
People in the UK are going to get more than their lunchtime “sarnie”* delivered.
This is an elaborate attack. People in the UK are going to get more than their lunchtime “sarnie”* delivered.
It's another reminder that security awareness training, with macro downloads and ransomware simulations, can considerably reduce the risk of social engineering attacks.
To stay one step ahead, security teams should also look to war-game ransomware attacks, i.e. test what happens if an employee falls for an attack like the Subway one. By running "what-if" scenarios, where.....Read More

December 03, 2020
The good news is that with investment and training, employees can become your strongest defense.
Unfortunately, scammers are drawn to the money trail with no regard for ethics, so this means non-profits are also vulnerable to attack. The Philabundance attack checks all the boxes of a successful BEC scam: in-depth research to identify the target, social engineering exploits to penetrate the network, creation of a fake invoice from a known email address, and the request to wire funds to a (phony) bank account.
BEC scams cleverly play on two glaring human vulnerabilities: an.....Read More

November 11, 2020
The emails themselves are ludicrous, of course, but unfortunately someone is going to fall for them.
To make this scam even more credible, it coincides with the IRS sending out real written demands for outstanding taxes. Tax reporting --and therefore tax payment -- season was pushed back six months, with taxes due October 15th. That sets an “impending event” in place – pay up by November 15th. The scammers know this, just as CPAs know it.
The IRS is a fearsome beast to contend with, so the scammers get to leverage the trepidation that Americans feel when they receive an email that\'s .....Read More

July 16, 2020
The wider question is: what else has been accessed? Is there more info to be released, like DMs?
It appears to be a highly targeted attack on a Golden Key Holder – a highly authorized Admin with access to the Twitter Authenticated “Blue Check Mark” users via the User Admin console.
Many of these Twitter accounts use third-party solutions to manage, schedule and push out tweets – we believe that a spoof email pretending to be from one of these third parties could have been used to spearphish the Admin, or perhaps that Admin opened a spoof internal Twitter email with a payload.....Read More

July 13, 2020
One tends to associate this type of activity with the FBI, which is, of course, part of the Dept.
This move makes sense. We do, however, have a lot of duplication of tasks among the various arms of America’s intelligence community. One tends to associate this type of activity with the FBI, which is, of course, part of the Dept. of Justice. With the US Secret Service being part of Homeland Security, perhaps this is part of a re-alignment of responsibilities.

July 07, 2020
ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up.
ElasticSearch databases are probably the primary sources of data leaks, because of misconfigurations when set up. For example, the front end UI is often secured with authentication, but admins forget that the default port 9200 is also visible and accessible online, meaning that unprotected ElasticSearch databases can leak data via the backdoor. Having built the database, the developers probably forgot all about patching it, focusing on the front end’s ease-of-use to drive user engagement and.....Read More

June 23, 2020
The Feds have been living off their reputation and believing their own propaganda for far too long now.
At the heart of cyber-risk is convenience – making it easy to upload files and build a website has also enabled the hackers to score a spectacular win against US law enforcement.
The Netsential website is barebones right now, but checking out the Wayback Machine for the Netsential website shows a consistent typo: “Netsential builds sites with as much or as customer involvement that is desired.” For me that would be a red flag – a sign that I should take a closer look at the company,.....Read More

June 10, 2020
The University of Toronto’s Citizen Lab’s report reads like a movie script.
The University of Toronto’s Citizen Lab’s report reads like a movie script. Half the time I’m thinking that the bad guys left so many trails that it must be an exercise in misdirection. Only State actors could pull something like this together. The quality of the phishing site landing pages is excellent, and the English grammar is very good - too good, unless you were running a very professional well-financed and targeted operation. The subdomains are also well designed, especially for.....Read More

June 09, 2020
Treat people as part of a holistic defense strategy.
The fact that “ a compromised Administrator account” was the entry point for the Maze ransomware breach will be lost on most people. The truth is that hackers breached VT SAA’s defenses by bypassing their Maginot Line, or, perhaps more appropriately for the shareholders of ST Aerospace - the guns were pointing the wrong way.
In other words, the hackers succeeded by going around VT’s cyber defense, probably by phishing the human owner of the Admin account. The enemy is waging the war.....Read More

May 29, 2020
The hackers have learned how valuable that approach can be in aid of their extortion.
More and more, we see that ransomware is not a technology issue per se. This is about human behavior. Exerting pressure, exploiting human weaknesses. Applying psychology to gain advantage. We have learned how the FBI leaked the dossier story, to create news, establish momentum and pressure Trump. The hackers have learned how valuable that approach can be in aid of their extortion.
When you are in a knife fight, bring a gun! CISOs and their security teams keep turning up with penknives......Read More
