Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
To check out our previous staff security picks, take a peek here. We hope you enjoy.
"ENISA released a wonderful piece of research around the current state of open-source intelligence observed ransomware. I think this whitepaper should be required reading for cybersecurity teams (especially CISOs) who are trying to defend their networks against ransomware. It is chuckfull of useful facts and figures custom-made for reporting to boards of directors for more funding. A perfect example was their finding that “33% of the stolen data includes employee PII and 18.3% includes customer PII,” a figure that will surely strike fear into any CEO’s heart. I also enjoyed how they extended the ransomware lifecycle with frank discussion around the ransom and negotiation phase of the attack. Furthermore, the paper does a great job of breaking down modern ransomware-as-a-service and intrusion brokering as the new normal of these criminals. The only critique is that the paper depends on open-source curated intelligence of ransomware intrusions but it does an admiral job of explaining methods/procedures and I find no fault in the data as they present it!"
Black Hat and DEFCON Roundup by Threatpost
"August was a big month for cybersecurity with both the Black Hat and DEFCON conferences in Las Vegas. One of the alarming hacks was the Zoom MacOS vulnerability discussed by cybersecurity researcher Patrick Wardle. This vulnerability allows a hacker to gain access to the entire macOS operating system. The vulnerability was patched this month, but a workaround to the patch was quickly found. A second patch has been released to address that. Mac users, make sure to update your Zoom software!"
"Maintaining optimism and positivity when confronting a lopsided battle from a weakened position is important. Matt Kapko, the author of this article, accurately points out that when teams celebrate successes and incorporate intentional training and mentoring, they are energized. It's incredibly important to train as a team as well. Testing the tools and communicating while going through exercises will also directly contribute to energy, optimism, and positivity."
"This is an excellent blog about the novel environmental variable DLL Hijacking technique introduced at DEFCON 30 by the impressive @Wietze. I wonder if T1574.007 is going to be renamed, or if we will see a new sub-technique created..."
"This paper by Dr. Kenneth Geers for his talk at DEFCON provides a great overview of publicly-known computer network operations (CNO) related to Russia's invasion of Ukraine. This includes pro-Russia and pro-Ukraine operations along with the work of allies and 'cyber volunteers.' The hacks outlined in this paper vary from DDoS and defacement to spearphishing campaigns and wiper malware. Geers also includes his observations from the war about how network defense has evolved, the importance of allied support, and the opportunities decentralized warfare presents for both attackers and defenders."