Staff Picks for Splunk Security Reading January 2022

Welcome to the Splunk staff picks blog. Each month, Splunk security experts select presentations, white papers, and customer case studies that we feel are worth a read. Check out our monthly staff security picks and our all-time best picks for security books and articles. We hope you enjoy.

John Stoner

@stonerpsu

Cobalt Strike, a Defender’s Guide – Part 2 by The DFIR Report

"Back in our August Staff Picks, I shared the article Cobalt Strike, a Defender’s Guide. This month, we are fortunate to have part two published by The DFIR Report! This article goes into the various communication profiles that can be created in Cobalt Strike, the malleable C2 configuration and different methods that can be used to detect them. This guide addresses domain fronting, JARM, C2 traffic including DNS and SMB and much much more! It is important to point out that while looking for the low hanging fruit of default configs and known configurations of adversaries is a good place to start, it isn’t the finish line. However, the information provided can serve as a starting point to hypothesize and conduct your own hunts. The article does call out some nice signatures to get started with if you are looking to tackle this and there are a number of different techniques to use depending on the technologies you have deployed in your environment!"

Tamara Chacon

@holly1g0lightly

Space Security in 2022: Expect a Hacked Satellite by Vilius Petkauskas

"We are entering a new age of space commercialization, so what does this mean for security? Will 2022 see the first cyberattack on a space system disclosed publicly? The article written by Vilius Petkauskas of Cybernews talks about just this. Petkauskas speaks with some of leading space security experts and insiders about what they see happening in space cyber security for the year 2022. They briefly touch on encryption, software protections, unwanted attention, and critical infrastructure of thousands of satellites currently orbiting the planet."

Haylee Mills

@7thdrxn

Secrets of Successful Security Programs - Part 1 by Phil Venables

"Phil is incredible at alchemizing insight out of his experience and deciphering trends in the industry, and this is just a whole gold mine. Alternates between a mixture of distilling what security has learned in the past 20 years of coming into being, as well as what the past few years is telling us about the immediate future. Excited for part two!"

Audra Streetman

@audrastreetman

Should Insurance Companies Pay Out for Damage Caused by State-Sponsored Cyberattacks? By Josephine Wolff for Slate

“The Superior Court of New Jersey recently ruled in favor of pharmaceutical company Merck in a lawsuit against its insurer, Ace American. The dispute involved $1.4 billion in losses caused by the NotPetya ransomware attack. Ace American denied the claim and a lengthy legal battle ensued. This ruling is significant because it sets a legal precedent for whether a company’s cyber insurance covers the damage caused by state-sponsored attacks. The court ruled that the “hostile or warlike action” exemption clause in Merck’s property policy does not apply to NotPetya. Insurers will likely respond to this ruling by updating the language in their exclusions to include cyberattacks.”