The Normalization of the Unacceptable

On 04 June 2024, multiple hospitals in London declared a “critical incident” following a ransomware incident targeting a pathology services company called Synnovis. The incident resulted in multiple medical practices, including major hospitals, being unable to perform tasks such as blood transfusions or rapid testing of blood samples. Cascading impacts of Read more…

Attaining Focus: Evaluating Vulnerabilities In The Current Threat Environment

Information security space observers may have encountered a phrase born out of both frustration and levity in 2023: “Hot Zero Day Summer.” While nearly two months remain as of this writing for Summer 2023, anecdotal evidence suggests that adversaries increasingly leverage vulnerabilities in external-facing applications and appliances to drive intrusions. Certainly, other Read more…

Detailing Daily Domain Hunting

Updated 23 Nov 1355 MST: Added some additional observations related to logon spoofing infrastructure. Domain “hunting” is a process of identifying new (or at least, newly identified) network infrastructure associated with threat actors of interest. Such a process does not start in a void, but rather requires understanding tendencies and Read more…

Industroyer2 in Perspective

Background On 12 April 2022, the Ukrainian CERT and ESET disclosed the existence of Industroyer2, a successor to the malware targeting Ukrainian electric distribution and transmission operations in 2016. Industroyer2 arrived after multiple disruptive cyber incidents of varying degrees of success surrounding Russia’s brutal invasion of Ukraine, as presented in Read more…

Diving Deeper Into Vulnerabilities

While the end of 2020 was dominated by Nobelium’s supply chain intrusions, 2021 closes with continued worry and response over vulnerabilities in the widely-deployed Log4j library. Starting in earnest on 10 December 2021 with public disclosure of CVE-2021-44228, information security practitioners and security program managers have subsequently dealt with a Read more…

Unpacking Vexing Vulnerabilities

On 13 September 2021, researchers from Citizen Lab  disclosed FORCEDENTRY: a zero-click vulnerability impacting pretty much all Apple operating systems based on a flaw in the CoreGraphics rendering application. As a zero-click (i.e., requiring no user interaction) vulnerability, FORCEDENTRY represents a deeply concerning technical problem. Yet based on Citizen Lab’s Read more…

Mind the (Air) Gap

Following the ransomware incident impacting Colonial Pipeline operations in May 2021, many parties asked how such a disruption, impacting one of the main arteries delivering refined petroleum products to the Eastern and Southeastern United States, could occur. Based on information available, the intrusion did not directly impact Industrial Control Systems Read more…

Understanding or Publicizing the Adversary?

In April 2021 the Babuk ransomware gang, already a concerning entity, gained additional notoriety for compromising the Washington, DC police department. As part of this incident, the criminals threatened to release confidential files relating to police operations to spur payment. The group in question earlier gained attention for the combination Read more…