Thoughts, Musings, and Other Items from the Worlds of Infosec, ICS, and Beyond

Willful Ignorance and Misunderstanding of Threat Intelligence

Few arguments are more frustrating to deal with than those which include compelling, accurate observations to plaster over selective examples and willful misrepresentation. Such is the case with a recent video posted by Ralph Langner concerning ICS-specific cyber threat intelligence (CTI). Langner makes some astute observations concerning the industrial threat landscape that are worth repeating and recognizing, but then uses these items in conjunction with selective representation of publicly available observations to push a specific, Read more

By Joe, ago

Trickbot and the Context of Cyber Warfare

TrickBot was in the news quite a bit in early October 2020. Starting with reports of TrickBot disruption in late September 2020 subsequently linked to United States Cyber Command (USCC), events ramped up with an independent coordinated infrastructure take-down organized by Microsoft coming shortly thereafter. There are many avenues of analysis into this event and very interesting questions raised, including items such as election security concerns and public-private coordination (or in this instance, lack thereof). Read more

By Joe, ago

Cyber Threat Intelligence and the Concept of the Political

A common social media refrain in technology circles is the complaint of becoming “too political” – that content producers should focus on technical or professional subjects while avoiding charged, politically-tinged areas. This sentiment has always rung somewhat hollow to me as the concept of the political can be viewed as any public conflict which creates a distinction of “friend” and “enemy”. This concept can be as implicitly violent as a Hegelian dialectic or classically liberal Read more

By Joe, ago

Responsibly Reporting Wretched Ransomware

Note: This post was edited in response to feedback concerning Tyler Technologies and the fundamental claims of the original article. With respect to Tyler, while the company certainly provides extensive support and software products to local governments, a review of the company’s offerings shows nothing specific to election reporting or other functions, at least to the extent indicated by other reporting. Thank you to Kim Zetter, one of the best in the business of information Read more

By Joe, ago

Understanding Uncertainty while Undermining Democracy

Several US government agencies shared a warning on 22 September 2020 with respect to foreign entities using disinformation to sow confusion and discord around the US 2020 election. While evaluating this alert, Thomas Rid highlighted two key passages: and: The central thesis of the document and the two highlighted passages above is that underlying election integrity may be unaltered and safe, but communications about such activity may be modified, obscured, or perverted for malicious purposes. Read more

By Joe, ago

Causality, Culpability, and Critical Infrastructure Resiliency

Media, social feeds, and other sources of news are awash with stories of the “first death linked to ransomware” following an incident in Düsseldorf on 09 September 2020. Since the event, authorities in Nordrhein Westphalen have launched an investigation treating the death as “negligent homicide”. At the time of this writing, I was unable to identify precisely what crimes are under investigation, but the term “negligent homicide” indicates a lower-tier offense (including lack of intentionality) Read more

By Joe, ago

That Crazy Cozy Bear

On 16 July 2020, the United Kingdom’s National Cyber Security Centre (NCSC), with support and contributions from the Canadian Communications Security Establishment (CSE) and the United State’s National Security Agency (NSA), released a report tying recent intrusions in vaccine research organizations (as well as other industries) to Russian-linked adversary APT29. Also known as Cozy Bear, the group is associated with activities ranging from political to economic espionage over the past several years.  Notably, while other Read more

By Joe, ago

CVE-2020-5902 In Perspective

F5 released a patch on 30 June 2020 tied to a doozy of a vulnerability discovered by Positive Technologies. The vulnerability didn’t get much attention until Positive Technology’s blog on the matter was released on 02 July 2020, right before a holiday weekend in the United States. The criticality of the remote code execution (RCE) combined with the significance of the F5 BIG-IP product in many major networks set off a race for an exploit. Read more

By Joe, ago

The Unbearable Frequency of PewPew Maps

I recently made a joke online relative to a major – and very respected, if geopolitically controversial – security company advertising its revised “Cyberthreat Real-Time Map”. As many members of the security community are aware, “threat maps” – referred to derisively as “pewpew” maps – are heavy on eye-candy but very light on use or value. Yet pewpew maps – such as that featured by now-defunct security company Norse (pictured below) – remain prominent in Read more

By Joe, ago

The Call is Coming from Inside the House

2020 has already been a WILD year to say the least – opening with the assassination of Qasem Soleimani, proceeding through multiple ecological crisis, and continuing with a historical pandemic (and all its implications for information security), we live in very interesting times indeed.  And yet, we’ve only just begun! An even greater event lies in our future with all sorts of possibilities for disinformation, disruption, and unrest: the 2020 US Presidential Election. After the Read more

By Joe, ago