Stevǝ  

@[email protected]
278 Followers
543 Following
424 Posts
Hacker in corpo #infosec | Purple Team | CTI | Founded DC151 | #TableTopTuesday | Tech | SciFi | Gaming | He/Him
Stevǝ  Oct 15
Buy Google to get a great discount on something not-Google years later…
Stevǝ  Oct 15
Show threadKevin BeaumontOct 15

This thread is almost 1000 days old and getting a resurrection. #Capita have been fined £14m by the ICO over their ransomware incident.

Lots of big details in the fine, including over 1tb of data stolen (as detailed in this Mastodon thread at the time), confirmation of Qakbot and my blog etc.

Their SOC was wildly understaffed. It took attacker 4 hours to get domain admin due to poor security practices. Lots of learnings for large orgs.

Stevǝ  Oct 15
We’ve gone from “If it’s free, you are the product” to “It’s expensive AI which promises a lot and you have to supervise it, train it and fix its mistakes” remarkably quickly
Stevǝ  Oct 14
Kevin BeaumontOct 14

I haven’t had time to do a write up on this yet but I’ve seen three ransomware cases now where the ransomware group deployed Rapid7 Velociraptor - a DFIR tool that no AV or EDR detects - and used it for lateral movement, persistence, data gathering and exfil.

They deployed it on every system and hosted the Velociraptor server (a C2 basically) in Cloudflare.

Recommendation: custom detect Velociraptor deployment and alert on it.

Stevǝ  Oct 12
“There is only one success—to be able to spend your life in your own way.”
Stevǝ  Oct 7
Start of the day
End of the day
Stevǝ  Oct 4
xyla!! 🐀Oct 3
Stevǝ  Sep 30
AI “features” are turning desktop apps into SaaS
Stevǝ  Sep 27
Show threadKevin BeaumontSep 26

If you look at the NCSC UK too, their remit is to help make the UK the safest place to do business..

but if you look at the general output lately, it’s quantum stuff and firewall espionage stuff. They’re good people but it feels too close to GCHQ, and so too far removed from the operational reality on the ground.

Stevǝ  Sep 26
Show threadKevin BeaumontSep 26

Personally I think the UK is going to be one to watch now, as if I was an e-crime threat actor - I’d zero in on the UK.

Orgs have shown they will pay, teens getting in and poor MSPs shows poor security practices, the NCA won’t tell the ICO (data regulator) too around what actually happened, and the government will bail out orgs financially and provide IR help while they recover.

It’s all of the wrong messages being broadcast. Strap in.