A big thank you to our sponsors who keep this newsletter free to the reader:
This week's edition is brought to you by CultureAI. CultureAI goes beyond traditional security awareness to help companies monitor and respond to every human cyber risk and behaviour. With automated attack simulations and coaching programmes, CultureAI easily connects your workplace apps to spot risky employee security behaviours as and when they happen.
Hello friend 👋
This week has been like the Wild West! Companies and people getting pwned left, right and centre. By the way, pwned, that's not a typo.
Pwn is a 'leetspeak' slang term derived from the verb own, meaning to appropriate or to conquer to gain ownership.
On Friday, the City of London Police tweeted that they had arrested a teenager in Oxfordshire in connection with recent hacking activities. Here is the official tweet:
The NCA is the National Crime Agency, the UK's version of the FBI, and the NCCU the National Cyber Crime Unit, is the cyber component within the NCA. No details were given, other than 'Oxfordshire' and 17-year old. For those of you who aren't familiar with the UK, Oxfordshire is a region to the west of London. Known for the beautiful city of Oxford.
When I read that, my Spider-sense tingled. Because that's the same place police arrested teenagers from the Lapsus$ hacking group earlier this year.
- Teenagers ✅
- Oxfordshire ✅
We'll learn more in the coming days, but at this stage, I'd be surprised if there is no connection between these arrests and Lapsus$. Maybe Oxfordshire is the place to be for blackhat hackers. Coffee shops, beautiful buildings, and the heart of global cyber crime!?
Lapsus$ are a relatively new group behind hacks at Microsoft, Samsung, Okta, T-Mobile, Nvidia and seemingly, the recent hacks at Uber and Grand Theft Auto developer, Rockstar Games. They're skilled social engineers and use techniques like MFA Bombing. If you don't know what that is, Wired did a great write-up on the rise of the technique here. In last week's newsletter, we discussed the latest attacks against 2FA/MFA. If you're new to the newsletter you can read that here.
You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.
Until next week,
Fun Things This Week
📽 My New Video
The HACKER'S Text Editor: Being skilled behind a keyboard is the goal. You'll never achieve that if you don't know how to use Vim.
Thursday's edition of CyberWire Daily covered some great topics. Including how GRU (Russian government) operators are masquerading as Ukrainian telecommunications providers. Another video game maker, 2K Games, is compromised to spread malware. How Noberus may be a successor to Darkside and BlackMatter ransomware. And Rob Lee from Dragos explains Crown Jewel analysis. A great episode!
I have a load of devices that take batteries. I also have a kid which means even more devices that take batteries. I bought a slick case from Amazon to store them in and keep them away from little hands (Dad-mode activated!), but the real game changer lately was investing in an amazing charger/battery combo. You might have seen it online, it's called the Panasonic Eneloop Pro and it's a game changer. Super fast. Slim. Simple. And the batteries that go along with it are superb. If you want to reduce your environmental footprint in the battery-world, I'd recommend giving this a look over!
👾 Cool Tools
- Chainsaw Hunt Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within forensic artefacts (Event Logs, MFTs).
- OSripper is a fully undetectable backdoor generator and crypter which specialises in macOS M1 chip malware.
- CATS is a REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort.
P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️