January 15, 2023

TSD #024: LockBit Strikes Again.

Hello friend 👋

Quite a week in the threat landscape with a number of significant IT and cyber events making the headlines.

📮 LockBit hits the Royal Mail

One of the UK's mail delivery services, the Royal Mail, was hit with the LockBit ransomware. LockBit is a seemingly unstoppable ransomware affiliate program. Threat actors using the rentable tool compromise the network, steal data, encrypt the network, and then upload the data to the LockBit website. If you pay up (usually millions of dollars in Bitcoin) they don't publish your sensitive files and send you the decryption keys. This will be a unique opportunity for the Royal Mail to test its ransomware playbook. Not something I'd like to be testing myself! Read more.

📃 President Biden's poor document handling

I've been guilty of it, talking about cyber security when I really mean information security. Information security covers physical documents, whereas cyber doesn't. One of the things you learn in Intelligence school is how to handle 'protected documents'. From Unclassified ones, all the way up to Top Secret and beyond. There are strict sign-in, sign-out, retention rules and destruction policies to follow. However, they don't seem to be followed well by senior people. Multiple sets of classified documents have been found dating back to the Obama administration in offices that Biden used during the time. Trump is also being confronted over more than one hundred documents that were illegally held by him. It's a messy business. Printers. Weren't we supposed to be in a post-printer world by now? Read more.

✈️ All USA flights grounded

This one wasn't a hack, but an IT 'glitch'. A corrupted database to be precise. Either way, it grounded every single flight in the USA! The cause? A key system used to notify pilots and ground staff of hazards suffered a major failure on Tuesday night. The fault lay with the NOTAM (Notice to Air Missions) system, which keeps pilots and other airport staff updated about aviation hazards and airport facilities. Here's a quote from a senior official who briefed ABC News:

"An engineer replaced one file with another without realising the mistake."

I'm sure there will be a lot of lessons learned about 'pushing to production' from this incident. Read more.

You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.

Until next week,

Gary ✌️

Fun Things This Week

🎙My Latest Article

Cyber Threat Intelligence: I've been in the Intelligence game for quite a while now. Cyber Threat Intelligence (CTI) is about intel within cyberspace. If you think cyber security is all about anti-virus and SOCs, think again. ​Read on my website

👾 Cool Tools

PowerHuntShares is designed to inventory, analyse, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. It is intended to help IAM and other blue teams gain a better understanding of their SMB Share attack surface.

TerraLdr is a payload loader designed with advanced evasion features that has been tested with Cobalt Strike & Havoc on Windows 10 builds. It boasts stealthy process injection and payload encryption.

If you've written a tool and you'd like me to see it, just drop me an email!

Whenever you’re ready, there are a few ways I can help you:

1. If you'd like to learn how to create content to raise your online profile, I have a free email crash course and a whole series of video workshops.

2. If you want to land a career in cyber security but don't know where to start, your best bet is through my SWITCHFIRE guide.

3. If you'd like to promote yourself or your business and help keep this newsletter free to its readers, you can sponsor it by dropping me an email.

More Articles
Subscribe to The Sunday Download

Receive weekly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.