A recently discovered vulnerability in Microsoft’s Netlogon authentication protocol (CVE-2020-1472) allows attackers to establish a vulnerable Netlogon secure channel connection to a domain controller. If an attacker successfully exploits this vulnerability, they can run specially crafted applications on the device and assume full administrative privileges.
Read More
This blog looks at how the MITRE ATT&CK matrix can be used to complement the work of your incident response team in the Security Operations Centre (SOC). It explores how it can help incident responders structure and streamline their investigations. You can read earlier MITRE ATT&CK posts here, here and here.
Read More
The perfect cyber security storm that COVID-19 created has ushered in new cyber security operating models for many businesses. Many organisations are now switching focus from network security risk to endpoint security as a result of the move to working from home.
Read More
Cyber security teams use threat modelling to represent sets of adversary tactics and techniques that may be used to a compromise their computer systems. These threat models contain representations of the ICT systems, networks and applications, combined with techniques used to exploit each component, from initial access through to exfiltration (or for achieving an alternative malicious goal, such as denial of service). This blog looks at how Security Operations Centre (SOC) teams use threat models to create use cases and how modelling specific sectors using the MITRE ATT&CK framework helps categorise threats and map controls, thus giving the SOC the insight needed to better defend the business.
Read More
The MITRE ATT&CK Framework of tactics and techniques used by attackers to probe and compromise systems is attracting a lot of attention. We’ve covered it in several blogs posts here, here and here. But is it just a framework for enterprises to manage their own low-level “root and branch” technical security? Or can it be used by MSSPs who might not be involved in that more user and workstation-centric end of cyber security monitoring?
Read More
There’s a lot of discussion about Australian cyber security right now, AustCyber has just released the Australian Digital Trust Report 2020, the Australian Cyber Security Industry Advisory Panel report will shortly hand down its recommendations to Government. This will be followed, very shortly, by the release of the much-anticipated Australian Cyber Security Strategy 2020. For the vast majority of Australian companies, all they want to know is what does this mean for me, and how can I measure and improve my cyber resilience?
Read More
The MITRE ATT&CK framework is a resource that security operations centre (SOC) teams can use to refine their detection rules against known attack profiles. Using ATT&CK allows them to build specific targeted defences against advanced persistent threats (APTs) that are tuned to their organisation’s context, while covering a broad range of different tactics, techniques and procedures (TTPs) used by sophisticated adversaries.
Read More
Organisations introducing threat hunting into their operational security team’s remit will encourage a proactive approach to detecting and responding to sophisticated cyber threats. Threat hunting demands disciplined and focused effort using threat intelligence to inform the investigation team on what to examine. Incorporating the MITRE ATTACK Framework into your organisation’s threat hunting model is the best way to determine which tactics, techniques and procedures (TTPs) to search for across your environment.
Read More
As cyber risks now get discussed at all levels, there is a need for businesses to understand the scale of cyber threats and the performance of their security operations functions. This is much like any other strand of the organisational activity. Sales has its sales figures and growth; HR has its churn rates and numbers of vacancies; and Quality Assurance has its failure or return rates. Cyber security metrics are also important.
The Australian Cyber Security Centre (ACSC) has created several publications aimed at helping critical infrastructure providers protect ICT systems from the escalating threat of nation state cyber-attack. The Australian Government has recently stated that organisations in both the public and private sectors are continually being targeted by adversarial nation states, and ACSC’s incident response activities over the past years show that water and power distribution networks, transport and communications grids are all at risk. The Australian Energy Market Operator (AEMO) has taken ACSC’s guidance and developed its own set of standards for uplifting the Australian energy sector, helping entities to become more cyber resilient. In this blog post we look at AEMO’s guidelines and how they relate to both IT and OT security.
Read More