Category: Breach

Breach

Following a Kill Chain – Defending against Babuk group’s…

Washington Police Department Pwn3d by Ransomware Group Babuk

So it’s all over the news outlets, a police department (Washington DC PD) has been hit by a ransomware syndicate, Babuk. So firstly, let’s be realistic everyone can get pwn3d and at this time our thoughts go out to those affected and to the teams working the response. Being hit by ransomware is NOT fun and not something we would wish upon anyone. That being said this isn’t an ambulance chase, what I want to do hear is look at the TTPs from Babuk in a bit more detail so hopefully we can help inform and educate people so they can strengthen their security postures.

References

https://news.sky.com/story/russian-hackers-target-washington-dc-police-department-in-apparent-ransomware-attack-12288183

https://www.theregister.com/2021/04/27/washington_dc_police_ransomware/ Read more “Following a Kill Chain – Defending against Babuk group’s TTPs”

Breach

ProxyLogon – A god mode backdoor even when used…

Imagine

Imagine being able to read emails from any mailbox from a corporation! But everyone uses office 365… don’t they? Well ok even if that was the case (It’s not) then the RCE would come into play. An RCE into system level access to Exchange which is so heavily tied to active directory they are almost joined at the hip) is a killer foothold. However, you pain the scenarios they aren’t good!

All knowing and all powerful

Imagine if you could read everyone’s email! What could you do with this?

  • Steal IP
  • Steal data
  • Steal credentials
  • Extort, blackmail and bribe

The SSRF vulnerability enabling a threat actor to gain unauthenticated read access to mailboxes would be a killer tool for both nation state spies and criminals alike. Read more “ProxyLogon – A god mode backdoor even when used with READ only”

Breach

Extortion and Ransomware – A lethal Combination

A Brief History of Ransomware

Ransomware is not that new, I remember back during the msblaster incident I said to a friend, it is a good job whoever wrote this worm was not evil because they would have simply encrypted or deleted all the data post infection. Hell, I can barely remember when that was, I think it was late 2003. Ransomware has been around since the 1980s but not quite in its modern form (it started with the AIDS malware scam). Fast forward to the mid 2000’s and criminals were using encryption but that wasn’t a norm and things only really started to take a bad turn around 2012/2013 with Cryptolocker. The next major global events were WannaCry, NotPetya and Badrabbit. Read more “Extortion and Ransomware – A lethal Combination”

Breach

British Airways breach

Not what you want to see when you’ve just paid for a holiday!

As reported across major news networks over the world, British Airways has suffered a data breach that not only includes customer data but also includes payment details. Details from 380,000 customers have been accessed by an unauthorised third party. More details can be found on news sites such as:

https://www.theregister.co.uk/2018/09/06/british_airways_hacked/

https://www.bbc.com/news/uk-england-london-45440850

It’s likely that attackers have compromised a web service which is linked to payment services, however no specific details have been released yet so until then we can only speculate.

In this post we look at the information reported by British Airways, guidance for customers from BA, ourselves and NCSC but also we discuss the steps business’s should be taking to ensure they have a strong security posture, especially where customer data is concerned. Read more “British Airways breach”