Can AI replace intelligence analysts?

Ok, it’s late, and well I wanted to look into cyber attacks where social engineering is a key component combined with technical hacking skills.

There’s been a growing number of these style events, so I tasked GROK to create an assessment for me, let’s see how it did! Let’s both try and answer the questions:

Can GROK replace intelligence officers and can GROK help us defend better against social engineering + technical attacks? What do you think? (please take all of this with a pinch of salt… LLMs are known to make mistakes/hallucinate/lie in a very convincing manner)….

they look nice…. but looks can as we know, be deceiving! (is the entire blog just a social engineering experiment by me?)

Education

Making cyber security relatable to people

If we look at the reality of cyber security on a personal level, it’s insanely complex. There are hundreds if not thousands of details that matter, under the microscope security is incredibly complex and contextual. Which makes it a nightmare outside of simple abstractions, because things get complex fast.

Fiction

The Hacker on a Train

It was a crowded train ride during rush hour, and everyone was packed in like sardines. The train was slowly making its way through the city, and people were trying to kill time with their phones or laptops.

At one end of the train, there was a young man, who appeared to be in his mid-20s, typing away furiously on his laptop. He had a serious look on his face, and his eyes were focused on the screen.

Strategy

Australia National Cyber Strategy Consultation

This morning before I got on with some more dull affairs of business, I saw the following:

2023-2030 Australian Cyber Security Strategy Discussion Paper

How we (humanity) and people (including governments etc.) respond to the changing digital landscape and cyber threats that affect society and humanity as a whole is really important. It’s great to see the Australian government using an advisory board and panel structure as they look to review/renew their national cyber security strategy. I’m posting this to raise awareness as I think these things are ever so important that people in the community, industry, academia etc. give their inputs, help and support to the people charged with the incredibly complex task of developing and implementing cyber strategies at country scale! A task not so simple, hence they are calling for inputs as part of a general consultation request from people and organizations.

Guides

Cyber Threat Intelligence Resources

There are so many lists of “tools” of “free resources” for “cyber” etc. Well I don’t want to make a list of stuff for social media, this isn’t the TOP x tools, this is simply some resources that I use on a regular basis that should give people a fairly good idea of where to start looking. Cyber sleuthing is a mixture of:

HUMINT
OSINT
CSINT
RUMINT
SIGINT
SOCMINT

Threat Intel

The RoyalMail Ransomware Saga

Last update we had was when LockBit released a transcript of a chat alleged to be between LockBit and the RoyalMail ransomware negotiator.

Thanks to Domonic far tagging me, we can see an update has occurred on the LB site:

Education

Am I a criminal or am I a cybersecurity…

Whilst the common person will largely link the words “hacker/hackers” to criminal the reality is hackers are scientists/artists/creators/ComputerOperators and the choice of being a criminal or not is down to actions and consequences. So the debate about if you identify as “hacker” does that make you a criminal, well it’s nonsense isn’t it. I could call myself a pony but it won’t make me one, much like I could call myself a criminal and I could be entirely law abiding.

Threat Intel

Active Cybercrime Groups

Ransomware this, ransomware that! The problem is, you can be tired of the subject but that doesn’t mean the threat has gone away! So what are the currently active ransomware groups posting victims?

Well here’s a list of currently active group (Both Ransomware and Marketplaces) names who have ONLINE “DARK WEB” (TOR) hidden services online and who are posting victims or are markets:

Guides

Ransomware + Mega = Mega Cyber Pain

Did you ever read about ransomware actors? They often use mega upload to exfiltrate data! So I figured, why would we not detect this with MDE?

I mean sure we should probably block this with a custom indicator using Web Content Filtering and sure it would probably get blocked by Protective DNS but let’s say for whatever reason you don’t have those in place, let’s look at a really simple query to find mega connections in MDE:

Threat Intel

KILLNET: Area they really a threat?

This is an evolving post and will likely be updated over time. Online “community” or “criminal gangs” etc. can be fluin and dynamic, thinking of them in rigid structures and trying to compare them to “In Real Life (IRL)” organisationas directly doesn’t really work. They work generally in a collective fashion. No masters and no slaves etc.

“Hacker” Groups

I don’t really like to use the term “hacker” in this sense, perhaps hacktivist or criminal groups is the right fit, however, words aside there is the question: Who is KILLNET, are they a threat and who are they a threat to?

Who is KILLNET?

KILLNET was suposedly formed as a resonse to the IT ARMY of Ukraine (Ukraine Cybe Army) (formed late Feb) which is odd given the first post from KILLNET was on January the 23rd and IT ARMY of UKRAINE setup their telegram on Feb 26th.