Tag: defence

Defense

Ransomware Defence: Part 2a – Persistence, Privilege Escalation and…

Recap

In Part 1 (Initial Access Defence and Checklist) we looked at ways of hardening your attack surface to defend against initial access. When it comes to ransomware there is a range of elements and variables in the kill chain that need to be successful for the outcomes to be achieved by the criminals. Here we are going to move further into the kill chain to look at further defences. Remember you need to have an “Assume Breach” mindset if you are going to be able to defend against ransomware, that being said, there is a hell of a lot of things you can do for 0 to low investment costs that provide a great ROI. Now some of this is going to be repeated guidance from part 1, that’s ok repetition is good (make sure you are covered from multiple perspectives). Ok let us get to it! Read more “Ransomware Defence: Part 2a – Persistence, Privilege Escalation and Lateral Movement”

Breach

Following a Kill Chain – Defending against Babuk group’s…

Washington Police Department Pwn3d by Ransomware Group Babuk

So it’s all over the news outlets, a police department (Washington DC PD) has been hit by a ransomware syndicate, Babuk. So firstly, let’s be realistic everyone can get pwn3d and at this time our thoughts go out to those affected and to the teams working the response. Being hit by ransomware is NOT fun and not something we would wish upon anyone. That being said this isn’t an ambulance chase, what I want to do hear is look at the TTPs from Babuk in a bit more detail so hopefully we can help inform and educate people so they can strengthen their security postures.

References

https://news.sky.com/story/russian-hackers-target-washington-dc-police-department-in-apparent-ransomware-attack-12288183

https://www.theregister.com/2021/04/27/washington_dc_police_ransomware/ Read more “Following a Kill Chain – Defending against Babuk group’s TTPs”

Defense

Cyber Defence is Hard

Introduction

If you read a book about management theory or specifically cyber security management you will find lots of frameworks, methods, formulas, models etc. None of them really let you know how insanely hard it can be to defend a moving target where regardless of how many controls you have, all it takes it someone doing something which may seem bonkers to you but perfectly reasonable for them. Their objective is to do business in an efficient manner, your objective is to protect the business in an efficient manner. Fundamentally these two things are not at odds, but there are a lot of human factors that come into play on top of some serious technical challenges. Read more “Cyber Defence is Hard”

Defense

Aggressively Defending Information Systems

Taking a more active approach

You may have seen my post on hacking back and how it’s a nightmare that screams inexperience when I hear it (don’t get me wrong there are very limited times when it might be useful from a national defence perspective/intelligence services but that isn’t really ‘hacking back’ in my book, they are already working that space so it’s not a retaliation) however I’ve been spurred on this morning by a tweet I saw from @1njection:

After tweeting a quick reply, I thought I had put together a quick blog on aggressive active defences! (not wordy much). Read more “Aggressively Defending Information Systems”