August 2023 (version 1.82) of Visual Studio Code now supports Port Forwarding to allow easier access from Threat Actors.
inb4 Visual Studio Code as a C2?
Very cool 👍
More information: https://code.visualstudio.com/docs/editor/port-forwarding
inb4 Visual Studio Code as a C2?
Very cool 👍
More information: https://code.visualstudio.com/docs/editor/port-forwarding
🤣110👏20😁8❤4👍4🔥2😍2🤪2😢1💯1
Let's talk about ransomware for a second.
Ransomware Threat Actors are opportunity driven. They do not have specific targets in mind. If you've got a dollar, they want it.
The reality of the matter, in the ransomware ecosystem, is initial access brokering is cheap and affordable, it is a worthwhile investment for ransomware affiliates to establish a good relationship with an initial access broker.
There is an initial access broker who will sell you roughly 1,000,000 misconfigured VPN's for $1,500. These 'misconfigured' VPNs typically will be companies which have accidentally set a VPN user login to something like 'test' as the username AND password. Although this may sound absurd, or unlikely, these are extremely common as companies may simply overlook small errors. However, these misconfigured VPNs are not curated. Ransomware affiliates might have to spend weeks, or months, sorting through the list determining which companies discovered have:
1. Money
2. Do not violate the rules of the ransomware group
3. Have insufficient security posture
4. Are outside with CIS (ex-soviet countries).
This is often how ransomware groups collide with each other. Two different initial access brokers may have identified (or gotten access) to the exact same organization and then sold this identified vulnerable organization, or access, to two different ransomware groups. There have been stories where ransomware affiliates gain access, only to discover upon entry the organization has already been ransomed!
Companies that have correctly configured EDRs (a detected blue team), a SOC, and have good policy and/or asset control will defeat most ransomware affiliates. More often than not, if an affiliate encounters a company that has a good EDR, or hardened machines, they may simply abandon the target all together (or sell it to a different ransomware operator) because it may not be worth their time. Metaphorically speaking, time is money to the Ransomware Threat Actor.
Regarding targets, there is another aspect often overlooked. Ransomware operators residing outside NATO often do not understand the culture or targets they have identified. For example, we have witnessed ransomware groups target public school systems, failing to understand how the United States allocates money for schools. They mistakenly believe tax-funded schools are ripe with cash and simply do not believe negotiators when they say the victim doesn't have the money. They rely on publicly available information (often wrong information) from places like Wikipedia or ZoomInfo. They see big numbers and believe that this is the profit margins.
tl;dr if you very seriously want to defeat ransomware, security companies need to understand the financial limitations many organizations face. They do not have the money, or man power, larger companies have to combat an ever evolving threat landscape.
NOTE: There are some caveats to this rant. Every ransomware affiliate will seek different avenues of gaining access. Blah, blah, blah.
Thanks for reading. Have a goodnight (or morning).
Ransomware Threat Actors are opportunity driven. They do not have specific targets in mind. If you've got a dollar, they want it.
The reality of the matter, in the ransomware ecosystem, is initial access brokering is cheap and affordable, it is a worthwhile investment for ransomware affiliates to establish a good relationship with an initial access broker.
There is an initial access broker who will sell you roughly 1,000,000 misconfigured VPN's for $1,500. These 'misconfigured' VPNs typically will be companies which have accidentally set a VPN user login to something like 'test' as the username AND password. Although this may sound absurd, or unlikely, these are extremely common as companies may simply overlook small errors. However, these misconfigured VPNs are not curated. Ransomware affiliates might have to spend weeks, or months, sorting through the list determining which companies discovered have:
1. Money
2. Do not violate the rules of the ransomware group
3. Have insufficient security posture
4. Are outside with CIS (ex-soviet countries).
This is often how ransomware groups collide with each other. Two different initial access brokers may have identified (or gotten access) to the exact same organization and then sold this identified vulnerable organization, or access, to two different ransomware groups. There have been stories where ransomware affiliates gain access, only to discover upon entry the organization has already been ransomed!
Companies that have correctly configured EDRs (a detected blue team), a SOC, and have good policy and/or asset control will defeat most ransomware affiliates. More often than not, if an affiliate encounters a company that has a good EDR, or hardened machines, they may simply abandon the target all together (or sell it to a different ransomware operator) because it may not be worth their time. Metaphorically speaking, time is money to the Ransomware Threat Actor.
Regarding targets, there is another aspect often overlooked. Ransomware operators residing outside NATO often do not understand the culture or targets they have identified. For example, we have witnessed ransomware groups target public school systems, failing to understand how the United States allocates money for schools. They mistakenly believe tax-funded schools are ripe with cash and simply do not believe negotiators when they say the victim doesn't have the money. They rely on publicly available information (often wrong information) from places like Wikipedia or ZoomInfo. They see big numbers and believe that this is the profit margins.
tl;dr if you very seriously want to defeat ransomware, security companies need to understand the financial limitations many organizations face. They do not have the money, or man power, larger companies have to combat an ever evolving threat landscape.
NOTE: There are some caveats to this rant. Every ransomware affiliate will seek different avenues of gaining access. Blah, blah, blah.
Thanks for reading. Have a goodnight (or morning).
❤127👍44🫡5🤪5😘4🔥1👏1😱1🙏1💯1
Although this says "17+ verified people", we have little faith in Roblox.
Especially when Roblox sued YouTuber Ruben Sim (in an attempt to silence him) for becoming a whistleblower and exposing Roblox developer Arnold Castillo for his pedophilia
https://www.justice.gov/usao-sdin/pr/new-jersey-man-federally-charged-enticement-minor-and-interstate-transportation-minor
Especially when Roblox sued YouTuber Ruben Sim (in an attempt to silence him) for becoming a whistleblower and exposing Roblox developer Arnold Castillo for his pedophilia
https://www.justice.gov/usao-sdin/pr/new-jersey-man-federally-charged-enticement-minor-and-interstate-transportation-minor
www.justice.gov
New Jersey Man Federally Charged with Enticement of a Minor and
🤯76👍11👏4😁2🤔2😢2❤1😱1😘1
Vodafone Ireland Twitter account compromised and they gave us a shout-out from it 😂😂
https://twitter.com/VodafoneIreland/status/1700519265940508690
https://twitter.com/VodafoneIreland/status/1700519265940508690
🤣80🫡15👏4🔥2🥰2😱2❤🔥1❤1
Our giveaways winners are beginning to receive their books 🥰
🔥98🥰28👍6❤3😱3🤩1
"To get into malware development do I need to learn how to code?"
Uhhhhhhhhhhhhhh
Uhhhhhhhhhhhhhh
🤣155😁17🤔13🫡12👍5😱4
NOTE: We have never seen malware written in MATLAB before. And, to the best of our knowledge, no vendor has written a report on this. It'll be something truly special!
*We don't have any papers on MATLAB in our 15,000+ malware analysis papers...
*We don't have any papers on MATLAB in our 15,000+ malware analysis papers...
🤔58❤9👍2
This media is not supported in your browser
VIEW IN TELEGRAM
November 11th, 2019 officer Rafael Aguilera of the Little Rock, Arkansas Police Department logs into his patrol units computer system.
The body cam footage shows him typing "Sierra123$".
Hopefully they've changed their passwords since 2019.
The body cam footage shows him typing "Sierra123$".
Hopefully they've changed their passwords since 2019.
🤣111🎉10😁9❤3👍2
MGM Resorts is reporting a cyber security incident. Although they haven't specified, it looks and smells like ransomware.
- Slot machines offline
- Reward system offline
- Website offline
- Only accepting cash at the moment
- Slot machines offline
- Reward system offline
- Website offline
- Only accepting cash at the moment
🔥57🤣20👍5❤3🤯2👏1🙏1