Happy Friday all!
My #readoftheday is brought to you by Palo Alto Networks Unit 42! In this article, the researchers focus on a threat actor known as #BlingLIbra who is the group behind the #ShinyHunters ransomware and their Tactics, Techniques, and Procedures (TTPs) and behaviors. They do a great job at breaking down each MITRE ATT&CK Tactic and provide relevant artifacts and information on how the adversary accomplished that goal.
As always, once I am completely done with it I will provide my Threat Hunting Tip of the day, so stay tuned and enjoy! Happy Hunting!
Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware
https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/
Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
Threat Hunting Tip of the Day:
I know I normally steer you to a Cyborg Security and Intel 471 Hunt package but something about this report stuck out that could be an issue in many organizations and that can be summed up to one word: visibility!
Under the "Data Access and Impact (TA0010 and TA0040) section, it states that “CloudTrail S3 data logging and S3 server access logging was not enabled…no logs existed that showed exfiltration activity from the S3 buckets.” [1]
Lesson learned: IF you are migrating to the cloud or bringing new hardware/software, assets, etc into your environment, please take time to assess what level of logging exists, and determine what is valuable to ingest. Taking that time will be worth it in the long run and allow your analysts to dig through logs, create detections, and threat hunt in your environment! Enjoy and Happy Hunting!
[1] https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/
#CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #gethunting