Hunt & Hackett

Be cautious of #cybercriminals looking to exploit the recent IT outage. They may use #phishing and fake updates disguised as Crowdstrike to target you. Check out the Warehouse Totaal article for more information and stay informed. https://lnkd.in/eB7uPNMF

A significant IT #outage has caused disruptions globally, affecting airlines, banks, media companies, and more. The primary cause is linked to a technical issue with the cybersecurity firm CrowdStrike. CrowdStrike confirmed a major outage due to a problematic update, which they are now in the process of rolling back. This issue has resulted in widespread reports of technical problems, including the infamous "blue screen of death" on Windows devices. Microsoft also faced an outage affecting its #cloud services in the U.S., though it is unclear if this is directly connected to the CrowdStrike issue. Microsoft has since mostly restored its services. This outage has thus had far-reaching impacts:  ➡ Airports: Major hubs like Delhi, Gatwick, and Schiphol are experiencing significant delays and manual check-ins. American, United, and Delta Airlines in the U.S. have halted all flights  ➡ Media: Sky News and BBC's CBBC Channel are temporarily off-air  ➡ Financial Services: Banks, including South Africa’s Capitec, have reported transaction declines and other issues  ➡ Other sectors: IT systems from Poland's largest container terminal, the Baltic Hub, the Paris Olympics, and the New Zealand Parliament have also been affected This global outage has highlighted the #interconnectedness and #vulnerabilities of modern IT infrastructure, affecting various critical services and causing widespread inconvenience. The situation is evolving as companies work to restore their systems. We are currently working with our affected clients and other stakeholders to develop solutions as the situation evolves. Stay updated with live development at the following link: https://lnkd.in/djHAwU4t

Kudos to our Security Expert Wilfred V. for scoring the legendary tee from Nationaal Cyber Security Centrum (NCSC-NL)-NL! Wear it with pride and keep up the awesome work! 💪

Recent reports from the Norwegian broadcaster Norsk rikskringkasting (NRK) reveal that Chinese hackers, likely the group #MustangPanda, have targeted commercial #shipping across Europe. Their method? Distributing malware-laden USB sticks that unsuspecting individuals brought onboard ships. This trend has resulted in the discovery of compromised vessels in Norway, Greece, and the Netherlands throughout 2024. The #malware is designed to scrape sensitive information from the networks it infiltrates, posing risks to data security and operational integrity. How these USB sticks end up on ships is still unclear, but ESET research Alexandre Côté Cyr theorizes that Mustang Panda may have handed out the sticks to unsuspecting individuals at maritime events. These individuals then unknowingly brought these USBs onboard ships, highlighting human curiosity and lack of awareness as potential factors in how the malware-laden USB sticks ended up on vessels. 𝐖𝐡𝐲 𝐢𝐬 𝐭𝐡𝐢𝐬 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥?  ➡ Operational Disruption: Cyberattacks can halt maritime operations, leading to significant economic losses.  ➡ Data Security: Breaches can expose sensitive information, jeopardizing both commercial and national security.  ➡ Human Factor: The tendency of staff to plug in unknown USBs underscores the ongoing need for cybersecurity training and increased awareness. If you'd like to know more about how we're addressing these challenges and our approach to safeguarding your #maritime operations, check out our maritime threat landscape: https://lnkd.in/exyq7CWr

At Hunt & Hackett, we believe that effectively responding to cyber security incidents is a balance between #prevention and swiftly responding to your #detection solutions. Imagine two firefighters: one is always on the lookout, quickly putting out small fires before they spread. The other waits until the fire is raging, then calls in a team to save the day, as seen below. Our Managed Detection & Response (#MDR) services focus on being that proactive firefighter, constantly monitoring and neutralizing threats before they escalate. Prevention is critical, but what happens when an incident slips through? This is where traditional incident response methods fall short. 𝐓𝐡𝐞 𝐏𝐫𝐨𝐛𝐥𝐞𝐦 𝐰𝐢𝐭𝐡 𝐓𝐫𝐚𝐝𝐢𝐭𝐢𝐨𝐧𝐚𝐥 𝐈𝐧𝐜𝐢𝐝𝐞𝐧𝐭 𝐑𝐞𝐬𝐩𝐨𝐧𝐬𝐞 Traditional IR often involves acquiring vast amounts of investigation material over several days before starting analysis. This delay can allow threats to evolve and cause significant damages. We recognized that this traditional approach is no longer sufficient, especially with the rise of large-scale security incidents, #ransomware, and advanced persistent threats (#APTs). 𝐌𝐨𝐝𝐞𝐫𝐧𝐢𝐳𝐢𝐧𝐠 𝐈𝐧𝐜𝐢𝐝𝐞𝐧𝐭 𝐑𝐞𝐬𝐩𝐨𝐧𝐬𝐞 We’ve shifted to a more agile, automated IR strategy that, incorporating a #DevOps mindset, therefore ensuring seamless integration between prevention and response. 𝐈𝐧𝐭𝐫𝐨𝐝𝐮𝐜𝐢𝐧𝐠 𝐨𝐮𝐫 𝐂𝐥𝐨𝐮𝐝-𝐁𝐚𝐬𝐞𝐝 𝐈𝐑 𝐋𝐚𝐛 To support this modern approach, we developed an innovative cloud-based incident response lab. Here’s how it works: 👉 [Automated and scalable data acquisition]: Leveraging Infrastructure-as-Code and open-source tools, our lab automates data collection and analysis, drastically reducing response time. Automation enables us to operate with the speed of an attacker and the prowess of a forensic investigator.  👉 [Real-time threat hunting]: Using tools such as Velociraptor, we can perform real-time data acquisition (leveraging your XDR) and threat hunting, collecting data from various sources quickly and allowing us to identify threats early.  👉 [Comprehensive analysis]: Our lab supports the acquisition, processing and analysis of memory images, Active Directory objects, and more, ensuring a thorough investigation.  👉 [Staying covert]: We can employ techniques to collect data without alerting APTs, allowing us to stay under the radar and gather critical insights. By integrating our IR capabilities with our MDR services, we ensure that once an incident is detected, we can respond swiftly and effectively. Our blog post delves deeper into these topics, offering a look at our approach and the technology behind our cloud-based IR lab. Read the full blog here: https://lnkd.in/eS_84EBp

New #blogpost! This week our Research & Innovation Lead Francisco Dominguez offers a new perspective for defending against #socialengineering attacks.    When we talk about threats that involve social engineering, such as #phishing and #fraud, there’s a general tendency to position a lack of “security awareness” as the core issue. But is this really the case? As Francisco puts it: “Even with all the knowledge in the world, you can still fall victim to attacks. Not because attackers are necessarily always smarter than you, but because everyone has a bad day.” “Providing heaps of information doesn’t make people more resilient, it makes them more informed (or so we hope), which does not necessarily result in a better response when they are attacked.” So, how can we become more resilient to social engineering? Dive into the full blog and discover the role emotions might play in determining our responses: https://lnkd.in/d9vCfJXU

Hear ye, hear ye! Our webinar with Xebia is now available on demand! If you haven't seen it yet, you can watch it now for free on our page. You'll be able to gain valuable insights into why security doesn't have to be painful, with topics like #cloud security, #SecOps modernization with Chronicle SIEM, and more. https://lnkd.in/dABJtvdr

𝐇𝐨𝐰 𝐭𝐨 𝐧𝐚𝐯𝐢𝐠𝐚𝐭𝐞 𝐭𝐡𝐞 𝐫𝐢𝐬𝐢𝐧𝐠 𝐭𝐡𝐫𝐞𝐚𝐭 𝐨𝐟 𝐬𝐮𝐩𝐩𝐥𝐲 𝐜𝐡𝐚𝐢𝐧 𝐚𝐭𝐭𝐚𝐜𝐤𝐬 In the past five years, supply chain attacks have tripled, with a notable surge since 2021, according to Cybersecurity Magazine (CSM). These attacks involve malicious actors targeting third-party vendors who offer services or software necessary to an organization's operations. While SolarWinds stands out as a prominent example, recent incidents like the #Snowflake and #Polyfill.io attacks highlight the ongoing threat. The Snowflake cloud-based data warehouse attack involved cyberattacks on customer environments due to compromised login credentials. This breach has been linked to significant data breaches at #Ticketmaster, #SantanderBank, and more. Attackers used credentials stolen through historical infostealer malware infections, affecting at least 100 Snowflake customers and exposing approximately 165 businesses, as reported by Mandiant (part of Google Cloud). The impact was worsened by poor security practices, such as not updating credentials or using multifactor authentication. Polyfill.io, a widely used #JavaScript CDN service, was compromised earlier this year after being acquired by a Chinese company called Funnull. This led to malicious JavaScript code being injected into over 100,000 websites, redirecting mobile visitors to scam sites, according to Dark Reading. The full extent of the consequences is still unclear, but major names like #Intuit and the #WorldEconomicForum were affected. Key Learnings:  👉 Regularly update login credentials and use multifactor authentication 👉 Monitor third-party services and dependencies for changes in ownership or security status 👉 Implement robust security practices and educate teams about the risks of supply chain attacks 👉 Use threat detection tools to identify and mitigate potential breaches early To delve deeper into how your organisation can leverage #detection methods to identify #supplychain attacks, check out our blog on detecting and preventing targeted attacks:  https://lnkd.in/eZVjMXcZ

We had a great time above the Maas, and the views weren't the only things that were impressive. Besides enjoying the scenery, we were happy to see both familiar and new faces at FERM Rotterdam's board session last Friday, where we engaged in discussions about the importance of cybersecurity. Our own Marcel Van Oirschot took the stage as a keynote speaker, delivering a presentation on supply chain security. Marcel highlighted the relevance of the topic, making it interesting and accessible to the audience. He stressed that securing the supply chain involves more than just protecting individual assets—it's about safeguarding the entire network, including partners and vendors. Thank you to Ferm for hosting the event and inviting us as speakers! We look forward to future opportunities to share insights on cybersecurity.  

New #blogpost! This week we’ll be delving into the topic of #automation and explaining our vision for an Incident Response approach that combines the investigative prowess of a digital detective with a #DevOps mindset. When dealing with large-scale cybersecurity incidents, such as #ransomware or Advanced Persistent Threats (#APTs), traditional incident response methods rooted in digital forensics are no longer sufficient. This is because, traditionally, large amounts of data are acquired over several days before an investigation can begin. At Hunt & Hackett, we recognized this challenge and set out to find a solution. This led to the development of our cloud-based Incident Response lab, which leverages Infrastructure as Code and open-source software to provide a more efficient and scalable solution for incident handling. In other words, this allows us to operate with the speed of an attacker and the depth of a forensic investigator. Read the full blog below for a breakdown of the data acquisition methods used in our lab ⬇ https://lnkd.in/dvMDPR_M #incidentresponse #incidenthandling #dataacquisition