Both Dragos and ESET released two reports on the analysis of malware attacking power grids.
According to Dragos the adversary group labeled as ELECTRUM is responsible for the cyber attack on the Ukraine electric grid in 2016.
I created a mindmap based on the info in the Dragos document. It’s available on https://github.com/cudeso/tools/tree/master/CRASHOVERRIDE
https://www.us-cert.gov/ncas/alerts/TA17-163A https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf https://dragos.com/blog/crashoverride/
I compiled a list of -hopefully- useful tips and help for dealing with the WannaCry ransomware. I try to keep the page updated as soon as new information is available.
See https://www.wannacry.be/. Feedback is welcome!
A major wave of ransomware called WannaCry / Wcry / WannaCrypt has hit many organizations around the world, causing panic among many users, system administrators and security professionals. The details of the ransomware have been covered in detail at other posts
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware Player 3 Has Entered the Game: Say Hello to ‘WannaCry’ Massive outbreak of ransomware variant infects large amounts of computers around … Read more.
I have been using Shodan, “the world’s first search engine for Internet-connected devices”, since a long time. Recently I switched my free account to a membership account. A membership account allows you to do API queries with additional query filters (for example restricting search results to specific countries).
In this post I describe the results of querying the Shodan API for ICS (or related) devices in Belgium. These results are entirely based on what is … Read more.
A couple of days back the financial sector in Poland was shocked by the news that the Polish financial supervision authority was hacked and was used as an attack vector to get access to other (mostly Polish) banks.
This is a very short summary with some IOCs (Indicator of Compromise) that you can use to check your logs and verify if you are affected.
Note that most of this information is composed from information found … Read more.
I made a slide-deck on integrating MISP and VMRay in your incident management workflow.
MISP EcoSystem – Threat Intelligence, VMRay, MISP from Koen Van Impe
SANS ISC recently posted an article on The Dark Side of Certificate Transparency.
Certificate transparency means that participating certificate authorities will publish all certificates that they issue in a log. This information is public, meaning that you can search it at will.
The article already touches one of the side effects of having this information publicly available. By publishing the information organizations can disclose hostnames they’d rather not be known on the internet.
There are … Read more.
Dealing with security incidents is always a collaborative process, involving both your constituency and external players. There are a number of tools that help you with detecting (and preventing) incidents. One of those tools is for example the MISP – Malware Information Sharing Platform & Threat Sharing
But once you have an incident … how you deal with it? Everyone has (or should have) written their own incident response procedures but did you know that … Read more.
I did an earlier post on gathering open source intelligence with SpiderFoot. This post is a small update to incorporate the new version of Spiderfoot that was released recently.
A new version of Spiderfoot was recently released, including some extra modules. In my earlier post I described how I adjusted and added some modules. The new release of Spiderfoot contains part of my changes to the XForce module.
My initial change to Spiderfoot included a … Read more.
In 2015 I did a posting on the Security Intelligence blog on How to Stay Up-to-Date on Security Trends. The post describes how you can streamline the process of following different news and threat information channels, classify them and bring them to good use.
One of the tools that you can use is RSS feeds. I personally use a setup of fever to grab different RSS feeds and then have them delivered in one central … Read more.