The month of March has been a period of inactivity on the Osint Me blog, but it does not mean I was sitting idle. Various side projects have been keeping me occupied, so apologies to those who have messaged or emailed me and I could not reply in a timely fashion.
The good news is that there are some good posts coming out soon (still work in progress) and some interesting developments are expected later this year.
Meanwhile, I have some reading material to share – some really good content that was published and shared by various entities, organisations and researchers. I read all of those during the month of March and not only do I want to share them with you people, but also I want to keep them handy here for future reference.
So here we go, enjoy and share around with whoever else might find these interesting. And as always, hit me up with any new suggestions you might have – we might be able to put out something similar at the end of Q2.
* * *
In Before The Lock: ESXi – this report from Recorded Future talks about ransomware attacks targeting VMware ESXi servers by several threat actors, mainly ALPHV, LockBit, and BlackBasta. Last month in this post I brought up the subject of exploiting a 2 year old vulnerability of VMware ESXi environments. The bad news is that those attacks are likely to continue and there is another facet to ransomware infections of virtual machines: “recovery may not even be possible due to bugs in the ransomware that corrupt virtual machines, or decrypters that fail to handle large files”. Read on to find out more.
CISA #StopRansomware: Royal Ransomware – a joint intelligence advisory product of the FBI and CISA, covering the Royal ransomware group. Great insights into the mode of operation of Royal, from initial access all the way to mitigations and prevention advice. Royal had previously been identified as a RaaS operator unlike many others – allegedly it’s a private group with no affiliates, as stated by Trend Micro.
Cybersecurity Compliance Guide from Arctic Wolf – contains a set of best practices, as well as legal requirements, for cybersecurity solutions, policies, controls and playbooks. It covers a lot of ground here, from the payments card industry and banking to government, healthcare, manufacturing and more.
2023 Global Automotive Cybersecurity Report – this publication by Upstream covers various cybersecurity topics that concern cars and technological solutions embedded in them. An interesting fact that I learned from this report was that the majority of cyber attacks on vehicles in 2022 were carried out by black hat hackers. Right now there is a big push in the West towards electric cars; this report here asks “But what about those CVEs?”. Over 100 pages long, but a quick and interesting read.
Telegram Cybercrime Ecosystem by Kela – an ominous read on how a messaging application grew out to be a significant ecosystem that harbors various breeds of cyber threat actors. Great context and very good examples explaining why it became so popular among cyber criminals. Read it in conjunction with my previous blog post on Telegram OSINT and privacy if you have the time.
Recorded Future 2022 Annual Report – this is the second publication by Recorded Future on my list. They have been putting out some good content recently. For many of us the year 2022 was nearly all about the war in Ukraine. Recorded Future cover a lot of that, but also find the time to outline the activities of China, Iran and North Korea in the cyber space. Big increase in the activity of info stealer malware, watch that trend.
2023 National Threat Assessment from Lithuania – speaking about war and potential escalations by the russian terrorist regime, this is a document published by the state security Department of the Republic of Lithuania (VSD). The threat from the East remains viable for any post-Soviet country in Eastern Europe and in particular the Baltic States. A worthwhile read, in particular when taken in the context of the recently declared cooperation by China, who appears to be willing to support the russian kleptocracy.
Threat Hunting Survival Guide from Microsoft Security – more of an infographic slide deck than a report, but still fairly useful and packed with good information. It talks about various threats and potential cyber attack angles that are relevant to the current landscape. Learn the ABCs of threat hunting and be prepared for some common and less common attack scenarios!
ChatGPT report from Europol – outlines the impact that language models, deep learning and AI might have on the work of law enforcement. And from that perspective it’s bad news. Europol has already identified several criminal use cases, from fraud and social engineering to sophisticated cyber attacks. They also signal the possibility of a new trend emerging: “‘dark LLMs’, which may be hosted on the dark web to provide a chat bot without any safeguards, as well as LLMs that are trained on particular – perhaps particularly harmful – data”.
From Moscow-City with Crypto – published by Transparency International Russia, it highlights various methods of money laundering using digital assets, employed by the sanctioned regime. An interesting read about Moscow-City, a dystopian business centre in the heart of the modern Mordor. The report includes screenshots of Telegram chats with the shady individuals who operate across Europe.
Cyble Underground Threat Activity Report 2022 – last on our list but not least, we have a comprehensive report by Cyble on various cyber crime trends and developments throughout 2022. Contains a solid assessment of the currently emerging and expanding trends (ransomware, phishing as a service, bulletproof hosting and more). Contains a useful timeline of the year and some threat actors profiles too.