3 Threats We Are Modeling for Clients These Days

Just a quick post today to discuss three threat scenarios we are modeling frequently with clients these days. #ThreatModeling

1) Ransomeware or other malware infection sourced from managed service providers – this scenario is become a very common issue, so common that DHS and several other organizations have released advisories. Attacker campaigns against managed services providers have been identified and many have yielded some high value breaches. The most common threat is spear phishing into a MSP, with the attackers eventually gaining access to the capability to push software to the clients. They then push a command and control malware or a ransomware infection down the pipe. Often, it is quite some time before the source of the event is traced back to the MSP. The defenses here are somewhat limited, but the scenario definitely should be practiced at the tabletop level. Often, these MSPs have successfully passed a SOC audit, but have very little security maturity beyond the baselines.

2) Successful credential stuffing attacks against Office 365 implementations leading to wire/ACH/AP fraud – This is another very common scenario, not just for banks and credit unions, but a lot of small and mid-size organizations have fallen victim to it as well via account payable attacks. In the scenario, either a user is phished into giving up credentials, or a leaked set of credentials is leveraged to gain access to the Office 365 mail and chat system. The attackers then leverage this capability to perform their fraud, appearing to come from internal email accounts and chats. They often make use of stored forms and phish their way to other internal users in the approval chain to get the money to actually move. Once they have their cash, they often use these email accounts to spread malware and ransomware to other victims inside the organization or in business partners – continuing the chain over and over again. The defenses here are to MFA, limited access to the O365 environment to require VPN or other IP-specifc filtering, hardening the O365 environment and enabling many of the detection and prevention controls that are off by default. 

3) Voicemail hacking and dial-system fraud – I know, I know, it’s 2020… But, this remains an incredibly impactful attack, especially against key management employees or employees who traffic in highly confidential data. Often this is accessed and then either used for profit via trading (think M&A info) or as ransom/blackmail types of social engineering. Just like above, the attackers often hack one account and then use social engineering to get other users to follow instructions around fraud or change their voicemail password to a given number, etc. Larger corporations where social familiarity of employees and management is low are a common attack target. Dial system fraud for outbound long distance remains pretty common, especially over long weekends and holidays. Basically, the attackers hack an account and use call forwarding to send calls to a foreign number – then sell access to the hacked voicemail line, changing the destination number for each caller. Outbound dial tone is also highly regarded here and quite valuable on the underground markets. Often the fraud goes undetected for 60-90 days until the audit process kicks in, leaving the victim several thousand dollars in debt from the illicit activity. The defenses here are voicemail and phone system auditing, configuration reviews, hardening and lowering lockout thresholds on password attempts. 

We can help with all of these issues and defenses, but we love to help organizations with threat scenario generation, threat modeling and attack surface mapping. If you need some insights into outside the box attacks and fraud potential, give us a call. Our engagements in this space are informative, useful and affordable.

Thanks for reading, and until next time, stay safe out there! 

Cyber-Mania & Situation Awareness in the Binary Worlds…

Good Friday Afternoon Folks;

In today’s issue of the latest cyber news we have quite a bit in the way of Cyber-Mania & Situation Awareness in the Binary Worlds…

Pay particular attention to the immediate section below and the latest items of interest from the People’s Republic of Cyber Espionage…er, sorry, China…
There are a couple of interesting items regarding cuber attacks and a cuber timeline from NATO…yeah OTAN…go figure!
And yes the F-B-I is looking for Hacker love…be sure to use a condom … or those executable files ail ruin your weekend…:-)

People’s Republic of China allows spies to plunder companies
Slight shift seen in official Chinese attitude on cybersecurity
People’s Republic ofChina firmly pursues peaceful development: defense minister
How America Is Fighting Back Against Chinese Hackers |
President Xi inspects Chinese Academy of Sciences in Beijing _ Qiushi Journal
People’s Republic of China’s Huawei Looks to Build Up Enterprise-Network Business

NATO History of Cyber Attacks – A Timeline
Fitting cyber attacks to jus ad bellum — Consequence-based approachPart III
Cyberattacks devastated my business!
NSA behind cyber attacks the took down ‘Dark Web’ used by online pedophiles
Defendant in Romanian Cyber Crime Ring Convicted of Wire Fraud and Identification Document Fraud Conspiracies

Are Black Hats and White Hats Really Grey Hats?

FBI director calls on private sector to help with cyber threat
I’ll be sure to send him a .pdf with an executable file in it – oh wait the Minneapolis Cyber Field Office already received it….Nyarch!
CIA, FBI and NSA Leaders Ask for Help Fighting Cyberattacks
The Government Wants to Create Cybersecurity Insurance
IPv6 is latest tool for stealing credit card numbers and passwords

Semper Fi,


Cyber Threat Situational Awareness for 09JUL2013

Good Day Folks;

Below is a short list of some of the latest stories you need to be aware of to maintain & improve your Cyber Threat Situational Awareness for today,09JUL2013…

矽對海洋和平,帕拉戰爭 or in Latin…Si vis pacem, para bellum…

Talking Cyberthreat With the People’s Republic of China


Traitor Snowden revelations imperil cyber hacking talks with People’s Republic of China |


Patriot hacker ‘The Jester’ attacks nations offering Snowden help


South Korea Attackers ‘Pierced Military Networks’
Same crew that hit TV stations and banks managed to get malware onto military networks


Dissecting operation Troy: Cyberespionage in South Korea
How Cybercriminals Operate — Dark Reading
A look at cybercriminal motives, resources, and processes — and how they may affect enterprise defense


Iran Planning Cyber Drills
US agency baffled by modern technology, destroys mice to get rid of viruses
The US Economic Development Administration (EDA) is an agency in the Department of Commerce takes a cyber threat property destruction lesson from the German Government 🙂 “…$170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction.”


Across Europe, Nations Mold Cyber Defenses



Semper Fi…


Sign up for updates from MSI: http://eepurl.com/dk1PE

International Cyber Intelligence & Situational Awareness (SA)…Operation Middle Kingdom

Good day Folks;

Here is an extensive list of the recent International Cyber Intelligence & Situational Awareness (SA) you should be cognizant of…something cyber for everyone including the People’s Republic of H@cking, HUAWEI, Pakistan ~ People’s Republic of China relations and much, much more cybernia related…and coming soon to a computer and networked system near you OP Middle Kingdom…

Innovation and Disruption, & Why the People’s Republic of China Needs the Latter


A Breakdown of the People’s Republic of China’s New Visa Rules
A New Anti-American Axis? People’s Republic of China & Russia…


People’s Republic of China’s Huawei Zambia to invest $500,000 in brand promotion | Times of Zambia
People’s Republic of China, Pakistan Build Communication, Transportation Links


PM urges People’s Republic of China’s Huawei to set up research centre in Pakistan


People’s Republic of China’s Huawei-Imperial plan renews Chinese cyber-security fears


People’s Republic of China’s Huawei deploys high speed 4G on Mount Everest


People’s Republic of China’s Huawei to build China-Pakistan link


People’s Republic of China’s Huawei Ready to Outspend Ericsson in R&D Race to Woo Clients


People’s Republic of China’s Huawei supports Asia Pacific hospitals


People’s Republic of China’s Huawei boosts spending on research


People’s Republic of China, Switzerland sign free trade agreement
Switerland is latest OP MIddle Kingom acquistion by the People’s Republic of China…


Studies: Cyberspying Targeted SKorea, US Military


Turkish Agent Hacked US Air Force Culture & Language Center Website | Cyberwarzone
Didn’t the USAF tell the US Senate they were lead DoD on Cyber & were going to protect US Critical INfrastructure againsts hackers?
Hell, they cannot even protect themselves….


Taiwanese Military to stage computer-aided war game later this month: MND
“tested the armed forces ability to fend off a simulated invasion by Chinese forces.”


EU and People’s Republic of China close in on solar panel deal


Pakistan, China set sights on Arabian Sea link |


Is People’s Republic of China’s Huawei Becoming Less Chinese?


People’s Republic of China’s Huawei to overtake Ericsson in R&D spending


Papua New Guinea’s fixed line incumbent Telikom recruits People’s Republic of China’s Huawei for NBN project


FCC approves deals between Japan’s Softbank, Sprint, Clearwire
Softbank signs huge deal with Huawei….backdoor to United States critical infrastructure now wide open for Huawei courtesy of Japan…


People’s Republic of China’s Huawei, Imperial College, London announce big data joint venture |


Chinese Web giant Tencent faces obstacles in its goal to expand in global IM market


People’s Republic of China Says Private Banks Possible


Emerging market giants quick to grab Australian foothold
Chinese banks, among the world’s largest, are busy in Australia




Current cybercrime market is all about Cybercrime-as-a-Service |


Traitorous Snowden Says the NSA and Israel Wrote Stuxnet Malware Together


EU adopts stricter penalties for cyber criminals
EU Parliament to launch inquiry into US surveillance programs
Piratin Nocun über den Überwachungsskandal…Cyberwar governments against their citizens


Iran to hold nationwide cyber maneuver


United Kingdom Cyber War ‘At Its Gunpowder Moment’


Beware the Internet and the danger of cyberattacks

U.S. military realm extends to cyberspace


The cyber-intelligence complex and its useful idiots
“Those who tell us to trust the US’s secret, privatised surveillance schemes should recall the criminality of J Edgar Hoover’s FBI”

Cyberwar: Angriffe auf Industrieanlagen wachsen…Cyberwar: Attacks on industrial plants grow


Blind Fear Of Cyberwar Drives Columnist To Call For Elimination Of The Internet |


Cyberwar ist kein Kalter Krieg
Brazil was target of U.S. signals spying, Globo newspaper says

Enjoy –

Semper Fi –


People’s Republic of Hacking…Latest Cyber Threat SA…

Good day folks, here’s the most current People’s Republic of Hacking…Latest Cyber Threat SA…

People’s Republic of Hacking: Chinese Hackers Behind ‘NetTraveller’ Global Cyber Surveillance


People’s Republic of China has ‘mountains of data’ about U.S. cyber attacks: official


People’s Republic of China is victim of hacking attacks – People’s Daily Online
Incredible Infographic about the People’s Republic of China as a victim of hacking….


How the People’s Republic of China’s ZTE is winning the US market – People’s Daily Online


Global IT and techno-jingoism – People’s Daily Online


This week Barack Obama must avoid the start of a cold war with People’s Republic of China
Guess no one told the Guardian that the Cold War with the People’s Republic of China started months ago…


Shaming Chinese hackers won’t work because cyber-espionage is here to stay


People’s Republic of Siamese Copycats: Lei Jun Builds His Xiaomi Empire by Aping Apple and Steve Jobs


People’s Republic of Hacking: Cyber-attacks likely to take centre stage when Obama and Xi meet in California


Michelle Obama ‘snubs’ China’s first lady


Cyber Command Redefines the Art | SIGNAL Magazine


Enjoy –

Semper Fi,


International Cyber Threat Situational Awareness…

Good morning Folks;

Here is a very comprehensive list of the latest International Cyber Threat Situational Awareness…

Silicon Valley at front line of global cyber-war…People’s Republic of China dominates US


China’s military to drill on digitalized forces – Xinhua | English.news.cn


OP Middle Kingdom: PLA joint cyberwarfare drill to show new strength and sophistication
The People’s Liberation Army will conduct its first joint combat drills involving cyberwarfare, special troops, army aviation and electronic countermeasures units next month to test the integration and co-ordination of its land and air forces, state media reported yesterday.


People’s Republic of China Developing ‘Digital’ Military Forces


PLA joint cyberwarfare drill to show new strength and sophistication


Chinese army to include digital forces in June military drill
The drill will be carried out in late June at the Zhurihe training base in North China’s Inner Mongolia autonomous region, which is the country’s largest military field, it said. Forces from the Beijing Military Area Command, as well as eight military academics will be participating.


People’s Republic of China Doesn’t Care if Its ‘Digitalized’ Military Cyberwar Drill Scares You


People’s Republic of China army to conduct first digital exercise


People’s Republic of China army to conduct first “digital” exercise


People’s Republic of China’s Huawei Denies Involvement in US Cyber-Attacks


People’s Republic of China’s Huawei Security Chief: We Are the Most “Poked” Company in the World


People’s Republic of China Denies Stealing New ASIO Headquarters Plans
Chinese military spokeswoman says ” we have already colonized Australia, why would we steal anything?”


People’s Republic of China’s digitalized troops begin to take shape – People’s Daily


People’s Republic of China willing to hold dialogues with U.S. on cyber security – People’s Daily


People’s Republic of China’s Doublethink on the Law of the Sea


Tiananmen Square online searches censored by Chinese authorities


People’s Republic of China signals hunger for Arctic’s mineral riches
Operation Middle Kingdom focuses on further colonization of Iceland and eventually most of Scandinavia including Norway….


Xi Jinping’s Chinese Dream
People’s Republic of China’s President Xi Jinping decsribes Operation Middle Kingdom as the reformist/nationalist view aka The Chinese Dream


Soft Power? The People’s Republic of China Has Plenty
Great article defining Operation Middle Kingdom and the colonization of Australia, British Isles and Canada….


TAIWAN: President Ma takes part in computerized war games


Commentary: People’s Republic of China should publish report on U.S. military power – People’s Daily


People’s Republic of China, Canada sign initiative on military cooperation – People’s Daily
OP Middle Kingdom – the People’s Republic of China now successful in adding Canada as the latest country to be colonized…United Kingdom and Australia have already initiated mandatory “Learn Chinese” courses…


Chinese defense minister meets Canadian Minister of National Defence – People’s Daily


Intellectual property theft detection is the best prevention


IT security: M&A transactions are a different matter


American Gets Targeted by Digital Spy Tool Sold to Foreign Governments


Google believes zero-day vulnerabilities should be responded to within a week




Microsoft to offer threat data in ‘near real-time’ to Certs and ISPs


Semper Fi,


Cyber Threat SA for Thursday from Abu Dhabi…

Good morning from Abu Dhabi, United Arab Emirates…

Here are the latest cyber threat intelligence notes you need to be aware of…enjoy!

People’s Republic of China says it is opposed to all forms of hacking


People’s Republic of China’s military to drill on digitalized forces – Xinhua |


Chinese hackers have access to major US weapons designs, report says


People’s Republic of China’s Huawei all governments hack secret data using their kit –


U.S., Australia reports allege new spying by People’s Republic of China hackers –


Australia: People’s Republic of China spy agency hack claims ‘will not hit ties’ – Hack claims over Australia spy HQ


Spy claim no threat to People’s Republic of China ties: Foreign Minister Carr


Australian spy HQ plans stolen by Chinese hackers: report


REPORT: Chinese Hackers Stole Plans For Dozens Of Critical US Weapons Systems


Researchers uncover new global cyberespionage operation dubbed Safe


Cyber Attack on Norway’s Telenor was part of large cyberespionage operation with Indian origins, report says


US accuses Iran of hacking energy companies


Semper Fi,



Horrible Ideas, Modeled & Profiled

Just a quick note this time about the HITME (HoneyPoint Internet Threat Monitoring Environment). One of the best uses for having the kind of global honeynet that we have deployed in the incarnation of the software is that you can create actual working models for a mistake or a horrible security idea.

Want to know what happens if you accidentally expose an internal system to the public Internet for 24 hours? We can quickly (in less than 30 mins) build an emulation for it and use a decoy dropped into place on your network to measure and model that risk over a period of time. You can get a real life set of metrics for how many probes it receives, from where and for what the attackers are looking. You can find out how long the average time is before the issue is identified by an attacker. You can even work up a profile of what sources, their locale and their capability to add to your risk assessments. These kinds of metrics, tied to a strong mathematical model (like FAIR) make for fantastic real world analysis.

You can do the same with web applications. Want to know what kind of attacks you can expect if you put in a new VPN portal at your managed hosting provider? No problem. We create an emulation and drop a decoy into their ESX(i) infrastrcuture, monitor it for 30 days and work up the data into a report for you. Now you can take that data and feed into a risk assessment, work out compensating controls and even get a budget idea for what it will take to secure such an infrastructure. We can also do this in multiple places and then work with the reporting you get from several vendors, using this mock up as a bake off data point to help you determine if your exposures and risks are higher from one hosting provider to another, what kinds of reporting you get from each, how effective their prevention and detection programs are, etc. We’ve even had a couple of organizations drop in temporary HoneyPoint decoys while being audited or undergoing penetration testing to get a third party view of how effective and capable their assessment and testing process has been.

The coolest thing to me about HoneyPoint is not the bleeding-edge attacks you can capture, nor the insights into attacker behavior it brings. Instead it’s the wide array of business problems that it can lend real world insight to inside the security world. It truly makes it easy to model and measure some of the most horrible ideas that an admin or developer can have. Wanna know more about the mistakes you make or might make in the future? Wanna measure attack interactions or generate metrics to feed a better risk assessment? Give us a call, we’ll be glad to discuss how you can take the next step in threat-centric information security with HoneyPoint!