An Abbreviated History of Infrastructure Attacks In Ukraine

Brief Background on Ukraine's Relationship with Russia Russia and Ukraine both originated with the medieval sate of Kyivan Rus (near modern-day Kyiv, 10th century AD). Unfortunately, Kyivan Rus was destroyed (the city razed and citizens murdered en masse) in the 13th century by Mongols from the Urals, lead by Batu…

Attacks on SSL/TLS

SSL and TLS are frequently attacked, and understanding past attacks can inform defenders' knowledge to secure current systems and to predict the direction of future attacks. As such, here's a summary of some of the most famous attacks targeting these protocols: Browser Exploit Against SSL/TLS (BEAST): BEAST (disclosed in…

The Case for Corporate (Human) Honeypots

Normally finding clearly fake profiles for a business is a huge red flag - the area of sketchy 5 star reviews and effusive praise for sushi restaurants in Kansas. However, creating fake profiles designed to draw in cybercriminals (particularly BEC actors) can be an effective strategy for corporate security teams.…

Stuxnet

What is Stuxnet? Stuxnet was one of the first examples of cyber warfare. It was a cyber weapon, attributed to collaboration between US and Israeli forces, aimed at disrupting the Iranian nuclear program. Estimates of the damage done range from a delay in Iran's nuclear program of between 1 -…

Types of Hackers

If you want to protect systems, you need to understand who you’re defending them from. Many of the hackers you’ll face will fall into several different groups. These different groups often use very different tactics, techniques, and procedures (TTPs) for attacking systems. Identifying which actors or groups of…

How to Hack

There are generally three different ways to approach hacking a target: Hacking the encryption (cryptography) This is very difficult, and time/computing power-intensive, as the algorithms we use are generally very hard to crack. Quantum computing, if cheaply and easily available, could present issues, but right now isn't at a…

Running an Effective Phishing Simulation Program: Part 2

Phishing simulation programs, when well designed, can be an effective way to help educate employees about the importance of information security and phishing attacks. However, they also run the risk of alienating employees who feel as though the security team is out to get them or that their employer is…