Happy Wednesday in Infosec
Jeremy Pickett
Founder @ JaphOnTech | Infosec Research, Incident Response, Anti Fraud, Reverse Engineer)
Something is happening in Russia, something... out of the ordinary. An oligarch was arrested in Paris, and this oligarch was running a messaging app. A very widely used Russian messaging app. The rumors are going wild. As new credible information is received and checked, it is added to this living, free, no adds, no trackers post as japhontech (my newly minted startup). But this might be the biggest security, "Did I do that?" in decades.
Two new issues of Threat Hunting for SIEMs were launched (Free, Open License). Want to get more out of the SIEM you have invested a ton of time, energy, sweat, and money? There may be some nuggets that will extract just a bit more value in this four part series.
These include checklists for actual actions you may choose to take. It is both a great method for self-motivation and discovery, and an excellent way of achieving measurable milestones and KPIs.
https://www.japhontech.com/blog/advanced-threat-hunting-with-siems (free, open license)
https://www.japhontech.com/blog/advanced-threat-hunting-with-siems-part-2(free, open license)
https://www.japhontech.com/blog/advanced-threat-hunting-with-siems-853bw(free, open license)
https://www.japhontech.com/blog/advanced-threat-hunting-with-siems-part-2-df2jh(free, open license)
领英推荐
And finally, the ISO, CIS, MITRE, and many other libraries are coming online ($, Monthly subscription for everything). This includes specific controls and mappings for TTPs. It is an excellent resource which is moving in to an expanded set of regulations include for the EU by the end of the year.
A few links:
https://www.japhontech.com/mitre-library (subscription)
https://www.japhontech.com/iso-27001-library (subscription)
https://www.japhontech.com/hippa-control-library (subscription)
And I can't not mention just a little bit about AI. The quality of faked images from phone cameras is set to absolutely take off. With Google Pixel 9, it is uncanny. I do not know if they are being watermarked or encoded with say higher-bit steganography, but even if they are this will only affect the least ambitious adversary. Unfortunately, unless provenance can be cryptographically proven, and the contents of pics or photos are corroborated, the authenticity and verifiability are greatly going to suffer.
I predict that it is going to be IoT, small inexpensive form factors that wreak the most damage. Why? Even if there are ways of watermarking images, they will require new hardware, which requires physically upgrading equipment. And the least expensive pieces of equipment will balk at 1) purchasing TPMs for signature and key management in embedded hardware enclaves, and 2) paying for CAs to verify their sigs up the chain, 3) requiring internet access for very low priced devices.
What this means is yes, your phone made from a US company and supported by US carriers may sport the right hardware, but there are so, so many steps where that can break. And inexpensive devices just won't sign video or audio content. This will be a major pain point for the next 18-36 months at the minimum. But JoT isn't all doom and gloom, the Deep Fake videos of Putin carrying a gold plated shotgun were fairly funny.