STAR Feb 2022 livestream links

Instructor Katie Nickels gives the rundown on the latest threats you should know about. Here are the links and resources for her 2/15/22 episode.

February 16, 2022

Ukrainian tensions

Microsoft blog on ACTINIUM group targeting Ukrainian organizations: https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
Unit 42 blog on Gamaredon group targeting Ukraine: https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/
Mandiant recommendations on preparing for destructive attacks: https://www.mandiant.com/resources/protect-against-destructive-attacks (check out last month’s STAR livestream for more on this from John Hultquist: https://www.youtube.com/watch?v=ONtdjd_QvBs)

Annual reports

CrowdStrike 2022 Global Threat Report: https://go.crowdstrike.com/global-threat-report-2022.html
Expel 2022 annual report: https://expel.com/great-expeltations-2022/

Ransomware

Reporting on BlackByte compromising San Francisco 49ers: https://www.bleepingcomputer.com/news/security/nfls-san-francisco-49ers-hit-by-blackbyte-ransomware-attack/
FBI and USSS report on BlackByte: https://www.ic3.gov/Media/News/2022/220211.pdf
Red Canary blog on BlackByte: https://redcanary.com/blog/blackbyte-ransomware/
Raccine (“ransomware vaccine): https://github.com/Neo23x0/Raccine
Coveware quarterly ransomware report: https://www.coveware.com/blog/2022/2/2/law-enforcement-pressure-forces-ransomware-groups-to-refine-tactics-in-q4-2021
Allan Liska’s tweet on ransomware seasonal patterns: https://twitter.com/uuallan/status/1492517368035217410
International governments advisory on ransomware trends: https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2928709/cisa-fbi-nsa-and-international-partners-issue-advisory-on-ransomware-trends-fro/
Decryptor for Maze, Sekhmet, and Egregor from Emsisoft: https://www.emsisoft.com/ransomware-decryption-tools/maze-sekhmet-egregor

Miscellaneous

Microsoft announcement on blocking macros by default in Office: https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Recent reports from the DFIR Report: https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/ and https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
Twitter account to follow for Emotet info: https://twitter.com/Cryptolaemus1
SentinelOne blog on ModifiedElephant group targeting India: https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/

Recommended Training

Related Content

DFIR - Blog - HUMINT and its Role within Cybersecurity_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

October 4, 2024

HUMINT and its Role within Cybersecurity

This blog explores HUMINT's role in cybersecurity, detailing its implementation, benefits, and potential risks.

370x370 Jon DiMaggio.png

CTI_Blog_part_1_(1).png

Digital Forensics, Incident Response & Threat Hunting

January 12, 2024

Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2)

How to approach, research, and develop analytic assessments on emerging technologies and threat trends (Part 2)

Digital Forensics, Incident Response & Threat Hunting

November 1, 2023

Recent Cyber Threats Defenders Should Pay Attention To.

SANS Threat Analysis Rundown (STAR) livestream host Katie Nickels is joined by Will Thomas to provide his perspective on recent threats