Geekmaster π½:system76: · @Geekmaster
166 followers · 1245 posts · Server ioc.exchangeIf you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: https://www.darkreading.com/threat-intelligence/bianlian-cybercrime-group-changes-attack-methods-cisa-advisory-notes?_mc=NL_DR_EDT_DR_weekly_20230518&cid=NL_DR_EDT_DR_weekly_20230518&sp_aid=116563&elq_cid=38046155&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.18.23&sp_cid=48613&utm_content=DR_NL_Dark%20Reading%20Weekly_05.18.23
#Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware
#rdp #admin #endpoint #breached #bianlian #hacking #threatintelligence #cloud #cloudattacksurface #dataexfiltration #exfil #attacksurfacereduction #ransomware
Geekmaster π½:system76: · @Geekmaster
166 followers · 1244 posts · Server ioc.exchange#Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. βWhat we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,β
https://www.scmagazine.com/news/threat-intelligence/data-log-thefts-explode-as-infostealers-gain-popularity-with-cybercriminals?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGLzUgAldBXEeVNitVuN5rpvANUjNCaIIBnTmArpblpBWE5hgFJSS9PoGhu7RxEp5cWxLUDxbLdJ7juuAc83cEfRAyiFxOpe18Kant7MXUMhA
#Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction
#infostealers #darkweb #underground #economy #supporting #infrastructure #lucrative #lowskilled #threatactors #hacking #threatintelligence #cloud #cloudattacksurface #tor #dataexfiltration #exfil #russianmarket #cyberespionage #russiaapt #chinaapt #apt #usemfa #attacksurfacereduction
Geekmaster π½:system76: · @Geekmaster
165 followers · 1242 posts · Server ioc.exchange#SIMswapping is still a very real thing. Now, it's being used to bypass defense and detection methods within #Azure to gain full #administrative access for #Windows #VirtualMachines. This is pretty advanced, but it's still a big danger. #UNC3944 https://www.scmagazine.com/news/cloud-security/threat-actor-bypasses-detection-protections-in-microsoft-azure-serial-console?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGLzUgAlV_uPRm28W067Sf5RayoZQN17Xrk53YEG17z3Gl_7qKsu2bjdUUW2CRUpserJQgXmMB46ieb_G5KrSlLHQGWs_K0TtXaXsrlmIPgkg
#Hacking #ThreatIntelligence #InitialAccess #LateralMovement #Persistence #Cloud #CloudAttackSurface
#simswapping #azure #administrative #windows #virtualmachines #unc3944 #hacking #threatintelligence #initialaccess #lateralmovement #persistence #cloud #cloudattacksurface