#NSBCS.047 - Rocket Science Meets Cyber Security: Mission-Driven Success in Cyber
Rocket Science Meets Cyber Security: Mission-Driven Success in Cyber
Elon Musk’s approach at SpaceX, seen in the recent Starship launch, demonstrates how a mission-driven culture can align and energise a team. SpaceX is united under the objective of making space travel sustainable through reusable technology, giving everyone a clear focus and sense of purpose. In cyber security generally (and most definitely at NSB Cyber!), a similar mission-centered mindset aligns a team toward protecting clients from digital threats. When each team member understands how their work contributes to a larger objective, it builds a culture of shared commitment where everyone is invested in reaching the same goal.
This kind of alignment fosters adaptability and strengthens teamwork. In cybersecurity, where threats evolve constantly, a clear mission allows a team to respond more effectively. With everyone working toward the same goal, team members aren’t just doing isolated tasks; they’re collaborating, pooling their expertise to tackle problems together. Just as SpaceX engineers tackle the challenges of building reusable rockets, a cyber team (like ours) is laser focused on continuously refining their methods to stay current. This mission-focused approach drives the team to think ahead, allowing them to identify potential threats and address them before they become issues. By regularly updating their strategies and working together, team members build a stronger defence that keeps pace with the constantly changing cybersecurity landscape.
A mission-driven approach also builds resilience. At NSB Cyber, the focus on a unified mission means the team isn’t just responding to threats as they come up; they’re constantly working to prevent issues and improve defences. This parallels SpaceX’s iterative development process, where each mission is an opportunity to refine their technology and achieve ambitious goals.
For NSB Cyber, this culture of continuous improvement is crucial, as it allows our team to stay one step ahead in a rapidly changing threat landscape, ensuring we are well-prepared to help our clients protect themselves effectively and take #NoStepsBackwards.
For information on NSB Cyber’s Cyber Threat Intelligence capabilities or to book a meeting with our team, click here.
What we read this week
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity - Hackers are abusing an open-source tool called EDRSilencer to bypass endpoint detection and response (EDR) security solutions and hide malicious activities. The tool uses Windows Filtering Platform (WFP) to block outbound network communications of running EDR processes, preventing security software from sending telemetry data. This method helps attackers remain undetected, increasing the chances of a successful attack. Trend Micro researchers observed its use in evading detection in real-time, adding to the rise of EDR-killing tools.
Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability - Iranian cyberespionage group OilRig, also known as APT34, has been exploiting a recent Windows kernel vulnerability (CVE-2024-30088) in targeted attacks on government entities in the United Arab Emirates (UAE) and Gulf region. The group has been using this vulnerability to elevate privileges after gaining access to networks via a web shell on vulnerable servers. They also deployed a new backdoor to exfiltrate credentials from Microsoft Exchange servers. The group’s activities align with Iranian government objectives, leveraging stolen credentials to initiate further attacks.
Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware - A critical remote code execution vulnerability in Veeam Backup & Replication, identified as CVE-2024-40711, is being exploited by ransomware operators. This vulnerability has a high severity rating (CVSS score of 9.8) and can be exploited remotely without authentication. The vulnerability arises from a deserialization flaw and improper authorisation, which allows attackers to create rogue accounts and deploy malware. This exploit targets the Veeam service at a specific uniform resource identifier (URI) enabling attackers to spawn a local account with administrative privileges. Users are strongly advised to update to Veeam Backup & Replication version 12.2.0.334 or later to mitigate this threat.
Internet Archive Hacked, Data Breach Impacts 31 Million Users - The Internet Archive suffered a data breach impacting 31 million users, with the hacker stealing an authentication database containing emails, usernames, and bcrypt-hashed passwords. The breach was publicised via a JavaScript alert on the compromised website, and the stolen data has since been added to the "Have I Been Pwned" service. The most recent stolen record dates to September 28, 2024. Additionally, the site experienced a distributed denial of service (DDoS) attack, although it's unclear if the attacks are connected.
Casio Confirms Data Breach as Ransomware Group Leaks Files - Japanese electronics giant Casio has confirmed a data breach after a ransomware group, Underground, leaked sensitive files. The breach, occurring on October 5, 2024, compromised personal information, including employee and customer data, as well as internal documents related to contracts, sales, and legal matters. Hackers claim to have stolen over 200 GB of files, which they have started to leak, indicating Casio did not pay the ransom. Casio is urging against spreading the stolen data to prevent further damage and protect affected individuals.
References
https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html
https://www.securityweek.com/iranian-cyberspies-exploiting-recent-windows-kernel-vulnerability/
https://cybersecuritynews.com/hackers-exploiting-veeam-rce-vulnerability/
https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/
https://www.securityweek.com/casio-confirms-data-breach-as-ransomware-group-leaks-files/