Horizontal and Vertical Hunting with Persistent Engagement

In today’s cybersecurity landscape, the concept of Threat Hunting or the proactive pursuit of cyber threats begins merely as soon as an actor establishes their foothold in an organization, limiting the detection capabilities and overall understanding of a campaign that a hunter may have regarding the offensive capabilities of their adversary. In this context, I propose and intend to tackle these challenges with two main tactics that hunters can employ to disrupt the offensive operations of state actors and non-state actors more effectively: Horizontal Hunting and Vertical Hunting, while integrating elements of persistent engagement to enhance visibility.

Initially, as is usual in hypothesis-driven Threat Hunting, we formulate hypotheses based on intelligence feeds to conduct proactive searches within our environment. However, this approach often lacks precision in both operational capabilities and strategic insight into the adversary’s intentions. This can be attributed to various factors, including:

  • Limited intelligence collection capabilities
  • Technical expertise of both hunters and Threat Intelligence teams  
  • Uncertainty about the proactivity of the hunting team
  • Urgency to deploy detection capabilities (which may not always be effective) or publish articles by the Threat Intelligence team.  
[Read more…]

Android Pentesting (I): Environment Configuration

In this article we will try to explain step by step in the simplest possible way how to create a working environment to perform an ethical hacking on an Android device application, so that it can be done by anyone regardless of the knowledge they have.

The first step is to create a working environment to start an audit of mobile applications on Android. To do this, we will look at several mobile device emulators and choose one in which to mount our environment.

Some emulators on the market

First, let’s explain what an emulator is. This word comes from the Latin word aemulātor (emulates), which means something that imitates the operation of something else. Wikipedia defines it as follows: “In computing, an emulator is software that allows programs or video games to run on a platform (either a hardware architecture or an operating system) different from the one for which they were originally written. Unlike a simulator, which merely attempts to reproduce the behavior of the program, an emulator attempts to accurately model the device so that the program works as if it were being used on the original device”.

[Read more…]

Application of ChatGPT in healthcare

ChatGPT digital tool is well known at this point. This artificial intelligence (AI) is having a huge impact on the information and communication age. ChatGPT is being used for different purposes to improve some systems, however, some of the applications for which it is being used are generating controversy, and therefore, one more reason why it is being echoed.

If you still don’t know ChatGPT, you should know that it is a tool developed by OpenAI specialised in dialogue. It is a chatbot. In other words, you enter a text input and ChatGPT generates a coherent text that responds to what you have written.

Well, ChatGPT can also be used in health. But what do we mean by “in health”? “In health” means that it can be applied in any area that affects people’s wellbeing, whether it is to develop new software to improve the health management of a hospital or to ask questions about our welfare from home.

Several projects have been developed using AI with focus on health. Some of them implement the same ChatGPT models and others are based on proprietary technology, all of them taking into account the communication with the patient.

read more

Cybersecurity in the maritime sector: Maritime communication protocols

Maritime transport is a fundamental pillar of the global economy and, like any system adopting new connectivity technologies, it is subject to cybersecurity risks. In the article “New cybersecurity requirements in shipbuilding: implications in the engineering process and designs of new ships“, we commented on the increasing connectivity of new ships, as well as the low maturity of cybersecurity in this area and the common problems encountered in their systems. These characteristics, together with the increase in cyber-attacks, are driving the creation of mandatory standards and certifications for new ships. However, the problems are not just procedural. Let us look at one of the most important technical aspects, maritime communication protocols.

To recap the previous post, the common issues in the maritime domain lie in factors such as reliance on network isolation and physical security, coupled with long system lifetimes and a focus on availability. These characteristics are reflected in the way ships are designed and operated, from general aspects such as architectures to specific aspects such as communication standards. In this article, we analyse the most commonly used maritime protocols today in terms of their security and the risk of being affected by some of the most common types of cyber-attack.

Maritime network protocols are the communication standards that define the rules, syntax and procedures for internal communication between ship systems and ship-to-ship communication. As in other fields, international associations such as NMEA (National Marine Electronic Association) have worked to establish standards that are used by all manufacturers.

read more

From intelligence to threat detection

Threat detection is largely based on indicators of compromise. These indicators are observables that we identify during the management of an incident or during an investigation, that we receive from third parties in the form of intelligence feeds, that we download from platforms such as MISP, that we share among working groups… in short, we discover them or they discover them. But where do these indicators come from? In one way or another, indicators, a fundamental part of the characterisation of a threat (actor, operation…), come from intelligence analysis. In this article, we will discuss the path from intelligence gathering to the generation of indicators of compromise to detect a threat. This path is summarised in the figure below:

We all know that the various intelligence disciplines play a fundamental role in detecting threats in cyberspace. In this cyber domain, each of these disciplines (simplified SIGINT, MASINT, HUMINT, OSINT and GEOINT) has a specific weight and value, and forms the basis of what we call cyber intelligence. For example, the role of signals intelligence tends to be much more important than that of geospatial intelligence, and human sources contribute much less intelligence than signals, but much more value if well managed.

read more

AI vs. GRC: How AI can affect GRC areas of technology consultancies

AI (Artificial Intelligence) has proven to be a powerful tool in a number of areas, including Security Governance, Risk Management and Regulatory Compliance (GRC). As AI continues to develop and play an increasingly important role in our society it is critical to recognize the value and importance of the human component. While AI offers significant technological advances, there are areas where human judgment, experience and interpersonal skills are indispensable.

We, as workers in consulting firms and specifically in the GRC area, analyze the repercussion and impact that the arrival of AI may have in our professional field.

Will AI put an end to our jobs? This is a question that after the media boom that the irruption of ChatGPT has meant in our lives we ask ourselves without being able to avoid it, therefore, I have proposed to carry out an analysis to understand if AI could replace the work we develop at our clients, so below I allow myself to add my point of view on different aspects and/or reasons why, in my opinion, I understand that it is unlikely that AI can replace or at least take over the work developed in the GRC areas of technology consultancies:

Regulatory complexity

Regulations and laws related to risk management and compliance can become extremely complex. AI can help in automating certain tasks related to the work performed by GRC areas, but interpreting regulations and making decisions in complex situations often requires human judgment and expert knowledge of the business context and sometimes even human, and no less important budgetary and financial aspects. Consulting firms play a crucial role in providing expert guidance on how to comply with regulations and adapt to regulatory changes based on clients’ needs.

read more

Cybersecurity in the quantum computing era

Introduction

Cyber security is an important issue today. As the number of devices connected to the Internet continues to grow and more and more personal and business information is stored online, cyber security has become a major concern for businesses, governments and citizens.

Related to this, the emergence of quantum computing, with its ability to solve problems previously thought impossible with conventional systems, poses a major challenge for today’s computer security. This article examines its fundamentals and how it relates to quantum computing, as well as the potential threats and solutions being considered to meet these new challenges.

Quantum Computing: Fundamentals

Before discussing the implications of quantum computing for cybersecurity, it is important to understand how it works physically. Quantum computing is a different approach to traditional computing because it works thanks to the principles of quantum mechanics. Quantum mechanics is the theory that explains the behavior of elementary particles and how they interact with each other. It is based on the principle of quantum superposition, which states that quantum particles (such as electrons and photons) can be in several states at the same time. Instead of using bits to represent information, quantum computers use qubits that can be in multiple states at the same time.

[Read more…]

Health 4.0: the importance of cybersecurity in the healthcare area

The concept of Health 4.0 emerges as a specific derivation of Industry 4.0. But what is Industry 4.0? This concept arises in Germany in 2011, as a project to improve the industry but without a clear definition (see reference at the end of the article).

From this moment on, Industry 4.0 has been appearing with different interpretations, although there is a unified definition. Industry 4.0 is an umbrella that encompasses nine technologies that help in the transformation of industrial production and process automation.

These technologies are:

  • Big Data and Data Analysis
  • Simulation
  • Internet of Things (IoT)
  • Augmented Reality
  • Cloud Computing
  • Additive Manufacturing
  • Autonomous robotics
  • Cybersecurity
  • Integration systems
read more

New cybersecurity requirements in shipbuilding: implications in the engineering process and designs of new vessels

The logistics sector has evolved in recent years to more complex deployments where there is a greater flow of communication between its elements. This evolution is noticeable in critical sectors such as maritime, for example, in port environments there are a large number of interconnections for the exchange of information between a wide range of systems.

Real examples show how there are more and more cyber-attacks targeting companies in the maritime sector. It is therefore essential to develop cybersecurity strategies based on system protection, attack detection and incident response capabilities. Cybersecurity must be considered from the design stage, thinking beyond functionality and considering it as a process that must be incorporated into the day-to-day operations of all companies.

Given the variety of industry best practice standards or mandatory regulations that have emerged on cybersecurity in the maritime sector, IACS, a non-governmental, technical-based organization of eleven major marine classification societies, has established new unified requirements (UR E26 and E27) on the cyber resilience of ships that will apply to ships contracted for construction on or after January 1, 2024. Cybersecurity will move from being an added value to a market requirement.

Humanity is facing new challenges that require, more than ever, a new comprehensive vision. As a result, all organizations, and society in general, are to a greater or lesser extent immersed in a process of digital transformation. This transformation is based on the incorporation of technology in all the organization’s business processes and hyperconnectivity. There has been a convergence between Information Systems (IT), Operation Systems (OT) and Consumer Technologies (CT), giving rise to an interconnected ecosystem in which the impact of one node can have direct implications for the entire chain.

From a cybersecurity standpoint, this systemic world leads to a high-risk scenario. As our business processes become more dependent on technology, the impact of a potential cyber-attack increases.

read more

Cyber Threat Intelligence Report – Trends Q4 2022

During the last quarter of 2022, the Lab52 team has conducted an in-depth analysis of the threats that have been active during the period, focusing on information from both public and private sources, as well as studying the geopolitical context in order to anticipate potential campaigns.

Below is the report for the quarter, which includes the main trends of the period, along with analysis of the most sophisticated threats and the most important geopolitical events.

The intelligence gathering and analysis carried out by the Lab52 cyberintelligence team has led to a series of conclusions and generated intelligence for S2 Grupo’s security services.