Security

October 01, 2024

3 Minute Read

Security Staff Picks To Read This Month, Handpicked by Splunk Experts

By Tamara Chacon

Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.

Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:

Cybersecurity news
InfoSec and computer security
Threat hunting and detection engineering
AI & security
Risk management
Emerging trends
And much more!

We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So, anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts.

Security Articles To Read in November 2024

Iranian Hackers Use Brute Force in Critical Infrastructure Attacks

Author: Ionut Arghire
Recommended by: Zachary Christensen (LinkedIn)

Why we like it: The article highlights that Iranian threat groups have been employing brute force attacks, including password spraying and MFA push bombing, to target critical infrastructure sectors such as energy, healthcare, and government. They aim to gain persistent access by compromising credentials and modifying MFA registrations. The attackers also focus on lateral movement within compromised networks. To mitigate these threats, security experts recommend more robust password policies, phishing-resistant multi-factor authentication, increased employee training, and validation of security programs against the MITRE ATT&CK framework. Thanks to the fantastic work of our Splunk Threat Research Team, you can leverage pre-built detections with Splunk Enterprise Security, which aligns with the MITRE ATT&CK framework.

Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation

Author: Ravie Lakshmanan
Recommended by: Ronald Beiboer (LinkedIn)

Why we like it: “Taking down dark web markets like Bohemia and Cannabia is crucial in disrupting illegal activities and preventing criminals from profiting off them. It helps safeguard communities while reinforcing that cybercrime will not go unchecked.”

U.S. Officials Race to Understand Severity of China’s Salt Typhoon Hacks

Author: Dustin Volz and Drew FitzGerald
Recommended by: Audra Streetman (@audrastreetman / @audrastreetman@infosec.exchange)

Why we like it: “In an exclusive report, the Wall Street Journal examines what is known about the recent compromise of major US broadband providers, including Verizon, AT&T and Lumen Technologies. Members of Congress are concerned that Salt Typhoon, a group linked to Chinese intelligence, may have accessed information that the federal government uses for court-authorized network wiretapping requests. People familiar with the compromise told the reporters that Salt Typhoon still had access to parts of the compromised networks in the week before the WSJ report came out. Members of Congress are now asking the companies when they became aware of the breaches and what measures they are taking to better defend their networks.”

The War on Passwords Is One Step Closer to Being Over

Author: Lily Hay Newman
Recommended by: Tamara Chacon (@holly1g0lightly)

Why we like it: “In this article from Lily Newman, they discuss how passkeys, a secure alternative to passwords, are becoming more portable and easier to implement thanks to new initiatives by the FIDO Alliance. The article also looks at the features of these initiatives as well as some roadblocks along the road to full adoption in the future.”

More Security Recommendations & Resources

That rounds out this month’s security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:

Splunk Security Teams To Follow

SURGe

Splunk Threat Research Team (STRT)

More Recommendations

ATT&CK-ing the Adversary: Episode 2 - Hunting with ATT&CK in Splunk

Using MITRE ATT&CK to focus your threat hunting in Splunk

Security 12 Min Read

Detecting IcedID... Could It Be A Trickbot Copycat?

IcedID is a trojan that has been used in recent malicious campaigns and with new defense bypass methods.

Security 4 Min Read

Staff Picks for Splunk Security Reading June 2020

Check out our favorite June 2020 security-centric presentations, white papers and customer case studies from the Splunk (or not) security world.

About Splunk

The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.

Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.

Learn more about Splunk