Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Staff Picks for Splunk Security Reading February 2024
Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Check out our previous staff security picks, and we hope you enjoy.
Shannon Davis
How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity by Andy Greenberg for WIRED
"Adapted from ‘Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency,’ this article paints a great picture of research by Sarah Meiklejohn and others to trace Bitcoin transactions. This type of research reminds me of the work we try to undertake within SURGe. That is, taking a very large dataset, in this case the entire Bitcoin blockchain at the time, and then applying analysis techniques to uncover things such as which wallets were owned by the same person or company, who was transacting with whom, and even tracing the flow of coins through tumbler services."
Ronald Beiboer
Law enforcement seizes top ransomware gang's website by Sam Sabin for Axios
"It took some time, but law enforcement is really making an impact on global cyber crime lately!"
Brandon Sternfield
Introducing Sudo for Windows! by Jordi Adoumie
"Microsoft's introduction of "sudo" for Windows strengthens security measures by offering users fine-grained control over system access, addressing vulnerabilities, and aligning Windows environments with Unix-like security practices. Here's hoping the Splunk Threat Research Team is ready for this to be rolled out!"
Richard Marsh
Leaked files from Chinese firm show vast international hacking effort by Christian Sheperd, Cate Cadell, Ellen Nakashima, Joseph Menn, Aaron Schaffer
"On February 16, 2024, something big happened on GitHub. A mass of files were leaked from a Chinese-state linked hacking group. This dump is still being analyzed by security researchers, but what we know so far is wrapped up nicely by the Washington Post in this article. This leak provides insight into hacking group operations, rivalries, and tools/techniques within these groups. Over the coming weeks, researchers will continue sharing their findings online. Blue teams around the world have an amazing opportunity to increase defenses against these specific tactics, techniques, and procedures that were leaked."
Allison Gallo
Royal ransomware: a threat actor you should know by Christine Barry for Barracuda Networks
"Just when you thought Conti was gone, they regroup! Like the mythical hydra, ransomware groups tend to come back with a vengeance. Royal Hacking Group started out targeting organizations in the healthcare industry, but have since expanded to target other sectors. They were behind the attack on the city of Dallas, TX in May of 2023, which disrupted city services and resulted in 1TB of data exfiltrated. They use an interesting technique called partial encryption which can evade detections and can be difficult to recover from without the decryption key. Check out the CISA page for more info and IOCs."
Michael Haag
Diving Into Glupteba's UEFI Bootkit by Lior Rochberger and Dan Yashnik for Unit 42
"I found the deep dive into the Glupteba bootkit fascinating because it highlights a part of cybersecurity that often doesn't get enough attention. Over the past year, the rise in bootkits signals a potential shift in how attackers operate, moving from traditional malicious software to focusing on persistence through the bootloader. This change in tactic is worrying because bootkits are harder to detect and remove, making them a more potent threat. The article's exploration of Glupteba not only showcases the complexity and stealthiness of these threats but also serves as a wake-up call to the cybersecurity community."
Mark Stricker
LLM Agents can Autonomously Hack Websites by Richard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, Daniel Kang
"Interesting work on the use of LLM agents to hack websites, find vulnerabilities, exploit vulnerabilities and extract data. Obviously, the reverse is true – we could use agents like this to scan our systems for vulnerabilities and patch or mitigate them. It's a brave new world out there!"
Audra Streetman
@audrastreetman / @audrastreetman@infosec.exchange
Dragos 2023 OT Cybersecurity Year in Review by Dragos, Inc.
“There are a number of interesting findings in Dragos’s annual Year in Review report, including a nearly 50 percent increase in observed ransomware attacks targeting industrial networks in 2023 compared to 2022. Madeleine Tauber and I recently interviewed Dragos CEO Rob Lee about the report in an upcoming episode of The Security Detail, which comes out on March 13. We discuss threat groups known to target the electric sector, including Volt Typhoon and Sandworm, along with ICS-tailored malware like Pipedream, CrashOverride/Industroyer, and BlackEnergy.”
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
