Staff Picks for Splunk Security Reading November 2023

Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.

Check out our previous staff security picks, and we hope you enjoy. 

Dustin Eastman

@DustinJEastman/@DarkDrgn

In a first, cryptographic keys protecting SSH connections stolen in new attack by Dan Goodin for Ars Technica

"So, you thought SSH private keys were safe from theft and no one would break them. Turns out that might not be the case. In the study cited in this article, the author outlines how, depending on the veracity of your SSH implementation, if you utilize the RSA algorithm for your keys, you may be at risk. The article does clearly share how RSA and many open source SSH platforms have taken steps to help mitigate the risk. However, like any other platform it's all in how it is implemented, and if the necessary steps were not taken during implementation... your organization could be at risk. Is yours?"

It’s Still Easy for Anyone to Become You at Experian by Brian Krebs

"With the holiday season looming and credit fraud fraught in the holiday season, this seems like a gaping hole in security. Following up on an article he first published in 2022, the author confirmed that an initially noted weakness in Experian account security is still present. How easy is it to become the new you, and get access to your credit file? You will have to read the article to find out, but it is terrifying how simple it was. The author outlines his recent attempts to do this, as well as other readers who shared their similar stories of the same process. Happy holidays all!"

Tony Iacobelli

Ransomware gang files SEC complaint over victim’s undisclosed breach by Ionut Ilascu for Bleeping Computer

"I didn't have a criminal organization filing an SEC complaint on my 2023 bingo card, but here we are. This is another way that these ransomware gangs are trying to coerce payment out of their victims. This adds additional calculus for decision makers at victim organizations, as now dealing with regulators is another item on the breach clean-up to do list. While the SEC's new disclosure rules don't take effect until December 15, 2023, this is likely a good foreshadow of what is to come."

Chris Perkins

LinkedIn

Fighting Fraud in the Public Sector with the Splunk Data Analytics Platform by Chris Perkins

"This blog provides a technical deep dive into RBA (Risk-Based Alerting) for anti-fraud programs."

Drew Church

Australia says ports operator cyber incident 'serious' by Sam McKeith for Reuters

"Attacks against port infrastructure, especially right before the busy holiday season, may pinch consumers in the wallet as delays in shipping can cause perishable goods to expire, or supply chains to be further disrupted. As someone who is currently on a  ship, it's crucial to be able to dock as well."

Mark Stricker

@maschicago

Scammers are using AI to impersonate your loved ones. Here's what to watch out for by Sabrina Ortiz for ZDNET

"When we as the cybersecurity community contemplate the dangers of generative AI in the hands of attackers, we gravitate toward concerns about attackers generating malware or creating faux websites that you can’t tell from the original with AI. But, just to add another worry to the stack, AI can also be used to supercharge social engineering attacks.

This article shows how attackers are scamming people by generating voices that sound like relatives. But in a business context, now an attacker can not only pretend to be Ms. X from accounting, but can generate a voice that actually sounds like her as well! And we all know, humans are the most hackable part of any system."

Mike Polisky

"Ad-versaries": Tracking new Google malvertising and brand spoofing campaigns. New MaaS DarkGate loader, DanaBot, IcedID and more. by Silent Push

"Following a successful and concerted effort to hunt, track and neutralize malicious advertising infrastructure over the past summer, researchers are seeing an increase this fall, even leveraging Google Ads for propagation, just in time for the holidays! The article examines malvertising campaigns designed to deliver multiple malicious executables used for info stealing. Read to the end and you will find IOCs to look out for!"

Audra Streetman

@audrastreetman / @audrastreetman@infosec.exchange

Guidelines for secure AI system development by the UK NCSC and CISA

"The UK National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) released guidelines this month for secure artificial intelligence system development. The release is co-sealed by nearly two dozen international partners and includes contributions from a number of AI companies. The guidelines are broken down into four areas of the AI development lifecycle: design, development, deployment, and operation/maintenance. The guidelines follow a 'secure by default' approach and apply to organizations that create or provide any type of machine learning application. At a time of rapid AI adoption and development, security should not be treated as an afterthought, but instead a critical requirement throughout the entire development life cycle."