Displaying items by tag: Raj Samani

Australian companies need to establish clear ransomware policies and improve their understanding of their attack surface to enhance their cyber security, says a visiting global expert.

Leading cyber security solutions provider Rapid7 has provided its top three predictions for 2025. The Nasdaq-listed company with a global footprint had its Vice President of Global Government Affairs and Public Partnerships, Sabeen Malik, who is based in Washington DC, and UK-based Chief Scientist Raj Samani, look into their crystal ball and these are their three predictions for 2025.

GUEST OPINION by Raj Samani, Chief Scientist, Rapid7: The “evolving threat landscape” is a term we often hear within webinars and presentations taking place across the cybersecurity industry. Such a catch-all term is intended to capture the litany of threat groups and their evolving tactics, but in many ways it fails to truly acknowledge the growth in their capabilities. This is particularly true of APT groups who have for years demonstrated a remarkable increase in their capabilities to remain undetected and carry out instructions from those orchestrating the broader campaigns under which they operate.

The latest research paper from Rapid7 Labs examines the tactics of North Korea’s Kimsuky threat group. It is published to serve as a learning on the evolving capabilities of a highly adept and industrious threat group, and, more importantly, to provide the necessary insights for supporting security teams in the implementation of defensive strategies.

Key insights to be found in this research include:

Targeting capabilities

The paper details Kimsuky’s delivery method as largely focused on email, but of course, a key component of this is determining who to target and what the most effective lure is likely to be.

Historically, this threat group has been particularly successful at the latter with considerable time and expense taken to identify “individuals” on whom their attention should be focused.

It is all too easy to shrug and comment on the need for security awareness as the panacea control to prevent all such initial entry vectors. The reality is that we all remain susceptible, given the right hook. And the ability of this threat group to target and compromise individuals around the globe reveals an alarming level of capability to elicit a response from victims.

Evolving technical capabilities

As detailed earlier this year, we are seeing technical innovation borne from the need to evade security controls within the victim environment. In this instance we detail the use of .LNK file payloads derived from an LNK builder proof of concept. This, however, is just the tip of the iceberg, with many other payloads delivered using alternate methods.

What this reveals — with a very high degree of confidence — is that there is an element to continual tooling improvements. Much like a component of this group dedicated to strong OSINT (as above), there is likely a subset of the group dedicated to technical innovation as a means to evade detection.
This allows the group to develop an arsenal of malware, for example, that can be used at will; but more importantly, it can be built upon and developed as defensive techniques improve.

Always on the move
The historic dependency upon reputations as a vehicle to identify malicious infrastructure is fast becoming less than effective. Politely put — and as demonstrated within the paper — we see Kimsuky establish infrastructure across the globe but quickly leverage new domains as needed. This is just another example of how this group understands and develops the ability to quickly move as it identifies new targets.

Subsequently, the publication provides tactical, actionable insights into the defensive measures that can be taken. For example, full details of coverage are included within the paper, as well as persistence measures undertaken by the threat actor, which are a critical indicator of compromise during retroactive threat hunts. All TTPs detailed within the paper are also incorporated into detection coverage across the Rapid7 portfolio.

GUEST OPINION: Considerable focus within the cybersecurity industry has been placed on the attack surface of organisations, giving rise to external attack surface management (EASM) technologies as a means to monitor said surface. It would appear a reasonable approach, on the premise that a reduction in exposed risk related to the external attack surface reduces the likelihood of compromise and potential disruption from the myriad of ransomware groups targeting specific geographies and sectors.

Security companies have reacted to the Uber hack that revealed the details of 57 million users with a mixture of anger and advice.

TalkTalk, a UK broadband, mobile and pay TV provider was again hacked on 21 October – a week later its customer details are being sold on the dark web for £1.65.

Today’s cybercriminals do not necessarily require technical expertise to get the job done. All they need is a credit card.