Cool Tools!

News & Commentary

So… the CrowdStrike thing…

Let’s start at the beginning.

During the overnight hours of July 19, well-known security vendor CrowdStrike pushed out code for their Windows endpoint agent. But this change was unique in that…uh…it was faulty. 😅

Once the bad “channel file” was deployed to Windows computers around the globe, it (predictably) broke everything. As a result, nearly 9 million Windows devices lit up their respective rooms with the dreaded Blue Screen of Death (BSOD).

Given that CrowdStrike is practically second only to Microsoft in the endpoint protection space, this was kind of a really really huge deal. The outage took down airlines, banks, emergency services — you name it.

And of course, threat actors were fast to the punch, too. It wasn’t long before they took advantage of the chaos, spinning up fake phishing websites and posing as CrowdStrike employees with offers to help “fix” the problem.

I made a video when everything was just starting to catch fire, which you can watch here:

I also tried to break it down in layperson’s terms on CNN! 😁

If you’ve spent any amount of time on LinkedIn during this fiasco, you’ve likely been inundated with tHoUgHt lEaDeRs who have something to say about the whole ordeal. I’m going to try and steer clear from this approach and instead focus on some casual questions floating around in my head while neck-deep in this thing.

Q: How do we prevent this from happening again?

A: That’s a tough question. I don’t know if I have a good answer!

One analogy that’s stuck with me over the years comes from Huntress’ CEO, Kyle. Working to come up with a foolproof plan to prevent an incident is much like working to prevent a hurricane in Florida. To be frank, you’re wasting your time.

Instead, what you can do is prepare just before hurricane season hits. Stock up on gas, grab some non-perishable food, and buy those jugs of water. Protect your perimeter by installing hurricane shutters. When (not if) that hurricane hits, you’ll at least be prepared. You can try with all your might to prevent this type of thing, but you won’t ever have a 100% foolproof plan.

In security, that’s where disaster recovery comes in. For businesses, that looks like having a plan in place with key players assigned who can mitigate damage and get everything back up and running ASAP.

In the end, we can try to prevent these incidents all we want…but arguably, it’s even more important to have a plan ready to go for when the worst-case scenario happens. Because it could be only a matter of time before a nightmare scenario comes to life.

Q: How far has cybersecurity crept into the real world?

A: Cybersecurity isn’t dipping its toes into reality anymore. It is reality.

When the world operated by pen and paper, cybersecurity seemed far less tangible. But now, if a hospital is ransomed, real people may die. When the right “Software as a Service” (SaaS) platform is hit, car dealerships might come to a standstill. And when bad code is deployed, air traffic may come to a halt.

Cybersecurity is part of our world now, and I don’t think there’s any going back. Sure, small businesses might be able to operate by pen and paper, but even that’s a huge ask. It becomes an impossible ask for enterprises. Not to mention humans will always need banks, hospitals, credit cards, and airlines.

When we deal with anything in cybersecurity, we’re addressing real-world issues with different consequences. And as a security researcher, that’s as exciting as it is terrifying. 😅

KnowBe4 accidentally hires a North Korean threat actor

Speaking of “whoopsie” stories, a North Korean threat actor posing as a software engineer was able to sneak past KnowBe4’s (rather intense) hiring process and land a gig there. And this guy did his homework to get hired, mind you. He passed background checks, gave suitable references, and even participated in FOUR video interviews! 👀

Soon after starting his new role, the threat actor got to work…just not in the way his new employer was hoping he would.

According to KnowBe4, the threat actor “performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software.” The good news is no real harm was done, and KnowBe4 was able to contain the activity pretty soon after it started.

Notably, AI played a pretty big role in helping the threat actor land his sweet gig. He stole an identity and paired it with a believable stock image of a person edited with AI. To KnowBe4’s credit, their endpoint detection and response (EDR) software flagged the image. 😜

Threat actors are actively exploiting ServiceNow vulnerabilities

Never known to let a good vulnerability go unexploited, threat actors are wreaking havoc via newly discovered vulnerabilities in ServiceNow, a popular IT service management platform.

These vulnerabilities could allow attackers to gain unauthorized access, escalate privileges, and execute malicious actions. Security experts urge organizations using ServiceNow to apply patches and updates promptly to mitigate the risks and protect their systems from potential breaches.

This begs the question…could we actually save the entire universe if we just dedicate our lives to patching?

Sponsor

DevSecCon is back!

Join Snyk for a virtual summit on October 8, 2024 to learn about DevSecOps strategies and how to maintain trust in AI-powered development.

Sponsor

Scale securely with minimal, hardened, and 0 CVE container images to run your workloads with Chainguard.

Here’s a snippet of my to-do list for content you might see soon! 👀

• “Mark of the Web” Metadata Forensics

• Decompiling AutoIT binaries

• Canary tricks to detect Entra ID lateral movement

• Initial access vectors from something as dumb as copy-and-paste

• August 5: The Diana Initiative

• August 6: Bsides Las Vegas

• August 7 - 8: Blackhat USA

• August 8 - 11: DEFCON — I’m super stoked to serve as a judge for the Social Engineering Village’s vishing competition this year, and I’ll be a team captain for Tiberius’ new “Hacker Family Feud” -style event 😎

I’ve been out on a boat load of travel these past many weeks.

It’s exhausting. 😂

We did squeeze in a sweet vacation, but I've been bouncing back and forth between the east coast and west coast of the States.

Oh, and I was actually on a boat — at least for a little bit, we were cruising down one of those New York rivers and I got a cool pic 😁