Triskele Labs

🎧 Tune in for another quick fortnightly overview by Richard Grainger and Brad Morgan. In this latest episode, they covered; ▶ News about LockBit's founder, Dmitry Yuryevich Khoroshev, named in financial sanctions and travel bans, ▶ DFAT's recommendations about DPRK IT workers, ▶ new government app set to fight against credential misuse, ▶ Microsoft Secure Future Initiative, ▶ The vulnerability of the week CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass, and as always ▶ what's happening in the SOC and DFIR. 🔔 Subscribe to our fortnightly news via YouTube https://lnkd.in/gqdM53Pr & Spotify https://lnkd.in/geFaFH3C.

The National Anti-Scam Centre released the Targeting Scams - Report on scam activity for 2023. Australians reported over 601,000 scams in 2023, an 18.5% increase from the previous year's 507,000. Over the next two years, the National Anti-Scam Centre will continue to build technology that will coordinate intel and distribute information to allow: ▶ Banks to freeze accounts  ▶ Telcos to block calls and SMS'  ▶ Digital platforms to take down websites or accounts. Find out more ⏯  ⤵

During the inaugural Cyber SyncUp Conference, organised by Emergence Insurance and tailored for insurance brokers, the audience got insights into the ▶️ cyber threat landscape, ▶️ legislative landscape, ▶️ crisis and Public Relations Management, ▶️ Identity Theft, ▶️ challenges in calculating a company's financial losses after a cyber incident, ▶️ and the real-life journey of a cyber claim. Richard Grainger, our Global DFIR Lead, and Craig Martin, our Incident Response Manager, answered usual intriguing questions: ❓ what type of incident do we usually respond to, and  ❓ how are threat actors getting into organisations' environments? The Triskele Labs Digital Forensics and Incident Response team responds daily to small, medium, and enterprise business incidents, usually caused by: ▶ 42% Business Email Compromise (BEC) ▶ 35% Ransomware  ▶ 23% Other. All industries are impacted, and Threat Actors target low-hanging vulnerabilities, not specific sectors. Our team shared how threat actors are getting in: 🔺 33% Exploited vulnerability 🔺 31% Exposed VPN  🔺 19% Exposed RDP 🔺 14% Unknown  🔺 3% Phishing. #cyberinsurance #cybersyncupconference

Multi-factor authentication (MFA) in 2024 is a must-have. It combines basic security measures with additional verifications methods to make access to environments more difficult for threat actors. However, as with every method, technique or tool, it works only if we know its weaker points and it is not the only additional layer of security. We exclusively share our whitepaper, "Understanding Token Theft," to address this weakness. Token theft occurs when a Threat Actor gains unauthorised access to login tokens, allowing them to impersonate a legitimate user. Where token theft is particularly alarming, when it's used to bypass Multi-Factor Authentication (MFA). Our Digital Forensics and Incident Response (DFIR) and Offensive Teams delve into the intricacies of token theft and the motivations behind the threat groups doing it. The team also explored the proactive measures organisations can take to fortify their defences against this particular threat. Authors: Brecht Snijders, Caleb Boyd, Cameron Paddy, Jason Trapp and Michael Varley. #multifactorauthentication #mfa #mfabypass #tokentheft

One of the latest data breaches may have been caused by the app's system changes. While the impacted brand quickly resolved the issue and is investigating the cause, Richard Grainger and Brad Morgan are debating whether it is a notifiable data breach and if OAIC will be involved. Find out more in the first news snippet below and the latest episode of TL Blue. ▶ YouTube: https://lnkd.in/gdA6eE5D ▶ Spotify: https://lnkd.in/gyP-YGBf

Exciting opportunities await—we are looking for seven new team members! 🤝 Our commercial team has five new open roles.  ⭐ Our advisory team is looking for an experienced GRC superstar.  📊 Our finance team seeks a manager with a strong background in reporting and budgeting. Find out more and apply here: https://lnkd.in/gdJHCEDB. 

The cybersecurity workforce is growing fast, and those currently engaged in this profession carry the workload and responsibilities, bridging the gap between the global shortage of cybersecurity professionals and the day-to-day operations and protection of their clients, businesses, and the overall public. The Triskele Labs team is a proud finalist in five key Australian Cyber Security Awards categories. Even though we love celebrating all our team members, this opportunity spotlights five of our colleagues. ⭐ ⭐ ⭐ ⭐ ⭐ We extend a heartfelt thank you to Nicci Hodierne, Nick Morgan, Thomas Mackay, Brad Morgan, and Richard Grainger. Your dedication and expertise have made you inspiring colleagues to the rest of us and invaluable advisors to our clients. Nick Morgan, thank you for keeping this fantastic crew together :) #AustralianCyberSecurityAwards #CyberSecurity #CyberDaily

[❗Security Bulletin] Cisco has also advised they are aware of an active espionage-related campaign named ArcaneDoor where these vulnerabilities have been exploited and recommends immediate remediation. ⤵ https://lnkd.in/e2xjYK54

"The Australian arm of the investigation, codenamed Operation Nebulae, has allegedly identified more than 100 suspects in Australia who use LabHost to target Australian victims. Globally, the Europol-coordinated investigation resulted in 70 simultaneous search warrants executed in multiple countries, to take down the platform’s alleged administrators, users and infrastructure. This included the arrest of 37 offenders, including four individuals based in the UK linked to the running of the site, including the original developer of the platform. Global activity will continue over the coming weeks and further arrests and website domain takedowns are anticipated in Australia and overseas". Find out more 👉 https://lnkd.in/gZUjb7HF.

We covered the CVE-2024-3400 last week through our Security Bulletin (https://lnkd.in/g84UsthW). Brad Morgan and Richard Grainger covered it from the SOC and DFIR perspective in the latest episode of TL Blue ⤵ Access the full episode via YouTube [https://lnkd.in/g_XEThdX] and Spotify [https://lnkd.in/gxjdQ6hE]. #cybersecuritynews #cybersecuritypodcast