In this blog post, we will explore how the computer security landscape has expanded to reach below the operating system levels, aiming to address areas that are often overlooked or completely neglected in cybersecurity. Attackers have discovered techniques to establish long-term persistence in compromised hosts by injecting malicious code to run before the operating system loads in areas commonly referred to as Basic Input Output System (BIOS).

As organizations grow, they naturally need to analyze logs from more data sources. But as these data sources expand in number and type, it becomes more difficult for teams to scale their security detection rules to keep up with the ever-changing threat landscape. Sigma is an open source project that aims to address this challenge. By leveraging the expertise of the open source community, Sigma enables security teams to implement out-of-the-box rules that cover a wide range of threat scenarios.

In a recent panel discussion led by David Neuman, Sr. Analyst with TAG Cyber, ThreatQuotient’s Dave Krasik, Sr. Director of Product Management and Jessica Bair Oppenheimer, Director, Cisco Security Strategic Alliances shared their insights on data-driven security operations. The discussion focused on the challenges and importance of prioritizing, automating and collaborating to detect and respond to threats, and was followed by a demo of the ThreatQ Platform.

As technology advances, the battle between cyber criminals and organizations intensifies. Cyber threats have become more sophisticated, complex, and widespread, posing a significant risk to the security and integrity of sensitive data. In Q1 2023 alone, the number of global cyber attacks increased by 7%, with an average of 1,248 attacks reported per week.

CrowdStrike Counter Adversary Operations is committed to analyzing active exploitation campaigns and detecting and blocking zero-days to protect our customers. In July 2023, the CrowdStrike Falcon® Complete managed detection and response (MDR) team discovered an unknown exploit kit leveraging a still-unknown vulnerability affecting the Windows Error Reporting (WER) component.

Where do vulnerabilities fit with respect to security standards and guidelines? Was it a coverage issue or an interpretation and implementation issue? Where does a product, environment, organization, or business vertical fail the most in terms of standards requirements? These questions are usually left unanswered because of the gap between standards or regulations on the one hand, and requirements interpretation and implementation, on the other.

ThreatQuotient and Infoblox recently hosted a webinar, where they demonstrated how the combination of DNS Intel and the use of a Threat Intelligence Platform (TIP) help to improve threat detection and response capabilities. Infoblox specializes in DNS Intelligence where their internal experts analyze, process and qualify DNS intelligence (analyzing around 70 billion DNS requests). The results of these analyses provide customers with an enriched, qualified and reliable source of information.

As promised, we wanted to dedicate a blog to detections and findings from the network operations center (NOC) at Black Hat Asia 2023 as a follow up to our Lessons Learned blog. Some of these discoveries may not surprise the seasoned analyst or senior threat hunter – but will hopefully provide a little entertainment, because the more things change, the more they stay the same.