In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats.

In August, I shared a blog on my most recent research project called Windows Downdate, which I first presented at Black Hat USA 2024 and DEF CON 32 (2024). In it, I explained how I was able to develop a tool to take over the Windows Update process to craft custom downgrades on critical OS components to expose previously fixed vulnerabilities. By using this downgrade ability, I discovered CVE-2024-21302, a privilege escalation vulnerability affecting the entire Windows virtualization stack.

On October 16th, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an urgent advisory warning security teams about the use of Brute Force and other techniques by Iranian threat actors to compromise critical infrastructure ent

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

Interactive, hands-on keyboard attack campaigns are employed by today’s most proficient threat actors to penetrate organizational defenses. The network perimeter is typically the initial line of defense against unauthorized access to an organization’s network and the sensitive data it contains. After infiltration, attackers establish command-and-control (C&C) and data exfiltration channels to receive malicious payloads and export stolen data.

On September 5th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) issued an urgent advisory warning security teams about efforts undertaken by threat actors affiliated with Russia’s General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).

On August 29, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) issued an urgent advisory warning security teams about known RansomHub ransomware IOCs and TTPs identified through FBI threat response activities and third-party reporting as recently as August 2024. Detailed information about this threat and the associated IOCs and TTPs can be seen in the advisory #StopRansomware: RansomHub Ransomware.

Security teams have a wide range of tools in their arsenal to combat cybersecurity threats, but the expanding attack surface and the sheer number of tools can make their jobs more difficult to manage. As we enter this new era of cybersecurity, security and risk management, leaders are focused on validating the efficacy of their security investments, improving ROI, and taking a more programmatic approach in order to enhance their efficiency.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats, including those discovered via original research by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.