Hey happy Monday! I hope you had super great weekend. I put time and attention into trying to deliver a valuable newsletter. A newsletter that I myself would look forward to reading. I hope I am able to deliver on that for you. If you do get value, please hit reply and let me know which section you like the most! Thanks so much 🙏 Have an awesome week!

🩺Threat Pulse

​Ransomware gang encrypted network from a webcam to bypass EDR​

What you should take away from this article:

1. EDR alone is no longer enough to protect organizations
2. IoT devices should 100% be isolated from corporate LANs
3. If no one is watching after the environment, threats will be missed

​Ransomware poseurs are trying to extort businesses through physical letters​

Ransomware criminals are some of the lowest of the low. Let this remind you that they will without a doubt do anything for a buck.

Obviously if you get any kind of mail like this…do your due diligence and independently verify it. Chances are good it’s a scam because honestly who gets physical mail these days..😅

​Silk Typhoon Targeting IT Supply Chain​

A long read (worthwhile if you have the time), but here’s some of my takeaways from this:

1. Silk Typhoon is a Chinese state-sponsored threat actor that’s been doubling down on IT supply chain attacks
   1. Think IT service providers, MSPs, RMM vendors
   2. They also target healthcare, legal, education, and government among others
2. They initially compromise orgs using supply chain attacks, password attacks, and zero/n-days
3. For lateral movement in the cloud they abuse service principals
4. They tend to use compromised devices (like Zyxel routers, and QNAP devices) to cover their tracks

What you can do to protect your organization:

1. MFA all the things, especially your RMM and especially if any of your vendors have access to your environment. Make it contractual that they must have MFA enforced across the board.
2. Make really sure you know your external attack surface. Manage and secure it well and prioritize patching and remediation of external vulnerabilities. This includes SaaS, GitHub, etc.
3. Eliminate (as much as you can) weak passwords by implementing banned password lists and policies to prevent them

​Cybercriminals picked up the pace on attacks last year​

Ransomware threat actors are banking on you moving slow to respond to threats. They are hoping your SOC/MDR/MSSP is slow to trigger alarms and send emails.

They are hoping you’re caught up troubleshooting some network issue to investigate the potential security incident.

The speed at which some threat actors are moving is concerning.

One way to combat this, is with canaries.

Dropping canaries, like the free ones from Thinkst CanaryTokens are really great early warning systems.

I highly recommend using canarytokens to help defend your organization. Not only are they easy to use and maintain, but they provide HIGH fidelity, low false positive threat detection.

🔐Securing the Stack

How NOT get hacked from a webcam…

Step 1 - Change default passwords. One of the biggest banes of the IoT industry is default passwords. Develop a process for changing these defaults BEFORE rolling out to production.

Step 2 - Network isolation. If you do nothing else…make 100% you’re absolutely sure that those webcams/IoT cameras are separated from your corporate LAN.

There’s ZERO reasons to have them connected.

Step 3 - Patch or replace. If you can’t patch it and it’s old and it’s vulnerable. Replace it. What are you waiting for? 😊

😆Memes & Mayhem

Reddit doesn’t disappoint when you’re looking for a good laugh. If you have OCD you may NOT want to read this….

Ok this one really really cracked me up! hah. This person made a post on Reddit about how his sole job is to make Outlook search as miserable and terrible and rotten as possible. 🤣😂 Unfortunately, this post has since been taken down. You'll have to trust me it was pure gold. hah

👨‍💻Behind the Console

I’m working on a Windows Defender Application Control/PowerShell restrictions presentation with Michael Haag. Here’s the overly ambitious outline for it. We’re thinking about doing this live on March 21st 1pm eastern. Subscribe to my YouTube so you know when we go live. You can expect more and more YouTube content out of me in the coming months.

That’s all for now. Hope you have a super awesome week!

All the best​ Spencer Alessi "Spirit of a hacker heart of a defender" ​All My Links | super cool cybersecurity shirts & stickers​

​