Summary Discovered by the Ukrainian CERT and attributed to APT28 (aka Fancy Bear or Strontium, the Russian GRU threat actor), CVE-2023-23397 is being actively exploited in targeted attacks against government, transportation, energy, and military sectors
Prioritize security investments that support the business, such as cloud initiatives. Invest in people and human creativity to defend against adversaries.
SOCs should monitor for unusual or unauthorized behavior using adversary playbooks from MITRE ATT&CK rather than relying on static IOCs.
Malicious ads are tough to defend against, so ensure SoC has detections for suspicious or unauthorized behavior, such as privilege escalation and LoTL tools.
2023 is likely to be the year executives, boards, and auditors demand better cyber reporting around their defensive posture and business risk.
Vulnerability does not provide attackers with access to your internal network, but it can halt business-critical operations such as taking orders.
According to CardinalOps, SIEMs miss detections for 80% of MITRE ATT&CK techniques, and only 25% ingest identity logs such as Active Directory and Okta.
Michael Mumcuoglu, CEO and Founder of CardinalOps, recently join the EPAM Continuum podcast, Silo Busting, for a discussion assessing the state of today’s SOC teams. Also featured on the podcast were Sam Rehman, EPAM’s Chief
New sub-technique is important control for implementing zero-trust and appears in 3 separate tactics: Credential Access, Defense Evasion, and Persistence.
New T1556.006 sub-technique is used to bypass MFA. Control applies to platforms including Azure AD, Office 365, Windows, Linux, MacOS, Google Workspace, SaaS.
According to industry analyst firm ESG, 89% of organizations are now using the MITRE ATT&CK framework to reduce risk for security operations use cases.
Issues don’t apply to Azure Active Directory environments that are not hybrid and don’t have on-premises AD servers, but could still affect many organizations.