|
This week, we're taking a look at Mastering Palo Alto Networks by Tom Piens aka 'reaper'. The book is available for a knockdown price for a limited time, so don't miss out!
Unlock the full potential of Palo Alto Networks firewalls with expert insights and hands-on strategies for mastering next-gen security: - Master Palo Alto Networks firewalls with hands-on labs and expert guidance
- Stay up to date with the latest features, including cloud and security enhancements
- Learn how to set up and leverage Strata Cloud Manager
- Purchase of the print or Kindle book includes a free PDF eBook |
|
|
Welcome to another _secpro!
It's been a busy few weeks for those of us wrestling with Scattered Spider. Over the past two weeks, the hacker group (also tracked as UNC3944 or Muddled Libra) has ramped up attacks across major industries. They’ve been using social-engineering tricks—ringing up help desks or call centers, pretending to be employees and convincing staff to reset or add MFA devices. That’s the pathway they use to slip past security, move through networks, and grab sensitive data or deploy ransomware.
UK retail giants like M&S, Harrods, and Co‑Op have been hit in a wave of attacks, causing disruptions and steep financial losses. They quickly pivoted to U.S. insurance firms, and this week they’ve focused on aviation. At least Hawaiian Airlines and WestJet reported IT system incidents in late June, and most recently Qantas confirmed a breach of a third-party contact‑center platform tied to Scattered Spider tactics. That incident potentially exposed personal data of up to six million customers—names, emails, birthdates and frequent-flyer numbers—though no passports or credit card details were taken.
|
The FBI, Google/Mandiant, CrowdStrike and others issued warnings, flagging how the group targets entire industries in waves. Their method is low-tech but effective: exploit human trust to bypass tech defenses, then move laterally, extort data, and sometimes encrypt systems.
Impact on global industry has been significant—retail sales stalled, insurance providers scrambled, airlines huddled with cybersecurity teams and regulators. Stock prices dipped, and affected companies are now tightening vendor controls, reinforcing help-desk protocols, and training staff to question any out-of-the-blue IT requests. Here's to better days ahead... Cheers!
Austin Miller
Editor-in-Chief |
We do our best to be good to you all - so here's a free look into Mastering Palo Alto Networks by Tom Piens. The whole chapter is for free as a thank you for staying with us over the years. Check it out! |
|
|
Qantas suffers massive data breach via third‑party call centre: Australia’s flagship airline confirmed that hackers accessed a third-party customer‑service platform, compromising personal info—including names, emails, phone numbers, birth dates, and frequent flyer numbers—of around 6 million customers. No financial or passport data was exposed. Regulatory bodies and law enforcement are engaged, and Qantas has initiated containment, support services, and strengthened monitoring.
SK Telecom fined after data leak affecting 27 million records: South Korea’s top mobile carrier was reprimanded and fined ~30 million won after a breach revealed nearly 27 million pieces of user data (including USIM data). The government mandated quarterly security reviews and a ₩700 billion investment over 5 years. SK Telecom is also replacing millions of SIM cards as a precaution.
Aflac hit by social‑engineering attack tied to Scattered Spider: Health insurer Aflac reported a data breach stemming from a sophisticated phone-based social‑engineering campaign by the Scattered Spider group. The intrusion—which may have exposed customer SSNs, claims, and health data—was shut down within hours. This incident aligns with similar recent attacks on Erie and Philadelphia insurers.
FBI warns airlines face rising threat from Scattered Spider: The FBI has issued alerts that Scattered Spider—an agile cybercriminal gang specializing in social engineering—has turned its focus to airlines. Previously known for breaching casinos and insurers, the group uses help‑desk impersonation and MFA bypass tactics. Cooperation with industry partners is underway to strengthen defenses.
Credentials dump exposes 16 billion login details (Apple, Google, Facebook): A massive aggregation of stolen credentials—16 billion records including usernames, passwords, and URLs—was exposed, drawing from various infostealer malware campaigns. Experts warn this could fuel credential stuffing, phishing, and identity theft. Users are strongly advised to enable 2FA/passkeys, use password managers, and monitor dark‑web trade.
Job‑seekers targeted in new “employment” phishing scams: Attackers are increasingly exploiting job‑seekers with fake hiring campaigns, impersonating real firms (e.g., Socure). Victims report losses averaging ~$8,000. With FTC receiving 100,000+ scam reports in 2024, companies like Socure are tightening verification. Meanwhile, DHS warns that Iranian-aligned threat actors could retaliate via cyberattacks on U.S. critical infrastructure—a reminder of broader geopolitical threats.
|
|
|
The AI Security Pyramid of Pain (Chris M. Ward et al.): This 2024 study introduces the AI Security Pyramid of Pain, adapting David Bianco’s original framework to AI systems. It structures threat levels from Data Integrity (bottom), through AI System Performance, Adversarial Tools, Adversarial Input, Data Provenance, and up to intelligent TTP-based attacks (top). The paper guides defenders on focusing defenses at higher levels that cause the most “pain” to adversaries.
So, I climbed to the top of the pyramid of pain — now what? (Vasilis Katos, Emily Rosenorn‑Lanng, et al.): Published May 30, 2025, this paper examines the limitations of conventional models and proposes the Human Layer Kill Chain, integrating human factors (psychological manipulation) with AI-augmented TTPs. It introduces a “Sociotechnical Kill Plane” concept for holistic defensive strategy, bridging the Pyramid of Pain and human‑centric threat vectors.
Analysis of adversary activities using cloud‑based web services to enhance cyber threat intelligence: This paper delves into proactive threat intelligence, explicitly citing Bianco’s Pyramid of Pain to clarify how different IOCs—from IPs to TTPs—vary in difficulty for adversaries and defenders. It emphasizes mapping indicators to pyramid levels to inform where defense efforts yield the greatest attack disruption.
|
|
|
Upcoming events for _secpros this year |
Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!
DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.
Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.
Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.
|
|
|
Copyright (C) 2025 Packt Publishing. All rights reserved. Our mailing address is:
Packt Publishing, Grosvenor House, 11 St Paul's Square, Birmingham, West Midlands, B3 1RB, United Kingdom Want to change how you receive these emails?
You can update your preferences or unsubscribe. |
|
|
|
