Clop - What you need to know

Plus news, articles, breakdowns, and a few other little insights for you... [View this email in your browser]( SecPro #106: Clop - What You Need To Know. Hello! As confusion around the Clop threat actor group only seems to grow with each passing day, we thought it was time to investigate what exactly has happened over the past few weeks. But before we dive into a deep analysis of what exactly is happening with Clop, we thought we'd set the scene. That's why we've got an introduction to Clop and another chance to check out our featured guest article from last week! Thanks to everyone who responded to our interview survey. It is now closed, so we're sorry if you missed out. Free eBooks and interview invitations will be finalised before 30th June - don't worry, we've got your back! Cheers! [Austin Miller]( Editor in Chief This week's highlights: - [Protecting Your Identity with a Zero-Trust Mindset]( - [Clop - What You Need to Know]( - [ThreatGEN Tutorial - Learn ICS skills with Clint!]( - [Cybersecurity Career Master Plan]( And with that - on with the show! [_secpro]( [Packt _secpro Newsletter]( [The _secpro Website]( Improve you skills through a simulation This week, the _secpro team took some time to catch up with author and ICS expert, Clint Bodungen. Although we're going to keep a few secrets from you, our dear readers, we've decided to share a little treatment from one of Clint's projects - [ThreatGEN](. Want to learn a little bit about how a game can help you improve you skills? [Click the video above]( This Week's Editorial Articles [Protecting your identity with a zero-trust mindset]( [Protecting Your Identity with a Zero-Trust Mindset]( We've all heard about zero trust. You might have even implemented a few zero-trust measures in your workplace (or home network!), but what does it mean to have a "zero-trust mindset"? [Mark Dunkerley]( guides us through getting our head right before making changes. [Clop - What You Need To Know]( We've investigated what we know about this threat actor group. Check the _secpro next week for a deep dive into their MOVEit malware! What's Going on in the World of Security? Since the world of security is always changing, keeping up with blogs, insights, and other updates is almost half the job. That's why we've collected some recent blog posts from our favorite cybersecurity "talking heads" to give you a helping hand. - [Krebs on Security]( - [SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool]( The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. - [Bruce Schneier]( - [AI as Sensemaking for Public Comments]( It’s become fashionable to think of artificial intelligence as an inherently [dehumanizing technology]( a ruthless [force of automation]( that has unleashed legions of virtual skilled laborers in faceless form. But what if AI turns out to be the one tool able to identify what makes your ideas special, recognizing your unique perspective and potential on the issues where it matters most? - [Bruce Schneier]( - [Ethical Problems in Computer Security]( Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote an excellent paper on ethical thinking within the computer security community: “[Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation](. - [Security Affairs]( - [More than a million GitHub repositories potentially vulnerable to RepoJacking]( Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking. - [Daniel Miessler]( - [Human Immortality Using LLMs?]( I’ve [been thinking]( about digital immortality for a long time before GPTs and LLMs became a thing. Back when I wrote [this piece]( I am pretty sure I was thinking of something able to extract and emulate the brain by interfacing with the biology itself. But that still seems very far off. - [Troy Hunt]( - [Weekly Update 352]( "Domain searches in HIBP - that's the story this week - and I'm grateful for all the feedback I've received. I've had a few messages in particular since this live stream where people gave me some really excellent feedback to the point where I've now got a much clearer plan in my head as to what this will look like." Cybersecurity Fundamentals Thanks to everyone who voted last week! We are starting a ten-week breakdown on a selection of excerpts from... (Imagine a drumroll here.) Cybersecurity Master Career Plan! So, without any further delay, here's our first piece of advice from some people who have seen it all. [LIKE THIS? READ IT ALL HERE]( Working in the public sector versus the private sector We spent some time earlier talking about working for the government, specifically, we went into the federal government in depth because of all the cybersecurity requirements outlined there through FISMA and other initiatives. It's important to call out here working in the public sector, which would be the government, versus working in the private sector, which would be with private businesses and vendors. Some of the interesting things from a cybersecurity professional perspective is when you work in the public sector, you typically get lower salaries, and you are not authorized to accept gifts from vendors (such as tickets to shows, meals, travel to vendor conferences, golf outings, and so on). Also, you may find yourself pigeonholed in your job with certain roles and responsibilities, not being able to get exposure to other areas of the field Public sector jobs are more stable. The government occasionally does furlough staff during government shutdown events, but for the most part, there is very little concern about losing your job in a government position. Also, the United States federal government (and some state governments) offers pension programs to incentivize their staff to stay. Pensions are a guaranteed retirement compensation plan heavily based on years of service. It's not uncommon for individuals to retire from their public sector job having hit their maximum years of commitment for a full retirement pension and start the next day as a contractor doing the same job. This is called double-dipping and is completely legitimate as the person then receives their pension and their contractor paycheck. This financial and job stability afforded by public sector jobs can be quite appealing to many people. The private sector has fewer constraints than the public sector regarding vendor gifts. Within the private sector, you can accept gifts from vendors if it's in line with your corporate policy. This will typically manifest in a vendor sending you tickets to an event, such as a security conference. If you have purchasing authority, they might send you clothes with the vendor logo on it, such as a pullover or a polo shirt. At conferences, you'll be invited to private parties with free food and drinks. It is worth noting that a company could have an internal policy not authorizing this, but it would be explicitly by having it as opposed to the public sector, in which it applies to all civilian and military personnel. Why would the vendor fly me to a conference, feed me great food and drinks, and hook me up with sweet gear? The idea behind this is that the vendor is hoping that by essentially giving you gifts, you're more likely to give them your time to listen to their pitch or potentially feel obligated to move forward with a proof of concept or purchasing their solution. This is proven psychology and is a highly effective form of marketing based on social exchange theory. In general, the private sector typically pays higher salaries. One study from 2013 quantified this discrepancy as private sector personnel making on average 35.2% more than their public sector counterparts. This data is a few years old, but anecdotally the private sector has better-paid jobs over comparable jobs in the public sector. It's worth noting that in 2019, the Department of Homeland Security (DHS) was empowered by Congress to enact civil service reform to adjust this discrepancy in some capacity (and to adjust minimum education requirements) to retain existing talent and attract talent from the private sector. You may be asking yourself Why wouldn't I choose free stuff, better pay, and lateral career growth? and it would be a fair question. The public sector does have its advantages. Within the public sector, you can typically say that job stability is higher. The government is unlikely to lay off staff or fire staff in general. Contrast that with the private sector, which is full of revenue-driven businesses. The business may be acquired or merged with another business resulting in redundancy layoffs. Another reality is you could be laid off because the acquiring company just wanted to buy the property rights, not the people, to the intellectual property of whatever great product you were securing for your company. In the federal public sector, the expectations are defined, and compliance is expected. Security tends to be funded and job roles are very compartmentalized. The expectation is a risk-based approach, but the reality is very framework adherence motivated. The private sector is very different, tending to be much more risk-based. You have to show the monetary value of security to the business. Often you have to convince leadership that the money spent will result in an acceptable level of risk. It seems like a subtle shift but is very impactful on your job and skillset. Things happen, so the private sector has a little bit more volatility around the security of your job. Currently, there are a lot of unfilled jobs in cybersecurity so finding another job if you are a casualty of a layoff (through no fault of your own!) is not impossible. Much like cybersecurity risk management, you must weigh the risks involved, how you might mitigate the risks to acceptable levels, and move forward with a decision. Do you see how I just related you choosing public versus private to a fundamental cybersecurity concept? Yes, I love cybersecurity. The public sector does have fringe benefits to sweeten the deal. Fringe benefits means non-salary compensation and opportunities. Some examples of these benefits include training dollars, the ability to travel to conferences, and pension plans. The work you do in a public sector job is well-defined and it's unlikely to receive "additional duties as deemed necessary," which is a way some private sector businesses define job roles so they can pile on more work outside your existing job. While not consistent across private sector businesses, some fringe benefits in the private sector can include performance bonuses. These bonuses are end-of-the-year financial payouts based on company performance. There may also be profit sharing or equity in the company offered as part of your compensation package. This is seen quite regularly in private sector companies. You will never see performance bonuses in the public sector. Have You Tried...? This week, we looked at Clop. That's why it only makes sense to give you a few ransomware-related tools to play with. Ready? Have fun. - [lowmoon/Detect-Crypto]( - A tool for automating FSRM deployment to defend against ransomware. - [DFIRobin/rvaccine]( - When you need a vaccine for ransomware, but without the overhead. - [werdnatreborp/mbrwlogger]( - An anti-ransomware activity logger. - [vaibhavb/box-ransomware-tools]( - Some CL tools for dealing with ransomware. - [mjwhitta/ransimware]( - A ransomware behaviour and techniques simulator - perfect for training. - [billiegoose/ransomAware]( - A tool that tells you when there's ransomware on the network. Simple. [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.