shift change 01-12-2024

Welcome to your shift change, reports from the off-going watch to the oncoming on anything interesting in privacy, security, or intelligence.

"we" and "a little" pulling some weight

1. Kaspersky Lab did not attribute the malware campaign dubbed “Slingshot” to the United States, but “current and former US intelligence officials” seem happy to…

What indicators drive the attribution? The section titled “Slingshot’s ties to spies” describes the complexity and uniqueness of the code, the uniqueness of the code signaling like a beacon that is was only similar to US-attributed campaigns (Equation Group at NSA and the Lambert family at CIA), and the campaign targets (Kaspersky discovered Slingshot through its business associations in the Middle East).

Attribution is hard, really hard. But outside of the great game of nations, attribution is critical to insurance claims, seeking relief in the court system, whether civil or criminal, or to fully understand the capabilities or intent of threat actors. US campaign case studies are not as common in the western security community because reasons. But the US does it too, and how the major private intelligence providers (I’m an advocate of thinking of all major cybersecurity providers as intelligence providers, when you have access to such a comprehensive pool of data, people start asking you questions and once you start answering them—congrats you are an intel analyst) decide who did what is a fantastic learning opportunity.

2. Let’s get caught up with the Markups’ recommendations for easy-to-implement privacy protections: Instagram does not need your location, password managers rock, and update that router (don’t pay your ISP a ridiculous monthly fee, please goodness.)

lock it down

3. Recorded Future’s Insikt Group throughly breaks down what we all know—GitHub is a treasure trove for both threat actors and defenders, and while defenders can mitigate the threat, Microsoft has to take the lead to secure GitHub’s many avenues-of-abuse. Also the report is mapped to MITRE’s ATT&CK framework (explainer below), which makes all the analysts happy.

order of battle for the internet

## The shift change is a collection of timely stories of interest in the security, privacy, and intelligence worlds. Thanks for reading, and feel free to reach out to will@signaltonoise.fyi for any questions, comments, or thoughts on items you’d like to see highlighted.