Thoughts From The Nest

Blog, updates, and release notes


Let’s get going with some of the top threats we’re highlighting this week. Notably, there have been a number of advisories released by different governments related to ongoing campaigns and new critical vulnerabilities. Watch out for DNS hijacking campaigns The UK’s National Cyber Security Centre (NCSC) has released an advisory highlighting a large scale global Domain Name Systems (DNS) hijacking campaign. DNS is the service responsible for translating domain names to IP addresses hosting services.

Read More


The days of email scamming has evolved into something far more effective and profitable. One of the earlier and well-known email scams were the Nigerian Prince emails. As I’m sure you recall, these emails would offer you something along the lines of $20 million dollars in exchange for transferring funds out of Nigeria. Today’s attacks are much more sophisticated, as state sponsored and organized crime syndicates use spear phishing, invoice scams, employee payroll direct deposit changes, along with a host of others.

Read More


This week we’re focusing on breaches. How would you know if you’ve been breached? How would a breach impact your enterprise? Major brands are paying fines for past breaches and technology providers are unaware of compromise – this could impact the viability of their business. We be doing everything we can to be good stewards and detect lingering threats. Major brands fined for fairly recent breaches Two large enterprises are ordered to pay fines this week.

Read More


PCM customer impacted by Office 365 business email compromise Perch now has Office 365 log collection in beta testing. And, in good timing! A breach at large solution provider, PCM Inc., allowed hackers to access Microsoft Office 365 email and file sharing systems for some of the company’s clients. California-based PCM had more than 2,000 customers in 2018. According to Krebs’ sources, attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp.

Read More

Release Notes

July 2, 2019


New
Added Office 365 integration configuration settings


New
Updated organization pilot program


New
Updated escalations reporting


New
Improved UX of editing users and their team/MSSP memberships


Bugfix
Fixed Perchybana Dashboard full screen Kibana logo


Bugfix
Fixed ConnectWise Automate issues and leftovers


Bugfix
Fixed API timeouts


Bugfix
Fixed group-by-ips endpoint inconsistently returning empty results


Bugfix
Fixed issues during dashboard import


Bugfix
Enhanced login with 2FA


Bugfix
Updated Logout not occurring when 401 detected


Bugfix
Fixed Perchybana - ‘updated_at’ KeyError



This week in the threat report, we are stuck in an ongoing Iran-U.S. cyber war shooting range that is moving towards scorched Earth. But not all attackers are out for blood, after GandCrab’s recent retirement, ransomware campaigns pivot to Sodinokibi to cash in on the Bitcoin boom and score moon Lambos. Iran targets U.S. companies in scorched Earth cyber campaign CISA warns of an increase in cyberattacks that utilize destructive wiper tools that targets the U.

Read More


Buckle up, we have a big threat report this week. First, let’s talk about the critical vulnerabilities everyone is talking about, then catch up on some APT news. Then, we’ll get to the fun stuff. Data from U.S. Customs and Border Patrol ended up on the dark Web and Radiohead makes hacking history with response to ransom demands. Critical vulnerability: EXIM If you weren’t aware there was a recently disclosed vulnerability to get code execution on Exim servers locally and remotely.

Read More


“The Business Intelligence Group today announced the winners of the 2019 Fortress Cyber Security Awards. The business award program sought to identify and reward the world’s leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.” Read the entire article here.

Read More

Release Notes

June 6, 2019


New
Added integration for ConnectWise Automate to settings


New
Import index patterns during dashboard import process for Perchybana


Bugfix
Fixed dashboards not being imported for some users


Bugfix
Fixed duplicate weekly emails


Bugfix
Fixed API timeouts


Bugfix
Fixed intermittent 504 gateway timeout


Bugfix
Fixed sensors load time



There’s a good mix of variety in top news over the last week. Let’s start with an update on the Norwegian MSP hack update. Then take a look at a leaked tool OilRig APT uses to brute force exchange servers. Finally, in crimeware we’re saying goodbye to GandCrab ransomware and hello to Monstercat’s RAT, KPOT Stealer. StonePanda took the heat for RedBravo in Norwegian MSP hack In early February, we spoke about a series of intrusions that were conducted between late-2017 and late-2018 by a Chinese state-sponsored actor against several companies, including a large Norwegian MSP.

Read More