Posts by midwestMan 7 publicly visible posts • joined 19 Jan 2024
You need to think bigger picture my friend. What prevents these same SOC analysts from looking at random customer browser history, app history, cached images, text history, etc just for giggles? It's quite possible that Huntress has a very rigorous procedure and technical controls to prevent this kind of abuse. It's also quite possible that they don't.
why should they tolerate the misinformation that HudsonRock posted? Some random tool calls them and asserts something that aligns with their bias and suddenly it's fact? It was a leap too far. What's interesting is that they didn't need to do it. The most likely scenario (#2 BTW) still supports using the sorts of services they proffer, and they could have spun it as such.
https://techcrunch.com/2024/06/05/snowflake-customer-passwords-found-online-infostealing-malware/?mkt_tok=MTg4LVVOWi02NjAAAAGTjBVGRcoMzjmNgpYpzlyBhJsvYZBItEx8jo7cL8tHZmyqiRK1XwlsAeQZKhQlox6EJXHj-hY8mdLcY1C5FBAie1kuhwu8eNunOXXyi-ZbX2U&guccounter=1&guce_referrer=aHR0cHM6Ly9nby5zY21hZ2F6aW5lLmNvbS8&guce_referrer_sig=AQAAAIuannCSeAxd8KVCiCgGCLK_6wtJFFgb48KlFi7gcw2lQNgyDs3k5jrtCvvMW_uUbDn5G4bpFzsMWyu8hQnDp5VZfnlFZXzxI5Nr_r-GMjvdBt7z2q6S3C51qjr-q23t-gTXMZyKh0V3QzWt5ZV5oUO9tYI4acnykABkDgca5r4v
You might pay a ransom to recover data that you otherwise might not be able to recover, but that wasn't the case here. In this case, it was a move to constrain information. Nobody but the threat actors know what data was compromised, and won't for many months, if ever. That's all they hoped to accomplish by paying the ransom. It was so important to them, they paid it twice.
Claims to have 50k "technologists" in 2018. https://www.jpmorganchase.com/news-stories/tech-investment-could-disrupt-banking
Claims to have 62k technologists in 2023 WEF discussion.
Reportedly hired 9k in India since 2021: https://economictimes.indiatimes.com/jobs/jp-morgan-to-hire-over-5000-technologists-in-cy22/articleshow/93437500.cms
outsourcing jobs to the lowest bidder. And proud of it. Call me xenophobic if you want, but leaders in India are exactly the sort that would turn on every possible alerting rule and use a metric like "how many IPS alerts did my UTM platform log today" and count that as actual attacks blocked. Then submit that to the clueless leader stateside (because they let all the competent engineers go) who would eat it up.
