Profile picture
Jake Williams @MalwareJake
, 5 tweets, 2 min read Read on Twitter
ESET has reported that GreyEnergy is the successor to the BlackEnergy malware. I don't think there's enough data in the report to independently verify this. Note that victim overlaps are heavily considered. 1/n
welivesecurity.com/2018/10/17/gre…
I don't think you can make much out of the disappearance of BE in the wild. AV vendors, like ESET, were getting good at catching it. The fact that other malware showed up as the use of BE was winding down is not itself a connection. 2/n
There's also a note that GreyEnergy has been seen targeting ICS networks. But what does that really mean? It doesn't mean that it's dedicated to ICS. ICS networks are cyber key terrain for nation state hackers and it looks like GreyEnergy is a nation state tool. 3/n
But we should be careful to not call GreyEnergy ICS malware. It's not. Any malware could be used to target ICS systems. That GreyEnergy has been used doesn't make it ICS malware any more than netcat is ICS malware. 4/n
For the record, it very well could be that GreyEnergy is a successor to BlackEnergy. The code overlap is not really compelling because lots of BE code has been leaked repeatedly. The report is good, but we should caution ICS operators not to jump to conclusions. 5/5
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Jake Williams
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @MalwareJake see all

Profile picture
Twas the night before Christmas and all over the ‘net,
Not a creature was stirring except China hacking Tibet.

The IPS were strung by the egress with care,
In hopes that St WannaCry soon would be stopped there.
1/n
The children were nestled all snug in their beds,
While IoT devices mined the dreams from their heads.

Mama with her EDR and I with my IDS
Were ready to tackle an infosec mess.

Down in the SOC there arose such a clatter,
I logged into my dashboard to see what was the matter 2/
This thing had better work, it cost so much cash.
But gosh darnit, I can’t use it until I update Adobe Flash…

Pondering the alarms I thought “Oh heck no!”
That’s because the threshold for alerting was configured so low.
3/n
Read 14 tweets
Profile picture
I certainly don't agree with everything in this thread, but it is very thought provoking nonetheless. I tell clients regularly that cyber security IS warfare if APT is in your threat model. We often fight nation state hackers with nearly infinite resources by deploying a CEH. 1/n
This obviously doesn't work. When you step back and look at resources that APT groups have, it's obvious they can comrpomise almost any organization. My favorite example is the China/Bit9 example. Picture being an attacker who can't get into a top tier target. 2/n
Now imagine that you think "Bit 9 is standing in our way, so we'll 'just' go comrpomise them." Um, that's a moonshot. Ask yourself:
1. What kind of organization dedicates resources to moonshots?
2. How many moonshots do we not know about?
3. How valuable was that target?
3/n
Read 7 tweets
Profile picture
I'm writing a new blog post but I need some help. We have a problem in the tech industry with consent vs. informed consent. Problems with confusing the two are not unique to infosec. Medicine has been practiced for millennia, but informed consent is at best ~50 years old. 1/n
Legalese terms of service can't be comprehended by a large percentage of a user base. Even if you understand what is being collected, do you understand how it will be used? A patient can't give informed consent without a discussion of risk. 2/n
Doctors don't routinely downplay risk in a procedure. This comes from two sources:
1. Liability
2. In most cases (electives are a counter-example), the doctor has a product (the procedure) the patient needs

These do not hold true in the technology field. 3/n
Read 7 tweets

Related threads

Profile picture
*THREAD* for the first time in ~10 months I read my sister’s story, in her words, of what happened in Las Vegas 10/1/17. I still can’t read it without breaking down but this election is too important to not share her experience. @shannonrwatts @MomsDemand @Everytown 1/
@Jason_Aldean they were so thrilled to see you that night. 2/
Like everyone there, they didn’t know if they’d live or die. 3/
Read 12 tweets
Profile picture
So I've been scraping @threadreaderapp for a month and I think I have enough data to talk about it. Very important: the guy who runs threadreaderapp is probably a decent dude, I don't think this is intentional, but there are some actions I think are worth taking. 1/15
If you look at the Trending section of threadreaderapp.com right now you're gonna see people angry at Kavanaugh. Usually, though, you're probably going to see a lot of Trump fans, a couple of QAnon threads, a random thread... and *maybe* a progressive thread. Maybe. 2/15
Does that matter? Yeah, probably -- a lot of us use threadreaderapp to save off interesting threads, and we link to threadreaderapp, and that means a bunch of conspiracy propaganda is one click away from our links, and it's presented as "trending." 3/15
Read 16 tweets
Profile picture
#Report #Thread
1/5
 This young man is Muhammad Sharif Badwan. He was killed East of #Gaza City at the Karni crossing after being shot in the chest by #IDF gunfire on Friday afternoon. #Israel
2/5
 Many news sites refer to Badwan as either a protestor or a demonstrator who was shot and killed by the #IDF. The photo on the left, from the DailyMail, states Badwan is a protestor. The photo on the right from CGTN states Badwan is a protestor as well.
3/5
 The problem is Badwan wasn’t there to protest in the way most people think. This video was taken Friday afternoon at the Karni crossing where Palestinians were clashing w/ #IDF soldiers. At the end, you can see Badwan being evacuated after getting shot by the #IDF.
Read 5 tweets
Profile picture
1/7 #Report
According to Palestinian reports, at approximately 18:00 hours, an #IDF airstrike struck downtown Gaza City. Two teens were killed as a result of the strike. Reports claimed an empty structure, a children’s park and a mosque were damaged. #Gaza #Israel #Hamas #IDF
2/7
 The children’s park in reality is #Qassam Brigade’s “Battalions Square” and the teens who died were inside the structure circled in red. Beside it is the mosque circled in blue which was damaged by the strike.
3/7
 Why did the #IDF target this site with air strikes? How does the #IDF know this site is used by #Qassam Brigades? Can we just take their word for it? Here is video of the actual strike.
Read 7 tweets
Profile picture
#TheHandmaidsTale got me really thinking about whether or not its premise is science fiction. Consider world population growth. It is trending downwards. Just look at these population trend graphs. Only Germany experienced population growth with an influx of Syrian migrants.
Now I don't think there is enough data to suggest that social influences (economics, values, etc.) are to blame for population decline more than something more innocuous; that the earth is simply approaching its carrying capacity.
However, we would be remiss to ignore the fact that Caucasian populations are becoming increasingly infertile (Read: theguardian.com/science/2017/j…) —which is the very basis of the events in #TheHandmaidsTale. Coupled with neo-fascist feminism, that dystopian reality is not implausible.
Read 15 tweets
Profile picture
Facts and risk assessment. Many Americans feel they need to be armed and loaded at all times for self defense. As a doctor for 21 years in busy level 1 trauma centers, I have seen almost exclusively targeted shootings—domestic violence, drugs, accidental . Random is rare.
Personal risk is not based on reality. U.S. Bureau of Justice noted "between 2003 and 2007, 2.1 million household burglaries were reported to the FBI each year on average. Household burglaries ending in homicide made up 0.004% of all burglaries.”

bjs.gov/content/pub/pd…
That is 84 deaths total in a population of 325 million. Each death is a tragedy, but where are people getting the idea that this is a common, every day occurrence that requires time, energy, and money to be armed at all time? FACTS MATTER. #ENOUGH
Read 5 tweets

Trending hashtags

#news #Exvangelical #APT8 #memes #Trump #Imagine #people #IDF #Veterans #corporations #ConfirmKavanugh #2ndAmendment #techskills #Docs4GunSense #DigitalSoldiers #ODSCWest #Enough #CivilWar #FakeNews #WeAreQ #control #IntelDrop #info #FullArmor #Data

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!