Blog

WhatsApp is a messaging platform that has become extremely popular, more than 2 billion people in over 180 countries use WhatsApp. WhatsApp is free and offers simple, secure, reliable messaging and calling, available on phones all over the world. And yes, the name WhatsApp is a pun on the phrase What's Up. Facebook purchased WhatApp for a staggering $19 billion in 2014. So what, well due to it's popularity, ease of use and availability is has become the de-facto messaging platform for all ages. Well what does WhatsApp provide? Texts - Simple, Reliable Messaging Group Chat - Groups to keep in touch Voice and Video Calling Voice Messaging Photos and Videos Document Sharing Location Sharing End-to-end encryption That sounds great, so why should I worry about my child's WhatsApp? Well it's not a matter of IF your child will end up on WhatsApp, but WHEN will your child end up on WhatsApp and HOW they will use WhatsApp. Having a child that has recently received her own phone I have ensured parental controls are in place, screen time is limited and boundaries are set. We'll now highlight how you can ensure your child(ren) can use WhatsApp safely, some tips on how to introduce it to your child it and how to monitor your child’s WhatsApp. With your child, review the WhatsApp Profile setting and select a picture that your child likes and you approve of. Following this go to Settings -> Account -> Privacy. You should ensure that as a minimum you set your child’s privacy settings to 'My Contacts'. The options here are 'Everyone', 'My Contacts' and 'Nobody', none of your child's Privacy settings should be "Everyone". Furthermore, you should restrict the 'Live Location' settings to 'None'

Whilst working in Cloud environments it is essential to understand what data sources are available to aid detection capabilities. In doing so, Blue Teams can align their monitoring in an attempt to identify potentially anomalous activity. One of the most useful sources of information whilst monitoring an AWS environment is derived from CloudTrail , this provides detail of any API calls made. The mindmap provides a useful resource for Blue Teams to aid detection capabilities, for example, an analyst may identify 'CreateUser' followed by 'CreateKeyPair', then followed by 'PutUserPolicy' or 'AttachUserPolicy' in conjunction with 'AddUserToGroup'. This identified activity would map to Mitre's ATT&CK framework, specifically, the Tactics Persistence and Privilege Escalation. Therefore, your Blue Team can utilise the mindmap in order to align detection capabilities to specific AWS API calls that map to ATT&CK Tactics and Techniques. Our previous blog post Sigmac: A Sigma to SIEM converter describes how a Blue Team can utilise Sigma rules, whilst making use of Pacu (an AWS exploitation tool) to create Use Cases and detection alerts to aid SOC analysts. Furthermore, the mindmap can be utilised to aid proactive threat hunting. There will likely be False Positives (FP's) in relation to the identified API calls as legitimate activity occurs within your environment. By utilising items such as authorised user/admin lists, standard operating hours and the principle of least privilege you can greatly reduce the overall amount of FP's. Overall, the mindmap can be utilised in a number a ways to enhance your security posture and reduce both the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Cybervio can assist your Blue Team in utilising the ATT&CK framework for Cloud in order to build detection capabilities against Tactics, Techniques and Procedures (TTP's) in an AWS environment.