CyberNews

Something unusual is happening on Telegram.

A channel called GangExposed just popped up, and it's not selling malware or bragging about hacks. It’s doing the opposite. It claims to have verified intel on the people behind Trickbot, Conti and Black Basta, three of the most feared cybercrime groups in recent years.

And they’re not holding back.

This channel says it’s here to name names, expose key players, share leak analysis, and even help investigators claim the $10 million reward offered for info on these cybercriminals.

For threat intel teams, this could be a goldmine.

A recent cyberattack on Marks & Spencer (M&S) has raised eyebrows across the industry not because it was complex but because it was clever. Reports suggest that attackers used an old trick with a new twist: SIM swap fraud and if a company as established as M&S can fall victim then anyone can.

What Really Happened?

While the full technical breakdown is still under wraps, early reports say cybercriminals may have hijacked an employee’s mobile number. With that control, they allegedly convinced internal IT to reset credentials, essentially walking right into the company’s digital core.

Let that sink in: no malware, no zero-day exploit, just a well-played con.

SIM-Swap Fraud:

Here’s how it works. A scammer contacts your mobile provider pretending to be you and convinces them to transfer your number to a new SIM card they control. Suddenly, all your calls and texts, including 2FA codes go to them.

This gives them the power to:

1) Reset your emails, banking apps, or WhatsApp

2) Read your private messages

3) Impersonate you to your contacts

4) Access internal systems if you're an employee at a target company

It’s terrifying because it relies less on technical and more on human psychology and weak identity checks.

Why This Attack Hits Different:

What used to be a trick aimed at crypto holders and influencers is now going mainstream. According to CIFAS, SIM swap cases in the UK exploded from under 300 in 2022 to nearly 3,000 in 2023. And let’s be honest we've all posted too much online. A birthday here, a phone number in a job post, an email address in a giveaway… it doesn’t take much for a scammer to build a profile convincing enough to fool customer service reps.

What You Can Do Right Now: (Here are five things you can do today)

1) Ditch SMS 2FA – Use authenticator apps like Google Authenticator.

2) Add a PIN to your mobile account – Make sure your phone number can’t be moved without it.

3) Think twice before sharing personal info – Especially your number or date of birth.

4) Learn to spot phishing – Don’t give attackers easy entry points.

5) Use different emails for different purposes – One for banking, one for social media, one for public stuff.

Final Thoughts from Me:

This isn’t just about M&S. It’s about a wider shift in how attackers are targeting the weakest link in our security. The phone number once a basic communication tool is now a digital identity and unless we start protecting it like one we’re going to see more stories like this.

Stay safe, stay aware.

– Yashwanth Karuppusamy

Overview:

"SOC Insights" is a detailed reflection of my journey and hands-on experience in Security Operations Center (SOC). It highlights the diverse roles I've undertaken, the tools and techniques I've mastered, and the critical scenarios I've navigated to ensure robust threat detection and incident response.

Experience Overview:

With extensive experience in SOC environments, I've worked on a range of responsibilities, from real-time threat monitoring to in-depth incident investigations. My expertise spans a variety of tools, including Microsoft Sentinel, Defender, Darktrace, ServiceNow, and Wireshark, allowing me to deliver proactive and effective security solutions.

Critical Scenarios & Resolutions:

I've encountered numerous challenging scenarios, from sophisticated phishing campaigns to complex APTs. In each case, I employed a structured approach to identify the threat, analyze its impact, and implement effective countermeasures. Here are two critical scenarios that exemplify my problem-solving capabilities:

Scenario 1: Phishing Attack Mitigation

Challenge: A sophisticated phishing campaign targeted multiple employees, aiming to steal credentials.

Approach: Detected unusual login patterns and swiftly initiated a targeted response, including user education and account security enhancements.

Outcome: Successfully prevented data breaches and reinforced the organization's email security posture.

Scenario 2: APT Detection and Eradication

Challenge: An advanced persistent threat infiltrated the network, posing a severe risk to critical assets.

Approach: Leveraged Darktrace's AI capabilities and Sentinel's log analysis to identify, isolate, and remove the threat.

Outcome: Neutralized the threat, minimized downtime, and implemented measures to prevent future occurrences.

Conclusion:

Through "SOC Insights," I aim to demonstrate not only my technical proficiency but also my strategic approach to ensuring the security and resilience of the organizations I've served.