#SecurityCulture | the INFILTRATORS DATABASE is a searchable database of cases of long-term infiltrators in the 21st century, currently referencing 74 cases from 12 countries. Each case provides a brief description & sources.
🔗https://www.notrace.how/infiltrators _
“The goal is to help anarchists and other rebels understand how infiltrators operate.”
.
.
🖌 The Art Of Jesse Lee
🔎 The Hidden Threat Inside Your Organization
Internal users can cause incidents by mistake or misuse. Limit risk with least-privilege access, monitoring, and security awareness.
The Brutal Truth About “Trusted” Phishing: Why Even Apple Emails Are Burning Your SOC
1,158 words, 6 minutes read time.
I’ve been in this field long enough to recognize a pattern that keeps repeating, no matter how much tooling we buy or how many frameworks we cite. Every major incident, every ugly postmortem, every late-night bridge call starts the same way: someone trusted something they were conditioned to trust. Not a zero-day, not a nation-state exploit chain, not some mythical hacker genius—just a moment where a human followed a path that looked legitimate because the system trained them to do exactly that. We like to frame cybersecurity as a technical discipline because that makes it feel controllable, but the truth is that most real-world compromises are social engineering campaigns wearing technical clothing. The Apple phishing scam circulating right now is a perfect example, and if you dismiss it as “just another phishing email,” you’re missing the point entirely.
Here’s what makes this particular scam dangerous, and frankly impressive from an adversarial perspective. The victim receives a text message warning that someone is trying to access their Apple account. Immediately, the attacker injects urgency, because urgency shuts down analysis faster than any exploit ever could. Then comes a phone call from someone claiming to be Apple Support, speaking confidently, calmly, and procedurally. They explain that a support ticket has been opened to protect the account, and shortly afterward, the victim receives a real, legitimate email from Apple with an actual case number. No spoofed domain, no broken English, no obvious red flags. At that moment, every instinct we’ve trained users to rely on fires in the wrong direction. The email is real. The ticket is real. The process is real. The only thing that isn’t real is the person on the other end of the line. When the attacker asks for a one-time security code to “close the ticket,” the victim believes they’re completing a security process, not destroying it. That single moment hands the attacker the keys to the account, cleanly and quietly, with no malware and almost no telemetry.
What makes this work so consistently is that attackers have finally accepted what many defenders still resist admitting: humans are the primary attack surface, and trust is the most valuable credential in the environment. This isn’t phishing in the classic sense of fake emails and bad links. This is confidence exploitation, the same psychological technique that underpins MFA fatigue attacks, helpdesk impersonation, OAuth consent abuse, and supply-chain compromise. The attacker doesn’t need to bypass controls when they can persuade the user to carry them around those controls and hold the door open. In that sense, this scam isn’t new at all. It’s the same strategy that enabled SolarWinds to unfold quietly over months, the same abuse of implicit trust that allowed NotPetya to detonate across global networks, and the same manipulation of expected behavior that made Stuxnet possible. Different scale, different impact, same foundational weakness.
From a framework perspective, this attack maps cleanly to MITRE ATT&CK, and that matters because frameworks are how we translate gut instinct into organizational understanding. Initial access occurs through phishing, but the real win for the attacker comes from harvesting authentication material and abusing valid accounts. Once they’re in, everything they do looks legitimate because it is legitimate. Logs show successful authentication, not intrusion. Alerts don’t fire because controls are doing exactly what they were designed to do. This is where Defense in Depth quietly collapses, not because the layers are weak, but because they are aligned around assumptions that no longer hold. We assume that legitimate communications can be trusted, that MFA equals security, that awareness training creates resilience. In reality, these assumptions create predictable paths that adversaries now exploit deliberately.
If you’ve ever worked in a SOC, you already know why this type of attack gets missed. Analysts are buried in alerts, understaffed, and measured on response time rather than depth of understanding. A real Apple email doesn’t trip a phishing filter. A user handing over a code doesn’t generate an endpoint alert. There’s no malicious attachment, no beaconing traffic, no exploit chain to reconstruct. By the time anything unusual appears in the logs, the attacker is already authenticated and blending into normal activity. At that point, the investigation starts from a place of disadvantage, because you’re hunting something that looks like business as usual. This is how attackers win without ever making noise.
The uncomfortable truth is that most organizations are still defending against yesterday’s threats with yesterday’s mental models. We talk about Zero Trust, but we still trust brands, processes, and authority figures implicitly. We talk about resilience, but we train users to comply rather than to challenge. We talk about human risk, but we treat training as a checkbox instead of a behavioral discipline. If you’re a practitioner, the takeaway here isn’t to panic or to blame users. It’s to recognize that trust itself must be treated as a controlled resource. Verification cannot stop at the domain name or the sender address. Processes that allow external actors to initiate internal trust workflows must be scrutinized just as aggressively as exposed services. And security teams need to start modeling social engineering as an adversarial tradecraft, not an awareness problem.
For SOC analysts, that means learning to question “legitimate” activity when context doesn’t line up, even if the artifacts themselves are clean. For incident responders, it means expanding investigations beyond malware and into identity, access patterns, and user interaction timelines. For architects, it means designing systems that minimize the blast radius of human error rather than assuming it won’t happen. And for CISOs, it means being honest with boards about where real risk lives, even when that conversation is uncomfortable. The enemy is no longer just outside the walls. Sometimes, the gate opens because we taught it how.
I’ve said this before, and I’ll keep saying it until it sinks in: trust is not a security control. It’s a vulnerability that must be managed deliberately. Attackers understand this now better than we do, and until we catch up, they’ll keep walking through doors we swear are locked.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
MITRE ATT&CK Framework
NIST Cybersecurity Framework
CISA – Avoiding Social Engineering and Phishing Attacks
Verizon Data Breach Investigations Report
Mandiant Threat Intelligence Reports
CrowdStrike Global Threat Report
Krebs on Security
Schneier on Security
Black Hat Conference Whitepapers
DEF CON Conference Archives
Microsoft Security Blog
Apple Platform Security
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
#accountTakeover #adversaryTradecraft #ApplePhishingScam #attackSurfaceManagement #authenticationSecurity #breachAnalysis #breachPrevention #businessEmailCompromise #CISOStrategy #cloudSecurityRisks #credentialHarvesting #cyberDefenseStrategy #cyberIncidentAnalysis #cyberResilience #cyberRiskManagement #cybercrimeTactics #cybersecurityAwareness #defenseInDepth #digitalIdentityRisk #digitalTrustExploitation #enterpriseRisk #enterpriseSecurity #humanAttackSurface #identityAndAccessManagement #identitySecurity #incidentResponse #informationSecurity #MFAFatigue #MITREATTCK #modernPhishing #NISTFramework #phishingAttacks #phishingPrevention #securityArchitecture #SecurityAwarenessTraining #securityCulture #securityLeadership #securityOperationsCenter #securityTrainingFailures #SOCAnalyst #socialEngineering #threatActorPsychology #threatHunting #trustedBrandAbuse #trustedPhishing #userBehaviorRisk #zeroTrustSecurity
Cybersicherheit scheitert selten an fehlender Technik –
sondern daran, dass Sicherheit nicht Teil der Unternehmenskultur ist.
Wer Regeln nur „abhakt“, bekommt Compliance.
Wer Sicherheit vorlebt, bekommt Resilienz.
#CyberSecurity #SecurityCulture #ITSecurity #Awareness #Resilienz
Security teams are struggling with collaboration gaps — silos slow response while attackers move fast. Teamwork is becoming a core security control. 🤝⚠️ #SecurityCulture #TeamResilience
https://www.helpnetsecurity.com/2025/12/11/forrester-teamwork-security-gaps-report/
"𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙞𝙨 𝙖 𝙥𝙧𝙤𝙘𝙚𝙨𝙨, 𝙣𝙤𝙩 𝙖 𝙥𝙧𝙤𝙙𝙪𝙘𝙩."
This simple, but powerful quote is from cybersecurity legend 𝗕𝗿𝘂𝗰𝗲 𝗦𝗰𝗵𝗻𝗲𝗶𝗲𝗿.
Bruce is the author of not 1, not 2, but 3 books in our Hall of Fame.
Check out our reviews, and please consider using our affiliate links below if you'd like to purchase and help support the Canon. 🙏
𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗮𝗻𝗱 𝗟𝗶𝗲𝘀:
📝 https://cybercanon.org/secrets-and-lies-digital-security-in-a-networked-world/
🛍️ https://amzn.to/3JUlxu3
𝗗𝗮𝘁𝗮 𝗮𝗻𝗱 𝗚𝗼𝗹𝗶𝗮𝘁𝗵:
📝 https://cybercanon.org/data-and-goliath-the-hidden-battles-to-collect-your-data-and-control-your-world/
🛍️ https://amzn.to/4oDoDSb
𝗖𝗹𝗶𝗰𝗸 𝗛𝗲𝗿𝗲 𝘁𝗼 𝗞𝗶𝗹𝗹 𝗘𝘃𝗲𝗿𝘆𝗯𝗼𝗱𝘆:
📝 https://cybercanon.org/click-here-to-kill-everybody-security-and-survival-in-a-hyper-connected-world/
🛍️ https://amzn.to/47YtxSU
#CybersecurityBooks #SecurityCulture #SecurityAwareness #CyberCanonHallofFame
Just because a pattern looks suspicious doesn’t mean someone meant it that way.
People under stress act weird.
People under threat act inconsistent.
People under pressure make mistakes.
People in danger look “guilty.”
Before you assign intent, separate the two signals:
– **Impact** (what happened)
– **Intent** (why it happened)
Treat them as different questions.
Because sometimes the person acting “off” isn’t the threat…
they’re the one under threat.
#purpleteam #SecurityCulture #QS
Southerners Against Surveillance Systems and Infrastructure (with Ed)
If your mission this October is to elevate awareness, not just compliance, here is a book worth putting in your team’s hands...
𝙄𝙛 𝙄𝙩’𝙨 𝙎𝙢𝙖𝙧𝙩, 𝙄𝙩’𝙨 𝙑𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙡𝙚 by @mikko became a candidate for our Hall of Fame by weaving technical insight with human stories, showing how every connected thing holds risk.
👉 https://tinyurl.com/y9ne2uzk
Why this matters during #CybersecurityAwarenessMonth:
1. In a hyperconnected world, vulnerability is the shadow companion of innovation.
2. Technology alone cannot defend. The human factor is equally critical.
3. Stories fuel understanding. A cautionary tale sticks longer than dry technical specs.
#CyberCanonHoFCandidate #SecurityCulture #CybersecurityBooks
This #CybersecurityAwarenessMonth, remember security awareness isn’t about information. It’s about 𝘵𝘳𝘢𝘯𝘴𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯. 🐛->🦋
At CyberCanon, we celebrate books that go beyond technical defense to 𝙩𝙧𝙖𝙣𝙨𝙛𝙤𝙧𝙢 our understanding of security.
Perry Carpenter’s 𝙏𝙧𝙖𝙣𝙨𝙛𝙤𝙧𝙢𝙖𝙩𝙞𝙤𝙣𝙖𝙡 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝘼𝙬𝙖𝙧𝙚𝙣𝙚𝙨𝙨 reframes awareness as a human challenge, not a compliance task 👉https://tinyurl.com/u6kr7dzz
Read about this Hall of Famer and more CyberCanon-approved books that shape the culture of security.
#CyberCanonHoF #CybersecurityBooks #SecurityAwareness #SecurityCulture
The RePlaybook: A Field Guide to the Climate and Information Crisis
https://tacticaltech.org/replaybook/
#tacticaltech #securityculture
Technology evolves, but the human factor remains the weakest — and strongest — link in defense. Awareness and culture beat any firewall. 🧠🧩 #HumanFirewall #SecurityCulture
https://www.helpnetsecurity.com/2025/10/09/human-factor-in-cybersecurity-video/
Security Culture for Activists that want to Fight Back
"In the wake of a mass doxxing campaign that lead to the firing of thousands of Americans, instigated by rightwing propagandists, and the Executives of the Federal government, the need for anyone who even casually participates in activism to begin building a Security Culture has never been more clear.
Here I'll discuss what Security Culture is, why it matters, walk through the most common threats activists face such as doxxing, harassment, state monitoring, and propaganda, then step through building a plan that includes digital, physical, communication, and emotional safety.
After we all understand the basics, I'll explain why I ignore lots of common security practices in order to go beyond a purely defensive posture by using security culture to connect with everyday people, build resilience, and strengthen community.
The goal is to transform paranoia into preparedness, so that you, and those around you, can keep showing up together. "
Good CISOs build trust, drive business-focused security, and empower their teams to succeed. The right leadership makes resilience scalable!
🔗Read the article, good vs bad CISO: https://zurl.co/uTOrz
#Leadership #CISO #Cybersecurity #Resilience #SecurityCulture
#MutualDefense #Solidarity #NoKings #Antifa #Anarchist #Socialist
#CommunityDefense #ICEProtests #Portland #KristiNoem #Trump #Authoritarianism
#Resist #Disrupt #DirectAction #DefundThePolice #JuryNullification
#SecurityCulture #SnatchSquads
What's happening right now with the request from Kristi Noem according to Donald Trump to use full force on protesters demonstrating in front of ICE facilities only goes to show how very real the state's insatiable need for blood is.
The state drops its need for war, like a dead mouse on every country's doorstep, even our own, in order to satiate this thirst. This is America, this is what our country has always been. As disgusting as what's happening now is, it is not new.
We sit weeks, days, hours, if not moments away from watching our allies being slaughtered in our own towns by the very forces "intended" to keep them safe from horrors like this. This is not a drill and it is not hyperbole. The rhetoric has been tested, the laws are being preemptively written to criminalize dissent, and the paramilitary forces are being ideologically vetted for their willingness to pull the trigger on their fellow citizens. The call for "full force" is a deliberate and calculated signal, a green light for the kind of violence we have seen deployed against Black and brown communities for generations to now be officially sanctioned against anyone who stands in the way of the state's agenda.
This moment demands that we look directly at the machinery of repression and understand its components. It is the police in tactical gear, but it is also the legislators writing the "anti-riot" laws that equate to crushing resistance with claims of terrorism. It is the governor calling for violence, but it is also the media apparatus that will frame any resistance as unprovoked aggression. It is the orange goblin king baying for blood, but it is also the silent complicity of a political class that has already conceded to fascism for a taste of power. They are not hiding their intentions anymore. They are telling us, in plain language, that they view our assemblies, our solidarity, our cries for justice as existential threats to be crushed without mercy.
This is why our old models of resistance are insufficient. Marching with permits, appealing to the conscience of politicians who have none, relying on the very systems designed to pacify us these are luxuries from a bygone era that is crumbling before our eyes. The state has declared its hand. It does not seek to manage us it seeks to eliminate us. The labels they use, like "domestic terrorist," are not descriptions they are death warrants. They are intended to isolate, to criminalize, and to justify the coming violence in the eyes of a populace conditioned to fear the word "terrorist" more than they fear the death of their neighbors.
Therefore, our only logical and moral response must be the rapid, deliberate, and organized construction of networks of mutual defense. This is not a call for reckless violence it is a call for profound, community based solidarity. It is a recognition that when the state vows to use full force, our survival depends on our ability to have each other's backs without question or hesitation. Anarchists, socialists, abolitionists, community organizers, medics, legal observers, and every person who sees the nightmare on the horizon must now begin the serious work of forming pacts of protection.
These pacts are not abstract. They are built on concrete actions. They mean establishing clear and secure communication channels now, before the phones are shut down or the networks are monitored. They mean training together in de-escalation, first aid, and legal rights, so that when a protest is kettled or raided, we have medics who can treat gunshot wounds and legal teams who can track the arrested. They mean creating rapid response networks that can alert entire cities when a demonstration is under attack, mobilizing observers and support at a moment's notice. They mean setting up community defense patrols that can monitor police movements and protect vulnerable neighborhoods from targeted incursions.
Crucially, this extends to material support. It means building community bail funds that are robust and readily accessible, so no one sits in a cage because they cannot pay for their freedom. It means creating safe houses and escape routes for those who are targeted for arrest or worse. It means sharing resources, from food and water to protective gear, ensuring that no one is left exposed because of poverty. This is the practical meaning of solidarity it is the commitment to ensure that the risks we take are shared and the burdens we carry are collective.
The goal of this mutual defense is not to win a street battle with the police. The goal is to make their intended violence as difficult, costly, and visible as possible. The goal is to ensure that when they move against one of us, they find a hundred of us, standing together, documenting, resisting, and refusing to be scattered. It is to transform their easy targets into unbreakable formations of community resilience. We must make their bloodlust so public, so messy, and so morally repugnant that it shatters the illusion of their authority.
History has shown us that the state's appetite for violence is only checked when it meets organized, unyielding resistance. They rely on our fear, our isolation, our disorganization. Our task is to weaponize our solidarity. Let the calls for "full force" from the Kristi Noems and Donald Trumps of the world serve as our final wake up call. The time for vague solidarity is over. The time for specific, actionable, and sworn pacts of mutual defense is now. Find your people. Make your plans. Swear your oaths. Let them know that if they come for one, they come for us all, and we will not make it easy for them. Our communities are not their hunting grounds. We will become ungovernable not through chaos, but through an ironclad commitment to protecting one another from the storm they are so desperate to unleash.
Зайчики, где ваши принтеры?! У нас новый зинок!! :ablobcatbongo:
Мы присмотрелись к Руководству по культуре активистской безопасности и противодействию репрессиям и решили, что пора его освежить — хотя бы частично, начав, конечно, с текста @CrimethInc о культуре безопасности. Его исходный перевод на русский, к сожалению, вышел достаточно косным, а местами искажал смыслы и сбивал с толку. Кроме того, Руководство ушло в печать — подумать только! — 16 лет назад, теперь его поминают лишь по большим праздникам и только как пдф.
Тексту Что такое культура безопасности и того больше — он впервые появился в сборнике 2004 года, но к нему до сих пор обращаются как современные авторки, так и сам коллектив CrimethInc., когда речь заходит о сути репрессий, потому новое издание оказалось неминуемым. Мы сознаём, что некоторые разделы дают излишне обтекаемые руководства и больше походят на позицию «за всё хорошее» нежели на техники, но мы надеемся, что зин покажет глубину духа и, одновременно с тем, гибкость, свойственные организации в блоки, ячейки и аффинитти группы.
Скачать файл для печати можно у нас на сайте: https://www.autistici.org/morethantwo/kultbez/
Помните, что этот текст — продукт своего времени, ничего подобного радикальные круги на постсоветском пространстве не переживали и не переживут. Вынести уроки из чужих контекстов и других эпох, которые поддаются анализу, — значит выстроить собственные аналитические методы и системы, не только ретроспективные, но и перспективные: подступиться и сделать частью своей организации стратегический анализ, оперативный, структурный.
С этой целью распространять Руководство всё равно было бы хорошей идеей, но т.н. «Россия» криминализовала употребление букв «АЧК» вместе. Менты всё ещё могут спросить за наш зин, но сам он не станет формальным поводом, пока не получит экспертную оценку (чего можно и не дождаться), тогда как Руководство уже формально, пусть и опосредованно, криминализовано.
Настояльно рекомендуем распространять этот зинок в паре с Уверенностью Отвагой Родством Доверием, который мы выпустили в начале лета https://www.autistici.org/morethantwo/retsept/
#культураБезопасности #дистроизм #анархизм #SecurityCulture #distroism #anarchistzines
@thorsheim, yes, it's Friday, but eggs of that sort is what you'd typically not like in app of that genre¹ 🤦 Lack of good judgement, IMHO.
. o O { Where did I put my security token device? }
¹ PKI solution for authentication and signing at the highest level, in Norway in this case.
#securityculture #PKI #BankID #EasterEgg #grumpyOldBastard #Allheimen
Security Culture and Safe Houses: Sustaining the Network, Nurturing Continuity https://www.notrace.how/resources/read/security-culture-and-safe-houses.html
this is very very very good life advice for everybody, do some radical self care :scavenger_nom: watch it on invidious maybe #invidious #youtube #SelfCare #SelfHelp #SecurityCulture https://invidious.nerdvpn.de/watch?v=j3VzXY4R24s
🧠 Human error causes 95% of breaches. Digital Edge turns your team into your strongest defense. Continuous training. Real-world simulations. Zero guesswork.
#CyberAwareness #HumanFirewall #SecurityTraining #PhishingSimulation #CyberResilience #DigitalEdge #SecurityCulture #RiskReduction #TeamDefense #CyberSmart
