APTs or UAPs?

Created in December 12, 2024

2024   ·   SIEM   ·   CyberSecurity

First of all, I want to make it clear that I consider myself a skeptic. I’m not saying that hackers are aliens (laughs). In fact, although I believe that intelligent life may exist outside of Earth, I also believe that we are isolated due to the vast interstellar distances.

Since I was a child, I have always been curious about the topic, and with UAPs (Unidentified Aerial Phenomena) being discussed in the U.S. Senate and the New Jersey drones making headlines in the media, I realized that many anomalous phenomena — whether in the sky or in your environment — are the result of a lack of knowledge or a lack of data about the event. People end up ignoring the principle of Occam’s Razor and believe they are being hacked or even seeing aliens (laughs).

I’ve worked in SOCs (Security Operations Centers) for several years, moving from N1 to detection engineering for SIEMs (Security Information and Event Management systems), and I’ve grown tired of seeing cases where tools that are supposed to detect anomalies end up identifying normal events as potential threats. In fact, this is the most common scenario when you enable everything that comes by default in the tools (perhaps even helping to get to know the environment and discover shadow IT…), which leads to a SIEM full of alerts, overwhelming SOC teams with false positives, resulting in the infamous alert fatigue and memes like:

But this also creates a second scenario, where, due to the lack of knowledge of those at N1, many security events are wrongly evaluated as incidents and escalated, simply because they do not understand the information they are analyzing. So, in reality, that supposed midnight incident that triggered a war room is just a false positive. And that UAP is just a balloon.

Another point is that often it is difficult to have good data about the event. Even with today’s technology, UAP footage remains poor, and SIEMs, working with logs (poorly parsed, to make matters worse), are unable to provide the certainty needed to confirm that a phenomenon is not an extraterrestrial visit or an APT (Advanced Persistent Threat).



    Enjoy Reading This Article?

    Here are some more articles you might like to read next:

  • FIRST Fortaleza 2023.
  • CyberDefenders Qradar101 Write up.
  • Exposing Local Applications with FNLocalCloud.
  • Detection CVE-2024-35250
  • FnStegoCrypt - Encrypted Data in Images
  • Script for enabling Windows Audit and Sysmon.
    • to select to navigate esc to close move to parent