Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:02
this episode of the summer wire is made possible
0:04
in part by hunters printers
0:07
, a soccer platform that ingested data
0:09
from your id and security tool and
0:11
applies a built in detection engine
0:13
encoded with hundreds of pee pee pees
0:15
attack methodologies and threatened intelligence
0:18
and security teams use hunters to reduce
0:21
the meantime to detect and respond by
0:23
automatically investigating correlating
0:25
and prioritizing suspicious events
0:28
combining hunters sock platform
0:30
with snowflakes data lake and hope
0:32
your security team achieve greater coverage
0:34
i'd up regrettable cost and
0:36
mitigate threats faster and more
0:38
reliably then sam visit
0:41
hunters dot ai to learn more
0:53
the away any as stains major de
0:55
dos attacks lessons from not purchase
0:57
counties brand appears to have gone into hiding
1:00
online stores and now tends to skip
1:02
the ran somewhere proper just re
1:04
for like centered on how social engineering
1:06
is evolving for underground threat actors
1:09
recovered looks the chaos engineering
1:11
and us financial institutions
1:13
conduct coordinated cyber security
1:16
access
1:27
cyberwire studios at datatribe
1:29
i'm dave bittner with your cyberwire summary
1:31
for monday june 27th
1:33
2022
1:46
lithuania this morning announced that it
1:48
has sustained a distributed denial
1:50
of service attack reuters
1:52
quotes lithuania's national cyber
1:54
security center to the effect
1:56
that further attacks of this kind are expected
1:59
they say it is very likely that
2:01
attacks have similar or greater intensity
2:04
will continue in the coming days especially
2:07
in the transportation energy and financial
2:09
sectors the nominally
2:11
activist russian group kill net responsible
2:14
for earlier de dos attacks against
2:16
italian targets the responsibility
2:19
for the incident a group associated
2:22
with kill net the cyber spetsnaz
2:25
last week threaten lithuania with cyber
2:27
attack should persist in it's policy
2:29
of restricting rail delivery of
2:31
embargoed goods to russia's non
2:33
contiguous province kaliningrad
2:36
it's now been five years
2:38
since the gr you hit ukraine was
2:40
not patches pseudo ran somewhere in
2:43
campaign that was marked by degree
2:45
of indifference to the damage done to other
2:47
countries in the course of the attacks
2:50
it moves one to the conclusion that
2:52
the international consequences of the
2:54
malware weren't so much collateral damage
2:56
as side benefit
2:58
the a so reviews some of the major
3:00
lessons from not patch the
3:02
campaign showed that ran somewhere
3:04
and wiper malware representing itself
3:07
as ran somewhere the serve
3:09
as an effective weapon the g
3:11
are you was willing to use it as
3:13
such adam flatly
3:15
director of threatened telegent sat redacted
3:17
commented it's interesting that
3:19
the russians are being little more careful this
3:22
time with their cyber attacks that's
3:24
only constrained by their desire
3:26
to be careful the technology
3:28
is still there for them to easily change
3:31
the setting and let it loose if they
3:33
wanted to computer
3:35
weekly looks at the results anonymous
3:37
has obtained so far and it's op russia
3:40
hacked of his campaign and it finds
3:42
that they've generally been more consequential
3:44
than had been generally expected although
3:47
of course falling short of the devastation
3:50
anonymous customarily threatens you're
3:53
a non news tweeted the
3:55
anonymous collective is officially in
3:57
cyber war against the russian government
3:59
that was hours after the russian invasion
4:01
of ukraine scope and
4:03
sweep of the attacks mostly to face
4:06
months doc sing and de dos have been
4:08
surprising and potential targets
4:10
of activism elsewhere are considering
4:12
how they might harden themselves against similar
4:15
operations on
4:17
t seems to have retired as a brand
4:20
bleeping computer reports that the gang
4:22
shut down it's data leak and negotiations
4:24
sides last wednesday and
4:26
they seem to have remained down these
4:29
for the rest the week observers
4:31
read this as the retirement of the brand
4:33
not the retirement still the reform
4:36
of the criminals behind it sleeping
4:39
computer writes some the ransom
4:41
were gangs known to now include
4:43
old conti members include hive
4:46
avast locker black cat hello
4:48
kitty and the recently revitalized
4:51
quantum operation other
4:53
members have launched their own data
4:55
extortion operations that
4:57
do not encrypt data such as care
4:59
occurred black might and the bizarre
5:01
call collective the
5:03
gangs arm attack campaign
5:05
last november and december short
5:07
but intense retrospectively
5:10
looks like the brand's last big hurrah
5:13
except of course for it's public declaration
5:15
of it here the moscow's cause
5:17
in russia's war against ukraine group
5:20
i be describes arm attack
5:23
has having had some forty organizations
5:25
in the us and elsewhere with
5:27
noticeable effect assuming
5:30
the country brand stays retired
5:32
the leading ran somewhere brand is
5:34
now lock bit to point though the
5:37
ncc groups may ran somewhere
5:39
report puts the leaderboard like this
5:41
like a bit two point oh black buster
5:44
a rising criminal star i've
5:46
and the rump of a retiring county
5:49
bleeping computer reports that on lab
5:51
has noticed a trend in lock bit to
5:53
point out attack technique the
5:55
approach is still through fishing but the
5:57
fish bait has changed typical
6:00
lock big come on now consists
6:02
of a bogus copyright infringement notice
6:04
you see the infringing material the
6:06
email says the recipient should
6:08
open and attached file which carries
6:11
the hook the payload it's
6:13
not unique fish bait the operators
6:15
of both bizarre loader and bumble bee
6:17
have also used copyright infringement claims
6:20
to induce their victims tonight
6:23
the register briefly describes a trend
6:26
currently observed in ran somewhere attacks
6:28
increasingly there's thing the ran somewhere
6:31
that is they're not bothering to
6:33
encrypt the victims files instead
6:35
they're relying on the threat of dancing
6:38
promising to release sensitive stolen
6:40
data if the ransom isn't paid
6:42
though the trend toward double extortion
6:45
ran somewhere encrypting data
6:47
to hold them hostage but not before stealing
6:49
it and then threatening to release it publicly
6:52
is now often skipping the encryption
6:54
stuff it used to be like kidnapping
6:56
followed by blackmail now
6:59
more often than not it's just blackmail
7:03
and finally major us financial
7:05
institutions motivated in part
7:07
by the possibilities of cyber attack
7:09
that russia's war against ukraine raises
7:11
and at the urging of us department
7:14
of treasury have recently conducted
7:16
a coordinated exercise designed to
7:18
help them refine their defenses and
7:20
their plans for coping with cyber attack
7:23
bloomberg reports that the exercise
7:25
jpmorgan, chase bank of
7:27
america and morgan stanley
7:30
explains it ran through five
7:33
hypothetical threat levels, ranging from
7:35
minor assaults to a a full-scale onslaught
7:38
on multiple banks and critical payment
7:40
systems the exercise
7:42
is regarded as showing an an unusual degree
7:44
of cooperation and information-sharing among
7:47
competitors of her
7:54
and
7:56
now a word
7:57
from from our sponsor, devo by
7:59
devo devo [unk] they understand cyber
8:01
threat landscape is rapidly expanding
8:04
and it's becoming increasingly difficult for
8:06
organizations to protect themselves from
8:08
sophisticated cyber attacks as
8:10
why they pride themselves on being true allies
8:13
not just another vendor and why
8:15
they're cloud native logging and security
8:17
analytics platform is built to
8:19
not only transform security operations
8:21
for today by beyond depot
8:24
is always looking learn more about how
8:26
they can continuously support and serve
8:28
the cyber security community and
8:30
their ceo mark then settle
8:32
half new podcast cyber ceos
8:35
decoded is part of that commitment
8:38
marcos candid ceo to
8:40
ceo conversations with leaders
8:42
from cyber security companies big and small
8:44
about delivering valued customers
8:47
creating enduring cultures and
8:49
managing successes and failures
8:51
in an ever evolving technology lands
8:53
and soon a month for you for fresh
8:55
perspectives on what's top of mild
8:57
for those working to protect us and some
8:59
of the gold as cyber threats we face today
9:02
and evil more data more clarity
9:05
of confidence and we thank
9:07
for sponsoring or
9:16
enjoy me once again is rick howard he
9:18
is the cyber wires to security officer
9:20
and also our chief analyst rick always
9:22
great welcome you back a day the
9:24
i was reading we call seats and rundown
9:27
for are discussing this morning and i
9:29
noticed that this week see a so
9:31
perspectives episode is the end
9:33
of season nine man
9:35
the sears go by fast i know
9:37
what you mean it and we covered lot of ground
9:39
the season two we did alone episodes
9:42
history we've covered the current state
9:44
in future of software below materials
9:47
we did some identity stuff about single sign
9:49
on in two factor authentication and
9:51
software defined perimeter and we talked
9:54
about the current state of intelligence sharing
9:56
today at the end that the last
9:58
episode we did was a cyber sense will
10:00
exercise for the colonial pipeline
10:02
it acts of two thousand and nineteen and oh
10:04
my goodness that's lot of stuff
10:06
the cigarettes to the euro for i can
10:09
remember my mom's at a so
10:12
what you have in store for us
10:14
in your season finale here
10:16
so have you ever heard of a resilience program
10:18
called chaos monkey yes
10:21
yes i have that is
10:23
is netflix right where they they
10:26
sort of a eight it's exactly
10:28
what it sounds like they'd be randomly go in
10:30
and like blow things up and
10:32
and to test their resilience to make sure
10:34
that their engineers have engineered
10:36
in enough resilience of that
10:38
basically no matter what happens customers
10:41
won't notice that that things have happened
10:43
do that in my own the right track their
10:45
yeah you know that's why i thought to until i do
10:47
the deep dive here in but it turns out
10:50
as with most things in cybersecurity it's
10:52
a lot more nuanced than that
10:54
netflix and other big silicon valley
10:56
companies like linkedin and google and
10:58
microsoft and bunch of others invented
11:01
this thing called chaos engineering the
11:03
advanced resilience discipline designed
11:05
it discover potential systemic
11:08
weaknesses and they're deployed architectures that
11:10
they didn't know about before engineering
11:13
emerge because in last fifteen years
11:15
these organizations find themselves
11:17
running gigantic systems systems
11:20
with thousands of dependencies that no
11:22
human could keep track of in their head though
11:25
there's engineering is a response to that situation
11:27
where they could run carefully controlled
11:30
experiments on production systems
11:32
mean they are blown stuff up here but
11:34
they wanted figure out all ,
11:36
unknown areas of weakness of they have discovered
11:38
before so in this last
11:40
episode see as of see of
11:42
the season we do a deep dive on
11:44
t as engineering to discuss how
11:46
for the right organization it might be
11:48
useful tidy for your resilient
11:50
strategy
11:52
i would like to see a book or an article
11:54
or something about the times when chaos
11:56
engineering went horribly wrong
12:01
what are you know they have a nice dogs are no
12:04
no no they're probably you know traded in
12:06
in dark shadow corners and said
12:08
as industry events know the other
12:10
valuables your know but rest of us to
12:12
darkest secret to spread around as
12:14
berlin and of of book before go
12:17
what is the cyber security term
12:19
that you're covering over on word notes podcast
12:21
as this
12:22
week we're talking about identity and access
12:24
management or i am for short
12:27
and you know dave i'm little bit of nerd
12:29
and i like to throw a little pop culture
12:31
references into discussion mostly
12:33
to entertain myself on this up for the audience
12:35
is mostly friends let's be clear ric
12:37
it's only to entertain yourself as a
12:39
go on oh that but
12:42
i gotta tell you this week this have outdone
12:44
myself i found a way to connect
12:46
my favorite star trek movie of all
12:48
time nineteen eighty two movie
12:50
the wrath of khan of khan
12:52
to i am how great that
12:55
a that is great and i
12:57
a concur with your excellent taste
12:59
and star trek movies ib
13:02
, lots of cards a letters about that one but but
13:06
its defensible a position not exactly
13:08
a kobayashi maru but a there
13:13
all right well you can find all of is
13:15
stuff over on our website
13:17
the cyber wire dot com were you can learn
13:19
about cyber wire pro thanks
13:33
and now a word from our sponsor microsoft
13:36
federal abiding administration
13:38
is taking steps to modernize security
13:40
approaches across the federal government with
13:42
a cyber security executive order microsoft
13:45
federal is your partner in meeting those mandates
13:48
they help federal agencies better understand
13:50
the executive order milestones build
13:53
a strategic response that aligns to
13:55
security modernization priorities and
13:57
executive order requirements and
14:00
determine how old technology partners help
14:02
extend ain't the journey their unique
14:04
approach is based on the decades of trust
14:06
they've earned from partnering with federal agencies
14:09
microsoft federal empowers agencies
14:11
with free tools like cloud adoption
14:14
framework and zero trust reference architecture
14:16
and together we can move forward into a
14:18
new era of cyber security and
14:21
empower a secure brazilian federal
14:23
workforce learn more at
14:25
aka dot m s slash
14:27
cyber he oh that's aka
14:30
dot m s slash cyber
14:32
yeah and we hang half
14:34
federal for sponsoring earth
14:47
and join he once again is just re
14:49
he is managing director and global cyber
14:51
defense lead at accents or security it's
14:53
just it's always great to have you back you
14:56
know i know you and your team spent good amount
14:58
of time tracking some of the threats
15:00
that are going on going sir that criminal
15:02
underground and wanted to touch today
15:05
particularly on social engineering
15:07
is the some of the things that you all are seeing
15:09
evolving there that
15:11
they save for again for having me back
15:13
we are continuing to see that
15:15
professionalization that professionalization crime the
15:18
underground and specifically
15:20
around highly specialized areas
15:23
and we spent a lot time talking about things like
15:25
technical exploit creation as
15:27
a service but really over the last
15:30
three years and more increasingly over the
15:32
past six months so cj
15:34
i team is observe
15:36
the increase availability of these social
15:38
engineering as service offerings
15:41
on the underground and is significantly
15:44
magnifies threat actor capabilities a
15:46
brilliant shows that the threat actors or
15:49
has maximum impact and you know me day
15:51
i'm normally even
15:53
feel when i hear about these types of says
15:56
after you know been in the industry for a while
15:58
but enough speaking to my team that
16:00
if really believe that the same now
16:02
is significantly improved third act keep abilities
16:05
but will be problematic for
16:07
security prick practitioners and that defender
16:10
can you give us some specific examples here
16:12
i'm in your social engineering certainly
16:14
isn't news so what's the approach
16:16
that has you concern
16:18
in a exactly right i and
16:20
think it speaks specifically planted
16:22
to the adversary tactics and what they're doing
16:25
the for actors you know or are
16:27
leveraging this service on
16:29
across the a skills gamble
16:32
what we're seeing is that lower skilled
16:34
actors or this obviously provide some
16:36
a new and had set of capabilities that
16:38
they wouldn't otherwise have access
16:40
to in investing in as as well
16:42
so for the big groups like com
16:45
to your laptop them dedicated
16:47
department for this and they don't just
16:49
have one individual they have team
16:52
with dedicated lead that's
16:54
really responsible just for social engineering
16:56
so they're very well organized around this particular
16:58
piece we're also seeing the thread
17:01
making more realistic
17:04
you know socially engineered emails really
17:06
kind of looking at the user awareness
17:08
training i think and pivoting
17:10
their on their tactics as such
17:13
it's very well written whether it's an
17:15
english or french german or italian
17:17
because he used to be was spot the broken english
17:20
something like that and was dead giveaway the
17:22
threatened definitely kind of caught up with this
17:24
and these tells that humans
17:26
used spot the suspicious email
17:29
now i've heard that they're they're getting
17:31
their way into systems and
17:33
and taking advantage of of people's
17:35
said like even the calendar and systems
17:38
yeah no to succeed a sassy
17:40
it again and slightly as scary
17:42
i mean the speak specifically
17:44
the the timeliness of or when
17:46
they launched attacks so they they
17:48
will buy access or one of them many
17:51
dark that cookie market sir see
17:53
facility facilitating access to an
17:55
outlook calendar the
17:57
now they have his internal visibility as
18:00
we've seen actors by the current will
18:02
soon email account these market
18:04
and instead of this isn't an email
18:07
send phishing email from an internal
18:09
email address
18:11
your social engineering firm it's anyone corporate
18:14
town which is much more effective strategy
18:17
coupled with the visibility component
18:19
where you can send it when somebody on t t
18:21
o getting ready to attend a conference or
18:24
has a you know important business meeting come
18:26
up and this is been
18:28
one of the things that we've used said you
18:30
educate our user base and
18:33
we see that the threat is continuing
18:35
kid you know to pivot to
18:37
kind of these said user way screenings
18:40
are they getting better with being able
18:42
to to use the lingo of individual
18:45
organizations that have they up their game
18:47
there yeah that that's
18:49
actually one of the most fascinating
18:51
things and a really complicates
18:53
matters further emily's observe they've
18:55
actually started to employees the
18:57
industry subject matter expert so that
18:59
can speak the jargon and understand
19:01
nuance of the business operations
19:04
are like to draw the comparison like much like
19:06
we you know as as extensive
19:08
would have had our industry expertise
19:11
the day we actually have ability now
19:13
the do that i in way that
19:16
increases the effectiveness of ah
19:18
of the attack so now you have you a
19:20
a that can leverage a highly specialized
19:23
sophisticated service employing
19:26
proper grammar across multiple languages
19:29
then through the use of you know
19:31
that it is reconnaissance they can target
19:33
see personnel the proper
19:35
time based on their internal visibility
19:37
and with their increased industry knowledge
19:40
they make their emails much more realistic
19:43
they can send from valid internal
19:45
account now
19:46
well let's talk about that i'm in given this
19:48
new reality and how much they've
19:50
stepped up what you recommending
19:52
to people to best protect themselves the
19:55
yet be great at you in basics is always
19:57
and we talked lot about lot of the detective
20:00
gold controls such as
20:02
pushing for you know i'm a fan
20:05
once again you know people
20:07
are being targeted as as though the
20:09
weakest link in that same the
20:11
more specifically you know high level executives
20:14
the employees that have access
20:16
to see internal business operations
20:19
are top targets what
20:21
they post on social media and
20:23
what their extended circle and family members
20:25
may post on social media can
20:27
be easily weaponize south now
20:29
is staying in a vigilant in an increasing
20:31
monitoring on iran enterprise are
20:34
you to think about how do you extend
20:36
that user awareness training that
20:38
trusted circle and we've
20:41
begun to your have clients think about
20:43
things like monitoring in
20:45
the dark net not only gets the intelligence
20:47
on these available threats and
20:49
capabilities but and think
20:51
about exerted cyber protection for your
20:53
t and highly visible employees
20:55
as well see the south those are things that
20:57
we're gonna have to do to relax and that intelligence
21:00
gathering in
21:02
, with us patrols as a kid
21:05
kid to mitigate the threat or i
21:07
have just re
21:15
our sponsors making the cyber
21:17
wire possible especially our supporting
21:20
sponsor sina find the
21:22
vulnerabilities that matter most go
21:24
to sina dot com slash
21:26
government today to find your
21:28
better way to pulse test in the sina
21:31
says brand moderate environment
21:42
and thats the cyber wire were links
21:44
all todays stories check out our daily briefing
21:46
at the cyber wire dot com
21:48
dont forget check out the grumpy old geeks podcast
21:51
were i contribute to a regular segment called
21:53
security joined
21:55
jason in brian on their show for a lively
21:57
discussion of the latest security news every
21:59
week
22:00
he didn't hide grumpy old weeks where all
22:02
the fine podcast solicitous the
22:04
, wire podcast is probably produced
22:06
in maryland at the start of studios of data tribes
22:09
were there cove building the next generation
22:11
of cyber security teams and technologies
22:14
technologies amazing cyber wire team is
22:16
liz urban elliot hulse mint train
22:18
hester friend and park only on
22:20
white group for costs just and
22:22
saving rachel bilson him node
22:24
are so paragon and will carry
22:26
oh and yellen lucky tina
22:28
johnson and had most the throttle
22:30
john patrick for i've been recovered
22:33
stupid humor
22:59
everybody dave here our your sales
23:01
and marketing teams tasked with ever
23:03
growing brand awareness and lead gen
23:06
goals the cyber wire is
23:08
great way to put your message into the ear
23:10
of decision makers across cyber
23:12
and help fill your funnel we
23:14
have great sponsorship opportunities
23:16
available but were filling up fast
23:19
contact our team now to learn more
23:21
about how sponsorship up the cyber wire
23:23
can help build your business at
23:25
the cyber wire dot com slash
23:27
sponsor
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More