Srsly Risky Biz: Links between Russian state and cybercriminals remain elusive

PLUS: A look at the equities involved in timing the FBI's takedown of Hive...

In this podcast Patrick Gray talks to Tom Uren about a new Recorded Future report that collates evidence of Russian intelligence service links to cybercriminals. There’s a lot of circumstantial evidence, but it feels more like the state uses criminals opportunistically rather than systematically.

The FBI disruption and takedown of the Hive ransomware crew is a huge success and Tom and Patrick examine the tradeoffs about exactly when to seize Hive’s servers.

They also discuss the different approaches the US and Singapore government are taking to counter scam robocalls and SMS messages.

Risky Business #693 -- Hive takedown is the beginning, not the end

How the FBI and friends absolutely pantsed the Hive ransomware operation…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • A look at the Hive takedown
  • UK’s Royal Mail still struggling
  • GitHub’s code signing certificates stolen
  • TSA misses the point on no-fly list theft
  • Much, much more

This week’s show is brought to you by Remediant, which is now a part of Netwrix.

Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing.

Risky Biz News: FCC warns Twilio on scam robocalls

PLUS: KeePass disputes vulnerability classification for app feature; bulletproof hosting hotbed Seychelles to establish cybercrime unit; new data wiper malware discovered in Ukraine.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Risky Business #692 -- Google search results spew malware, phishing sites

The search giant's ads and organic results have become dangerous...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Google’s search results have become a malware-riddled sh*tshow
  • Ransomware payment values dropped by 40% YoY in 2022
  • Kraken takes over Solaris the old school way
  • Grand Theft Auto RCE is wreaking havoc
  • ManageEngine customers are all getting owned
  • So you know, pretty much business as usual

This week’s show is brought to you by Kroll.

Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline.

Between Two Nerds: When Operations Get Burnt

How do adversaries deal with operational failure and why do they make the choices they do?

In this edition of Between Two Nerds Tom Uren and The Grugq look at operations being ‘burnt’ from the adversary’s point of view. What do they do when an operation is burnt? What are the factors that go into the decisions that they make?

Srsly Risky Biz: LockBit ripe for disruption, Russians throw kitchen sink at Ukraine

PLUS: French general sounds alarm on US hunt forward operations...

In this podcast Patrick Gray talks to Tom Uren about security researcher Jon DiMaggio infiltrating the LockBit ransomware group. DiMaggio’s report shows that there are numerous disruption operations.

They also cover a new Ukrainian report about Russia’s combined cyber, conventional and military operations. It doesn’t look like the Russians are deftly coordinating these different attacks to maximum effect so much as using a kitchen sink approach.

Finally, they look at a French general’s warning to other European countries that the US might use Cyber Command hunt forward operations as an intelligence gathering operation. We don’t think this is at all likely, but the general has hit on a fear that other countries will have.

Risky Business #691 -- LockBit and "Pablo Escobar syndrome"

Why LockBit's Royal Mail caper could backfire…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Royal Mail attack was LockBit and GCHQ will probably “bust some heads”
  • CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age
  • Cloudflare backs Mastodon
  • Paul Nakasone: NSA did some great stuff! It was really good!
  • Cisco won’t patch SMB routers sold in 2020
  • Much, much more

This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests.

Risky Biz News: Pro-Russian hacktivists offer cryptocurrency for DDoS attacks against Ukraine and western targets

PLUS: Bangladesh government bought loads of Israeli surveillance tools; npm libraries delete user files; malware found preinstalled on T95 Android TV boxes...

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Srsly Risky Biz: Carnegie Report Takes Wind Out of Cyber War's Sails

PLUS: The Bad Times Keep Rolling for NSO Group...

In this podcast Patrick Gray talks to Tom Uren about a new Carnegie report that does a really good job examining the interplay of disruptive cyber operations and conventional military action in Russia’s invasion of Ukraine.

They also examine the trajectory of NSO Group. The US Supreme Court has decided that WhatsApp’s court case against the firm can continue, but the political environment has changed so drastically we don’t think the court case will make much difference in the end.

Risky Biz News: Windows 7 reaches end-of-support

PLUS: SugarCRM zero-day used to compromise roughly 10% of all internet-accessible servers; smart ship management platform taken down after hack; Raspberry Robin botnet loses 30% of C2 servers in partial takedown.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Risky Business #690 -- 2023 will be a rough year for critical online services

Recent attacks against Okta, CircleCI, Slack and Lastpass have set the tone for the year ahead...

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes:

  • Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume
  • All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more
  • A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem
  • Why automotive security research will actually be interesting this year
  • PLUS: A bunch of random news!

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff!