What happens to CISA now? Is deterrence in cyber possible?
Nov 15, 2024
auto_awesome
In this discussion, Juan Andres Guerrero-Saade, a security researcher from SentinelLabs, and Costin Raiu, Director at Kaspersky, dive into the intricacies of cyber deterrence and the evolving threats from Iranian groups. They examine the implications of the FBI and CISA's investigation into recent cyber espionage incidents, including the Salt Typhoon hacks. The conversation also explores the uncertain future of CISA amid political changes and the impact of emerging cyber capabilities from China. Insights into corporate transparency and the role of cryptocurrency in cybersecurity round out this compelling dialogue.
The podcast discusses the Iranian hacking group Emennet Pasargad's sophisticated cyber operations during the Israel/Hamas conflict, highlighting their connection to geopolitical events.
Experts express disappointment over CISA's performance, emphasizing the need for improved technical reporting and tangible results in cybersecurity initiatives.
The conversation explores how recent cyber incidents, including ‘Salt Typhoon’, challenge attribution and response strategies against overlapping Chinese threat actors.
Bitcoin's rising value is analyzed as both an enabler of cybercrime through ransomware and a potential hedge against inflation for investors.
Deep dives
Vibrant Atmosphere at Echo Party
The event in Argentina, known as Echo Party, is highlighted for its lively atmosphere and successful turnout, especially among younger attendees. Many students received sponsorships to attend, enhancing their experience and engagement with the industry. The excitement surrounding the event surpasses previous gatherings, showcasing a resurgence of enthusiasm post-pandemic. This positive vibe reflects the ongoing interest in technological and cybersecurity advancements among the new generation.
New Cybersecurity Threat Reports
A report from CISA and the FBI concerning the Iranian group known as Aria Seper Ayam Densazan was discussed, revealing important new attribution information. This group, previously known by various names, including Neptunium, has been connected to a broader set of malicious activities and threat operations. The participants express satisfaction with the thoroughness of the report, noting the inclusion of actual Indicators of Compromise (IOCs) and tactics, techniques, and procedures (TTPs). The report stands out for its significant detail compared to other reports that have previously lacked actionable intelligence.
Link to Hamas and Psychological Operations
Details emerged about the group's alleged connections to Hamas, which involve setting up fictitious hosting services and leveraging them for nefarious purposes. This includes targeting IP cameras in Israel shortly after recent attacks, highlighting the operational sophistication of the group. Discussion of the group's practices also revealed disturbing tactics involving fake communications to families of hostages, aiming to inflict psychological distress. Such revelations emphasize the group's involvement in both cyber operations and broader geopolitical conflict, blurring the lines between criminal activity and state-sponsored operations.
Implications of the Salt Typhoon Campaign
The podcasters discussed a cybersecurity incident referred to as the ‘Salt Typhoon’ involving espionage campaigns against telecommunications networks. CISA confirmed an investigation into this significant breach, which reportedly involved data theft and compromise of communications tied to US industry and government officials. The discussion underlined the challenge in distinguishing between various Chinese threat actors, such as Salt and Volt Typhoon, as their operations often overlap. The difficulty in attribution and the rapid pace of developments in cybersecurity create complications for threat intelligence and response strategies.
The Role of Cryptocurrency in Cybercrime
As Bitcoin's value continues to rise, discussions shifted to its implications for cybercrime, particularly ransomware. There is a nuanced view of cryptocurrency as both an enabler of illicit activity and a potential hedge against inflation for investors. States like Pennsylvania are exploring holding Bitcoin in treasury reserves, raising questions about its legitimacy and long-term viability as a currency. The conversation highlighted the importance of recognizing Bitcoin not only as a speculative asset but also as a tool that facilitates crime in various forms.
Calling for Accountability in Cybersecurity
The podcast emphasizes the need for accountability in cybersecurity agencies, especially in the wake of ongoing failures and pressures from lawmakers. Discussions around the effectiveness of CISA and its initiatives highlight frustration over a lack of tangible progress and results. There is a shared opinion that restructuring efforts should focus on enhancing technical reporting and producing actionable intelligence, rather than merely presenting polished announcements. As threats evolve, the demand for consistent and reliable cybersecurity measures becomes increasingly critical.
Exploring Innovations in Cyber Defense
Amid the chaos surrounding cybersecurity entities, there's a call for innovative solutions that can better protect infrastructures and personal data. The guests advocate for the development of enhanced monitoring systems, suitable for both individual users and organizations, to detect and neutralize cyber threats. Suggestions include adopting multi-signature wallets and diversifying storage to protect assets from criminal activities, emphasizing proactive risk management. As the cybersecurity landscape becomes more complex, such innovations will be vital in staying ahead of malicious actors.
Three Buddy Problem - Episode 21: We dig into an incredible government report on Iranian hacking group Emennet Pasargad and tradecraft during the Israel/Hamas war, why Predatory Sparrow could have been aimed at deterrence in cyber, and the FBI/CISA public confirmation of the mysterious Salt Typhoon hacks.
Plus, discussion on hina’s cyber capabilities, the narrative around “pre-positioning” for a Taiwan conflict, the blending of cyber and kinetic operations, and the long tail of Chinese researchers reporting Microsoft Windows vulnerabilities. The future of CISA is a recurring theme throughout this episode with some speculation about what happens to the agency under the Trump administration.
