Risky Business #746 – Microsoft takes your security seriously*
May 1, 2024
auto_awesome
This podcast discusses Microsoft's commitment to security, backdoors in Cisco firewalls, tech companies facing government scrutiny, and the sentencing of a hacker. They also touch on the importance of micro-segmentation and the challenges of combating ransomware threats.
Insurers are demanding micro segmentation due to ransomware costs, influencing orgs' response to pen test reports.
Russian APT groups exploited Cisco ASA vulnerabilities for backdoor access, alerting NSA and highlighting complex exploitation tactics.
FTC and FCC focus on data protection and fines, posing challenges for cloud providers dealing with KYC requirements.
Belarusian cyber partisans hack KGB site, creating a Telegram bot to check for database entry, showcasing cyber activism.
Finnish hacker sentenced for Vastaumo clinic breach raises concerns about cybercrime penalties and deterrence tactics.
Decrease in major ransomware incidents prompts analysis of causes and implications for cybersecurity readiness and threat landscape.
Deep dives
Ransomware Costs Drive Adoption of Micro Segmentation
Insurers are starting to demand micro segmentation from customers due to the high costs of ransomware incidents. This demand is also influencing the seriousness with which organizations treat pen test reports.
Russian Attacks on Cisco ASA Devices Revealed
Recent nation-state cyber attacks attributed to Russian APT groups like Fancy Bear targeted Cisco ASA devices. Security vulnerabilities exploited allowed for backdoor access through shell-coded embedded certificates for VPN authentication. NSA reported the bugs to Cisco, indicating a complex exploitation chain.
Implications of Regulatory Actions on Tech Companies
Regulatory actions by the FTC and FCC in the US are focusing on data protection and fines for location data selling. Cloud service providers are facing challenges with KYC requirements, highlighting the conflict between privacy, security, and regulatory compliance.
Hacking of Belarus Secret Service Website by Cyber Partisans
The Belarusian cyber partisans hacked the website of the Belarusian Secret Service (KGB), obtaining data and creating a Telegram bot to check if individuals are in the KGB database. The group's actions demonstrate significant cyber activities in response to the political situation in Belarus.
Prison Sentence for Hacker Involved in Vastaumo Cyber Attack
Alex Santari Kivimaki, involved in the Vastaumu clinic data breach, has been sentenced to six years in prison in Finland. Despite previous hacking history, this sentence has stirred debate over the adequacy of penalties for cybercrimes.
Decrease in Ransomware Incidents Observed
A noticeable decline in major ransomware incidents has been observed recently, prompting discussions on potential reasons for this decrease and implications for cybersecurity readiness and threat landscape.
Detection and Exploitation of Plug X Malware Command and Control Servers
Security researchers detected and infiltrated the command and control servers of the Plug X malware, associated with Chinese state-sponsored threat actors. The move allowed for data collection and discussions on potential mitigations for Plug X infections.
Impactful Hacktivism Actions by Hackers in Belarus and Finland
Cyber partisans in Belarus engaged in impactful hacktivism targeting government entities, while a Finnish hacker received a prison sentence for his involvement in a psychotherapy clinic data breach. These actions highlight the significant consequences of cyber activities in different geopolitical contexts.
Analysis of Alex Santari Kivimaki's Sentence and Criminal Profile
The sentencing of Alex Santari Kivimaki for his involvement in the Vastaumo psychotherapy clinic breach has raised questions about the adequacy of penalties for cyber crimes. Kivimaki's criminal history and potential for recidivism pose challenges in addressing cyber threats effectively.
Technological Developments in Security and Regulatory Compliance
Recent technological advancements in security and regulatory compliance, as seen in data protection regulations and KYC requirements for cloud service providers, are shaping the landscape of cybersecurity. These developments reflect the ongoing efforts to balance privacy, security, and compliance in the digital age.
Impact of Ransomware on Cyber Insurance and Security Practices
The podcast episode delves into the significant impact of ransomware attacks on cyber insurance companies, leading to stringent security measures like micro segmentation. With ransomware incidents becoming more prevalent, insurers are incentivizing clients to adopt advanced security controls to mitigate risks and reduce premiums. Micro segmentation, identified as a fundamental preventive control, plays a vital role in enhancing network security and thwarting attackers.
Challenges of Global Compliance and Content Moderation
The discussion expands on the challenges of global compliance and content moderation in the context of social media platforms. It highlights the complexities faced by tech firms in navigating cross-jurisdictional issues when responding to government demands for content removal. The podcast emphasizes the delicate balance between preventing harmful content proliferation while respecting differing national values and regulations, especially concerning incidents like video content related to violent acts.
On this week’s show Patrick and Adam discuss the week’s security news, including:
Microsoft reassures* us that they take security very seriously*
Cisco ASA firewalls get sneakily backdoored, but no one’s quite sure how
Change Healthcare was 1FA Citrix all along
The FTC, FCC and other government sticks get waved at tech
Lizard Squad Finn who hacked the Vastaamo therapy chain gets sentenced
And much, much more.
This week’s sponsor is Zero Networks, who make a network micro-segmentation product that is actually usable. Zero Networks CEO Benny Lakunishok joins us to talk through why firewalling everything everywhere is finally workable.
