Risky Business #744 -- Ransomware upstarts jostle in Lockbit's absence
Apr 10, 2024
auto_awesome
Proofpoint’s chief strategy officer Ryan Kalember discusses rising bug prices and geopolitical ransomware attacks. Ukraine cyber chief suspended, x86 microarchitectural issues, and the evolution of cybersecurity 'platforms'.
Vigilante hacker retaliates against North Korea, sparking Pentagon interest in proactive cyber defense.
Confidential VM vulnerabilities challenge cloud security, highlighting risks despite advancements in technology.
Deep dives
D-Link Urges Retirement of Vulnerable Storage Devices
D-Link advises users to decommission specific storage devices due to a critical bug allowing high-privileged access with no password. The devices have web interfaces with default credentials that grant elevated access. Exploiting this flaw can lead to command execution. The company suggests discontinuing use to prevent exploitation and potential compromise.
Colombian American Hacker's Vigilante Mission Against North Korea
A Colombian American hacker from Florida, Ota Haseras, embarked on a vigilante mission against North Korea after falling for a North Korean scam. He retaliated by hacking into North Korean systems and initiating DDoS attacks to disrupt their internet. His actions were driven by a personal vendetta and a desire to combat North Korean cyber threats, leading to an intriguing journey detailed by Andy Greenberg in Wired.
Story of Hacker's Advocacy for Proactive Military Cyber Operations
Ota Haseras' vigilantism against North Korea caught the attention of Pentagon-affiliated individuals, propelling him into advocating for more assertive cyber operations against adversaries. Encouraging a more proactive approach in cyber defense, his interactions with military and cyber professionals shed light on the complexities and motivations behind such high-risk, unorthodox initiatives. His story unfolds as a tale of unconventional cybersecurity activism with potential impacts on national cybersecurity strategies.
Challenges in Implementing Confidential Virtual Machines
Running confidential VMs in the cloud without having to trust the cloud provider is a growing concern. Two attacks from ETH Zurich have exposed vulnerabilities in confidential VM technologies, allowing attackers through interrupt delivery manipulation. Despite advancements by Intel and AMD to enhance security, the current confidential VM tech remains imperfect, requiring trust in the cloud operator.
Advancements in Microarchitecture Side Channel Attacks
Research from VUSEC has introduced a new variant of Spectre side channel attacks, enabling data leakage between processes within a single machine. By utilizing symbolic execution to identify gadgets for cache side channels and branch predictors, attackers can escalate access privileges from non-root users to root access. These findings signify a continuous push towards improving security against evolving cyber threats.
On this week’s show Patrick and Adam discuss the week’s security news, including:
Ransomware: down but not out
Zero day prices on the rise…
… and what it means for enterprise software
Geopolitical conflict comes to computers in Palau
Ukraine cyber chief Illia Vitiuk suspended
More x86 microarchitectural bad times
And much much more
Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.
