CyberWire Daily

No rest for the patched.

Feb 20, 2025

Stephen Hilt, a senior threat researcher at Trend Micro with expertise in the cyber underground market, shares valuable insights. He discusses the alarming rise of Ghost ransomware impacting over 70 countries. Hilt delves into the evolution of cybercrime dynamics, highlighting the shift toward 'access as a service' and the integration of AI technologies for criminal strategies. He also sheds light on the merging of English and Russian cyber forums and the challenges law enforcement faces in this interconnected landscape.

33:54

Creator website

Episode guests

Stephen Hilt

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Ghost ransomware is a significant threat affecting organizations worldwide, exploiting software vulnerabilities and highlighting the need for improved defensive strategies.

The cyber underground market is evolving towards 'access as a service,' indicating a globalization of cybercrime with sophisticated, AI-assisted tactics.

Deep dives

Ghost Ransomware Threats

Ghost ransomware poses a significant risk, having breached organizations in over 70 countries across various sectors including critical infrastructure and healthcare. Active since 2021, it exploits vulnerabilities in widely used software, such as Fortinet and Exchange, making it challenging to attribute attacks due to frequent changes in malware and communication methods. Defensive strategies recommended include regular backups, prompt software patching, network segmentation, and the implementation of multi-factor authentication to reduce susceptibility to attacks. CISA and the FBI have issued advisories highlighting indicators of compromise and effective tactics for defending against these sophisticated cyber threats.

Intro

3min

Cybersecurity Under Siege

6min

Cyber Crime and the Dark Underground Market

4min

Evolution of Cybercrime Dynamics

8min

The Evolving Landscape of Cybercrime and Its Complexities

5min

The Risks of Penetration Testing Without Communication

2min

The CISA and FBI warn that Ghost ransomware has breached organizations in over 70 countries. President Trump announces his pick to lead the DOJ’s National Security Division. A new ransomware strain targets European healthcare organizations. Researchers uncover four critical vulnerabilities in Ivanti Endpoint Manager. Microsoft has patched a critical improper access control vulnerability in Power Pages. The NSA updates its Ghidra reverse engineering tool. A former U.S. Army soldier admits to leaking private call records. Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. The pentesters’ breach was simulated — their arrest was not.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. Learn more in the report.

Selected Reading

CISA and FBI: Ghost ransomware breached orgs in 70 countries (Bleeping Computer)

Trump to nominate White House insider from first term to lead DOJ’s National Security Division (The Record)

New NailaoLocker ransomware used against EU healthcare orgs (Bleeping Computer)

PoC Exploit Published for Critical Ivanti EPM Vulnerabilities (SecurityWeek)

Microsoft Patches Exploited Power Pages Vulnerability (SecurityWeek)

NSA Added New Features to Supercharge Ghidra 11.3 (Cyber Security News)

Army soldier linked to Snowflake extortion to plead guilty (The Register)

Katie Arrington Returns to Pentagon as DoD CISO (GovInfo Security)

Penetration Testers Arrested by Police During Authorized Physical Penetration Testing (Cyber Security News)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

No rest for the patched.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Ghost Ransomware Threats

Evolving Cybercriminal Landscape

Trends in the Cyber Underground Market

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts