Risky Business #728 -- The Citrixbleed ransomware disaster
Nov 28, 2023
auto_awesome
Guests David Cottingham and Daniel Schell discuss the Citrixbleed ransomware crisis, DPRK supply chain threats, Microsoft's HSM purchase, and the intersection of civil war and pig butchering. The FBI's arrest struggles and recent cyberattacks on major entities are also highlighted.
Debates on 702 surveillance data usage highlight the balance between security imperatives and privacy rights.
Deep dives
Ransomware Attacks Stemming from Citrix Bleed Bug
Exploitation of a Citrix Edge product vulnerability, known as the Citrix Bleed Bug, allowed for session takeover post-authentication. This flaw led to widespread exploitation, enabling attackers to circumvent multi-factor authentication systems. Major incidents, such as impacting critical infrastructure like key port operators in Australia and ICBC, China's largest lender, highlight the severity of the ransomware campaigns.
North Korean APTs Engagement in Supply Chain Attacks
North Korean threat actors have been increasingly targeting supply chain vulnerabilities, utilizing various tactics to infiltrate systems and conduct espionage. These attacks showcase their agility and persistence in exploiting weaknesses across different industry sectors, including cryptocurrency firms. Their ability to adapt and leverage cybersecurity gaps has led to significant financial gains and operational disruptions.
Under chaotic circumstances at the Myanmar-China border, rebel groups are clashing with government forces, targeting illicit pig butchering centers that are hubs for crime and human trafficking activities. The rebels' actions, supported by Chinese authorities due to shared interests, reflect a complex blend of regional conflicts, cross-border politics, and criminal enterprises intertwining amidst the civil strife in the region.
702 Surveillance Authorization Challenges in the USA
The USA faces debates over the 702 surveillance authorization, particularly concerning FBI's frequent queries and potential misuse of collected data. Arguments center around the appropriateness of using incidental 702 data for criminal investigations, prompting discussions on warrant requirements and compliance oversight. The debate intensifies as the reauthorization proposal, attached to the NDAA bill, navigates through concerns of safeguarding privacy rights and enhancing security measures.
NSA and FBI Dynamics in Addressing Surveillance Challenges
The rift between NSA and FBI intensifies as surveillance challenges and misuse of 702 data come to light. While NSA emphasizes the program's national security importance, FBI's query practices and privacy considerations raise concerns. Resonance with lawmakers, pushing for stricter controls and compliance mechanisms, reflects the intricate balance between security imperatives and civil liberties in surveillance operations.
Addressing Incidental Data Usage and Warrant Requirements
Debates continue on incidental data usage from surveillance programs like 702, calling attention to the necessity of clear protocols and oversight mechanisms. Proposals for warrant requirements and compliance officers seek to regulate data access for FBI investigations, ensuring a balance between law enforcement needs and privacy protection. Efforts to integrate safeguards within essential legislation highlight ongoing tensions between security priorities and individual rights.
Enhanced Rules for Telcos to Combat Sim Swap Fraud
Telcos in America are facing new rules from the FCC to tackle sim swap fraud. These rules aim to send SMS alerts to users when a sim swap is attempted, adding friction to the process. While this addresses part of the issue, the involvement of insiders with telco access remains a challenge, highlighting the need for more comprehensive solutions.
Updates to Essential Eight Maturity Models and Emphasis on Application Allow Listing
The Essential Eight maturity models have been updated to include requirements such as event log retention and centralized logging at level two maturity. Notably, application allow listing is highlighted as a major mitigation strategy in combating threats like the scattered spider ransomware campaign. The emphasis on proper allow listing implementation and annual policy reviews underscores the critical role of this control in cybersecurity strategies.
