Risky Business #738 -- LockBit is down but not out. Yet.
Feb 27, 2024
auto_awesome
Cybersecurity expert Dmitri Alperovitch discusses Starlink, Starshield, and Congress row about Taiwan. LockBit group resurfaces post-takedown, Russia detains Medibank hacker. ConnectWise faces attacks, Microsoft expands logging. Sandvine added to US Entity List.
LockBit ransomware group resurfaces post-takedown, evading law enforcement scrutiny
Russia's detainment of Medibank hacker sheds light on cybercrime complexity and global implications
Microsoft's compliance with increased logging demands aiming to mitigate potential security breaches
Deep dives
SpaceX Star Shield's Global Service Geofencing Issue in Taiwan
SpaceX's Star Shield service, designed as part of the US military assets, faced a geofencing issue over Taiwan, prompting a US House Committee to raise concerns. Miscommunication or shared infrastructure between Starlink and Star Shield may have led to the service disruption in Taiwan, possibly due to geopolitical considerations.
Allow Listing with Windows Defender Application Control (WDAC)
Airlock Digital explored potential integration of allow listing policies with Windows Defender Application Control (WDAC) to achieve a driverless system. While WDAC lacks some features present in Airlock's system, such as dynamic trust decisions based on various data, a transition to WDAC could be feasible with additional information collection and policy adaptation.
Prediction: Windows 12 Push for Only Signed Code
A prediction suggests that Windows 12 might enforce running only signed code to improve traceability and security, similar to Apple's notarizing system. This prediction anticipates a surge in code signing necessity with Azure Code Sign offering a simplified signing process, enhancing code trust and preventing unsigned or malicious executables.
Democratization of Code Signing and Potential Challenges
The democratization of code signing, as envisaged for Windows 12, could streamline operation but might also increase the risk of signed malware. Challenges such as managing Azure credentials securely and potential consequences of compromised accounts need thorough consideration for this system's implementation.
Airlock Digital's Exploration of Azure Code Sign Features
Airlock Digital provides insights into the Azure Code Sign preview project, highlighting benefits like enhanced security through Azure authentication and improved key protection. The potential integration of Azure Code Sign could revolutionize code signing practices, offering heightened security for code authenticity and preventing typical certificate vulnerabilities.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
LockBit gets back up after takedown
Russia arrests Medibank hacker… for something else
ConnectWise gives out free updates, but customers aren’t happy
Microsoft gives in to demands for more logs
Sandvine gets entity-listed
And much much more.
Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan.
In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code.
