Risky Business #747 -- Lockbit Leader Has A Very Bad Day

Patrick dials in from RSA in San Francisco to discuss the week’s security news with Adam, including:

• The west doxxes LockbitSupp, who must now hide his hundred million dollars
• Revil hacker behind Kasaya breach gets 14 years
• Microsoft makes some positive sounding* noises on security
• A fun flaw in nearly all VPN clients
• Gitlab admins continue their never-ending incident response
• And much, much more.

This week’s sponsor is Stairwell. Long time infosec researcher Silas Cutler joins us to talk through his adventures in attacker C2 systems, and how this feeds into Stairwell’s data.

* we’re still sceptical they’ll get it right, but they do at least seem to realise how deep the doo-doo they’re in is… Pat speculates they have … tentacles, and a regulatory-threat-gland.

Show notes

• 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks | WIRED
• Andy Greenberg: "@metlstorm @riskybusiness no w…" - Infosec Exchange
• U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security
• Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware
• Microsoft ties security goals to exec compensation
• China suspected of hacking British military payment system, reports say
• Germany recalls ambassador to Russia over cyberattacks
• Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’
• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica
• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED
• Dropbox says hacker accessed passwords, authentication info during breach
• Maximum-severity GitLab flaw allowing account hijacking under active exploitation | Ars Technica
• Our new research: Enhancing blockchain analytics through AI
• Reconstructing the Mind’s Eye: fMRI-to-Image with Contrastive Learning and Diffusion Priors
• Kevin Collier on X: "Oh my God. @riskybusiness is already the name of what is by a longshot the most established cyber podcast. There are a million possible names out there and Mr Decision Making over here went with one that's been in use for more than 15 years."