The Cybersecurity Defenders Podcast

#162 - Intel Chat: FIN7, COLDRIVER, perfectly, Comcast & EKUwu

Oct 10, 2024

In this discussion, cybersecurity expert Matt Bromley shares his insights on emerging threats. He reveals how the FIN7 group is using AI-driven deepfakes in phishing scams, manipulating victims through familiar applications. The conversation also highlights the dismantling of COLDRIVER's cyber operations by Microsoft's Digital Crimes Unit. Additionally, Bromley discusses Aqua Security's research into stealthy Linux-targeting malware and the implications of a significant data breach at Comcast. The vulnerabilities within Active Directory Certificate Services are examined, stressing the need for proactive security measures.

29:45

Creator website

Episode guests

Matt Bromley

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The innovative use of AI-based deepfake generators by the FIN7 group highlights the evolving sophistication of phishing tactics targeting unsuspecting victims.

The collaborative efforts between Microsoft's Digital Crime Unit and the U.S. Department of Justice underscore the importance of international cooperation in combating state-sponsored cyber threats.

Deep dives

Fin7 Cyber Criminal Group's Phishing Tactics

The Fin7 cyber criminal group has adopted innovative phishing tactics by using AI-based deepfake generators to lure victims into downloading malware. They have created multiple fraudulent websites that appear to offer seemingly legitimate deepfake software, targeting users interested in adult content. This approach not only enables them to execute credential-stealing operations like Redline Stealer but also increases their reach through search engine optimization techniques that enhance the visibility of these malicious sites. The integration of human psychology with sophisticated technology in their campaigns showcases the advanced evolutionary tactics of modern cyber threats.

Intro

2min

Cyber Threats and Deepfake Deceptions

11min

Malware Insights and Data Breach Accountability

9min

Exploring Vulnerabilities in Active Directory Certificate Services

3min

Navigating Active Directory Security and Community Engagement

4min

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

Silent Push's recent analysis reveals new tactics by the FIN7 cybercriminal group, which is leveraging AI-based “DeepNude Generators” as part of a phishing campaign to spread malware.
Microsoft's Digital Crimes Unit (DCU), in partnership with the U.S. Department of Justice, has taken steps to dismantle cyber operations by Star Blizzard, a Russian state-affiliated actor also known as COLDRIVER.
Aqua Security's detailed research on perfctl describes it as a highly stealthy malware that targets Linux servers using a range of sophisticated methods.
Comcast recently disclosed that over 237,000 customers had their personal data compromised due to a ransomware attack targeting a former debt collection agency, Financial Business and Consumer Solutions (FBCS).
TrustedSec's research on EKUwu sheds light on a significant Active Directory Certificate Services (AD CS) vulnerability that allows attackers to misuse version 1 certificate templates.

Stats on business outcomes after breaches referenced by Matt.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

The Cybersecurity Defenders Podcast

#162 - Intel Chat: FIN7, COLDRIVER, perfectly, Comcast & EKUwu

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Fin7 Cyber Criminal Group's Phishing Tactics

Microsoft's Offensive Against State-Affiliated Threats

The Stealthy Threat of Perf Control Malware

Accountability Gaps in Cybersecurity Breaches

Remember Everything You Learn from Podcasts