Guest Steve Zalewski, co-host of Defense in Depth, discusses topics such as ransomware negotiations being hijacked, ransomware as a service, cybersecurity education for senior citizens, concerns over ransomware targeting backups, and the importance of security posture and disaster recovery.
Ransomware negotiations are being targeted by trolls and cybercriminals, highlighting the need for caution during negotiations.
The FBI faced criticism for delaying a decryption key, raising questions about the balance between disrupting ransomware gangs and protecting victims.
A data leak from a web hosting company highlights the challenges of rebuilding compromised data centers and the importance of robust backups.
Guidelines for securing VPNs aim to strengthen the security posture of remote federal agency employees.
Deep dives
Ransomware Negotiations Being Hijacked by Trolls and Cybercriminals
Ransomware negotiations are increasingly being targeted by trolls and cybercriminals, as seen in the case of the New Cooperative ransomware negotiation which was hijacked by a troll. This incident highlights the potential complications for victims when negotiations are compromised, emphasizing the need for awareness and caution during ransomware negotiations. Experts suggest that the trend of targeting negotiations may continue as cybercriminals look for new ways to monetize their activities.
FBI Delay in Providing Decryption Key to Casia Attack Victims
The FBI faced criticism for delaying the provision of a universal decryption key to victims of the Casia ransomware attack. The delay was reportedly due to a tactical decision to disrupt the ransomware gang. However, the House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the delay, as it may have caused businesses, schools, and hospitals to lose money and time while recovering their data. The debate highlights the complexities faced by law enforcement agencies in balancing their responsibilities and the need to protect victims.
Epic Data Breach Exposes Entire Server Infrastructure
Anonymous released a new leak of data from the web hosting company Epic, exposing its entire server infrastructure. The leaked data includes bootable disk images, API keys, and plain text login credentials for Epic systems, Coinbase, PayPal, and more. The severity of the breach highlights the challenges faced by Epic in rebuilding their compromised data center from scratch, as the leaked information makes patching impossible. This incident serves as a reminder of the importance of robust data backups and the potential consequences of a significant breach.
Guidelines for Securing VPNs Shared by NSA and CISA
The National Security Agency and the Department of Homeland Security's cyber wing have published guidelines for securing VPNs. The guidelines emphasize the need for selecting VPNs from reputable vendors, patching known vulnerabilities, and strictly using necessary features. The recommendations aim to strengthen the security posture of federal agency employees who have transitioned to remote work during the COVID-19 pandemic. The guidelines address the increasing threat of foreign government-backed hackers exploiting vulnerabilities in VPN devices.
Delaware Introduces Cybersecurity Education Program for Senior Citizens
Delaware has launched an educational cybersecurity program for senior citizens to combat the rising instances of cybercrime targeting that age group. The program covers topics such as multi-factor authentication, identifying spam calls and phishing emails, and safeguarding social media and email accounts. The initiative recognizes the vulnerability of senior citizens to cyber attacks and aims to empower them with knowledge and skills to protect themselves online.
Robo Calling and Telegram Bots Used to Bypass Two-Factor Authentication
Cybercriminals have devised new methods to bypass two-factor authentication (2FA) using robo calls and Telegram bots. These automated attacks trick users into revealing their one-time passwords (OTPs) in real time, enabling attackers to access their accounts. This form of social engineering attack relies on high levels of automation, making it harder to train users to recognize and avoid such tactics. As automation in cyber attacks increases, organizations need to invest in security awareness training and explore additional security measures to mitigate the risks.
Ransomware Operators Target Backups for Additional Leverage
Ransomware operators, such as the Conti ransomware gang, are increasingly targeting backups to gain additional leverage over victims. The focus on compromising backup software, such as that provided by Veeam, aims to ensure that victims have limited options for recovering encrypted data. This trend indicates a shift in ransomware operators' motives from solely monetary gain to inflicting maximum damage on targeted organizations. The increasing sophistication and punitive nature of these attacks pose significant challenges for organizations in defending against and recovering from ransomware incidents.
ACCELERATE YOUR OWN ZERO TRUST JOURNEY. The strongest defense against modern threats comes from a Zero Trust posture. The trick is getting there — quickly and easily — from where you already are. At VMworld 2021 we’ll show you how we help you operationalize Zero Trust whatever your starting point. Learn how to get the strongest security for your workloads and workspaces across your Multi-Cloud and Edge with solutions that protect inside and cross-cloud — from the API level and up — all the way to the workspace. Strength flows from the convergence of security and the network, distributed everywhere your data and endpoints are. The Networking, Security and Edge Tracks have a variety of value-packed breakout sessions. Join thousands of your peers by registering now at vmware.com/vmworld.
All links and the video of this episode can be found on CISO Series.com
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
