Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec Defensive Security Podcast Episode 322
Sep 22, 2025
In a riveting discussion, hosts explore Qantas handing down executive pay cuts post-cyber incident. They delve into the alarming rise of ransomware losses exacerbated by AI-driven phishing tactics. The conversation shifts to a significant NPM supply-chain compromise, raising concerns about dependency risks. LunaLock ransomware’s unique extortion method using stolen data for AI training models is a game changer. Finally, the FBI warns about impending Salesforce attacks, prompting vital talks on security measures like MFA.
AI Snips
Chapters
Transcript
Episode notes
Personal Incident Response Strain
- Andrew Kallett described a recent three-and-a-half-week incident response engagement that he cannot fully discuss publicly due to employer and legal constraints.
- He emphasized how taxing such incidents are on people and why getting the basics right matters to reduce pain during breaches.
Executive Pay Used As Governance Signal
- Qantas withheld A$800,000 from executive pay after a customer-data breach, signaling board-level accountability moves.
- Jerry Bell suggested this could push executives to treat security investments as business-critical decisions.
AI Supercharges Social Engineering
- AI has materially increased phishing effectiveness and enabled voice-synth + SIM swap combos that bypass traditional signals.
- Resilience data showed AI phishing success rates far above traditional methods, reshaping attack economics.