Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint
Dec 18, 2024
auto_awesome
Robby Winchester from SpecterOps, a leading cybersecurity firm renowned for its penetration testing expertise, joins the discussion. He shares insights on the evolution of penetration testing, highlighting the growing importance of identity-centric approaches. The conversation also dives into the recent resurgence of the Cl0p ransomware crew and their alarming hacks. The hosts critique the SEC's uninspiring cyber incident reporting rule and examine the implications of vulnerabilities within Java enterprise software, emphasizing the pressing challenges in today's cybersecurity landscape.
The SEC's cyber incident reporting rule has disappointed expectations, resulting in only 71 filings over 11 months with minimal impact reported.
Penetration testing has evolved towards an identity-centric approach, focusing more on understanding risk in complex cloud environments than merely proving access.
CLOP ransomware's resurgence illustrates persistent threats in cybersecurity, with the group exploiting vulnerabilities to conduct extensive data theft and adapt quickly.
Deep dives
Launch of the New Website
The podcast discusses the launch of a new website for Risky Business, which consolidates various forms of content including written articles, podcasts, and videos. This marks a significant upgrade from an outdated and inefficient content management system that had been in use for many years. The new site, designed by Dave Snellgrove, enhances user experience by providing access to all content in one place. The transition reflects the team’s commitment to improving the platform for their audience.
SEC Cyber Incident Reporting Rule Update
The episode covers the recent developments regarding the SEC's cyber incident reporting rule, which has not resulted in the expected flood of reports or incident cover-ups. Over the past 11 months, only 71 filings have been made, primarily indicating basic incidents without significant material impact. Their findings suggest that the rule is not overly burdensome for companies and may not be providing the clarity needed for investors about cyber risks. This unexpected outcome raises questions about the rule's effectiveness in guiding investor decisions.
Pen Testing Industry Evolution
The discussion transitions to how penetration testing practices have evolved, particularly the increased focus on identity-centric approaches rather than traditional exploit-based testing. Robbie Winchester from SpecterOps highlights that organizations are now facing unique security challenges due to the growing migration to cloud services. This shift necessitates a more nuanced understanding of network configurations and potential vulnerabilities tied to user identities. Tests are becoming less about merely proving access and more about understanding and managing risk in complex hybrid environments.
Australia's Increasing Cybersecurity Challenges
The podcast highlights ongoing cybersecurity threats in Australia, particularly against Japanese corporations and the implications for their security posture. A significant ransomware incident involving a large Japanese game publisher serves as a cautionary tale for organizations with inadequate protection against cybercriminals. The potential for attackers to exploit the country's cybersecurity weaknesses is alarming as they look for lucrative targets amid an increasingly challenging environment. The discussion emphasizes the need for companies to bolster their defenses against evolving cyber threats.
CLOP Ransomware Activities
CLOP has gained attention for its extensive ransomware activities, claiming responsibility for various attacks against different organizations through the exploitation of vulnerabilities in file transfer systems. Their latest operations reportedly yielded so much stolen data that they had to purge older leaks to make space for new files on their platforms. Analysts discuss the implications of CLOP's ruthless targeting and rapid adaptability, which raise significant concerns for organizations managing sensitive data. This recurring threat exemplifies the persistent risk ransomware poses to enterprises today.
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
The SEC’s cyber incident reporting isn’t very exciting after all
China Telecom on the way to being thrown out of the US
The NSA/Cybercom might get two separate hats
The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks
(Yet another) File upload bug in Struts makes Java admins weep
And much, much more.
This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they’re not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps’ Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing.
