Hacker And The Fed

Are Paying Ransoms Illegal? Ransomware Shuts Down a 158 Year Old Company, Fido2 Security Keys, and Hacktivist Rules

Oct 12, 2023

In this podcast, the hosts discuss the legality of paying ransoms in the US and the top 10 cybersecurity misconfigurations. They also explore a ransomware attack that led to the shutdown of a 158-year-old company. Additionally, they address listener questions about Fido2 security keys and hacktivist rules.

01:14:42

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Microsoft's 2023 digital defense report highlights the top cybersecurity threats and recommends implementing zero-trust and least-privileged principles to combat attacks.

The legality of paying ransoms varies based on circumstances and jurisdiction, but paying ransoms to known bad actors, including terrorists, is generally prohibited.

The NSA and CISA have identified the top 10 cybersecurity misconfigurations, including weak multi-factor authentication and poor patch management, and provided recommendations for addressing them.

Deep dives

Microsoft releases 2023 Digital Defense Report

Microsoft has released its yearly Digital Defense Report, highlighting the most common attacks leveraged by adversaries and providing cybersecurity statistics. The report shows that nation-state actors are expanding their global target set, with Ukraine being the top European target. Identity attacks and ransomware counters, along with attacks targeting open-source software, are identified as the top threats by Microsoft Defender experts. The report further reveals that 80 to 90% of all successful ransomware compromises originate through unmanaged devices. To safeguard against these attacks, Microsoft recommends implementing zero-trust and least-privileged principles.

Introduction

2min

Cybersecurity Awareness Month & Intro Contest

16min

The Legality and Consequences of Paying Ransoms in the US

11min

Top 10 Security Misconfigurations Exploited by Attackers

6min

Accountability in Cybersecurity Incidents

7min

CSAS Report and Rising Value of Zero-Day Exploits for Hacking WhatsApp

2min

The Breach of an Aerospace Firm

14min

Security Keys and Fido2 Authentication

5min

Rules for Hacktivists and Career Pivots

12min

This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules.

Links from the episode:

Microsoft Releases Its Yearly Digital Defense Report

https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023

Are Paying Ransoms Illegal in the U.S.?

https://www.huntonprivacyblog.com/2022/07/26/florida-enacts-law-prohibiting-state-agencies-from-paying-cyber-ransoms/

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a

Zero-days for Hacking WhatsApp are Now Worth Millions of Dollars

https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/

Lazarus Impersonated Meta Recruiter to Breach Spanish Aerospace Firm

https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/

Kettering logistics firm enters administration with 730 jobs lost