Are Paying Ransoms Illegal? Ransomware Shuts Down a 158 Year Old Company, Fido2 Security Keys, and Hacktivist Rules
Oct 12, 2023
auto_awesome
In this podcast, the hosts discuss the legality of paying ransoms in the US and the top 10 cybersecurity misconfigurations. They also explore a ransomware attack that led to the shutdown of a 158-year-old company. Additionally, they address listener questions about Fido2 security keys and hacktivist rules.
01:14:42
AI Summary
AI Chapters
Episode notes
auto_awesome
Podcast summary created with Snipd AI
Quick takeaways
Microsoft's 2023 digital defense report highlights the top cybersecurity threats and recommends implementing zero-trust and least-privileged principles to combat attacks.
The legality of paying ransoms varies based on circumstances and jurisdiction, but paying ransoms to known bad actors, including terrorists, is generally prohibited.
The NSA and CISA have identified the top 10 cybersecurity misconfigurations, including weak multi-factor authentication and poor patch management, and provided recommendations for addressing them.
Deep dives
Microsoft releases 2023 Digital Defense Report
Microsoft has released its yearly Digital Defense Report, highlighting the most common attacks leveraged by adversaries and providing cybersecurity statistics. The report shows that nation-state actors are expanding their global target set, with Ukraine being the top European target. Identity attacks and ransomware counters, along with attacks targeting open-source software, are identified as the top threats by Microsoft Defender experts. The report further reveals that 80 to 90% of all successful ransomware compromises originate through unmanaged devices. To safeguard against these attacks, Microsoft recommends implementing zero-trust and least-privileged principles.
Are paying ransoms illegal in the US?
Paying ransoms to known bad actors, including those associated with terrorism, is prohibited by regulations set by the US Department of Treasury's Office of Foreign Assets Control (OFAC). While some states like North Carolina and Florida have made it illegal for state and local government agencies to pay ransoms, the rest of the states and territories are bound by the OFAC regulations. However, it's important to note that the legality of paying ransoms may vary depending on the circumstances and jurisdiction.
NSA and SISA share top 10 cybersecurity misconfigurations
The NSA and SISA have shared the top 10 most common cybersecurity misconfigurations that are exploited by attackers. These misconfigurations include default configurations, improper separation of user and administrative privileges, poor patch management, weak or misconfigured multi-factor authentication (MFA), and more. The report also provides recommendations for mitigation and remediation to address these misconfigurations and strengthen overall cybersecurity.
Zero-days for WhatsApp hacking now worth millions
The value of zero-day exploits for hacking WhatsApp has skyrocketed, with prices ranging from $1.7 million to $8 million. As security mechanisms and mitigation techniques improve, hacking cell phones running iOS and Android has become increasingly expensive. The black market demand for zero-days that allow access to WhatsApp messages is driving up their value, making them a lucrative commodity for attackers.
Impact of Company Closure on Local Economies
The closure of a UK logistics company had a significant impact on the local economy, affecting not only the 730 jobs lost but also causing a drain on resources and the potential downfall of local businesses.
FDA Mandates Cybersecurity for Medical Devices
The FDA has implemented new regulations requiring vendors of medical devices, including pacemakers and insulin pumps, to enhance security features. The regulations aim to protect against cyber threats by creating processes to find and mitigate vulnerabilities, establishing a software bill of materials, and ensuring a plan is in place to address vulnerabilities after products are sold.
This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules.
Links from the episode:
Microsoft Releases Its Yearly Digital Defense Report
