Risky Business #625 -- Iranians wipe some machines, Israelis kaboom some

Payloads vary in Middle East cyber skirmishes...
26 May 2021 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The latest news on the health system ransomware crisis in Ireland
  • TSA to force pipeline operators to disclose attacks they probably aren’t detecting anyway
  • Colonial paying ransom angers US congresspeople who really haven’t thought this through
  • Iran targets Israeli systems with new wipers
  • Israel targets Hamas systems with guided munitions that go bang
  • Much, much more

This week’s sponsor guest is Ryan Kalember, EVP of Cybersecurity Strategy at Proofpoint. He joins us to talk about how compromised o365 accounts are powering all sorts of threat actors right now – from ransomware operators to BEC crews and APT units, everyone loves a popped mailbox.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. didn’t hack DarkSide group that hacked Colonial Pipeline - The Washington Post
Hear ye, DarkSide! This honorable ransomware court is now in session | Ars Technica
Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment
TSA to issue cyber directive for pipeline operators following Colonial ransomware attack
Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident
(2) hakan on Twitter: "So, one hour ago CONTI apparently decided to provide HSE with a free decryption tool, as per their statement (see screenshot. https://t.co/lyIuBoN6XP" / Twitter
Irish officials analyze decryption tool as long recovery process from ransomware continues
FBI: Conti ransomware gang attacked more than 400 orgs, including 911 centers | The Record by Recorded Future
Cyber insurance premiums rise as ransomware, hacks continue, GAO finds
New Iranian threat actor targets Israel with wipers disguised as ransomware | The Record by Recorded Future
Microsoft warns of malware campaign spreading a RAT masquerading as ransomware | The Record by Recorded Future
Israel bombed two Hamas cyber targets | The Record by Recorded Future
Israel Is a Cyber Superpower But Chooses Bombs to Fight Hackers in Gaza
FSB NKTsKI: Foreign 'cyber mercenaries' breached Russian federal agencies | The Record by Recorded Future
How Hydra, a Russian dark net market, made more than $1 billion in 2020
Air India says data breach impacts 4.5 million former passengers | The Record by Recorded Future
The Full Story of the Stunning RSA Hack Can Finally Be Told | WIRED
Nagios IT monitoring vulnerabilities chained to compromise telco customers en masse | The Daily Swig
Open source ecosystem ripe for dependency confusion attacks, research finds | The Daily Swig
DeepSloth: Researchers find denial-of-service equivalent against machine learning systems | The Daily Swig
Chinese governments has warned 222 apps to remove data slurping code | The Record by Recorded Future
Just a handful of Android apps exposed the data of more than 100 million users | The Record by Recorded Future
Microsoft releases SimuLand, a lab environment to simulate attacker tradecraft | The Record by Recorded Future
WordPress security: More than 600,000 sites hit by blind SQLi vulnerability in WP Statistics plugin | The Daily Swig
Arm and Qualcomm zero-days quietly patched in this month's Android security updates | The Record by Recorded Future
Vulnerability in VMware product has severity rating of 9.8 out of 10 | Ars Technica
Apple fixes macOS zero-day abused by XCSSET malware | The Record by Recorded Future
So long, Internet Explorer, and your decades of security bugs | TechCrunch
Webinar Registration - Zoom