Risky Business #653 -- REvil arrests: Sometimes a banana is just a banana

Why Russia's "ransomware diplomacy" might be something more boring...
02 Feb 2022 » Risky Business

On this week’s show Patrick Gray, Tom Uren and Joe Slowik discuss the week’s security news, including:

  • Why China’s Olympics app is probably not spyware
  • New DDoS record set at 3.47Tbps
  • USG goes all in on Zero Trust
  • Dmitry Medvedev makes all the right noises on ransomware cooperation
  • Iranian APT crew dabbles in ransomware
  • German fuel distribution ransomwared
  • The latest on NSO
  • Much, much more

This week’s show is brought to you by Google Cloud. Anton Chuvakin, the head of security solution strategy at Google Cloud will be along in this week’s sponsor interview to talk about why SIEM vendors – including Google Cloud – are gobbling up SOAR platforms in acquisitions.

Links to everything that we discussed are below and you can follow Patrick, Tom or Joeon Twitter if that’s your thing.

Show notes

The surveillance concerns around China’s Winter Olympics app – explained | Surveillance | The Guardian
Cross-Country Exposure: Analysis of the MY2022 Olympics App - The Citizen Lab
Wiper in Ukraine Used Code Repurposed From WhiteBlackCrypt Ransomware
German government warns of APT27 activity targeting local companies - The Record by Recorded Future
Microsoft fends off record-breaking 3.47Tbps DDoS attack | Ars Technica
White House releases final zero-trust strategy for federal government - The Record by Recorded Future
White House expands digital regulations for U.S. water supply
Conti ransomware hits Apple, Tesla supplier - The Record by Recorded Future
Top Russian official cites REvil arrests as sign of cooperation, says Moscow is awaiting reciprocation
Совет Безопасности Российской Федерации
Major German fuel storage provider hit with cyberattack, working under limited operations
Iranian state-sponsored group APT35 linked to Memento ransomware - The Record by Recorded Future
Deadbolt ransomware hits more than 3,600 QNAP NAS devices - The Record by Recorded Future
QNAP warns NAS users of DeadBolt ransomware, urges customers to update | ZDNet
Unpacking the rise of BlackCat ransomware: High victim count, high payouts, customized features
Ransomware group says it took files from French Ministry of Justice
Cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021 - The Record by Recorded Future
DeepDotWeb co-admin sentenced to 8 years in prison - The Record by Recorded Future
Booby-trapped sites delivered potent new backdoor trojan to macOS users | Ars Technica
Apple pays out $100k bounty for Safari webcam hack that imperiled victims’ online accounts | The Daily Swig
Qubit Finance platform hacked for $80 million worth of cryptocurrency - The Record by Recorded Future
Android malware will factory-reset a phone after stealing a user's funds - The Record by Recorded Future
2FA app with 10,000 Google Play downloads loaded well-known banking trojan | Ars Technica
Threat actor target Ubiquiti network appliances using Log4Shell exploits - The Record by Recorded Future
Finland says it found NSO's Pegasus spyware on diplomats' phones - The Record by Recorded Future
NSO offered US mobile security firm ‘bags of cash’, whistleblower claims | Surveillance | The Guardian
The Battle for the World’s Most Powerful Cyberweapon - The New York Times