Risky Business #659 -- Okta and Microsoft meet LAPSUS$

PLUS: Why Elon Musk's Starlink is now a military target...
23 Mar 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Okta’s somewhat awful comms around its LAPSUS$ incident
  • Inside Microsoft’s brush with the same group
  • How Elon Musk’s Starlink service is being used to drop bombs on Russian tanks
  • US, UK governments warn of impending Russian cyberdoom
  • Much, much more…

This week’s sponsor interview is with Paul Lanzi, co-founder of Remediant. Paul joins the show this week to talk about cyber insurance. It’s a topic that has come up a lot for us lately – ransomware has borderline sunk the current cyber insurance model as payments ballooned and payouts made a lot of insurers adjust premiums to the. But all is not lost – Paul says this blowup means the insurance industry is actually adapting and could wind up being a driver of better security practices.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Hackers hit authentication firm Okta, customers 'may have been impacted' | Reuters
Updated Okta Statement on LAPSUS$ | Okta
Microsoft investigating Lapsus$ claims of Bing, Cortana data theft - The Record by Recorded Future
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction - Microsoft Security Blog
U.K. echoes Biden warning on Russian cyberattacks - The Record by Recorded Future
Statement by President Biden on our Nation’s Cybersecurity | The White House
FBI advised that hackers scanned networks of 5 US energy firms ahead of Biden's Russia cyberattack warning - CNNPolitics
CISA, FBI warn of satellite network hacks following Viasat cyberattack - The Record by Recorded Future
Specialist Ukrainian drone unit picks off invading Russian forces as they sleep | News | The Times
China’s DJI And Its Billionaire Chief Put In An Awkward Spot As Both Sides In Ukraine War Use Its Drones
Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk
Catalin Cimpanu on Twitter: "Following the poisoning of the node-ipc npm package to sabotage systems in Belarus and Russia, Russia's NKTsKI cyber-security agency has told companies to use local repos for FOSS software, use older versions prior to the invasion, and audit new updates https://t.co/3PlKdXTfn1 https://t.co/EV25HBBZFN" / Twitter
U.S. bars ex-spies from becoming 'mercenaries,' following Reuters series | Reuters
Behold, a password phishing site that can trick even savvy users | Ars Technica
Death of the Password? FIDO Alliance Reveals Its New Plan | WIRED
Scammers have 2 clever new ways to install malicious apps on iOS devices | Ars Technica
New details emerge on prolific Conti-linked cybercrime group
Trickbot is using MikroTik routers to ply its trade. Now we know why | Ars Technica
Sandworm-linked botnet has another piece of hardware in its sights
Hacker Steals Customer Data From Circle, BlockFi, Other Big Crypto Firms - Decrypt
Lawmakers Probe Early Release of Top RU Cybercrook – Krebs on Security
A different way to do PAM -- Paul Lanzi, Remediant - YouTube