Risky Business #667 -- "Shields Up" for cyber's forever war

PLUS: A detailed discussion on the BPFdoor Linux malware…
13 Jun 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • “Shields Up” advice is now provably meaningless
  • Russia to ditch offshore comms apps like WhatsApp
  • Evil Corp’s Lockbit sanctions evasion attempt backfires
  • Binance is a cesspit of shady financial dealings
  • Apple’s passkey release foreshadows FIDO mass adoption
  • Much, much more

This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command | Science & Tech News | Sky News
White House: cyber activity not against Russia policy | Reuters
'Shields Up': the new normal in cyberspace
Governors are being contacted - Newspaper Kommersant No. 95 (7296) dated 06/01/2022
«Вы лично отвечаете за инциденты». Почему 1 мая началась новая эпоха в информационной безопасности - Газета.Ru
Киев использовал против России новый принцип кибератак - Ведомости
Traffic will be sorted into folders - Newspaper Kommersant No. 102 (7303) dated 06/10/2022
FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions | Mandiant
Risky Biz News: LockBit-Mandiant drama, explained
How Binance became a hub for hackers, fraudsters and drug sellers
Cryptocurrencies were once seen as an unmitigated boon for criminals. Not anymore.
Fed cyber officials detail Chinese state hackers using common exploits against telcos
Risky Biz News: Russia orders Google to remove Tor Browser from Russian Play Store
Bizbudding, Inc. v. 365 Data Centers Services, LLC, 3:22-cv-00715 – CourtListener.com
Business Email Compromise Scams Are Poised to Eclipse Ransomware | WIRED
Cybercriminal scams City of Portland, Ore. for $1.4 million - The Record by Recorded Future
Apple's Passkey Replaces Passwords With iPhone and Mac Authentication | WIRED
MongoDB Debuts ‘Queryable Encryption’ to Fight Hacks and Leaks | WIRED
Zero-Day Exploitation of Atlassian Confluence | Volexity
Microsoft Security Intelligence on Twitter: "Multiple adversaries and nation-state actors, including DEV-0401 and DEV-0234, are taking advantage of the Atlassian Confluence RCE vulnerability CVE-2022-26134. We urge customers to upgrade to the latest version or apply recommended mitigations: https://t.co/C3CykQgrOJ" / Twitter
Microsoft Follina Vulnerability in Windows Can Be Exploited Through Office 365 | WIRED
(3) Martin Sheppard on Twitter: "@riskybusiness And yes, many orgs can disable Macros in documents with the mark of the web without a lot of impact. Policy can be used to not mark documents from certain internal sites with mark of the web, which is one way to allow certain legitimate macros with this setting in place." / Twitter
Blockchain, 'Decentralized' Exchange Taken Offline After Hacker Steals Millions
‘Optimism’ Crypto Hack Victim Hopes Thief Will Give Back $15 Million
PeckShieldAlert on Twitter: "#PeckShieldAlert Wintermute Exploiter has transferred 17 million $OP to @optimismPBC https://t.co/5PpgeZXaId" / Twitter
NFT insider trading charges filed against former OpenSea employee Nate Chastain
Detecting BPFDoor backdoor payload | Elastic