Risky Business Podcast

June 29, 2022

Risky Business #669 -- Finally, an ICS attack that made stuff explode!

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Activists who are totally not Israeli military hackers make Iranian steel mills firebally
  • Chinese APT crews use ransomware to muddy attribution
  • Attackers are now ransoming cloud access
  • Chinese APTs using building control systems for persistence and stealth
  • USA, UK and NZ govts issue PowerShell advice
  • Much, much more

This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #669 -- Finally, an ICS attack that made stuff explode!
0:00 / 0:00

Show notes

Iranian steel facilities suffer apparent cyberattacks

Automotive fabric supplier TB Kawashima announces cyberattack

US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future

BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks

Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future

Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web

Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future

Akamai Blog | Bots Are Scalping Israeli Government Services

Rise of LNK (Shortcut files) Malware | McAfee Blog

Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT

Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future

The hacking industry faces the end of an era | MIT Technology Review

Lawmakers want to restrict user data sales to nations like China, Russia

US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future

CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF

A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review

Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions

Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig

BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig

CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future

CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future

CSAC Recommendations (06-16-2022) (1) - DocumentCloud

Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security

Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig

Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig

Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO

FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future

Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter

PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter

Patrick Gray on Twitter: "🎉" / Twitter