Risky Business #669 -- Finally, an ICS attack that made stuff explode!

Shabbat shalom, motherf---ers!
29 Jun 2022 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Activists who are totally not Israeli military hackers make Iranian steel mills firebally
  • Chinese APT crews use ransomware to muddy attribution
  • Attackers are now ransoming cloud access
  • Chinese APTs using building control systems for persistence and stealth
  • USA, UK and NZ govts issue PowerShell advice
  • Much, much more

This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Iranian steel facilities suffer apparent cyberattacks
Automotive fabric supplier TB Kawashima announces cyberattack
US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future
BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks
Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future
Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web
Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future
Akamai Blog | Bots Are Scalping Israeli Government Services
Rise of LNK (Shortcut files) Malware | McAfee Blog
Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT
Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future
The hacking industry faces the end of an era | MIT Technology Review
Lawmakers want to restrict user data sales to nations like China, Russia
US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future
A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review
Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions
Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig
BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig
CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future
CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future
CSAC Recommendations (06-16-2022) (1) - DocumentCloud
Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security
Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig
Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig
Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO
FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future
Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter
PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter
Patrick Gray on Twitter: "🎉" / Twitter