The many personalities of Lazarus

OpEd: North Korea's "Lazarus Group" is best understood as a network of distinct groups or "clusters", each with unique capabilities and quirks.

North Korea’s “Lazarus Group” gets through an impossibly prodigious amount of activity. That’s because this “group” is better understood as several distinct, connected clusters that together add up to North Korea’s formidable hacking operation.

Risky Business #603 -- YOU get sanctions, and YOU get sanctions

EVERYONE GETS SANCTIONS!!!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • “Proud Boys” email campaign attributed to Iran in record time
  • Sanctions for everyone!
  • US doxes more adversary TTPs
  • Katie Nickels and Chris Krebs join the show

This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.

CISA, FBI roll the dice on transparency

The Risky Biz newsletter for October 27, 2020...

CISA and the FBI are calling out Russian intrusions as they see them, while US Treasury imposes sanctions on the developers of Triton ICS malware and Iranian disinformation shops.

Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform

PLUS: Don Pezet from ITProTV talks 2020 online training trends...

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

  • Gravwell pitches its “structure on read” approach to SIEM
  • Plextrac describes its red team/pentest reporting platform
  • ITProTV’s Don Pezet talks about trends in online training

Risky Business #602 -- US DoJ hooks Sandworm

PLUS: A mercifully brief recap of the absolutely bonkers Wilmington Mac Shop story...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US DoJ unseals indictments against Sandworm operators
  • Twitter backtracks on “hacked materials” policy
  • No consensus on Trickbot c2 status
  • NSA publishes “most exploited” listicle that’s actually interesting
  • Much, much more

Sandworm operators indicted

The Risky Biz newsletter for October 20, 2020...

Russia, Russia, Russia. The US Department of Justice has indicted six members of Sandworm, a military intelligence unit of Russia’s GRU, while the UK accused it of preparing attacks on the (now postponed) Tokyo Olympics. Russian crews have also been identified in recent attacks against Norway’s parliament and state and local governments in the US. We also, reluctantly, touch on another actor with a Russian nexus, Rudy Giuliani.

Risky Business #601 -- Everyone's messing with TrickBot

PLUS: Why the "ethics in OST" debate is moot...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Yep, it was Cyber Command
  • Also Microsoft, Symantec, Lumen and others
  • Norwegian parliament hack pinned on Russia
  • We finally talk about “ethics in OST”
  • More

Snake Oilers 12 Part 1: An incident management platform for the SOC and auditing for your SaaS accounts

PLUS: Trend Micro pitches XDR as a concept...

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

  • Vaughan Shanks pitches the Cydarm SOC incident management platform
  • Adrian Kitto introduces Detexian, a platform that audits SaaS accounts
  • Eric Skinner from Trend Micro talks about XDR

Risky Business #600 -- Who's messing with TrickBot?

PLUS: Treasury issues final warning over sanctioned ransomware crews...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The UHS ransomware attack
  • Someone is messing with TrickBot: Did the USA release the hounds?
  • US Treasury issues final warning on sanctioned ransomware crews
  • Azerbaijan and Armenia going at it
  • Fancy Bear owns US government department

Ransomware attack cripples 250 US hospitals

The Risky Biz newsletter for October 6, 2020...

This week alone, ransomware attacks have crippled several hundred US hospitals and inconvenienced scientists working on COVID-19 vaccines and treatments. The lines have been crossed so many times now: do lawmakers really need to wait until an attack changes patient outcomes before the hounds are released?

Risky Biz special guest: Former Australian Prime Minister Malcolm Turnbull

Ex-PM talks about Huawei, 2016 US campaign hack-and-leak, disinformation and more...

In this podcast you’ll hear an interview with former Australian prime minister Malcolm Turnbull. He joins Risky Business to talk through a bunch of issues from Huawei’s exclusion from Australia’s NBN and 5G builds, to political accountability and leadership in cybersecurity.

Risky Business #599 -- You get domain admin! And YOU get domain admin!

EVERYONE gets domain admin!!!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Russia, China, Iran having a red hot go at US political orgs
  • Crowdstrike drops report, telcos having a bad time
  • MSS owning US government with dumb bugs
  • DoJ indicts Iranian script kiddie because reasons
  • Proposed TikTok-Oracle deal barely makes sense
  • The mother of all Microsoft auth bugs, wow
  • Much, much more…

GRU eyes US election

The Risky Biz newsletter for September 15, 2020...

Microsoft has outed attempts by GRU attackers to hack into the Office365 accounts of political campaigns.

Risky Business #598 -- China closing the "cyber gap" with USA

PLUS: Operation Warp Speed efforts to ensure COVID research data integrity, availability...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Why integrity and availability are key to developing a COVID vaccine
  • China closing the “cyber gap” with USA
  • ASPI publishes research on TikTok, WeChat censorship
  • Belarusian “news app” was tracking activists
  • Julian Assange back in court to fight extradition
  • Much, much more