Risky Business Podcast

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Spy companies pitch ridiculously invasive approaches to contact tracing
• NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit
• Australian government releases contact tracing app, no idea if it works
• Chinese telcos to get boot from USA
• Much, much more

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Czechs claim state-backed healthcare sector attack preparation
• Pompeo goes full cyber berserker
• New iOS exploit chain targets Uyghur diaspora
• Zoom 0day for $500k? Tell him he’s dreamin’

Snake Oilers is a wholly sponsored podcast series we do here at Risky.Biz where vendors come on to the show to pitch their wonderful, wonderful, magical snake oil to you, the listeners.

In today’s podcast you’ll hear from:

• Kenn White from MongoDB talking about client-side field level encryption
• AlphaSOC’s Chris McNab talking about their latest – they’re not just doing DNS analytics anymore
• SecureStack are making developer-friendly cloud security, provisioning and visibility tooling

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Details about Apple and Google’s contact tracing API and OS changes
• Alex Stamos joins Zoom as outside consultant
• More Zoom news
• US government weighs China Telecom ban following BGP hijacking
• Travelex paid $2.3m to decrypt files in ransomware attack.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• ASD launches offensive action against criminals
• Bio-tech firms working on COVID-19 targeted by ransomware
• Iran targets WHO
• Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it
• Much, much more
  

This podcast is brought to you by the Hewlett Foundation. They provided us with a grant to support us doing some podcasts about cybersecurity issues that touch on policy. Regular listeners would have heard some of these special podcasts already.

Today’s guest is Jennifer Morrell. She’s a partner with Elections Group and is a recognised expert on election audits.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• KSA uses SS7 to track its citizens in USA
• Governments begin virus tracking through personal devices
• FBI warns of Iran-linked crew in yer supply chains
• Voatz gets booted from HackerOne
• All the cloud and Zoom drama

This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.

In this (sponsored) podcast Akamai’s CTO of Security Strategy Patrick Sullivan talks us through the basics of identity-aware proxies. With more and more internal applications being served to newly external users, identity-aware proxies are the new hotness.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Azure resource constraints hit Europe
• Should we unleash surveillance on COVID-19, privacy be damned?
• Browser maintainers cease new releases
• South Korea-linked APT crew attacks World Health Organization
• Much, much more

This week’s show is brought to you by Thinkst Canary.

Thinkst’s Haroon Meer joins the show this week to talk about what he tells customers when they ask him if Thinkst could go rogue and own all their customers.

You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.

You can subscribe to our new YouTube channel here.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Around 50 hospitals around the world are less likely to get popped in ransomware attacks this week, thanks largely to a loose band of InfoSec pros that banded together to help healthcare providers during the COVID-19 crisis.

While they aren’t yet going after ransomware gangs in vigilante-style retribution, the group’s pro bono work has already helped pinpoint over 50 healthcare organizations running vulnerable versions of Citrix NetScalers or Pulse Secure VPN gateways.

Vulnerable VPN endpoints have been targeted by several ransomware gangs in recent months, and despite promises from some groups not to target healthcare organizations, hospital networks and the medical supply chain continue to fall victim.

The voluntary threat intel and hunting effort has been welcome help for Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center (H-ISAC), which has taken on the role of aggregating and disclosing vulnerability information collected by the group to affected healthcare providers.

The group of independent researchers - which now numbers around 200 - has no name. Most of its members prefer anonymity and volunteer outside of work hours. So far they have provided H-ISAC data from honeypots set up to detect opportunistic scanning activity. They also scanned the internet for IP addresses hosting vulnerable VPN endpoints, from which H-ISAC extracted a list of 50 healthcare providers. H-ISAC has sent those organisations links to technical write-ups on the vulnerabilities in question, as well as generic mitigation advice, irrespective of whether they are H-ISAC members.

Weiss is optimistic the advisories will be acted on. “Based on our prior experience, most [hospitals] will pay attention and do something,” he said. The hospitals will be prompted with further information if their systems continue to show up in scans, he said.

Ohad Zaidenberg, one of the few public figures working to corral volunteers, told Risky Business the group has only “just started.”

“From tomorrow, we will start to work actively,” he said, but was coy as to what the next phase of their program involves.

Healthcare CSOs we spoke to this week were grateful for the camaraderie and generosity of their industry peers. But they also cautioned to not expect too much of hospitals under strain.

“The offers of intel-sharing and threat hunting is only useful to the extent that hospitals have the capacity and capability to consume it,” said Christopher Neal, CSO of Ramsay Health Care, which operates a global network of 480 medical facilities in 11 countries. In most hospital networks, Neal said, there are insufficient resources available to act on the information - even prior to the coronavirus outbreak.

Neal wants to see “clearer public policy arguments to increase funding for security programs” in healthcare.

Weiss said that he is keen to receive more Indicators of Compromise (both atomic indicators and TTPs) about ransomware attacks, as well as decryption methods for various strains of the malware. But he recognizes the difficulties that might emerge as the initiative scales. Automation may be required to filter and sort through the volume of data coming in and to prepare actionable reports.

Still, he said, “I’d rather have that problem than the reverse.”