ShadowTalk: Powered by ReliaQuest
Technology
News
ReliaQuest
Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research.Senior Intelligence Analysts Chris Morgan and Kim Bromley bring together over 30 years of experience in threat intelligence across government, military, and telecommunications. Along with their guests, they provide practical perspectives on the week’s top cybersecurity news and share knowledge and best practices to help businesses mitigate the most pertinent cyber threats. Welcome to ShadowTalk, powered by ReliaQuest.About ReliaQuest: With over 1,000 customers worldwide and 1,200 teammates across six global operating centers, ReliaQuest delivers security outcomes for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.
Episode 48: Tesco Bank Fraud And £16.4m FCA Fine
Two years on from the Tesco Bank fraud attacks that allowed cybercriminals to check out with £2.26m (roughly $3m) in customer funds, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the UK Financial Conduct Authority’s investigation report. This episode will be crucial listening for anyone involved in the financial services industry, as well as those eager to learn about incident response processes and how poor execution can have disastrous, and costly, consequences. The FCA final notice is available on: https://www.fca.org.uk/publication/final-notices/tesco-personal-finance-plc-2018.pdf
26:2302/11/2018
Episode 47: Ransomware Surges in October, Cathay Pacific Breach, and Triton Attributed
Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the week. This week’s podcast has a strong Guy Richie flavor, with a focus on lock, stock and ru smoking barrels. We begin by discussing October’s hot ransomware activity, including the most popular variants, common targets, and mitigation advice. Second, we discuss sliding stock value amid reports of data breaches: we dig into the Cathay Pacific and Facebook breaches. And, finally we discuss the recent attribution of Triton malware to a Russian entity and why it’s TTPs you should care about.
22:5726/10/2018
Episode 46: Supply Chain and Third-Party Risks
Following on from last week’s conversation on how managed service providers can increase your attack surface, Simon Hall and Richard Gold join Rafael Amado to discuss supply chain risks. With so much to cover, the team break this topic down into hardware, software and third-party service risks, including examples such as the MeDoc-NotPetya campaign and the recent SuperMicro hardware allegations. As always, Richard and Simon cover some useful good practices for those looking to improve their risk management processes.
23:5219/10/2018
Episode 45: FASTCash Hidden Cobra, MSP Risks, Five Eyes Tooling Report
Digital Shadows CISO Rick Holland, Dr Richard Gold and Simon Hall join Rafael Amado to cover the Hidden Cobra FASTCash campaign alert issued by US authorities, detailing ATM cash out campaigns performed by North Korean actors. The team look over the Five Eyes joint report into publicly available hacking tools. And, finally, are companies who use MSPs at greater risk of attack? For more on the Powershell blog referenced by the Five Eyes report, visit: https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/
23:3413/10/2018
Episode 44: Business Email Compromise
In this week’s Shadow Talk, Rafael Amado joins Michael Marriott to discuss Digital Shadows’ latest research on Business Email Compromise. We discuss how criminals are outsourcing this work, and how the exposure of 33,000 finance department credentials is increasing the ease for attackers. However, even without taking over accounts, criminals can get their hands on sensitive financial information. We dig into the 12.5 million exposed email archives that are available through misconfigured online file stores, including invoices, purchase orders, and payments. Finally, we provide advice for mitigating these risks.
24:5905/10/2018
Episode 43: Security Flaws Affect 50 Million Facebook Accounts and Equifax Fined £500,000
Rick Holland, CISO of Digital Shadows, joins Richard Gold and Michael Marriott to discuss the latest cybersecurity news. In part one, we discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the ICO. We look at the lessons learned.
21:2828/09/2018
Episode 42: Security Layering and Usability Trade-offs
Simon Hall and Richard Gold join Rafael Amado to focus on the trade-offs between security and usability, as well as the practice of security layering that can often make us more insecure. The team look over security measures such as regular complex password expiry policies that create headaches for organizations and end users, why it’s not easy to make security usable, whether certain security measures such as anti-virus software actually make us more insecure, and what alternative system defences can bridge the gap between security and usability. For the NCSC blog on security and usability, visit: https://www.ncsc.gov.uk/blog-post/security-and-usability-you-can-have-it-all
21:2421/09/2018
Episode 41: Magecart Payment Card Thefts
In this week’s ShadowTalk, Richard Gold and Simon Hall join Michael Marriott to discuss the latest spate of attacks by the threat actor known as Magecart. We dig into the history of Magecart, different approaches to web skimming, and provide advice on how organizations can best protect against this threat.
17:4714/09/2018
Episode 40: DoJ Complaint Charges North Korean Actor For Sony Attacks, WannaCry, and More
In this week’s ShadowTalk, Richard Gold and Rafael Amado join Michael Marriott to discuss the latest Department of Justice complaint against an individual working for Chosun Expo, an alleged front for the North Korean state. The individual is accused of involvement in a host of campaigns, including attacks against Sony Pictures Entertainment, banks, defense contractors, and the many victims of the WannaCry ransomware variant. We discuss the most interesting revelations, outlining the different techniques used, and what this all means for organizations.
33:2107/09/2018
Episode 39: Credential Hygiene
Dr. Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. We’ve all heard of not reusing passwords, employing two factor authentication and using password vaults, but why then do organizations still struggle with good credential hygiene? We’ll cover the ways in which attackers steal and take advantage of credentials, what most companies are getting wrong, and the steps you can take to improve your overall credential hygiene practices.
28:0931/08/2018
Episode 38: Midterm meddling and threat modeling
This week it was revealed that six new domains registered by APT28, spoofing nonprofit, Senate, and Microsoft domains, have been sinkholed. With November’s US midterm elections fast-approaching, we dive into the latest threats and discuss how organizations can understand the threat posed to them by such malicious actors. Dr Richard Gold, Head of Security Engineering at Digital Shadows, joins Mike Marriott to discuss threat modeling; outlining the steps organizations can take to define their critical assets, understand the threat landscape, and create scenarios based on these. This enables organizations to identify security controls that are in place to mitigate, prevent and detect a specific threat actor's tradecraft, as well as uncover gaps in controls and establish a remediation plan.
25:1524/08/2018
Episode 37: ATM Fraud and Cashout Operations
Digital Shadows’ Strategic Intelligence manager Rose Bernard joins Rafael Amado to discuss four separate ATM stories making headlines this week. In Part I, they’ll cover an alert on an impending "ATM cash-out" campaign issued by the FBI, and how India's Cosmos Bank lost $13.5m in cyberattacks after actors bypassed the internal ATM switch system. In Part II, Rafael and Rose will look into flaws discovered in NCR ATM currency dispensers, and a new Bitcoin ATM malware advertised for sale on dark web. For more on how actors acquire and then use stolen payment card information, check out Digital Shadows’ Five Threats to Financial Services blog series, available on https://www.digitalshadows.com/blog-and-research/five-threats-to-financial-services-part-four-payment-card-fraud/
17:4317/08/2018
Episode 36: FIN7 Arrests and Phishing Threats
Digital Shadows’ Rose Bernard and Simon Hall join Rafael Amado to cover the arrest of three alleged members of the FIN7 organized criminal group. The team go over the United States Department of Justice’s indictment and provide some key observations on FIN7’s operations, including how sophisticated phishing and social engineering are the cornerstones of the group’s success. In Part II, the team look at phishing more generally, including the threats from business email compromise and malspam. For more analysis of the FIN7 arrests, visit https://www.digitalshadows.com/blog-and-research/fin7-arrests-and-developments/
25:0410/08/2018
Episode 35: Cyber threats to ERP Applications
In this week’s episode, JP Perez-Etchegoyen, CTO of Onapsis, joins Michael Marriott to talk about the exposure of SAP and Oracle applications, the increase in publicly-available exploits, and the threat actors we have observed targeting the sensitive data held within these applications. Download the full report to learn more: https://info.digitalshadows.com/ERPApplicationsUnderFire-Podcast.html
25:1603/08/2018
Episode 34: Satori Botnet, OilRig, PowerShell Security, and the Dragonfly Campaign
Richard Gold and Rose Bernard join Michael Marriott to talked about updates to the Satori botnet, which has expanded to incorporate new IoT devices using TCP port 5555. Amid news of a new wave of OIlRig attacks, a Middle Eastern espionage campaign, we dive into PowerShell security risks and provide advice on best practices for those using PowerShell. For more information on PowerShell Security Best Practices, check out our blog https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/. Finally, we assess the Dragonfly campaign against US power grids, and understand what it all means.
18:4227/07/2018
Episode 33: Digital Risk Protection
Rick Holland, CISO at Digital Shadows, discusses the latest 2018 Forrester New Wave for Digital Risk Protection. He discusses how security leaders must avoid blind spots with a more complete risk picture.
07:2023/07/2018
Episode 32: MITRE ATT&CK™ Framework and the Mueller GRU Indictment
In today’s ShadowTalk, we take on the Robert Mueller indictment against 12 Russian individuals for alleged US election interference. However, rather than dwell on issues of attribution and geopolitics, we focus on the detailed tactics, techniques and procedures laid out in the indictment. Katie Nickels, a member of the MITRE team, joins Rafael Amado and Richard Gold us to discuss the ATT&CK™ framework in greater detail, as well as the key lessons that organizations can takeaway. For Digital Shadows’ analysis of the indictment, visit https://www.digitalshadows.com/blog-and-research/mitre-attck-and-the-mueller-gru-indictment-lessons-for-organizations/
27:2220/07/2018
Episode 31: Carbanak Files and Source Code Leaked?
In this week's ShadowTalk, Digital Shadows’ Russian-speaking security specialist discovered files and source code allegedly related to the Carbanak organized criminal group. The Carbanak malware is a backdoor used by the Anunak (Carbanak) Group to infiltrate financial institutions and steal funds. Richard Gold and Simon Hall join Rafael Amado to discuss the implications for financial services from these revelations. We ask whether this leak represents a threat to organizations, and how businesses can best defend themselves from the techniques used by sophisticated financial criminal groups such as Carbanak. For more analysis from the Security Engineering Team, visit https://www.digitalshadows.com/blog-and-research/alleged-carbanak-files-and-source-code-leaked-digital-shadows-initial-findings/
23:4813/07/2018
Episode 30: SSL Inspection and Interception: Uses, Abuses and Trade-offs
The Payment Card Industry recently passed a deadline requiring that all e-commerce sites and merchants cease supporting TLS 1.0. With this and older protocols such as SSL vulnerable to man-in-the-middle attacks, the fear is that attackers can intercept and tamper with data being sent across these channels. However, SSL interception is also performed by organizations for reasons that include blocking malware or improving data leakage prevention. Richard Gold and Simon Hall join Rafael Amado to discuss how SSL interception works, the different reasons for deploying it, the risks and privacy ramifications of interception, and the overall trade-offs for organizations looking to implement these methods.
21:0206/07/2018
Episode 29: Reducing Your Attack Surface: From a Firehose to a Straw
Following news that a database containing 340 million records has been publicly exposed to the internet, Richard Gold and Simon Hall join Michael Marriott to discuss how (and why) you can reduce your attack surface. For more information on some of the tips provided in this pursuit, visit https://github.com/securitywithoutborders/hardentools.
20:3229/06/2018
Episode 28: Diversity in Security and Women’s Network Launch
Libby Fiumara is joined by Rose Bernard and Sophie Burke to discuss the launch of Digital Shadows’ Women’s Network, challenges facing women in security, and how companies can foster diversity in the workplace.
24:5526/06/2018
Episode 27: Attribution: The How, The What and The Why
Simon Hall and Rich Gold join Michael Marriott to discuss the merits and perils of attribution, including the number of characteristics and variables required for a strong attribution, instances where attribution has succeeded, and whether organizations should care.
22:5022/06/2018
Episode 26: Mythbusting Vulnerabilities and Exploits
Simon Hall and Richard Gold join Rafael Amado to discuss misconceptions around vulnerabilities and exploits, other techniques for gaining code execution, and how organizations can prioritize the patching of vulnerabilities.
21:2615/06/2018
Episode 25: Combating Security Debt, Ticketfly Defacement And Data Breach
In this edition of Shadow Talk, Richard Gold joins us to discuss the issue of security debt, a term used to refer to the accumulation of security risks over time, such as missed patches, misapplied configurations, mismanaged user accounts. Richard looks into how many of the attacks we see on a regular basis are actually a result of security risks that build up over time, and how security debt is a ticking time bomb for most organizations. In Part II, Harrison Van Riper covers the recent website defacement attack and data breach incident targeting the event ticketing company, Ticketfly. Security debt resources:https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/286667/FAQ2_-_Managing_Information_Risk_at_OFFICIAL_v2_-_March_2014.pdf
19:2811/06/2018
Episode 24: Seize and Desist: Changes in the cybercriminal underground
Rafael Amado and Michael Marriott discuss how the criminal underground has evolved since the demise of AlphaBay and Hansa. No single marketplace has managed to fill the AlphaBay-shaped gap left behind, at least among the English-speaking community. Existing sites such as Dream and Trade Route have failed to consolidate this empty space, hampered by a combination of poor communication by administrators and suspicion that these sites could be police honeypots like Hansa had been. Grab a copy of our report to read more: https://info.digitalshadows.com/SeizeandDesistReport-Podcast.html
18:5106/06/2018
Episode 23: L0pht 20 years on and combating cyber threats with military-style tactics
In today’s edition of Shadow talk, Dr Richard Gold joins us to discuss the return of the L0pht hackers. In 1998 the L0pht members delivered a cybersecurity hearing to the United States Senate, warning that any one person in their group could take down the Internet within 30 minutes. 20 years on, we look back on what has and hasn’t changed in the world of information security. In Part II, the team covers recent reporting on the use of military-style tactics such as war gaming and intelligence fusion centres in the financial services industry. We ask whether such tactics are effective, and whether smaller organizations can also employ the techniques being used by some of the world’s largest enterprises.
21:5604/06/2018
Episode 22: VPN Filter targeting Ukraine, TRITON malware, Roaming Mantis, VBScript & Spectre vulns
In this week’s Shadow Talk, the pod unpacks the reporting on VPN Filter, a malware affecting half a million network devices. Reports have suggested that the malware is being prepped to perform imminent large scale disruptive attacks against Ukrainian infrastructure. We also cover new research on the TRITON malware targeting industrial control and SCADA systems, as well as new techniques for the Roaming Mantis malware family. Finally, we bring you updates on vulnerabilities related to VBScript and the Spectre/Meltdown attacks.
23:2829/05/2018
Episode 21: eFail vulns affecting Open PGP and S-MIME, and interbank payment systems risks
In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to explain the EFAIL vulnerability affecting Open PGP and S-MIME, as well as other flaws identified in encrypted messaging platforms. Dr Gold also outlines the the factors you should be considering to prioritize your patching. In part two, we look at the $15 million theft in Mexico and outline the risks facing interbank payment systems.
23:2221/05/2018
Episode 20: Winnti Umbrella, DarkHotel, Office 365 Vulnerability, and Olympus Dark Web Marketplaces
In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We discuss vulnerabilities in Microsoft Office (CVE-2018-8174) and basestriker. And, finally, we outline the fall out surrounding the Olympus dark web marketplace.
19:4314/05/2018
Episode 19: Loki Bot, LoJack, GPON Vulnerabilities, and Blackrouter Ransomware
In this week’s episode Shadow Talk, it’s a vulnerability extravaganza. We cover malicious use of legitimate software, as APT28 attributed to hijacking LoJack and Blackrouter delivered via AnyDesk software. Vulnerabilities found (and exploited) in GPON home routers, and Loki Bot exploits two remote code execution vulnerabilities in Microsoft Office (CVE-2017-8570 and CVE-2018-0802).
17:5706/05/2018
Episode 18: Healthcare hacking, BGP hijacking, crypto jacking, and more
In this week’s episode of Shadow Talk, we cover the targeting of healthcare organizations by Orangeworm, BGP hijacking, vulnerabilities in MikroTik routers, DDoS market shutdowns, and the profitability of cryptocurrency mining.
19:2429/04/2018
Episode 17: Network Infrastructure Compromise, Magnitude EK Development, the Gold Galleon, & more
In this week’s episode of Shadow Talk, we cover Russia’s attempts to ban the social messaging app, and also read between the lines of the joint US and UK advisory on network infrastructure compromises by Kremlin-backed actors. We also outline new ransomware payloads incorporated into the Magnitude exploit kit and we bring you the latest news on vulnerabilities in the Drupal Platform and Cisco’s Webex software.
23:1523/04/2018
Episode 16: Cisco Smart Install Client flaw, Microsoft Outlook vuln, OpIcarus, RSAC, and more
This week’s Shadow Talk discusses a Cisco Smart Install Client flaw exploited in disruption attack, an information leak vulnerability discovered in Microsoft Outlook, details on OpIcarus and OpIsrael, Verizon DBIR, and why you still should be excited about the RSA Conference.
22:1015/04/2018
Episode 15: 1.5 Billion Files Exposed Through Misconfigured Services
Rafael Amado and Michael Marriott join this week’s Shadow Talk, taking a deep dive into our recent report “Too Much Information”. The research discovered over 1.5 billion files from a host of services, including Amazon S3 buckets, rsync, SMB, FTP, NAS drives, and misconfigured websites. To learn more, download the full report at https://info.digitalshadows.com/FileSharingDataExposureResearch-Podcast.html.
18:2611/04/2018
Episode 14: Panera Breach Lessons, WannaCry’s Re-emergence, Genesis Marketplace, and more
This week’s Shadow Talk discusses what the re-emergence of WannaCry, exposure of Aggregate IQ data, exposure of 1.5 billion files through misconfigured services, as well as lessons learned from the Panera breach, an emerging new criminal market, and much more.
21:4109/04/2018
Episode 13: Cambridge Analytica, Trickbot Updates, SamSam Surge Continues, And Dragonfly Attributed
This week’s Shadow Talk discusses what the Cambridge Analytica revelations mean for disinformation and personal privacy, updates to Trickbot, Zeus Panda and Remnit trojans, City of Atlanta suffers from ransomware attack, and Dragonfly campaign attribution to Russian Government.
22:4923/03/2018
Episode 12: Tax Fraud, AMD Vulnerability, Slingshot Targets Mikrotik Routers, And Hermes Ransomware
This week’s Shadow Talk outlines the latest techniques in tax return fraud, claimed vulnerabilities in AMD chips, Slingshot malware targeting Mikrotik routers, and Greenflash Sundown Exploit Kit delivering Hermes ransomware. Watch our webinar with the FBI on the latest ransomware threats here: https://info.digitalshadows.com/FBIRansomwareThreats-WebinarOnDemand-ShadowTalk.html
22:3516/03/2018
Episode 11: Memcached attacks, disinformation in ME, Spectre exploit, German gov network intrusion
Digital Shadows’ Research team discusses record DDoS attacks using Memcached servers, disinformation campaigns, a proof of concept exploit for the Spectre vulnerability, and new details of a historical network intrusion affecting the German government.
19:4809/03/2018
Episode 10: Memecached Server DDoS, Flash Vuln in Spam Campaign, Trustico Cert Issues, & Ransomware
The Digital Shadows research team provides an overview of the latest news this week, including CVE-2018-4878 that’s now being used in a spam campaign, 23,000 website certificates set to be revoked, Memecached Server Used for DDoS Reflection, and updates on SamSam and DataKeeper ransomware variants.
22:0802/03/2018
Episode 9: SWIFT Attacks, Business Email Compromise, Return Of Thedarkoverlord, And APT - 37
The Digital Shadows research team provides an overview of the latest news this week, including new SWIFT attacks, more Business Email Compromise activity, the return of extortionist “thedarkoverlord”, Sam Sam and Saturn ransomware variants, and new reporting on APT-37.
19:5523/02/2018
Episode 8: Lazarus Group, Olympics opening ceremony, Bitgrail Theft, and Outlook vulnerabilities
The Digital Shadows Research team provides our analysis of the fascinating Lazarus Group, attacks on the Winter Olympics opening ceremony, the problems with attribution, the theft of $170 million from the Bitgrail exchange, and two newly discovered Outlook vulnerabilities.
22:4416/02/2018
Episode 7: Operation Pzchao, Threats To The Winter Olympics, Infraud Forum Arrests, And More
The Digital Shadows Research team provides our analysis of the espionage-driven campaign Operation Pzchao, an Adobe zero-day vulnerability, malware in Winter Olympics spearphishing campaign, a WordPress denial of service vulnerability, and the takedown of the notorious “Infraud Forum”.
22:3809/02/2018
Episode 6: Cryptocurrency Fraud In-Depth
The Digital Shadows Research team discuss how criminal actors have capitalized on the increased interest in cryptocurrencies. The podcast looks at different approaches to mining fraud, account takeover and Initial Coin Offering fraud. Download a copy of the research here: https://info.digitalshadows.com/TheNewGoldRushCryptocurrency-Podcast.html
21:1306/02/2018
Episode 5: $530 Million Cyber Heist, DDoS Against Dutch Banks, And The Future Of Anonymous
The Digital Shadows Research team provides our analysis of the $530 million Coincheck cryptocurrency heist, recent DDoS attacks against Dutch financial services organizations, renewed OpCatalunya activity, updates on the Spectre and Meltdown flaws, and a potentially serious vulnerability affecting Cisco VPNs.
19:5302/02/2018
Episode 4: Dridex, Dark Caracal, Turla, Cozy Bear, And More
The Digital Shadows Research Team provides an update on Dridex malware, Dark Caracal, Turla, and Cozy Bear.
19:4726/01/2018
Episode 3: CVE-2018 -0802, Mirai Okiru, Bancomext Targeted, and Triton Malware
The Digital Shadows Research team provides an analysis of the last seven days, including an update on Spectre and Meltdown, a new MS Office vulnerability, Mirai Okiru, the targeting of Bancomext, and Triton malware targeting industrial control systems.
23:2419/01/2018
Episode 2: CoffeeMiner, Turla, and Cyber Threats to the Winter Olympics
The Digital Shadows team discusses the highlights of the past seven days, including the crypto currency mining “CoffeeMiner”, new Turla activity, and cyber threats to the Winter Olympics.
16:5712/01/2018
Episode 1: Spectre, Meltdown, Satori, and OpNetNeutrality
The Digital Shadows team discusses the highlights of the past seven days, including Meltdown and Spectre, the release of Satori code, OpNetNeutrality, OpIcarus and Monero mining malware.
19:3305/01/2018