On this week’s Cyber Security Brief, Alan Neville joins Brigid O Gorman and Dick O’Brien to discuss the recent discovery of a zero-day vulnerability in popular VPN product Pulse Secure. We also discuss some recent developments in the SolarWinds and Microsoft Exchange Server stories. Finally, we discuss a recent potential data breach at software testing company Codecov, and look at why UK authorities are warning government employees about potential approaches from foreign spies on social media.
Flere episoder fra "Symantec Cyber Security Brief Podcast"
New research about the Yanluowang ransomware and two separate campaigns targeting victims in Asia
20:09On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss several new blogs that the Symantec Threat Hunter Team has published recently. Firstly, we uncovered a new ransomware threat that we dubbed Yanluowang, which appears to be deployed in a targeted fashion and is certainly a new threat as various indications point towards it still being in development. We also published two blogs detailing two separate campaigns targeting organizations in Asia. The Harvester group is a previously unknown, likely nation-state backed group targeting victims in South Asia, while elsewhere a new espionage campaign is targeting the defense, healthcare, and ICT sectors in South East Asia. Meanwhile, we also discuss new activity from a targeted attack group dubbed LightBasin, and the return of the Lyceum group.
Governments tackle cyber crime, ransomware arrests, and an interesting phishing campaign
20:47On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how the UK and the U.S. are planning to increase their efforts to tackle cyber crime, ransomware being blamed in court for the death of a baby, and the arrests of some ransomware criminals in Ukraine. Also, the Conti ransomware gang makes some threats, evidence of the Pegasus spyware allegedly found on the phones of French cabinet ministers, and an interesting targeted phishing campaign.
A new ransomware whitepaper and some recent ransomware stories, plus new botnet is carrying out giant DDoS attacks
22:05We are back for Season 4 after our summer break, and on this week’s Cyber Security Brief podcast Dick O’Brien and Brigid O Gorman spend a lot of time discussing the subject that also dominated the last season of the podcast - ransomware. We discuss some of the ransomware stories we missed while we were off air, as well as a ransomware whitepaper we recently worked on and made available to our customers. Apart from ransomware, we also discuss Mēris - a huge botnet that emerged over the summer and has aimed massive DDoS attacks at various organizations around the world.
Ransomware, the rising cost of data breaches, and the U.S. points finger at China for Microsoft Exchange Server attacks
24:04On this week’s Cyber Security Brief, we discuss some recent ransomware stories, as well as giving a sneak peek into some research we have been doing into ransomware. We also talk about recent announcements from U.S. authorities that attributed some recent cyber attacks, including the Microsoft Exchange Server campaign, to Chinese actors, and we also discuss the rising cost of data breaches. This is the last podcast of season 3, we will be taking a short break and will return with new episodes in September.
Kaseya ransomware supply chain attack, new SolarWinds vulnerability, and the rising cost of cyber insurance
31:55On this week’s Cyber Security Brief, Gavin O’Gorman joins us to discuss the Kaseya ransomware supply chain attack that occurred over the July 4 holiday weekend in the U.S. The REvil/Sodinokibi ransomware gang were behind this attack, and Gavin and Dick O’Brien discuss whether this is a sign that we now need to be aware of ransomware actors targeting victims through supply chain attacks, which would more traditionally be associated with state-sponsored hackers, as well as some of the other interesting aspects of this attack. Meanwhile, Brigid O Gorman discusses the latest news of a new vulnerability in SolarWinds software being exploited by a Chinese hacking group, energy companies being targeted in a year-long espionage campaign, and the rising cost of cyber insurance.
Ransomware attackers using virtual machines, over-60s lost $1 billion online in 2020, and the EU launches a new cyber security unit
23:12On this week’s Cyber Security Brief podcast, Dick O’Brien fills us in on the latest research we have published on our blog about how a growing number of ransomware attackers are using virtual machines in their attacks. We also discuss a few other ransomware-related stories, including REvil introducing a new Linux version of its ransomware, a Babuk ransomware builder being leaked online, and a couple of stories showing the amount of money that can be involved in ransomware operations. Elsewhere, the FBI recently released a report stating that over-60s lost around $1 billion through online fraud in 2020, the U.S. Secret Service released a cyber crime Most Wanted list, a FIN7 gang member was jailed, and the EU launched a new cyber security unit.
Ransomware, takedowns, and political promises to tackle cyber crime
26:38In this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O Gorman discuss some of the biggest cyber security stories of the last two weeks. Ransomware has once again dominated the news headlines, with news about huge ransom payments and ransom recovery operations being reported. Meanwhile, cyber security comes to the fore in the political sphere following pronouncements from the G7 and NATO summits. Elsewhere, attackers leveraged Slack to attack one of the world’s biggest gaming companies, one of the largest online marketplaces for stolen credentials in the world was taken down by authorities, and how law enforcement used a backdoored chat app to spy on criminals, leading to hundreds of arrests.
In-depth look at the ransomware attack on Ireland’s national health service, as major meat producer JBS also hit with ransomware
33:57On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman are joined by Symantec threat researcher Gavin O’Gorman to discuss the Conti ransomware attack on Ireland’s national health service, how the response to this attack is going, and what the likely consequences of it may be. Elsewhere, another ransomware attack, this time on the world’s largest meat producer, JBS Foods, and Sweden’s Public Health Agency is also hit with some hack attempts. Meanwhile, the alleged leader of an ATM fraud gang responsible for stealing more than $1 billion from tourists, is arrested in Mexico.
Colonial Pipeline attack, Darkside ransomware gang, and crypto mining makes a comeback
23:17In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman discuss the implications of the Colonial Pipeline ransomware attack and the activities of the group behind it, Darkside. We also talk about what appears to be a reasonably new ransomware - Avaddon - that has been used in a string of attacks recently, while we also discuss an idea Brian Krebs wrote about that could potentially help deter ransomware actors from infecting your network. Away from the world of ransomware we talk about Lemon Duck and something of a resurgence in crypto mining, while we also discuss what CISOs are most worried about in 2021.
MFA causes headaches for attackers, and a look at living off the land activity
26:50On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss some research we have recently been working on at Symantec. First, we discuss a blog we published this week, which looks at multi-factor authentication and how it has become a headache for malicious actors, leading them to adopt new attack techniques in an attempt to bypass or avoid it completely. We also discuss a report that we shared with customers recently looking at living off the land attack techniques and the activity and trends in that area, as well as some steps you can take to try and protect your network from this kind of activity.