Episoder
-
NPM packages are getting hacked – so naturally we get Kev on the case to explain the whole thing. If you didn’t know, NPM is the official package manager for Node libraries, a JavaScript language. We’ve seen a big uptake in recent weeks, and some of those NPM packages have been compromised by hackers. They’re clearly targeting developers – and with a collective 28 million downloads every week, this is pretty big, wide-spread stuff.
Next up, the raft of ransomware stories from this week: from the UK’s Labour Party to a…“cyber heist”?
We’ve also noticed a bit of a theme emerging with an increase in government and law enforcement involvement in disrupting ransomware and other cyber criminal enterprises. BlackMatter is our example here.
***
https://www.dailymail.co.uk/news/article-10148265/Massive-cyber-heist-rocks-high-society-jeweller-Graff.html
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-claims-to-be-shutting-down-due-to-police-pressure/
https://thehackernews.com/2021/10/popular-npm-package-hijacked-to-publish.html
-
A plethora of articles have been lighting up our newsfeeds and letting us know that there are new threats on the block: killware, RansomCloud, and extortion.
Killware: the next thing we need to worry about. Apparently this is defined as anything that has an outcome resulting in death…Seems quite broad really, and ranges from hackers targeting a water treatment plant and poisoning the water flow to a ransomware attack that takes a hospital offline, forcing patients to be rerouted. It’s less about the technique and more about the outcome.
RansomCloud: Kev gets into a good ranty flow on this one. Kevin Mitnick coined the term “RansomCloud” in a video a few years ago – and honestly, Kev (*our* Kev) does the best job of explaining the “threat”, so we won’t try to explain it here. Just listen to the episode.
Extortion: the one comes off the back of the Twitch takedown, which highlighted the idea that it is as beneficial to a cyber criminal to access a trove of useful sensitive personal data and look to extort a company for that as it is to go through the effort of ransomware. Double extortion – which you can read about here – is already a thing, so this technique is almost a step back. Or is it?
So what does the team think? Are these threats, risks, or just a bit of good old-fashioned FUD? Is Ransomware a thing of the past – or is it still the big bad wolf of cyber?
***
https://securityboulevard.com/2021/10/killware-hype-is-bigger-than-the-threat-for-now/
https://techcrunch.com/2021/10/14/twitch-takedown-is-extortion-the-new-ransomware/
https://research.nccgroup.com/2021/10/11/snapmc-skips-ransomware-steals-data/
https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/
-
Mangler du episoder?
-
First story is about someone who was “relieved” of their Bitcoin by some kids wielding malware back in 2018, when it was worth an awful lot less than it is now. There are some techie bits to this, as well as a few ethical and legal issues with the way the perps are being sued, so it’s a cracking story to get stuck into.
What do NFTs – non fungible tokens – and Banksy have in common? It’s pretty confusing as far as stories go, but our resident clearer-upperer, Kev, is on hand to help, leaving us to wonder if this is just Banksy himself having a bit of fun.
Sticking to the currency theme, we get knee deep in China’s digital Yuan in our next segment, and finally wrap up with a beautiful bit of OSINT from the Twitter Infosec community.
***
https://www.bbc.co.uk/news/technology-58399338
https://www.reuters.com/world/china/china-rolls-out-new-rules-minors-online-gaming-xinhua-2021-08-30/
https://twitter.com/brechtcastel/status/1432642649312333829?s=20
-
It's a tasty ransomware week this week! Conti face their own internal threat in the shape of a disgruntled affiliate and LockBit has its claws in Accenture.
Apple have been fiddling with their privacy settings again which is sending privacy advocates into a frenzy, and Kev tries very hard not to get ranty...
***
https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/
https://bgr.com/tech/apple-just-announced-a-major-change-that-has-privacy-advocates-totally-freaked-out/
https://threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/
-
As you probably guessed from the title of this episode, this week is all about spyware and the Pegasus project.
This all kicked off when a consortium of 16 media outlets reported the alleged widespread and continuing abuse of NSO’s hacking spyware called Pegasus. The company insists that it is only used against criminals and terrorists – but is it? There’s a lot of depth to this story, and we cover it all.
***
https://www.theguardian.com/news/series/pegasus-project
https://theconversation.com/how-does-the-pegasus-spyware-work-and-is-my-phone-at-risk-164781
https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor
-
Kaseya, Kaseya, Kaseya... How could we release an episode this week WITHOUT talking about the calamity at Kaseya?
If you hadn't heard, the ransomware gang REvil has leveraged a vulnerability in Kaseya's VSA software against multiple MSPs and their clients. Oh dear. So what is it? Bog standard ransomware? Supply chain compromise? Zero-day exploit? It's all a bit murky, so Kev gets his 'Cyberattacks for Dummies' hat on.
Also featured is the news that audio-editing software Audacity has been accused of being 'possible spyware'.
***
https://www.youtube.com/watch?v=XfAyutRfy2A
https://www.bbc.co.uk/news/technology-57721967
https://www.proofpoint.com/us/blog/threat-insight/bazaflix-bazaloader-fakes-movie-streaming-service
-
There’s a lot to cover in this week’s episode, so brace yourself because we’ve got newsflashes and stone-cold facts flying your way.
First up, despite what Chris thinks, people do still use printers. Now, researchers in China have found (and accidentally disclosed) a critical Windows zero-day affecting Print Spooler. Cue much printer hate, as well as some actually useful insights into what has occurred.
Next on the agenda, we take a look at the HSE Ireland ransomware attack, with a special focus on what the heck has been going on with Virus Total. Also coming up is the somewhat intriguing “fact” that the USA is the most cyber-secure nation in the world.
And it wouldn’t be an episode of Cyber Humanity without a juicy ‘hackers could’ feature starting with a NEWSFLASH! Homes filled with smart devices could be exposed to hundreds of hacking attempts a WEEK. To which we say: no sh*t, Sherlock.
***
https://www.infosecurity-magazine.com/news/printnightmare-zero-day/
https://www.theregister.com/2021/06/30/america_global_cyber_security_index_2020
https://www.bleepingcomputer.com/news/security/microsoft-finds-netgear-router-bugs-enabling-corporate-breaches/
https://www.bleepingcomputer.com/news/security/virustotal-ordered-to-reveal-private-info-of-stolen-hse-data-downloaders/
-
EA have been hacked to the tune of 780GB of their source code which has now found itself for sale on various dark web forums. While they confirmed that they’d suffered a data breach, they’d offered no insight into how it happened. Until now…
Moving from EA to AI, research shows that AI can now convincingly mimic cybersecurity and medical experts, which, naturally, sparks some lively debate.
We also get into a discussion about disclosure, following Kev’s discovery of a number of vulnerabilities in NetGear’s routers. NDAs are flying everywhere and if you stay very still and quiet, you can even hear the sound of someone in legal crying.
And, of course, we have a cracking ‘Hackers Could’ section this week!
***
https://www.wired.com/story/ea-hack-fifa-frostbite-source-code/
https://www.cbsnews.com/news/peloton-bike-treadmill-security-vulnerability-hackers/
https://www.bbc.co.uk/news/technology-57345632
-
From fake antivirus to scareware, ransomware has been around and evolving for…a while. But only now has it really hit the mainstream headlines, with attacks on critical infrastructure and "mega breaches" apparently becoming a weekly occurrence. And we’re now in the age of ‘Ransomware as a Service’, with affiliates and gangs becoming more prolific than ever.
So how did we get here? Where is ransomware heading next?
In this episode, our crack team of cyber experts digs deep into the ever-shifting world of ransomware.
-
The topic of the day is cryptocurrency – and whether banning it could help fight ransomware.
We know that criminal gangs (OCGs for all those Line of Duty fans out there) are big fans of crypto for their nefarious deeds, so the issue goes much further than ransomware. Even so, a ban on crypto wouldn't stop ransomware – it would just be a bump in the road for the operators. After all, ransomware has been around since long before crypto came on the scene. Maybe gift cards would make a comeback!
The team also delves into Nobelium, the group behind the SUNBURST attacks in Solarwind. Kev gets his tech head on to give us the full low down on this sophisticated threat actor.
***
https://newrepublic.com/article/162589/ban-bitcoin-cryptocurrencies-stop-hacker-ransomware
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
-
So it turns out that 81% of developers have knowingly released vulnerable applications into the wild.
Worrying, right?
And that's the topic of conversation on today's episode: how do imperfect people lead to vulnerable applications and, most importantly, what we can do about it.
Chris is joined by OWASP experts, Andrew van der Stock and Brian Glas, as well as our own in-house AppSec whisperer, Sean Wright, to discuss all things application security.
-
Welcome back to Cyber Humanity! We've got our shades on and we're ready for a busy summer of cyber.
And what better way to herald our return than with a news story that's been hitting every headline?
Unless you've been living under a rock, you must have heard of the Colonial Pipeline ransomware attack. Basically, ransomware hit pipeline, pipeline got shut down, America entered a state of emergency, and then someone did something about it, and...here we are.
Despite what Paul thinks, there's more to it than that.
Tune in to discover what happens when IT meets OT – and what the DarkSide has to do with it.
***
https://www.rt.com/russia/523798-kaspersky-cia-colonial-pipeline-attack/
https://www.elliptic.co/blog/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims
https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html
-
We haf to talk about HAFNIUM.
You can't have missed the news of the Exchange Server hack that's been running the InfoSec world in circles for the past few weeks. Of course we had to get the crew together to go through all things Exchange!
From attribution and exploitation to... deception? We dip our toes in some tasty conspiracy theories (because who doesn't love a good conspiracy theory?!) and take a dive into the tech behind it all to see how this incident went from small fry to 'holy sh*t it's everywhere!'.
***
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
https://www.zdnet.com/article/microsoft-exchange-zero-day-vulnerabilities-exploited-in-attacks-against-us-local-govts-university/
-
We love looking at how to hack things you didn't think would or could be hacked. Last time, it was an election. This time, it's cars.
We're joined by car hacking expert, Mark Adams, to help us navigate our way through these murky waters. From car jacking to car hacking, we take a deep dive into CANBus, the potential motivations for hacking a vehicle (or a fleet of vehicles), and the kind of damage that can be done. We cover everything from cyber extortion to good old-fashioned theft, and explore how uniquely vulnerable vehicles can truly be.
If you'd rather read – and get hands-on with CANBus – head over to our latest blog to learn more about how to hack a car.
Find out more:
Hackers Remotely Kill a Jeep on the Highway—With Me in ItMeet the Man Who Sells Devices to Hack Your Car's Keyless Entry
-
Have you ever lost an irretrievable password? Max knows that pain – as does a certain programmer from San Francisco who is one lost password away from $250million in Bitcoin. Ouch...
Next up, the Parler palaver. Trump has been 'de-platformed' and Parler is seeing huge back-lash for its role in recent political happenings.
And just when you thought you'd had enough of it, we come back round to SolarWinds. Kev delves into the third malware strain directly involved in the SUNBURST attack: SUNSPOT.
***
Lost Bitcoin:
https://technology.inquirer.net/107293/man-locked-out-of-his-bitcoin-account-with-250-million-has-two-password-guesses-left
Parler deplatforming:
https://www.forbes.com/sites/jemimamcevoy/2021/01/10/parler-at-risk-of-going-offline-after-bans-from-amazon-apple-and-google/?sh=151f2c3c312b
SolarLeaks:
https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/
"Hacking" Titan 2FA:
https://thehackernews.com/2021/01/new-attack-could-let-hackers-clone-your.html
-
SolarWinds and SUNBURST are still consuming the Infosec community and a few things have happened since our last episode. Since the Department of Justice has admitted that they were breached and that email inboxes were accessed, Kev tells us just how bad it is. We cover the saga from all angles, from Jetbrains to attribution and techniques to stock prices.
And a cybersecurity podcast in 2021 wouldn’t be a cybersecurity podcast in 2021 if we didn’t talk about WhatsApp and the Twittersphere histrionics that have been going on. We shed some light over whether the changes to their privacy policy truly heralds a U-turn – or whether it's all just another excuse for some #outrage.
Next up, cyber crackdowns and criminal marketplaces as the UK's National Crime Agency goes softly, softly.
And finally, in "Hackers Could ..." Google's ReCaptcha can hack itself?
***
JetBrains in Solarwinds supply chain
https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html
Justice Department breached
https://www.theguardian.com/technology/2021/jan/06/doj-email-systems-solarwinds-hackers
WhatsApp, Facebook, and our data
https://www.talkandroid.com/361823-whatsapp-facebook-data-privacy/
Hacking audio ReCaptcha with Google speech to text
https://www.youtube.com/watch?v=xh145UIeN9M&feature=emb_title
21 arrests in cyber crackdown
https://www.nationalcrimeagency.gov.uk/news/21-arrests-in-nationwide-cyber-crackdown
-
Unless you’ve been living under a rock for the past few days, you would have heard about Sunburst – a sprawling cyberattack allegedly masterminded by Russian nation-state hackers, UNC2452 (also known as Cozy Bear). Because we love talking about stuff like this, we couldn’t resist getting the crew together to go over the events of the past few days with a fine-tooth comb. There’ll be no cruising into Christmas for us!
From what SolarWinds is exactly all the way through to the impact of the attack, Chris, Kev and Paul take a proper look at Sunburst, SolarWinds, and what this means for 2021. And, because we’re a generous bunch and it is Christmas after all, we’ve created a series of labs dedicated to helping you understand and get hands-on with Sunburst – that you can access entirely for free. Check them out here.
***
Fireeye summary (including detections):
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
First reports of Solarwinds compromise:
https://www.theregister.com/2020/12/14/solarwinds_fireeye_cozybear_us_government/
-
All aboard the hype train! We jump straight into the latest news that the supply "cold chain" for the much-awaited COVID vaccine could have been compromised. Apparently, a cyber espionage campaign has targeted the supply chain for the cold storage. BUT – and this is a big but – this all sounds a little tenuous to the team. Considering we didn't even know we had a vaccine by September, which is when the campaign was supposed to have started, how could attackers have already started targeting the supply chain?
The team also strays into 'flat earth' territority for a brief and surprising pitstop – listen out for Kev "the Director of Truth's" excellent rant, it's very enjoyable.
We also get into firmware. When was the last time you updated your firmware? From anti-adultery mattresses (yup, you read that right) to smart mugs (and you read that right too!), we somehow end up with a long episode of 'hackers could...'.
***
https://www.bbc.co.uk/news/technology-55165552
https://arstechnica.com/gadgets/2020/12/iphone-zero-click-wi-fi-exploit-is-one-of-the-most-breathtaking-hacks-ever/
-
As part of our series on the Psychology of Cyber, we're joined by special guests, Rebecca McKeown and Swati Singh to discuss the human challenges that are inherent in cyber crises. We take a deep dive into how do organizations prepare for the worse – and how their all important human capabilities factored in.
Rebecca McKeown is a Psychologist specialising in how humans respond in pressurised situations. She is a guest lecturer at Cranfield University and has worked with the UK's Ministry of Defence to help the armed forces build more agile human assets.
Swati Singh is the Head of Business Information Security and Resilience at Close Brothers, and has 20 years of IT industry experience working in multinational companies.
Oh and we have Chief Cyber Officer, Max Vetter too, who might pipe up at some point...
-
You might have guessed from the title, but in this episode, we’re looking at how to hack an election. It’s basically one long “hackers could…” feature.
We cover everything from outright deception to social engineering to power cuts to…well, real hacking. Naturally, we couldn’t have this conversation without Cambridge Analytica, the 2016 election and Brexit coming into it. Does what Cambridge Analytica did count as ‘hacking an election’ or is it just political campaigning in the 21st Century? What would happen if someone were to take control of the algorithm of a social media platform that people trust for their news?
- Se mer