Our last episode covered Sony’s cybersecurity woes from 2005 until 2011, we pick up where we left of in the midst of the 50 days of LulzSec. This episode covers everything up until the alleged theft of the PS5 root signing keys in January 2026. So much s0wnage and so little time…

2014 Sony Pictures hack - Wikipedia

When it comes to information security, Sony has had a bit of a tough go of it. In fact, there have been so many incidents, Ben and Chet decided to make this a multi-part series. This post covers 2005 to mid-2011 which we are referring to as part 1. From rootkits, to DDoS, stolen credit cards and SQL injection, Sony has been through a lot. These are opportunities to reflect for the rest of us, though. We can recognize some of the weaknesses we ourselves may still have and hopefully take away lessons on hardening our own defences.

Firewall Times - Sony Data Breaches: Full Timeline Through 2023

May 12, 2017 was memorable for many in the information security industry, but it was also memorable in health care, manufacturing, shipping and more as the WannaCry worm laid waste to unpatched Windows machines the world over. May it be the last widespread worm we need to cover on this podcast…

Wikipedia - WannaCry

For 50 days in mid-2011 the hacker world and even the wider pop-culture world was enthralled by a rampant series of brazen hacks conducted by a splinter group of anonymous who called themselves LulzSec. They claimed it was “just for the lulz”, but as we explore in this episode, there was much more to this than simply the lulz.

Wikipedia - LulzSec

May 4, 2000 many people in world woke up to a love letter in their INBOX. It wasn’t your typical love letter, this one was one of the world’s most destructive email worms and it quickly spread to infect an estimated 10% of the world’s PCs. For a longer write-up on ILOVEYOU, see my LinkedIn Post.

Wikipedia - ILOVEYOU

Uber has suffered many breaches over the years, so this podcast has focused just on breaches that involved external parties and not internal employee abuse of privileges. There is much to learn from Uber’s misfortune and in this episode we cover 5 distinct hacks and a couple of third-party breaches impacting Uber customers and drivers.

The Uber data breach cover-up: A timeline of events

The Transport for London (Operator of the London UK region’s transit network) was crippled by a cyber attack in September, 2024 that had widespread impacts on it’s operation. Fortunately safety was not a casualty, but we explore a bit of the nuance in incident response, segmnentation and other important lessons from this hack.

Boy arrested over London transport cyber hack

SamSam may not be the most well known ransomware group, but they triggered a pivotal change when then began operations at the end of 2015. Over the course of nearly 3 years they demonstrated the profitability of extorting businesses instead of consumers and paved the path from $1000 ransom demands to the astronimical sums we see today. Allegedly operating from Iran they demonstrated sanctions evasion, the use of LOLbins and tested the waters for what amounts could be extorted from Western businesses. This podcast explores their operations and explains how they changed the ransomware landscape.

US Department of Justice indictment, wanted poster and victim list

When the City of Atlanta was hit by the ransomware group SamSam in 2018 it made headlines worldwide. Headlines often cited costs ranging from $2.6 million all the way up to $17 million, often presented as the costs incurred for not paying the $52,000 ransom. Ben and Chet dive into the archives to determine what series of events lead to these exceptional expenses.

Coverlink case study on the City of Atlanta

January 2018: An audit reveals 1,500 to 2,000 vulnerabilities in Atlanta’s IT systems, highlighting complacency regarding cybersecurity.

March 22, 2018: Atlanta’s Department of Information Management detects outages in various internal and customer applications.

March 22, 2018: The City of Atlanta shuts down numerous digital services, including the court system database and airport Wi-Fi, to contain the situation. The attack is publicly acknowledged as a ransomware attack using SamSam ransomware.

March 22-27, 2018: Atlanta collaborates with the FBI, Department of Homeland Security, and Secret Service, while engaging security firms like SecureWorks for investigation. Government computers are advised to remain offline.

May 2018: Atlanta restores its online payment systems.

June 2018: Atlanta Police Department resumes full digital operations. Reports surface estimating that a third of the city’s software programs are still offline or partially disabled. The attack resulted in permanent data loss, including legal documents and police dashcam footage.

November 26, 2018: The US Department of Justice indicts two Iranian hackers, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, for the attack, alleging their involvement in the SamSam group and the creation of the SamSam ransomware.

Post-attack period: Atlanta allocates $2.7 million to contractors for recovery, with later estimations suggesting a total cost of $17 million, including $6 million for initial response and $11 million for system repairs and replacements.

In this episode, Chet and Ben dive deep into the 3CX supply chain attack, tracing it back from the initial compromise to the unfolding investigations and findings over several months. We explore how the threat actors, likely linked to North Korea, managed to infiltrate a trusted software supply chain and what the security community uncovered along the way.

3CX Security Alert