May 4, 2000 many people in world woke up to a love letter in their INBOX. It wasn’t your typical love letter, this one was one of the world’s most destructive email worms and it quickly spread to infect an estimated 10% of the world’s PCs. For a longer write-up on ILOVEYOU, see my LinkedIn Post.

Wikipedia - ILOVEYOU

Uber has suffered many breaches over the years, so this podcast has focused just on breaches that involved external parties and not internal employee abuse of privileges. There is much to learn from Uber’s misfortune and in this episode we cover 5 distinct hacks and a couple of third-party breaches impacting Uber customers and drivers.

The Uber data breach cover-up: A timeline of events

The Transport for London (Operator of the London UK region’s transit network) was crippled by a cyber attack in September, 2024 that had widespread impacts on it’s operation. Fortunately safety was not a casualty, but we explore a bit of the nuance in incident response, segmnentation and other important lessons from this hack.

Boy arrested over London transport cyber hack

SamSam may not be the most well known ransomware group, but they triggered a pivotal change when then began operations at the end of 2015. Over the course of nearly 3 years they demonstrated the profitability of extorting businesses instead of consumers and paved the path from $1000 ransom demands to the astronimical sums we see today. Allegedly operating from Iran they demonstrated sanctions evasion, the use of LOLbins and tested the waters for what amounts could be extorted from Western businesses. This podcast explores their operations and explains how they changed the ransomware landscape.

US Department of Justice indictment, wanted poster and victim list

When the City of Atlanta was hit by the ransomware group SamSam in 2018 it made headlines worldwide. Headlines often cited costs ranging from $2.6 million all the way up to $17 million, often presented as the costs incurred for not paying the $52,000 ransom. Ben and Chet dive into the archives to determine what series of events lead to these exceptional expenses.

Coverlink case study on the City of Atlanta

January 2018: An audit reveals 1,500 to 2,000 vulnerabilities in Atlanta’s IT systems, highlighting complacency regarding cybersecurity.

March 22, 2018: Atlanta’s Department of Information Management detects outages in various internal and customer applications.

March 22, 2018: The City of Atlanta shuts down numerous digital services, including the court system database and airport Wi-Fi, to contain the situation. The attack is publicly acknowledged as a ransomware attack using SamSam ransomware.

March 22-27, 2018: Atlanta collaborates with the FBI, Department of Homeland Security, and Secret Service, while engaging security firms like SecureWorks for investigation. Government computers are advised to remain offline.

May 2018: Atlanta restores its online payment systems.

June 2018: Atlanta Police Department resumes full digital operations. Reports surface estimating that a third of the city’s software programs are still offline or partially disabled. The attack resulted in permanent data loss, including legal documents and police dashcam footage.

November 26, 2018: The US Department of Justice indicts two Iranian hackers, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, for the attack, alleging their involvement in the SamSam group and the creation of the SamSam ransomware.

Post-attack period: Atlanta allocates $2.7 million to contractors for recovery, with later estimations suggesting a total cost of $17 million, including $6 million for initial response and $11 million for system repairs and replacements.

In this episode, Chet and Ben dive deep into the 3CX supply chain attack, tracing it back from the initial compromise to the unfolding investigations and findings over several months. We explore how the threat actors, likely linked to North Korea, managed to infiltrate a trusted software supply chain and what the security community uncovered along the way.

3CX Security Alert

Episode 2 covers the 2020 ransomware attack against technology giant, Garmin. In this episode, Chester kept track of his sources and provided the following links as additional reading and source materials used in this episode:

In our inaugural podcast we dive into the hack and breach of Medibank Private Health Insurance, an Australian medical insurance provider that lead to the leak of health records on 9.1 million Australians.

Beatings will continue until show notes improve…

In our pilot episoed we each share a little about our backgrounds in information security and lay out the concept behind what this podcast will share with its listeners.