State of Cybercrime

The North Korean Lazarus group is running multiple high-risk campaigns: one exploiting Windows and another installing malware through fraudulent blockchain job offers. 

State of Cybercrime hosts Matt Radolec and David Gibson discuss the various APT groups, including a prolific ransomware-as-a-service operation and a Chinese cyber espionage gang known as Volt Typhoon, and other vulnerable vulnerabilities in this episode, including: 

+ Lazarus FudModule rootkit attacks and the concurrent Eager Crypto Beavers campaign 

+ RansomHub attacks on Halliburton, Change Healthcare, and hundreds more 

+ Large-scale extortion of AWS environments through exposed ENV files 

+ Hundreds of exposed servers from Volt Typhoon’s ISP targeting 

+ Payment gateway breach of over 1.7 million credit card owners

Matt Radolec and David Gibson discuss how an unknown attacker recently exploited a vulnerability in Proofpoint’s email routing system, allowing them to bypass security measures and send millions of spoofed emails on behalf of major companies. 

The co-hosts also cover: 

+ The North Korean threat actor hired using AI 

+ The biggest ransomware payment ever made 

+ How X is training its Grok AI LLM with your posts 

+ The EU’s groundbreaking AI act 

+ How anyone can access deleted and private repositories on GitHub 

+ Updates on AMD's silicon-level "SinkClose" processor flaw

In this episode of State of Cybercrime, co-hosts Matthew Radolec and David Gibson dive into the details around LockBit, and cover other news including: 

+ The MOVEit authentication bypass flaw 

+ Developments in the Polyfill supply chain attack affecting millions of websites 

+ Updates on the targeted campaign against Snowflake 

+A massive insider breach of a Pennsylvania healthcare system 

+ Two new attack methods threat actors are adopting 

+ The new OpenSSH unauthenticated RCE vuln that gives root privileges to + Linux systems

Snowflake, a cloud storage platform used by some of the largest companies in the world, is investigating a targeted attack on its users who lack multifactor authentication. 

Join Matt Radolec and David Gibson for an episode of State of Cybercrime in which we discuss the increased attacks on Snowflake customers and share our five-point checklist for ensuring your cloud databases are properly configured and monitored. 

WE’LL ALSO COVER: 

• The world’s largest botnet ever discovered
• Google’s algorithm leak
• The Black Basta ransomware-as-a-service (RaaS) operation
• The cyberattack that destroyed over 600K U.S. routers
• Sneaky new tactics used by emerging threat actors

...and more! More from Varonis 

⬇️ Visit our website: https://www.varonis.com 

LinkedIn:  / varonis  

 X/Twitter:  / varonis  

 Instagram:  / varonislife  

A new data leak of more than 500 documents published to GitHub reveals the big business behind China’s state-sponsored hacking groups — from top-secret surveillance tools to details of offensive cyber ops carried out on behalf of the Chinese government.  

Join Matt and David for a special State of Cybercrime, which dives into China's espionage campaigns and complex network of resources.  

We’ll also discuss:

- The massive cyberattack on Change Healthcare

- Zyndicate’s successful hack of the Danish government

- Apple Vision Pro’s launch day woes

- Multiple developments in AI risk/regulation

- How LockBit remains active after their servers and domains were seized

- And more! 

CISA issued an emergency directive to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities after learning of malware targeting the software company, allowing unauthenticated threat actors to access Ivanti VPNs and steal sensitive data. 

CISA is requiring all federal agencies to disconnect from affected Ivanti products by EOD February 2, 2024. The directive also warned that attackers had bypassed workarounds for current resolutions and detection methods. 

Join Matt, David, and Dvir to learn more about the Ivanti vuln and other cyber threats. 

OTHER BREAKING STORIES WE'LL COVER: 

• The latest ChatGPT news 

• Deepfakes… err breachfakes 

• Cloudflare's breach by suspected nation-state attacker 

• "Frog4Shell" spreading malware inside your network 

And more! 

More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: https://www.linkedin.com/company/varonis X/Twitter: https://twitter.com/varonis Instagram: https://www.instagram.com/varonislife/

Enjoy our first State of Cybercrime episode of 2024 as Matt Radolec and David Gibson cover:

• Who is to blame for 23andMe’s big breach
• SEC’s X account getting hacked
• Threat actors swatting patients
• Varonis Threat Labs research on a new, widespread vulnerability: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

Mentioned in this episode:

• NTLM Blog Post: https://www.varonis.com/blog/investigate-ntlm-brute-force
• Varonis Threat Labs Blog: https://www.varonis.com/blog/tag/threat-research

In this episode of 'State of Cybercrime', the hosts discuss various topics including an executive order on Artificial Intelligence(AI) by President Biden promoting a balance between AI safety, security, privacy and innovation, as well as implications for American leadership in AI. They covered the disruptive Mozi Botnet, SolarWinds CISO's challenged with fraud and difficulties experienced by IT administrators patching vulnerabilities. They also touched on the continuous exploitations of Citrix and Confluence, and the emergence of cybercrime ring, Hunters International. An exploration of AI potentials and the need for legislation to prevent nefarious uses are also discussed.

00:30 Introduction and Welcome

01:04 Agenda for the Episode

02:03 Good News: Dismantling of Pirates

05:46 Good News: Disruption of Mozi Botnet

07:16 Danger Zone: SEC Charges SolarWinds CISO

12:25 Vulnerable Vulnerabilities: Citrix Vulnerabilities

15:34 Vulnerable Vulnerabilities: Confluence Vulnerability

17:02 AI Vey: President Biden's Executive Order on AI

18:51 AI Vey: UK Summit on AI

22:55 Conclusion

Few breaches have drawn as much social media fervor as the recent 23andMe incident, in which the genomics company was victim to a massive credential stuffing attack that leveraged leaked and reused passwords to target accounts without MFA.

What differentiates this attack from others is that 23andMe itself was not breached, but an entire wave of its users was targeted individually. There are claims that these profiles — including genetic and geographic ancestry data — are available on hacking forums, but the legitimacy of those claims is still being investigated.

Join the State of Cybercrime team, Matt, David, and Dvir, to learn about the numerous tools hackers use for cred stuffing, examples of when these tactics have been used in organizational attacks, and what you can do to protect yourself.

• The record-breaking HTTP/2 Rapid Reset zero-day
• The HelloKitty ransomware group source code leak
• New attacks from ALPHV (BlackCat)
• An update on the trends in cyber warfare