In this episode of the podcast (#239) we speak with Naomi Yusupov, a Chinese Intelligence Analyst at the threat intelligence firm CyberSixgill about that company’s new report: The Bear and the Dragon: Analyzing the Russian and Chinese Cybercriminal Communities. 

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

As Russia’s war on Ukraine, and Western nations’ sanctions against Russia for its aggression begin to bite, one big question is what role countries like China will play in the conflict. While nominally an ally of Russia, China has so far refused to violate Western sanctions on shipping technology and military supplies. But what about cyber space?  

And, while initial expectations of major cyber attacks didn’t come to pass, cyber operations have so far played an important role in the conflict, with Russians releasing custom wiper malware against Ukrainian targets in the early days of the war, and Ukraine striking back with targeted hacks and denial of service attacks on Russian government organizations and companies. 

Naomi Yusupov is a Cyber Intelligence Analyst at CyberSixGill

Ukraine war spills into Cyber Underground

The war and wartime alliances have also spilled over into the Dark Web and the cybercriminal underground. Russia has long looked the other ways at domestic cyber crime groups so long as they carried out operations on non—Russian entities. And there has been speculation that some Russian cybercriminals do double duty as contractors for Russia’s FSB and other government entities. Those close ties have affiliated ransomware group Conti saw tens of thousands of chat logs leaked in March by a Ukrainian  cybersecurity researcher who infiltrated that group.

A threat actor advertises one-on-one hacking tutorials on a Chinese language dark web forum. (Image courtesy of Cybersixgill.)

Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware

Like Russia, China has also invested heavily in cyber operations  – from industrial espionage to cyber offensive capabilities. Also like Russia,

In this episode of the podcast (#238) we speak with Daniel Brodie, the CTO at the firm Cynerio. about his firm’s discovery of a string of critical security flaws in an autonomous medical robot, TUG, that is already deployed in hundreds of clinical settings. We also talk about the larger and growing issue of medical device insecurity and cyber risks to healthcare providers.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]

There was one clear message out of hearings on Capitol Hill this month on the cybersecurity of the healthcare sector: the cyber risk to clinical environments is growing – fast. 

Daniel Brodie is the Chief Technology Officer at Cynerio.

We’ve already seen the evidence of that. There was the October 2020 ransomware attack that shut down large parts of the University of Vermont (UVM) Health Network – an incident that cost tens of millions of dollars in damages. And there was the May, 2021 attack on San Diego-based Scripps Health which forced the health system to take a portion of its IT system offline for several weeks, and the theft of data on 150,000 patients. 

Robots Driving Cyber Risk

Episode 223: CISA Looks To Erase The Security Poverty Line

But there’s another factor driving medical cyber risk: automation. As hospitals and healthcare providers turn to new technologies – including robots- to lower the costs of providing care, they are becoming more vulnerable to cyber attacks and disruption.  

A case in point is the alert that CISA, the Cybersecurity and infrastructure Security Agency, issued in early April...

This weekend, the decentralized finance platform Beanstalk Farms acknowledged that it was the latest victim of a sophisticated cyber attack, with an estimated $182 million stolen in an attack that exploited Beanstalk’s majority vote governance system to approve an illicit transfer of crypto currency assets.

According to reporting by the Verge and other outlets, Beanstalk – which describes itself as a “decentralized credit based stablecoin protocol”- was robbed via a sophisticated attack that saw malicious actors exploit Beanstalk’s governance mechanism by which participants can vote collectively on changes to the code, with votes proportional to the value of tokens that they hold.

What SolarWinds Tells Us About Securing the Software Development Supply Chain

Jennifer Fernick is the Senior Vice President & Global Head of Research NCC Group.

According to monitoring firms, the attack saw hackers use a “flash loan” to borrow close to $1 billion in cryptocurrency assets, which they used to buy a supermajority voting stake in Beanstalk Farms. That voting power was then used to execute code that transferred an estimated $182 million in Beanstalk cryptocurrency assets to their own wallet. The attacker then instantly repaid their flash loan, netting an $80 million profit when it was all said and done.

2021: A big year for DeFi…and DeFi hacks

The Beanstalk hack, however, is just the latest to affect so-called “decentralized finance” (or DeFi) systems – and not even close to the largest one, at that.

In fact, even as ads for cryptocurrencies and crypto exchanges filled the airwaves during the Super Bowl, massive hacks and attacks on many of those same platforms were raising red flags among regulators, not to mention information security and cryptography pros. Of the 10 largest cryptocurrency hacks of all time, three have occurred in just the last 18 months. And that doesn’t even capture the slew of smaller scale hacks and compromises of cryptocurrency platforms or individual wallets. 

If cryptocurrencies based on the block chain are destined to supplant sovereign currencies, based on the backing of central banks and globally accepted rules of commerce, they will need to prove that they are at least as secure. And yet, as the Beanstalk hack indicates: many DeFi applications and platforms suffer from the same problems as any other web applications, namely: business logic flaws, exploitable software holes, vulnerable protocols and rampant supply chain vulnerabilities. 

The (security) challenges of inventing your own money

In this episode of the podcast, we’re joined by someone who has been thinking long and hard about the security of Decentralized Finance. Jennifer Fernick (@enjenneer) is the Senior Vice President & Global Head of Research

Ahead of the Russian invasion of Ukraine, Western experts almost unanimously predicted a cyberwar would precede crippling kinetic attacks. Two weeks in, we have yet to see them. But that doesn’t mean that cyber is off the table. In this podcast, we sit down with Christian Sorensen, the former lead of the international cyber warfare team at US Cyber Command and CEO of cybersecurity firm, SightGain, to talk about what we’ve learned so far from Russia’s war in Ukraine, and what may be coming next.

Even before Russian bombs and missiles started dropping in Kiev and other cities on February 24, Ukraine’s government was working to beat back attacks on critical government computer systems and networks. In the days leading up to the beginning of Russia’s kinetic attack on Ukraine, a series of denial of service attacks targeted Ukraine’s Ministry of Defense and other government agencies. 

Christian Sorensen is the CEO of SightGain.

Then, on the eve of the invasion, a pair of new “wiper” programs were spotted infecting  and disabling computer systems within Ukraine. 

Cyberwar on simmer in Ukraine…for now

Still, more than two weeks after the beginning of hostilities, many cyber security experts say that the cyber-component of Russia’s war on Ukraine has not played out as expected and that Vladimir Putin has still not unleashed his most ferocious cyber offensive weapons. Twenty first century cyber attacks, relatively, have taken a back seat to the 20th century’s planes, bombs and bullets. 

Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware

Why is that, and what may be coming as the conflict in Ukraine drags on? To answer those questions we invited Christian Sorensen, former lead of the international cyber warfare team at USCYBERCOM and CEO of cybersecurity firm, SightGain,in to the studio to talk about the conflict, what may be coming next and what we’re learning about Russia’s cyber offensive capabilities. 

Episode 202: The Byte Stops Here – Biden’s Cyber Agenda

In this conversation, Christian said that Russia may be holding back its cyber arsenal because such attacks would provide relatively little advantage to its army and expose its cutting edge capabilities. With soldiers and tanks on the ground and surrounding major Ukrainian cities, he said, Russia’s objective is clear.

Still, cyber attacks may come to play a more important role down the line – including against U...

Almost three quarters of SOC analysts feel “very or somewhat burned out” at work. More than six in ten said they want to leave their job “in the next year.” In this Expert Insight, Tines CEO Eoin Hinchy (@eoinhinchy) says https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code automation provides a way for companies to end the burhttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastsut and create higher engagement, with less turhttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastsver.

As a SecOps team leader, you’re probably well aware of the two big issues hindering security teams today: too much work and https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastst ehttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastsugh staff. Or rather, too much mundane, mohttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcaststohttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastsus work that’s causing burhttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastsut and keeping analysts from spending their time on more higher-value tasks that can further their organization’s security efforts.

The solution? No-code automation.

Eoin Hinchy (@eoinhinchy) is the CEO and co-founder at Tines

You may have heard the term https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code automation, but what is it really? Today’s frontline analysts have to deal with increasingly complex workflows. In order to automate phishing attack responses, threat intelligence enrichment, or suspicious login investigations, some kind of script must have to be involved, right?

Actually, https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts.

No-code automation is just that — https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts need for coding — and https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code platforms allow users to drag-and-drop actions into a workflow, wire them together, set some parameters, and let them run. Robust https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code platforms include the right building blocks to allow analysts to create complex automations, and the ability to iterate immediately on what they’ve created.

Most of all, https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code automation allows frontline analysts to automate these tasks themselves: https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts need to get developers involved. Automation also frees up analysts to focus on more high-impact tasks, like improving the organization’s security posture, training others on security awareness, and deploying new techhttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastslogies.

In our recent report on the “Voice of the SOC Analyst,” we found that 71% of analysts feel very or somewhat burned out at work and that 64% want to leave their job in the next year. Additionally, a report by SIRP finds that 34% of analysts say their work/life balance has gotten worse and 42% say the pressure at work has intensified. Yet https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code automation adoption is a way to achieve higher engagement, less burhttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastsut, and less turhttps://feeds.feedblitz.com/-/41936664/0/securityledgerpodcastsver.

Security leaders looking to reduce barriers, streamline their processes, increase their time to value, and have a happier, more engaged workforce should look to bring https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code automation to their teams in 2022. What follows is how to do that.

Five Steps to Adoption

Now that you’ve seen that https://feeds.feedblitz.com/-/41936664/0/securityledgerpodcasts-code automation is the next step to maximizing your efficiency and improving your security team, here are the steps to follow for getting up and running, and making the most out of your new platform.

Step 1: Evaluate your options

As you begin searching for the right platform, look for vendors who have experience in solving your specific use cases. For example, if you spend most of your time following up on suspicious logins,

In this episode of the podcast (#235) Justine Bone, the CEO of Medsec, joins Paul to talk about cyber threats to healthcare organizations in the age of COVID. Justine’s firm works with hospitals and healthcare organizations to understand their cyber risk and defend against attacks, including ransomware.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

In May of 2021, Ireland’s Health Service Executive (HSE), the country’s publicly funded healthcare system, suffered a major attack by the Conti ransomware group. The attack was the most significant to date on an Irish government agency and essentially froze HSE’s IT systems, which are used by the agency’s 54 public hospitals. The outage lasted for four months , forcing health staff to revert to using pen and paper. With 80% of HSE’s IT environment encrypted by the CONTI gang, the Irish government had to pay millions of dollars to recover from. Healthcare delivery at HSE facilities was deeply affected during the crisis, as well, according to an HSE report. 

Episode 223: CISA Looks To Erase The Security Poverty Line

Justine Bone is the CEO of the Firm MedSec.      

The report identified a number of failings by HSE, from a lack of a single, coordinated cybersecurity function at the massive agency, to a failure to properly identify and respond to clear indicators of attack prior to the deployment of the CONTI ransomware. 

Healthcare: cyber risk everywhere

While it is natural to think “it could never happen here,” a recent report by the Department of Health and Human Services in the U.S. concludes just the opposite. US healthcare organizations should make a study of the HSE hack from last year and take steps to prevent a similar type of attack from occurring at their facilities. 

Episode 218: Denial of Sustenance Attacks -The Cyber Risk To Agriculture

But how?

In this episode of the podcast (#234) US Representative Jim Langevin (D-RI), joins Paul to talk about the flurry of legislation passed on Capitol Hill in recent months to boost the U.S.’s cyber defenses. Rep Langevin and Paul talk about how cybersecurity legislation receives bipartisan support -a rarity in Congress these days – and the challenges of protecting U.S. critical infrastructure in an age of sophisticated cyber adversaries like Russia and China.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]

Political dysfunction is the Zeitgeist on Capitol Hill, where divisions between the two, main political parties have taken center stage and distrust runs deep after a violent attempt by supporters of former President Trump to overturn the November presidential election on January 6.

But even in these challenging times, there are areas of cooperation between the two major parties. One is cybersecurity, where recent months have seen progress in funding improved cyber readiness at the local level. 

Episode 222: US Rep. Himes on Congress’s About-face on Cybersecurity

Cyber Policy: An Area of Agreement

One example is the Infrastructure Investment and Jobs Act, passed in November and signed into law by President Biden on November 15. That bill allocated $2 billion to improve the nation’s cyber defenses. That includes $1 billion in grants to improve state and local government cybersecurity and a quarter billion dollars each to fund cyber improvements in rural and municipal utilities and to develop advanced cybersecurity applications and technologies for the energy sector. 

Jim Langevin is a Democratic Representative from...

In this Spotlight edition of the podcast, we’re joined by Dean Coclin, the Senior Director of Business Development at DigiCert. Dean and I discuss the trends that will shape the New Year, from cloud sovereignty to the growing reliance on PKI to secure digital identities, DEVOPs and more.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]

If 2021 taught us anything, it is to expect the unexpected. The year started with an attack on U.S. democracy that few foresaw. A pandemic that was supposed to be on the run ended the year with a global blitz of almost unprecedented magnitude.

Those kinds of unexpected surprises might make you wary about predicting the future. But when it comes to phenomena like online security, encryption and digital identities, some of the trend lines evident at the end of 2021 are a bit easier to extend into the future. “The future is already here,” the author William Gibson famously observed. “It’s just not evenly distributed.”

Dean Coclin is the Senior Director of Business Development at DigiCert

So it is with predictions for this new year, 2022. So what are some of those trends and what might we expect on the cybersecurity and digital identity front in 2022? We invited technology and digital identity veteran Dean Coclin from DigiCert into the Security Ledger studios to give us his thoughts.

Will Vaccine Passports Pave The Way to Digital IDs?

Dean is the Senior Director of Business Development at DigiCert. He has more than 30 years of business development and product management experience in software, security, and telecommunications to the company.

In this conversation,

In this Spotlight edition of the podcast, we speak with Marc Blackmer of ShardSecure about that company’s new approach to protecting data at rest. Marc and I talk about the challenges of securing data in hybrid cloud and on-premises environments and how ShardSecure’s Microshard(TM) technology is being used to protect firms from inadvertent data leaks as well as threats like ransomware.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]

Marc is the Head of Marketing at ShardSecure

Securing data at rest seems like a problem that we should have solved a long time ago. And yet, a quick scan of the headlines tells us that the truth is far from that. Barely a week goes by without revelations of large-scale data breaches and leaks from both corporate networks and, increasingly, cloud-hosted infrastructure. 

Data At Rest = Data At Risk

In recent days, online gaming firm SEGA Europe admitted that an audit revealed sensitive data was being stored in an unsecured Amazon Web Services (AWS) S3 bucket. In December, it was Audio equipment manufacturer Sennheiser, which admitted that it exposed the personal data of around 28,000 customers through a misconfigured S3 bucket,

How to Overcome Threat Detection and Response Challenges

Encryption tools for securing that data are widely available, but they come with costs both in management overhead and in speed of access. Besides, public key encryption has been the go-to for securing digital data for four decades. Isn’t it time for another approach?

Microshard: A New Approach

Our guest today says that he may have one. Marc Blackmer is the Head of Marketing at ShardSecure, an innovative, Boston-based start up that has come up with a novel way to secure data on premises and in the cloud without using encryption. As its name suggests: Shard fragments and scatters stored data across various data repositories, only to reassemble it on request. 

In this interview, Marc and I talk about the Shard technology and how it works, and about some of the market and business dynamics are driving companies to look beyond th...

In this episode of the podcast (#233) Mark Stanislav, a Vice President at the firm Gemini, joins Paul to talk about what went wrong with disclosure of Log4Shell, the critical, remote code execution flaw in the Log4j open source library. Mark talks about how the Internet community can come together ahead of the next vulnerability to make sure the mistakes that are evident in the response to Log4j aren’t repeated. 

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google Podcasts, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

[MP3]

Back in 2008, the late, great security researcher Dan Kaminsky discovered a serious security flaw in a ubiquitous Internet technology: the domain name system, or DNS. If widely disclosed and exploited, the flaw – which affected many of the most common DNS name servers – could have facilitated a wide range of attacks, including website impersonation, email interception, and authentication bypass hacks.

Mark Stanislav is a VP of Information Security at Gemini

Aware of the risks, Kaminsky worked quietly for months with the Department of Homeland Security, major tech firms like Cisco and Microsoft as well as DNS providers to get patches written and distributed – all before details of the vulnerability were made public. Vendors worldwide were able to take steps that largely mitigated the risk of attack before any details of the flaw became publicly known. 

Log4j Disclosure Chaos

That’s not how it happened this month with another ubiquitous security vulnerability emerged: Log4Shell, a flaw in the open source logging library Log4j that is a common element of thousands of on premises and cloud applications used by enterprises, governments, critical infrastructure operators and individuals. 

Rather than coordinated disclosure along the lines of Kaminsky’s DNS flaw, the world experienced something akin to coordinated chaos with Log4j, which first came to light via a patch by the video game maker Mojang Studios t...