Share The Security Swarm Podcast
Share to email
Share to Facebook
Share to X
By Hornetsecurity
5
55 ratings
The podcast currently has 91 episodes available.
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Michael Posey discuss the new password guidelines and recommendations released by NIST (National Institute of Standards and Technology). They cover a range of topics related to password security, including the importance of password length over complexity, the move away from composition rules and periodic password changes, the risks associated with knowledge-based authentication, the concept of password entropy, and more!
Throughout the conversation, Andy and Michael draw on their extensive experience in the cybersecurity field to offer practical advice and perspectives on the changing landscape of password security.
Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!
Key Takeaways:
NIST recommends a minimum password length of 8 characters, with a suggested length of 15 characters or more.
NIST has recommended removal of the requirement for password composition rules, such as the need for special characters, numbers, and uppercase letters.
NIST states that password providers SHALL NOT require periodic password changes unless there is evidence of a breach, as this can lead to users creating predictable password patterns.
The use of ASCII and Unicode characters is now encouraged, allowing for more diverse and random password options.
Password entropy (randomness) is more important than password complexity, as modern computing power can quickly crack simple but complex-looking passwords.
For mission-critical systems, organizations may still choose to implement more rigorous password policies, even if they deviate from the NIST recommendations.
The industry is exploring new hashing methods and technologies, such as passkeys, to address the challenges posed by GPU-based brute-force attacks.
Timestamps:
(07:40) Credential Service Provider (CSP) Requirements and Recommendations
(10:02) Removing Password Composition Rules
(14:21) Ending Periodic Password Changes
(19:48) The Importance of Password Entropy and Length
(28:30) Phasing Out Knowledge-Based Authentication
(30:30) The Impact of Password Length on Cracking Time
Episode Resources:
NIST Publication 800-63B
--
To enhance your organization's security posture, consider implementing Hornetsecurity's Advanced Threat Protection. This solution provides AI-powered defense against sophisticated attacks, ensuring your emails and data remain secure. By adopting best practices in password management and utilizing advanced security features, you can significantly reduce the risk of breaches. Protect your business today and stay one step ahead of cyber threats. Learn more about Advanced Threat Protection here.
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity.
The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes.
Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!
Key Takeaways:
Spear phishing attacks have evolved from obvious wire transfer requests to more subtle techniques like initial contact fraud, where threat actors establish a relationship to build credibility.
Tax fraud and W-2 phishing remain prevalent, especially around tax season, as attackers try to obtain personal information like Social Security numbers.
C-suite fraud, where attackers impersonate executives, continues to be a major threat, highlighting the importance of robust processes to verify requests.
Lawyer fraud, targeting enterprises more than smaller businesses, leverages the credibility of legal communications to extort money or gather information.
Gift card fraud has emerged as the top spear phishing attack across enterprises and smaller businesses, as it is less likely to raise red flags than larger financial transactions.
Adaptability and creativity of threat actors are key factors, as they continuously evolve their techniques to bypass security measures and user awareness.
Timestamps:
(03:26) Discussion on initial contact fraud
(07:12) Exploration of tax fraud and W-2 phishing
(13:35) Examination of C-suite fraud and the importance of processes
(19:25) Lawyer Fraud and Enterprise vs. SMB Differences
(23:47) Banking Fraud and Processes
(26:39) Gift Card Fraud
Episode Resources:
Security Lab LinkedIn Group
What is a Spear Phishing attack?
The Top 5 Spear Phishing Examples and Their Psychological Triggers
--
Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks.
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Eric Siron provide a comprehensive monthly threat review. They cover several major cybersecurity incidents and trends from the past month, including:
The massive data breach at data broker National Public Data exposed over 2.9 billion personal information records. They discuss the risks of this breach, such as increased targeted phishing and social engineering attacks.
A joint government agency warning about the Ransom Hub ransomware has impacted over 200 victims since February 2022, including critical infrastructure and high-profile organizations.
A case study of an IT administrator who held his employer's systems for ransom by deploying logic bombs, highlighting the risks of insider threats even within trusted IT teams.
They also touch on the topics of vendor risk management and the history of election tampering and provide recommendations for organizations to mitigate these threats. In conclusion, EP62 provides valuable insights into the ever-changing cybersecurity landscape and offers practical advice for security professionals.
Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!
Key Takeaways:
The National Public Data breach exposed a vast amount of personal information, including names, email addresses, phone numbers, Social Security numbers, and more. This creates risks of more targeted phishing and social engineering attacks.
The continued use of easily abused identification methods like Social Security numbers underscores the urgent need to explore more secure alternatives, such as cryptographic key pairs. This is crucial in reducing the risks of identity theft.
Insider threats from trusted IT staff members can pose a significant risk, as evidenced by the case of an IT admin holding their employer's systems for ransom. Implementing practices like just-in-time administration and least-privilege access is crucial to mitigate these potentially devastating threats.
Overreliance on cloud-based services and a single vendor for critical business functions can lead to vendor risk and single points of failure.
Election security remains a significant concern, with the threat of interference and disinformation campaigns continuing. Ensuring robust cybersecurity measures at the state and local levels is crucial for protecting the integrity of elections.
Timestamps:
(03:17) The National Public Data Breach
(12:21) The Issues with Social Security Numbers
(18:02) The Danger of Insider Threats
(27:10) The Risks of Vendor Dependence
(34:12) Recommendations for Protecting Against Threats
Episode Resources:
Security Lab LinkedIn Group
In-depth analyses from Hornetsecurity’s Security Lab
#StopRansomware: RansomHub Ransomware | CISA
Passkeys in Microsoft Entra: Benefits, Implementation Tips & More (hornetsecurity.com)
How Threat Actors Tamper with Elections (hornetsecurity.com)
--
Secure your organization against the evolving threat landscape! Discover how Hornetsecurity's Advanced Threat Protection, Security Awareness Service, and 365 Total Protection can safeguard your business from data breaches, insider threats, and more. Learn more and protect your organization today!
In this episode of the Security Swarm Podcast, host Andy Syrewicze and our regular guest, Paul Schnackenburg, provide a comprehensive overview of the Microsoft Defender ecosystem. They cover the various Defender products, including:
Defender for Endpoint - Microsoft's enterprise endpoint security solution with different licensing tiers
Defender for Identity - Cloud-based threat detection for on-premises Active Directory
Defender Vulnerability Management - Inventory and risk assessment of software on endpoints
Defender for IoT - Security for Internet of Things and operational technology environments
Defender for Cloud - Cloud security for Azure, AWS, and GCP resources
And Others!
They also discuss the "Defender adjacent" services like Microsoft Entra (identity), Microsoft Purview (data security/governance), and Microsoft Defender for Cloud Apps (CASB).
A key focus of the discussion is the complexity and management challenges that come with this expansive Defender suite. The host and the guest note the large number of different management portals, the difficulty of adequately configuring and leveraging all the features, and the need for dedicated security teams to utilize these enterprise-grade tools fully.
Further down the line, Andy and Paul explore the significant value that third-party security solutions can provide in augmenting or simplifying the M365 security experience. They highlight how third-party tools can offer easier deployment, management, and specialized capabilities that may be outside the core focus of the broader Defender ecosystem, thereby enhancing the overall security posture of an organization.
Overall, this episode takes a deep dive into the Microsoft Defender landscape, exploring the pros and cons of the comprehensive suite and offering insights on how organizations can optimize their security with a mix of Microsoft and third-party solutions.
Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!
Key Takeaways:
The Microsoft Defender ecosystem has grown significantly beyond the basic antivirus/anti-malware solution, now encompassing a wide range of security products and services across endpoints, cloud, identity, and more.
Navigating the Defender suite can be challenging due to the sheer number of products, overlapping features, and disparate management portals, especially for smaller organizations without dedicated security teams.
Licensing for Defender products can be complex, with different SKUs (P1, P2, Business Premium, E3, E5) offering varying levels of functionality and requiring careful evaluation to ensure the right fit.
Third-party security solutions can provide value by offering simplified management, enhanced detection capabilities, and avoiding over-dependence on a single vendor (Microsoft) for an organization's security needs.
Proper configuration and ongoing optimization of Defender tools is difficult and time consuming, leaving the full potential of the suite to enterprises with dedicated security teams.
Microsoft Defender XDR (Extended Detection and Response) aims to integrate Defender products into a more cohesive security platform. Still, it requires significant resources and expertise to implement effectively.
Timestamps:
(02:00) Overview of the Microsoft Defender ecosystem
(07:00) Differences between Microsoft Defender for Endpoint P1, P2, and Business Premium
(13:00) Explanation of Microsoft Defender for Identity and its on-premises vs cloud components
(19:00) Discussion of Microsoft Defender Vulnerability Management and its challenges for small/medium businesses
(32:00) Value that third-party security solutions can provide compared to the Microsoft Defender suite
Episode Resources:
Security Swarm Episode on M365 Security Licensing
--
Overwhelmed by the complexity of the Microsoft Defender ecosystem? Simplify your Microsoft 365 security, risk management, governance, compliance, and backup with 365 Total Protection by Hornetsecurity.
In this episode of the Security Swarm Podcast, host Andy and his guest Michael Posey discuss the email authentication protocols of SPF, DKIM, and DMARC. They explain what these protocols are, how they work, and why they are important for protecting against email spoofing and impersonation attacks.
Michael shares his insights from working with MSPs and the channel, noting that while these protocols are not overly complex, they are often overlooked or misunderstood by IT professionals. The hosts dive into the specifics of each protocol - SPF defines which mail servers are allowed to send email for a domain, DKIM adds a cryptographic signature to validate the message's origin and integrity, and DMARC ties the two together to specify how receivers should handle authentication failures.
The discussion covers the benefits of these protocols in improving email security and reputation, as well as the importance of adopting them industry-wide to reduce impersonation tactics used by threat actors. The hosts also touch on the history of cryptography and the need to layer security controls rather than relying on any single solution. Overall, this episode provides a comprehensive overview of these essential email authentication standards.
Key Takeaways:
SPF allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. This helps prevent domain spoofing.
DKIM Uses cryptographic digital signatures to verify that an email message was sent by the owner of a given domain and has not been tampered with in transit. This adds an extra layer of authentication.
DMARC Brings SPF and DKIM together, allowing domain owners to specify how the receiving mail server should handle messages that fail authentication checks (e.g. quarantine, reject). This provides a standardized policy for handling unauthenticated emails.
The adoption of these email authentication protocols is increasing, with SPF now used by over 90% of domains. As more organizations implement these standards, it becomes harder for threat actors to successfully impersonate domains through email.
While these protocols are valuable tools, they should not be relied upon as the sole security measure. They are one layer in a comprehensive email security strategy that also includes user education, spam filtering, and other security controls.
Timestamps:
(05:50) SPF (Sender Policy Framework)
(11:23) DKIM (DomainKeys Identified Mail)
(16:11) How DMARC brings SPF and DKIM together
(21:32) Key Protocols for Security and Compliance
(24:11) Defense in Depth
Episode Resources:
DMARC Pro Tips
What is SPF?
What is DKIM?
In this episode of the Security Swarm Podcast, host Andy and his regular guest, Eric, talk about the worst workplace security practices they've seen. From weak password policies to unsecured devices and poor data management, they share real-life stories and insights that will make you cringe - and hopefully inspire you to tighten up your organization's security posture.
They also discuss the importance of employee security training, the challenges of software patching, and the dangers of "security by personality" - when people make decisions based on gut feelings rather than data. It's a candid, sometimes humorous look at the security nightmares that keep IT pros up at night.
Whether you're an infosec professional or just someone who wants to keep your company's data safe, this episode is packed with valuable lessons. Grab a pen and paper - you'll want to take notes on what not to do when it comes to workplace cybersecurity.
Key Takeaways:
Timestamps:
(00:00) Welcome to the Security Swarm Podcast
(03:19) Exploring Weak Password Policies
(11:26) The Importance of Employee Security Training
(19:16) Unsecured Devices: A Dangerous Vulnerability
(27:34) Mismanaging Data: Risky Business
(37:40) The Perils of Ignoring Software Updates
(45:30) Security Decisions Driven by Personality, Not Data
Episode Resources:
Password Verifiers
Security Risks of Always on Remote Access
GM shared our driving data with insurers without consent, lawsuit claims
In this episode of the Security Swarm Podcast, host Andy is joined by Umut Alemdar, Head of Security Lab at Hornetsecurity, to explore the escalating threat of election interference by cyber threat actors across the globe. They talk about motivations driving these actors and the various tactics used to infiltrate political parties, target election equipment, and spread misinformation, including the use of deepfakes.
The episode also revisits significant cases of election meddling, from the 2015 German Bundestag hack to the 2020 Iranian hack of U.S. city election websites, highlighting the ongoing risks. Andy and Umut conclude with strategies to combat these threats, emphasizing the importance of policy changes, enhanced public communication, and rigorous cybersecurity training for election officials.
Key Takeaways:
Timestamps:
(01:00) Introduction and Categorizing Threat Actors
(08:00) Infiltrating Political Parties and Targeting Election Equipment
(09:44) Consequences of Spreading Misinformation
(14:00) Past Attacks: Germany, France, and Ukraine
(21:32) US-Based Attacks: 2016 Presidential Election and Breaching City Websites
(28:30) What Can Be Done? Policies, Communication, and Monitoring
Episode Resources:
EU Sanctions Russian Hackers for German Bundestag Hack
Webinar containing deep fake materials
Washington Post Article about Local Election Website Hacks
In today’s episode of the Security Swarm Podcast, Andy and Eric Siron discuss the Monthly Threat Report of August 2024. They cover the aftermath of the CrowdStrike incident, Microsoft's proposed enhancements to improve the security of their ecosystem, as well as the discovery of a vulnerability in AMD processors that could allow persistent malware.
Additionally, they discuss the emergence of new AI jailbreak attacks, which can bypass content restrictions and generate harmful outputs and a VMware ESXi vulnerability that could allow attackers to gain access to virtual machines.
Key Takeaways:
Timestamps:
(01:00) CrowdStrike Incident and Lessons Learned
(04:14) Importance of Proper Software Testing and Development Processes
(7:21) Potential Consequences of Rushed Software Updates
(28:18) AI Jailbreak Attacks and Generative AI Risks
(33:43) VMware ESXi Vulnerability and Potential Ransomware Implications
(37:53) Bumblebee Loader and the Threat of Rapid Active Directory Compromise
(39:41) HealthEquity Data Breach and the Normalization of PII Breaches
(40:17) Anonymous Sudan and Their Disruptive DDOS Attacks
(41:54) Cyber Attacks on the Olympic Games and the Role of Nation-State Actors
Episode Resources:
Full Monthly Threat Report
Podcast episode on Anonymous Sudan
AMD CPU Vulnerability Info
Webinar where Andy covers the ways threat actors use Generative AI
VMware ESXi Authentication Bypass Exploit
Security Swarm Podcast re: threat actor attacks on the Olympic Games
This episode of the Security Swarm podcast features guest Eric Siron, a Microsoft MVP in cloud and data center management. Eric works primarily with healthcare organizations and small-to-medium businesses, helping them navigate security and IT challenges. The episode focuses on the important topic of vetting and selecting third-party software vendors.
Andy and Eric discuss the recent CrowdStrike incident that caused major disruptions for many businesses. They use this as a case study to explore best practices for evaluating vendors, including assessing their security track record, testing their solutions thoroughly, understanding their update and patch management processes, and having contingency plans in place in case of vendor failures.
Key takeaways:
Thoroughly vet third-party vendors before choosing them, looking at factors like their security track record, update/patch processes, and internal testing procedures.
When evaluating vendors, focus not just on features and capabilities, but also on their stability as a company, their customer base, and their ability to handle issues and outages.
Develop contingency plans and mitigation strategies for when a critical third-party vendor experiences issues or outages.
Assume that failures will happen, and be prepared for them.
Timestamps:
(02:20) - CrowdStrike Incident
(04:17) - Vetting Third-Party Vendors
(11:42) - Compliance and Industry-Specific Considerations
(13:46) - Detailed Testing of Solutions
(19:26) - Common Problems with Third-Party Vendors
(22:40) - The CrowdStrike Incident and Vendor Processes
(29:10) - Mitigation Strategies
Romain Basset is back for another podcast episode. Today, Andy and Romain discuss the notorious threat actor group, Anonymous Sudan. They explore who this group is, their affiliations, motivations, and the tactics, techniques, and procedures (TTPs) they employ.
The discussion includes an overview of various types of threat actor groups, situating Anonymous Sudan within this landscape, and providing a detailed background on the group's emergence, targets, and the significant impact of their attacks.
Key Takeaways:
Timestamps:
(02:43) - Categories of Threat Actor Groups
(05:44) - Ties Between Anonymous Sudan and Russia
(10:59) - Tools Used by Anonymous Sudan
(15:47) - Techniques and Procedures of Anonymous Sudan
(24:08) - Typical DDoS Attack Procedure
Episode Resources:
Next-gen Microsoft Security and Compliance Management to meet your Requirements
The podcast currently has 91 episodes available.
1,918 Listeners
770 Listeners
352 Listeners
78 Listeners
7 Listeners
60 Listeners
909 Listeners
7,617 Listeners
9 Listeners
84 Listeners
14 Listeners
28 Listeners
22 Listeners