Week in Review: Agriculture ransomware increase, Congress challenges CISA cuts, Disney's slacker hacker - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines: Week in Review Summary

Episode Title: Week in Review: Agriculture Ransomware Increase, Congress Challenges CISA Cuts, Disney’s Slacker Hacker
Host: CISO Series
Release Date: May 9, 2025
Guest: Dan Holden, CISO at BigCommerce

1. Introduction

In this episode of Cyber Security Headlines, hosted by David Spark from the CISO Series, the discussion centers around three major cybersecurity stories from the past week:

Increase in Ransomware Attacks on the Food and Agriculture Industry
Congressional Challenges to Homeland Security Secretary Kristi Noem Over Proposed CISA Cuts
Disney’s Slack Account Breached by a “Slacker Hacker”

Joining David Spark is Dan Holden, CISO at BigCommerce, providing expert insights and analysis on these topics.

2. Ransomware Attacks on Food and Agriculture Industries

Overview: Ransomware attacks targeting the food and agriculture sectors have seen a significant uptick. Jonathan Braley, Director of the Food and Agriculture Information Sharing and Analysis Center (ISAC), reported 84 attacks from January to March, more than double the number in Q1 2024. Many of these attacks go unreported, obscuring the true scale of the issue. These industries are particularly vulnerable due to reliance on legacy equipment and outdated operational technologies (OT).

Dan Holden’s Insights:

Legacy Infrastructure Vulnerability: Dan emphasized that legacy systems in these sectors are prime targets for attackers due to their outdated security measures. ([02:43])
Increased Cost of Doing Business: The rise in cyber threats adds to the escalating costs of operations, especially for low-margin businesses like grocery stores. Dan highlighted the need for CISOs to communicate that cybersecurity challenges are part of the broader increase in business costs. ([04:00])
Impact on Operational Technology (OT): While ransomware often originates from the IT side, the consequences cascade into OT, affecting critical operations. ([05:16])

Notable Quote:

“The cost of doing business is going up because it's now more challenging on multiple fronts.” – Dan Holden ([04:00])

3. Congress Challenges CISA Funding Cuts

Overview: Homeland Security Secretary Kristi Noem faced scrutiny from Congress regarding the Trump administration's proposal to reduce CISA’s funding by $491 million. Critics argue that these cuts undermine efforts to secure critical infrastructure amid rising international tensions. Noem defended the cuts by asserting that CISA is focusing more on securing critical infrastructure rather than "censorship."

Dan Holden’s Analysis:

Defining Critical Infrastructure: Dan stressed the importance of clearly defining what constitutes critical infrastructure. Historically, sectors like ISPs, financial services, and large retailers were deemed critical, especially highlighted during the COVID-19 pandemic. ([06:39])
Importance of ISACs: He advocated for the continued support and membership of Information Sharing and Analysis Centers (ISACs), which provide high ROI by fostering collaboration and threat intelligence sharing among organizations. ([10:08])
Impact on Businesses: Reducing CISA’s capabilities could erode the support systems that many businesses, especially SMBs, rely on for cybersecurity resources and tools.

Notable Quote:

“Start with defining what we're talking about when we say critical infrastructure... and then you can start to make your arguments after the fact.” – Dan Holden ([07:29])

4. Disney’s Slack Account Breach by Ryan Mitchell Kramer

Overview: In July, The Walt Disney Company experienced a significant data breach involving its Slack channels, resulting in the theft of over one terabyte of data. Initially suspected to be a Russian hacktivist group, it was later revealed that a 25-year-old California resident, Ryan Mitchell Kramer, was responsible. Kramer distributed a malicious AI art generation app, which a Disney employee unknowingly downloaded, compromising login credentials and granting access to Disney’s Slack account.

Dan Holden’s Commentary:

Security Assumptions: Contrary to popular belief, large corporations like Disney are not immune to fundamental security lapses. Dan pointed out that scale and consistency in security policies are challenging, even for Fortune 2000 companies. ([11:13])
Insider Threats and Third-Party Risks: With complex business ecosystems, protecting against insider threats and ensuring that third-party contractors adhere to strict security protocols is crucial. ([12:17])
Legal Implications: The case against Kramer, who accepted a plea deal, highlights the need for robust legal frameworks to address cybersecurity breaches, especially when they involve international actors or complex legal jurisdictions. ([13:59])

Notable Quote:

“Do not assume just because it is a Fortune level company that their security program is top notch.” – Dan Holden ([11:13])

5. NSO Group Ordered to Pay WhatsApp $167 Million in Damages

Overview: After a prolonged legal battle, a jury ruled that NSO Group must pay Meta’s WhatsApp $167 million in punitive damages and nearly half a million in compensatory damages. This verdict is hailed as a significant victory against illegal spyware activities that compromise user privacy and safety. NSO Group has indicated plans to appeal the decision.

Dan Holden’s Perspective:

Vulnerability Exploitation: Dan discussed the broader implications of vulnerabilities being weaponized by state actors and rogue entities. He underscored the importance of public awareness and regulation to mitigate the misuse of such tools. ([16:13])
Regulatory Impact: While the ruling sets a precedent, Dan noted that financial penalties alone may not suffice to deter sophisticated cybercriminals who operate with substantial resources. ([18:06])

Notable Quote:

“Moving towards something that's more regulated and understood is a better place to be.” – Dan Holden ([17:00])

6. Telemessage Suspends Operations Amid DOJ Investigation

Overview: Telemessage, a federal contractor that provided a modified version of the Signal app named TMSGNL to senior US officials, has suspended operations following a security breach. Security researcher Micah Lee discovered that the app stored chat logs in plain text, contrary to its marketed end-to-end encryption claims. The company experienced two separate hacks, leading to the exposure of sensitive data.

Dan Holden’s Insights:

Due Diligence Failures: Dan criticized Telemessage for either lacking proper due diligence or failing to enforce security standards, resulting in compromised data. ([19:58])
Legal Repercussions: He highlighted the legal liabilities that arise when contractors fail to protect sensitive information, emphasizing the need for comprehensive security audits and accountability. ([20:03])
Appreciation for Cybersecurity Research: Dan expressed gratitude for independent researchers who help uncover such vulnerabilities, reinforcing the importance of the cybersecurity community in maintaining system integrity. ([21:25])

Notable Quote:

“If you don't do your due diligence, then it's going to happen.” – Dan Holden ([20:03])

7. PowerSchool Hacker Extorts Individual School Districts

Overview: Following a ransomware incident in January, PowerSchool, an education technology company, discovered that the same threat actor is extorting individual school districts using stolen data. Despite PowerSchool’s claims of resolving the issue by deleting the stolen data, at least four school boards have received extortion demands, indicating ongoing risks.

Dan Holden’s Analysis:

Cost of Business and Ransomware: Dan emphasized that cybersecurity is now a fundamental part of business operations and costs. He suggested that CISOs need to frame cybersecurity expenses as integral to the cost of goods sold. ([23:10])
Ransom Negotiations: He discussed the complexities of dealing with ransomware brokers, who may operate independently of the actual threat actors, complicating attribution and response strategies. ([24:00])
Societal Impact: This incident underscores how ransomware affects not just large enterprises but also essential services like education, highlighting the pervasive nature of cyber threats. ([25:11])

Notable Quote:

“If you're a CISO, you've got to be arguing that fundamentally you're now a part of the cost of goods.” – Dan Holden ([24:10])

8. Closing Remarks

In wrapping up the episode, Dan Holden reflected on the overwhelming volume of cybersecurity news and the importance of platforms like the CISO Series in helping professionals stay informed. David Spark encouraged listeners to engage with the community through live events and social media, fostering a collaborative approach to tackling cybersecurity challenges.

Final Notable Quote:

“It's increasingly difficult to keep up with the news cycle, which is why programs like this are so valuable.” – Dan Holden ([26:40])

Conclusion

This week's episode of Cyber Security Headlines provided an in-depth analysis of significant cybersecurity incidents affecting various sectors, the implications of funding cuts to critical security agencies, and the ongoing legal battles against cybercriminal entities. With expert commentary from Dan Holden, listeners gained valuable perspectives on the evolving threat landscape and the strategic considerations for CISOs in mitigating these risks.

For more detailed discussions and expert insights, tune in to future episodes of the CISO Series or visit CISOseries.com.

Loading summary

Transcript37 lines

[00:00]
David Spark
From the CISO series, it's cybersecurity headlines. Ransomware Attacks on Food and Agriculture Industries See Growth Congress Challenges Gnome Over Proposed CISA Cuts and Slacker Hacker Whacked for Disney Slack Attack. These are some of the stories that my colleagues and I have selected from this past week's cybersecurity headlines. And we're now looking forward to some insight, some some opinion and some expertise from our guest Dan Holden, CISO over at BigCommerce. Dan, I know it's been a week. I'm not going to ask how your week was in cybersecurity. I'm just going to ask, are you happy to be here?
[00:38]
Dan Holden
Well, longtime fan, first time guest, and yes, I'm glad that it's Friday and glad to be here.
[00:44]
David Spark
All right, we'll get into these in just one second. Before we do, we have to thank our sponsor for today, threat locker zero trust endpoint protection platform. Remember to join us on YouTube live. You can contribute. Your comments help make the show better. And if you have a question of how to do so and you're watching this one, you already know how to do it, you're on YouTube. Just join us live. But if you're catching the podcast later or something like that, head to CISO series.com, look for our events page and check out the Cybersecurity Headlines Week in Review image. Or you can just go and subscribe to our YouTube channel and get notified whenever we go live. If you're one of those people that clicks the bell, we will take the bell click. We will do our best to address all of our comments that we're getting in the show. The chat room's already lightening up. I see ccl, Michael Vending, the big boss man, David Sparks, and of course TJ Williams in there. So help make the show better. Contribute in there. Let us know what you think of the stories. Can't wait to see your thoughts. We're just about jump into the news. We've got about 20 minutes. Just a reminder though, that all of Dan's opinions here are his own, not necessarily those of his employer, his staff, his loved ones, casual acquaintances or anything like that. We're just getting straight from Dan. First story here, ransomware attacks on food and agriculture industry see growth. Speaking at rsa, Jonathan Braley, director of the Food and Agriculture Information Sharing and Analysis center, said that paired with the increase in ransomware attacks, 84 attacks from January to March and that's more than double the number of seen in Q1 2024 is the fact that many go unreported, preventing visibility into the full scope of the problem. These sectors typically face ransomware attacks because they tend to have legacy equipment and industrial control systems, the old OT conundrum making them easier targets. So Dan, we regularly cover stories on this show about, I guess what we could call neglected corners, which is the infrastructure systems that we see every day but never consider to be under threat. I'm curious, do you have any thoughts about what the food and agriculture sector is suffering here?
[02:44]
Dan Holden
Yeah, I think, you know, historically, whenever we come up with new infrastructure, cast your mind back to, you know, the early days of virtualization, then mobile, SaaS, cloud, et cetera, right? And so whenever we figure out a way to have new infra attackers chase us there. Now what's interesting about that is we've gotten better at security on those infrastructure types, right? Because it's the first thing we all talk about. The moment we talk about new infrastructure. Let's consider AI as a part of that for the, for the sake of argument and discussion. And so if you look at threats like ransomware or DDoS that have been around for decades and decades, you know, in this case, it's kind of going down market, it's going backwards because the new infrastructure is actually more secure and more well taken care of because it's new. It's the same dynamic of, let's say, us as infrastructure versus a country that has built theirs more recently, whereas we built ours, you know, 100 or more years ago. I think, I think the other aspect of it is that regardless whether you're modern and cloud based or whether you're on legacy, infra, let's call it fundamentally, I think that the cost of doing business is going up. And the interesting aspect about agriculture is, you know, especially let's talk about grocery stores, you know, that's a low margin business. It's all about scale and differentiation and you've really got to watch your margins. I think what's going to begin to dawn on people in kind of a post Covid world is that fundamentally, yeah, the risk is going up the threat landscape, blah, blah, blah. But those pressures are not just coming from attackers, they're also coming from your partners and your customers. And so I think fundamentally we've got to figure out a way, especially as CISOs, to potentially highlight the fact that, hey, it's not just me asking for more budget or talking about problems more or differently. It's also about the cost of business is going up because it's now more challenging on multiple fronts. And yeah, you know, whether it's ransomware or anything else, that's a dynamic you have to consider.
[05:00]
David Spark
Yeah, absolutely. I love that idea of, yeah, just tying that to the cost of business. Quick question, I guess from CCL here, is the ransomware for OT specifically or just from the IT side, which impacts the OT side as a consequence? Dan, any quick thoughts there?
[05:17]
Dan Holden
More often than, than not as a consequence, you know, everything is, that's the interesting thing, right? I mean, even our legacy data is digitalized in some way or transported digitally in some way. So yeah, I think, you know, it doesn't matter if you're a grocer, agriculture or a pipeline, you know, ransomware is going to hit you. I think the ot, certainly you're going to see that in targeted attacks, but ransomware is fundamentally a very large scale kind of operation in business these days.
[05:48]
David Spark
All right, next up here, Congress challenges Noem over proposed CESA cuts. On Tuesday, Homeland Security Secretary Kristi Noem faced tough questions from members of Congress about the Trump administration's proposal to cut CESA's funding by $491 million as part of their so called skinny budget. Noem got flak from representatives who said this is eroding a platform at a time of international tensions, while Noem countered by saying that CISA is now focus on securing critical infrastructure instead of quote, unquote censorship. So, Dan, we tried to avoid getting political on this show, so I just want to take this on the facts alone here. I'm curious, what do you think CISOs would or should do if CISA could no longer do what it has been doing over, I'm going to say, the last two previous administrations.
[06:40]
Dan Holden
I think any of us could challenge it, but I'm going to challenge it in this particular way. Increasingly, the economy is viewed as critical infrastructure. And I don't know why we wouldn't consider it that way. So over the last, Again, at least 15 years, if not longer, your ISPs are considered critical infrastructure, your financials are considered critical infrastructure. So it's that old 90s quote of Depends on what the definition of is, you know. So what's your definition of critical infrastructure? Well, during COVID some really large retailers were essentially considered critical infrastructure. Your Home depots, Lowe's, Walgreens, CVS's, et cetera. Right. Everyone was relying on those very large retailers because they could touch most communities in America. So let's start with defining what we're talking about when we say critical infrastructure. And then you can start to make your arguments after the fact. But I think you've got to start with that, that kind of baseline and then go from there. Fundamentally many, many businesses and not just your fortune level. Right. Goes way down into small cap and SMB. Everybody was relying on this and you start to take it away. It doesn't matter whether you're talking CISA or whether you're talking Social Security, people are going to get, you know, rightly a little antsy. You start taking away something that they've essentially built process and businesses around.
[08:15]
David Spark
Yeah. And building those partnerships was such a huge part of what CISA had been doing the last couple of years. You know, putting out free toolkits, working with private industry to bring free tools, you know, to SMBs or to mid market or you know, to, to people that just, you know, can't afford the cutting edge of security tooling and stuff like that. Trying to raise that cybersecurity poverty line in a meaningful way and it's not even knowing that that's going to be cut. It's putting that ambiguity in there. Right. Like going from having a partner, like a partner from a government agency to potentially not could do just as much damage as an overall cut in a lot of ways, I think.
[08:50]
Dan Holden
Yeah, let me, let me connect the two stories here. I would say the great thing about the last story was the connection to the agriculture isac and I would say that every ISAC is of course monitoring this very closely. Most of them are tied to DC in some form or fashion and are able to represent if, if any of y' all are not members of and have access to an isac. I would definitely tell you that it's one of the highest ROI things you can do and it allows a large group of other what would otherwise potentially be competitive, have a lobby that's specific to security, not just, you know, their vertical. So I highly suggest the isac. I'd always say, I like the term you use there, you know, security. I mean that's the issue. The Fortune companies can afford to, if need be to, to, to get a private solution if they need to, you know. Right. You know, something custom built a threat intel capability from a vendor and, and they can figure that out. But the farther down market you go, the more difficult that becomes. And so fundamentally it goes back to my previous comment. This is going to raise the cost of doing business.
[10:09]
David Spark
Before we move on to our next story, I just got a shout out to the chat room just having a conversation about stuxnet. If you haven't joined us for one of These weekend review shows, you got to get in there. You never know what's going to pop up. It's always a good time. Next story up here, Disney Slack attacker turns out to be Ryan from California. Last July, the Walt Disney company suffered the theft of more than one terabyte of data through its Slack channels, which last I checked, a lot. And a Russian hacktivist group was suspected. Turns out that 25 year old California resident Ryan Mitchell Kramer simply published a supposed AI art generation app that was loaded with malware. A Disney employee downloaded the program, allowing Kremer to nab login credentials for various accounts in their name and that included the Disney Slack account. So Dan, one of the most recognizable brands in the world, Disney seems like they should have one of the best cybersecurity departments in the world. Yet pretty fundamental error of, oh, this shady, unverified software. Let me just install this as a ciso, how would you explain this type of error to employees or even to senior management?
[11:13]
Dan Holden
Well, I don't think this is a hot take at all, but I have been selling and working for Fortune companies my entire career. What I would tell you all, first off is do not assume just because it is a Fortune level company that their security program is top notch. It is not the case. Large companies have to concern themselves with a lot of things and scale is very, very difficult. Consistency at scale is incredibly difficult. So one, just because they're the fortunate 2000 doesn't actually mean that they've actually got everything kind of shored up. Especially from a policy perspective, especially from a third party review perspective. Those things are really difficult to scale and gain consistency, especially if you're dealing in a non digital kind of native environment. Right. Whether you're talking brick and mortar or whatever the case might be. So I kind of goes back to there's going to be a theme here today.
[12:18]
David Spark
I like it.
[12:20]
Dan Holden
The, the pressure on every company is increasing in terms of the expectation primarily from enterprise partners. Right. As individual citizens we have far lower expectations. As you know, these companies will get breached and we'll just keep buying from them. And we've proven it time and time again. However, at the enterprise level it's a different dynamic. And so certainly Disney's in the middle of several massive business ecosystems. And increasingly I would tell you what you're seeing from RFIs coming in from prospects isn't just about how you keep the attackers out. It's what the employees have access to. Think of all the contractors that are used at companies and so your partners aren't just interested in how you're defending yourself but how you're defending them against your own employees. And I think that's something that now the insider threat's been a topic forever but everybody kind of pushed it off and said, oh well, you know, what are the odds? That dynamic has shifted incredibly. Not to mention you've got attacker groups of course now call it contracting rogue employees. So the, you know, the, and the fake employee aspect which has been in the news, you know, for years now. So times have a changed.
[13:43]
David Spark
And shout out to my producer Steve for letting me know Kramer has agreed to a plea deal. According to media accounts, one count of accessing a computer and obtaining information, one count of threatening to damage a protected computer. So some, some resolution there I guess pretty quick to accept the deal there.
[14:00]
Dan Holden
So I will say that's awes also typically, especially if you're a North American centric business, your primary control for insider threat is, is a, is a legal one where this gets hairy. And I think as a ciso you've really got to start to think about it is how international is your business, how international is your employee base and will you have decent enough legal capability if they're based in another geo here in the States or North America, not such a bit. Right. And obviously if we're partnered, well with the country that they're in, not such a big deal. But you know, so many businesses these days are international and that adds complexity to that kind of situation.
[14:38]
David Spark
We will talk about legal recourse more in our next story. But first we have to spend a moment with our sponsor for today, ThreatLocker. Threat Locker is a global leader in zero trust Endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com CISO that's T H R E A T L O c k e r.com CISO NSO Group to pay WhatsApp $167m in damages On Tuesday, after a five year legal battle, a jury ruled that NSO Group must pay the Meta owned platform this amount in punitive damages along with almost half a million in compensatory damages. A WhatsApp spokesperson hailed the ruling as the first victory against illegal spyware that threatens the safety and privacy of everyone. NSO Group said it plans to carefully review the details of the verdict and left the door open for an appeal because lawyers have to. Lawyer Dan Weapons of war, including spyware, will never go wanting for buyers. Pegasus certainly one of the more successful spyware apps we've seen to date, or at least the ones that we've seen in the headlines the most. I guess this makes financial penalties potentially appear trifling in comparison when, you know, you might have some, some, some big spender money train waiting to still buy your goods. Do you think this ruling will make any difference or, you know, are we just going to be another five years in appeal over here?
[16:14]
Dan Holden
Both. This is. Yeah, I'm with a lot of folks. This is a fascinating topic. I mean, you know, vulnerabilities is where so many of us started back in the 90s. Much of my career was spent discovering, disclosing and exchanging vulnerabilities, whether I was with X Force or zdi. So it's something I've got a lot of background with. But fundamentally, vulnerabilities are used for all sorts of sketchy things and governments are generally behind it. What I do like about this is I've it's going to happen. You know, I mean, America probably has more zero day in its back pocket than any other country or entity on the planet. The question is, how are you using them and what are you using them for? And I think any of us, that's really where our questions and concerns kind of come into play. Right. Is it being used as a weapon like the rest of our military capability, or used to spy like our intelligence capability, or is it being used in some kind of rogue way or by rogue parties that, that we're not necessarily in agreement with? And so it is heavy on the geopolitics. But what I like here is that every little bit kind of matters. You know, moving towards something that's more regulated and understood is a better place to be. These vulnerabilities have always kind of been hidden in the shadows and we've now got some books and things have come out, so people are far more familiar with it. But it's something that has been there all along. And I think the more public it becomes and the more folks kind of know what they're up against, whether as businesses, governments or. But especially citizens, the better off we are. So it's a conversation that's always been there, but now I think there are more people involved in that conversation. And as society, that's generally helpful.
[18:07]
David Spark
Yeah. And Michael Vending makes also a great point in terms of precedence that, you know, effectively this is meta doing the legwork to start the ball rolling and a lot of other lawsuits that for. For other parties that may not have the ability to go through a five year legal battle, which I don't think that's very many or at least willingly to do. So. So. So, yeah, really great point, Michael. I appreciate that.
[18:26]
Dan Holden
Yeah. One more comment on that. It can have two effects. Either it can become more regulated and or safer, however you want to think about it, or you can drive it right back down into the underground and the sketchy place that it is originated from. So it could potentially be a double edged sword. But fundamentally, the more people that are familiar with how this has been working now for decades, the more we talk about it, hopefully we end up in a better place where that might be.
[18:54]
David Spark
I don't know, the old law of unintended consequences. Always good to keep that in mind. Next up here, Telemessage suspends operations and faces DOJ investigation over plain text chat logs. Always something we love to hear. Telemessage is a federal contractor that sold a modified version of signal called TMSGNL to senior US Officials to other parties as well. But it's the officials that got it in the news. Despite its marketing claims suggesting end to end encryption, security researcher Micah Lee analyzed the app's Android source code and found it was insecure, confirming telemessages access. The company was recently hacked twice leaking sensitive data and prompting it to suspend operations. Let's say it with me here, Federal contractor. A federal contractor. We don't have to focus on telemessage itself necessarily. But I'm curious. Why did it take an external researcher to discover a federal contractor's practice of storing confidential data in like a weird forked cloned app that stores stuff in plain text? Why does this take an independent researcher here, Dan?
[19:58]
Dan Holden
Well, if they don't add you to the group chat, you got to do it yourself.
[20:02]
David Spark
Okay, okay, sorry.
[20:04]
Dan Holden
Sorry about that one, y' all. It goes back to what we were talking about earlier. I think this is either a fundamental breakdown of due diligence or, or they're gonna. Yeah, you get sued out of business. Right. In other words, they, they were posed with questions. If you're in the government or at any kind of, you know, again, enterprise kind of level, you're. You're doing that kind of due diligence. So either they didn't do it, which was a problem, or they did do it and somebody lied or, you know, some other issue there. But fundamentally it goes back to what we've been talking about. Cost of business is going up doesn't matter who you are. And if you don't do that due diligence, you better have legal repercussions and ensure that you've got a paper trail. Because in these kinds of situations, somebody wants to know who's at fault, and that's what it comes down to. Right. And every single one of these legal kind of issues, it's all going to come down to who was at fault. And if you didn't do your level of due diligence, then it's going to happen. You know, more fingers will get pointed at the buyer, potentially than the ones that got breached.
[21:11]
David Spark
Yeah. And TJ rightly points out here we are thankful for the researchers. I agree. I am very thankful that there are people that do this work and say, hey, let me just look at the. The old logs here, see if I could read them.
[21:26]
Dan Holden
It's a very simple statement, but what a very powerful and agreeable statement. TJ with you on that. It's been core to our industry now for three decades, and we've got a lot of good success stories. So it shows that there's still a very real, meaningful kind of aspect of security that has been consistent now for 30 years. And I think we all appreciate the hell out of that.
[21:55]
David Spark
Our last story here for today. PowerSchool hacker now extorting individual school districts. Following up in a story that we've been covering since January, the education technology company PowerSchool now says that despite having paid a ransom, the same threat actor is now attempting to use the stolen data to extort the individual school districts that it worked with. PowerSchool has expressed confidence that the incident has been resolved, had been resolved, telling bleeping computer that the hacker shared a video which purportedly showed the data being deleted. Apparently this was not the end of the story, as at least four school boards have been contacted with extortion requests. Dan, I have to go really quick. The wallet inspector is here. They just need to look at my bankroll real quick here. To be fair, we know that the most sophisticated cybercrime groups are very good at customer service. Like that is a value add to them, making it very likely they could be believable when promising to delete the data in what could have been seen as a business deal. That's increasingly how we're framing these. This is the cost of doing business. Can you afford to stay down? If you can recover faster, is it worth the expense? Outside of all the other ransomware discussions, that is certainly part of it. I'm curious, though, what can Cybersecurity teams learn from this specific exchange, at least as it's developed so far.
[23:10]
Dan Holden
Yeah. I mean, to your comment, since we've got a theme of cost of business going up, where is the CFO going to see that? I mean, it's, it's on your income statement, it's a part of your opex. And I think if you're a ciso, you've got to be arguing that fundamentally you're now a part of the cost of goods. That's a very different place than where we've historically come from talking about brand damage. Now it's fundamentally about, hey, whatever the product is, you know, the whole baked in sort of, you know, culture and dynamic is becoming very real. So, hey, y' all, we're getting there, and that's good. In the case of ransomware, I mean, typically it's brokers that are selling, you know, these, these entities that have essentially already been popped. And so if I'm having to place a bet in Vegas on this, sir, it's certainly easy to say, oh, yeah, the same attackers, you know, sold these people out and lied and they're criminals and taken. But more often, not with ransomware. You know, you've got brokers selling these things, and it's entirely possible that the broker sold access to these and not actually the ransomware gang that, that did the hit, so to speak. That's probably where I'd place my bet on this. It's a tough situation to be in. You know, again, we're all going to learn these lessons endlessly until, you know, we're, we're good at defending, but like I said, I think increasingly we're seeing that everything is going down market, cross market, cross vertical, however you want to look at it. And it's just increasing, increasing the cost. And I don't know that we're really talking about that enough because historically. Right. You know, in security, we were always talking about governments and financials, and I think everyone's finally realizing that it hits all of us as citizens every day. And I think this is a great example of that. It's something that is going to have to be essentially baked into everything we do, because society has expectations and none of us like to be inconvenienced.
[25:12]
David Spark
Michael Vending has kind of an interesting thought here. I wonder if ransomware groups hold each other accountable or maybe could, like, throwing this out here, tragedy of the commons type situation. I. I like that. Like, hey, you'll give us a bit, like, people will be less likely to negotiate with Us, if you do this sort of thing or if someone associated with you or another data broker, I mean, like, I don't think so, but it's certainly an interesting idea, Michael. I appreciate the, the creative thinking on that.
[25:41]
Dan Holden
Right. It's entirely possible. Right. Because essentially who's taking the reputation hit here was the ransomware gang. But if the broker is at fault, the only ones they are going to catch flak from will be that ransomware gang. Meaning so, so if that's what took place, they will no longer be buying, you know, that ransomware gang won't be buying from that broker again. You know, they might have been fine with that. They might think, well, we're going to make more money reselling these than, than we were going to make from you anyway. But hey, man, it's entirely possible they.
[26:10]
David Spark
Are running a business too.
[26:11]
Dan Holden
So, yeah, very successful and profitable one.
[26:16]
David Spark
All right, well, thanks to everybody that submitted comments. T.J. williams, CCL, Michael Vinding, the big boss man, David Spark was in there as well. Our own producer, Steve Prentice, helping us give breaking news updates during the course of the show. All super appreciated. Very cool stuff. Before we get out of here with you, Dan, was there any story that was a thumbs up or an eye roller for you just in the rundown in general or in the news of the week?
[26:41]
Dan Holden
I think the whole week is an eye roller for me. But it's, let me say the whole news cycle is the eye roller of the week for me. It is increasingly difficult to keep up with it, which is why programs like this are so valuable. So there's my plug.
[26:57]
David Spark
Well, thank you very much. It's always our pleasure to put this on each and every week and it's our pleasure to have you on the show. Dan Holden, CISO over at BigCommerce. Thank you so much for helping us stitch all these stories together, finding the theme kind of underlying all of these and just kind of giving us just some new perspective on these. Like kind of what this means for, you know, for how cybersecurity is positioned in organizations kind of going forward. I really appreciate that. I gotta ask, where can people find you on online and maybe in the real world if they are so inclined?
[27:30]
Dan Holden
Yeah, I'm not Dan Holden, but Desmond Holden on LinkedIn and Twitter. And I'll be speaking at RVA SEC in Richmond, Virginia, first week of June. And so feel free to reach out and happy to be a part of this community for 30 years now, y' all. Thanks for having me.
[27:49]
David Spark
We will have link to both of those in our show notes, so make sure you check those out. Also, big thank you to our sponsor for this week, Threat Locker Zero Trust Endpoint Protection Platform. Thanks again to our audience. Make sure you come back. Tell your friends. Have them come to the show. They can. They can get educated. They can have some fun talking about some other piece of historic spyware like Stuxnet in the chat or anything else you want to talk about in there. Always fun to see great conversations in there. So help us grow the community. Lets people know that they can join us each and every Friday at 3:30pm Eastern. That's when we'll be back next week for another episode of the Week in Review. So just head on over, subscribe to YouTube or head on over to the Events page at CISO Series. Also, keep in mind you can check out a live CISO Series podcast recording that's going on May 15th in Boston. You can. If you ever want to meet the Big boss man David Spark, you can do that. We have more information about that@cisoseries.com. look for that in our events page as well. It's free if you're in the Boston area. If you have to fly in, we're not going to fly in, obviously, but that's it's something fun to do there in the the old New England. In the meantime, you can get your daily news fixed every single day through cybersecurity headlines. Give us about six minutes, we'll get you all caught up until the next time we meet. For myself, for our producer, wonderful producer Steve Prentice for Dan for the big boss man David Spark. For all of us here at the CISO Series Family, here's wishing you and yours to have a super Sparkly day. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.