Cyber Security Headlines: Week in Review Summary

Episode Title: Week in Review: Agriculture Ransomware Increase, Congress Challenges CISA Cuts, Disney’s Slacker Hacker
Host: CISO Series
Release Date: May 9, 2025
Guest: Dan Holden, CISO at BigCommerce

1. Introduction

In this episode of Cyber Security Headlines, hosted by David Spark from the CISO Series, the discussion centers around three major cybersecurity stories from the past week:

1. Increase in Ransomware Attacks on the Food and Agriculture Industry
2. Congressional Challenges to Homeland Security Secretary Kristi Noem Over Proposed CISA Cuts
3. Disney’s Slack Account Breached by a “Slacker Hacker”

Joining David Spark is Dan Holden, CISO at BigCommerce, providing expert insights and analysis on these topics.

2. Ransomware Attacks on Food and Agriculture Industries

Overview: Ransomware attacks targeting the food and agriculture sectors have seen a significant uptick. Jonathan Braley, Director of the Food and Agriculture Information Sharing and Analysis Center (ISAC), reported 84 attacks from January to March, more than double the number in Q1 2024. Many of these attacks go unreported, obscuring the true scale of the issue. These industries are particularly vulnerable due to reliance on legacy equipment and outdated operational technologies (OT).

Dan Holden’s Insights:

• Legacy Infrastructure Vulnerability: Dan emphasized that legacy systems in these sectors are prime targets for attackers due to their outdated security measures. ([02:43])
• Increased Cost of Doing Business: The rise in cyber threats adds to the escalating costs of operations, especially for low-margin businesses like grocery stores. Dan highlighted the need for CISOs to communicate that cybersecurity challenges are part of the broader increase in business costs. ([04:00])
• Impact on Operational Technology (OT): While ransomware often originates from the IT side, the consequences cascade into OT, affecting critical operations. ([05:16])

Notable Quote:

“The cost of doing business is going up because it's now more challenging on multiple fronts.” – Dan Holden ([04:00])

3. Congress Challenges CISA Funding Cuts

Overview: Homeland Security Secretary Kristi Noem faced scrutiny from Congress regarding the Trump administration's proposal to reduce CISA’s funding by $491 million. Critics argue that these cuts undermine efforts to secure critical infrastructure amid rising international tensions. Noem defended the cuts by asserting that CISA is focusing more on securing critical infrastructure rather than "censorship."

Dan Holden’s Analysis:

• Defining Critical Infrastructure: Dan stressed the importance of clearly defining what constitutes critical infrastructure. Historically, sectors like ISPs, financial services, and large retailers were deemed critical, especially highlighted during the COVID-19 pandemic. ([06:39])
• Importance of ISACs: He advocated for the continued support and membership of Information Sharing and Analysis Centers (ISACs), which provide high ROI by fostering collaboration and threat intelligence sharing among organizations. ([10:08])
• Impact on Businesses: Reducing CISA’s capabilities could erode the support systems that many businesses, especially SMBs, rely on for cybersecurity resources and tools.

Notable Quote:

“Start with defining what we're talking about when we say critical infrastructure... and then you can start to make your arguments after the fact.” – Dan Holden ([07:29])

4. Disney’s Slack Account Breach by Ryan Mitchell Kramer

Overview: In July, The Walt Disney Company experienced a significant data breach involving its Slack channels, resulting in the theft of over one terabyte of data. Initially suspected to be a Russian hacktivist group, it was later revealed that a 25-year-old California resident, Ryan Mitchell Kramer, was responsible. Kramer distributed a malicious AI art generation app, which a Disney employee unknowingly downloaded, compromising login credentials and granting access to Disney’s Slack account.

Dan Holden’s Commentary:

• Security Assumptions: Contrary to popular belief, large corporations like Disney are not immune to fundamental security lapses. Dan pointed out that scale and consistency in security policies are challenging, even for Fortune 2000 companies. ([11:13])
• Insider Threats and Third-Party Risks: With complex business ecosystems, protecting against insider threats and ensuring that third-party contractors adhere to strict security protocols is crucial. ([12:17])
• Legal Implications: The case against Kramer, who accepted a plea deal, highlights the need for robust legal frameworks to address cybersecurity breaches, especially when they involve international actors or complex legal jurisdictions. ([13:59])

Notable Quote:

“Do not assume just because it is a Fortune level company that their security program is top notch.” – Dan Holden ([11:13])

5. NSO Group Ordered to Pay WhatsApp $167 Million in Damages

Overview: After a prolonged legal battle, a jury ruled that NSO Group must pay Meta’s WhatsApp $167 million in punitive damages and nearly half a million in compensatory damages. This verdict is hailed as a significant victory against illegal spyware activities that compromise user privacy and safety. NSO Group has indicated plans to appeal the decision.

Dan Holden’s Perspective:

• Vulnerability Exploitation: Dan discussed the broader implications of vulnerabilities being weaponized by state actors and rogue entities. He underscored the importance of public awareness and regulation to mitigate the misuse of such tools. ([16:13])
• Regulatory Impact: While the ruling sets a precedent, Dan noted that financial penalties alone may not suffice to deter sophisticated cybercriminals who operate with substantial resources. ([18:06])

Notable Quote:

“Moving towards something that's more regulated and understood is a better place to be.” – Dan Holden ([17:00])

6. Telemessage Suspends Operations Amid DOJ Investigation

Overview: Telemessage, a federal contractor that provided a modified version of the Signal app named TMSGNL to senior US officials, has suspended operations following a security breach. Security researcher Micah Lee discovered that the app stored chat logs in plain text, contrary to its marketed end-to-end encryption claims. The company experienced two separate hacks, leading to the exposure of sensitive data.

Dan Holden’s Insights:

• Due Diligence Failures: Dan criticized Telemessage for either lacking proper due diligence or failing to enforce security standards, resulting in compromised data. ([19:58])
• Legal Repercussions: He highlighted the legal liabilities that arise when contractors fail to protect sensitive information, emphasizing the need for comprehensive security audits and accountability. ([20:03])
• Appreciation for Cybersecurity Research: Dan expressed gratitude for independent researchers who help uncover such vulnerabilities, reinforcing the importance of the cybersecurity community in maintaining system integrity. ([21:25])

Notable Quote:

“If you don't do your due diligence, then it's going to happen.” – Dan Holden ([20:03])

7. PowerSchool Hacker Extorts Individual School Districts

Overview: Following a ransomware incident in January, PowerSchool, an education technology company, discovered that the same threat actor is extorting individual school districts using stolen data. Despite PowerSchool’s claims of resolving the issue by deleting the stolen data, at least four school boards have received extortion demands, indicating ongoing risks.

Dan Holden’s Analysis:

• Cost of Business and Ransomware: Dan emphasized that cybersecurity is now a fundamental part of business operations and costs. He suggested that CISOs need to frame cybersecurity expenses as integral to the cost of goods sold. ([23:10])
• Ransom Negotiations: He discussed the complexities of dealing with ransomware brokers, who may operate independently of the actual threat actors, complicating attribution and response strategies. ([24:00])
• Societal Impact: This incident underscores how ransomware affects not just large enterprises but also essential services like education, highlighting the pervasive nature of cyber threats. ([25:11])

Notable Quote:

“If you're a CISO, you've got to be arguing that fundamentally you're now a part of the cost of goods.” – Dan Holden ([24:10])

8. Closing Remarks

In wrapping up the episode, Dan Holden reflected on the overwhelming volume of cybersecurity news and the importance of platforms like the CISO Series in helping professionals stay informed. David Spark encouraged listeners to engage with the community through live events and social media, fostering a collaborative approach to tackling cybersecurity challenges.

Final Notable Quote:

“It's increasingly difficult to keep up with the news cycle, which is why programs like this are so valuable.” – Dan Holden ([26:40])

Conclusion

This week's episode of Cyber Security Headlines provided an in-depth analysis of significant cybersecurity incidents affecting various sectors, the implications of funding cuts to critical security agencies, and the ongoing legal battles against cybercriminal entities. With expert commentary from Dan Holden, listeners gained valuable perspectives on the evolving threat landscape and the strategic considerations for CISOs in mitigating these risks.

For more detailed discussions and expert insights, tune in to future episodes of the CISO Series or visit CISOseries.com.