Week in Review: Google Vishing Response, DeepSeek Peak Week, Ransomware Victim Costs

Release Date: January 31, 2025
Podcast: Cyber Security Headlines
Host: Rich Strofolino
Guest: Alexandra Landegger, Global Head of Cybersecurity and Transformation at RTX

Introduction

In this episode of Cyber Security Headlines, host Rich Strofolino and returning guest Alexandra Landegger delve into the latest developments in the cybersecurity landscape. The discussion covers significant incidents such as Google's response to a sophisticated vishing attack, DeepSeek's tumultuous peak week, and the escalating costs faced by ransomware victims. Additionally, they explore advancements in browser security, supply chain attacks by North Korean groups, and DARPA's innovative project on self-healing firmware.

Google Vishing Attack Response

The episode opens with a discussion on a recent vishing attack targeting Zach Lada, founder of Hack Club. The attack involved impersonators posing as the Google Workspace team to bypass security measures.

Rich Strofolino [00:00]:
"Google responds to Zach from Hack Club's vishing attack. Last week, Zach Lada... published details about a sophisticated phishing attack..."

Alexandra Landegger [02:49]:
"When I first saw this story... we can't always go analog like that. We have to be able to trust people in the workspace... what is that balance of sort of technical to personal soft controls that we can put into place..."

Landegger emphasizes the importance of balancing technical safeguards with personal trust mechanisms to prevent such sophisticated phishing attempts. She draws parallels to childhood practices of verifying trusted individuals, highlighting the challenge of replicating this trust in digital workspaces.

DeepSeek’s Peak Week

The conversation shifts to DeepSeek's peak week, marked by the release of DeepSeek's R1 reasoning model in China, which led to a dramatic market reaction.

Rich Strofolino [04:25]:
"DeepSeek's peak week... Nvidia reportedly lost $589 billion in market value... the largest single day loss for any company in history."

Alexandra Landegger [05:39]:
"This is an amazing story... can we trust something up front and then do the research... how do we give ourselves the time and space to really understand what's going on here."

Landegger discusses the rapid market response and the broader implications for trust and decision-making in adopting new technologies. She underscores the necessity for organizations to develop standardized response plans to handle such unprecedented events effectively.

Ransomware Victim Costs

The next topic covers the rising impact of ransomware attacks on organizations, based on a report from the Ponemon Institute.

Rich Strofolino [08:15]:
"Most ransomware victims shut down operations, according to Poneman... 58% of organizations hit by ransomware last year were forced to shut down operations..."

Alexandra Landegger [09:16]:
"Fewer people are paying ransoms, which reduces ransomware works because people pay... exercises are so crucial... having a trusted law firm on retainer."

Landegger provides a cautiously optimistic view, noting the decline in ransom payments as a positive trend. She advocates for regular simulation exercises and having legal support in place to enhance an organization's resilience against ransomware attacks.

Edge Browser’s Scareware Protections

The discussion then moves to Microsoft's Edge browser introducing a new opt-in scareware blocker feature.

Rich Strofolino [10:17]:
"Microsoft's Edge browser introduced a new opt-in Scareware blocker... if it detects a malicious site, it automatically exits full screen mode..."

Alexandra Landegger [12:17]:
"Cybersecurity can be home to anyone... how do you have people again sort of build that skepticism... the way you phrase it, the way you show it, I think is huge here."

Landegger highlights the psychological aspects of cybersecurity measures, stressing the importance of user behavior and perception in the effectiveness of such tools. She questions Microsoft's decision to make the feature opt-in, pondering the underlying motivations and potential user engagement.

North Korean Supply Chain Attacks

The episode addresses the latest report from Security Scorecard on North Korea's Lazarus group executing supply chain attacks.

Rich Strofolino [14:12]:
"North Koreans clone open source projects to plant backdoors and steal credentials... targeting cryptocurrency developers and tech professionals..."

Alexandra Landegger [15:49]:
"How can we build trust in open source software while maintaining the right level of skepticism?... creating the right guardrails... awareness."

Landegger discusses the delicate balance between leveraging open-source software and ensuring its security. She emphasizes building trust through robust verification processes and fostering a culture of skepticism to mitigate risks associated with cloned and malware-laden repositories.

DARPA’s Self-Healing Firmware Project

The final major topic explores DARPA's new initiative, Red Sea, aimed at developing firmware capable of self-repairing post cyber-attacks.

Rich Strofolino [17:02]:
"DARPA is seeking to create firmware that can respond and recover from cyber attacks... restoring locked files and collecting forensic data."

Alexandra Landegger [18:49]:
"How do we get there?... partnering up with industry and smart thinkers across academia to make some of this reality."

Landegger expresses enthusiasm for DARPA's project, acknowledging the challenges of transitioning from concept to reality. She highlights the importance of collaborative efforts between government, industry, and academia to drive the development of self-healing technologies that can enhance network resilience.

Insights and Conclusions

Throughout the episode, Landegger provides valuable insights into the evolving cybersecurity landscape. She emphasizes the need for:

• Balancing Technical and Human Controls: Integrating both robust technical measures and fostering a culture of trust and skepticism among employees.

• Standardizing Response Plans: Developing and documenting response strategies in advance to handle crises effectively.

• Continuous Learning and Adaptation: Encouraging ongoing education and adaptability within cybersecurity teams to keep pace with emerging threats and technologies.

• Collaborative Innovation: Leveraging partnerships across sectors to drive advancements in cybersecurity defenses and recovery mechanisms.

Alexandra Landegger [20:42]:
"The DARPA one has my attention and I'm excited to watch it evolve."

Conclusion

Rich Strofolino wraps up the episode by thanking Alexandra Landegger for her insights and highlighting upcoming topics, including a deep dive into hacking security effectiveness. The episode underscores the dynamic nature of cybersecurity, the importance of proactive measures, and the continuous need for innovation and collaboration to safeguard digital assets.

Cyber Security Headlines provides a comprehensive overview of the week's most pressing cybersecurity issues, enriched by expert analysis and practical insights aimed at both professionals and enthusiasts seeking to stay informed in the fast-paced world of information security.