Summary5 min read

Cybersecurity Today – "Another Medical Device Firm Hit"

Host: David Shipley (filling in for Jim Love)
Episode Date: March 18, 2026
Episode Focus:
A comprehensive update on recent cybersecurity incidents, particularly targeting the healthcare and medical device sectors, fraudulent online activity, innovative cyberattack techniques, and the wider context of global cyberwarfare. The episode underscores the persistent threat of routine phishing attacks and examines the limitations of AI-based security tools.

Main Themes and Purpose

This episode discusses:

The latest breach of a major medical device firm (Intuitive Surgical)
Industry promises to combat fraud and growing skepticism
The increasing sophistication and scale of AI-driven financial crime
New research on how cybercriminals can fool AI assistants with clever visual tricks
Updates on cyberwarfare tied to U.S., Israel, and Iran, and its spillover into medical and civic infrastructure

Key Discussion Points & Insights

1. Intuitive Surgical’s Cybersecurity Breach

[00:20-04:00]

Incident Details:
Intuitive Surgical (makers of Da Vinci surgical robots) disclosed a breach resulting from a phishing attack that led to stolen employee credentials. The attacker accessed internal networks and exfiltrated customer, employee, and corporate data.
Response:
Intuitive activated incident response protocols and secured affected applications; clinical platforms and hospital customer networks were not compromised.
Attribution:
No link to nation-state actors or the Iran conflict. Seems to be a "conventional, run of the mill cybercrime via phishing."
Insight:
"The Intuitive Surgical breach is a reminder that while everyone is watching the dramatic large scale attacks, the fundamentals keep failing quietly in the background. One phishing email, one set of stolen credentials, and access to systems that could have been better protected. That's it." — David Shipley [03:05]

2. Big Tech and Retail's Fraud-Fighting Pledge

[04:00-06:25]

Announcement:
Eleven major companies (including Google, Amazon, OpenAI) vowed to share intelligence on fraud and scam tactics proliferating on their platforms.
Skepticism:
Noted lack of enforcement, oversight, or accountability. Past reports indicate some companies profited from scam ads — raising doubts about the pledge's sincerity.
Quote:
"When members of the same industry that was profiting from scam ads announces a voluntary pledge to fight scams with no enforcement mechanisms...some skepticism is probably warranted." — David Shipley [05:00]
Backdrop:
The Nasdaq Verafin 2026 Global Financial Crime Report estimates the global financial crime market at $4.4 trillion, growing over 19% annually.
AI Escalation:
"Criminal networks are using AI to automate scam operations—more convincing phishing, synthetic identities, social engineering, people at a scale never seen before." — David Shipley [06:02]

3. Clever Font Trick Outsmarts AI-Powered Defenses

[06:25-08:52]

Research Discovery:
Lairx demonstrated an exploit using custom fonts and CSS to display one message to users and a different 'clean' message to AI assistants. A proof-of-concept showed a dangerous command disguised as game instructions.
Vendor Responses:
Most AI vendors considered it "out of scope" since it requires social engineering; only Microsoft fixed the issue.
Attack Implication:
"Your AI assistant is reading pages potentially differently than what you see...that gap, that disconnect, is an attack surface." — David Shipley [08:25]
Advice:
Users should not rely on AI assistants to vet code or commands from the web and must remain cautious, especially when prompted to execute system commands.

4. Fallout from Cyberwar: Impact on Medical Firms and Beyond

[08:52-12:00]

Iranian Cyber Leaders Killed:
Recent U.S.-Israeli strikes reportedly killed two key Iranian cyber operations figures, including those linked to major hacking crews like Handala.
Stryker Attack (Medical Device Firm):
Attackers wiped nearly 80,000 devices (via Microsoft Intune) at Stryker, using admin compromises. No malware was used, only credential mismanagement was exploited.
Ongoing Hacking Claims:
Handala continues to claim breaches, including data leaks tied to Stryker and Israeli entities, though these remain unverified.
Other Incidents:
- Homeland Justice (Iranian cyber group) claimed attacks on Albania's parliament email systems.
- Crosswalk signals in Denver were hacked to broadcast political messages after attackers exploited default, easily-found passwords.
Quote on Denver Hack:
"The devices were still in factory packaging with default passwords...Denver officials say they have not seen a crosswalk hacking incident before and will be updating their procedures." — David Shipley [12:44]

Memorable Quotes

"No zero days. No sophisticated nation state tools. Just the same attack vector that's been showing up in breach reports for more than 20 years." — David Shipley [03:18]
"The AI assistant is not your web bouncer. You still have to think for yourself." — David Shipley [08:50]
"Action, not announcements, is what these kinds of numbers demand." — David Shipley [06:19]

Important Segment Timestamps

[00:20-04:00] — Intuitive Surgical breach: how it happened, what was taken, lessons
[04:00-06:25] — Tech industry's anti-fraud pledge and why skepticism is warranted
[06:25-08:52] — Font remapping hack fools AI tools; Microsoft’s unique response
[08:52-10:44] — Iranian cyberwar: prominent figures killed, continued hacker activity
[10:44-12:50] — Stryker attack, implications for medical device security, additional cyber incidents (Albania, Denver crosswalks)
[12:50-13:33] — Final reflections and next episode notes

Style & Tone

Direct and engaging, with an undercurrent of urgency and realism
Blunt skepticism toward both industry promises and reliance on automated defenses
Clear, actionable security advice for listeners

Actionable Takeaways

Phishing is still the leading cause of major breaches; robust credential management and awareness remain critical.
AI-powered scam operations are accelerating. Do not over-rely on tech companies' promises—demand proof of action, not just pledges.
Be cautious of commands or “hacks” found online, even if an AI assistant “approves.”
Default device passwords are a glaring, preventable security hole—change them on all new equipment.
Stay informed about how global political conflict can impact local and sector-specific cybersecurity.

For those who haven’t listened:
This episode offers a sharp, current snapshot of both headline-grabbing and subtle threats in the cybersecurity landscape, illustrating how even well-defended organizations continue to fall to basic attacks, the limited effectiveness of good intentions in tech, and the clever new tricks cybercriminals employ to stay steps ahead of our defenses.

Loading summary

Transcript3 lines

[00:00]
A
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them@meter.com CST another medical
[00:21]
B
device maker hit with a cyber attack Major tech companies and retailers pledge to fight fraud Clever font trick hides malicious content from AI powered tools and top Iranian cyber leaders killed in opening days of war. This is Cybersecurity Today and I'm your host David Shipley. Let's get started. Cybersecurity Dive is reporting that Intuitive Surgical, the company whose Da Vinci robots assist surgeons in operating rooms around the world, disclosed a cyberattack on March 12. An attacker allegedly used a phishing email to steal an employee's credentials, logged into the company's internal administrative network and began pulling data. What was taken includes customer, business and contact information, employee records and other corporate data. Intuitive says it activated its incident response protocol when the intrusion was discovered and secured affected applications, but it is not said exactly when it first identified the breach. The company's clinical platforms, it says, were not affected. The Da Vinci and Ion surgical systems remain operational, and the company says hospital customer networks, which are managed separately, were never touched. No attribution has been made. There is no confirmed link to any nation state or the ongoing Iran conflict. For now, this looks like conventional, run of the mill cybercrime via phishing, the kind the security teams deal with every day. The Intuitive surgical breach is a reminder that while everyone is watching the dramatic large scale attacks, the fundamentals keep failing quietly in the background. One phishing email, one set of stolen credentials, and access to systems that could have been better protected. That's it. No zero days. No sophisticated nation state tools. Just the same attack vector that's been showing up in breach reports for more than 20 years. Eleven major technology and retail companies, including Google, Amazon and OpenAI, announced this week that they've signed a pledge to share threat intelligence about how scammers are abusing their platforms. The companies say AI and online forums are helping scammers organize at scale and that they need to work together to better protect users. The question is whether this pledge means anything. Consider the track record of some of the signatures. A Reuters investigation last November based on leaked emails from Meta found that that company made $16 billion in 2024 from known scam ads. So when members of the same industry that was profiting from scam ads announces a voluntary pledge to fight scams with no enforcement mechanisms, no independent oversight and no accountability metrics. Some skepticism is probably warranted. The pledge is a good starting point, but we need to watch and see what it actually produces. And the backdrop for all of this is significant. Nasdaq VeriFin's 2026 Global Financial Crime Report, released last week, puts a number on the scale of the problem these companies are pledging to help address. $4.4 trillion that's the estimated size of the global financial crime market in 2025, up $1.3 trillion since 2023, growing at a compound annual rate of just over 19%. The AI angle for this story is particularly sharp. Nine out of 10 financial crime professionals surveyed for the Nasdaq Verifin report said that AI driven attacks at their institution have increased over the past two years. Criminal networks are using AI to automate scam operations. More convincing phishing, synthetic identities, social engineering, people at a scale never seen before. Fraud scam losses alone hit $62 billion globally, growing at nearly 20% annually. Pull back further and Total fraud and bank fraud schemes cost the world $579 billion last year. And the broader illicit financial flows, drug trafficking at 1.1 trillion, human trafficking at 528 billion and terrorist financing at 16 billion are all still growing, NASDAQ Verifin announced. It's also partnering with the UN Office on Drugs and Crime and helping bring private sector leaders together on this issue, starting with a summit in October for organizations in financial services or payment processing. The picture is clear. The fraud threat has scaled significantly, and the tools driving it have accelerated it. If the tech industry's new pledge translates into genuine action, that's a meaningful development. But action, not announcements, is what these kinds of numbers demand. Researchers at browser security company Lairx have pulled off a genuinely clever hack, and it's one that attackers could absolutely use in the real world. The researchers figured out how do you show a user one thing on a web page while showing an AI assistant something completely different, and the AI, none the wiser, tells you everything looks fine? Here's how it works. The attack uses custom fonts, the kind that remap characters through something called glyph substitution, and some clever CSS tricks to hide the real payload from AI while displaying it perfectly clear to you as a human in the browser. So the dangerous command is right there on your screen, bold as you like. But when your AI assistant reads the page, it sees harmless text because the AI is reading the underlying HTML, not what your browser actually rendered. The researchers built a proof of concept using a fake BioShock Easter egg as the bait, follow these instructions to unlock a secret in the game. Except those instructions were actually a command to open a reverse shell on your machine. And if you ask your AI assistant is this command safe to run, the AI will say, sure, looks fine to me, and you'll run it game over. But not the fun kind. This technique worked against virtually every major AI assistant out there. ChatGPT, Claude, Copilot, Gemini, the whole roster. Larex reported it to the vendors. Most of them said it was out of scope because it requires social engineering. Let that sink in for a second. Requires social engineering like that's a high bar. That's the entire history of phishing. To Microsoft's credit, they were the only vendor that took the report seriously and actually fixed the issue. Google initially flagged it as high priority, then walked it back and closed the case. The lesson here isn't complicated. Your AI assistant is reading pages potentially differently than what you see when your browser renders it. That gap, that disconnect, is an attack surface. So do not blindly trust an AI to be your safety inspector for commands you want to run on your machine that you find on a webpage. Use your instincts. If a web page is asking you to copy and execute something in your terminal or in the run command in exchange for something like a video game easter egg, the answer is no. Larex is recommending the LLM vendors start treating fonts as a potential attack surface and build tools that compare the rendered view of a page to the raw dom. That's good advice, and I hope the industry moves on it. In the meantime, the AI assistant is not your web bouncer. You still have to think for yourself. Finally, we have some updates on the cyber dimensions of the ongoing Iran war. We're learning now that when the US And Israel launched their initial strikes on Iran at the end of February, at least two senior figures running Iranian cyber operations against Western targets were killed. Among the figures killed was Mohammed Mehdi Farde Rahman, who the Justice Department had been hunting since 2020, and Syed Yahya Hosneh Panjayki, who the FBI says was overseeing hacking crews, including Handala. Researchers at Socradar noted this week that Handela's Iranian government handler was among those killed on March 2, raising the question whether the group's current operations are preplanned or if they're running under new direction or just running and gunning because their operations have not stopped. Speaking of Hondalo's operations, we have some more details on last week's cyber attack on the United States largest medical device firm Stryker Bleeping Computer, citing a source familiar with the Stryker investigation, reports attackers used the wipe command in Microsoft Intune to erase data from nearly 80,000 devices, not the 200,000 Handala had claimed in a three hour window on the morning of March 11. According to that reporting. They did it by compromising an administrator account and creating a new global administrator account. No malware was deployed. The investigation into the attack on Stryker is being conducted by Microsoft's Detection and Response team alongside Palo Alto's Unit 42. Stryker has not responded to media questions about whether administrator accounts had been secured with Multi Factor Authentication. Stryker confirmed on the weekend that its medical devices are unaffected and that its core systems are on a path to recovery, though electronic ordering remains offline. Fondala is continuing to make hacking claims this week, Cyber News reports the group posted fresh content to its leak site, including what it says are 20 file samples from the Stryker intrusion files purportedly showing access to backup and data protection systems. In a separate claim, the group says it has leaked more than 100,000 personal emails belonging to Sima Shine, a former research director at Mossad. CyberNews viewed 8 sample files posted by the group, which appear to include a copy of Shine's passport and email correspondence dated from 2018 through 2024. None of these claims have been independently verified. Handala also claimed a breach of Israeli payments provider Verifone last week. Verifone denied any breach occurred separately. Homeland justice, another group assessed to operate under the same Iranian umbrella, claimed responsibility for taking Albania's parliamentary email systems offline over the weekend, citing Albania's support for an Iranian opposition group. And finally, there's the hack of some crosswalks in Denver. USA Today reported that two newly installed crosswalk speakers on East Colfax Avenue in Denver were hacked over the weekend and used to broadcast political messages targeting US President Donald Trump. Denver's Department of Transportation confirmed the devices were still in factory packaging with default passwords, passwords the attacker found online. Denver officials say they have not seen a crosswalk hacking incident before and will be updating their procedures. No group has claimed responsibility for the hack, but it comes after the start of the Iran conflict and reports of an alleged US Missile strike that hit a children's school. The Pentagon has said last week that is elevating its investigation into that strike. That's Cybersecurity Today for Wednesday, March 18th. Jim Love will be back on the news desk on Friday. I will be at RSAC in San Francisco next week and if you'll be there and you'd like to chat, drop me a note at editorialech Newsday ca. I'll be back on Monday. Thanks for listening. Have a great rest of your week and stay safe.
[13:34]
A
I'd like to thank Meter for their support in bringing you the podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments, and even run support. It's a single integrated solution that scales from branch offices, warehouses and large campuses all the way to data centers. Book a demo@meter.com CST that's meter.commeter CST.