Cybersecurity Today Weekend Panel: Month In Review, December 7th, 2024

Hosted by Jim Love

In the December 7th, 2024 episode of Cybersecurity Today, host Jim Love convened his weekend panel featuring cybersecurity experts Terry Cutler from Psychology Labs in Montreal, David Shipley, Head of Boseron Securities, and John Pinard, a seasoned financial services and cybersecurity executive from Pickering. The panel delved into a comprehensive review of the month's most pressing cybersecurity threats, data breaches, and strategic defenses essential for businesses navigating an increasingly perilous digital landscape.

1. Introduction of the Panel

Jim Love opened the session by welcoming his panelists, setting a collegial tone for the in-depth discussions that would follow. The panelists shared brief personal updates, highlighting their ongoing projects and professional milestones, such as David Shipley's recent achievement of surpassing the one-million-user mark for Boseron Securities.

2. Innovative Phishing Campaigns: A New Frontier in Cyber Attacks

Timestamps: 00:00 – 06:02

Jim introduced the first major topic—a novel phishing campaign detailed by Bleeping Computer. This campaign employs corrupted Word documents designed to bypass traditional security measures by exploiting Windows' file restoration features. The attackers send incomplete files that Windows automatically fixes, inadvertently allowing malicious elements like barcodes to access sensitive information.

Jim Love noted, “It's a novel phishing campaign that uses corrupted Word documents to evade security” [02:02].

David Shipley responded, emphasizing the ingenuity of such attacks and the persistent cat-and-mouse game between defenders and attackers:

“There will never be a technological silver bullet to malware and phishing. Email filters are not stopping 99.9%.” [03:53]

Terry Cutler and John Pinard further elaborated on the sophistication of these attacks, underscoring the necessity for continuous vigilance and advanced detection methods. The panel unanimously agreed that human error remains a critical vulnerability, highlighting the need for robust security awareness programs.

3. Human Error in Off-boarding: The Disney Incident

Timestamps: 05:19 – 14:56

The second discussion revolved around the significant cybersecurity oversight at Disney, where a former employee retained system access post-departure. This lapse enabled the individual to execute a DDoS attack targeting internal systems, including altering critical safety information like peanut allergy warnings.

Jim Love expressed shock over the incident:

“I couldn't believe that could happen at a big business like Disney.” [10:01]

John Pinard reflected on similar experiences within financial institutions, emphasizing the importance of comprehensive onboarding and off-boarding checklists to prevent unauthorized access:

“It will always come down to human error. That and when human error, it's the human that clicks on it.” [07:08]

Terry Cutler advocated for automated solutions like identity and access management systems to streamline these processes, reducing the risk of such oversights.

4. Blue Yonder Ransomware: Vendor Responsibility in Cybersecurity

Timestamps: 19:53 – 22:32

The panel then addressed the Blue Yonder ransomware attack, which impacted major retailers like Starbucks and Walgreens. This incident raised critical questions about the responsibilities of businesses in managing third-party vendor risks.

John Pinard highlighted the shared responsibility:

“You can offload the work to somebody else, but you can't offload the responsibility and the ownership.” [22:06]

David Shipley expanded on the systemic risks posed by over-reliance on single vendors, urging for stringent vendor risk assessments and integration of third-party security into corporate incident response plans:

“We need to take the same approach to structural systemic risk in technology that we do in the global financial system.” [22:52]

5. City of Hamilton Cyber Attack: A Cautionary Tale

Timestamps: 26:38 – 34:15

A case study on the City of Hamilton’s cyber attack illustrated the devastating financial and operational repercussions of inadequate cybersecurity measures. The attack led to significant financial losses and ongoing challenges in system restoration, compounded by fraudulent activities during the recovery phase.

Terry Cutler stressed the importance of advanced detection technologies, noting that traditional log monitoring often fails to identify sophisticated intrusions:

“The average time that a hacker is in a Network undetected is 286 days.” [28:18]

John Pinard echoed the urgency for comprehensive response plans, emphasizing that delayed detection can escalate the damage inflicted by cybercriminals.

6. Andrew Tate’s Platform Breach: The Rise of Hacktivism

Timestamps: 34:15 – 39:50

The panel discussed the recent data breach of Andrew Tate’s platform, affecting nearly 800,000 users. This incident, driven by hacktivist motives rather than financial gain, highlighted the evolving nature of cyber threats targeting high-profile personalities and their communities.

David Shipley forecasted a resurgence in hacktivism:

“Hacktivism's back, baby. It's going to be back in a big way for the next couple of years.” [34:56]

Terry Cutler drew parallels between hacktivist attacks and disgruntled insider threats, underscoring the need for comprehensive security measures regardless of an organization's size.

7. Multi-Factor Authentication (MFA) and Session Cookie Vulnerabilities

Timestamps: 39:50 – 49:35

The discussion shifted to the vulnerabilities associated with MFA, particularly how attackers can bypass it by stealing session cookies. This method allows unauthorized access despite the presence of MFA by exploiting active sessions.

Terry Cutler explained the mechanics:

“Hackers have now become what's called a man in the middle. They've taken the session and now they can log in as you without ever knowing what that password was.” [45:06]

David Shipley and John Pinard debated advanced MFA solutions like biometrics, with John advocating for biometric-based MFA as the most secure method currently available.

8. AI in Cybersecurity: Tools vs. Human Creativity

Timestamps: 51:39 – 52:32

David Shipley critiqued GitLab’s overzealous promotion of AI tools like Copilot, arguing that while AI can assist in routine coding tasks, it lacks the creative problem-solving abilities of experienced developers:

“They are pretending that they're full self-driving cars... I guarantee you that will have the same result on the cyber highway as it does for many people on American highways today.” [51:39]

The panel agreed that AI should complement, not replace, human expertise in cybersecurity, reinforcing the necessity for skilled professionals to oversee and innovate beyond automated solutions.

9. Challenges in Canadian Cybersecurity Legislation

Timestamps: 53:01 – 56:32

The episode concluded with a critical examination of Canada’s cybersecurity legislation, specifically the C26 and C27 bills. David Shipley highlighted legislative inefficiencies, such as typographical errors that derail critical cybersecurity initiatives:

“The bill has a typographic error that has forced the Senate to send the bill back to the House of Commons… which has jeopardized the entire bill.” [54:30]

Jim Love expressed frustration over the government's lack of urgency, urging for more decisive action to protect critical infrastructure.

“If we don't get it soon, especially in Canada, we have become the... Dr. No.” [55:55]

The panelists unanimously condemned the sluggish legislative process, emphasizing that robust cybersecurity measures are as essential as physical defense mechanisms in safeguarding national interests.

10. Conclusion: The Unending Battle Against Cyber Threats

Jim Love wrapped up the episode by reiterating the absence of a "silver bullet" in cybersecurity. The collective insights from Terry, David, and John underscored the multifaceted approach required to mitigate risks—from advanced technological defenses and comprehensive internal processes to proactive legislative action and continuous education.

David Shipley aptly summarized the ongoing struggle:

“As long as technology is made by humans, it will be as beautifully flawed as we are.” [08:24]

The panel left listeners with a clear message: Cybersecurity is an evolving battlefield that demands constant vigilance, adaptability, and collaboration across all sectors to effectively defend against increasingly sophisticated threats.

Notable Quotes:

• David Shipley: “As long as technology is made by humans, it will be as beautifully flawed as we are.” [08:24]
• John Pinard: “You can offload the work to somebody else, but you can't offload the responsibility and the ownership.” [22:06]
• Terry Cutler: “The average time that a hacker is in a Network undetected is 286 days.” [28:18]
• David Shipley: “Hacktivism's back, baby. It's going to be back in a big way for the next couple of years.” [34:56]
• Jim Love: “If we don't get it soon, especially in Canada, we have become the... Dr. No.” [55:55]

For more insights and detailed discussions on the latest in cybersecurity, tune into future episodes of Cybersecurity Today. Stay informed, stay secure.