Cybersecurity Today – The Good News Edition

Host: Jim Love
Original Release Date: September 19, 2025

Episode Overview

In this upbeat special edition, host Jim Love offers a refreshing break from negative headlines by highlighting three recent good news stories in the cybersecurity world. Each segment showcases successful outcomes or lessons learned from recent cyber threats, covering major industry actions against cybercrime, successful prevention and recovery efforts, and how major institutions can transform their security posture.

Key Discussion Points & Insights

1. Humble Opener – Owning Mistakes and Introducing Good News

Jim Love kicks off with an apology for a previous episode’s factual mistake regarding Canadian geography (“Yellowknife is in the Northwest Territories, not Yukon”).
Lighthearted acknowledgment:

"I never claim that I'm the tech genius of all time. So sometimes I struggle to make sure I think I've got the tech facts right. But I don't live in fear of making a mistake when we get it wrong... we fess up to it." (00:30)
Sets a positive tone by promising three good news stories.

2. Microsoft Shuts Down Raccoon O365 Phishing Service

[00:57]

Microsoft dismantled the infrastructure of “Raccoon O365,” a global phishing-as-a-service platform targeting Microsoft 365 users.
- Sold ready-made phishing kits enabling low-skill attackers to steal credentials.
- Kits were actively used since July 2024; estimated 5,000 credential sets stolen across 94 countries.
- Microsoft seized 338 domains after a federal court order in New York.
- Cloudflare collaboration: Kits sold via Telegram as 30–90 day subscriptions, generating $100,000+ in crypto payments. Channel had 850+ members.
- Microsoft investigators ran four test buys to examine the operation.
- Ring-leader: Allegedly Joseph Ogundipe, a Nigerian programmer. Case referred to international law enforcement; no FBI comment yet.
Severe Impact on Healthcare:
- At least 20 US hospitals breached – with some ransomware deployments.
- Health ISAC supported the lawsuit, given the risk to health sector targets.
Industry Reflection:

“Phishing kits have industrialized cybercrime, turning attacks into subscription services with customer support and global reach... Disruptions like this buy time, but as always, new services can emerge quickly. But for now, sometimes the good guys win.” (03:09)
Notable Quote:

“The takedown is another reminder of how phishing kits have industrialized cybercrime... Disruptions like this buy time, but as always, new services can emerge quickly. But for now, sometimes the good guys win.” (03:18)

3. Texas County Recovers Nearly $2 Million From BEC Attack

[04:00]

Nueces County, Texas, was hit by a business email compromise (BEC) scam, nearly losing $2 million.
- Attackers used fraudulent emails posing as vendors to alter payment details.
- Three transactions were affected, totaling ~$1.9 million.
Recovery Efforts:
- Nearly $1 million reversed with help from Frost Bank.
- $900,000+ still under investigation, expected to be recovered.
- $56,000 already secured.
Policy Response:
- County suspended electronic payments, switched to paper checks.
- Now requires in-person verification for vendor changes.
- FBI and local law enforcement involved; no staff disciplined as previous procedures were lacking.
- Cybersecurity insurance (purchased just prior to the attack) will help cover any losses.
Lesson for Businesses:

“Business email compromise doesn't always require sophisticated hacking. Simple policy changes like verifying vendor details in person can make the difference between a routine payment and a million dollar loss. But once again, there's some good news.” (05:23)
Notable Quote:

“Simple policy changes... can make the difference between a routine payment and a million dollar loss.” (05:34)

4. Commonwealth Bank of Australia (“CommBank”) Slashes Scam Losses With AI

[06:00]

CommBank customers saw a 76% drop in scam losses since early 2023, driven by new AI-enabled tools and robust investments:
- Introduced a “scam checker” in mobile app: verifies messages for signs of fraud.
- In-app verification for card transactions.
- Advanced fraud detection using device recognition and behavioral analytics.
- $900 million AUD invested in FY2025 for anti-fraud & scam defences.
Tactics and Partnerships:
- Use of AI bots to tie up scammer resources while gathering intelligence.
- Independent reviews corroborate the reduction in scam success and increased disruption of phishing.
Notable Organizational Turnaround:
- 2018: Lost backup tapes with 20M records (“claimed risk was low”).
- 2024: Fined $7.5M AUD for violating anti-spam regulations.
- Now: “Presenting itself as a leader in scam prevention.”
Broader Message:

“Even large institutions, even if you've had some troubles in the past, you can turn things around with sustained investment, technical innovation, cultural change and leadership.” (08:08)
Notable Quote:

“The lesson is clear. Even large institutions, even if you've had some troubles in the past, you can turn things around... with sustained investment, technical innovation, cultural change and leadership.” (08:18)

Memorable Moments & Tone

Self-deprecating humor from Jim Love regarding his geography gaffe and IT expertise, fostering listener trust and relatability.
Emphasis throughout on practical takeaways—policy, investment, collaboration—as drivers of positive change.
Repeated motif: “sometimes the good guys win,” making optimism the show's signature note for this episode.

Timestamps for Key Segments

| Segment | Timestamp | |-----------------------------------------|-----------| | Host’s Opening & Apology | 00:01 | | Microsoft Dismantles Raccoon O365 | 00:57 | | Impact on Healthcare, Platform Details | 02:00 | | Business Email Compromise in Texas | 04:00 | | Recovery Tactics and Lessons | 05:00 | | Commonwealth Bank’s AI Scam Drop | 06:00 | | Bank’s Turnaround and Broader Message | 07:30 | | Closing Thoughts & Contact | 09:08 |

Conclusion

Jim Love wraps up by highlighting the value of sharing positive stories, encouraging listeners to submit tips—and even more good news. This episode offers actionable lessons and reminds industry practitioners that progress is possible, even when news cycles are typically grim.

Host’s parting words:

“I thought a good news show would be a fun thing to do... I'm your host Jim Love. Thanks for listening. David Shipley will be back in the news chair on Monday morning. I'm sure we'll have some depressing news for you.” (09:20)

Cybersecurity Today – The Good News Edition

Host: Jim Love
Original Release Date: September 19, 2025

Episode Overview

Key Discussion Points & Insights

1. Humble Opener – Owning Mistakes and Introducing Good News

Jim Love kicks off with an apology for a previous episode’s factual mistake regarding Canadian geography (“Yellowknife is in the Northwest Territories, not Yukon”).
Lighthearted acknowledgment:

"I never claim that I'm the tech genius of all time. So sometimes I struggle to make sure I think I've got the tech facts right. But I don't live in fear of making a mistake when we get it wrong... we fess up to it." (00:30)
Sets a positive tone by promising three good news stories.

2. Microsoft Shuts Down Raccoon O365 Phishing Service

[00:57]

Microsoft dismantled the infrastructure of “Raccoon O365,” a global phishing-as-a-service platform targeting Microsoft 365 users.
- Sold ready-made phishing kits enabling low-skill attackers to steal credentials.
- Kits were actively used since July 2024; estimated 5,000 credential sets stolen across 94 countries.
- Microsoft seized 338 domains after a federal court order in New York.
- Cloudflare collaboration: Kits sold via Telegram as 30–90 day subscriptions, generating $100,000+ in crypto payments. Channel had 850+ members.
- Microsoft investigators ran four test buys to examine the operation.
- Ring-leader: Allegedly Joseph Ogundipe, a Nigerian programmer. Case referred to international law enforcement; no FBI comment yet.
Severe Impact on Healthcare:
- At least 20 US hospitals breached – with some ransomware deployments.
- Health ISAC supported the lawsuit, given the risk to health sector targets.
Industry Reflection:

“Phishing kits have industrialized cybercrime, turning attacks into subscription services with customer support and global reach... Disruptions like this buy time, but as always, new services can emerge quickly. But for now, sometimes the good guys win.” (03:09)
Notable Quote:

“The takedown is another reminder of how phishing kits have industrialized cybercrime... Disruptions like this buy time, but as always, new services can emerge quickly. But for now, sometimes the good guys win.” (03:18)

3. Texas County Recovers Nearly $2 Million From BEC Attack

[04:00]

Nueces County, Texas, was hit by a business email compromise (BEC) scam, nearly losing $2 million.
- Attackers used fraudulent emails posing as vendors to alter payment details.
- Three transactions were affected, totaling ~$1.9 million.
Recovery Efforts:
- Nearly $1 million reversed with help from Frost Bank.
- $900,000+ still under investigation, expected to be recovered.
- $56,000 already secured.
Policy Response:
- County suspended electronic payments, switched to paper checks.
- Now requires in-person verification for vendor changes.
- FBI and local law enforcement involved; no staff disciplined as previous procedures were lacking.
- Cybersecurity insurance (purchased just prior to the attack) will help cover any losses.
Lesson for Businesses:

“Business email compromise doesn't always require sophisticated hacking. Simple policy changes like verifying vendor details in person can make the difference between a routine payment and a million dollar loss. But once again, there's some good news.” (05:23)
Notable Quote:

“Simple policy changes... can make the difference between a routine payment and a million dollar loss.” (05:34)

4. Commonwealth Bank of Australia (“CommBank”) Slashes Scam Losses With AI

[06:00]

CommBank customers saw a 76% drop in scam losses since early 2023, driven by new AI-enabled tools and robust investments:
- Introduced a “scam checker” in mobile app: verifies messages for signs of fraud.
- In-app verification for card transactions.
- Advanced fraud detection using device recognition and behavioral analytics.
- $900 million AUD invested in FY2025 for anti-fraud & scam defences.
Tactics and Partnerships:
- Use of AI bots to tie up scammer resources while gathering intelligence.
- Independent reviews corroborate the reduction in scam success and increased disruption of phishing.
Notable Organizational Turnaround:
- 2018: Lost backup tapes with 20M records (“claimed risk was low”).
- 2024: Fined $7.5M AUD for violating anti-spam regulations.
- Now: “Presenting itself as a leader in scam prevention.”
Broader Message:

“Even large institutions, even if you've had some troubles in the past, you can turn things around with sustained investment, technical innovation, cultural change and leadership.” (08:08)
Notable Quote:

“The lesson is clear. Even large institutions, even if you've had some troubles in the past, you can turn things around... with sustained investment, technical innovation, cultural change and leadership.” (08:18)

Memorable Moments & Tone

Self-deprecating humor from Jim Love regarding his geography gaffe and IT expertise, fostering listener trust and relatability.
Emphasis throughout on practical takeaways—policy, investment, collaboration—as drivers of positive change.
Repeated motif: “sometimes the good guys win,” making optimism the show's signature note for this episode.

Timestamps for Key Segments

Conclusion

Host’s parting words:

“I thought a good news show would be a fun thing to do... I'm your host Jim Love. Thanks for listening. David Shipley will be back in the news chair on Monday morning. I'm sure we'll have some depressing news for you.” (09:20)

wavePod

Cybersecurity Today - The Good News Edition

Powered by Wave AI

Summary

Cybersecurity Today – The Good News Edition

Episode Overview

Key Discussion Points & Insights

1. Humble Opener – Owning Mistakes and Introducing Good News

2. Microsoft Shuts Down Raccoon O365 Phishing Service

3. Texas County Recovers Nearly $2 Million From BEC Attack

4. Commonwealth Bank of Australia (“CommBank”) Slashes Scam Losses With AI

Memorable Moments & Tone

Timestamps for Key Segments

Conclusion

Summary

Cybersecurity Today – The Good News Edition

Episode Overview

Key Discussion Points & Insights

1. Humble Opener – Owning Mistakes and Introducing Good News

2. Microsoft Shuts Down Raccoon O365 Phishing Service

3. Texas County Recovers Nearly $2 Million From BEC Attack

4. Commonwealth Bank of Australia (“CommBank”) Slashes Scam Losses With AI

Memorable Moments & Tone

Timestamps for Key Segments

Conclusion