Summary5 min read

Cybersecurity Today – "Lockbit Is Back"

Host: Jim Love
Date: September 29, 2025

Overview

This episode of Cybersecurity Today, hosted by Jim Love, focuses on the resurgence of the notorious Lockbit ransomware group—now boasting a formidable, cross-platform 5.0 variant. Love also covers critical vulnerabilities in Salesforce's AI agent platform and explores the growing sophistication and threat posed by China’s Ministry of State Security (MSS) in global cyber operations. The episode serves as a wake-up call for cybersecurity professionals and business leaders, emphasizing the evolving dangers in the digital landscape.

Key Discussion Points & Insights

1. Lockbit 5.0: The Next Generation of Ransomware

[00:00–03:20]
- The new Lockbit 5.0 has emerged, targeting Windows, Linux, and VMware ESXi systems simultaneously.
  - Windows variant: Utilizes advanced techniques like DLL reflection (loading malicious code directly into memory), making it harder for anti-malware tools to detect.
  - Linux variant: Allows attackers to select specific directories/files for encryption.
  - VMware ESXi variant: Attacks virtualization hosts at the hypervisor level, encrypting both virtual machines and backups—potentially affecting dozens or hundreds of systems at once.
- Lockbit 5.0 operates faster than older versions, aiming to complete encryption before defenders can react:
  
  “Speed is now a weapon, shrinking the window for detection and response.” — Jim Love [01:42]
- Trend Micro researchers highlight that “heavy obfuscation and technical improvements across all variants make Lockbit 5.0 significantly more dangerous than its predecessors.”
- The revived affiliate program (under a rebranded, more secure platform) aims to recruit more operators, boosting Lockbit’s reach and resilience.
- The group’s return comes shortly after international law enforcement’s Operation Chronos, which was assumed to have dismantled Lockbit:
  
  “But like the villain in the horror movie, they’re back with a new design: speed, backup, VM targeting, and the revived affiliate program show the group is determined to reestablish itself.” — Jim Love [02:52]

2. Salesforce AI Agent Vulnerabilities: Forced Leak & Prompt Injection

[03:21–06:34]
- Noma Security researchers discovered a critical flaw in Salesforce’s “Agent Force” platform—a tool for deploying AI agents to automate CRM tasks.
  - The attack, dubbed "forced leak" (CVSS 9.4), exploits prompt injection via Salesforce’s Web-to-Lead forms. Hackers can plant hidden instructions that an AI agent processes, causing data to be leaked, altered, or deleted.
  - Attackers abused a whitelisted but expired Salesforce domain, redirecting trusted traffic for exfiltration.
  “We were able to compromise the agent and tell it to do whatever. It could leak information if we asked, but it could also be asked to change the information in the CRM, delete databases, whatever.” — Alan Trone, CTO, Noma Security [04:47]
- This is described as “cross-scripting for the AI era.” In enterprise settings, such vulnerabilities can quietly siphon sensitive data and corrupt business-critical systems.
- The compromise wasn’t just the AI—it combined weak URL management and inherent AI agent risks:
  
  “Whenever you give an automated AI agent live access to production data and workflows, you create a new and powerful attack surface that can help find and exploit weaknesses in your existing security.” — Jim Love [05:56]
- Takeaway: Prompt injection has moved beyond theory—it’s now an active enterprise threat. AI agents must be inventoried, their privileges restricted, and activities closely monitored.

3. China’s MSS: The Growing Cyber Intelligence Juggernaut

[06:35–11:02]
- The New York Times reports China’s Ministry of State Security (MSS) has evolved into “one of the world’s most effective cyber intelligence services.”
  - What was once a fragmented landscape of hackers is now a centralized, disciplined agency blending classic espionage with advanced cyber operations.
  - Decades of IP theft, large-scale data exfiltration, and persistent network intrusions have Western governments alarmed.
- Salt Typhoon, a Chinese-aligned group, has breached multiple telecom networks’ core systems, potentially accessing lawful intercept systems and sensitive metadata:
  
  “In short, they live in the backbone routers and management systems—the Internet plumbing—which makes their access stealthy and maybe durable.” — Jim Love [07:53]
- British MI6 and the CIA are concerned:
  - CIA Director William J. Burns visited Beijing in 2023 to warn Chinese officials of dire consequences if attacks targeting communications, water, or power systems escalate.
  “That’s a stark illustration of how high this now ranks in national security terms.” — Jim Love [08:27]
- The podcast warns about the risks posed by sloppy U.S. data practices and platform consolidation—multiplying the damage MSS could cause with the vast data likely already in their hands.
  
  “Our data architecture and operational sloppiness have multiplied the consequences of any successful infiltration.” — Jim Love [09:15]
- Final note: Hope rests on quiet, effective US counter-operations to root out persistent Chinese access, but the risk remains “severe and unresolved.”

Notable Quotes & Memorable Moments

[01:42] Jim Love: “Speed is now a weapon, shrinking the window for detection and response.”
[02:52] Jim Love: “But like the villain in the horror movie, they’re back with a new design: speed, backup, VM targeting, and the revived affiliate program show the group is determined to reestablish itself.”
[04:47] Alan Trone (Noma Security CTO): “We were able to compromise the agent and tell it to do whatever. It could leak information if we asked, but it could also be asked to change the information in the CRM, delete databases, whatever.”
[05:56] Jim Love: “Whenever you give an automated AI agent live access to production data and workflows, you create a new and powerful attack surface that can help find and exploit weaknesses in your existing security.”
[07:53] Jim Love: “In short, they live in the backbone routers and management systems—the Internet plumbing—which makes their access stealthy and maybe durable.”
[08:27] Jim Love: “That’s a stark illustration of how high this now ranks in national security terms.”
[09:15] Jim Love: “Our data architecture and operational sloppiness have multiplied the consequences of any successful infiltration.”

Timestamps for Important Segments

[00:00–03:20] Lockbit 5.0 technical advances and affiliate network relaunch
[03:21–06:34] Salesforce AI agents: forced leak vulnerability and prompt injection risk
[06:35–11:02] China’s MSS: centralization, Salt Typhoon, Western agency reactions, and the national security stakes

Takeaways

Lockbit 5.0 represents a major evolution in ransomware—cross-platform, faster, and harder to defend against, with an expanded affiliate model for wider reach.
Prompt injection attacks are now an enterprise issue, not just a theoretical or consumer-level concern. AI agents must be managed like sensitive assets.
China’s cyber threat is more organized and stealthy than ever, with entrenched access on a national and potentially systemic level—posing unprecedented risks to infrastructure and data.

Jim Love’s episode is a clarion call: the threat landscape is escalating. Defenders must raise their game, from technical controls on AI to strategic awareness of global adversaries.

Loading summary

Transcript1 lines

[00:01]
A
Lockbit 5.0 emerges as a cross platform ransomware Salesforce AI agents are vulnerable to forced leak, prompt injection and China's security. Why its success scares Western agencies this is cybersecurity today. I'm your host Jim Love. Lockbit is back, and it might be more dangerous than ever, Trend Micro said. The new Lockbit 5.0 variant can simultaneously attack Windows, Linux and VMware ESXi systems, giving criminals the power to attack entire enterprise stacks in one campaign. The Windows version is more dangerous, using techniques like DLL reflection, where malicious code is loaded straight into memory, making it much harder for anti malware to detect and defend against. The Linux build lets attackers choose which directories and files to encrypt, and the ESXI variant goes straight for virtualization hosts at the bare metal hypervisor level, locking up virtual machines and even encrypting backups, a critical capability that makes recovery even more difficult. Compromising ESXI lets attackers hit dozens or hundreds of systems at once, so an ESXi targeting strain can magnify the impact far beyond a single endpoint. And if that weren't enough, researchers also point out that Lockbit 5.0 has been re engineered to run faster, meaning the encryption process can complete before defenders have time to react. Speed is now a weapon, shrinking the window for detection and response, a researcher from Trend Micro put it quite succinctly. Heavy obfuscation and technical improvements across all variants make Lockbit 5.0 significantly more dangerous than its predecessors. Lockbit has also reactivated its affiliate program under a rebranded and seemingly hardened platform. Affiliates are the foot soldiers. They launch attacks using Lockbit's framework while the operators take a cut. The incentive model has reportedly been refreshed to re recruit operators after the group's earlier disruption, and that network is what gives Lockbit its reach and staying power. This comes just months after Operation Chronos, a joint US UK law enforcement action, seized servers and keys, supposedly dealing a death blow to Lockbit. But like the villain in the horror movie, they're back with a new design Speed backup, VM targeting and the revived affiliate program that show the group is determined to reestablish itself. Salesforce has been taking a beating lately in terms of security and its AI agents. And now researchers at Noma Security have discovered another critical flaw, this one in Salesforce's Agent Force platform, which lets companies spin up autonomous AI agents to handle CRM tasks. The issue has been dubbed forced leak, and it carries a CVSS severity score of 9.4 out of 10 attackers plant a malicious instruction into something as ordinary as Salesforce's Web to lead form. When an agent later processes that form, it doesn't just log the contact, it follows the hidden prompt, and that can lead to internal data being leaked, altered, or even deleted. Think of it as cross scripting. For the AI era, the Noma team showed they could trick an agent into exfiltrating customer emails and lead data by abusing a whitelisted but expired Salesforce domain. As Alan Trone, noma's cto, put it, we were able to compromise the agent and tell it to do whatever. It could leak information if we asked, but it could also be asked to change the information in the CRM, delete databases, whatever. This is a textbook case of prompt injection, where hidden or malicious instructions get the AI to override its intended behavior. In consumer tools, this might make for a funny jailbreak. In enterprise systems, the stakes are much higher. A poisoned prompt in a CRM could silently siphon data to an attacker or corrupt sales pipelines, contracts, and customer histories without anybody noticing. And it's important to notice that it's not just the AI. It provides an entry point and allows the exploitation of other problems and weaknesses. In this case, it was how trusted URLs are managed where an old URL was left as a trusted source. When hackers hijacked that URL, they had the ability to exfiltrate huge amounts of data. The lesson is, whenever you give an automated AI agent live access to production data and workflows, you create a new and powerful attack surface that can help find and exploit weaknesses in your existing security. Prompt injection is no longer theoretical it's moved into core business systems. We need to treat AI agents like any other sensitive system, inventory them, restrict their privileges, and monitor for unexpected behavior. The New York Times is reporting that China's Ministry of State Security has quietly become one of the world's most effective cyber intelligence services under Xi Jinping. What was once a loose patchwork of regional hackers and contractors has been folded into a centralized, disciplined agency that blends traditional spycraft with modern cyber operations. And the results are tangible years of intellectual property theft, large data exfiltration efforts, and persistent access that Western officials say could be extremely hard to evict. One arm of that machine is Salt Typhoon, a group linked by researchers and U.S. officials to intrusions at telecom and broadband providers. Investigations found that Salt Typhoon buried into core networks at multiple carriers, with potential exposure of lawful intercept systems, subscriber metadata, and other plumbing level assets. In short, they live in the backbone routers and management systems, the Internet plumbing which makes their access stealthy and maybe durable. Britain's MI6 has warned that if China can keep these hidden access points in place, the threat is enormous, and indicating just how serious this threat is. The Times also said that CIA Director William J. Burns made a secret trip to Beijing in 2023 and warned his counterpart of serious consequences if malware implanted in communications, water or power systems were ever activated. That's a stark illustration of how high this now ranks in national security terms. But here's the most unsettling piece. With the sloppiness reported around the Doge programs and the broader consolidation of U.S. data on a handful of platforms, it's possible, probably likely, that that China already holds an enormous amount of information on all Americans. The MSS has moved from disorganized hackers for hire to a formidable state run engine with systemic reach. Having this data is powerful at the end of it. This is not just another espionage story, it's a warning. Our data architecture has and operational sloppiness have multiplied the consequences of any successful infiltration. And with the amount of information we can expect China has accumulated, not only infrastructure is at risk, although that's dangerous enough. We can only hope that there's a vigorous and effective US effort quietly underway to evict entrenched access and regain control. Because until that happens, the risk remains severe and unresolved. And that's our show for today. You can reach me with tips, comments, and even some constructive criticism. I try to put some constructive advice where it makes sense. So I'm not just dropping bad news on you all the time. But if you out there have tips or ways to avoid or deal with some of these threats, by all means, send them to me. Tech Newsday.com Go to the contact Us form. Drop me a note. I'm also on LinkedIn. I'd love to hear from you. I'm your host Jim Love. Thanks for listening.