Podcast Summary: Cybersecurity Today

Episode: RSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"

Host: David Shipley
Date: March 25, 2026

Episode Overview

This episode covers David Shipley’s report from the RSA Conference (RSAC) in San Francisco, featuring his take on one of RSAC’s most provocative presentations: a call to retire the term “Advanced Persistent Threat” (APT). The episode also tackles major policy moves by the US government affecting router sales, exposes controversial activity by Webinar TV, explores a destructive campaign targeting Iranian infrastructure, and examines a brewing debate around terrorism insurance for cyberattacks.

Key Discussion Points and Insights

1. The Call to Retire the "APT" Label (00:20–03:45)

• Key Session at RSAC:
  David highlights a presentation by Robert Lepofsky, Principal Threat Intelligence Researcher at ESET, who argues the term “Advanced Persistent Threat” (APT) has become so diluted it has lost its analytical value.

• Blurring of threat actor lines:
  Lepofsky notes:

  • Nation-state actors increasingly use commodities and off-the-shelf tools.
  • Some criminal groups now operate as or more capably than certain state actors.
  • Hybrid groups blur espionage and criminal motives within the same operation.

• Proposed Solution:
  Lepofsky suggests describing threat actors by activity and motivation (“espionage actor,” “e-crime threat actor,” “nation-state hacker”), not by implied sophistication.

• Industry Pushback:
  The APT term sticks partly because it’s an easier sell to board leadership during crisis communications.

Quote (Robert Lepofsky via David Shipley, 01:44):
"It used to signal nation state espionage actors, sophisticated, well resourced, patient. Now it gets slapped on almost anything, including highly capable cybercriminal groups that have had nothing to do with state sponsored espionage."

2. Trends and Standouts at RSAC 2026 (03:46–05:56)

• Diminishing “Zero Trust” Buzzworthiness:
  “Zero trust” appears less everywhere—maybe on its way out as a marketing buzzword.

• Rise of AI—and ‘Agentic AI’
  In its place, “AI” dominates: “AI everywhere,” with “agentic AI” being plastered across booths.

• Booth Highlights:

  • Crowdstrike: Maintains top-tier production, with cyberpunk APT character statues.
  • Mindguard (AI security firm): Wins “most clever” for a 90s-themed booth.
    • Aaron Portnoy (Mindguard), 05:02:

    “AI security is in a state that's very reminiscent of the late 1990s in terms of the maturity, how easy it is to hack things back then, and how easy it is to hack AI things now.”

  • Commvault: Builds a full wrestling ring with a luchador.
  • Other creative efforts: dragon castles, horror movies, and wild west booths.

3. FCC Bans Non-US Routers (05:57–07:41)

• Policy Move:
  The FCC bans the sale of all newly released Wi-Fi router models not made in the US—a reaction to national security concerns about supply chain risks.

• Background:
  Foreign-made routers seen as vulnerable to exploitation, referencing Volt, Flax, and Salt Typhoon attacks.

• Impact:

  • Ban applies only to new models—legacy routers unaffected.
  • Even US-headquartered brands usually manufacture overseas, so industry-wide disruption likely.
  • Exemptions possible, but only with concrete plans to “onshore” manufacturing.

David Shipley, 07:07:
“Most routers, including those from US Headquartered firms like Netgear, are manufactured in Taiwan, Vietnam or China. ... And you thought RAM was getting expensive.”

4. Webinar TV Controversy: Recording and Republishing Zoom Calls (07:42–10:11)

• Description:
  Webinar TV scrapes publicly available Zoom meeting links, records the sessions, and generates AI-driven podcasts with synthetic hosts “Phil” and “Amy.”

• Discovery and Consent Issues:

  • Most hosts only learn about the republishing by receiving a sales pitch email from Webinar TV.
  • Some meetings are recorded intentionally to remain private, including sensitive discussions.

• Notable Incident:

  • Speaker recalls a teacher, Tan Rademacher, who organized a sensitive, undocumented call—only to have it seized and turned into a podcast.

• Investigations:

  • Cyber Alberta uncovers Webinar TV’s use of browser extensions and AI note-takers as entry vector.
  • Webinar TV offers paid promotions to webinar owners—described as ransoming your own content.

• Leadership and Legal History:

  • CEO Michael Robertson previously founded MP3Tunes, losing a massive copyright suit.
  • Webinar TV claims DMCA compliance, but users say takedown requests are often ignored.

David Shipley, 09:05:
"For some, it's seen as effectively ransoming your content back to you under the guise of marketing."

5. Malware Attack Targeting Iranian Infrastructure (10:12–11:38)

• Ongoing Campaign:
  Team pcp, linked to the recent Trivee vulnerability scanner supply chain attack, is now targeting Kubernetes clusters with a wiper payload aimed at Iranian systems.

• Mechanism:

  • Malware checks for Iranian time zone/locale and presence of Kubernetes.
  • On matches, it launches a container named “Kamikaze” erasing host directories and rebooting.
  • On non-Kubernetes Iranian systems, it runs a recursive delete.
  • For non-Iranian victims: installs a persistent Python backdoor.

• Campaign Evolution:
  Shift from Kubernetes-based spread to SSH, using stolen keys and logs to propagate further.

6. Should Terrorism Insurance Cover Cyberattacks? (11:39–13:08)

• US Treasury Policy Review:
  Federal government asks if terrorism insurance (TRIP) should be expanded to cover cyber incidents.

• Key Issues:

  • Current TRIP law only covers cyber losses officially certified as terrorism—a narrow bar.
  • Catastrophic cyber events not meeting strict criteria would be excluded.
  • Comments on changing definitions or cost-sharing for cyber risk are open until May 8, 2026.

• Host’s Perspective:
  David Shipley expresses skepticism—he fears government insurance will worsen the cyber insurance problem by encouraging risk transfer rather than true risk mitigation.

David Shipley, 12:50:
"Cyber insurance was used too often to do risk transfer instead of investing in security tools and processes. That led to the cybercriminal industry growing like an old school Japanese style giant monster. Now Godzilla is here and it does so much damage that insurance can't cover it. And organizations are starting now to shift from risk transfer to actual risk mitigation. But if big government foots the bill, that monster could get even worse."

Notable Quotes and Memorable Moments

• On the APT label (01:44):
  “It used to signal nation state espionage actors, sophisticated, well resourced, patient. Now it gets slapped on almost anything, including highly capable cybercriminal groups that have nothing to do with state sponsored espionage.” — David Shipley, summarizing Lepofsky

• On AI security (05:02):
  “AI security is in a state that's very reminiscent of the late 1990s in terms of the maturity, how easy it is to hack things back then, and how easy it is to hack AI things now.” — Aaron Portnoy (Mindguard)

• On router industry impact (07:07):
  “Most routers, including those from US Headquartered firms like Netgear, are manufactured in Taiwan, Vietnam or China. ... And you thought RAM was getting expensive.” — David Shipley

• On Webinar TV’s model (09:05):
  “For some, it's seen as effectively ransoming your content back to you under the guise of marketing.” — David Shipley

• On government cyber insurance (12:50):
  "Now Godzilla is here and it does so much damage that insurance can't cover it. ... But if big government foots the bill, that monster could get even worse." — David Shipley

Timestamps for Important Segments

• 00:20 – Retiring the “APT” term (RSAC session recap)
• 03:45 – RSAC show floor trends & booth highlights
• 05:57 – FCC bans sale of new foreign-made Wi-Fi routers
• 07:42 – Webinar TV recording Zoom calls controversy
• 10:12 – Iranian-specific cyber wiper campaign
• 11:39 – Cyber insurance & terrorism risk policy debate
• 12:50 – Shipley’s take: why government cyber insurance could backfire

Conclusion

This episode delivers a rapid, insight-packed rundown of the RSAC’s atmosphere, exposes concerning new developments in cyber threats and policy, and makes room for a sharply-argued industry critique of both cyber insurance and obsolete terminology like “APT.” The episode is essential listening for anyone seeking to stay current on cybersecurity’s evolving language, regulatory risk, and the creative chaos of the industry’s big stage.