Apple’s race to secure your iPhone. - CyberWire Daily

Summary8 min read

CyberWire Daily: Apple’s Race to Secure Your iPhone Release Date: February 11, 2025

Introduction In the latest episode of CyberWire Daily, hosted by Dave Bittner and produced by N2K Networks, a comprehensive overview of current cybersecurity events is presented. The episode delves into critical security updates from Apple, organizational shifts within the U.S. Cybersecurity and Infrastructure Security Agency (CISA), high-stakes corporate maneuvers involving Elon Musk and OpenAI, significant legal developments in cybercrime, and emerging threats targeting edge devices. Additionally, the episode features an insightful interview with John Focker, Head of Threat Intelligence at Trellix, focusing on the evolving landscape where nation-state actors and cybercriminals increasingly resemble each other.

1. Apple’s Emergency Security Updates Timestamp: [00:13:00]

Apple has proactively released emergency security updates to address a zero-day vulnerability discovered by Citizen Lab’s Bill Markzak. This flaw compromised USB Restricted Mode, a feature intended to prevent unauthorized data extraction from locked iPhones and iPads. The vulnerability, which affected models from the iPhone Xs onward, allowed attackers to bypass security through physical exploits using sophisticated forensic tools like GrayKey and Cellebrite. Apple’s swift response enhanced state management to mitigate the risk, urging all users to update their devices immediately to safeguard against potential targeted attacks.

Notable Quote:

Dave Bittner [00:13:45]: “Users are urged to update immediately to protect their devices from these highly sophisticated targeted attacks.”

2. CISA Places Election Security Workers on Leave Timestamp: [00:14:15]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed 17 staff members, including 10 regional election security specialists, on administrative leave. This decision has ignited concerns regarding the agency’s support for election security amidst an internal review examining efforts to counter foreign interference and misinformation. Despite political pressures and criticism from figures within the Trump administration, both Republican and Democratic election officials have defended CISA’s essential role. The agency remains without a permanent director, and its leadership was notably absent from recent election security meetings. CISA has assured that cybersecurity and physical security services for states will continue uninterrupted despite these personnel changes.

Notable Quote:

Dave Bittner [00:15:20]: “Both Republican and Democratic election officials have defended CISA’s work, highlighting its crucial role in securing elections.”

3. Elon Musk’s Unsolicited Bid to Acquire OpenAI Timestamp: [00:16:00]

Elon Musk has spearheaded a $97.4 billion unsolicited bid to acquire OpenAI, intensifying his ongoing dispute with CEO Sam Altman. Musk’s consortium, including Baron Capital and Valor Management, aims to steer OpenAI back to its original open-source mission, criticizing its shift towards profit-driven AI. Altman has dismissed the offer humorously on X Twitter, proposing to buy Twitter for $9.74 billion in response. This acquisition attempt complicates Altman’s plans to take OpenAI private, as the for-profit arm must accurately value the nonprofit’s assets. Musk, a co-founder of OpenAI who departed in 2018, is also urging California’s Attorney General to initiate competitive bidding, questioning the foundation of OpenAI's current operational trajectory.

Notable Quote:

Dave Bittner [00:16:45]: “Musk argues that OpenAI has strayed from its founding principles, while his own XAI follows the values he was promised.”

4. Hacker Emmerking and OpenAI Credential Claims Timestamp: [00:17:30]

A hacker known as Emmerking has claimed on breach forums the sale of 20 million OpenAI credentials. However, cybersecurity experts attribute this data to InfoStealer malware rather than an actual breach of OpenAI’s systems. OpenAI has confirmed that their investigations found no evidence of a compromise. Threat intelligence firm Keela analyzed the data and matched it to logs from malware such as Redline, Rise Pro, and Vidar. The deletion of Emmerking’s post further suggests that the claim was likely exaggerated, reinforcing skepticism about the legitimacy of the breach announcement.

Notable Quote:

Dave Bittner [00:18:15]: “Breach Forums is known for hosting misleading data breach claims, which casts further doubt on Emmerking’s assertions.”

5. Legal Consequences for SEC’s Ex-Twitter Account Hacker Timestamp: [00:19:00]

Eric Council Jr., 25, has pleaded guilty to conspiracy to commit identity theft and fraud for hacking the U.S. Securities and Exchange Commission’s former Twitter account in January of the previous year. His actions resulted in significant volatility in Bitcoin prices through false announcements regarding SEC-approved crypto-based ETFs. Utilizing SIM swapping techniques, Council posed as an FBI agent to hijack the SEC’s government account, resetting security codes to gain control. Prosecutors have outlined that he was compensated in Bitcoin for his efforts to manipulate the cryptocurrency market. Council faces up to five years in prison, with sentencing scheduled for May 16th.

Notable Quote:

Dave Bittner [00:19:50]: “His actions caused wild swings in Bitcoin's price by falsely announcing SEC approval of crypto-based ETFs.”

6. Law Enforcement Takedown of 8base Ransomware Gang Timestamp: [00:20:30]

Law enforcement agencies successfully seized the leak site of the 8base ransomware gang, replacing it with a takedown notice. This operation coincided with the arrest of four suspects in Thailand accused of defrauding over 1,000 victims out of $16 million worldwide. The suspects, two men and two women, face charges of wire fraud and conspiracy. Collaborative efforts from Europol, the FBI, and agencies from Switzerland were instrumental in the crackdown, which also netted connections to other ransomware groups such as Ransom House and Phobos Ransomware. The action is part of a broader trend following similar law enforcement operations against gangs like Lockbit and Blackcat, contributing to a notable 35% reduction in ransom payments in 2024.

Notable Quote:

Dave Bittner [00:21:20]: “The takedown follows similar law enforcement crackdowns on ransomware groups, significantly reducing ransom payments.”

7. Surge in Brute Force Attacks Targeting Edge Devices Timestamp: [00:22:00]

Security researchers have identified a substantial increase in brute force attacks targeting edge devices, often originating from malware-infected routers and firewalls. The Shadow Server Foundation reports that approximately 2.8 million unique IP addresses are engaged daily in these attacks, with Brazil, Turkey, Russia, and Argentina being the primary sources. Devices from Palo Alto Networks, Ivanti, and SonicWall are frequently targeted, alongside over 100,000 MikroTik devices. The exact cause of these infections remains unclear, though there is speculation that malware might be bundled with popular software. In Brazil, state-sponsored groups like China’s Salt Typhoon are known to exploit unpatched vulnerabilities in edge devices, underscoring persistent cybersecurity risks for firewalls, VPN gateways, and email security appliances.

Notable Quote:

Dave Bittner [00:22:45]: “The surge highlights ongoing cybersecurity risks for firewalls, VPN gateways, and email security appliances, which remain prime targets for cyberattacks.”

8. UK’s Encryption Backdoor Demand on Apple Sparks Security Concerns Timestamp: [00:23:10]

A Wall Street Journal editorial co-authored by Johns Hopkins cryptographer Matthew Green and Sentinel One CISO Alex Stamos criticizes the UK government's demand for an encryption backdoor in Apple’s devices. The proposed order would permit British authorities to access any iPhone user's private data globally, setting a perilous precedent that could compromise security for billions. The editorial argues that such a move would weaken defenses against escalating cyber threats from nations like Russia and China. Green and Stamos advocate for immediate congressional action to prevent U.S. tech companies from complying with these demands, emphasizing the critical need to maintain robust, unbreakable encryption to protect American privacy and national security.

Notable Quote:

Dave Bittner [00:23:50]: “If Britain succeeds, China and other nations will surely follow, undermining security for all.”

Interview: Blurring Lines Between Nation States and Cybercriminals Timestamp: [00:24:00]

Guest: John Focker, Head of Threat Intelligence at Trellix

In an in-depth conversation, John Focker discusses the increasing convergence between nation-state actors and organized cybercriminals. Maria Vermazes, another expert from N2K Networks, elaborates on how traditional distinctions in threat attribution are becoming less clear. Both groups frequently employ similar tactics, such as living off the land—using legitimate tools within victim systems to avoid detection—making it challenging to distinguish between purely criminal activities and those with state sponsorship.

Notable Quotes:

Maria Vermazes [00:14:43]: “You cannot say like, well, we're more at risk of an APT versus a cybercriminal because yeah, they're working together, working as proxies.”

John Focker [00:19:08]: “Attribution can help speed things up, but it is the outcome of the process you go through.”

Key Insights:

Convergence of Threat Actors: Both cybercriminals and nation-state actors utilize similar methods, making attribution increasingly complex.
Living off the Land: The use of legitimate tools by malicious actors complicates detection by standard security measures.
Skill Levels and Objectives: While nation-state groups often engage in long-term espionage with sophisticated exploit development, cybercriminals may prioritize rapid disruption, such as ransomware attacks.
AI Adoption: Both groups are integrating AI to enhance their operations, though state actors may leverage it more for refined attacks.
Defense Strategies: Emphasizing threat modeling, proactive threat hunting, and understanding the commonalities in attacker tactics can bolster organizational defenses against this blurred threat landscape.

Recommendations for Defenders:

Threat Modeling: Analyze prevalent threat actors within your sector without bias towards specific groups.
Identify Common TTPs: Focus on common tactics, techniques, and procedures (TTPs) shared across different threat actors.
Enhance Security Controls: Ensure that security measures address the identified commonalities to provide comprehensive protection.
Proactive Threat Hunting: Continuously monitor and investigate for signs of breaches, utilizing threat intelligence to inform hunting strategies.
AI Utilization: Leverage AI for advanced threat detection and response, staying ahead of evolving attacker methodologies.

Notable Quote:

Maria Vermazes [00:21:44]: “Your chance to detect them is really on that period when they first enter to their final objective.”

Celebrating International Day for Women and Girls in Science Timestamp: [00:26:01]

Dave Bittner shares a heartfelt tribute to the International Day for Women and Girls in Science, reflecting on personal experiences and the ongoing challenges women face in STEM fields. He emphasizes the importance of celebrating and supporting women in science and engineering, advocating for greater representation and acknowledgment of their contributions.

Notable Quote:

Dave Bittner [00:26:14]: “Our world needs your perspective and your expertise more than ever. Keep fighting out of spite for the haters if nothing else.”

Conclusion The episode of CyberWire Daily provides a thorough examination of pressing cybersecurity issues, highlighting Apple's latest security measures, organizational dynamics within CISA, high-profile corporate bids, significant legal cases, and the evolving tactics of cyber threats. The interview with John Focker offers valuable insights into the blurring lines between different types of threat actors, underscoring the need for adaptive and comprehensive defense strategies. Additionally, the celebration of International Day for Women and Girls in Science underscores the importance of diversity and support in the cybersecurity and scientific communities.

For more detailed information and resources discussed in this episode, listeners are encouraged to visit the show notes linked on the CyberWire platform.

Credits

Host: Dave Bittner
Guest: John Focker, Head of Threat Intelligence at Trellix
Production Team: Alice Carruth, Liz Stokes, Trey Hester, Elliot Peltzman, Jennifer Ibin, Peter Kilpe
Executive Producer: Jennifer Ibin
Publisher: Peter Kilpe

Feedback CyberWire Daily values listener feedback to continue delivering relevant and insightful content. Subscribers are encouraged to rate, review, and participate in surveys available through the CyberWire platform or via email at cyberwire2k@N2K.com.

Loading summary

Transcript19 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K.
[00:13]
John Focker
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your Delete Me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K Apple releases emergency security updates to patch a zero day vulnerability CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to require open AI. The man accused of hacking the SEC's ex Twitter account pleads guilty. Law enforcement seizes the leak site of the eight base ransomware gang. Researchers track a massive increase in brute force attacks targeting edge devices. Experts question the UK government's demand for an encryption backdoor on Apple's devices. Today's guest is John Focker, head of Threat Intelligence at Trellix, joining us to discuss their work. Blurring the how nation states and organized cybercriminals are becoming alike and it's International Day for Women and girls in SC. It's Tuesday, February 11, 2025. I'm Dave Bittner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It's great to have you with us. Apple has released emergency security updates to patch a zero day vulnerability that was exploited in highly sophisticated targeted attacks. The flaw reported by Citizen Lab's Bill Markzak affects USB Restricted Mode, a security feature designed to block unauthorized data extraction from locked iPhones and iPads. Attackers could bypass this protection through a physical exploit, potentially using forensic tools like Gray Key or cellebrite. Apple addressed the issue with improved state management. The vulnerability affects various iPhone and iPad models, including iPhone Xs and later, though the attack was limited to specific targets. Users are urged to Update immediately. The U.S. cybersecurity and Infrastructure Security Agency has placed 17 staffers on administrative leave, raising concerns about election security support. These employees, including 10 regional election security specialists, provided cybersecurity and physical security training to state and local election officials. The internal review reportedly examines efforts to counter foreign interference and misinformation. Both Republican and Democratic election officials have defended CISA's work, highlighting its crucial role in securing elections. The move comes amid political pressure, with Trump administration figures criticizing CISA's past efforts to counter misinformation. The agency remains without a permanent director, and its leadership was absent from recent election security meetings. Despite the suspensions, CISA has assured states that cybersecurity and physical security services will continue to be available. Elon Musk and a group of investors have made a $97.4 billion unsolicited bid to acquire OpenAI, escalating Musk's ongoing feud with CEO Sam Altman. Altman dismissed the offer on X Twitter, jokingly offering to buy Twitter for $9.74 billion, to which Musk responded. Swindler Musk's consortium, which includes Baron Capital and Valor Management, seeks to restore OpenAI's original open source mission. Musk argues that OpenAI has strayed from its founding principles, while his own XAI follows the values he was promised. The bid complicates Altman's efforts to take OpenAI private, as the for profit arm must fairly value the nonprofit's assets. Musk also urged California's Attorney General to open competitive bidding. Musk Co founded OpenAI in 2015 but left in 2018. His ongoing legal battles against OpenAI focus on its shift toward profit driven AI. In other OpenAI news, a hacker named Emmerking claimed on breach forums to be selling 20 million OpenAI credentials, but experts believe the data originates from InfoStealer malware, not an OpenAI breach. OpenAI says they investigated and found no evidence of a compromise. Threat intelligence firm Keela analyzed the data and confirmed it matches infostealer logs likely collected from malware like Redline, Rise Pro and Vidar. The hacker's post was later deleted, reinforcing suspicions that the claim was exaggerated. Breach Forums is known for hosting misleading data breach claims. Eric Council Jr. Age 25, pleaded guilty to conspiracy to commit identity theft and fraud after hacking the US securities and Exchange Commission's ex Twitter account in January of last year. His actions caused wild swings in Bitcoin's price by falsely announcing SEC approval of crypto based ETFs. He faces a maximum sentence of five years, with sentencing set for May 16th. Mr. Counsel used SIM swapping techniques to take over the SEC account, posing as an FBI employee to obtain a victim's phone number. He then used it to reset security codes and hijack the SEC Gov account. Prosecutors say he was paid in Bitcoin for the hack, which aimed to manipulate the crypto market. Law enforcement agencies seized the Leak site of the 8base ransomware gang, replacing it with a takedown notice. The action coincided with the arrest of four suspects in Thailand accused of stealing $16 million from over 1,000 victims worldwide. Authorities from Switzerland and the US had issued warrants for the suspects, two men and two women who now face wire fraud and conspiracy charges. Europol, the FBI, and other agencies supported the operation, named Phobos. Ator8base emerged in 2023, targeting manufacturing firms and entities like the United Nations Development Program. It has ties to Ransom House and Phobos Ransomware. The takedown follows similar law enforcement crackdowns on ransomware groups like Lockbit and Blackcat, contributing to a 35% drop in ransom payments in 2024. Security researchers have observed a massive increase in brute force attacks targeting edge devices, often launched from malware infected routers and firewalls. The Shadow Server foundation reports that 2.8 million unique IP addresses daily have been used in these attacks, with the highest concentrations coming from Brazil, Turkey, Russia and Argentina. The attacks primarily target devices from Palo Alto Networks, Ivanti, and sonicwall, with over 100,000 Microtik devices implicated. The cause of these infections remains unclear, though some speculate malware may be bundled with popular software. In Brazil, hackers, including state sponsored groups like China's Salt Typhoon, often exploit unpatched vulnerabilities in edge devices. The surge highlights ongoing cybersecurity risks for firewalls, VPN gateways, and email security appliances, which remain prime targets for cyberattacks. A Wall Street Journal editorial from Johns Hopkins cryptographer Matthew Green and Sentinel 1 CISO Alex Stamos warns that the UK government's demand for an encryption backdoor in Apple's devices poses a grave risk to global security. The order would allow British authorities to access any iPhone user's private data worldwide, setting a dangerous precedent that could weaken security for billions. The editorial argues that Congress must act immediately to prohibit US tech companies from complying with such demands, creating a legal conflict that Apple could fight in UK courts. The authors highlight the growing cyber threats from Russia and China, pointing to recent hacks targeting US Telecoms, the Treasury, and political figures. Even the FBI now supports encryption to protect Americans from cyber threats. If Britain succeeds, China and other nations will surely follow, undermining security for all. The editorial urges lawmakers to ensure strong encryption remains unbreakable by any foreign government, safeguarding American privacy and national security. Coming up after the break, my conversation with John Focker from Trellix. We're discussing their work blurring the lines how nation states and organized cyber criminals are becoming alike and celebrating International Day for Women and Girls in Science. Stay with us. Foreign cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. Threat Locker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. John Focker is head of threat intelligence at Trellix. I recently sat down with him to discuss their work Blurring the lines how nation states and organized cyber criminals are becoming alike.
[13:29]
Maria Vermazes
For years now we've seen a convergence and there's, if you look at our customer base from governments, financial institutions all across the board, there used to be a lot of like, oh, but we're not risk of an APT like a nation state or we're more inclined to cyber criminal and all these things. And what we've been seeing in the, in the course of several years now is that it's, it's becoming such a gray area even for our customers. You cannot say like, well, we're more at risk of an APT versus a cybercriminal because yeah, they're working together, working as proxies. So we Our researcher Tomer in the team, who's very, very talented, he took it upon himself to lay this down and explain it that there's, it's the time of attribution that you had in the past that could be very easily done is becoming harder and harder and it might actually be that you're attacked by a cybercriminal, but the ulterior motive is that it's state directed or it actually is a state actor going after your financials. So it's, it's not as easy as it, or as clear as it, as it looks used to look.
[14:43]
John Focker
Can we dig into some of the details here? I mean what are some of the ways that we're seeing a lot of this crossover? Can you share some specifics?
[14:52]
Maria Vermazes
Oh, totally, totally. Like things that we've seen very much being adopted on both sides is living off the land. We noticed that. And that makes attribution harder. Right. You know, you're using the tools that are either non malicious or they're actually present on the victim system, on the, in the network. So you kind of go under the radar. But it also makes it harder for a lot of your security tools to distinguish because it's not necessarily you using a malicious binary. You're just using something which was designed for good but with bad intent. And we see that being used by as well as cybercriminals as well as apt actors. So on the cybercriminal side, a lot of the ransomware gangs using a lot of the living off the land just because they, they, they don't want to be detected. And it's very useful, you don't have to smuggle anything in and you can exfiltrate data out or you can just elevate well, you can work your way through the network. At the same time, if we look at a group, let's say full Typhoon is very, very competent in using living off the land as well. To get to their objective, they often attack like edge routers, but then they move through the network laterally and they use a lot of living off the land. And this is just the tools, obviously. I have a background in law enforcement before I joined the private sector. And it's funny, I'm from the Netherlands and we have a very, I would like to say competent cybercrime teams that work a lot with the FBI and the Netherlands is known for bad hosting. And I can recall many times I had to go to a hosting provider which was considered then a bulletproof hoster and they would comply eventually. But it could have been of a request of an intelligence agency that there is actually a system being used by a state sponsored actor or it was a cyber System, was a C2 server for a cybercriminal team. So for me that says like, hey, they're using the same infrastructure because it was the same hosting provider. It was. So we're coming to the same area, the same registration, but it was just a different group, so they're using infrastructure as well.
[16:59]
John Focker
Well, despite this convergence here, are there still differences that are apparent or are there different skill levels? What are some of the things that when you're looking at the techniques here that differentiate between the two to this day?
[17:16]
Maria Vermazes
Yeah, that's a good question. Like if I say skill level, if we take the low bin stuff, I think if you compare let's say a ransomware group with an APT group and the APT group is not aimed to disrupt, but they're doing classic espionage, we would see that they stay low and slow and they take their time, whereas the ransomware teams are up against the clock. So they allowing them, they are allowing themselves to make a little bit more noise in order to get to their objective because their goal is essentially different. What we also see is a lot of the more refined exploit discovery development. So vulnerability discovery and then exploit development is usually done by the nation state groups, the state sponsored groups, they're far more skilled at that. And like the Midnight Blizzard, how they've been using these cloud based attacks, that's something that we have yet. Well, to see at that scale and sophistication by cybercriminal actors and yeah, we almost cannot talk any podcast without mentioning AI. So we see on both sides of the spectrum they're adopting to AI, whereas I can see that cybercriminals are adopting it for a code base and solving problems they have and speeding up their, their operation. However. Well, you know just as well as I do that cyber criminal activity is. It's not operating in a vacuum. They're always dependent on key services that are like in the kill chain, left or right of them, whereas APT actors have a lot of that stuff in house. So you would see more refined usage of AI in their attacks by state actors versus cyber criminals.
[19:09]
John Focker
You know John, I've seen folks when they're looking at this blurring of lines say that attribution doesn't really matter anymore. Do you go along with that statement or is there still value there?
[19:24]
Maria Vermazes
Well, depends on who you talk to. Like I yet have to see a CEO that is not interested in like who stole My wallet type of analogy. But at the same time, the, the people that we interact with and that use like our, our software and, and they use our, our, our solutions and the actual people in the trenches. Very often, yeah, attribution can help speed things up, but it is the outcome of the process you go through. That's the way I see it. So it's an important factor. But when you get breached or you're dealing with an incident, it's not always the most pressing at hand because, yeah, you have to kick off threat hunting, you have to find patient zero, you're going in a full IR cycle and by doing so, and you're using threat intelligence and you might have hypotheses forming. And I think that's a very healthy thing to do for every security practitioner to say, like, okay, what kind of adversary are we dealing with and what can we expect from such an adversary of other tools that they might use or other, or their intent? And then you could base your hunting off of that. I think that's very helpful. But while you're doing this, you kind of fill in the blanks and eventually the outcome of your full investigation would probably lead to an attribution of an actor of such kind. Um, and yeah, with ransomware, it's very obvious when you, if you wait long enough, they'll make themselves known and you get an, as our friends at Google say, a third party notification from the threat actor in their, in their State of the Union talk. I love, I love that statement, by the way. And yeah, they make themselves known and you know who you're dealing with.
[21:20]
John Focker
Well, given this reality of this, this blending, this blurring as, as you all describe it, what are your recommendations then for folks who are tasked with defending their organizations, given that this is the reality.
[21:34]
Maria Vermazes
Yeah, that's some, some good advice I would give is like, and you can use this, you can do this in multiple ways. But is to do a threat modeling exercise.
[21:44]
John Focker
Yes.
[21:45]
Maria Vermazes
You need to study the threat actors that are prevalent in your sector. That's healthy. Knew that you need to do that. But don't have that blind, that bias that you only think like, okay, no, we're only dealing with apt and no ransomware. Because be honest, if you have a vulnerability somewhere and somebody can get in, yeah, you don't know who's in until they're in and then they can wreak havoc. And that could be a cyber criminal actor. It could be even hectic. But looking at the threat landscape, looking at all the different threats that might attack you and Then overlaying those ttps, looking at, okay, what are the commonalities, what are some of the, the overlap points that they all have to do? They all have to escalate privileges, they all have to maybe use certain credentials, they all have to do X, Y or Z. And when you identify those points, you can actually look at your security controls and see, okay, are we protected against this or are there controls missing or can we adjust our current controls to have coverage? Or if we're blind, is there anything we can do with threat hunting? So can we kick off some proactive threat hunting in our environment just to get better eyes on, to study, to see and maybe there's evidence of a breach. So there's all these things we would say like, okay, study all. And nowadays, luckily that's a lot easier than it is to do than it was a couple of years back. So even with some AI, you can create some pretty elaborate stuff and you can drill down and see how your security posture is scaling up towards a multitude on actors. But every actor, initial access or whatever, they'll move on your network. So I always say, or often say, like your chance to detect them is really on that period when they first enter to their final objective. And that doesn't matter if it's a ransomware actor or an apt actor. They have to move for your network. So knowing your network and knowing what the anomalies are, that's key.
[23:48]
John Focker
That's John Focker, head of threat intelligence at Trellix. We'll have a link to their publication in our show notes. And now a message from our sponsor. Zscaler, the leader in cloud security. Enterprises have spent billions of dollars on firewalls and VPNs. Yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever With AI tools, it's time to rethink your security. Zscaler Zero Trust+AI stops attackers by hiding your attack surface. Making apps and IPs invisible. Eliminating lateral movement. Connecting users only to specific apps, not the entire network. Continuously verifying every request based on identity and context. Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.
[25:25]
Dave Bittner
This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify, the global commerce platform that supercharges your selling. Wherever you sell with Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at shopify.com tech. All lowercase. That's shopify.com tech and finally, it is.
[26:01]
John Focker
The United Nations International Day for Women and Girls in Science. It's a day worth celebrating. Here's N2K's Maria Vermazes with more.
[26:15]
Dave Bittner
Today, February 11th is the International Day of Women and Girls in Science. This one's personal I grew up in a house where science and engineering were revered and encouraged at every turn. My peer group in high school were other science minded girls like me. There's a photo in my high school yearbook of our computer club that always makes me chuckle because there I am, off to the side, the only girl. It's a dynamic that you get used to even at engineering school and college, not unlike high school, it wasn't unusual to be the only young woman in a lab, or maybe one of a handful in a large seminar. It was easy for us to remember each other. US engineering school women would often become friends, toiling away at problem sets and study rooms for hours every day, sharing notes, helping each other prep for exams, rotating who would go to office hours. And it's funny, outside of engineering, many of us probably wouldn't have been friends. We really didn't have all that much in common interest wise. But we knew what we were all up against. So we banded together for survival. I'll skip to the chase. We were the class of 2005, so it's been 20 years. Many of the women I knew from those days went into their chosen fields after graduating. But now, these decades on, of the dozens of women that I knew starting their careers in science and engineering, maybe four are still working in them now. Career changes happen for all sorts of reasons, like in my case, where it simply is just not the right field for you. It happens, but sometimes it's the result of a slow fade, where over the years you have to keep fighting an invisible war and sometimes you simply get tired of it. Whatever you want to call it, a retention problem, a cultural problem, it goes way beyond any federal mandate or national border. And there are conversations happening, said and unsaid, especially right now, about whose stories are celebrated, whose competence and credibility is celebrated, who rises in the ranks with like minded peers whose accomplishments are worth a damn. Who is a merited hire. In other words, in science and engineering, who belongs? Well, women do. This is only the 10th anniversary of international Girls and Women in Science Day. So all you trailblazers toiling long hours over problem sets, labs, trials, reams and reams of data connecting with that spark of joy that ignited that love of science. Ladies, I see you. Our world needs your perspective and your expertise more than ever. Keep fighting out of spite for the haters if nothing else. And please remember, even if you are the only one in the room, you belong.
[28:52]
John Focker
That's N2K's Maria Vermazes, host of the N2K T minus Daily Space Podcast. We'll have a link with more information about the International Day of Women and Girls in Science celebration. You can find that in our show Notes and that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our Executive Prod Producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[30:34]
Alice Carruth
Hey everyone, grab your favorite bug and put the kettle back on the stove because afternoon Cyber tea is coming back this season. I am joined by an all star team of thought leaders and industry experts to dive into the critical trends that are shaping the future of cybersecurity. We will explore how these technologies are revolutionizing the way we work, the way we live, and the way we interact with the world around us. And as always, we will be bringing you thought provoking discussions and fresh perspectives on what is driving the future of cybersecurity and what leaders can do now to protect their teams. Tomorrow, new episodes will be coming to you in February every other Tuesday, so subscribe now wherever you get your favorite podcasts.