B (9:49)

Well, that's a wrap for one last time this year. I'm Kevin the intern, N2K's official unpaid cyberwire intern and literal man on the street signing off. I hope everyone had a great conference and a safe trip.

A (10:11)

Stay with us after the break. The breaches that defined a decade of the Cyber Wire Daily. Dave Buettner and I sit down to Discuss the biggest breaches in the last 10 years and what happens when hackers call the game.

B (10:37)

Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to to building team resilience and more. Doppel outpacing what's next in social engineering? Learn more@doppel.com that's.p p.com. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter. The company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks, including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effortless, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.

A (12:43)

The Cyberwire daily is turning 10 this year. We are celebrating all year long. And today we're looking back at the breaches that didn't just make headlines, they changed the conversation. And I, alongside Dave Buettner, walk through the cyber incidents that still stick with us. Here's our conversation right now. It's 2026 when we're recording this, but honestly, 2014 feels like a good place to start, even though it's okay math. 12 years ago with the Sony hack,

B (13:13)

I think, I think it was a milestone. I think it was. I think the Sony hack was one that gained national attention. It was. It had a lot of geopolitical influence. There were elements of intelligence gathering. Sony, of course, hard to get a bigger, well recognized brand for a multinational organization.

A (13:40)

They make my tv.

B (13:42)

Yeah, I mean, yeah. I mean, it's a brand that many of us have great affection for, you know, dating back to our first Walkman.

A (13:50)

Oh gosh, yes. Yeah, yeah.

B (13:52)

So I think it grabbed a lot of people's attention that a big major brand could get hit this way. And Sort of, I think, set the global stage for these large scale breaches.

A (14:06)

Yeah. And there was that intrigue with the, with the movie, wasn't there? The. Yeah. So there was this kind of made for the headlines story. I think it added this layer.

B (14:17)

Yeah. And the south park guys were involved with it and I mean, it had a little bit of everything when it comes to intrigue. Something for everyone. So, yeah, it really was kind of a starting point. And then I guess the one that really was on my radar when I switched careers and started being a cybersecurity professional was the OPM breach.

A (14:44)

Oh, yeah.

B (14:45)

And that had just happened when I joined the Cyber Wire.

A (14:50)

Baptism by fire.

B (14:52)

Yeah, well. And several of my co workers had been personally affected by that because they had security clearances. And so the OPM breach, which was 2015, I believe, and that's the Office

A (15:05)

of Personnel Management for the US Federal government.

B (15:08)

That's right, that's right. And so this was a major breach of all kinds of information that they were in charge of keeping safe, including things about people's security clearances. So some of our nation's greatest secrets were revealed. It turns out our adversaries, we think was China was in there for a long time. So they got all of this information that was extremely valuable and extremely sensitive. And it turns out it was because they had outdated equipment and outdated security protocols. And you know, it wasn't. How do I say this? We contributed to that breach through retrospective negligence as much as the alleged Chinese through their own retrospective negligence. Right.

A (16:03)

Love that. Yeah.

B (16:04)

I feel like that's how all of us Gen Xers grew up, right? With retrospective negligence.

A (16:10)

Drinking from the hose. Yeah, yeah.

B (16:12)

So as much as the Chinese certainly have great tradecraft, I think our government learned a lot from that breach as to what to do and not to do. So that one was another biggie back then.

A (16:26)

So after opm, we can go through this chronologically if you'd like. If there's another breach that sort of bubbles up in the intervening years.

B (16:34)

I mean, what. I Guess it was 2017, 2017, we had WannaCry and NotPetya, which really showed global disruption, where shipping companies got affected and systems were actually shut down. And so again, kind of an aha moment of what happens if somebody can either intentionally or accidentally hit the off switch on a global network or a global basis. How's that going to affect everybody? So yeah, that got a lot of people's attention.

A (17:06)

Yeah, it sure did.

B (17:07)

And then also 2017, we had Equifax

A (17:11)

still dealing with the Fallout from that one to this day. Yeah, right.

B (17:15)

Yeah. I'm sure all of us are still enjoying our two years of credit monitoring and.

A (17:21)

Yes, enjoying. Definitely enjoying. Yeah.

B (17:24)

Right. And then, you know, 2020, we had solar winds, which I think revealed risks of supply chain compromise and trusted software ecosystems. That. That was really the one that put a big red star on supply chains and third party providers.

A (17:43)

Yeah, yeah. And is that one of the ones where, like, the CISO was held responsible for what happened, or am I misremembering that one? Yeah, yeah.

B (17:50)

No, the c. The CISO was in jeopardy of legal criminal charges. And so at that time, if you were a ciso, you were like, what? Yeah, right.

A (18:05)

And he was eventually cleared, if I remember.

B (18:07)

Yeah, that's my recollection as well.

A (18:09)

Yeah, yeah. I mean, that seems like a huge paradigm shift to say now people are personally responsible for a massive organizational problem. I mean, that's. I don't know if that. That's scary as heck.

B (18:20)

Right. And to be potentially responsible criminally when. Especially when you put that against. I think we can agree that the trend in the US is that when a company does something bad or irresponsible, generally they pay some sort of a fine, they admit no wrongdoing, and nothing really bad happens to the executives. Maybe every now and then someone might get fired or demoted, but rarely, rarely do we see anyone sent to jail.

A (18:54)

Yeah. Cost of doing business. Right. I mean. Yeah, right.

B (18:58)

And so that. That hazard was there, that peril was there for CISOs, I think caught a lot of people's attention, had them calling their congresspeople and saying, how do we. How do we reconcile this? You know, how do we protect ourselves? What kind of insurance do we need? Yeah. So there were all those sort of add on effects to solar winds that again, made everybody sort of sit up in their seats and say, hmm, okay, this is the future.

A (19:31)

I'm curious about your thoughts on threat actors and the kinds of threat actors that you've been seeing the last 10 years. Are they predominantly one type of group or are we seeing more differentiation or are things sort of converging in terms of who tends to be behind a lot of these major breaches that you've covered?

B (19:53)

Yeah, I mean, I think it's two main groups. Of course. You have the folks who are doing espionage on behalf of nation states, and that's a tale as old as time. But then you've got the financially motivated threat actors, again, tale as old as time, just with updated tools. And that can be everything from gift card fraud. To major ransomware campaigns. Another thing we've seen over time is more blending of the threat actors, where you'll see perhaps state actors, state sponsored actors who are doing a little side work, who are out there getting some money, and the nation states are willing to look the other way, allow them to supplement their incomes, their activities through theft or, you know, selling illicit things, all that sort of thing. So I think the lines have gotten fuzzier and yeah, so that's definitely one of the trends we've seen when you

A (20:56)

reflect on the last 10 years, specifically about breaches and their trajectories and the kind of stories that you've seen. I mean, I'm curious about your feelings on where we're headed. Is there hope?

B (21:09)

I would say, you know, when you go through the stages of grief and land at accept, I'm kind of there. I mean, we've heard it for all the time I've been at this, people have been saying it's not a matter of if, it's a matter of when. And I think at the outset I was a little more resistant to that notion, but I think it's true. So I try to remind myself to maintain my empathy and my sympathy for the folks that this happens to the last thing in the world. And I do not like that some people in our industry have a sense of smug superiority when it comes to these sorts of things. I have no time or patience for that because I don't think it's helpful. So, look, I think people are out there fighting the good fight. They're doing it in good faith. And we all have to function within the world that we're in. And that world is constantly changing. You look at the shifts in just the political winds and the leaders and the nations and all those sorts of things. People often ask me when they hear we do a daily podcast. They're like, well, how do you come up with enough stuff to talk about every day? I go, ha,

A (22:41)

right, not really a problem.

B (22:43)

The challenge is narrowing it down to the top 10 things to talk about every day, because this never stops. So on the one hand, there's that, and sometimes it can be a lot. It can get you down. You can feel like I'll joke sometimes that, hi, I'm Dave Buettner, and here's today's bad news. But on the other hand, you see the people who are out there doing the good work, who are innovating, who are, as I said, in good faith, trying to make this world a little bit safer, trying to help each other learn more, contribute to the community, and all of those things I find uplifting and they do give me hope. And that's how I keep going every day, knowing that we're in this together, we're trying to fight the good fight, and we're making progress. So it's not as fast as I think any of us would hope that it is, but it's a fight worth fighting. So I'm glad to play a very small part in helping try to keep people up to date and informed when it comes to all this stuff.

A (23:52)

And that was me, Maria varmazes, alongside my N2K colleague Dave Bittner, walking us through some of the biggest cyber incidents of the last 10 years. And if you enjoyed our chat, and I certainly hope you did, and if you want to hear more of it, be sure to tune in on some Sunday to your Cyberwire Daily podcast feed to hear our full conversations.

B (24:27)

Most environments trust far more than they should, and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With ThreatLocker allowlisting, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. Its powerful protection that gives CISOs real visibility, real control and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.

A (25:28)

Foreign.

B (25:35)

When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.

A (26:23)

Afc. Ajax says a recent breach exposed limited supporter data, but reporting suggests that the impact may have gone far beyond a routine leak. An attacker exploited vulnerabilities in the club's systems to access internal data, including email addresses and details tied to a small number of banned supporters, and that's banned. B A N N E D Ajax says the issues have been fixed, and there's no evidence of further spread. However, an investigation found the same flaws may have allowed outsiders to do more than just look around. They may have been able to play manager, too. And by abusing exposed APIs and shared digital keys, it was reportedly possible to impersonate users, transfer season tickets, alter account details, and even lift those tricky stadium bans. In one case, a journalist demonstrated just how easy it was grabbing a VIP ticket from a director's account in seconds and using it to access a match. The vulnerabilities may have put hundreds of thousands of supporter accounts and tens of thousands of tickets at risk. And while Ajax is emphasizing the limited confirmed exposure, the ability to manipulate accounts as well as access data points to a deeper breakdown less a contained breach and more a system that left the door wide open and the playbook sitting right next to it. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com and be sure to check out Research Saturday Tomorrow, where Dave Bittner sits down with Omer Ninberg, CTO of Novi Security, to discuss their work on From PDF to pwn. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We are mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kielpe is our publisher. Our host is Dave Bittner and I am Maria Varmazes. Thanks for listening. Have a great weekend. Sam.