Pay the ransom or risk data carnage. - CyberWire Daily

Summary6 min read

CyberWire Daily: "Pay the Ransom or Risk Data Carnage" Summary

Release Date: February 28, 2025
Host: N2K Networks
Guest: Keith Milarsky, Chief Global Ambassador at Q Intel and former FBI Special Agent

1. Qilin Ransomware Attack on Lee Enterprises

The episode opens with a discussion on the Qilin ransomware group claiming responsibility for a significant attack against Lee Enterprises, a major newspaper publisher based in Iowa. The group disclosed that they had exfiltrated approximately 350 gigabytes of sensitive data, encompassing investor records, financial arrangements, and communications with journalists.

Impact: Over 75 publications across 25 U.S. states were disrupted following the attack on February 3.
Threat: Qilin demands a ransom, threatening to release the stolen data on March 5 if their demands are not met.
Statement: Maria Varmazes highlights the severity, stating, "The attackers encrypted critical applications and exfiltrated certain files, causing widespread disruption." ([01:32])

Despite the gravity of the situation, Lee Enterprises refrains from labeling the incident explicitly as ransomware in their SEC filing, though the nature of the attack clearly aligns with ransomware tactics.

2. Arrest of a Singaporean Cybercriminal in Thailand

The podcast reports on the Thai police's arrest of a 39-year-old Singaporean man suspected of orchestrating over 90 data leaks across the Asia Pacific region. Assisted by Group IB, the joint operation targeted companies in Thailand, Singapore, Malaysia, Indonesia, and India, among others.

Modus Operandi: The suspect primarily focused on exfiltrating personal data and coerced victims into paying to prevent public disclosure.
Aggression: If unpaid, rather than leveraging dark web forums, the hacker directly notified media outlets or data protection regulators to amplify reputational and financial damage.
Quote: "He used direct notifications to pressure victims into submission, inflicting greater reputational and financial harm." – Group IB Press Release ([02:50])

This arrest underscores the growing international collaboration in combating cybercrime and the increasing sophistication of cybercriminals in manipulating data for extortion.

3. JavaGhost Exploits AWS for Phishing Campaigns

Palo Alto Networks' Unit 42 has identified a new threat actor, JavaGhost, exploiting misconfigured AWS environments to propagate phishing campaigns.

Tactics: JavaGhost gains unauthorized access through exposed long-term access keys and leverages legitimate AWS services like Amazon SES and WorkMail to dispatch phishing emails.
Defense Recommendations:
- Limit administrative access.
- Regularly rotate IAM credentials.
- Utilize short-term access tokens.
- Implement multi-factor authentication ([05:15])

By using legitimate services, JavaGhost’s phishing attempts are more likely to bypass traditional security filters, emphasizing the need for stringent configuration and monitoring of cloud environments.

4. Lotus Blossom Cyber Espionage Targeting Southeast Asia

Cisco Talos has been tracking Lotus Blossom, a threat actor engaged in extensive cyber espionage campaigns targeting governmental, manufacturing, telecommunications, and media sectors in Vietnam, Taiwan, Hong Kong, and the Philippines.

Tools Used: The campaigns utilize the Sage Run X remote access tool, uniquely employed by Lotus Blossom, which abuses cloud services like Dropbox, Twitter (now X), and Zimbra for command and control (C2) communication.
Attribution: While Cisco Talos does not directly link Lotus Blossom to a specific nation-state, Microsoft has previously associated the group with China.

This espionage highlights the persistent threats faced by Southeast Asian nations and the sophisticated methods employed by adversaries to infiltrate and control critical infrastructure.

5. Exploitation of Microsoft Dev Tunnel Service by Malware

A novel abuse of Microsoft’s Dev Tunnel service has been uncovered, where cybercriminals utilize it to facilitate data transfer between malware-infected devices and command and control servers.

Malware Utilized: Variants of NJRAT are found exploiting Dev Tunnels to communicate via hidden URLs, making detection by traditional security systems challenging.
Spread Mechanism: The malware can spread through USB devices, further compromising systems.
Recommendation: Organizations not using Dev Tunnels should monitor DNS logs for suspicious tunnel URLs to identify potential breaches early ([06:45])

This exploitation underscores the adaptability of malware in leveraging legitimate services to obfuscate malicious activities.

6. Pass the Cookie Attacks Bypassing Multi-Factor Authentication (MFA)

Longwall Security alerts to the rise of pass the cookie attacks, a technique where attackers hijack session cookies to gain unauthorized access without triggering MFA.

Mechanism: Attackers use info stealer malware like Luma C2 to extract authentication cookies directly from browsers.
Black Market: Stolen cookies are traded on dark web marketplaces, facilitating undetected account access.
Defense Strategies:
- Shorten session expiration times.
- Monitor login behaviors.
- Educate users on phishing threats ([07:30])

As MFA remains a cornerstone of cybersecurity, attackers’ ability to bypass it using session hijacking necessitates enhanced protective measures.

7. Cyber Threats to Agriculture and the Farm and Food Cybersecurity Act

The episode highlights the Farm and Food Cybersecurity Act, reintroduced in Congress to safeguard the U.S. food supply chain from digital threats.

Provisions:
- Mandates the USDA to perform biennial cybersecurity assessments.
- Requires coordination of crisis response exercises with homeland security and intelligence agencies.
Rationale: Recent incidents, like the 2021 JBS ransomware attack, have exposed vulnerabilities in precision agriculture and food production sectors.
Statistics: A report cited that 90% of cyberattacks leverage readily available tools and 83% involve spear phishing.
Support: The bill enjoys backing from key industry groups, emphasizing that food security equates to national security ([08:15])

This legislative effort aims to bolster cyber resilience in a sector critical to national infrastructure and public health.

8. Interview with Keith Milarsky on Cryptocurrency and Cybersecurity

The core segment features an in-depth conversation between Dave Bittner and Keith Milarsky, exploring the intersection of cryptocurrency and cyber threats.

a. The Rise of Crypto as a Target

Keith Milarsky outlines the transformation of cryptocurrency from a fringe interest to a mainstream investment avenue, attracting significant attention from cybercriminals due to its high liquidity and anonymity.

Quote: "Crypto has evolved from a side activity to a mainstream investment, attracting both legitimate investors and cybercriminals alike." ([12:27])

b. Challenges in Tracking Crypto-related Crimes

Milarsky explains the complexities law enforcement faces in tracing crypto transactions compared to traditional financial systems.

Anonymity: Despite blockchain's transparency, the use of crypto mixers and rapid coin conversions (e.g., Bitcoin to Monero) complicate tracking efforts.
Quote: "The anonymous nature of crypto transactions makes it significantly harder to trace compared to traditional money laundering methods." ([13:47])

c. Cryptocurrency as an Enabler for Ransomware

The discussion highlights how cryptocurrency has amplified ransomware operations by providing a streamlined avenue for ransom payments and laundering.

Impact: Instances where entities like North Korea have exploited crypto to fund their operations are cited.
Quote: "Cryptocurrency has been pivotal in enabling ransomware to flourish, providing an efficient means to launder multi-million dollar ransoms." ([15:07])

d. Lack of Regulation and Consumer Protections

Milarsky emphasizes the urgent need for regulatory frameworks to protect consumers investing in cryptocurrency, pointing out the absence of safeguards like FDIC insurance.

Personal Impact: He shares a personal anecdote about a friend losing substantial crypto holdings to malware, highlighting the dire consequences of inadequate protections.
Quote: "Without regulations, consumers have no recourse when their crypto investments are compromised, leading to significant financial losses." ([18:24])

e. Recommendations for Protecting Crypto Assets

To mitigate threats, Milarsky suggests three primary methods for safeguarding cryptocurrencies:

Using Reputable Exchanges: Although exchanges are targets, selecting reliable ones can offer some level of security.
Physical Storage: Storing crypto on a USB drive or employing cold storage solutions.
Regulatory Advocacy: Pushing for comprehensive regulations to enforce security standards and protect consumers.

Quote: "While no method is foolproof, combining these strategies can significantly reduce the risk of crypto asset theft." ([19:34])

Milarsky concludes by stressing the necessity of public trust and regulatory measures to ensure the sustainable growth of cryptocurrency as a legitimate financial tool ([20:49]).

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of current cybersecurity threats, ranging from ransomware attacks on major publishers to sophisticated cyber espionage and emerging threats targeting the burgeoning cryptocurrency market. Through expert analysis and insightful discussions, particularly with Keith Milarsky, listeners gain a deeper understanding of the evolving cyber threat landscape and the imperative for enhanced security measures and regulatory frameworks.

For those seeking to stay ahead in cybersecurity, this episode underscores the critical need for vigilance, proactive defense strategies, and informed policy-making to safeguard both organizational and personal digital assets.

Loading summary

Transcript35 lines

[00:02]
Maria Varmazes
You're listening to the Cyberwire network, powered by N2K.
[00:13]
Dave Bittner
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, Deleteme is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.
[01:32]
Maria Varmazes
Qilin ransomware gang claims responsibility for attack against Li Enterprises Thai police arrests suspected hacker behind more than 90 data leaks JavaGhost uses compromised AWS environments to launch phishing campaigns Lotus Blossom cyber espionage campaigns target Southeast Asia malware abuses Microsoft DEV tunnels for C2 communication protecting the food supply. Today's guest is Keith Milarsky, Chief Global Ambassador at Q Intel and former FBI special agent, discussing crypto being the target of the cyber underground and an interview with Ironman. Today is Friday, February 28, 2023. I'm Maria Varmazes, host of T Minus Space Daily, in for Dave Bittner and this is your Cyber Wire intel briefing. The Qilin Ransomware group yesterday claimed responsibility for an attack against Iowa based newspaper publisher Lee Enterprises, reports Security Weekly. The group claims to have stolen around 350 gigabytes of data, including investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories and approaches to obtaining insider information. Qilin is threatening to publish the data on March 5 unless the company pays the ransom. LI Enterprises, which publishes more than 350 newspapers across 25 United States states, sustained a cyber attack on February 3 which disrupted at least 75 of its publications. The company has avoided using the term ransomware, but it did mention in an SEC filing that the attackers encrypted critical applications and exfiltrated certain files. Security Week reports that police in Thailand have arrested a 39 year old Singaporean man suspected of involvement in over 90 data leaks. Group IB, which assisted in the joint operation between the Royal Thai Police and the Singapore Police Force, said in a press release that the arrested individual was one of the most active cybercriminals in Asia Pacific since 2021, targeting companies and businesses in Thailand, Singapore, Malaysia, Indonesia, India and many more. The security firm added that the main goal of his attacks was to exfiltrate the compromised databases containing personal data and to demand payment for not disclosing it to the public. If the victim refused to pay, he did not announce the leaks on Dark Web forums. Instead, he notified the media or personal data protection regulators with the aim of inflicting greater reputational and financial damage on his victims. Later, he also asserted pressure on his victims by sending direct customer notifications via email or via instant messengers to force them into submission. Palo Alto Networks Unit 42 warns that the Java Ghost threat actor is compromising misconfigured AWS environments and using them to launch phishing campaigns. The group gains entry to the AWS environments via exposed long term access keys, and once they've gained access, the attackers use the victim's Amazon simple email service or ses, and Workmail services to send out phishing emails. Since the emails are sent from a legitimate source, they're more likely to bypass security filters. And to defend against these attacks, Unit 42 recommends that AWS users limit access to administrative rights, rotate IAM credentials regularly, use short term or just in time access tokens, and enable multi factor authentication. Cisco Talos is tracking multiple cyber espionage campaigns by the Lotus Blossom threat actor targeting government, manufacturing, telecommunications and media entities in Vietnam, Taiwan, Hong Kong and the Philippines. The researchers note that the operation appears to have achieved significant success. The campaigns involve the Sage Run X remote access tool, which is exclusively used by Lotus Blossom. The Sage Run X backdoor abuses legitimate cloud services such as Dropbox, Twitter or now X and Zimbra for its C2 communication. Talos does not attribute Lotus Blossom to any particular nation state, but Microsoft has previously linked the group to China. In a new twist, cybercriminals are exploiting Microsoft's Dev Tunnel service to send data back and forth from malware infected devices. This service, designed for developers to test apps and collaborate securely, is now being abused to help malware avoid detection. Recently, researchers found two versions of NJRAT malware using Microsoft's dev tunnels to connect to command and control servers. The malware communicates through hidden URLs, making it harder for traditional security systems to spot the malware checks in with its remote servers, reporting its status, and then can even spread through USB devices. Experts say that organizations that are not using dev tunnels should keep an eye on DNS logs for any unusual dev tunnel URLs as a way to spot potential attacks early. According to Longwall Security, cybercriminals are using pass the cookie attacks to bypass multi factor authentication. Instead of stealing passwords, attackers target session cookies, which allow them to hijack active sessions without triggering MFA info Stealer malware like Luma C2 is often used to extract authentication cookies from victims browsers. Once stolen, these cookies let attackers impersonate users and access accounts. These stolen cookies are even being traded on dark Web marketplaces, making it easier for cybercriminals to access accounts undetected. Longwall Security recommends shortening session expiration times, monitoring login behavior, and educating users on phishing to defend against this rising threat. As attackers evolve, organizations must strengthen their security to stay ahead. Cyber threats to agriculture are no longer hypothetical. The Farm and Food Cybersecurity act, reintroduced in Congress, aims to secure the US Food supply chain from digital attacks. With bipartisan support, the bill mandates the USDA to conduct biennial cybersecurity assessments and coordinate crisis response exercises with homeland security and intelligence agencies. Recent attacks, like the 2021 JBS ransomware incident, highlight the growing risks to precision agriculture and food production. A new Food and Ag Sector Cyber Threat report found that 90% of cyberattacks exploit readily available tools and 83% of them involve spear phishing. With backing from key industry groups, this legislation pushes for stronger public private collaboration. The message is clear. Food security is national security and cyber resilience must be a priority. Coming up next, we've got Dave Buettner's conversation with Q Intel Chief Global Ambassador and former FBI Special Agent Keith Milarsky discussing crypto being the target of the cyber underground and an interview with a superhero courtesy of N2K producer Liz Stokes. We'll be right back.
[09:14]
Dave Bittner
We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, indeed is all you need. Stop struggling to get your job Post noticed Indeed. Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use indeed for hiring here at N2K CyberWire, many of my colleagues here came to us through Indeed plus with sponsored jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.
[10:48]
Keith Milarsky
Foreign.
[10:54]
Dave Bittner
Cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door, the login. Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today. Foreign.
[11:51]
Maria Varmazes
Today's guest is Keith Milarsky, Q Intel Chief, Global Ambassador and former FBI Special Agent. Here's his discussion with Dave Buettner.
[12:01]
Dave Bittner
So today we are talking about some of the threats that are targeting crypto and the cyber underground. I would love to get your perspective, you know, both from your position at Q Intel and of course your background with the FBI. What led us to this place where we are today when it comes to crypto being a continuing, ongoing hot target for folks in the underground here.
[12:27]
Keith Milarsky
Yeah, a great question, Dave. So I think, you know, crypto when it first started was kind of, you know, just this ancillary thing on the side. A lot of people at that time didn't think much of it. When you think almost 20 years ago that this started and now crypto has really gone mainstream and the value of crypto has just gone through the roof the last seven years or so. We have the President of the United States saying he's going to be the first crypto president. He issued a couple tokens himself. So, you know, crypto has gone really from something in the cyber underground to really now very mainstream, where you have Mainstream investors, people are investing in crypto like they would in their regular brokerage accounts. And as a result of that, there is just tremendous money with little regulations around it. So the bad guys are really targeting it right now.
[13:29]
Dave Bittner
Well, share some insights. I mean, again, your background in law enforcement, what is the difference between trying to track someone down who is using the traditional financial systems versus someone who's taking advantage of everything available to them these days in crypto?
[13:47]
Keith Milarsky
Yeah, I mean, you know, I think crypto, because of the it being anonymous, makes it much more difficult to track than some of the other mainstream types of ways of money laundering, you know, that we've seen, you know, forever. Because a lot of places don't have a know your customer, really knowing who's behind the transaction. So from a law enforcement standpoint, it really makes it much more difficult to track that, even though really all of the transactions are public on the blockchain, that you could see that. But what. What the criminals are doing really are using exchanges to be able to cash out into different coins. So you could take Bitcoin or Ethereum and really instantly change that into another co, such as, like, Monero or something else that may be a little bit more difficult to track. So, you know, in these conversions really just go at. They're instantaneous. They go in real time. And it makes it much more difficult to track that as the criminals are using what they call different crypto mixers in order to launder money on the dark Web.
[14:58]
Dave Bittner
Is it fair to say that, you know, cryptocurrency has really been a. An amplifier and enabler for folks who are doing things like ransomware?
[15:07]
Keith Milarsky
Oh, absolutely. I don't think ransomware would be where it's at without cryptocurrency because it would be much more difficult to launder $5 million in ransom than it would be through cryptocurrency. So I think cryptocurrency really enabled ransomware to be as big where it is right now. And cryptocurrency has just in the news the last couple of days with North Korea. It's really empowered North Korea, where North Korea over the last couple of years have been targeting crypto exchangers. You know, just last week, they hit for 1.4 billion, you know, a crypto exchanger. Last year, I know of two big exchanges that North Korea hit. You know, I think one was for like 300 million. Another was for like $235 million. So they, you know, North Korea is using cryptocurrency as a way to fund their regime because of all the sanctions that are out there. So it really, crypto is enabling a lot of nefarious activity, being able to fund a lot of nefarious activity.
[16:21]
Dave Bittner
Is it surprising to you that we haven't seen more regulation and more of a crackdown from governments around the world?
[16:30]
Keith Milarsky
I think it's just been difficult on how to do that. And I think we need to get there because it is one thing where we're seeing cybercriminals use crypto for ransom payments, or you see North Korea hacking. One of the things that we're really seeing out there right now is the targeting of individuals with some of the crypto stealers that are out there. So there are a number of stealer malware is out there. They've been around for a long time. But really these last few years we're seeing the emergence of credential stealing malware, specifically targeting crypto and personal crypto. So, you know, these stealers are evading AV. There are about 30 or 40 different variants that are active at any time. They're targeting Mac and mobile and they're, they will go in, they'll target like the Apple keychain, any kind of password, browser extension that you may have. They know what directories to go into as well. And so we're really seeing the cyber criminals go after individuals and like just I had a personal experience in the last couple of months where a friend of mine had significantly large sum of crypto stolen from him literally in minutes. And it was most likely probably from one of these stealing malwares that was out there. So I think as more and more mainstream people get into crypto and the criminals are targeting that there's going to have to be regulation because there's just no protections around the normal consumer like you and I, if we're going to be putting our, you know, our money into crypto for legitimate investing purposes.
[18:21]
Dave Bittner
Right. There's, there's no FDIC insurance for crypto.
[18:25]
Keith Milarsky
Yeah, I mean, and it's just very tragic because I know of a number of incidents where people have lost large amounts of money and there's just no recourse. You know, if with my brokerage account, if I see a significant large money out, I call my brokerage, chances are they make me whole or they're able to call back that money. Same with my bank account. But if somebody steals my, you know, 24 word passphrase for my crypto and they wire out hundreds of thousands of dollars that I have in, you know, investments there, there's just no recourse. There's no way to get that money back. The exchanges aren't able to do that and the criminals know that. And so they'll send that money again to one of those mixers, they'll change it into different coins and it's just very difficult to trace. And I just think that the normal consumer right now, this is a big threat to them, especially going forward as crypto becomes more legitimate in mainstream investing.
[19:25]
Dave Bittner
When you think about your friend who lost all of that money, does it lead you to any recommendations for folks to better protect themselves?
[19:35]
Keith Milarsky
Yeah, I mean, there's really only three ways to protect your crypto. I mean, you could store that in an exchanger, which we see North Korean targeting, but you want to have a reliable exchanger. You can store it on your USB or you could use it in cold storage, have a cold storage service that's out there. None of them are 100% fail safe. Unfortunately, we've seen exchangers go bankrupt. The malware that's going after the usb, it will recognize if you put the USB in or even in cold storage. So there just needs to be some regulation around that. And I think that will have to be or just, you know, people won't put their money in there. The normal consumer won't put their money in there if, if they're losing it.
[20:31]
Dave Bittner
Yeah, I mean, it's an interesting insight. I mean, if the folks who want cryptocurrency to grow as an acceptable money exchange system, part of that is having consumers feel like they can trust it. And that seems to me to be a missing piece these days.
[20:49]
Keith Milarsky
Yeah, that's the biggest piece and I think we need to move that. And if the administration is talking a lot about cryptocurrency, that may be something that we see here in the coming years.
[21:01]
Maria Varmazes
That was Dave Bittner speaking with Keith Milarsky of Q intel. Up next, N2K's own Liz Stokes talking to Ironman. Yep. Stay tuned.
[21:27]
Dave Bittner
Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. Look at this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the VANTA brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting and helps you get security questionnaires done five times faster with AI. Now, that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber. That's vanta.com cyber for $1,000.
[22:36]
Maria Varmazes
Last week, some of our team hit the ground in Orlando for Threat Locker Zero Trust World 2025, where we brought Hacking Humans live to the stage. But we didn't stop there. Our very own producer, Liz Stokes, took to the floor to capture the buzz, chatting with attendees about the event and even scoring a conversation with a certain superhero that you just might recognize. She's joined by Colin Ellis, senior solutions engineer at ThreatLocker, to dive into what made this year's event one to remember.
[23:09]
Colin Ellis
My name is Colin Ellis. I'm a senior solutions engineer for the Threat Locker team.
[23:13]
Liz Stokes
So what has this event been like for you guys? Setting up everything?
[23:16]
Colin Ellis
It's a real team exercise and we prove it right every single time. It speaks a lot to just how we operate internally, just our culture.
[23:24]
Liz Stokes
I know a lot of people here just trying to educate the population and understand a little bit more about cybersecurity. So how does Threat Locker help with that?
[23:31]
Colin Ellis
We can teach the hack. We can teach how simple these things become. Awareness is just really easy. At that point, everyone knows it's possible, so the security side of it becomes really simple.
[23:41]
Liz Stokes
I'd be remiss if I didn't bring up the fact that Iron man was standing right next to us. Why is he here? What's going on?
[23:47]
Colin Ellis
So everyone really likes our logo, the lock and key. Our cto, Michael Jenkins, the biggest Marvel nerd I have ever met. The trademark that you'll see under a lot of our marketing branding is the fact that we're cyber heroes. So it's only right that the center of what we do brings in a little bit of Iron Man.
[24:05]
Liz Stokes
What is one, your favorite Marvel movie? And two, have you seen any hacking in any Marvel movies that you're like, oh, my gosh, this is either so realistic or, oh, my gosh, that's so not how it works.
[24:18]
Colin Ellis
Anytime Jarvis takes over any type of of technology, that's it. I'm one of the biggest Spider man fans I could think of, so I'm always going to default to Toby Maguire's Spider Man.
[24:34]
Maria Varmazes
If you want to catch more of Liz's interviews from Threat Locker Zero Trust World 2025, just head on over to our YouTube page where we'll be posting all of the conversations that she had on the floor. And while you're there, don't miss our hacking humans live events or tune in wherever you get your podcasts. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com and don't forget to tune in to Research Saturday, where Dave Bittner sits down with Phil Stokes, a threat researcher at SentinelOne's Sentinel Labs, as they discuss the research on macOS Flexible Ferret, further variants of DPRK Malware Family Unearthed. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwiren2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Maria Varmazes in for Dave Bittner. Thanks for listening. We'll see you next week.
[26:46]
Dave Bittner
And now a message from our sponsor. Zscaler, the leader in cloud security. Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools, it's time to rethink your security Zscaler Zero Trust plus AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions, hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.