CyberWire Daily – “Weak passwords meet strong motives” (December 11, 2025)
Host: Dave Bittner (N2K Networks)
Guest: Kavitha Mariapan, Chief Transformation Officer, Rubrik
Episode Overview
This episode delivers a snapshot of the latest cybersecurity threats, including persistent challenges like weak passwords, opportunistic attackers targeting critical infrastructure, and surging identity-driven risks for enterprises. Dave Bittner interviews Kavitha Mariapan of Rubrik, who breaks down the urgent need to adapt security practices to an evolving landscape where non-human identities and AI are redefining the threat surface.
Key News and Analysis
1. Pro-Russia Hacktivist Threats to US Critical Infrastructure
(00:57 – 02:18)
- Actors: Cyber Army of Russia Reborn (CAR), Z Pentest, NoName057(16), and Sector 16.
- Targets: US water, wastewater, food/agriculture, energy sectors.
- Tactics: Brute-force attacks on weak/default VNC credentials; targeting Human Machine Interfaces (HMIs).
- Impact: Operational disruptions, device setting modifications, alarm disabling; links to Russian GRU suspected.
- Warning: Advisory calls for hardening authentication, reducing Internet exposure, and improving recovery plans.
- Quote:
"These actors are considered unsophisticated but opportunistic, using brute force attacks to access human machine interfaces with weak or default passwords, then modifying device settings, disabling alarms, and causing operational disruptions." – Dave Bittner (01:40)
2. AI Risks in Critical Infrastructure
(02:34 – 03:22)
- Global agencies issue first joint guidance on AI in OT.
- Risks: Model drift, unsafe process changes.
- Recommendation: Large Language Models (LLMs) should never make safety decisions. Strong boundaries, push-based data flows, and human oversight are essential.
3. Emerging Technical Threats
- Chrome Zero Days: Google patches three new zero-day vulnerabilities; eighth such incident in 2025. (03:25)
- North Korean Threats: Lazarus Group linked to exploitation of ‘React to Shell’ for new backdoor 'EtherRat'. (03:53)
- Docker Hub Secret Leakage: Flare finds systemic issues – over 10,000 container images with secrets; AI model keys predominant. (04:23)
- Quote:
"Attackers do not hack in – they authenticate in using credentials companies accidentally publish themselves." – Dave Bittner drawing on Flare's research (05:35)
- Quote:
- Gogs Zero Day: Path traversal bug exploited for remote code execution; over 700 servers compromised. (05:48)
- IBM Patch: Over 100 vulnerabilities, including critical flaws in third-party components. (06:26)
- Storm 0249: Attackers abuse Endpoint Detection and Response (EDR) tools to sideload malware. (07:04)
- Accenture DOJ Indictment: Ex-product manager charged with hiding cloud security deficiencies from federal clients. (08:10)
- Quote:
"The case reflects growing federal enforcement against contractors that misrepresent cybersecurity compliance to win or retain government business." – Dave Bittner (08:46)
- Quote:
Special Interview: Resilience Against Identity-Driven Threats
Guest: Kavitha Mariapan, Chief Transformation Officer, Rubrik
Interview Begins: (14:48)
Why Identity Threats Are Surging
(14:48 – 15:21)
- Rubrik’s security insights team notes a significant rise in identity-based threats.
- Motivated a special fall report dedicated to identity threats.
- Quote:
"We definitely noticed an increase in the number of identity-based threats... so we decided to hyper-focus for the fall report." – Kavitha Mariapan (14:48)
The Talent Gap and Rapid IAM Changes
(15:21 – 18:04)
- 90% of IT/security leaders see identity-driven threats as a top risk; this number is rising.
- 60% of organizations have switched IAM (Identity & Access Management) providers in 3 years; 87% planning further changes.
- Skills are lagging behind need—especially with AI and hybrid workforces.
- Notable Fact: The surge in non-human identities (service accounts, AI agents) further complicates things.
The Rise of Non-Human Identities
(18:04 – 19:53)
- Non-human identities now outnumber humans by 82:1.
- Discovery, classification, and governance are critical, but organizations feel behind.
- Quote:
"The 82 to 1 is actually just the tip of the iceberg. Right. In six months from now...that number is going to have scaled up." – Kavitha Mariapan (19:24)
- Emphasizes need for visibility, observability, and the ability to remediate/roll back agent actions swiftly.
Human Oversight in the Age of AI
(19:53 – 21:53)
- AI agents are becoming capable of complex, multi-step tasks.
- Human monitoring must adapt: not just reviewing hallucinations, but providing process guardrails and rollback mechanisms.
- Quote:
"Having humans play a role, help create these guardrails and processes where we have the ability to reverse and roll back actions taken by those agents." – Kavitha Mariapan (21:31)
Recovery Time: Industry Benchmarks & Identity-Centric Practices
(21:53 – 25:35)
- Leaders are concerned about recovery taking days, not hours.
- Traditional KPIs like RPO/RTO need updating; focus instead on MTTR for identity infrastructure.
- Tabletop exercises should include identity recovery processes.
- CISOs should benchmark recovery against industry peers, as resilience varies by sector.
- Practical Point:
"Can we...get a little bit more granular around the specifics since we are talking about identity – what is the MTTR specific to your identity infrastructure?" – Kavitha Mariapan (23:25)
Advice for Organizations Switching IAM Providers
(25:54 – 28:21)
- Most cloud-native IAM solutions are built for access, not security—this needs to change.
- Understand all types of identities that need protection, from internal users and contractors to machine and agentic identities.
- Stick to core Zero Trust concepts: enforce least privilege, leverage RBAC.
- Ensure IAM solutions can orchestrate fast recovery (ex: streamlined Active Directory restores), and define minimum viable operations for identity compromise recovery.
- Quote:
"Cloud-native identity infrastructures and solutions...were rarely designed with security in mind. They were designed with access in mind." – Kavitha Mariapan (26:21)
Notable Story: Conviction for Malware Education
(29:49 – 31:22)
- Case: Chow Hai Bang taught video classes on using Spymax (a remote access trojan). His lessons led syndicate partners to steal from 129 Singaporeans ($3.2 million total), while he earned just $1,700.
- Marks Singapore’s first prosecution of someone not for writing malware, but for teaching it.
- Quote:
"Proof that in cybercrime, even being the tutorial guy carries serious consequences." – Dave Bittner (31:16)
Timestamps for Key Segments
- Pro-Russia hacktivist threats: 00:57 – 02:18
- Google Chrome and other technical vulnerabilities: 03:25 – 08:10
- Rubrik interview (identity-driven threats): 14:48 – 28:21
- Chow Hai Bang malware teacher case: 29:49 – 31:22
Episode Tone & Takeaways
- Urgent, sober, and pragmatic: The tone underscores the rapid evolution of both threats and the enterprise attack surface, stressing that even foundational elements like IAM now demand modernization.
- Memorable Takeaways:
- Non-human identities are now a dominant risk vector.
- Human oversight and resilience planning must match the pace of automation and AI adoption.
- Recovery and resilience benchmarks need continuous updating—know your organization’s identity recovery MTTR.
- Even tangential roles in cybercrime (like malware teaching) will result in prosecution.
- Action Items for Security Leaders:
- Tighten operational tech security, patch aggressively, and audit exposed credentials.
- Reevaluate IAM and ensure your solution supports both today’s and tomorrow’s threat models.
- Bring identity systems into your resilience and tabletop scenarios.
For full stories and links, visit TheCyberWire.com.