X marks the hack. - CyberWire Daily | Wave AI Podcast Notes

Summary7 min read

CyberWire Daily – "X Marks the Hack"

Release Date: March 11, 2025

Overview

In this episode of CyberWire Daily, host Dave Bittner delves into a spectrum of pressing cybersecurity issues, ranging from significant cyberattacks affecting major platforms like X Twitter to evolving threats posed by agentic AI and sophisticated cybercriminal activities. Additionally, the episode features an in-depth discussion with Gerald Bushelt, CISO at Acronis, highlighting the critical role of threat research and intelligence for Managed Service Providers (MSPs). The episode also celebrates the success of the UK's Cyber First Girls competition, underscoring the importance of fostering female talent in cybersecurity.

Main Cyber News

1. X Twitter Suffers Multi-Wave Cyberattack

On Monday, X Twitter experienced extensive outages attributed to a massive cyberattack. While initially, Elon Musk described the incident as orchestrated by a coordinated group or nation-state, further analysis revealed that the attack traffic predominantly originated from the United States, Vietnam, and Brazil, suggesting a Distributed Denial of Service (DDoS) attack methodology.

“This was likely a DDoS attack where compromised devices overwhelm a system with traffic,” explained a cybersecurity analyst (12:45). The Dark Storm Team, a pro-Palestine hacktivist group potentially linked to Russia, claimed responsibility. However, other groups, including Anonymous-affiliated hacktivists, also asserted involvement, making verification challenging.

This incident highlights the blurred lines between hacktivism, cybercrime, and state-sponsored operations, reminiscent of previous attacks on X Twitter by groups like Anonymous Sudan.

2. Signal President Raises Alarms Over Agentic AI

At the South by Southwest conference, Meredith Whitaker, President of Signal, articulated significant concerns regarding the advent of agentic AI. She compared AI agents to “putting your brain in a jar,” emphasizing the deep access these agents require to perform tasks, such as managing calendars and sending messages.

“Integrating AI agents with secure messaging apps like Signal would compromise message privacy,” Whitaker warned (05:30). She highlighted that the reliance on mass data collection by the AI industry could lead to further erosion of privacy, prioritizing convenience over security.

3. Lawsuit Targets DOGE for Security Breaches at SSA

A recent lawsuit accuses the Department of Government Efficiency Doge (DOGE) of bypassing critical security measures at the Social Security Administration (SSA). Tiffany Flick, former SSA Acting Chief of Staff, alleged that DOGE operatives pressured officials to grant system access to individuals with unresolved security clearances, thereby risking the exposure of sensitive data.

“Doge’s actions jeopardize national security,” Flick asserted (18:20). The AFL-CIO-backed lawsuit emphasizes the dangers of mass government dismissals and weakened data protection, garnering attention from federal cybersecurity experts.

4. Five Eyes Alliance Considers Revising Intelligence Sharing

Amidst growing concerns over President Trump’s warming ties with Russia, several Five Eyes alliance members—including the UK, Canada, Australia, New Zealand, Israel, and Saudi Arabia—are reevaluating their intelligence-sharing protocols. Sources indicate fears that increased cooperation with Russia could jeopardize sensitive data and compromise global security efforts.

“Scaling back intelligence sharing could undermine global security,” a former intelligence official cautioned (22:10). The hesitation stems from Russia’s historical association with cybercriminal activities, prompting allies to protect foreign assets and uphold stringent confidentiality standards.

5. NINJA Attack Exploits AI Memory Through User Interaction

Researchers from Michigan State University, University of Georgia, and Singapore Management University unveiled a novel attack method named Minja, targeting AI models by manipulating their memory without backend access. This Memory Injection Attack (Minja) successfully altered AI responses by embedding misleading prompts during user interactions.

“With over 95% injection success, Ninja bypasses traditional moderation filters,” stated one researcher (14:50). The attack demonstrated vulnerabilities in GTP4-powered AI agents, highlighting the urgent need for enhanced AI memory safeguards.

6. Sidewinder APT Group Escalates Global Cyber Threats

SecureList researchers reported a surge in activities from the Sidewinder APT group in 2024. The group has expanded its targets beyond military and government entities to include maritime, logistics, and nuclear sectors across South Asia, Southeast Asia, the Middle East, and Africa. Utilizing spear-phishing emails and exploiting existing vulnerabilities, Sidewinder deploys the Stealer Bot malware, which employs advanced evasion techniques to remain undetected.

“Sidewinder rapidly adapts, modifying malware within five hours of detection,” noted the report (17:00). This evolution underscores the critical importance of patching outdated systems to defend against increasingly sophisticated threats targeting vital infrastructure.

7. Critical Veritas Vulnerability Exposes Disaster Recovery Systems

A severe remote code execution flaw in Veritas Arcterra Infoscale has been identified, stemming from insecure deserialization in the Windows plugin host service. This vulnerability allows attackers to execute arbitrary code via malicious Net remoting messages, affecting Infoscale versions 7.0 and 8.0.2 on Windows systems with system-level privileges.

“Outdated technologies like net deserialization remain prime targets,” warned security experts (19:45). Veritas recommends disabling the plugin host or manually configuring Dr. Configurations to mitigate the risk, emphasizing the need for proactive defense measures beyond mere patching.

8. Kansas Healthcare Provider Breach Exposes 220,000 Patients

In December, Sunflower Medical Group suffered a cyberattack that compromised sensitive data of 221,000 patients, including Social Security numbers and medical records. Although the extent of the breach remained unclear, the Raisida ransomware gang claimed responsibility, demanding $800,000.

“No operational disruptions occurred,” stated Sunflower Medical Group, which has since offered credit monitoring to affected individuals (21:30). This incident highlights the persistent vulnerabilities within healthcare systems and the escalating threats from ransomware gangs targeting sensitive medical data.

9. New York Sues Allstate Over Data Exposure

New York State initiated legal action against Allstate, alleging failures in securing personal data, which resulted in the exposure of thousands of driver’s license numbers. The breach, originating from National General’s quote-generating websites, allowed fraudsters to harvest over 12,000 records through unsecured channels.

“National General failed to notify affected individuals, violating state laws,” the lawsuit contends (23:00). Additionally, weak access controls, such as plain-text passwords and the absence of multi-factor authentication, compromised another 187,000 individuals, prompting New York to seek penalties and injunctions against continued security lapses.

10. CISA Identifies Critical Ivanti and Veracode Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has cataloged three critical vulnerabilities in Ivanti endpoint management, including path traversal flaws that facilitate remote leakage of sensitive information. Additionally, CISA flagged two Veracode vulnerabilities: an unrestricted file upload flaw and an SQL injection vulnerability.

“Organizations must immediately patch these issues to prevent cyber attacks,” urged a CISA spokesperson (24:35). The agency emphasizes the urgency of addressing these vulnerabilities to safeguard against potential breaches.

11. FTC to Refund Victims of Tech Support Scams

The Federal Trade Commission (FTC) announced plans to distribute $25.5 million in refunds to over 736,000 consumers deceived by tech support scams operated by Restoro and Reimage. These firms fabricated security threats to coerce users into purchasing overpriced repair plans, ranging from $58 to $499.

“Refunds will be sent via PayPal starting March 13,” the FTC stated (25:10). The companies face a $26 million fine for deceptive practices, reinforcing the FTC's commitment to combating fraudulent tech schemes.

Industry Voices: Gerald Bushelt, CISO at Acronis

In the Industry Voices segment, Gerald Bushelt discusses the indispensable role of threat research and intelligence for Managed Service Providers (MSPs). He emphasizes that effective security programs must transcend mere compliance checklists to address the actual threats faced by customers.

“Understanding threat intelligence is crucial to fully comprehend the risk and exposure of your customers,” Bushelt explained (20:25).

Key Insights:

Proactive Security Measures: Bushelt advocates for leveraging telemetry and advanced threat information to proactively lock down environments and prevent issues before they escalate.

“The true magic comes when you integrate telemetry from endpoints into a centralized environment, enhancing your overall security posture,” he added (22:19).
Centralized Threat Management: Implementing solutions like Extended Detection and Response (XDR) allows for comprehensive monitoring and response across an organization’s entire infrastructure.
Collaborative Defense: Working with third-party providers like Acronis enables MSPs to gain insights from a broader range of threats, enhancing their ability to protect clients effectively.

“Working with an organization that invests back into leveraging threat information significantly strengthens our defensive capabilities,” Bushelt noted (24:10).
Strategic Recommendations: For organizations aiming to integrate threat intelligence, Bushelt recommends selecting trusted vendors with proven track records and establishing dedicated security functions to continually assess and optimize threat responses.

“Having a function within your security team to map your activities against the digital underground landscape is essential,” he advised (25:38).

Celebrating the Cyber First Girls Competition in the UK

The episode also highlights the triumph of the UK's Cyber First Girls competition, which saw a record participation of 14,500 girls across 4,159 teams. The competition, held at Jodrell Bank, crowned Hillcrest School in Birmingham as the top-scoring state newcomer and Henrietta Barnett School in North London as the top-scoring team.

“Encouraging young women into cyber careers is vital for closing the industry's skills gap,” stated Chris Ensor of the National Cyber Security Centre (NCSC) (26:40).

With women currently filling just 17% of cybersecurity roles, initiatives like Cyber First are pivotal in fostering diversity and inspiring the next generation of cybersecurity professionals.

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity landscape, highlighting significant breaches, evolving threats, and strategic defenses. The insightful discussion with Gerald Bushelt underscores the importance of threat intelligence for MSPs, while the celebration of the Cyber First Girls competition emphasizes the ongoing efforts to diversify the cybersecurity workforce. As cyber threats continue to evolve, staying informed and proactive remains paramount for individuals and organizations alike.

For more detailed insights and updates, visit CyberWire Daily or subscribe to the podcast on your preferred platform.

Loading summary

Transcript13 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. X Twitter had multiple waves of outage yesterday Signals president warns against agentic AI A new lawsuit alleges DOGE bypassed critical security safeguards Is the Five Eyes alliance fraying? The NINJA attack poisons AI memory through user interaction. Researchers report increased activity from the Sidewinder APT group. A critical Veritas vulnerability enables remote code execution. A Kansas healthcare provider breach exposes 220,000 patients Data New York sues Allstate over data exposure and insurance Web CISO warns of critical Avanti and Veracode vulnerabilities. The FTC is going to refund 25 and a half million dollars to victims of tech support scams. On our Industry Voices segment, we're joined by Gerald Bushelt, CISO at Acronis, who's discussing how threat research and intelligence matter to MSPs. And the UK celebrates a record breaking cyber first girls compet foreign March 11, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. A cyber attack caused outages on X Twitter on Monday with reports indicating multiple attack waves. While Elon Musk called it a massive cyber attack and suggested a coordinated group or nation state was involved. Details remain unclear. Musk later pointed to IP addresses from Ukraine, but sources say most attack traffic came from the US, Vietnam and Brazil. The attack was likely a DDoS attack where compromised devices overwhelm a system with traffic. The Dark Storm Team, a pro Palestine hacktivist group possibly linked to Russia, claimed responsibility. Other groups, including Anonymous affiliated hacktivists, also took credit, but verifying these claims is difficult. Cyber attacks like these often blur the lines between hacktivism, cybercrime and state sponsored operations. X Twitter has been targeted before, including by Anonymous Sudan, a group whose members were recently charged in the US for offering DDoS services. Investigations into this latest attack are ongoing. Speaking at the south by Southwest conference, Signal President Meredith Whitaker warned that agentic AI poses serious privacy and security risks. She compared AI agents to putting your brain in a jar as they perform tasks on users behalf such as booking tickets, managing calendars and sending messages. To function, these agents would need deep access to user systems including web browsing, credit card details, messaging apps and calendars, likely with route level permissions. She cautioned that processing such tasks would almost certainly happen on cloud servers. Exposing sensitive data Whitaker stressed that integrating AI agents with secure messaging apps like Signal would compromise message privacy. She also criticized the AI industry's reliance on mass data collection, arguing that prioritizing bigger is better AI risks further eroding privacy in exchange for convenience. A new lawsuit alleges the Department of Government Efficiency Doge bypassed critical security safeguards at the Social Security Administration, risking exposure of sensitive data. Former SSA Acting Chief of Staff Tiffany Flick warned that Doge operatives led by Mike Russo, pressured officials to grant system access to Akash Baba despite unresolved security clearances. Doge's push for unrestricted data access ignored federal protections designed to prevent financial exploitation and unauthorized system breaches. Flick accused Doge of forcing staff to share highly sensitive information via potentially unsecured email channels, relying on AI tools to analyze data and determine federal job cuts. She resigned after security policies were disregarded and Leland Dudek, a mid level analyst, was elevated to acting commissioner. The AFL CIO backed lawsuit warns that Doge's actions jeopardize national security, with federal cybersecurity experts sounding alarms over mass government dismissals and weakened data protection measures, NBC News reports Several US allies are reconsidering their intelligence sharing protocols, fearing that President Trump's warming ties with Russia could compromise sensitive data, sources say concerns center on protecting foreign assets as intelligence agencies are bound by strict commitments to shield sources identities Members of the Five Eyes alliance, the uk, Canada, Australia, New Zealand, along with Israel and Saudi Arabia are evaluating whether to limit intelligence flow to Washington. While publicly downplaying concerns, some officials privately question U.S. reliability and the risk of intelligence leaks. Trump's recent pauses in intelligence assistance to Ukraine and the reported halt of cyber operations against Russia have heightened security worries. Some fear a U S Russia cyber detente. Despite Russia's history of harboring cybercriminals, former intelligence officials warn that Moscow is an unreliable partner and scaling back intelligence sharing could undermine global security efforts. Researchers from Michigan State University, University of Georgia, and Singapore Management University have uncovered a new attack method that manipulates AI models with memory without requiring backend access. Dubbed Minja for Memory Injection Attack, the technique allows a regular user to poison an AI's memory simply by interacting with it. The attack injects misleading prompts into the model's memory, altering future responses. Tested on GTP4 powered AI agents, Minja tricked a medical chatbot into swapping patient records, a webshop AI into misdirecting purchases, and a QA agent into answering questions incorrectly. With over 95% injection success, Ninja bypasses traditional moderation filters by disguising manipulations as legitimate reasoning. The findings highlight serious security risks for AI systems with memory, urging immediate improvements in AI memory safeguards. OpenAI has not yet commented on the vulnerability. Researchers at SecureList report increased activity from the Sidewinder APT group in 2024 with enhanced malware, expanded targets, and global reach. Traditionally focused on military and government entities, the group now targets maritime, logistics and nuclear nuclear sectors across South Asia, Southeast Asia, the Middle east, and Africa. Using Spear phishing emails, Sidewinder exploits a vulnerability to deploy Stealer Bot, a post exploitation toolkit. Their malware, disguised as legitimate DLL files, includes advanced evasion techniques like control flow flattening. Sidewinder rapidly adapts modifying malware within five hours of detection. Their continued reliance on old vulnerabilities underscores the importance of patching outdated systems to defend against sophisticated threats targeting critical infrastructure worldwide. A severe remote code execution flaw in Veritas Arcterra Infoscale exposes enterprise disaster recovery infrastructure to attck. The issue stems from insecure deserialization in the Windows plugin host service, allowing attackers to execute arbitrary code via malicious Net remoting messages. The flaw affects infoscale versions 7.0 and 8.0.2 on Windows with system level privilege risks. Veritas advises disabling plugin host or using manual Dr. Configurations to mitigate exposure. Security experts warn that outdated technologies like net deserialization remain prime targets requiring proactive defense. Beyond patching, organizations should audit doctor workflows to prevent exploitation. A December cyber attack on Sunflower Medical Group compromised 221,000 patients Sensitive data including Social Security numbers, medical records and insurance details. The breach, discovered January 7, revealed hackers had been inside the system since mid December, stealing files. While Sunflower has not confirmed a ransomware attack, the Raisida ransomware gang claimed responsibility, demanding $800,000. The company notified regulators, offered credit monitoring and stated no operational disruptions occurred. Raisida has previously targeted healthcare and nonprofit organizations, heightening concerns over medical data security. New York State is suing all state insurance for failing to secure personal data, allowing criminals to steal thousands of driver's license numbers from poorly designed quote generating websites. The issue stemmed from National General, an all state unit which exposed driver's license numbers in plain text during the quoting process. Fraudsters exploited the system, harvesting at least 12,000 records for identity theft and unemployment fraud. The breach went undetected for over two months, with 9,100 New Yorkers affected, yet National General failed to notify them, violating state laws. Another 187,000 individuals data was compromised due to weak access controls, including plain text passwords and no multi factor authentication for insurance agents. New York seeks penalties and an injunction against continued security failures. Texas has also sued Allstate for allegedly collecting telematics data without user consent, further raising privacy concerns. CISA has added three critical Ivanti endpoint management vulnerabilities to its known exploited vulnerabilities catalog. These path traversal flaws allow unauthenticated attackers to leak sensitive information remotely. CISA also flagged two veracode vulnerabilities, an unrestricted file upload flaw and an SQL injection vulnerability. The agency urges all organizations to immediately patch these issues to prevent cyber attacks. The Federal Trade Commission will begin distributing $25.5 million in refunds to over 736,000 consumers deceived by Restoro and Reimage, tech support companies that used fake system warnings to trick users into paying for unnecessary computer repairs. These firms impersonated Windows Pop ups, falsely claiming devices had malware or performance issues. Investigators found their software fabricated security threats to push users into buying repair plans ranging from $58 to $499. Fined $26 million in 2024. The companies are now banned from deceptive telemarketing. The FTC continues to crack down on fraudulent tech practices previously targeting TurboTax, Avast and data brokers. Refunds will be sent via PayPal starting March 13, with recipients needing to redeem them within 30 days. Coming up after the break, my conversation with Gerald Bushelt, CISO et Acronis. We're discussing how threat research and intelligence matter to MSPs and the UK celebrates a record breaking Cyber First Girls competition. Stick around. Foreign threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door, the login. Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats Upgrade your security today.
[16:08]
Gerald Bushelt
Foreign.
[16:13]
Dave Bittner
Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Gerald Buchellt is Chief Information Security Officer at Acronis, and in today's sponsored Industry Voices segment we discuss how threat research and intelligence matter to MSPs.
[17:34]
Gerald Bushelt
The Managed Service provider industry has really been at the forefront of rolling out technology for small and medium businesses and making it scalable and usable for those kind of businesses. If we think back like 20 or 30 years, it was typical that each company had their own small IT department, which typically consisted of a few administrators perhaps. And we're trying to really keep things together with the increasingly complex IT environment that we are seeing today. Whether it's laptop management, endpoint management or SaaS services, it's like public cloud usage, et cetera, et cetera. It's like these kinds of challenges become harder and harder and it becomes Prohibitively expensive for a small or even a medium sized business to operate those kind of technologies completely on their own. Which is why the managed service provider really came into play. It's like where it, the IT department as a service, if you want, started to really take shape over those last, I would say 25 years, give or take, and has been overall quite successful because it allows businesses to focus on their actually core mission objectives instead of having to invest fairly heavily into personnel and resources around technology enablement. And I think this trend is going to continue and actually going to accelerate over the next years and, and decades because at the end of the day it's like we are in a labor sharing environment. And I think these kind of technologies really make sense to be managed by professionals that focus on that instead of having everyone try to do their own thing. The scope of the managed service provider really started out obviously as in a fairly limited IT management fashion around basic corporate IT enablement, but has gone now really much deeper into all aspects of the corporate environment, including running back office systems, but also in an increasing way focusing on security. We have even specialized managed service providers, managed security service providers, which are focusing specifically on the security needs, compliance needs for companies. They're sometimes standalone entities, sometimes they're part of managed service providers and they're really. It's like looking at defining the overall requirements for companies security posture and then ultimately risk exposure to the world.
[20:18]
Dave Bittner
Well, let's dig into threat research and threat intelligence specifically. I mean why do these matter to MSPs?
[20:25]
Gerald Bushelt
It's, I mean at the end of the day it's like in order to set up any kind of sensible security program, you need to understand what you're actually dealing with. If you just do security based on compliance checklists or quote unquote by the numbers or what the book says, then you end up creating environments that are not necessarily addressing the actual threats that your customers are facing. You end up potentially overspending on certain types of controls that are really not necessary or can be dealt with in different ways. And you potentially underspend on absolutely critical controls that are not on your radar screen. So it's like understanding threat intelligence is really important at multiple levels. At the highest level it really is needed in order to be able to fully understand the risk and exposure of your customers, of your own business actually as well. And for that you really need to know your customers. But it's like understand that well in order to define the right kind of controls that you want to put in place. And then at a Lower level. It's like you want to rely on vendors such as Acronis to really leverage telemetry and advanced threat information that we can collect from our many workloads in order to be able to create an environment that is proactively locking down things and proactively preventing issues.
[21:54]
Dave Bittner
One of the things that strikes me, and correct me if I'm mistaken here, is that things like antivirus and anti spam, you can deploy those in a very automated kind of way. But threat intelligence and threat research require more human intervention and more thoughtfulness and I suppose to that end, more effort. Is that an accurate perception?
[22:20]
Gerald Bushelt
Yeah, I would say you can definitely see it this way. If you have a simple antivirus or anti malware agent on your laptop, you're obviously attempting to proactively prevent certain issues to happen. And you can do all kinds of fun things, signature based detection, you can do heuristics, you can integrate this with the overall network stack to see what type of systems your laptop is communicating with and based on that, perform certain automated action. But I think the true magic comes into play when you start to take this information and collect it at a central point in order to better understand what is actually going on in your environment and then potentially have even better and more comprehensive controls in place that do not necessarily only act on a single laptop, but on your entire environment. And that's where we really get into the EDR and ultimately XDR environment, where you can integrate the kind of telemetry that comes from your respective laptops into centralized environment, just like alert and monitor based on that, do research through a pretty much interactive kind of capability that allows you to execute certain types of tasks through the agent that you have on those endpoints and ultimately get a much better sense in terms of what's going on. And as such, like I said, it's like beyond much more proactive about locking down certain aspects of your infrastructure.
[23:49]
Dave Bittner
It seems to me also that working with a third party provider such as you and your team, you get the benefit of all the other organizations that you all are looking at. Beyond my own moat around my organization, you all have view into things that I otherwise wouldn't have any window into very much.
[24:11]
Gerald Bushelt
So yeah, it's like that's, I mean that is the strength that comes from working with an organization such as ours that does not only push out a product, but it's like really also invests back into leveraging the information that we're getting. And again, it's like, I think there's good kind of like approaches to do this on multiple levels. It's like both on improving the product itself, it's like improving the detection capability capabilities, improving our signatures beyond what is generally available through things like total virus or so, and then really go out with augmented and much more targeted things. We see a lot of what's happening in the MSP space because we do have a lot of customers and partners in that range. So it's like it allows us to really leverage those things better. And that's all at the tactical level, at the tactical implementation level. The kind of reports and the kind of like updates that we provide outside of that are really also very helpful for our MSP partners and the community at large to understand what's actually happening in that space. From a more conceptual perspective, what are.
[25:26]
Dave Bittner
Your recommendations for an organization that wants to implement this, wants to make threat research and threat intelligence more a factor in their day to day operations. How would you recommend they proceed?
[25:39]
Gerald Bushelt
So at the simplest levels it would be really just picking a vendor, that trusted vendor that implements this in their own products and has a proven track record of hopefully many years to really include advanced threat information from their own systems as well as from others and using that for protecting customers endpoints. But at the same time I would also always say it's like you do want to have a function in your security team that looks at this from a from a more 20,000 foot level perspective and really tries to understand it's like what the company is doing, what the customers of the company are doing, how this maps back to what's going on in the overall digital underground. Does this attract specific cybercriminals? Does this attract only script kiddies? Or do you perhaps even attract certain types of nation state adversaries? Which is is not super typical, but it does happen quite a bit as well. Based on that information, you really then want to review what it is that you're doing and as such then optimize your resources. If you're not dealing with nation state adversaries, then there are certain things that you may be able to get away with not doing with quite so much death versus if you are exposed to those kind of threats.
[27:07]
Dave Bittner
That's Gerald Bushell, CISO at Acronis. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try DeleteMe. I have to say delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private it by signing up for Delete Me now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20 off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K and finally, this year's Cyber First Girls competition in the UK has not only crowned its winners, but also inspired the next generation of cybersecurity professionals. In a record breaking year year, 14,500 girls across 4159 teams took on the challenge, showcasing brilliant problem solving, teamwork and determination at a ceremony at Jodrell Bank. Hillcrest School in Birmingham was named top scoring state newcomer while Henrietta Barnett School in North London took top scoring team with regional champions and special award winners also honored. The event coincided perfectly with International Women's Day, highlighting the industry's need for more female representation. Chris Ensor of the NCSC expressed gratitude to teachers, sponsors and participants emphasizing the importance of encouraging young women into cyber careers. With just 17% of cybersecurity roles filled by women, competitions like Cyber first are critical in closing the industry's skills gap and shaping a more diverse future. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and so sound design by Elliot Peltzman. Our Executive producer is Jennifer Ivan. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a message from our sponsor Zscaler, the leader in Cloud Security enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools, it's time to rethink your security Zscaler Zero Trust plus AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.