Risky Bulletin Podcast Summary: "Srsly Risky Biz: Security Vendors are Constantly Attacked"
Release Date: May 1, 2025
Host: Patrick Gray
Guest: Tom Uren
Introduction
In this episode of Risky Bulletin, host Patrick Gray engages in an in-depth conversation with cybersecurity analyst Tom Uren. They delve into the persistent threats faced by security vendors, as highlighted in SentinelOne’s recent report, and explore the growing use of Signal group chats in political spheres, drawing on the controversial "Signalgate" incident.
Section 1: Nation-State Attacks on Cybersecurity Firms
Overview of SentinelOne's Report
Tom Uren begins by discussing SentinelOne's comprehensive report on the myriad of threats targeting cybersecurity firms. The report underscores that nation-states are increasingly targeting these firms for espionage and to gain access to their widespread security infrastructures.
Tom Uren [02:02]: "They really detail like the range of different threats that they're facing quite regularly... attackers are putting into owning them."
Historical Context and Motivations
Uren traces the origins of such attacks back to at least 2018, citing the notorious CCleaner incident where Avast was compromised, leading to the distribution of malicious software to over two million users. This example illustrates the longstanding nature of supply chain attacks aimed at gaining illegitimate access through trusted security channels.
Uren [02:02]: "The CCleaner software was pushed out to over 2 million downloads, the malicious version, and I think it was a Chinese group…"
North Korean Threats and Advanced Tactics
The discussion shifts to North Korean cyber activities, highlighting a staggering revelation from SentinelOne: over 1,000 fake job applications submitted by North Korean personas attempting to infiltrate the company. This tactic is part of a broader strategy to exploit SentinelOne’s significant presence in the cryptocurrency industry.
SentinelOne Report Highlight [03:40]: "Over 1,000 job applicants have applied to SentinelOne in like 360 different fake Personas."
SentinelOne's Proactive Approach
Patrick Gray commends SentinelOne for not merely discarding these suspicious applications but instead engaging with them to gather intelligence. This proactive stance provides valuable insights into the attackers' methodologies and informs better defensive strategies.
Patrick Gray [04:08]: "Instead of just deleting these applications, SentinelOne decided that there were some opportunities here to get some insight by continuing the conversation…"
Supply Chain Attacks and Chinese Groups
Uren elaborates on supply chain compromises, particularly focusing on Chinese groups targeting SentinelOne through hacked suppliers. These attacks are motivated by the dual objectives of intelligence gathering and gaining access to multiple environments where SentinelOne’s products are deployed.
Uren [05:39]: "Chinese groups that are trying to compromise cybersecurity firms either for their intelligence value or for access or both."
Impact on the Industry
Patrick Gray and Tom Uren discuss the broader implications, noting that while supply chain attacks have long existed, their frequency and sophistication have increased. The dialogue touches on the reality that any supplier offering high-privilege software is a lucrative target for nation-state actors.
Patrick Gray [06:42]: "Any supplier that offers software that runs with high privilege in a lot of environments… is going to be a target."
Cybercriminals vs. Nation-States
The conversation distinguishes between the motivations and methods of cybercriminals and nation-states. While nation-states aim for espionage and strategic advantages, cybercriminals focus on evading security measures to carry out their operations effectively.
Uren [07:25]: "Cyber criminals… want to avoid security products. They’ve got this motivation to try and understand what they do and how do we subvert them."
Testing Environments and Security Insights
Patrick highlights SentinelOne’s point about cybercriminals using security products within isolated test environments to refine their malware and techniques without immediate detection. This practice provides vendors with critical insights into attacker behaviors.
Patrick Gray [08:43]: "Once you know that a team of ransomware operators is using this tenant over here, you can just slurp up all their malware and burn it."
Section 2: Signal Group Chats in Politics - The "Signalgate" Incident
Introduction to Signalgate
Transitioning from cybersecurity threats, the podcast shifts focus to the utilization of Signal group chats in political communication. The "Signalgate" incident, involving the use of Signal by high-ranking officials for classified discussions, serves as the central case study.
Mark Halperin’s Insights
Tom Uren references comments by political journalist Mark Halperin, as reported by Ben Smith of Semaphore. Halperin describes Signal group chats as the "dark matter of American politics and media," emphasizing their pervasive and indispensable role in modern political movements.
Halperin (via Uren) [12:11]: "Some of the smartest and most sophisticated Trump supporters… are part of an overlapping set of text chains… 20 hours a day, including on weekends."
The Necessity of Group Chats for Political Engagement
The discussion highlights how participation in these group chats is almost obligatory for those deeply involved in political movements. This constant engagement fosters a sense of identity and purpose, as Uren explains.
Uren [12:15]: "To me, it feels like it's part of your personality, part of your self worth…"
Security vs. Functionality Dilemma
Patrick Gray and Tom Uren explore the tension between maintaining security protocols and the practical need for flexible communication among policymakers. They debate the feasibility of implementing record-keeping requirements without stifling the essential collaborative dynamics of political group chats.
Patrick Gray [17:13]: "We need to update some of the rules around this stuff… perhaps… take a couple of notes about… pertinent things that were said or decisions that were reached."
The Signalgate Incident
The podcast delves into the specifics of Signalgate, where classified information was allegedly shared via Signal by the Secretary of Defense, Glenn Hegseth. Different reports surfaced regarding his setup, from using a personal computer on an unmanaged network to having a monitor outside his office for phone notifications.
Uren [16:00]: "If you're kinda…"
The ambiguity surrounding Hegseth’s setup underscores the challenges in balancing security with the need for effective communication.
Proposed Solutions
Uren suggests practical solutions, such as designating a meeting chairperson to manage communications and record-keeping within Signal, ensuring that critical information is documented without compromising security protocols.
Uren [19:32]: "If you're going to have those kinds of meetings. Not meetings, group chats with officially designated positions…"
Conclusion
Patrick Gray and Tom Uren conclude the episode by emphasizing the importance of vigilance both in protecting cybersecurity firms from nation-state attacks and in regulating the use of secure communication platforms like Signal in political contexts. They advocate for updated policies and clearer guidelines to navigate the evolving landscape of cybersecurity threats and digital communication in governance.
Patrick Gray [20:05]: "It's a changing world. Well, mate, let's wrap it up there."
Listeners are encouraged to subscribe to Risky Bulletin for more insights and to visit Risky Biz for detailed newsletters and additional resources.
Notable Quotes:
- Tom Uren [02:02]: "They really detail like the range of different threats that they're facing quite regularly."
- Patrick Gray [04:08]: "SentinelOne decided that there were some opportunities here to get some insight by continuing the conversation…"
- Mark Halperin (via Uren) [12:11]: "Some of the smartest and most sophisticated Trump supporters… are part of an overlapping set of text chains…"
- Patrick Gray [17:13]: "We need to update some of the rules around this stuff…"
This episode of Risky Bulletin offers a comprehensive examination of the persistent threats to cybersecurity vendors and the intricate use of secure communication platforms in politics, providing valuable insights for professionals and enthusiasts in the field.