Risky Business #773 – Cybercriminals are Dropping Like Flies in Russia
Hosted by Patrick Gray, featuring co-host Adam Boileau and sponsor Vijit Nair of Corelight
Release Date: December 4, 2024

Introduction

In the latest episode of Risky Business, host Patrick Gray and co-host Adam Boileau delve into a week’s worth of pressing information security news. From significant regulatory investigations to high-profile cybercriminal arrests and ransomware attacks, this episode provides an insightful analysis of the current cybersecurity landscape. The discussion is rounded off with an in-depth sponsor interview with Vijit Nair, VP of Product at Corelight, focusing on the evolving state of cloud detection and response.

Major Security News

1. FTC Opens Antitrust Investigation into Microsoft

The episode kicks off with an exploration of the Federal Trade Commission’s (FTC) newly initiated antitrust investigation into Microsoft. This development has surprisingly garnered limited attention within infosec circles.

Patrick Gray [00:04]:
"Adam, the first thing I want to talk about today is the FTC opening an investigation into Microsoft, which is a huge deal, which doesn't seem to be the subject of much discussion in infosec circles."

Adam Boileau [01:35]:
"Microsoft is such an important part of everybody's ecosystem and work life and especially infosec... [the investigation] is a kind of a big deal."

The discussion highlights Microsoft's extensive bundling of security products under its E5 licensing scheme, questioning whether this practice constitutes an abuse of market power. The hosts ponder the implications of potential regulatory actions, such as the FTC mandating the spin-off of Microsoft’s cybersecurity division.

Patrick Gray [04:25]:
"What if the FTC mandates that Microsoft needs to take its cybersecurity solutions business and spin it out into a different company. Would you buy shares in it?"

2. Crackdown on Russian Cybercriminals

Patrick and Adam then turn their attention to recent arrests of Russian cybercriminals, including the high-profile ransomware affiliate Adam Boileau mentions.

Adam Boileau [08:27]:
"It's a very high profile, like, ransomware affiliate who I believe might have developed some tools as well... And he's being sentenced to a life term."

The conversation reflects on the perplexing nature of Russia’s internal actions against cybercriminals, noting the inconsistency and lack of clear rationale from an outsider’s perspective.

3. Stoli Vodka’s Chapter 11 Bankruptcy Amid Ransomware Attack

Stoli Vodka has filed for Chapter 11 bankruptcy in the U.S. following a severe ransomware attack that began in August.

Patrick Gray [10:16]:
"Stoli's U.S. subsidiaries have filed for bankruptcy after a ransomware attack, with $308 million stolen and expected recovery by March next year."

The hosts discuss the historical context of Stoli’s struggles with the Russian government and the impact of the ransomware attack on the company’s operations.

4. Data Extortion and Possible Insider Threat

The episode covers ongoing investigations into Snowflake data extortions, including a suspected U.S. Army soldier’s involvement.

Patrick Gray [12:00]:
"Brian Krebs wrote that the suspect may be a US army soldier recently stationed in Korea, known as Kyber Phantom."

The discussion highlights the challenges of attributing cybercrimes and the potential ramifications of insider threats within the military.

5. Uganda Central Bank Breach

A significant breach at Uganda’s central bank resulted in the theft of approximately $17 million, with efforts underway to recover the funds.

Adam Boileau [15:40]:
"A whole central bank heist is rare and highlights the vulnerability and importance of robust audit and monitoring systems."

The hosts note the rarity of such incidents and the implications for financial security in central banking institutions.

6. Exxon’s Covert Operations Against Climate Activists

A Reuters exposé reveals how Exxon allegedly used the lobbying group DCI Group to hack and leak data from climate activists, aiming to discredit them.

Patrick Gray [16:37]:
"Exxon used intermediaries to hack activists’ emails, leaking them to the press to undermine their credibility."

The conversation underscores the ethical and legal implications of corporate espionage against environmental activists.

7. Ransomware Hits Costa Rica’s Energy Sector

Costa Rica’s state-owned energy provider, Recope, has been targeted by a ransomware attack, causing disruptions to accounting and operational systems.

Patrick Gray [23:10]:
"Recope is bringing in U.S. expertise to address the ransomware attack, hoping to avoid a repeat of past crises."

This segment highlights the critical nature of cybersecurity in national energy infrastructure and the ongoing threat of ransomware to essential services.

8. Blue Yonder Incident and Security Scorecards

The podcast touches on the ongoing issues faced by Blue Yonder due to a ransomware incident and critiques the effectiveness of security scorecard services.

Patrick Gray [24:08]:
"Blue Yonder has restored service to some customers but continues to grapple with the fallout from the attack."

Adam Boileau [25:30]:
"Security scorecards often focus on trivial findings rather than providing meaningful security insights, making them largely ineffective."

9. Salt Typhoon Campaign and the Encryption Debate

The discussion moves to the Salt Typhoon campaign, where the U.S. government urges the use of encrypted services to thwart Chinese telco snooping.

Patrick Gray [27:54]:
"The Salt Typhoon incident has intensified the encryption debate, balancing societal safety with individual privacy."

Adam Boileau [31:17]:
"Lawful intercept capabilities are inherently insecure, designed to access communications without guaranteeing complete protection."

10. DMM Bitcoin Cryptocurrency Theft

A major incident involving the theft of $308 million in cryptocurrency from DMM Bitcoin is analyzed, with suspected links to North Korean laundering schemes.

Patrick Gray [32:44]:
"DMM Bitcoin promises to make customers whole, but recovering $300 million stolen in a ransomware attack seems implausible."

Adam Boileau [34:01]:
"The stolen funds are likely laundered through platforms in Cambodia, making recovery efforts challenging."

11. Tools for Managing Twitter Data

Patrick introduces Micah Lee’s tools for managing Twitter data, emphasizing the importance of trusting third-party applications.

Patrick Gray [34:44]:
"Micah Lee’s tools allow users to delete tweets and manage their Twitter data securely, unlike other untrusted apps."

Adam Boileau [35:54]:
"The tools programmatically navigate Twitter’s interface to automate data management, a complex task tackled effectively by Micah Lee."

12. Riversdale Pump Station Hack in Australia/New Zealand

A purported hack of the Riversdale Pump Station, causing operational disruptions in Melbourne’s infrastructure, is scrutinized for possible misinformation.

Patrick Gray [38:00]:
"The Riversdale Pump Station is actually in New Zealand, not Australia, raising questions about the credibility of the hack claims."

Adam Boileau [39:14]:
"The impact on infrastructure like pump stations is minimal, often leading to short-lived operational fixes rather than significant disruptions."

13. New Zealand Navy Ship Incident

An unusual incident involving the New Zealand Navy is recounted, where a ship ran aground due to autopilot malfunctions, highlighting non-cyber disasters.

Adam Boileau [40:55]:
"A New Zealand Navy ship ran aground after autopilot errors caused thruster failures, leading to the vessel sinking."

Patrick Gray [41:48]:
"Shout out to the Kiwi Navy for handling the situation, despite the technical mishap."

Sponsor Interview: Vijit Nair on Cloud Detection and Response

The episode transitions to an insightful discussion with Vijit Nair, VP of Product at Corelight, focusing on the complexities of cloud detection and response (CDR).

State of Cloud Detection and Response

Vijit Nair explains the fragmentation in cloud security solutions, emphasizing that detection and response in the cloud require a multifaceted approach rather than a singular solution.

Vijit Nair [43:57]:
"As folks moved into the cloud, security was often an afterthought, leading to fragmented solutions that don’t converge into one unified detection stack."

Challenges in Standardizing Cloud Security

The conversation highlights the lack of standardized security primitives across different cloud providers, complicating the integration and effectiveness of security measures.

Vijit Nair [48:07]:
"One of our customers’ biggest challenges is dealing with multiple cloud providers each having different security frameworks. Our goal is to provide a standardized approach that simplifies SOC operations across diverse environments."

The Role of EBPF in Cloud Security

Nair discusses Embedded Berkeley Packet Filter (EBPF) as a promising standardized primitive for workload and network monitoring across various cloud platforms.

Vijit Nair [50:44]:
"EBPF provides a standardized way to instrument workloads and network traffic across all major cloud providers, facilitating unified security monitoring."

Future of Cloud Detection and Response

The discussion concludes with an outlook on the necessity for comprehensive and standardized detection and response solutions in the evolving cloud landscape.

Patrick Gray [52:45]:
"When it comes to cloud detection and response, it's clear that a unified approach is not feasible. Instead, a combination of specialized tools leveraging standardized primitives like EBPF will be essential."

Vijit Nair [56:22]:
"Indeed, Patrick. The future lies in creating interoperable and standardized security frameworks that can adapt to the dynamic nature of cloud environments."

Conclusion

Patrick Gray wraps up the episode by thanking Vijit Nair for his valuable insights and reiterating the importance of comprehensive security strategies in both on-premises and cloud environments. The hosts underscore the multifaceted challenges in the current cybersecurity landscape, from regulatory scrutiny and cybercriminal crackdowns to the intricate dynamics of corporate espionage and ransomware threats.

Patrick Gray [42:53]:
"That was Vijit Nair from Corelight. Big thanks to him and Corelight for being this week's sponsor. We’ll be back next week with more Risky Business for you all. Until then, I’ve been Patrick Gray. Thanks for listening."

This episode of Risky Business offers a thorough examination of the latest cybersecurity issues, providing listeners with expert analysis and thoughtful discussions on navigating the complex and ever-evolving threat landscape.