Risky Business #775 Summary: Cl0p Returns and SEC Hack Disclosure Shortcomings

Hosted by Patrick Gray | Released on December 18, 2024

In the final episode of 2024, Patrick Gray delves into significant developments in the information security landscape, discussing everything from regulatory challenges to emerging threats. This comprehensive summary captures the episode's key discussions, insights, and conclusions, enriched with notable quotes and timestamps for reference.

1. Launch of the New Risky Business Website

Patrick Gray kicks off the episode by celebrating the launch of Risky Business's revamped website. This new platform consolidates all content—written articles, podcasts, and videos—providing a centralized hub for listeners and readers alike.

Patrick Gray [00:08]: "Head on over to Risky Biz and instead of just seeing a horrible, horrible kind of joke website that looks kind of like it's just an RSS feed, you're actually going to be able to find all of the work from the Risky Business team there."

2. SEC Cyber Incident Reporting Rule: Underwhelming Impact

The episode examines the SEC’s cyber incident reporting rule, initially feared to overwhelm organizations with either underreporting or a flood of insignificant disclosures. However, after 11 months, only 71 filings have been made, primarily indicating minor incidents.

Patrick Gray [02:30]: "...no, it hasn't really worked out like that at all. There's been 71 filings over the last 11 months and most of them are just people saying, well, we had an incident."

Adam Boileau [03:14]: "There's some questions about the utility of it... it's not a fire hose of disasters like we kind of half expected."

Despite initial concerns, the rule hasn't led to the predicted chaos, though questions remain about the quality and usefulness of the disclosures for investors.

3. ExxonMobil's Alleged Hacking Activities Under Scrutiny

Patrick discusses the growing political attention on ExxonMobil for allegedly using lobbyists and private investigators to engage in illicit hacking activities against protesters. This has prompted calls for accountability from senators like Sheldon Whitehouse and Ron Wyden.

Patrick Gray [05:39]: "Some accountability. Seems like it would be natural... whether that will actually happen, I'm not super confident about."

4. Misreporting on Biden Administration's Retaliation Against China Telecom

A New York Times report inaccurately portrays the Biden administration's actions against China Telecom as a direct retaliation for cyberattacks. Patrick clarifies that the move is part of long-standing efforts to limit Chinese telecommunications operators in the U.S.

Patrick Gray [07:46]: "...it's not a response to Salt Typhoon. You talk to anyone who works in American SIGINT about China Telecom and they've been trying to kick them out for like at least half a decade."

5. Potential Separation of Cyber Command from NSA

The discussion shifts to former President Trump's 2020 plan to separate Cyber Command from the NSA. While the initiative didn't materialize during his lame-duck period, it remains a topic for future administrations. Experts remain skeptical about the feasibility and timing of this separation.

Patrick Gray [10:44]: "Probably not, no."

6. EU Investigation into TikTok Over Election Interference

The European Union has launched an investigation into TikTok's role in interfering with Romanian elections. This marks the first instance of an election being annulled due to unlawful interference, raising concerns about the platform's influence and the EU's regulatory measures.

Patrick Gray [13:06]: "It's a bad time to have these headlines and a bad time... it's not good."

7. Cl0p Ransomware Group's Resurgence and Exploits

A significant portion of the episode is dedicated to the Cl0p ransomware group's return. Cl0p has exploited new vulnerabilities in CLIO file transfer systems, distinguishing their recent activities from the Termite ransomware crew. The group has also been targeting Apache Struts, highlighting persistent vulnerabilities in widely-used frameworks.

Patrick Gray [15:04]: "Cl0p have been quite busy... They've exploited a new bug."

Adam Boileau [17:18]: "It's classic Java, enterprise software... standard sorts of bugs."

The discussion emphasizes the challenges of patching legacy systems and the ongoing threats posed by sophisticated ransomware actors.

8. Japanese Company Pays $3 Million to Russian Hackers

Darina Antonio reports on a Japanese game and anime publisher that succumbed to a $3 million ransom demand from Russian hackers. This incident underscores Japan's vulnerable cybersecurity posture despite its robust economy, hinting at potential future ransomware attacks targeting large corporations.

Patrick Gray [28:59]: "Japan just looks like a great target is what I'm getting at."

9. Arrest of Baron Martin for Cyber Terrorism

The episode highlights the arrest of 20-year-old Baron Martin from Tucson, Arizona, charged with producing child sex abuse material and cyber stalking. His activities are linked to online terror networks aiming to manipulate societal norms and exploit minors, marking a concerning escalation in cyber terrorism.

Patrick Gray [37:42]: "These are the people who are coercing people into doing self-harm on video... kids as young as 10."

10. Russia Bans Viber Amid Accusations of Facilitating Crime

Russia has banned the Viber messaging app, citing its role in facilitating terrorism and drug trafficking. Viber was previously the third most popular messaging app in Russia, indicating significant implications for communication within the country.

Patrick Gray [40:26]: "Viber is a reasonable option... probably your time is up too."

11. Canada’s Cryptocurrency Money Laundering Nexus

Greg Otto's investigation reveals a complex web of crypto services and money remittance providers operating out of a single Vancouver address, involved in extensive money laundering activities. This highlights the opaque and constantly evolving methods used to move illicit funds globally.

Adam Boileau [35:57]: "The mechanics of moving money around kind of opaque and constantly shifting."

12. Sponsor Interview: Spectre Ops on Evolving Penetration Testing

In the sponsorship segment, Robbie Winchester from Spectre Ops discusses the transformation of penetration testing in the modern cybersecurity landscape. Emphasizing a shift from traditional “capture the flag” methods to identity-centric assessments, Robbie highlights the increasing complexity introduced by cloud services and identity management systems.

Robbie Winchester [46:55]: "What are the risks you are accepting? How is it working? Is it set up the way you think it's set up?"

Robbie advocates for objective-focused red teaming that aligns more closely with organizations' specific security concerns, moving beyond mere vulnerability scanning to comprehensive evaluations of attack paths and identity configurations.

Robbie Winchester [50:07]: "Our main focus is not around specifically the phishing or trying to break in through a web application or crack passwords to get in from the outside."

13. Reflection on 2024 and Looking Ahead to 2025

As the episode concludes, Patrick and Adam reflect on the tumultuous cyber landscape of 2024. They acknowledge both progress in certain areas, like securing Windows environments, and ongoing challenges, such as persistent vulnerabilities in enterprise software and the rise of sophisticated cybercriminal activities.

Patrick Gray [43:13]: "Wonderful year. Looking forward already to joining you again in 2025, my friend."

They express optimism for continued advancements in cybersecurity while recognizing the need for vigilance against emerging threats.

Notable Quotes:

• Patrick Gray [07:46]: "You can feel it because... they're desperately looking for an angle."

• Adam Boileau [21:14]: "I hate hack Java. It aggravates me so much that I want to punish it."

• Robbie Winchester [55:07]: "It's less about capturing a flag, it's more about sitting down and looking at how things are set up."

Conclusion

Risky Business #775 offers a thorough examination of the most pressing issues in information security as 2024 draws to a close. From regulatory impacts and high-profile cybercrimes to the evolving methodologies in penetration testing, Patrick Gray and Adam Boileau provide listeners with invaluable insights and expert analysis. As the new year approaches, the episode underscores the importance of adapting to emerging threats and refining security strategies to safeguard against increasingly sophisticated cyber adversaries.

For those seeking in-depth discussions on cybersecurity news and expert interviews, Risky Business remains an essential resource for information security professionals.