Risky Business #790 – Bye Bye Signal-gate, Hello TeleMessage-gate
Release Date: May 7, 2025
Host: Patrick Gray
Guest: Adam Boileau
Sponsor Interview: Aaron Unterberger from Nucleus Security
Introduction
In this episode of Risky Business, host Patrick Gray delves into the latest happenings in the information security landscape. From unraveling the missteps in government communication tools to significant ransomware campaigns targeting major retailers, the discussion is both comprehensive and insightful. The episode also features a deep dive into cloud vulnerability management with Aaron Unterberger from Nucleus Security, highlighting the evolving challenges in securing cloud environments.
Security News: Signal Gate and TeleMessage Controversy
Patrick Gray kicks off the episode by addressing the fallout from the so-called "Signal Gate" scandal, where senior Trump administration officials were found to be using a forked version of Signal called TeleMessage for sensitive communications.
[00:00] Patrick Gray: "Turns out Signal Gate wasn't actually Signal Gate after all."
Adam Boileau elaborates on the technical mishaps, explaining that TeleMessage inadvertently compromised the very security it was supposed to enhance.
[01:22] Adam Boileau: "They make messaging apps forked from the various popular messengers that implement record keeping... which then archives them... in the clear."
The irony, as Patrick points out, lies in the fact that while TeleMessage aimed to provide record-keeping capabilities, it failed to do so securely, leading to vulnerabilities.
[04:30] Patrick Gray: "If you're going to use an archive messenger, being able to use an end-to-end encrypted messaging platform that allows you to have things like expiring messages... is still going to be a net security gain."
However, the situation takes a darker turn when it’s revealed that TeleMessage's implementation included hard-coded credentials, leading to unauthorized access and data breaches.
[05:24] Adam Boileau: "Journalists have talked to hackers that have broken into TeleMessage’s systems and obtained access to messages, lists of subscribers, and more."
Senator Mark Warner weighs in on the scandal, emphasizing the critical failures in cyber hygiene and the broader implications for government communications.
[10:29] Mark Warner: "If you're dealing with sensitive or classified information, don't put it on an unclassified network... this is only one of the reported 20 signal chats that Waltz took place when he was National Security Advisor."
The episode underscores the importance of rigorous evaluation and security practices, especially when deploying communication tools within government frameworks.
Ransomware Assaults on British Retailers
The conversation shifts to a concerning trend of ransomware attacks targeting prominent British retailers such as Harrods, Marks and Spencer, and Co-op. Adam details the chaos ensuing from these breaches, highlighting the sophisticated tactics employed by the attackers.
[14:01] Adam Boileau: "Marks and Spencer is saying that it's going to take months for them to restore service and ordering and whatnot."
Marks and Spencer’s lack of an incident response (IR) plan exacerbates the situation, leaving the company scrambling to recover.
[16:47] Patrick Gray: "Marks and Spencer did not have an IR plan, which... is the worst thing you can do in a situation."
The discussions reveal systemic issues in preparedness and response strategies among large organizations, emphasizing the need for robust IR frameworks to mitigate such cyber threats effectively.
Long-Term Cybercrime Resurgence: Magecart Attacks
Patrick and Adam explore the resurgence of Magecart-style attacks, where attackers deploy persistent malware across e-commerce platforms to scrape payment information. This slow-burn attack vector underscores the patience and strategic planning inherent in sophisticated cybercriminal operations.
[20:17] Patrick Gray: "This is a slight slow burn. Someone had been subverting Magecart stores for years and has finally pulled the trigger."
The dialogue emphasizes the challenges in detecting and mitigating such embedded threats, especially when they exploit long-standing backdoors within widely used platforms like Magento.
Microsoft’s Push for Passwordless Authentication
Shifting focus to proactive security measures, Patrick discusses Microsoft’s initiative to make passwordless logins the default for new accounts, mandating the use of the Microsoft Authenticator app.
[23:00] Patrick Gray: "Microsoft is making passwordless logins the default means for signing into new accounts... I actually think that's a good idea."
Adam Boileau concurs, highlighting the advantages of passkeys over traditional passwords, despite acknowledging existing challenges in onboarding and account management.
[24:18] Adam Boileau: "Passkeys are better than passwords... they are less fishable and modular."
The conversation delves into the practical implications of this shift, including the potential reduction in phishing attacks and improved overall security posture for organizations adopting passwordless frameworks.
Additional Security Developments
The episode also covers several other critical security developments:
-
RDP Vulnerabilities: Discussion on Microsoft's decision to allow RDP logins with expired or revoked credentials, explaining the rationale behind this design choice and its implications for security practices.
[27:43] Adam Boileau: "The reason this exists is that Microsoft ultimately doesn't want to deal with locking out the last remaining account on a Windows system."
-
North Korean Cyber Infiltrations: An alarming increase in North Korean operatives posing as IT workers to infiltrate hundreds of Fortune 500 companies, showcasing the scale and sophistication of state-sponsored cyber espionage.
[31:18] Adam Boileau: "North Korea knows how to do this at scale and it must be making them enough money to be worth doing it."
-
US Treasury Sanctions on Scam Groups: The US government's proactive stance in sanctioning Cambodia-based conglomerates and Myanmar militia leaders involved in large-scale scam operations, marking significant progress in international cybercrime deterrence.
[34:25] Adam Boileau: "They are laundering something like $4 billion worth of illicit proceeds."
-
NSO Group Legal Outcomes: Coverage of the lawsuit between Meta and NSO Group, culminating in a substantial punitive damage award against NSO, reflecting the legal system's growing intolerance for misuse of surveillance technologies.
[39:03] Adam Boileau: "168 million bucks, that's gotta suck for NSO Group."
Sponsor Interview: Nucleus Security on Cloud Vulnerability Management
Transitioning to the sponsor segment, Patrick engages with Aaron Unterberger, Director of Sales Engineering at Nucleus Security, to discuss the intricacies of vulnerability management in cloud environments.
Challenges in Cloud VM: Aaron outlines the fundamental differences between traditional on-premises environments and the cloud, emphasizing the dynamic and ephemeral nature of cloud assets.
[43:41] Aaron Unterberger: "Cloud introduces a level of speed and scale where stuff is constantly changing... asset discovery and asset inventory has to keep in lockstep with what you're scanning and assessing."
Shifting Left in Vulnerability Management: The conversation delves into the importance of "shifting left" — addressing vulnerabilities early in the development lifecycle to prevent them from propagating through to production environments.
[47:16] Aaron Unterberger: "This game of Whack a mole, right? And that is, I think, the promise of shift left."
Comprehensive Risk Management: Aaron emphasizes Nucleus Security's role in providing a unified platform that integrates data from various sources, offering a normalized view of organizational risk and facilitating efficient vulnerability remediation.
[50:59] Aaron Unterberger: "It's about being able to manage all of these different domains effectively... providing a normalized view for executives, team leads, and application owners to know what their true risk is."
Operational Efficiency: The platform aids organizations in prioritizing vulnerabilities, automating remediation workflows, and offering actionable insights to enhance overall security posture.
[53:57] Aaron Unterberger: "Providing the operational and analytical tools to aid in the efficiency of how a team manages their VM program or their cloud security."
Patrick and Aaron conclude by underscoring the necessity for robust vulnerability management solutions in the cloud era, highlighting how Nucleus Security addresses the multifaceted challenges faced by modern enterprises.
Conclusion
Patrick Gray wraps up the episode by reiterating the critical lessons from the discussions, emphasizing the imperative for organizations to adopt proactive security measures, robust incident response plans, and comprehensive vulnerability management strategies. The episode serves as a poignant reminder of the evolving cyber threat landscape and the continuous need for vigilance and innovation in safeguarding digital assets.
Thank you for tuning into Risky Business. Stay secure, and join us next week for more in-depth analysis and discussions on the latest in information security.