Podcast Summary: Risky Business #791 — Woof! Copilot for SharePoint Coughs Up Creds and Keys
Release Date: May 14, 2025
Host: Patrick Gray
Guest: Adam Boileau
Sponsor: Resourcely
Introduction
In this episode of Risky Business, Patrick Gray and Adam Boileau delve into the latest happenings in the information security landscape. The episode kicks off with discussions on alarming research findings, recent ransomware activities, vulnerabilities in enterprise software, and concludes with an insightful interview with Travis McPeak from Resourcely.
Key Discussions
1. AI Copilot for SharePoint Vulnerabilities
Patrick Gray introduces a concerning research blog by Pen Test Partners, highlighting flaws in Microsoft's AI-driven Copilot for SharePoint. The tool, intended to assist administrators, inadvertently becomes a vulnerability by allowing unauthorized access to sensitive credentials.
- Adam Boileau reflects on the impact:
"Not having to like, put that in my brain because at the end of the workday when you spent your whole day in somebody else's enterprise SharePoint... you're always a little bit mindful of someone looking at your stuff." [01:58]
The duo discusses how malicious actors can exploit the AI to bypass traditional security measures, emphasizing the risks of AI-driven administrative tools.
2. Advanced Persistent Threats and Software Vulnerabilities
Patrick shifts focus to another critical vulnerability discovered by a young researcher in New Zealand. This flaw in Asus's driver installation software allows remote code execution with minimal user interaction.
- Adam Boileau comments on the severity:
"This means for anyone who's using this like Driver Hub software from Asus, it's single click to ask to drop an executable on someone and run it in a highly privileged context as well." [10:42]
They explore the implications for enterprises, noting the difficulty in managing and securing legacy hardware and software components.
3. Ransomware Ecosystem Under Pressure
The conversation transitions to the current state of ransomware groups, focusing on LockBit's downfall after its leak site was defaced.
- Adam Boileau provides insight:
"It's not particularly a great look... things are getting a bit more difficult for them. And this iteration of LockBit also has ended badly by the look of it." [12:13]
They also touch upon Conti leaks and the broader trend of infighting and external pressures fragmenting the ransomware landscape.
Coveware’s Report Highlights:
- A significant decline in ransomware payment resolution rates, dropping from 85% in 2019 to 27%.
- A rise in average payment amounts despite lower overall success rates.
- A shift in attack vectors, with remote access compromises now leading.
Patrick notes the alarming increase in exploitation of the SAP Netweaver vulnerability by Chinese APTs, underscoring the global reach of cyber threats.
4. Global Cybercrime Activities
Emphasizing the international scope, Patrick and Adam discuss recent cybercriminal activities in Japan, where hackers exploit AI to conduct culturally appropriate phishing attacks, resulting in fraudulent trades amounting to approximately $2 billion.
- Adam Boileau speculates on AI’s role:
"AI... is so much better now, you can carry out these kinds of attacks in languages and environments that aren't necessarily your own." [28:40]
5. Law Enforcement Actions Against Botnets
The episode covers recent joint international law enforcement efforts to dismantle long-standing botnet services like Any Proxies, which facilitated residential proxy networks crucial for obscuring cyber activities.
- Adam Boileau remarks on the takedown:
"They've been shut down. Of course, they were, I think, Russians. So I don't know what consequences they will face." [31:10]
Additionally, arrests in Poland targeting stressor botnets emphasize the ongoing crackdown on affordable DDoS-for-hire services.
6. Spectre-Style CPU Attacks
Patrick and Adam discuss groundbreaking research from Vusec and ETH Zurich unveiling new Spectre-like side-channel attacks that bypass existing CPU mitigations, posing significant threats to cloud infrastructures and hypervisors.
- Adam Boileau explains:
"They have sort of a generic technique that circumvents the architectural controls where you shouldn't be able to influence... like some user space to kernel space." [36:43]
The researchers demonstrated how these vulnerabilities could leak sensitive data, compelling cloud providers to reassess their security postures.
7. Automotive Security Breaches
Highlighting vulnerabilities in connected vehicles, they review a presentation from Black Hat Asia where researchers successfully exploited a 2020 Nissan Leaf via Bluetooth to gain control over critical systems like steering and doors.
- Patrick Gray conveys admiration:
"It's impressive work and they must have had so much fun doing it as well." [40:08]
Sponsor Interview: Resourcely Fix with Travis McPeak
Transitioning to the sponsorship segment, Patrick interviews Travis McPeak, founder of Resourcely, to discuss their innovative platform, Resourcely Fix, designed to systematically address and remediate cloud security issues.
Key Takeaways from the Interview:
-
Challenge in Cloud Security:
Organizations often face overwhelming numbers of security alerts without the means to prioritize and remediate effectively.
"If you have a security tool and that security tool is telling you everything's on fire all of the time, what happens, it's just natural human instinct. We become desensitized to that thing." [56:21] -
Resourcely Fix’s Approach:
Unlike traditional solutions that either do not intervene or perform blanket remediations risking system stability, Resourcely Fix coordinates with developers through familiar tools like Slack and Jira to implement fixes cautiously.
"We're going to give them a fix it button that'll just go make the change for them and then tell them it's done and give them an unfix it button if it's broken." [49:51] -
Ownership and Automation:
The platform intelligently identifies the right stakeholders for each security issue, reducing manual coordination burdens and ensuring accountability.
"If you have a thing that's just blinking red all the time, everybody's going to ignore it and nothing's going to happen from it." [56:57] -
AI Integration:
While not central to their remediation efforts, AI assists in triaging and contextualizing security issues to streamline decision-making without autonomously altering cloud configurations.
"We can use AI cleverly to assist with some of the triage who's the right owner for this thing." [54:22]
Travis underscores the necessity for security teams to move beyond merely flagging issues to actively mitigating risks, thereby enhancing their value within organizations.
Conclusion
Patrick Gray wraps up the episode by emphasizing the importance of proactive and coordinated security measures in the evolving threat landscape. With insights ranging from AI vulnerabilities to sophisticated ransomware dynamics and innovative remediation tools, Risky Business #791 offers a comprehensive overview for information security professionals aiming to stay ahead of emerging threats.
Notable Quotes:
-
"You have to trick the computers too. Like that used to be honest work tricking computers and now feels kind of sleepy."
— Adam Boileau [04:01] -
"If you have a security tool and that security tool is telling you everything's on fire all of the time... we're just going to have 12,000 issues and then people stop paying attention to it at all."
— Travis McPeak [56:21] -
"These are hardcore young people who just are all going to get caught."
— Patrick Gray, referring to Dragon Force affiliates [15:37]
Resources Mentioned:
- Resourcely: Resourcely Website
- Pen Test Partners Blog: Link to the specific blog post
- Coveware Report: Coveware Vulnerability Report
- Black Hat Asia Presentation: Slide Deck Link
- Risky Bulletin Podcasts: Available on major podcast platforms by searching "Risky Bulletin"
For more detailed discussions and resources, listeners are encouraged to visit Risky Business’ website and explore the show notes linked with the podcast episode.
This summary aims to provide a comprehensive overview of the episode’s content for those who have not listened. For full insights and expert analysis, tuning into the actual podcast is recommended.