Podcast Summary: Talkin' About [Infosec] News, Powered by Black Hills Information Security

Episode: 2025-01-13 — An RGB State of Mind
Release Date: January 15, 2025

In this episode of Talkin' About [Infosec] News, the Black Hills Information Security team delves into a variety of cybersecurity topics, ranging from sophisticated phishing attacks to vulnerabilities in widely-used systems. The discussion is enriched with insightful commentary, technical analysis, and engaging banter among the hosts and guests.

1. Vishing and the Rise of Criminal Collaborations

Timestamps: [12:34] - [15:32]

The team examines a recent surge in voice phishing (vishing) attacks orchestrated by Chinese hacker groups. Corey highlights the collaborative nature of these criminal organizations, emphasizing how internal conflicts often lead to the leakage of operational tactics and techniques.

Corey [12:34]: "They have four people on the call. One is doing the call, one is draining the accounts as they get access to things, the other one's just sitting there watching, taking notes."

Ryan probes whether the increase in vishing is due to its effectiveness or the challenges in targeting endpoints and credentials.

Ryan [12:47]: "Do you think we're seeing more of this because it's a new attack vector and it's effective, or are we seeing this because going after the endpoint, going after creds is difficult?"

The consensus suggests that stricter verification methods by companies are pushing attackers towards social engineering tactics like vishing.

2. Ransomware Exploits AWS S3 Buckets Using Native Encryption

Timestamps: [54:53] - [60:14]

The discussion shifts to how ransomware groups are exploiting AWS's native encryption features to target S3 buckets. Corey explains that attackers are leveraging customer-provided keys to encrypt data, making recovery without paying the ransom more challenging.

Corey [54:53]: "Ransomware can affect S3 buckets once they compromise an account that has access to S3. They use a customer-provided key to encrypt the data."

Kelly raises concerns about immutable backups and how ransomware can still disrupt these if not properly configured.

Kelly [59:50]: "So the immutable ones, you can't modify, you can't encrypt later on."

The hosts stress the importance of configuring S3 buckets securely and utilizing features like immutable backups to mitigate such threats.

3. LDAP Nightmare and Malicious Proof-of-Concept Exploits

Timestamps: [47:41] - [54:38]

The team scrutinizes a GitHub repository claiming to offer a proof-of-concept (POC) exploit for the high-profile LDAP Nightmare vulnerability. Corey expresses skepticism about the legitimacy and safety of cloning such repositories.

Corey [47:50]: "I don't think there's any self-respecting pen tester that would clone a purported Python repo that just has one file called POC exe and then run that exe."

Ralph shares a cautionary tale about encountering malicious code in supposedly benign repositories, underscoring the risks associated with unverified POC exploits.

Ralph [48:34]: "I opened the PDF and it's a canary token. And I'm like, you son of a."

The hosts advise professionals to rely on trusted sources for exploits and to employ sandboxing techniques like VirusTotal to assess the safety of downloaded code.

4. Path of Exile 2 Game Hack: A Class Act Response

Timestamps: [45:12] - [47:25]

Corey discusses a breach in Path of Exile 2, an action RPG, where an admin account was compromised, leading to the theft of in-game items. The highlight of the discussion is the game's developer's transparent and proactive response to the incident.

Corey [46:26]: "The developer went on a podcast and basically said like, 'We effed up, we screwed this up. We're sorry. We're gonna make it right.'"

Ryan commends the company's handling of the breach, noting that honest acknowledgment and remediation efforts set a positive example for other organizations.

Ryan [47:25]: "This was really a class act for them. So kudos."

5. Gravy Analytics Location Data Breach

Timestamps: [25:39] - [30:00]

The hosts explore a significant data breach involving Gravy Analytics, a location tracking service. An attacker released a data sample revealing that over 10,000 applications' location data were compromised, potentially including sensitive information about US politicians and high-profile individuals.

Corey [25:49]: "They're collecting location data from over 10,000 applications or whatever. It's going to be so much impact you could do with that data."

John elaborates on the vulnerability, explaining how the lack of proper security measures on ALPR (Automatic License Plate Recognition) cameras exposed critical data.

John [29:27]: "There was no security on these devices. You could access them remotely and pull down the straight ALPR data."

The team underscores the dangers of location data breaches and the importance of securing such sensitive information.

6. Steezy Cannabis Delivery Service Hack and KYC Data Risks

Timestamps: [60:14] - [67:09]

Corey brings attention to the breach of Steezy, a cannabis delivery service in California. The hack resulted in the exposure of KYC (Know Your Customer) data, including government-issued IDs used to verify customers' ages.

Corey [61:30]: "They have to have copies of your driver's license or your KYC data. In this case, we see that the KYC data was disclosed."

The conversation highlights the increasing trend of businesses holding sensitive KYC data, especially in regulated industries like cannabis and adult entertainment, and the associated security risks.

Ralph [65:57]: "VPN sales are out the roof."

The hosts advocate for better systems to store KYC data securely, emphasizing that if data isn’t essential, it shouldn’t be collected.

John [62:39]: "If you don't have to collect it, you don't want to collect it."

7. Cybersecurity Trust Seal: A Critical Examination

Timestamps: [33:17] - [42:45]

A significant portion of the episode is dedicated to critiquing the proposed Cybersecurity Mark of Trust, a government initiative aiming to certify secure devices with a seal of approval. The hosts debate the feasibility and effectiveness of such a certification.

Ryan voices concerns about the permanence of security seals and the continuous nature of cybersecurity.

Ryan [35:19]: "I think we need something like this, but it's completely anathema to the way computer security is run."

Corey suggests that auto-updates should be a requirement for devices bearing the trust seal to ensure ongoing security.

Corey [41:22]: "If one of the criteria is auto updates, that would be such a huge bar."

Eric questions the voluntary nature of the program and the lack of repercussions for non-compliance or breaches.

Eric [35:10]: "It sounds like it's voluntary... What if something gets hacked and doesn't have this seal on it?"

The consensus among the hosts is skepticism towards the effectiveness of such trust seals without stringent and enforceable standards.

8. Swear Jar: Managing on-Air Language

Timestamps: [00:01] - [25:43]

Early in the episode, the hosts engage in a lighthearted discussion about implementing a swear jar to curb excessive swearing during the podcast. Ryan proposes donating $5 to the Electronic Frontier Foundation (EFF) for each instance of swearing, highlighting a humorous approach to self-regulation.

Ryan [03:29]: "If we could pop up on the stream, just how flipped dollar amount is?"

The conversation underscores the balance between maintaining professional discourse and the natural flow of conversation among hosts.

Notable Quotes

• Corey [12:34]: "The biggest threat to criminals is not FBI or CIA or whatever. It's other criminals."
• Ryan [35:19]: "I think we need something like this, but it's completely anathema to the way computer security is run."
• Corey [41:22]: "If one of the criteria is auto updates, that would be such a huge bar."

Conclusion

Throughout the episode, the Black Hills Information Security team provides a comprehensive analysis of current cybersecurity threats and industry practices. From examining the resurgence of vishing attacks to critiquing government-led security certifications, the hosts offer valuable insights for both security professionals and enthusiasts. The blend of technical depth and engaging dialogue ensures that listeners are well-informed and entertained.

Announcements:

• Kelly will be the keynote speaker at B Side San Diego on March 29th. Listeners are encouraged to attend and gain further insights into the cybersecurity landscape.

For more detailed discussions and expert analyses, tune into subsequent episodes of Talkin' About [Infosec] News.