Podcast Summary: "2025-03-03 - Not Talking About Anything"

Podcast Information:

• Title: Talkin' About [Infosec] News, Powered by Black Hills Information Security
• Host/Author: Black Hills Information Security
• Release Date: March 5, 2025

In this engaging episode of "Talkin' About [Infosec] News," the Black Hills Information Security team delves deep into pressing cybersecurity issues facing both individuals and organizations. The discussion ranges from the controversial topic of encryption backdoors to the latest trends in ransomware attacks, providing listeners with insightful analysis and expert opinions. Below is a detailed summary of the key discussions, complete with notable quotes and timestamps.

1. Cryptocurrency Backdoors: Privacy vs. Security

The episode kicks off with a heated debate about the United States FBI mirroring the United Kingdom's requests for backdoors into encrypted communications. This move raises significant concerns about privacy and national security.

• John Strand (04:10):
  "If you put in an exploitable hole within crypto, then it is inevitably going to be used by bad actors. There's a zero chance that you're going to have this magical backdoor that just the NSA or the FBI or the CIA has."

• Jake (07:53):
  "There is no such thing as a good guys only backdoor, period."

The hosts argue that creating backdoors compromises the integrity of encryption, making it vulnerable to exploitation by malicious entities. They highlight historical precedents where nation-state backdoors have been exploited, underscoring the futility of such initiatives.

• Bronwyn (11:26):
  "Encryption backdoors are like, yeah, they're the easy mode, but criminals who already have things locked down are still brought to justice."

The discussion emphasizes the delicate balance between aiding law enforcement and preserving individual privacy, concluding that backdoors are inherently insecure and counterproductive.

2. Info Stealer Malware and "Have I Been Pwned"

Transitioning to cybersecurity tools, the conversation focuses on the rise of information-stealing malware and the role of "Have I Been Pwned" (HIBP) in addressing data breaches.

• Wade (34:35):
  "Have I Been Pwned... took 284 million accounts stolen by information stealer malware. It's a big upgrade and definitely very interesting."

The hosts commend HIBP for expanding its services to include data from info stealer malware, enhancing its utility for both individuals and enterprises. However, they also discuss recent price increases and the issue of unauthorized reselling of breached data, highlighting the challenges of maintaining such a vital service.

• John Strand (37:01):
  "If you're looking at these prices, they're pretty solid folks, that's not bad."

The episode underscores the importance of responsible usage and support for cybersecurity tools that protect against data breaches.

3. Dragos's Annual OT Cybersecurity Review: Rise in Ransomware

The podcast then examines Dragos’s 8th Annual OT Cybersecurity Review, which reports an alarming 87% increase in ransomware attacks targeting industrial organizations.

• Kelly (43:25):
  "Dragos... are seeing an increase in ransomware, 87% increase against industrial organizations."

This surge is attributed to the vulnerability of operational technology (OT) environments, which are increasingly targeted due to their critical role in infrastructure. The hosts discuss the need for enhanced security measures and better threat intelligence sharing to combat this trend effectively.

• John Strand (45:31):
  "If you're looking to buy anything from a vendor, see if the vendor does release open source reports, do they release open source tools?"

The conversation highlights the importance of collaboration and information sharing among cybersecurity professionals to mitigate the growing threat of ransomware in industrial sectors.

4. Department of Defense, CISA, and Russian Threat Actors

A significant portion of the episode is dedicated to recent developments involving the Department of Defense (DoD) and the Cybersecurity and Infrastructure Security Agency (CISA) in relation to Russian threat actors.

• John Strand (46:00):
  "If CISA stops reporting on Russian threat actors, it's fantastic for Black Hills Information Security. It's going to have more breaches."

The hosts express concern over reports suggesting that CISA has been directed to reduce or halt its monitoring of Russian cyber activities. This move could potentially lower the barriers for adversaries, making cyber attacks more feasible and cost-effective.

• Justin (52:41):
  "Attribution is a really challenging thing under any circumstances. We're not going to monitor X Group anymore, we’ve given a free pass to anyone who wants to spoof that group."

They discuss the implications of such directives, including the potential for increased cyber threats and diminished intelligence capabilities. The debate touches on the complexities of attribution in cyber warfare and the risks of geopolitical maneuvers affecting national cybersecurity measures.

5. Attribution Challenges in Cyber Threat Intelligence

The difficulty of accurately attributing cyber attacks to specific actors is another critical topic covered in the episode.

• Justin (52:06):
  "Attribution is a really challenging thing under any circumstances."

The hosts delve into how threat actors can obscure their origins, often mimicking other nations' techniques to evade detection. This challenge complicates efforts to defend against and respond to cyber threats effectively.

• Wade (54:28):
  "Threat actors are just pretending to be Russia and never get caught from there."

The conversation underscores the need for advanced threat intelligence and sophisticated attribution methods to accurately identify and counteract malicious activities.

6. Case Study: Army Soldier and the AT&T Heist

Towards the end of the episode, the hosts discuss a real-world incident involving an Army soldier implicated in a cyber heist against AT&T, emphasizing the pitfalls of poor personal cybersecurity practices.

• Justin (57:39):
  "The accused army soldier in the AT&T heist... Google searches would be trackable, but hey."

This case study serves as a cautionary tale about the importance of maintaining robust security both at work and at home. The discussion highlights how personal negligence can lead to significant breaches, affecting broader organizational security.

• John Strand (58:06):
  "If you're going to commit crimes, don't use Google... unless you want to do the T."

The episode concludes with a reminder of the interconnectedness of personal and professional cybersecurity, urging listeners to adopt comprehensive security measures to protect against potential breaches.

Conclusion

This episode of "Talkin' About [Infosec] News" provides a thorough exploration of some of the most pressing issues in the cybersecurity landscape. From the debate over encryption backdoors to the rise of ransomware attacks in industrial sectors, the Black Hills Information Security team offers valuable insights and practical advice for both individuals and organizations. The discussions emphasize the need for robust security practices, responsible use of cybersecurity tools, and the importance of accurate threat intelligence sharing to navigate the ever-evolving threats in the digital world.

Notable Quotes:

• John Strand (04:10):
  "If you put in an exploitable hole within crypto, then it is inevitably going to be used by bad actors."

• Jake (07:53):
  "There is no such thing as a good guys only backdoor, period."

• Wade (34:35):
  "Have I Been Pwned... took 284 million accounts stolen by information stealer malware."

• Kelly (43:25):
  "Dragos... are seeing an increase in ransomware, 87% increase against industrial organizations."

• John Strand (46:00):
  "If CISA stops reporting on Russian threat actors, it's fantastic for Black Hills Information Security. It's going to have more breaches."

• Justin (52:41):
  "Attribution is a really challenging thing under any circumstances."

• Wade (54:28):
  "Threat actors are just pretending to be Russia and never get caught from there."

• John Strand (58:06):
  "If you're going to commit crimes, don't use Google."

This comprehensive summary captures the essence of the episode, providing listeners with a clear understanding of the discussions and insights shared by the Black Hills Information Security team.