Podcast Summary: Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode: Iran Shuts Down Its Own Internet
Release Date: June 26, 2025

Host: Black Hills Information Security
Participants: Corey, John Strand, Wade, Shecky

Introduction to the Episode's Main Topic

The episode opens with a light-hearted discussion about the nostalgia associated with the Muppets, setting a casual tone before delving into the serious cybersecurity topic at hand. John Strand muses on the enduring appeal of the Muppets, reflecting on their role in childhood entertainment and their cultural significance (00:02-01:10). Corey and the team transition smoothly into the main subject, signaling a shift from light banter to critical news analysis.

Overview of Iran's Internet Shutdown

John Strand initiates the core discussion by addressing a significant geopolitical event: Iran's recent shutdown of its national internet. He highlights the complexities of modern warfare, noting, "Iran just shut off their Internet, which I guess if you're trying to keep the USA out, that's a good way, right?" (04:41). The team references a TechCrunch article dated June 20th, confirming that virtually all Iranians lost internet access earlier that week—a move seen as counterproductive but possibly aimed at information management and psychological operations (05:02-05:37).

Cyber Aggression and Potential Retaliations

The conversation explores whether Iran's actions signal an escalation in cyber warfare. Corey brings up a statement from an Iranian spokesperson attributing drone operations to internet control, raising concerns about the implications for U.S. military infrastructure (06:18-07:51). John Strand provides historical context, comparing the shutdown to past events like the Gulf Wars, emphasizing that maintaining internet access is crucial for intelligence gathering and operational effectiveness (05:37-06:18).

Impact on US and Global Cybersecurity

Wade suggests that the shutdown is more about controlling the populace during internal unrest rather than a direct cyberattack, stating, "It sounds to me more like what's happened anytime they've had massive protests there and shut down the Internet, etcetera." (09:50-10:03). John Strand concurs, arguing that if Iran were genuinely concerned about U.S. intelligence agencies like the NSA, they wouldn't allow tech-savvy individuals to bypass restrictions, indicating the shutdown's role in controlling information rather than deterring cyber aggression (06:52-08:16).

Ransomware and Financially Motivated Threat Actors

The discussion shifts to Scattered Spider, a notorious financially motivated threat actor group. Corey details their recent activities targeting insurance companies, including Philadelphia and Erie Insurance, and notes that these attacks predominantly employ social engineering and help desk exploitation (22:14-24:18). The team emphasizes the importance of securing help desk functions and resetting MFA factors to mitigate such threats (32:49-35:38).

Data Breaches and Info Stealers

A significant portion of the episode addresses a purported 16 billion data leak, which the hosts clarify is a compilation of previously breached data rather than a new incident. Corey explains that much of the data is consumer-focused and emphasizes the necessity for robust data monitoring services like Flare or Spy Cloud (33:41-35:38). John Strand adds that while the volume of breached data may seem overwhelming, much of it consists of outdated credentials still circulating in cybercriminal circles (40:00-41:28).

Data Brokers and Privacy Issues

Shecky introduces a critical discussion about data brokers, highlighting a case where a Minnesota lawmaker was assassinated with data sourced from multiple data broker services (58:32-60:10). John Strand underscores the dangers posed by these brokers, asserting, "Data brokers get people killed every day." (60:01). The conversation delves into the legislative gaps in the U.S. regarding data privacy, contrasting it with Europe's GDPR framework, and debates the feasibility of regulating such entities given their profitability and entrenched nature (61:04-64:37).

USB Threats and Physical Security Measures

The hosts recount experiences with physical infiltration tactics, such as dropping USB drives in corporate environments to test security awareness. Shecky shares a successful attempt where laser-engraved USB drives were left in offices, leading to heightened security alerts despite the payloads being non-functional (53:27-56:25). Corey highlights the ongoing relevance of these methods, emphasizing that despite technological advancements, physical security remains a vulnerable point for many organizations (55:19-57:34).

Concluding Thoughts on Current Cybersecurity Landscape

Wrapping up, the team reflects on the multifaceted nature of modern cyber threats, from nation-state actions and data breaches to social engineering and physical infiltration tactics. John Strand poses a critical question to listeners: "Are we improving as an industry?" (37:18), suggesting that while defenses are evolving, the persistent challenges of legacy systems, data privacy, and sophisticated threat actors indicate that cybersecurity remains a pressing and continually evolving issue.

The episode concludes with a brief mention of future discussions, promising deeper dives into the ramifications of Iran's internet shutdown and its broader impact on global cybersecurity dynamics.

Notable Quotes

• John Strand (04:41): "Iran just shut off their Internet, which I guess if you're trying to keep the USA out, that's a good way, right?"
• Corey (06:18): "It's just a chaos move. I could be wrong, though."
• John Strand (14:56): "They’re clearly doing this for information management."
• Shecky (58:32): "This is the first time I've actually seen data brokers called out in a crime."
• John Strand (60:01): "Data brokers get people killed every day."

Key Takeaways

1. Iran's Internet Shutdown: Likely aimed at controlling information flow amid internal and external geopolitical tensions rather than a direct cyberattack.
2. Nation-State Cyber Aggression: While Iran demonstrates capabilities, concerns extend to allies like Russia and China, who may pose more significant threats to U.S. infrastructure.
3. Ransomware Threats: Financially motivated groups like Scattered Spider are increasingly targeting specific sectors such as insurance, employing sophisticated social engineering tactics.
4. Data Breaches: Massive data leaks continue to pose risks, with outdated credentials circulating, emphasizing the need for ongoing vigilance and robust data protection measures.
5. Data Brokers: The role of data brokers in facilitating crimes is alarming, highlighting urgent needs for legislative action and enhanced data privacy protections.
6. Physical Security Vulnerabilities: Traditional infiltration methods, like malicious USB drops, remain effective, underscoring the importance of comprehensive security training and policies.

Recommendations for Listeners

• Enhance Help Desk Security: Implement strict protocols for help desk operations, including limiting MFA resets and password changes.
• Monitor Data Breaches: Utilize advanced data monitoring services to stay informed about potential breaches and compromised credentials.
• Regulate Data Brokers: Advocate for stronger data privacy laws to control the proliferation and misuse of personal information by data brokers.
• Update Legacy Systems: Regularly update and maintain legacy hardware and software to minimize vulnerabilities and reduce tech debt.
• Educate on Social Engineering: Conduct regular security awareness training focused on recognizing and thwarting social engineering attempts.

For more detailed insights and ongoing discussions, subscribe to Black Hills Information Security’s weekly podcast and stay ahead in the ever-evolving field of information security.