Podcast Summary: Largest Corporate Espionage Case this Century Talkin' About [Infosec] News, Powered by Black Hills Information Security
Episode Release Date: April 16, 2025
Episode Date: April 14, 2025

Introduction and Overview

The episode opens with John Strand setting the stage for a discussion that intertwines politics and computer security news. He issues a trigger warning about the political content and hints at the complexity of navigating such topics without alienating listeners.

John Strand [00:01]:
"We're going to be talking a little bit about politics... We're going to try to thread that needle as well as we possibly can."

Insider Threats and Corporate Espionage

A significant portion of the discussion revolves around insider threats, especially in the context of ongoing layoffs and organizational changes. John highlights a class action lawsuit against the University of Maryland Medical Center (UMMC), alleging negligence in preventing a decade-long cybersecurity intrusion by a pharmacist who installed keyloggers.

Corey [18:08]:
"This isn't even pen testing. This is like basic cyber controls... that's how I see this."

The team debates the severity of the negligence involved, with John Strand distinguishing between negligence and gross negligence, emphasizing the intentional neglect that could have facilitated such breaches.

John Strand [26:30]:
"If you can find that, then all of a sudden this lawsuit gets really creepy or it gets really huge, really quick."

CISA’s Contract Terminations

The Pentagon's decision to terminate $5.1 billion in contracts with major firms like Accenture, Deloitte, Booz Allen Hamilton, and others is scrutinized. John expresses mixed feelings, acknowledging the overcharging issues prevalent among large consulting firms while also cautioning against indiscriminate cuts that might affect critical and possibly sensitive projects.

John Strand [53:03]:
"There needs to be an absolute good conversation about fraud, waste, and abuse, but it's very nuanced."

Corey emphasizes the relative scale of the budget and questions the effectiveness of such significant financial reallocations.

Corey [56:06]:
"The US government is an insurance company with a standing army. This is nothing."

Moroccan Cybercrime Group: Atlas Lion

The episode delves into the activities of the Moroccan cybercrime group Atlas Lion, commending their novel attack methods aimed at securing gift cards through cloud domain infiltrations. The hosts express admiration for the group's ingenuity despite their malicious intents.

John Strand [42:47]:
"I just want to say thank you to these guys as well."

They discuss the group's methodology, which involves compromising internal systems to access and generate gift cards, highlighting the complexities and challenges in detecting such threats.

Corey [44:07]:
"These gift cards are functionally the currency of scammer."

Recommendations and Best Practices

The team offers insights into threat intelligence feeds, advocating for community-driven sources like ISACs and platforms like Blue Sky and Mastodon to stay updated amidst dwindling federal data. Mike shares his approach to filtering useful information through targeted hashtags.

Mike [05:37]:
"My follow feed is semi useful, but really it's the hashtags that wind up going ahead and becoming the most useful for it."

They also recommend Sentinel One as a reliable Endpoint Detection and Response (EDR) solution, praising its effectiveness and cost-efficiency in the Managed Security Services Provider (MSSP) space.

Corey [17:35]:
"Sentinel One has been in my personal recommendations list for a low cost, very effective edr."

Cybersecurity Tools and Techniques

John Strand introduces the concept of cyber deception, suggesting the use of honey files and honey shares to detect insider threats. He points listeners to a free class on cyber deception available on the Anti Siphon YouTube channel as a resource.

John Strand [38:02]:
"I just did a class, it's for free... the whole class is there for free."

Corey emphasizes the importance of data loss detection over traditional Data Loss Prevention (DLP) solutions, arguing that detection is more effective in identifying and mitigating insider threats.

Corey [38:54]:
"Don't call it data loss prevention. It's data loss detection."

Listener Engagement and Community Initiatives

The hosts brainstorm community-driven initiatives to provide penetration testing for organizations that cannot afford professional services. They discuss the potential risks and benefits of involving community members and the importance of maintaining trust and methodological consistency in such endeavors.

John Strand [09:51]:
"Builder the checklist and the methodology that BHIS does for basic things and how to mitigate the overall risk for doing that type of work..."

Corey suggests leveraging vetted communities like the CPTP contestants to ensure quality and reliability.

Corey [16:36]:
"Give them an opportunity to do that... if you own a pen testing company and you're like, I would like to help with this because that seems like it might be fun. Please reach out to us as well."

Future Topics and Conclusion

As the episode wraps up, John Strand and Corey make light-hearted comments about the challenges of handling political topics and tease future episodes addressing lighter subjects like religion and pineapple on pizza.

John Strand [59:15]:
"Next episode, we're going to get into religion and pineapple on pizza... we handled politics so well."

The hosts conclude by encouraging listeners to stay engaged and participate in upcoming discussions.

Corey [59:18]:
"Till then. I'll see you next time, everybody. Take care."

Notable Quotes with Timestamps

• John Strand [00:01]:
  "We're going to try to thread that needle as well as we possibly can."

• Corey [18:08]:
  "This isn't even pen testing. This is like basic cyber controls... that's how I see this."

• John Strand [26:30]:
  "If you can find that, then all of a sudden this lawsuit gets really creepy or it gets really huge, really quick."

• Mike [05:37]:
  "My follow feed is semi useful, but really it's the hashtags that wind up going ahead and becoming the most useful for it."

• Corey [17:35]:
  "Sentinel One has been in my personal recommendations list for a low cost, very effective edr."

• John Strand [38:02]:
  "I just did a class, it's for free... the whole class is there for free."

• Corey [38:54]:
  "Don't call it data loss prevention. It's data loss detection."

This episode offers a comprehensive look into the multifaceted world of cybersecurity, blending technical insights with organizational and political implications. From insider threats and corporate espionage to community-driven security initiatives, the hosts provide valuable perspectives for both professionals and enthusiasts in the Infosec community.