Podcast Summary: "Scatterd Spider Weaves Another Attack" – May 9, 2025

Podcast Information:

• Title: Talkin' About [Infosec] News, Powered by Black Hills Information Security
• Host/Author: Black Hills Information Security
• Episode: Scatterd Spider Weaves Another Attack
• Release Date: May 9, 2025

Introduction

In the May 9, 2025 episode of "Talkin' About [Infosec] News, Powered by Black Hills Information Security," hosts Wade and Corey delve into a myriad of cybersecurity topics, ranging from high-profile breaches and threat actors to emerging security challenges in SaaS and AI integrations. The conversation is enriched with personal anecdotes, expert insights, and forward-looking perspectives that cater to both seasoned professionals and newcomers in the infosec realm.

1. JP Morgan Chase’s CISO Raises Concerns About SaaS and AI (05:00 - 07:30)

The episode kicks off with a discussion on Patrick Opet, the Chief Information Security Officer (CISO) of J.P. Morgan Chase, who has publicly expressed apprehensions regarding the rapid adoption of Software as a Service (SaaS) products, particularly those integrated with Artificial Intelligence (AI).

Corey highlights Opet’s stance:

"He specifically calls out AI-driven calendar optimization service integrating directly into corporate email systems to read-only roles. So that's how I see it. It's like he's kind of freaked out by the adoption of AI." (06:00)

Key Points:

• Security vs. Feature Delivery: Opet emphasizes that SaaS providers often prioritize feature enhancements and customer adoption over robust security measures.
• AI Integration Risks: The integration of AI tools within corporate environments can lead to unintended data exposures, such as AI scraping calendar data, which is particularly sensitive in the banking sector.
• Organizational Responses: Both hosts agree that addressing these concerns requires top-level executive buy-in to balance innovation with security imperatives.

2. Scattered Spider Threat Actor Targets UK Retailers (10:00 - 14:00)

A significant portion of the episode is dedicated to the resurgence of the Scattered Spider threat actor, notorious for previous high-profile breaches such as the MGM Resorts incident.

Wade summarizes:

"They're being attributed to them, which is kind of interesting. But, yeah, there's been like supply chain impacts from this..." (11:00)

Key Points:

• Recent Attacks: Multiple UK retailers, including Marks and Spencer and Harrods, have fallen victim to ransomware attacks orchestrated by Scattered Spider.
• Supply Chain Vulnerabilities: The attackers often pivot through compromised vendors to infiltrate major targets, amplifying the impact.
• Economic Fallout: Marks and Spencer reportedly experienced a £500 million drop in stock market value due to these breaches, underscoring the severe financial repercussions of cyberattacks on retail giants.
• Threat Actor Tactics: The hosts discuss the sophisticated techniques employed by Scattered Spider, emphasizing the need for enhanced supply chain security measures.

3. DPRK IT Workers and Insider Threats (15:00 - 19:00)

The conversation shifts to the concerning trend of North Korean (DPRK) IT workers infiltrating organizations. Corey explains:

"These people being a good, efficient worker with multiple jobs and being in the sigma grind set." (18:15)

Key Points:

• Employment Exploitation: North Korean operatives are exploiting hiring processes by taking multiple jobs simultaneously, making it difficult for organizations to identify malicious intent.
• Insider Threat Indicators: The hosts discuss red flags such as unusual work patterns, excessive data access, and anomalies in HR processes that could indicate insider threats.
• Mitigation Strategies: Implementing robust background checks, enhancing identity verification processes, and fostering strong collaboration between HR and security teams are essential to counteract this threat.
• Case Study – Kraken Exchange: The podcast references an incident where Kraken Exchange publicly documented their breach, detailing the methods used by DPRK actors and the importance of recognizing warning signs during the hiring process.

4. Malware as a Service: Golden Chicken and Gremlin Stealer (25:00 - 29:00)

Wade and Corey explore the Malware as a Service (MaaS) landscape, focusing on threat actors like Golden Chicken and the Gremlin Stealer.

Corey notes:

"Golden Chicken, that is a malware as a service shop for a while since I think the date was 2018..." (27:00)

Key Points:

• Golden Chicken: Originally known as Venom Spider, this threat actor has rebranded and is now associated with sophisticated info stealers designed to harvest browser credentials, wallet data, and more.
• Gremlin Stealer: Identified by Palo Alto Networks, this new info stealer bypasses recent Chrome security enhancements and targets both individual and enterprise FTP credentials alongside gaming platforms like Steam.
• Operational Tactics: These MaaS offerings showcase high-quality malware development, often released for testing purposes, highlighting the evolving sophistication in cyber threats.
• Industry Impact: The prevalence of MaaS raises the stakes for organizations to bolster their defenses against increasingly effective and accessible malware tools.

5. WhatsApp’s Integration of AI Tools and Security Implications (35:00 - 39:00)

A segment is dedicated to WhatsApp’s adoption of AI tools, aiming to enhance user experience while maintaining message confidentiality.

Corey remarks:

"It's like you have this end-to-end encrypted message. You send it to a cloud server but some other cloud server can't decrypt the contents of the message but can respond to it and send it back to you." (38:00)

Key Points:

• AI Functionality: WhatsApp has introduced AI-driven features that process messages in secure, isolated environments to provide functionalities like smart replies without compromising end-to-end encryption.
• Technical Challenges: Ensuring that AI tools can operate on encrypted data without access to the actual message content is a complex undertaking, involving innovative cryptographic solutions.
• Privacy Concerns: The integration raises questions about data processing transparency and the potential for indirect data leakage through AI interactions.
• Future Prospects: The hosts speculate on the balance between leveraging AI for enhanced communication and maintaining stringent privacy standards, drawing parallels with Apple's approach to integrating AI into their services.

6. House Bill to Study Router National Security Risks (45:00 - 49:00)

Wade and Corey analyze a recently passed House bill mandating the Department of Commerce to study national security risks associated with routers and modems controlled by U.S. adversaries.

Wade explains:

"A bill requiring the department of commerce to study national security issues posted by routers and modems controlled by U. S. Adversaries. Passed in the house on Monday." (45:44)

Key Points:

• Scope of the Bill: The legislation aims to assess vulnerabilities in telecommunications infrastructure, particularly focusing on devices manufactured by entities linked to adversarial nations.
• Implementation Challenges: Determining accurate sourcing of hardware and enforcing compliance poses significant logistical and technical hurdles.
• Potential Standards: The bill could lead to the establishment of stringent security standards for routers, including mandatory features like disabling default credentials and enforcing regular firmware updates.
• Industry Impact: Enhanced scrutiny on networking devices may prompt manufacturers to prioritize security in product design and foster greater collaboration between government bodies and private sector companies to mitigate risks.

7. Upcoming "Hot Ones"-Style Episode Featuring Cybersecurity Questions (50:00 - 54:00)

In a lighter note, the hosts announce an upcoming episode inspired by the popular "Hot Ones" format, where they will answer cybersecurity questions while consuming increasingly spicy sauces.

Wade shares:

"On Friday, me, Gerald Oer and Josh Mason are gonna do a cyber version of Hot Ones." (50:31)

Key Points:

• Format Details: The segment will feature the hosts tackling a series of cybersecurity-related questions paired with progressively hotter sauces, testing both their knowledge and endurance.
• Engagement: This interactive format aims to entertain while providing insightful discussions on infosec topics, fostering a more engaging listener experience.
• Audience Interaction: Listeners are encouraged to tune in live on the Simply Cyber YouTube channel, with the promise of recording and editing the session to resemble a traditional "Hot Ones" episode.

Conclusion

The episode "Scatterd Spider Weaves Another Attack" offers a comprehensive exploration of current and emerging cybersecurity threats, blending serious analysis with engaging dialogue. From high-stakes breaches and sophisticated threat actors to innovative yet challenging integrations of AI in security tools, hosts Wade and Corey provide valuable insights and actionable intelligence for their audience. The anticipation of their upcoming "Hot Ones"-style episode further adds a unique and entertaining dimension to the infosec discourse.

Notable Quotes:

• Wade on AI Integration:

  "Whatever has to come from an executive perspective." (07:53)

• Corey on SaaS Risks:

  "SaaS is a big risk. We've warned our clients about it." (10:29)

• Gerald on Insider Threats:

  "These people being a good, efficient worker with multiple jobs and being in the sigma grind set." (18:15)

• Corey on Golden Chicken:

  "We have a threat actor that's named Golden Chicken..." (25:45)

• Wade on Upcoming Episode:

  "We're going to be answering like cyber security questions while eating hot sauce." (50:31)

Stay tuned for more insightful discussions and updates in the world of information security, powered by Black Hills Information Security.