Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
From the CISO series, it's
0:02
cybersecurity headlines. These
0:07
are the cybersecurity headlines for Tuesday,
0:09
June 18, 2024. I'm
0:13
Lauren Vernau. Snowflake
0:19
breach escalates with ransom demands
0:21
and death threats. As
0:25
many as 10 companies are facing ransom
0:27
payments between $300,000 and $5 million following
0:32
a breach against cloud-based data
0:34
analytics firm Snowflake earlier this
0:36
month. According to Mandiant,
0:38
who has helped lead Snowflake's case,
0:41
the hacking scheme has quote,
0:43
entered a new stage, end
0:45
quote, as the ransom demands
0:48
flow in, as well as
0:50
death threats against the cybersecurity
0:52
experts investigating the breach. The
0:55
hackers gain access to the information
0:57
by targeting Snowflake users using
0:59
single-factor authentication techniques. Mandiant
1:02
has said it anticipates a
1:05
ransomware group to quote, continue
1:07
to attempt to extort victims,
1:09
end quote. MITRE
1:14
has a memo for the president. MITRE
1:19
is weighing in on where the
1:21
incoming administration should set its focuses
1:23
next year, regardless of who wins
1:25
the 2024 election. The
1:28
memo was broken into four
1:30
different priorities, number one being
1:32
protecting critical infrastructure, followed
1:35
by implementing zero trust
1:37
in S-BOMBS, preparing for
1:39
quantum computing, and clarifying
1:41
cybersecurity leadership roles. These
1:44
recommendations emphasize upgrading legacy
1:46
systems, enhancing security practices
1:49
at local and state
1:51
levels, and ensuring readiness
1:53
for post-quantum cryptography. Additionally,
1:56
MITRE suggests making the cybersecurity
1:58
and infrastructure secure. Security Agency,
2:00
or CISA, an independent agency,
2:03
mapping out roles and responsibilities
2:05
of cybersecurity personnel within the
2:08
first 90 days. Velvet
2:14
Ant maintained three-year cyber
2:16
espionage campaign. This
2:19
threat actor wasn't going down without a fight.
2:23
Researchers at Signia have uncovered
2:25
a prolonged, sophisticated cyber espionage
2:27
campaign by China's Velvet Ant
2:29
Group, targeting a large company
2:31
in East Asia. Despite
2:34
repeated eradication attempts, the threat
2:36
actor maintained persistence for about
2:39
three years by exploiting legacy
2:41
and unmonitored systems, particularly using
2:43
an old F5 BIGIP appliance
2:47
for internal command and control. Give
2:53
me the credentials or else. The
2:58
UNC 3944 Cyber Gang,
3:00
best known for its involvement
3:03
in recent attacks on Snowflake
3:05
and MGM Entertainment, is now
3:07
targeting SaaS applications. Mandi
3:10
and researchers claim they personally
3:12
eavesdropped on the threat actor's
3:14
calling help desk to ask
3:16
staff to reset passwords without
3:18
MFA. Now if that
3:20
failed, the criminals would resort to
3:23
fear-mongering tactics, including threats
3:25
of physical harm to victims
3:27
and their families, and
3:29
an attempt to quickly find a way
3:32
to gain persistent access. Mandi
3:34
and reports that the
3:37
group is targeting organizations,
3:39
including VMware's vCenter Management
3:41
Tool, Cyberarc, Salesforce, Azure,
3:43
among others. And
3:51
now word from our sponsor, Vanta.
3:53
When it comes to ensuring your
3:56
company has top-notch security practices, things
3:59
can get complicated. Vanta
4:02
automates compliance for Salk2, ISO
4:04
27001 and more, saving
4:07
you time and money. With
4:11
Vanta, you can unify your security
4:13
program management and proactively manage security
4:15
reviews with
4:19
AI-powered security questionnaires. Our
4:22
listeners get $1,000 off at
4:24
vanta.com/headlines. That's
4:29
V-A-N-T-A dot
4:32
com slash headlines. Los
4:39
Angeles Public Health Breach impacts 200,000.
4:43
All it takes is one person to click
4:45
the bad guys link. We've all
4:47
heard this story before, but the Los
4:50
Angeles Department of Public Health says the
4:52
personal information of 200,000 individuals has
4:55
been compromised after an employee fell victim
4:58
to a phishing attack back in February.
5:00
The attack led to the compromise of
5:03
53 public health employees' login credentials,
5:07
which allowed attackers to gain access
5:09
to personal information, including names, social
5:11
security numbers, diagnosis
5:14
and prescriptions. Empire
5:20
Market Operators Face Life for
5:22
$430 Million Scheme Two
5:27
of the suspected operators behind the prominent
5:29
dark web marketplace, Empire Market, is
5:33
facing life in prison for their part of
5:35
facilitating more than $430 million in dark web sales.
5:40
While users could buy everything from illicit drugs
5:43
to counterfeit currency, the DOJ has
5:45
charged the pair with
5:48
also helping cybercriminals conduct nearly
5:50
4 million transactions.
5:53
38-year-old Thomas Pavi and 28-year-old
5:55
Raheem Hamilton operated
5:58
the platform from 28-year-old Thomas Pavi. prior
6:00
to starting Empire Market, they
6:03
sold counterfeit U.S. currency on
6:06
the now shut down Alpha Bay. The
6:12
entire town has been breached. Every
6:16
single household within an entire region
6:18
of Scotland is receiving a
6:21
letter warning them that their medical data was
6:24
most likely stolen in a ransomware attack. The
6:27
Inc. Ransomware Group responsible for the attack
6:30
had threatened to release the data unless an
6:32
extortion payment was made, which
6:34
the health trust refused. NHS,
6:37
Dumfries and Galloway's chief executive,
6:41
Julie White, advises all 150,000 residents
6:45
to assume their data has been compromised
6:48
and to be vigilant against potential
6:50
scams. Insurance
6:55
company, Globe Life reports attack. The insurance
6:57
company, Globe Life, which
6:59
oversees more than 17 million policies, disclosed
7:04
a data breach in a filing with the SEC
7:06
last week. The company says they have
7:08
launched an investigation into, quote,
7:11
potential vulnerabilities related to access
7:13
permissions and user identity
7:15
management for a company web portal, end
7:18
quote. It appears the vulnerabilities allowed access
7:21
to consumer and policyholder information, but the report
7:23
did not say how many people or
7:26
what information may have been impacted. Globe
7:31
Life says they have removed access
7:33
to the affected portal and that
7:35
all other systems remain operational. How
7:40
do you manage the risk introduced by your
7:42
staff? This can range from having written passwords
7:45
in plain sight to
7:47
using insecure operating systems
7:49
on BYOD devices. Staff
7:52
can show almost as much creativity as threat
7:54
actors when
7:56
it comes to putting an organization at risk.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More