Â
Â
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Defensive Security Podcast Episode 267
Defensive Security Podcast Episode 267
jerry: [00:00...
more
Jul 10 2022 35m
Chapter 1 59 sec
Alright, here we go. Today is Sunday, July 10th, 2022. And this is episode 267 of the defensive security podcast. My name is Jerry Bell and joining me tonight as always. Is Mr. Andrew KellettChapter 2 59 sec
jerry: Yeah. I & been back for a month from my beach place. And I think today& the first day that we& not had a heat advisoryChapter 3 59 sec
All right. Couple of really interesting stories crossed my desk. Recently and the first one comes from the US department of justice of all places. And the title here is Aerojet, Rocketdyne agrees to pay $9 million to resolve false claims act allegationsChapter 4 59 sec
lawsuit is successful, the person making the allegation, basically it& a whistleblower kind of arrangement. The person making the allegation gets a cut of the settlement. And so in this particular case the whistleblower received $2.61 million dollars of the $9 millionChapter 5 59 sec
know seven figure rangeChapter 6 59 sec
go and I cause. I was very curious about this and did do a bunch of searching and found some summaries of the case and some of the legal documentations, and it looks like. The best I was able to get into is there was a matrix of 56 security controls. Or something around those lines, don& quote me on that and that the company only had satisfactory coverage of five to 10 of themChapter 7 59 sec
understanding is that the scope of this may make increaseChapter 8 59 sec
from CISA the cybersecurity and infrastructure security agency. I hate the name. I really wish they come up with a different name. It& the word security way too many times. Anyway that the title here is North Korea state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sectorsChapter 9 59 sec
organization or a person or entity in North Korea, you can be subject to penalties from the U S governmentChapter 10 59 sec
privileged communications to hide it. At least allegedly in some previous stories we& covered. But that& an interesting problem. Yeah. I can see how that would be a challenge. Maybe if you only paid the ransomware, like in bulk wheat shipmentsChapter 11 59 sec
of them are interesting and things that you haven& seen a lot of recommended before. But a lot of them are just the normal run of the mill platitudes. Only use secured networks and avoid using public wifi networks. Consider you using an installing a VPNChapter 12 59 sec
advisory here. This particular Maui ransomware is actually pretty manual. It actually has to be, apparently be launched. By hand. With the command line. So whoever is whoever the threat actor is, they found some way into the system and you can infer. Assuming that the CISA actually has that kind of insight. You can infer by reading through their recommendations, how they think the north Koreans are getting in there using RDP that& exposed to the internet and then moving laterally using user credentials who have administrative rights and so on. So you can infer based on what they& saying not to do to see probably how it& being propagated, but sometimes it& a little difficult to understand, with these kinds of recommendations how much of it is the result of actual observations and just yeah, we have this listChapter 13 59 sec
of good hygiene practices. And we think this is what you should be doingChapter 14 59 sec
coming through ChinaChapter 15 59 sec
admitChapter 16 59 sec
technically feasible. We& going to have to shift to quantum resistant. Crypto, which is going to be interesting because there it& you going out on a limb and saying thatChapter 17 59 sec
Correct. Conceivably a. A well. In properly skilled quantum computer could. Take a, contemporary. Public key crypto and break it, in, in very short timeChapter 18 59 sec
isChapter 19 59 sec
quantum safe algorithms? Like we were like hypothesizing, how. Quantum computing is going to evolve once it theChapter 20 59 sec
software and software as a service companies and in and whatnot. Because if you do that you you can not just attack one company you can conceivably, with one attack yetChapter 21 59 sec
I& kidding. Of course. Yeah, it& a tough. It& a tough problem. There& so much inherent trust that you establish if we& look back at solar winds and Yeah how many times have you and I said, Hey, upgrades and patches are important. And then that became the attack. Vector. Let& just hope that becomes a rarityChapter 22 59 sec
Supply chain risks happened because you have no choice, but to have a massive amount of trust granted to someChapter 23 59 sec
popular well-knownChapter 24 59 sec
article the super famous. I guess infamous story about the Las Vegas casino that was hacked through theirChapter 25 59 sec
withChapter 26 59 sec
legitimate. We, as humans. Have evolved to trust our senses. And identify people visually and audibly. Withreat level. Like we don& have any built in skepticism that we just inherently trust itChapter 27 59 sec
jerry: Well, you& gonna have to have a multifactor, like you& I think we& going to get to a point. you just can& trustChapter 28 59 sec
of discipline and bureaucratic red tape, but. Otherwise, I just it& going to get too trivially easy. To fake a phone call from the CEOChapter 29 59 sec
malware, probably moving into firmwareChapter 30 59 sec
to move Linux into kind of a windows windows mode of operation. And so I think like the next plan. Like order 66Chapter 31 59 sec
tomorrow. Is the skills crisisChapter 32 59 sec
that& what& To be honest, like one, one of the ways to look at this is, a lot of organizations areChapter 33 59 sec
probably a lot of bad practices. And failure to follow best practices for various reasons that were. Compensating for, with other security controls, as opposed to just. things more inherently secureChapter 34 59 sec
Apparently lotsChapter 35 59 sec
devices. Not. Not not like green-screen terminals but less so in less a wave. Or less general computing and more. Specialized, which I think are easier to secure. That just shifts. A lot of the complexity into other parts of the environment your infrastructureChapter 36 41 sec
the show for today. Thank you all for for listening. Sorry. It& been so long. Life continues. To get in the way of making podcasts. And I, every time I think it& going to level out and I will be less busy. Something happens