Risky Business #669 -- Finally, an ICS attack that made stuff explode!
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Activists who are totally not Israeli military hackers make Iranian steel mills firebally
- Chinese APT crews use ransomware to muddy attribution
- Attackers are now ransoming cloud access
- Chinese APTs using building control systems for persistence and stealth
- USA, UK and NZ govts issue PowerShell advice
- Much, much more
This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Iranian steel facilities suffer apparent cyberattacks
- Automotive fabric supplier TB Kawashima announces cyberattack
- US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future
- BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks
- Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future
- Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter
- Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web
- Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future
- Akamai Blog | Bots Are Scalping Israeli Government Services
- Rise of LNK (Shortcut files) Malware | McAfee Blog
- Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT
- Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future
- The hacking industry faces the end of an era | MIT Technology Review
- Lawmakers want to restrict user data sales to nations like China, Russia
- US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future
- CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
- A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review
- Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions
- Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig
- BSides Cleveland organizer steps down after controversial guest added as ‘surprise’ speaker | The Daily Swig
- CISA experts propose ‘311’ cybersecurity emergency call line for small businesses - The Record by Recorded Future
- CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future
- CSAC Recommendations (06-16-2022) (1) - DocumentCloud
- Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security
- Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig
- Oracle patches ‘miracle exploit’ impacting Middleware Fusion, cloud services | The Daily Swig
- Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO
- FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future
- Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter
- PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter
- Patrick Gray on Twitter: "????" / Twitter
