Welcome to The Threat Show, powered by Fletch! In this episode, we're joined by Michael Coates, CISO and VP of Engineering at CoinList, a token distribution platform that helps launch new crypto assets.
Michael is a cybersecurity executive, startup founder, and investor/advisor to emerging cybersecurity startups. With over 20 years of experience, he has held pivotal roles in some of the world's most prominent companies, such as CISO of Twitter and Head of Security at Mozilla.
Beyond his corporate achievements, Michael is also a thought leader in the cybersecurity community. He's frequently invited to speak at industry conferences, webinars, and educational programs, where he shares insights on security management, and the future of cybersecurity.
We discuss how businesses can safely transact with cryptocurrency, the need for security technology to be better and lift the burden of ransomware off of non-security people, and more.
Threat Landscape (02:15)
Darien and Chris break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Cyber Attacks Target Caesars Entertainment and MGM – Who’s Next? (03:55)
Caesars Entertainment Inc. and MGM were recently hit by a ransomware attack and paid the ransom, with insider reports suggesting the amount could have been as high as $30 million. The ALPHV ransomware group, also known as the BlackCat group, is suspected of orchestrating these targeted cyber attacks. However, insiders propose that both MGM and Caesars may have been targeted by a lesser-known hacking group known as “Scattered Spider.”
Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks (09:40)
The financially motivated threat actor UNC3944 is shifting its focus to ransomware deployment as part of an expansion to its monetization strategies, according to Mandiant. UNC3944, also known as 0ktapus, Scatter Swine, and Scattered Spider, has been active since early 2022 and initially targeted telecom and business process outsourcing companies. The group has since expanded its targeting to include hospitality, retail, media and entertainment, and financial services. The group has recently emerged as an affiliate for the BlackCat (aka ALPHV or Noberus) ransomware crew, using its new status to breach MGM Resorts and distribute the file-encrypting malware.
Konni APT exploits WinRAR vulnerability (CVE-2023-38831) targeting the cryptocurrency industry (17:20)
The Konni APT group has been found exploiting the WinRAR vulnerability (CVE-2023-38831) to target the cryptocurrency industry. This is the first time an APT group has been observed using this vulnerability in their attacks. The targets of these recent attacks are notably different from their previous activities, suggesting that Konni may be exploring new attack vectors.
Interview with Michael Coates (18:13)
Michael Coates discusses how businesses can safely transact with cryptocurrency, the need for security technology to be better and lift the burden of ransomware off of non-security people, and more.
