Welcome to The Threat Show for the week of Nov 14th. This week’s special guest is Kevin Johnson, the CEO/Founder/self-proclaimed "Head Nerd" of Secure Ideas. We discuss the need for cybersecurity training to move away from a profit driven model and tactics to help align security teams with the goals of a business.
China is likely stockpiling and deploying vulnerabilities, says Microsoft (02:14)
China is stocking up on vulnerabilities as if they’re munitions in order to carry out Nation State sponsored attacks against organizations and governments. These attacks target key products, key apps, key operations systems, frequently in the public and finance sectors.
Mitigation: These vulnerabilities should have your top priority when it comes to patching.
CVEs: CVE-2021-40539, CVE-2021-44077, CVE-2021-35211, CVE-2021-42321, CVE-2022-26134
Sanctioned deals: the Irano-Russian connection under Ankara's supervision. Analysis of the NPPD leak (06:16)
Amidst political unrest in Iran, hacktivists are attempting to shine a light on inequalities carried out by the government. Reports detailed specific tactics leveraged by these groups to carry out their attacks, showing that they used common malware in order to make it harder to attribute the attacks to themselves.
Mitigation: Attribution can be nice to know, but it is often unnecessary for small to midsize organizations so don’t make it your primary focus if you do get compromised.
Snatch Ransomware Group Claims to Have Hacked Military Technology Provider HENSOLDT France (13:34)
A Russian ransomware group has hacked a French defense contractor, HENSOLDT, and released stolen data. We discuss if ransomware should qualify as hacking.
Mitigation: Understand all the points of ingress that could make you vulnerable. Anything that is connected to the internet could be an attacker’s key into your organization.
Malware: Snatch
