‹ All episodes

Reimagining Cyber - real world perspectives on cybersecurity

Hackers Hit COVID Relief, Microsoft & Ukraine, Data Breach at LastPass & WhatsApp - Ep 46

December 14, 2022 Reimagining Cyber Season 1 Episode 46
Reimagining Cyber - real world perspectives on cybersecurity
Hackers Hit COVID Relief, Microsoft & Ukraine, Data Breach at LastPass & WhatsApp - Ep 46
Info
Reimagining Cyber - real world perspectives on cybersecurity
Hackers Hit COVID Relief, Microsoft & Ukraine, Data Breach at LastPass & WhatsApp - Ep 46
Dec 14, 2022 Season 1 Episode 46
Reimagining Cyber

In this EXTRA! episode Rob and Stan talk about:
- Secret Service reports of Chinese hackers stealing tens of millions of dollars worth of U.S. COVID relief benefits since 2020.
- Microsoft's help for Ukraine
- What the latest data breach means for LastPass' business.
- Data breach at WhatsApp


Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

Share
Apple Podcasts Spotify Amazon Music Podcast Index Overcast Stitcher +
Show Notes Transcript

In this EXTRA! episode Rob and Stan talk about:
- Secret Service reports of Chinese hackers stealing tens of millions of dollars worth of U.S. COVID relief benefits since 2020.
- Microsoft's help for Ukraine
- What the latest data breach means for LastPass' business.
- Data breach at WhatsApp


Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

Well, hey everyone, it's Rob Aragao and Stan Wisseman back here again for another episode of Reimagining Cyber Extra.

So, let's talk this week about what's recently been happening, some of the different topics you and I have had these cyber conversations. Of course, we always do that all the time. And now we're bringing it forward in these extra episodes. So, what do you want to talk about first?

 Let's talk about some of the nation state attacks that are out there that we've seen some press on. One of the ones that caught my eye was the Secret Service, came out and said that there are hackers from China that were linked to stealing around 20 million dollars of US covid relief benefits, including small business administration loans and unemployment insurance funds from over a dozen states.

 And so that was the first attribution. To a foreign state sponsored cybercriminal group. And this particular attribution went back to a Chengdu based hacking group, known as a APT41. 

 Yeah, I saw that too. And I think what's interesting also on top of that is the aspect of timing, right?  You hear DHS talking about, hey, we need to be paying much more attention to these nation state sponsor types of events and incidents occurring. They've been going on for quite some time. Critical infrastructure's part of it. Here's the example that just came out with Secret Service saying, hey, we look at about 20 million of Covid Relief fund states being impacted, but it's also the realization that, yeah it's literally, as they call you a key stroke away from a major type of incident occurring and all these different type of critical infrastructure examples I think are starting to really open up the eye.

What we saw last year, we talked about it in the past, ColonialPpipeline. What we're seeing, takes us into almost recently with Microsoft, just talking about the additional kind of pledge on their end to help fortify some of the security capabilities for Ukraine as they continue to, try to steer Russia from a cyber perspective away from them. And some of these specific incidents occurring there. 

 Microsoft has been helping Ukraine quite a bit and they actually, again, that was another news item that caught my eye was the fact that the digital threat analysis center at Microsoft warned that Russia is intensifying  their pressure not only in Ukraine, but also sources of political and supply that countries like United States that are gonna be helping Ukraine out.

  And they attributed attacks in October, the ransomware attacks that hit Polish transportation and logistic organizations right to the Russian military. We mentioned in the last extra issue that it looked like perhaps the Russian and Ukrainian bad actors were a little bit busy. Because of the war and fighting each other. But maybe they're going to be dedicating more time going after those that are supplying aid to Ukraine. 

 Yeah. Yeah. That's something as well. So, I think, that ransom where you're talking about in October that you saw come out and then some of the elements also that Microsoft had in their report around, it's interesting how they actually kind timeline some of the physical and then the cyber specific types of incidents and the cyber aspect of it continuously. Yeah. It's more of what we're seeing around kind of energy, right? The critical infrastructure, water supplies. They're coming at it from all different perspectives. 

 They're doing kinetic, obviously, against the energy infrastructure of Ukraine. And why not also combine that with cyber and make it that much more difficult for everybody? Yeah. I think going back to the incident with the SBA and attacks there. I have a friend who actually works as a lawyer in the fraud department at SBA. Okay. And he has told me for quite some time of just how bad the fraud is.

And I think, this is just the tip of the iceberg as far as foreign entities that have leveraged the weaknesses that we've had in this vetting process of loans and other benefits. And it's unfortunate that we made it so easy but they saw an opportunity or are taking advantage of it.

 And you can kind of un, I don't want to say understand that there would be such an opportunity, but think about what occurred, right? And just how quickly they had to move to make something available with the funds and scramble to put up the systems to support that and everything that comes along and that the security checks, that they holistically, traditionally probably would do, sometimes can be questioned, but on top of it all, this is even worse when you think about the time to being able to get this out there and available for people to leverage. 

 Yeah. So that's that balance between you got to keep these businesses alive and afloat and at the same time if you make it too easy it, it's gonna be just a repeatable fraud that can be perpetrated by bad actors. Absolutely. What else are you seeing out there? 

It's unfortunate, but LastPass, second time within, I don't know, maybe six months or so, another data breach. And they're saying that the thing that's interesting is they posted on their own kind of, page up on their blogs stating, I believe it was on the 30th of November, that there was another breach.

 It was attributed to information that was leveraged back, I think in the summer month, maybe August. And, has gotten, again, end user information in their hands. So, I'd say it's interesting because they post it, they make you aware of it. And just before this morning I'm going through my information, news, and whatnot, I'm like, hey, lemme go take a look and see what the latest is that they've posted and updated on their page.

 Crickets, right? Crickets. Crickets. 

 So, it's a little like this concerning, it's to what's really going on there Now they state that, using the LastPass solution and the kind of way that they deal with credentials and zero knowledge of the credentials is really, again, not impacted.

 So, I, okay, I get that. But still, hey, people are leveraging this as their vault for their passwords and simplification, and it's two times in a very short window and it's attributed back to, what was learned from that particular past breach? 

 I'm curious as to how the breach will impact their business too.

 Cause you know, if you look at the way the number of breaches has created a numbness to the public. The true lasting impact to organization due to a breach is really not come to fruition. The targets of the world are still doing quite well, right?

 But when your business is to be a vault for these passwords. It's, I would think this concerning to be trusting it's a breach of trust in an area that that is your business, is to protect my secrets. And I would think that you'd look elsewhere. Yeah. But then again, any of those kinds of vaulting systems will be a natural target.

 Yeah. And whether, or not the next one you use is gonna be any better. On the one hand I am a fan for of them and recommend leveraging them because my, my dad has a handheld device that we gave to him for Christmas. It's one of those things where it's not connected to the network, it's just a device where you're actually able to store your passwords.

 Okay. And it has been great because he's uses it religiously and if his memory fails on something, he knows where it is now. The sad thing is my mom does not use that or anything so close to that. And she forgot her password on said system and we couldn't help her out, and anyway, it was just one of those things, it was like one of those frustration points in the, in, in the inner household.

It's, it was like, look what I do, honey. Why aren't you using my best practice?

  I learned from my son that this is the way you should do this stuff!  It's funny that you bring that because it's like the consistent, calls from friends and family about, hey, what should I do with this, security issue.

 Hey, I read this thing that happened on, with Apple and, my iPhone. Should I update it? Yeah. Why don't you go ahead and update that thing. But it's like when you get to, coming off of Thanksgiving just a few weeks back and it's all those interesting conversations, like the topics all come to the table at that point in time.

 Hey Rob, let me ask you about this thing. And I'm like, oh God, can't we just talk about football today?  Yeah. Yeah. One of the other things that I thought was interesting is WhatsApp also had a breach that they put out there and announced and said, hey, I guess it was like 500 million of their user’s information was gotten basically, it's basically who you are and your phone number is what it is. So that is being sold on the dark web, I want to say they have it broken up by country is what I was reading. And I believe, like for example, the US was something like, if you want the whole list of US users, we have with their attributed phone numbers, it's about $7,000 that you can, go ahead and point up pretty cheap.

 Yeah. Wow. And then they're using that obviously for smishing attacks, right? Yeah. Perfect time of the year. So it's oh, come on. Yet had another thing, that’s taken advantage of out there.

 Speaking of during Thanksgiving dinner conversation, I think it was my daughter that, my oldest daughter was saying that she was getting a lot of those kind of smishing kind of attacks, these kind of texts from unknowns that were inundating her phone.

 And it, it's one of those things we get used to the emails right. And build up that internal filter and actually filter out some when you can. But the SMS attacks is just it's just it's unfortunate It's just not gonna stop. No. 

 And it's just, it seems the more frequently coming either from banks or to, I should say, looking like they're banks.

 Or some retail establishment, right?  And then I've seen recently even where it's like a, your kind of cellular service provider, so they're trying to come across like your Verizon or T-Mobile, update this. Click on the link. Capture this information, click on the link for this Black Friday, Cyber Monday special. Like all that type of stuff. 

 Thanks Stan. I think, again, another great conversation. I hope everyone is enjoying the extra episodes and they'll keep on coming.