Advertise on podcast: Symantec Cyber Security Brief Podcast

In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how Russian espionage actors are exploiting the Follina vulnerability, the release of the latest version of Metasploit, and a new phishing campaign that’s been underway on Facebook. We also discuss ransomware extensively, including what authorities were able to find when they took down the Netwalker ransomware gang, the increasing activity of the BlackCat ransomware, and some new research into the Hello XD ransomware. We also speculate about the impact turmoil on the cryptocurrency markets may have on the types of payment ransomware actors might demand.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the recently discovered Follina vulnerability in Microsoft Office, as well as some recent ransomware stories. One thing we talk about is the apparent break up of the Conti ransomware gang, with evidence pointing to the group folding itself into other ransomware gangs, including Hive, which carried out a recent attack on the health service in Costa Rica. The Clop and REvil names have also appeared in news reports in recent weeks, but are these ransomware gangs really back? And what are the signs of pre-ransomware activity that organizations need to look out for on their networks because they may indicate a ransomware attack in preparation?

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman discuss the recent in-depth whitepaper the Symantec Threat Hunter team produced about Chinese cyber-espionage activity, which details the most active groups operating out of that country at the moment, as well as the tactics, tools, and procedures they leverage, the custom malware they use, and who their victims tend to be. We also talk about recent warnings from U.S. authorities about North Korean nationals posing as citizens of other countries to gain employment, and threats from the Conti ransomware gang to “overthrow” the government of Costa Rica.

In the latest Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the recent research published by Symantec’s Threat Hunter Team, including our blog about the activity of North Korean APT group Stonefly, and our latest whitepaper on the topic of Commodity Malware. We also talk about some stories that were in the news over the last week or so, including the possible return of the REvil/Sodinokibi ransomware gang, a new loader called Bumblebee that might be a successor to BazarLoader, and a China-on-Russia intelligence-gathering attack.

On this week’s Cyber Security Brief, Brigid O Gorman is joined by Symantec threat researchers John-Paul Power and Alan Neville. In this week’s podcast we discuss some recent research published by Symantec detailing new activity in the Dream Job campaign carried out by the North Korean Lazarus APT group, as well as continuing attacks aimed at Ukraine carried out by the Russia-linked APT group Shuckworm. Also, we talk about a critical vulnerability in the Windows Remote Procedure Call Runtime (RPC) protocol, the shut down of two well-known dark marketplaces, and the emergence of a new marketplace offering stolen data for sale.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the research published by Symantec’s Threat Hunter team over the past couple of weeks, including a new Cicada/APT10 espionage campaign targeting government organizations and NGOs in multiple countries worldwide. We discuss the new Verblecon malware, which is being deployed in sophisticated campaigns that appear to have the relatively low-reward goal of cryptocurrency mining as their main objective. We also talk about the Spring4Shell vulnerability that briefly caused a lot of consternation last week, and give an update about the latest information that has emerged about the cyber activity that has been seen targeting organizations in Ukraine.

In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien talk about extortion hacking group Lapsus$, which has made headlines in recent weeks by claiming to have compromised numerous high-profile companies including Microsoft, Okta, and Nvidia. We tell you what we know so far about this controversial new actor. We also discuss the impact the Russian invasion of Ukraine has had in the world of cyber security, from Russia potentially running out of data storage facilities due to international cloud providers pulling out of the country, to warnings about attacks on critical infrastructure being issued by authorities in the U.S. and the UK. Finally, the BazarBackdoor malware is seen deploying some new tactics.

In this special edition of the podcast, Dick O’Brien is joined by Symantec threat researchers and analysts Piotr Krysiuk and Vikram Thakur to discuss the Symantec Threat Hunter team’s discovery of Daxin, which is the most advanced piece of malware we have seen from China-linked actors. We published a blog about the discovery of Daxin last week, as well as two in-depth technical blogs with more information on the tool this week. Piotr discusses his work analyzing the malware, and when he realized the significance of this discovery, while Vikram talks about liaising with customers impacted by the malware as well as working with the Cyber Security and Infrastructure Security Agency (CISA) to engage with multiple foreign governments targeted with Daxin to assist with detection and remediation.

In this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss some of the activity we saw in Ukraine prior to the escalation of the last couple of days. We also heavily cover ransomware in this podcast, including discussing a recent FBI alert about the BlackByte ransomware, and a possible decryptor for the Hive ransomware, as well as some research into how long ransomware gangs are remaining active for these days and the amount of money they are making. Finally, we also discuss how BEC scammers are leveraging virtual meeting platforms in their attacks.

In this week’s Cyber Security Brief podcast, Dick O’Brien and Alan Neville discuss how Chinese state-backed advanced persistent threat (APT) group Antlion targeted financial institutions in Taiwan in a persistent campaign over the course of at least 18 months. Also up for discussion is the recent arrest of a New York couple and the seizure of $3.6 billion in cryptocurrency allegedly linked to the 2016 Bitfinex hack, as well as continuing attacks carried out by the Russia-linked Shuckworm APT group against targets in Ukraine.

In this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O Gorman discuss the tumultuous situation in Ukraine, where cyber attacks, including destructive cyber attacks, have been aimed at government and private sector organizations. The WhisperGate attacks, as they have been dubbed, have been compared by many to the infamous 2017 NotPetya wiper attacks. Also up for discussion is recent law enforcement activity aimed at cyber criminals in Russia and elsewhere, and some ransomware news, including a Noberus ransomware attack, and the FBI officially linking the Diavol ransomware to the creators of Trickbot and Conti.

Welcome to the first Cyber Security Brief of 2022! In this week’s podcast, Dick O’Brien and Brigid O Gorman chat about some of the biggest news stories of the last couple of weeks. The topics up for discussion in this episode include: FIN7 BadUSB attacks return, an interesting new multi-platform backdoor, and the latest way attackers are attempting to abuse Google Docs. Also, a jump in the number of extortion DDoS attacks, how payments to suspicious cryptocurrency wallets have exploded in recent months, corruption of open source libraries as a form of protest, and how one APT group managed to infect itself with its own malware.