Symantec Cyber Security Brief Podcast

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the Symantec Threat Hunter Team’s latest blog detailing a recent campaign by the Billbug espionage group, in which it targeted a certificate authority and multiple government agencies in various countries in Asia. We also discuss a new strain of ransomware called Prestige, which is being used in attacks against Ukraine, while we also take a look some recent arrests of suspects that are alleged to have been involved in major cyber crime groups - with one suspect alleged to have been involved in the JabberZeus gang arrested in Switzerland, while an alleged member of the LockBit ransomware group was apprehended in Canada.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss two recent Symantec blogs, including one detailing the new Exbyte data exfiltration tool, which is being used by at least one affiliate of the BlackByte ransomware gang. We also discuss our blog about a group called Cranefly, which is using a new dropper and malware, as well as a novel method of reading commands from legitimate IIS logs. We also discuss the OpenSSL vulnerability that caused a lot of headlines over the last week, and the ransomware losses that occurred in 2021.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Kevin Sovey to discuss a blog we recently published about the Budworm espionage group targeting organizations in the U.S. We also discuss another blog we published this week about the Spyder Loader malware being deployed on the machines of government agencies in Hong Kong. We also talk about apparent links between the operators behind Ransom Cartel and the REvil/Sodinokibi ransomware family.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss some of the recent blogs that the Symantec Threat Hunter team has published. We discuss a new wave of espionage activity targeting Asian governments by attackers who were formerly associated with the ShadowPad malware but who appear to have now adopted a new toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. We also examine the current activities of a group we call Webworm, which has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. We also discuss a blog we have published about the Noberus (aka BlackCat ) ransomware, and the recent tactics, tools, and procedures we have seen deployed alongside that ransomware recently.

The Cyber Security Brief is back after its summer break! In this episode, Brigid O Gorman and Dick O’Brien cover some of the stories you might have missed while we were off air. Dick discusses a recent Symantec blog that looks at the implications of poor security practices in the mobile software supply chain, and how this can lead to the exposure of an alarming amount of data. Brigid discusses some of the continuing effects of the Russian invasion of Ukraine in the world of cyber security, including some activity by the Shuckworm APT gang aimed at Ukraine, as well as a seemingly increased focus by Chinese espionage actors on Russia since the invasion began. Finally, we also discuss some recent developments by the Evil Corp cyber crime gang, and what these might mean.

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman are joined by Symantec threat researcher Chris Kiefer to discuss our latest blog about the Bumblebee loader. We discuss this new malware’s place on the cyber crime landscape, its capabilities, and how it is being leveraged by ransomware actors. We also discuss the appearance of new versions of both Raccoon Stealer and LockBit, as well as an FBI warning about deepfakes being used in job interviews. The podcast will be taking a short break for the summer and we will be back with new episodes in September.

In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how Russian espionage actors are exploiting the Follina vulnerability, the release of the latest version of Metasploit, and a new phishing campaign that’s been underway on Facebook. We also discuss ransomware extensively, including what authorities were able to find when they took down the Netwalker ransomware gang, the increasing activity of the BlackCat ransomware, and some new research into the Hello XD ransomware. We also speculate about the impact turmoil on the cryptocurrency markets may have on the types of payment ransomware actors might demand.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the recently discovered Follina vulnerability in Microsoft Office, as well as some recent ransomware stories. One thing we talk about is the apparent break up of the Conti ransomware gang, with evidence pointing to the group folding itself into other ransomware gangs, including Hive, which carried out a recent attack on the health service in Costa Rica. The Clop and REvil names have also appeared in news reports in recent weeks, but are these ransomware gangs really back? And what are the signs of pre-ransomware activity that organizations need to look out for on their networks because they may indicate a ransomware attack in preparation?

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman discuss the recent in-depth whitepaper the Symantec Threat Hunter team produced about Chinese cyber-espionage activity, which details the most active groups operating out of that country at the moment, as well as the tactics, tools, and procedures they leverage, the custom malware they use, and who their victims tend to be. We also talk about recent warnings from U.S. authorities about North Korean nationals posing as citizens of other countries to gain employment, and threats from the Conti ransomware gang to “overthrow” the government of Costa Rica.

In the latest Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the recent research published by Symantec’s Threat Hunter Team, including our blog about the activity of North Korean APT group Stonefly, and our latest whitepaper on the topic of Commodity Malware. We also talk about some stories that were in the news over the last week or so, including the possible return of the REvil/Sodinokibi ransomware gang, a new loader called Bumblebee that might be a successor to BazarLoader, and a China-on-Russia intelligence-gathering attack.

On this week’s Cyber Security Brief, Brigid O Gorman is joined by Symantec threat researchers John-Paul Power and Alan Neville. In this week’s podcast we discuss some recent research published by Symantec detailing new activity in the Dream Job campaign carried out by the North Korean Lazarus APT group, as well as continuing attacks aimed at Ukraine carried out by the Russia-linked APT group Shuckworm. Also, we talk about a critical vulnerability in the Windows Remote Procedure Call Runtime (RPC) protocol, the shut down of two well-known dark marketplaces, and the emergence of a new marketplace offering stolen data for sale.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the research published by Symantec’s Threat Hunter team over the past couple of weeks, including a new Cicada/APT10 espionage campaign targeting government organizations and NGOs in multiple countries worldwide. We discuss the new Verblecon malware, which is being deployed in sophisticated campaigns that appear to have the relatively low-reward goal of cryptocurrency mining as their main objective. We also talk about the Spring4Shell vulnerability that briefly caused a lot of consternation last week, and give an update about the latest information that has emerged about the cyber activity that has been seen targeting organizations in Ukraine.

In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien talk about extortion hacking group Lapsus$, which has made headlines in recent weeks by claiming to have compromised numerous high-profile companies including Microsoft, Okta, and Nvidia. We tell you what we know so far about this controversial new actor. We also discuss the impact the Russian invasion of Ukraine has had in the world of cyber security, from Russia potentially running out of data storage facilities due to international cloud providers pulling out of the country, to warnings about attacks on critical infrastructure being issued by authorities in the U.S. and the UK. Finally, the BazarBackdoor malware is seen deploying some new tactics.

In this special edition of the podcast, Dick O’Brien is joined by Symantec threat researchers and analysts Piotr Krysiuk and Vikram Thakur to discuss the Symantec Threat Hunter team’s discovery of Daxin, which is the most advanced piece of malware we have seen from China-linked actors. We published a blog about the discovery of Daxin last week, as well as two in-depth technical blogs with more information on the tool this week. Piotr discusses his work analyzing the malware, and when he realized the significance of this discovery, while Vikram talks about liaising with customers impacted by the malware as well as working with the Cyber Security and Infrastructure Security Agency (CISA) to engage with multiple foreign governments targeted with Daxin to assist with detection and remediation.

In this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss some of the activity we saw in Ukraine prior to the escalation of the last couple of days. We also heavily cover ransomware in this podcast, including discussing a recent FBI alert about the BlackByte ransomware, and a possible decryptor for the Hive ransomware, as well as some research into how long ransomware gangs are remaining active for these days and the amount of money they are making. Finally, we also discuss how BEC scammers are leveraging virtual meeting platforms in their attacks.

In this week’s Cyber Security Brief podcast, Dick O’Brien and Alan Neville discuss how Chinese state-backed advanced persistent threat (APT) group Antlion targeted financial institutions in Taiwan in a persistent campaign over the course of at least 18 months. Also up for discussion is the recent arrest of a New York couple and the seizure of $3.6 billion in cryptocurrency allegedly linked to the 2016 Bitfinex hack, as well as continuing attacks carried out by the Russia-linked Shuckworm APT group against targets in Ukraine.

In this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O Gorman discuss the tumultuous situation in Ukraine, where cyber attacks, including destructive cyber attacks, have been aimed at government and private sector organizations. The WhisperGate attacks, as they have been dubbed, have been compared by many to the infamous 2017 NotPetya wiper attacks. Also up for discussion is recent law enforcement activity aimed at cyber criminals in Russia and elsewhere, and some ransomware news, including a Noberus ransomware attack, and the FBI officially linking the Diavol ransomware to the creators of Trickbot and Conti.

Welcome to the first Cyber Security Brief of 2022! In this week’s podcast, Dick O’Brien and Brigid O Gorman chat about some of the biggest news stories of the last couple of weeks. The topics up for discussion in this episode include: FIN7 BadUSB attacks return, an interesting new multi-platform backdoor, and the latest way attackers are attempting to abuse Google Docs. Also, a jump in the number of extortion DDoS attacks, how payments to suspicious cryptocurrency wallets have exploded in recent months, corruption of open source libraries as a form of protest, and how one APT group managed to infect itself with its own malware.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec Threat Analyst Alan Neville to discuss the vulnerabilities in Apache Log4j that made lots of headlines this week. We also discuss two other blogs that Symantec published this week, including one looking at an attack campaign aimed at telecoms companies in the Middle East and Asia that appears likely to have originated from Iran-based attackers. Meanwhile, we also talk about a blog we published covering details about a new Rust-based malware we have dubbed Noberus (ALPHV/BlackCat). This is our last Cyber Security Brief podcast of 2021, we will be back on January 13.