This podcast will give you a summary of the latest news related to cyber intelligence and proactive cybersecurity in only a few minutes.
The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.
Chinese-backed threat actors breached New York City’s Metropolitan Transportation Authority (MTA) network in April using a VPN provider that had a zero-day.
Just to remind the listeners, a zero-day means exploit or vulnerability the vendor is not aware and there is no patch to solve the issue yet.
A VPN stands for Virtual Private Network, which means it is the part of the network that must be exposed to the internet as it enables employees to connect and work from remote environments.
Luckily, they still failed to cause any data loss or gain access to systems controlling the transportation fleet.
According to Rafail Portnoy, MTA’s Chief Technology Officer, while the attackers hacked into several MTA computer systems, they couldn’t gain access to employee or customer information.
MTA mitigated the vulnerability one day after the VPN provider issued an advisory, and published an alert that it had a vulnerability which already being exploited in the wild.
The malware is custom-tailored for compromising the specific VPN called Pulse Secure appliances and used to maintain long-term access to networks, collect credentials, and steal proprietary data.
The zero-day was exploited together with other bugs used to hack the networks of dozens of US and European organizations across several verticals, including defense, government, high tech, transportation, and financial sectors.
This is a great example where cyber intelligence could have complement the organization’s security measures which failed and were not enough.
Using cyber intelligence organizations could have received indicators such as hash files, URLs, or IP addresses that are part of this offensive campaign and defend against this threat.
Cox Media Group appeared to be struggling with a cyber attack after many of its live streams went down.
Cox is a large US media conglomerate, comprising 54 radio stations in 10 markets and 33 TV stations in 20 markets. It also operates the conservative news site rare.us, which appears to be unaffected.
The US has recently increased its ransomware attacks scrutiny as they begin to pose a more visible national security threat.
The deputy of national security advisor for cyber and emerging technology sent an open letter to US businesses urging them to be more resilient after the JBS and Colonial attacks. The letter laid out a series of protective steps, including backing up data, segmenting their networks, and maintaining an incident response plan. this in addition to many other seniors in the US administration who blamed multiple countries lately including Russia, China, and others for performing cyber attacks against the USA.
Lately, the USA is being hit by more and more ransomware and other cyber attacks aimed to disrupt networks and organizations that have a national impact once they are hacked.
What will the USA decide to do in order to stop these cyber attacks ?
for now it seems the USA try diplomacy hopefully it can avoid the upcoming cyber confrontation.
That’s it for this podcast, stay safe and see you in the next podcast.
Don’t forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.