Sponsored By
Exfiltrate. Encrypt. Exploit. In 2021, ransomware attackers moved beyond exfiltrating and encrypting data to extract a ransom, working to compromise the victim’s build server to introduce an exploit through which to launch large scale attacks. VP of Cloud Security Matt Cauthorn joins Security Weekly to walk through the lateral movements these attackers use to pull off the Cyber Hat Trick.
This segment is sponsored by ExtraHop Networks.
Visit https://securityweekly.com/extrahop-rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!
Full Episode Show NotesCyber Hat Trick: How Ransomware Gangs Exfiltrate, Encrypt & Exploit
- encrypting data is one way – they have a portfolio of attacks, they do whatever they can do to extort and make money
- too many ways to hide the money! – Moving towards the Internet of ownership, bad actors can just own our stuff.
- ransomware is the ultimate disruption, tech debt is real! – predatory lending scheme.
- More decentralization is needed to help combat attackers, not have one point of failure.
- Are we just moving the problem to the cloud? – Does it help with RBAC and permissions? permissions to network interfaces? Lifting and shifting has to evolve, its available, you just have to learn it.
- if there is no one central thing to encrypt, but its distributed somehow?
- how do you really own and protect your accounts? Map it back to blockchain?
Guests
Hosts
|
Adrian Sanabria - Senior Research Engineer at CyberRisk Alliance @sawaba Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full. |
|
April Wright - Preventative Security Specialist at Architect Security @aprilwright April Wright is a Preventative Security Specialist at ArchitectSecurity.org |
|
Paul Asadoorian - Founder at Security Weekly @securityweekly Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones. |
Announcements
-
Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!
We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!
Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!