Symantec Cyber Security Brief Podcast

Our regular podcast series features threat research and security news, hosted by threat researchers from the Threat Hunter Team.

Episodes

Posted:

Facebook data leak, cyber attack aimed at EU institutions, and cyber criminals use a call center to spread malware

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the big Facebook data leak that has made headlines around the world this week, as well as a cyber attack aimed at European Union institutions, and a cyber incident impacting Australia’s parliament. We also discuss warnings from authorities in the U.S. about attackers attempting to exploit vulnerabilities in Fortinet FortiOS, while authorities in the UK have issued warnings about an increased risk of ransomware attacks targeting the education sector. Meanwhile, some cyber criminals have started using call centers to distribute malware, with the tactic reportedly proving quite successful for several cyber crime groups.

Download
Posted:

Ransomware attackers leverage the Microsoft Exchange Server vulns, WeLeakInfo users hit by data breach, and ransomware payments increase

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss how ransomware attackers are now attempting to leverage the vulnerabilities in Microsoft Exchange Server. We also talk about an interesting interview given by one of the ReEvil ransomware gang to Recorded Future, evidence that ransomware payments increased over the last year, and the users of WeLeakInfo falling victim to their own data breach. Also, we warn U.S. taxpayers to be on the lookout for phishing campaigns at this time of year, and the hacker who made headlines a few weeks ago for hacking security cameras used in Tesla offices and elsewhere is indicted on numerous hacking charges in the U.S.

Download
Posted:

All you need to know about the Microsoft Exchange Server attacks, and some SolarWinds developments

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss the biggest cyber security story of the last couple of weeks - the vulnerabilities in Microsoft Exchange Server. Alan gives a comprehensive overview of the vulnerabilities, what’s happened since they became public knowledge last week, and the steps you can take to keep your organization’s network safe. He also talks about some of the post-compromise activity that Symantec has seen. We also chat about some other topics: new research into the SolarWinds hack, and the arrest of an alleged GandCrab ransomware gang member.

Download
Posted:

Accellion product vulns, Equation group tool copied by Chinese APT, and software supply chain attacks in France

On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman discuss some of the biggest cyber security stories of the last few weeks. Among the stories up for discussion are the bugs in Accellion’s 20-year-old FTA product, which led to multiple companies worldwide reporting breaches related to it. We also talk about the reports saying the Sandworm group has been carrying out a long-running spying campaign against multiple French IT services providers by compromising an open-source IT monitoring tool called Centreon, and a Chinese APT group reportedly cloning an Equation group tool. Some interesting law enforcement activity in recent weeks is also up for discussion.

Download
Posted:

Emotet takedown, water plant cyber attack, and a SolarWinds update

On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman round up some of the biggest cyber security stories of the last two weeks. We bring you the latest developments in the SolarWinds hack investigation, and chat about the significance of the disruption to the Emotet botnet. We also discuss some other recent takedowns and arrests, as well as some of the biggest ransomware stories of the last couple of weeks. We also talk about the recently reported cyber attack on a water treatment plant in the Florida town of Oldsmar - was this just a one-off incident or do industrial control systems like water plants need to be on high alert?

Download
Posted:

Raindrop: How the additional tool was discovered in SolarWinds investigation

Old threats and new feature in this week’s Cyber Security Brief podcast. Dick O’Brien and Gavin O’Gorman discuss the latest developments in the SolarWinds hack investigation, including how Symantec investigators found Raindrop, an additional piece of malware used in the SolarWinds attacks against a select number of victims that were of interest to the attackers. We published a blog about Raindrop last week, and Dick and Gavin discuss how this new malware was discovered. Also, romance scams and DDoS attacks make a comeback.

Download
Posted:

The latest on the SolarWinds hack, a lot of ransomware activity, and healthcare hit hard by cyber attacks

On this week’s Cyber Security Brief, the first of 2021, Dick O’Brien brings us a comprehensive update about some of the developments in the SolarWinds hack story, with a lot having happened since our last podcast. We also discuss some recent ransomware attacks, and how the healthcare sector is having a hard time with cyber attacks at the moment.

Download
Posted:

Sunburst: Everything we know about the supply chain attack targeting SolarWinds users

In this week’s Cyber Security Brief, the last one of 2020, find out all you need to know about the biggest news story of the week - the Sunburst supply chain attack targeting customers of software company SolarWinds. This is one of the biggest cyber security stories of the year, with thousands of organizations affected. Dick O’Brien and Symantec threat analyst Gavin O’Gorman give a comprehensive rundown of everything we know about this attack so far. Also, Twitter is handed a big fine by the Irish data regulator, and bug reports jump in 2020.

Download
Posted:

Cyber predictions for 2021, botnets turn to ransomware, and the Gootkit infostealer reemerges

On this week’s Cyber Security Brief podcast, we discuss what card skimmers are up to during the busiest shopping time of the year, while also bringing some good news about how EU authorities prevented almost $50 million in card fraud this year. Also on the agenda, are botnets abandoning banking Trojans in favour of ransomware? It looks like they might be. We also take a look at some COVID-19 related cyber security stories that are making the headlines, as well as the reemergence of the Gootkit infostealer. Also, Dick O’Brien brings us his predictions for what to expect on the cyber security landscape in 2021 - including predictions around ransomware, the impact of work from home, and increased cooperation between cyber crime gangs.

Download
Posted:

New research about attacks on Japan-linked companies, and APT groups target COVID-19 vaccine makers

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. There are multiple stories about APT groups to cover this week, including our own Threat Intel blog detailing a wide-ranging attack campaign that targeted Japan-linked companies in multiple sectors in 17 regions worldwide. We also discuss other public reports about a Chinese APT targeting governments in South East Asia, and nation-state backed attacks from Russia and North Korea targeting COVID-19 vaccine makers and researchers. We also discuss a separate campaign in which Lazarus is targeting victims in South Korea, and examine some developments in the world of ransomware.

Download
Posted:

Maze 'retires' while Ryuk ramps up activity, U.S. election, and the UK ICO hands down a historically large fine

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. Of course, this week’s U.S. Presidential Election gets a mention, while we also discuss the recently announced ‘retirement’ of the Maze ransomware gang, as well as a threat alert issued last week by authorities in the U.S. about Trickbot and the Ryuk ransomware. Elsewhere, a Russian man was jailed this week for his involvement with a financial botnet, and the UK’s Information Commissioner’s Office handed down a US$23.8 million fine to the Marriott Hotels group.

Download
Posted:

Trickbot disruption, newly released Seedworm research, and some noteworthy indictments

On this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman are joined by Symantec threat researchers Vikram Thakur and Alan Neville. Vikram discusses Symantec’s role in the cross-industry initiative to disrupt the Trickbot botnet. Symantec was part of a global partnership that secured a court order directing hosting providers to take down Trickbot’s infrastructure. Trickbot had spread prolifically across the internet for years and became one of the most commonly blocked types of malware, suggesting it was one of the world’s largest botnets. Alan is on the podcast to discuss some newly-published Symantec research into Seedworm, as the Iran-linked group continues to target organizations in the Middle East, while we also chat about some of the indictments that have recently been announced against various nation-state backed actors around the world.

Download
Posted:

Round up: Financial sector threats, North Korean actors, WastedLocker and more

We are back! Welcome to Season 3 of the Cyber Security Brief podcast, recording now from home. We will be with you every fortnight going forward and we are delighted to be back to tell you all about what is happening in the world of cyber security. In this episode, Dick O’Brien and Brigid O’Gorman discuss some of the projects they have been working on while the podcast was off air - threats against the financial sector, North Korean threat actors’ activity, the WastedLocker ransomware, and an attack linked to the Palmerworm APT group are all covered.

Download