Symantec Cyber Security Brief Podcast

Our regular podcast series features threat research and security news, hosted by threat researchers from the Threat Hunter Team.

Episodes

Posted:

Accellion product vulns, Equation group tool copied by Chinese APT, and software supply chain attacks in France

On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman discuss some of the biggest cyber security stories of the last few weeks. Among the stories up for discussion are the bugs in Accellion’s 20-year-old FTA product, which led to multiple companies worldwide reporting breaches related to it. We also talk about the reports saying the Sandworm group has been carrying out a long-running spying campaign against multiple French IT services providers by compromising an open-source IT monitoring tool called Centreon, and a Chinese APT group reportedly cloning an Equation group tool. Some interesting law enforcement activity in recent weeks is also up for discussion.

Download
Posted:

Emotet takedown, water plant cyber attack, and a SolarWinds update

On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman round up some of the biggest cyber security stories of the last two weeks. We bring you the latest developments in the SolarWinds hack investigation, and chat about the significance of the disruption to the Emotet botnet. We also discuss some other recent takedowns and arrests, as well as some of the biggest ransomware stories of the last couple of weeks. We also talk about the recently reported cyber attack on a water treatment plant in the Florida town of Oldsmar - was this just a one-off incident or do industrial control systems like water plants need to be on high alert?

Download
Posted:

Raindrop: How the additional tool was discovered in SolarWinds investigation

Old threats and new feature in this week’s Cyber Security Brief podcast. Dick O’Brien and Gavin O’Gorman discuss the latest developments in the SolarWinds hack investigation, including how Symantec investigators found Raindrop, an additional piece of malware used in the SolarWinds attacks against a select number of victims that were of interest to the attackers. We published a blog about Raindrop last week, and Dick and Gavin discuss how this new malware was discovered. Also, romance scams and DDoS attacks make a comeback.

Download
Posted:

The latest on the SolarWinds hack, a lot of ransomware activity, and healthcare hit hard by cyber attacks

On this week’s Cyber Security Brief, the first of 2021, Dick O’Brien brings us a comprehensive update about some of the developments in the SolarWinds hack story, with a lot having happened since our last podcast. We also discuss some recent ransomware attacks, and how the healthcare sector is having a hard time with cyber attacks at the moment.

Download
Posted:

Sunburst: Everything we know about the supply chain attack targeting SolarWinds users

In this week’s Cyber Security Brief, the last one of 2020, find out all you need to know about the biggest news story of the week - the Sunburst supply chain attack targeting customers of software company SolarWinds. This is one of the biggest cyber security stories of the year, with thousands of organizations affected. Dick O’Brien and Symantec threat analyst Gavin O’Gorman give a comprehensive rundown of everything we know about this attack so far. Also, Twitter is handed a big fine by the Irish data regulator, and bug reports jump in 2020.

Download
Posted:

Cyber predictions for 2021, botnets turn to ransomware, and the Gootkit infostealer reemerges

On this week’s Cyber Security Brief podcast, we discuss what card skimmers are up to during the busiest shopping time of the year, while also bringing some good news about how EU authorities prevented almost $50 million in card fraud this year. Also on the agenda, are botnets abandoning banking Trojans in favour of ransomware? It looks like they might be. We also take a look at some COVID-19 related cyber security stories that are making the headlines, as well as the reemergence of the Gootkit infostealer. Also, Dick O’Brien brings us his predictions for what to expect on the cyber security landscape in 2021 - including predictions around ransomware, the impact of work from home, and increased cooperation between cyber crime gangs.

Download
Posted:

New research about attacks on Japan-linked companies, and APT groups target COVID-19 vaccine makers

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. There are multiple stories about APT groups to cover this week, including our own Threat Intel blog detailing a wide-ranging attack campaign that targeted Japan-linked companies in multiple sectors in 17 regions worldwide. We also discuss other public reports about a Chinese APT targeting governments in South East Asia, and nation-state backed attacks from Russia and North Korea targeting COVID-19 vaccine makers and researchers. We also discuss a separate campaign in which Lazarus is targeting victims in South Korea, and examine some developments in the world of ransomware.

Download
Posted:

Maze 'retires' while Ryuk ramps up activity, U.S. election, and the UK ICO hands down a historically large fine

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. Of course, this week’s U.S. Presidential Election gets a mention, while we also discuss the recently announced ‘retirement’ of the Maze ransomware gang, as well as a threat alert issued last week by authorities in the U.S. about Trickbot and the Ryuk ransomware. Elsewhere, a Russian man was jailed this week for his involvement with a financial botnet, and the UK’s Information Commissioner’s Office handed down a US$23.8 million fine to the Marriott Hotels group.

Download
Posted:

Trickbot disruption, newly released Seedworm research, and some noteworthy indictments

On this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman are joined by Symantec threat researchers Vikram Thakur and Alan Neville. Vikram discusses Symantec’s role in the cross-industry initiative to disrupt the Trickbot botnet. Symantec was part of a global partnership that secured a court order directing hosting providers to take down Trickbot’s infrastructure. Trickbot had spread prolifically across the internet for years and became one of the most commonly blocked types of malware, suggesting it was one of the world’s largest botnets. Alan is on the podcast to discuss some newly-published Symantec research into Seedworm, as the Iran-linked group continues to target organizations in the Middle East, while we also chat about some of the indictments that have recently been announced against various nation-state backed actors around the world.

Download
Posted:

Round up: Financial sector threats, North Korean actors, WastedLocker and more

We are back! Welcome to Season 3 of the Cyber Security Brief podcast, recording now from home. We will be with you every fortnight going forward and we are delighted to be back to tell you all about what is happening in the world of cyber security. In this episode, Dick O’Brien and Brigid O’Gorman discuss some of the projects they have been working on while the podcast was off air - threats against the financial sector, North Korean threat actors’ activity, the WastedLocker ransomware, and an attack linked to the Palmerworm APT group are all covered.

Download