Hacktivism Unveiled: Insights into the Footprints of Hacktivists – Pascal Geenens – ESW #351
Full Audio
View Show IndexSegments
1. Hacktivism Unveiled: Insights into the Footprints of Hacktivists – Pascal Geenens – ESW #351
Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture!
You can find the report Pascal mentions here, on Radware's website: https://www.radware.com/threat-analysis-report/
Announcements
Security Weekly listeners save $100 on their RSA Conference 2024 Full Conference Pass! RSA Conference will take place May 6 to May 9 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac24 and use the code 54USECWEEKLY! We hope to see you there!
Guest
Pascal Geenens is the director of threat intelligence for Radware and leads the company’s global threat intelligence program. With more than 25 years of experience in information security and technology, Pascal has developed strong expertise in tracking state-sponsored and nationalist cyber adversary groups. Throughout his career, Pascal has discovered several malware families, including BrickerBot, malware designed to destroy unsecured IoT devices. Pascal’s unique perspective and insights have been featured in many publications and inspired audiences across the globe. Pascal contributed several chapters to the CRC Press book ‘Botnets – Architectures, Countermeasures, and Challenges.’
Before joining Radware, Pascal worked as a consulting engineer for Juniper Networks and as an engineer at IBM. Pascal holds a Master of Science degree in electrical engineering, communication, and information technology from the Free University of Brussels.
Hosts
2. Funding goes quiet while M&A makes some noise! – ESW #351
In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back.
Some other topics we discuss:
- NIST CSF 2.0
- insider threats
- Ivanti Pulse Secure's appliance software found to be running positively ancient software (11 year old Linux distro, 5-20+ year old libraries & components)
- Nevada AG trying to get messaging decrypted for children, to "protect them"
- Kelly Shortridge's response to CISA's secure development RFI
- OpenAI's new GenAI video product, Sora and the potential impact it could have on cybersecurity
- Instacart spews out crappy AI recipes and photos
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. FUNDING: Clumio Raises $75M in Series D Funding
$75M Series D led by Sutter Hill Ventures. Clumio aims to "radically simplify backup and recovery for public cloud customers."
- 2. ACQUISITIONS: Tufin Acquires AKIPS
Tufin - one of the four or five legacy firewall orchestration vendors (FireMon, AlgoSec, Skybox, RedSeal). Most of these have been trying to differentiate beyond firewall orchestration, particularly FireMon, with its ventures into cloud security.
Tufin acquires AKIPS, an Australian provider of network monitoring solutions.
- 3. ACQUISITIONS: Delinea to Acquire Fastpath
Delinea is a PAM vendor, expanding more into the identity space with it's acquisition of IGA vendor, Fastpath.
- 4. ACQUISITIONS: Armis Acquires AI Cybersecurity Company CTCI
No deal details, but CTCI is a private company specializing in "AI-powered pre-attack threat hunting technology". The company was founded in 2020, and the acquisition brings over all of CTCI's tech and employees. The deal closed earlier this month. Recorded Future and The Intelligence Fund were both investors.
- 5. ACQUISITIONS: 1Password expands its endpoint security offerings with Kolide acquisition
A very interesting move. 1Password has a sizable war chest ($620M Series C in 2022) and knows it needs more than a password manager to grow. It already produces endpoint software, so a lateral move towards identity and endpoint management is a solid strategic move. Its previous two acquisitions were also related to secrets management (Passage and SecretHub).
The only awkward snag in this transaction is the fact that Kolide has closely hitched their wagon to Okta, who recently acquired a B2C secrets manager: A16Z backed Uno.
- 6. ACQUISITIONS: Resilience Acquires BreachQuest to Combat Rise of Business Email Compromise and Increase Incident Preparedness for Clients
Cyber insurer acquires BreachQuest, which seems like a purpose-built detection/response SIEM aimed at mid-sized enterprises. It doesn't sound like BreachQuest was in the best shape, however:
"BreachQuest is based in Texas and publicly disclosed $4.4 million in funding. It officially launched in August 2021 and has experienced a workforce decline, going from ~40 employees in February 2022 to ~9 employees today."
- 7. STANDARDS: NIST Releases Version 2.0 of Landmark Cybersecurity Framework
Though the previous version of NIST's CSF was made with critical infrastructure in mind, the general public used it anyway. Version 2.0 is now designed with all users in mind and aims to be more effective.
- 8. ESSAYS: How Insider Threats Have Evolved
- 9. ESSAYS: Palo Alto Networks – A Play For The Future
- 10. ESSAYS: Cybersecurity’s Class Conundrum
- 11. POST MORTEMS: CACTUS: Analyzing a Coordinated Ransomware Attack on Corporate Networks
- 12. DUMPSTER FIRES: Nevada AG Asks Court to Ban Meta from Providing End-to-End Encryption to Minors
- 13. DUMPSTER FIRES: Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries
Eclipsium got its hands on a copy of Ivanti Pulse Secure's appliance software (PSA3000), and what they found was pretty rough.
"Pulse Secure runs an 11-year-old version of Linux which hasn't been supported since November 2020"
That made me wonder, "when did Ivanti acquire Pulse Secure?"
December 2020.
This appliance has a version of Perl from 2001, a Linux kernel that was EoL in 2016, OpenSSL from 2017, and Python from 2010.
It's a bad day when the most vulnerable host on your network was supplied by a security vendor.
- 14. HOT TAKES: Secure by Design RFI Response from Shortridge Sensemaking LLC
- 15. REPORTS: Cyber Public Health workshop summary report – CyberGreen
This is the first I've heard of the concept of "cyber public health". It's an interesting concept, and definitely seems like something that should be researched and tracked.
- 16. AI TRENDS: Reddit Signs AI Content Licensing Deal Ahead of IPO
Reddit cashes in on all that sweet, sweet data produced by its users. I imagine this is just the first of many upcoming data licensing deals between AI companies and social media companies.
- 17. AI TRENDS: Sora: Creating video from text
The latest in a long line of "I really thought this tech would take longer to get this far" events. Seems like a threat to purveyors of stock video footage, B-roll, and second units.
I mean, I'm sure the list is longer than that - video is everywhere. I'm just not able to produce a longer list until I think about it more...
- 18. AI TRENDS: Sora AI’s Problems [And Solutions]
A great intro into what Sora is capable of, the issues it raises, and possible solutions from the excellent YouTube channel, ColdFusion. I had no idea that the newer Will Smith AI video was NOT AI, but Will Smith himself, trolling us! I was totally fooled.
- 19. REPORTS: CrowdStrike 2024 State of Application Security Report
- 20. SQUIRREL: Instacart’s AI Recipes Look Literally Impossible
