The methods and mechanisms we use to understand and protect ourselves from the dangers lurking in cyberspace come from the exacting, often painstaking investigations of researchers all over the world. Each Saturday, we’ll talk to those dissecting the malware that’s disrupting business or stealing our personal information, identifying the vulnerabilities in our electronic and human cyber defenses, ferreting out the hidden surveillance features in the products we buy, and hunting down the threats to our increasingly interconnected world. We’ll also hear from researchers in industry and academia working to solve the hard problems of security in a rapidly evolving technological landscape, all while society grapples with the challenge of balancing security and privacy.
Research Saturday Episode List
Know Thy Enemy - Identifying North American Cyber Threats
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. Selena Larson from Dragos joins us to discuss their new report North American Electric Cyber Threat Perspective.
Clever breaches demonstrate IoT security gaps.
Some of our favorite and most trusted IoT devices help make us feel secure in our homes. From garage door openers to the locks on our front doors, we trust these devices to recognize and alert us when people are entering our home. It should come as no surprise that these too are subject to attack. Steve Povolny is head of advanced research at McAfee; we discuss a pair of research projects they recently published involving popular IoT devices.
Profiling the Linken Sphere anti-detection browser
Multiple e-commerce and financial organizations around the world are targeted by cybercriminals attempting to bypass or disable their security mechanisms, in some cases by using tools that imitate the activities of legitimate users. Linken Sphere, an anti-detection browser, is one of the most popular tools of this kind at the moment. Staffan Truvé is the CTO and Co-Founder of Recorded Future, he joins us to discuss their new report on the browser.
A Jira vulnerability that’s leaking data in the public cloud.
Unit 42 (the Palo Alto Networks threat intelligence team) released new research on a Jira vulnerability that’s leaking data of technology, industrial and media organizations in the public cloud. The vulnerability (a Server Side Request Forgery -- SSRF) is the same type that led to the Capital One data breach in July 2019. Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks, and she joins us to share their findings.
Inside Magecart and Genesis.
Dan Woods is VP of the intelligence center at Shape Security. He shares insights on two noteworthy attacks tools, Genesis and Magecart. Before joining Shape Security Dan served as assistant chief agent of special investigations at the Arizona attorney general's office, where he investigated complex fraud. Prior to that, he spent 20 years with federal law enforcement agencies and intelligence organizations, including the CIA and FBI, where he specialized in information operations and cybercrime.
WAV files carry malicious data payloads.
Researchers at BlackBerry Cylance have been tracking ordinary WAV audio files being used to carry hidden malicious data used by threat actors. Eric Milam is VP of threat research and intelligence at BlackBerry Cylance, and he joins us to share their findings.
Targeting routers to hit gaming servers.
Researchers at Palo Alto Networks' Unit 42 recently published research outlining attacks on home and small-business routers, taking advantage of known vulnerabilities to make the routers parts of botnets, ultimately used to attack gaming servers. Jen Miller-Osborn is the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. She joins us to share their findings.
Mustang Panda leverages Windows shortcut files.
Researchers at Anomali have been tracking China-based threat group, Mustang Panda, believing them to be responsible for attacks making clever use of Windows shortcut files. Parthiban is a researcher at Anomali, and he joins us to share their findings.
Sodinokibi aka REvil connections to GandCrab.
Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings.
Monitoring the growing sophistication of PKPLUG.
Researchers from Palo Alto Networks' Unit 42 have been tracking a Chinese cyber espionage group they've named PKPLUG. The group mainly targets victims in the Southeast Asia region. Ryan Olson is VP of threat intelligence at Palo Alto Networks, and he joins us to share their findings.
Usable security is a delicate balance.
Until recently, usability was often an afterthought when developing security tools. These days there's growing realization that usability is a fundamental part of security. Lorrie Cranor is director of the CyLab Usable Privacy and Security lab (CUPS) at Carnegie Mellon University. She shares the work she's been doing with her colleagues and students to improve security through usability.
Masad Steals via Social Media.
Researchers at Juniper Networks have been tracking a trojan they call Masad Stealer, which uses the Telegram instant messaging platform for part it its command and control infrastructure. (Telegram wasn't hacked; it's the innocent conduit.) Mounir Hahad is head of Juniper Threat Labs at Juniper Networks and he joins us to share their findings.
Hoping for SOHO security.
Researchers at Independent Security Evaluators (ISE) recently published a report titled SOHOpelessly Broken 2.0, Security Vulnerabilities in Network Accessible Services. This publication continues and expands previous work they did examining small office/home office (SOHO) routers, network-attached storage devices (NAS), and IP cameras. Shaun Mirani is a security analyst at ISE, and he joins us to share their findings.
Decrypting ransomware for good.
Michael Gillespie is a programmer at Emsisoft, as well as a host of the popular ID Ransomware web site that helps victims identify what strain of ransomware they may have been infected with, and what decryptors may be available. He's written many decryptors himself, most recently for the Syrk strain of ransomware.
The fuzzy boundaries of APT41.
Researchers at FireEye recently released a report detailing the activities of APT41, a Chinese cyber threat group notable for the range of tools they use, their origins in the world of video gaming, and their willingness to shift from seemingly state-sponsored activity to hacking for personal gain. Nalani Fraser and Fred Plan contributed to the report, and they join us to share their findings.
Focusing on Autumn Aperture.
Researchers at Prevailion have been tracking a malware campaign making use of antiquated file formats and social engineering to target specific groups. Danny Adamitis and Elizabeth Wharton are coauthors of the report, and they join us to share their findings.
Leaky guest networks and covert channels.
Many users of inexpensive internet routers use guest network functionality to help secure their home networks. Researchers at Ben Gurion University have discovered methods for defeating these security measures. Dr. Yossi Oren joins us to share their findings.
Bluetooth blues: KNOB attack explained.
A team of researchers have published a report titled, "KNOB Attack. Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security." The report outlines vulnerabilities in the Bluetooth standard, along with mitigations to prevent them. Daniele Antonioli is from Singapore University of Technology and Design, and is one of the researchers studying KNOB. He joins us to share their findings.
VOIP phone system harbors decade-old vulnerability.
Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they discovered a well-known, decade-old vulnerability in open source software used on the platform. Steve Povolny serves as the Head of Advanced Threat Research at McAfee, and he joins us to share their findings.
Emotet's updated business model.
The Emotet malware came on the scene in 2014 as a banking trojan and has since evolved in sophistication and shifted its business model. Researchers at Bromium have taken a detailed look at Emotet, and malware analyst Alex Holland joins us to share their findings.