April 20, 2023
RSAC SFO 2023, Security Quest, Lazarus North Korea, Attack Records
In this Episode:
Meet us at RSA Conference 2023
The Quest to Define Security Metrics
March 2023 Broke Ransomware Attack Records
This Day in Tech History
Hey, it’s 5:05. Thanks for tuning in on Thursday, April 20th, 2023 from the Sourced podcast Network in Camp Hill, Pennsylvania. This is your host, Bob Bannon. Stories in today’s episode, come from Mark Miller in New York, Shannon Lietz in San Diego, California, Edwin Kwan in Sydney, Australia, Kadi Grigg in Alexandria, Virginia and Marcel Brown in St. Louis, Missouri. A special note today Our first segment today is from Executive Producer Mark Miller, giving a preview of next week’s RSA Conference in San Francisco. Take it away Mark.
[00:00:00] Mark Miller:
If you’re into cybersecurity and the global community surrounding it, you’ll probably be at the RSA Conference in San Francisco next week.
This is Mark Miller calling in from Albuquerque, New Mexico.
Many of us at 505 will be at the conference next week, most as speakers. Each year, Alan Schimmel and I produce DevOps Connect: DevSecOps, a full day of nothing but DevSecOps at RSAC.
I’ll be the host for the day with featured speaker Shannon Lietz for the keynote, Katy Craig and Kadi Grigg as news-in-review panelists, DJ Schleen examines the myths and realities of SBOMs. Tracy Bannon talks about applying AI to the SDLC, and Chris Hughes covers software supply chain security.
You recognize those names, right? You’ve heard them all here on the podcast. Join us on Monday and introduce yourself. If you don’t have a ticket yet, go to this episode of 505 and there will be a code at the bottom of the transcript. Use that code to waive the Expo Hall fee and you’ll get free access to all of our sessions on Monday.
For the rest of the week, we’ll be doing updates with interviews with speakers and cybersecurity professionals attending the conference. It will be the next best thing to being there. If you can’t attend, subscribe to It’s 5:05 on your favorite podcast platform for the updates.
We’re glad to have you with us. We hope to see you in person next week. If not, tune in each day at 505 for the updates.
[00:01:40] Shannon Lietz:
Several in the community are pursuing the quest to define security metrics.
This is Shannon Lietz reporting from San Diego, California.
Daniel Koch recently published an article advocating to define DORA-like metrics for security. For those that don’t know, DORA-like metrics come from the DevOps groups.
In his post, he outlines the security secrecy that plagues most companies, stating “There is consensus in the security world that you don’t expose your vulnerabilities and stack to anyone.”, a pretty legacy viewpoint from my perspective. As a researcher with a passion for metrics, Dan’s perspective is spot on and aligns well with the recent messages being driven by governments globally and CISA in particular.
Security regression just isn’t complete, nor is it perfect, which means that vulnerabilities escape with every release to customers. Is it really something we want our software customers to encounter.
To believe that secrecy is a defense is opposite of where the industry must move, and this means we need to find a vehicle for exchanging security information where we can feel comfortable. Metrics have an advantage of being useful for decision making, but also aggregated enough to keep liability at bay, maybe even create enough comfort that folks are going to be willing to exchange them.
Perhaps it is our first true step in uniting as an industry towards greater adversary resilience. If you haven’t caught up with his article yet, Dan brings to light several great examples of metrics that will help create accountability and better security investments. Maybe one of the greatest ones so far is his notion of escape rate.
A good read if you ask me. Thank you.
[00:03:43] Edwin Kwan:
This is Edwin Kwan from Sydney, Australia.
March 2023 has been the most prolific month recorded by cybersecurity analysts with 459 recorded ransomware attacks. This is up 91% from the previous month. According to NCC Group, the reason for the record breaking attack is due to a zero day vulnerability in Fortra’s GoAnywhere MFT secure file transfer tool.
The vulnerability recorded as CVE-2023-0669 was exploited to steal data from 130 companies within 10 days. In terms of location of the ransomware attack victims, almost half of the attacks were in North America with 221 attacks. This is followed by with hundred and 26 attacks, and Asia with 59 attacks.
[00:05:10] Kadi Grigg:
North Korea is added again. To bring you up to speed, as Katy Craig reported on April 4th, a hacking group launched a supply chain attack that played out on 3CX, a popular VoIP desktop client that was confirmed to be from North Korea. But as Derek Weeks later pointed out, this isn’t the first time that North Korea has been behind a highly publicized cyber attack.
Given the most recent attack, they’re constantly in my newsfeed right now. So it made me curious, who is this group behind these attacks? What do they want?
In 2014, we saw the attack against Sony Pictures. In 2016, we saw North Korean hackers attempting to steal over a billion dollars from Bangladesh’s National Bank. In 2017, we saw the global ransomware attack from WannaCry.
So what’s the common thread between all these attacks? The answer, they’re all carried out by the North Korean threat actor, most commonly known as Lazarus, APT38 or Hidden Cobra.
Although their approach is to launch an attack, take the data they need, and then disappear, by following their cyber trail, cybersecurity researchers were able to see it as evident that they do leave a calling card. They reuse malware code.
What makes this group even more interesting is that they are state backed.
While most state back actors will operate in interests of the state and perform duties like espionage, stealing sensitive information and other activities to identify and exploit national infrastructure vulnerabilities, Lazarus is different. They’re are financially motivated. According to the NCC Group, since 2009, Lazarus has been known to rob banks and hacks into cryptocurrency exchanges to fill state coffers.
So why focus on financial gains? The answer, North Korea is in dire economic straits. Although difficult to know the full extent of their economy due to their isolation and secretive nature, there are a few things that are clear.
Their economy is highly centralized and run by the state. The government owns most of the country’s major industries from mining to agriculture. It is a place where private enterprise is limited and heavily regulated.
They’re heavily dependent on natural resource exports. Although this is difficult due to international sanctions imposed on them due to its activities with nuclear weapons. Add in other factors like severe famine from the mid 1990s to mid 2000s, North Korea has become one of the poorest countries in the world.
Money is a powerful motivator that could change people’s lives for the better. Long story short, I don’t think we’ll see this group slowing down anytime soon given their motivation. Even though it’s one of the poorest nations in the world, it still has access to internet and through that, it gives the opportunity to create chaos in a variety of ways in the world as we know it today.
This is Kadi Grigg in Alexander, Virginia.
[00:07:22] Marcel Brown:
This is Marcel Brown, the most trusted name in technology with your technology history for April 20th.
April 20th, 1940. Vladimir Zworykin, Research Director at RCA holds a public demonstration of the first practical electron microscope. While the electron microscope had originally been invented in 1931, the first model was only able to produce a magnification of 400 power. RCAs model was the first to create a magnification of 100,000 power, which was truly the first practical application of an electron microscope.
This early model was 10 feet high and weighed half a ton. That thing was huge, especially considering it was meant to magnify really tiny things.
Vladimir’s working is also famous for being one of the inventors of the television.
April 20th, 1998. During the COMDEX Spring ’98, and Windows World shows in Chicago, a public demonstration of the soon to be released, Windows 98 goes awry when Bill Gates’s assistant causes the operating system to crash after plugging in a scanner. Instead of showing the plug and play capabilities they were trying to demonstrate, a Blue Screen of Death is visible by the entire audience, which immediately erupts into laughter. After several seconds, Bill Gates famously responded, “That must be why we’re not shipping Windows 98 yet”.
Ironically, the assistant, Chris Capossela, has moved up the executive ranks at Microsoft, all the way to executive VP and Chief Marketing Officer. For Microsoft’s sake, hopefully he’ll present a much better marketing image than he did that fateful day.
That’s your technology history for April 20th. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
That’s it for today’s Open Source cybersecurity update. The links to all stories and resources mentioned in today’s episode are available at 5:05 updates.com, where you can download the transcripts for easy reading or listen to our ever-growing library of more than 100 episodes. 5:05 is a sourced network production with updates available Monday through Friday on your favorite audio streaming platform. Just search for it’s 5:05. Also while you. Please subscribe. Thanks to Mark Miller, Shannon Lietz, Edwin Kwan, Kadi Grigg, and Marcel Brown in St. Louis, Missouri. For today’s contributions, the executive, producer and editor is Mark Miller. The sound engineer is Bob Bannon. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Bob Bannon. Talk at you again at 5:05.