April 25, 2023
RSA, John Willis at RSAC, TAFE South Australia, 3CX Supply Chain Hack, New ECCRI Report
In this Episode:
Ready for RSA?
John Willis at RSAC
TAFE South Australia Suffers Data Breach
3CX Supply Chain Hack Summary and Timeline
?? Katy Craig, San Diego, California ↗
Updates and Timeline for 3CX and X_Trader Hacks (substack.com)
Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack – Updated
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible | Mandiant
New ECCRI Report and the Unprecedented Dynamics of Russian Cyber Operations
?? Ian Garrett, Arlington, Virginia ↗
New analysis highlights strength of Ukraine’s defence against “unprecedented” Russian offensive
This Day in Tech History
[00:00:00] Pokie Huang:
Hey, it’s 5:05 on Tuesday, April 25th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California, Ian Garrett, in Arlington, Virginia and Marcel Brown in St. Louis, Missouri.
We’ll start with Kadi Grigg and Mark Miller live from RSA in San Francisco, California.
Let’s get to it.
[00:00:34] Kadi Grigg:
It’s that time of year again, RSA has hit San Francisco. It’s like the Super Bowl for cybersecurity folks with over 50,000 people in attendance. And let’s be honest, with all the hacking going on these days, we need all the cyber folks we can get. It’s amazing to see so many people coming together and talk about how to make our digital lives safer.
And let’s not forget the 12 different talk tracks. That’s like having 12 different flavors of ice cream to choose from. Analytics, intelligence and response, cybersecurity, strategy, architecture… you name it, they’ve got it. It’s like a buffet of cybersecurity knowledge.
Yesterday at the DevSecOps Tech Strong Summit, the excitement was palpable.
It was like being in a room full of kids on Christmas morning. Everyone thrilled to be back in person and doing what they love – talking about cybersecurity. It’s good to know that we’re all in this together, working towards a common goal of making our digital world a safer place. So let’s raise a glass to RSA and cyber folks who make all this possible. Cheers, and don’t forget to update your password.
This is Kadi Grigg in San Francisco.
[00:01:36] Mark Miller:
I’m here with John Willis right after the DevOps Connect session. John, what happened today for you? You said you got two good sessions today that you liked.
[00:01:46] John Willis: I mean, no, there was a lot of good sessions. But you were talking about like what? Let’s talk about one session. I thought there was two… uh, Trac’s ChatGPT, Trac’s standing right here next to us… I really thought she covered the gamut with no fluff, enough truth. It was some insights… I know a fair amount about ChatGPT, but she gave me some insights that I want to now go look up… when you think you know a subject really well and then all of a sudden it’s like, Ooh, I better look at that one. I better look at that one. So some practical ways to deal with vendors. It was very good soup to nuts. What I think a crowd who’s like scratching her head on this need to know.
And of course, Shannon’s, I’m just a fanboy of Shannon. I think her, it’s that same theme about sort of trust her rave metrics. I think some of the things that she said, I always like that you should start leaving from the design, from thinking about adversaries, that was brilliant… likelihood versus impact. I think that’s been her sort of way she describes adversary analysis and the way to think about the problem, which I’ve always been a huge fan of… the way she sort of breaks glass and security. So just how presentation in general and I always seemed to learn an incredible amount… and then I got to go to lunch with her and then learn a lot more. So yeah, that makes the day. And then like I said, everybody else’s presentation was really good. But those are the two that stuck out on me.
[00:03:00] Mark Miller:
This is Mark Miller and John Willis live at the…
[00:03:04] John Willis:
DevOps Connect Dev SecOps at RSAC . There you go.
[00:03:09] Edwin Kwan:
This is Edwin Kwan from Sydney, Australia. TAFE South Australia has reviewed that it had suffered a data breach. Around 2,224 student identification records were impacted. The identification forms includes driver’s licenses and passports used for enrollment prior to 2021. The organization was first notified of the breach when the South Australian Police notified them about it in March 2022. The police had found 24 student credentials on a USB as part of a separate investigation. Further credentials were discovered on another USB in November. TAFE South Australia said that it had contacted all those affected and that security measures are being increased with access to systems that store student ID being restricted to only business critical functions. The South Australian government will also waive the cost of replacing state issued identity documents such as driver’s license, learner’s permit, and proof of age cards.
[00:04:46] Katy Craig:
Security firm Mandiant’s research into the 3CX hack uncovered a new milestone, when it discovered that 3CX was itself hacked through infected software downloaded by a 3CX employee from Trading Technologies’ company website.
This is Katy Craig in San Diego, California.
This marks the first known instance of a software supply-chain attack leading to another software supply-chain attack. A supply-daisy-chain attack, if you will. The daisy-chain attack began in 2021 when the cyber criminals initially breached Trading Technologies and discreetly embedded a malicious backdoor in diversions of the company’s X_Trader software program.
Trading Technologies was unaware of the malware when they affixed their digital certificate to it in late 2021. The cascading nature of the breach showcases the potential for attackers to orchestrate multi-layered threaded supply-chain hacks, stringing together infections through various software suppliers, with each compromise leading to the breach of another software maker and their respective customers. IF this was their original intent, and that’s a big if.
Trading Technologies counters that this was not a supply chain attack per se, since they don’t supply 3CX and the employee had no reason to download the X-Trader program. Whether or not it was intended, this is one more reason not to allow bring your own software to company resources.
This is Katy Craig. Stay safe out there.
[00:06:39] Ian Garrett:
In the ongoing conflict between Russia and Ukraine, experts have shed light on the unprecedented evolution in the scale and pace of Russia’s activity in cyberspace. The European Cyber Conflict Research Initiative (ECCRI), has recently published a report highlighting the dynamics of Russian wartime cyber operations and Ukraine’s resilience in the face of cyberattacks. The report examines the role of cyber criminals and political hacktivists in the conflict, and critical questions around industry support to Ukraine’s cyber resilience.
Hey folks, this is Ian Garrett in Arlington, Virginia.
The report discusses the Russian cyber operations in Ukraine and the evolution of their tactics over time. The Russians are using various types of cyber attacks one of which are wipers, which are malware used to destroy data on infected systems. But wipers have become a common feature of the invasion. However, the newer wipers have operated differently from NotPetya, which spread beyond its initial targets, and most of them have not been self-spreading. The report also mentions that it’s difficult to determine the connections between specific cyber and kinetic operations, and some participants disagreed in their conclusions.
Moving forward, participants expect Russian cyber operations to continue evolving as the war continues. The GRU has shifted towards using “pure wipers” that are easy to change and manipulate quickly, and participants expect to see increased use of throwaway or single-use wipers. Participants are also anticipating seeing more commercial ransomware being used in Ukraine. However, it is unlikely that multifunctional wipers like NotPetya will emerge in the coming months of Ukraine. Participants disagreed on the reasons for this, with some arguing that the GRU does not have the resources to launch the kind of development cycles needed to create a complex wiper, while others believe Russia may be saving more sophisticated malware for the future. Finally, some participants wondered if Russia’s shift towards paring down modular activities is a result of decisions around equities taking a more cautious approach as to when to “burn” its best capabilities.
[00:08:53] Marcel Brown:
This is Marcel Brown, the most trusted name in technology coming at you with your technology history for April 25th.
April 25th, 1990, the crew of the Space Shuttle Discovery deploys the $2.5 billion Hubble Space Telescope. There will be initial difficulties caused by a flaw in the design of the telescope’s mirror. Image correction software will keep the telescope useful until corrective optics are installed in December of 1993.
April 25th, 1996, Yahoo begins advertising its web-based search service on national television, featuring the tagline “Do you Yahoo?”. The ads first air during Late Night with David Letterman, Saturday Night Live, and Star Trek. This was a very early example of the Internet entering into the mainstream.
That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
[00:09:56] Pokie Huang:
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Kadi Grigg, Mark Miller, Edwin Kwan, Katy Craig, Ian Garrett and Marcel Brown for today’s contributions.
The Executive Producer is Mark Miller. The editor and the sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.