Reimagining Cyber - real world perspectives on cybersecurity

Welcome to another compelling episode of the Reimagining Cyber podcast, where your knowledgeable hosts, Rob and Stan, explore the intricate landscape of Black Friday and Cyber Monday and the associated cybersecurity challenges that intensify during this festive shopping season.

Stan sheds light on the colossal scale of holiday spending, revealing that last year's Black Friday soared to an impressive 9 billion, while Cyber Monday skyrocketed to nearly 11 billion. With an astounding 197 million U.S. shoppers in the mix, the stakes are undeniably high, and the threats are alarmingly real.

The hosts pivot to the consumer side of the equation, drawing attention to the escalating sophistication of phishing emails. They caution listeners against succumbing to alluring offers that appear too good to be true and stress the paramount importance of verifying the authenticity of retail websites before divulging sensitive information.

Rob offers valuable insights into potential pitfalls for businesses, citing the recent Adobe update that addressed nine security vulnerabilities. The conversation delves into the multifaceted risks of payment fraud, ransomware attacks, and distributed denial of service (DDoS) attacks capable of disrupting e-commerce operations during this pivotal sales period.

Practical tips emerge as the hosts advocate for the crucial use of multi-factor authentication for online shopping accounts. They underscore the necessity of secure transactions facilitated by HTTPS protocols. Furthermore, Rob and Stan caution against using debit cards for online purchases and highlight the heightened risks associated with public Wi-Fi.

In summary, this episode provides not only a comprehensive understanding of the cybersecurity challenges during the holiday season but also actionable advice to navigate these threats successfully. Tune in for expert insights and safeguard your online experience during this bustling shopping period.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.

In this episode, we’re diving into the world of LockBit, one of the most notorious ransomware groups out there, and how it’s keeping law enforcement on its toes. We’ll break down their latest moves, the battle between hackers and agencies like the FBI, and what it means for cybersecurity moving forward.

Here’s what we cover:

The Kash Patel Incident: Recently, LockBit took a jab at Kash Patel, the FBI Director, in a post on their leak site. The group congratulated him on his appointment and dropped a hint that they had info that could embarrass the FBI. It’s all part of LockBit’s strategy to keep itself in the headlines and make sure it stays relevant, even as law enforcement gets serious about shutting them down.

LockBit’s Operations: LockBit operates on a ransomware-as-a-service model. What does that mean? Well, they provide the tools and infrastructure for affiliates to carry out attacks. And those affiliates don’t hold back—LockBit has gone after hospitals, government agencies, and businesses, demanding huge ransoms in the process.

Takedowns and Law Enforcement’s Response: The FBI has had some wins, like taking down LockBit’s leak site during Operation Kronos. But LockBit? It’s not exactly slowing down. They’ve bounced back with new infrastructure and continued to wreak havoc. The group seems to enjoy the back-and-forth with law enforcement, using it to attract more affiliates and keep their operation growing.

LockBit’s Evolution: The group just dropped version 4.0 of their ransomware, and they’re still advertising on their site, offering affiliates big payouts and even luxury cars for successful attacks. Now, they’ve even started to position themselves as a kind of twisted “pen-testing” service—after they ransom someone, they’ll help them find security flaws in their systems.

Law Enforcement Struggles: Despite efforts from the FBI and other agencies, ransomware groups like LockBit keep adapting. The Russia-Ukraine conflict has only made things worse, and LockBit has shown no signs of slowing down. While law enforcement is certainly stepping up, the fact remains: no major figures have been caught yet.

Practical Tips for Organizations: We’ve got some actionable advice for businesses to stay ahead of these ransomware gangs. First off, enable two-factor authentication (2FA) wherever you can. Also, don’t ignore your software updates—many attacks exploit outdated systems. And if you can, hire a professional red team to conduct penetration testing and find the holes before the hackers do..

LockBit may not be invincible, but they’re still a huge threat. The group’s persistence and ability to evolve mean that ransomware operations are going to be around for a while. The battle between cybercriminals and law enforcement is far from over, and it’s only going to escalate as these groups get more sophisticated and resilient.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.

While organizations need to gain visibility into application security risks, it can be challenging to build and mature an effective application security program. In this episode of Reimagining Cyber, Kristen Bell, a Senior Manager of Application Security Engineering at GuidePoint Security, shares some the best practices that she’s used to help organizations overcome common obstacles to success. Bell uses a collaborative approach between AppSec team and developers that can create a positive security-aware development culture.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.

Gary Phillips, Vice President of Customer Identity Access Management (CIAM) with E-trade, now part of Morgan Stanley, shares his expertise in the IAM and CIAM space, how it has evolved, and why it matters, in the latest Reimagining Cyber Episode, “IAM, CIAM, and ZTA: The trifecta of access management.”

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.

Nick Ward, CISO for the Department of Justice with the U.S. Government and recent Cybersecurity Leader of the Year award winner, shares his views on the Executive Order and the key ways to make the changes outlined in the EO.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.