Special Guest: Jon DiMaggio, Chief Security Strategist & Author
10/09/23 • 48 min
Ever wondered what it's like to infiltrate a ransomware gang? Well, you're about to find out. We're joined by Jon DiMaggio, Chief Security Strategist at Analyst1 and author of the Art of Cyberwarfare, who takes us on a thrilling journey into the perilous world of ransomware. This episode is a fusion of intriguing narratives from Jon's gripping investigative series, the Ransomware Diaries, and deep insights into the rising menace of ransomware attacks, brought to life by the recent MGM and Caesars attack.
Our conversation spirals into the darker corners of the cyber world, where young minds are being molded into cybercriminals. Jon walks us through the chilling reality of how online forums have become the breeding ground for these young cybercriminals, mentoring them into the world of ransomware. He shares firsthand accounts from his Ransom Mafia project, exposing the distinct playbooks of various ransomware groups, shedding light on their strategies, and offering a deep understanding of their operations.
As we dive deeper, we underline the importance of robust cybersecurity practices, from efficient password management to timely patching. We brainstorm on the critical role of artificial intelligence in enhancing security mechanisms and its potential contribution to fighting ransomware. As we wrap up this whirlwind tour of the cyber underworld, we touch upon tech support scams, the desperate need for better regulations, and how training and preparedness can help organizations armor up against potential threats.
This is an episode you don't want to miss!
More about our special guest:
Jon DiMaggio (https://www.linkedin.com/in/jondimaggio/)The Chief Security Strategist at Analyst1
The Author of The Art of Cyberwarfare, get it from No Starch Press (https://nostarch.com/art-cyberwarfare)
Ransomware Diaries -
https://analyst1.com/ransomware-diaries-volume-2/ https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Jon has over 15 years of experience hunting, researching, and writing about advanced cyber threats.
As a specialist in enterprise ransomware attacks and nation-state intrusions, including the world’s first ransomware cartel and the infamous Black Vine cyberespionage group, he has exposed the criminal organizations behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks, and discussed his work with The New York Times, Bloomberg, Fox, CNN, Royters, and Wired.
ARTICLE LINKS:
MGM, Caesars File SEC Disclosures on Cybersecurity Incidents (darkreading.com)
MGM Hack
- Looks Like MGM Resorts Just Get Hacked (msn.com)
- MGM Resorts: Slot machines go down in cyber-attack on firm - BBC News
- MGM Resorts shuts down IT systems after cyberattack (bleepingcomputer.com)
- Casino hackers demanded ransoms from MGM and Caesar's (qz.com)
https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claim
Ever wondered what it's like to infiltrate a ransomware gang? Well, you're about to find out. We're joined by Jon DiMaggio, Chief Security Strategist at Analyst1 and author of the Art of Cyberwarfare, who takes us on a thrilling journey into the perilous world of ransomware. This episode is a fusion of intriguing narratives from Jon's gripping investigative series, the Ransomware Diaries, and deep insights into the rising menace of ransomware attacks, brought to life by the recent MGM and Caesars attack.
Our conversation spirals into the darker corners of the cyber world, where young minds are being molded into cybercriminals. Jon walks us through the chilling reality of how online forums have become the breeding ground for these young cybercriminals, mentoring them into the world of ransomware. He shares firsthand accounts from his Ransom Mafia project, exposing the distinct playbooks of various ransomware groups, shedding light on their strategies, and offering a deep understanding of their operations.
As we dive deeper, we underline the importance of robust cybersecurity practices, from efficient password management to timely patching. We brainstorm on the critical role of artificial intelligence in enhancing security mechanisms and its potential contribution to fighting ransomware. As we wrap up this whirlwind tour of the cyber underworld, we touch upon tech support scams, the desperate need for better regulations, and how training and preparedness can help organizations armor up against potential threats.
This is an episode you don't want to miss!
More about our special guest:
Jon DiMaggio (https://www.linkedin.com/in/jondimaggio/)The Chief Security Strategist at Analyst1
The Author of The Art of Cyberwarfare, get it from No Starch Press (https://nostarch.com/art-cyberwarfare)
Ransomware Diaries -
https://analyst1.com/ransomware-diaries-volume-2/ https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Jon has over 15 years of experience hunting, researching, and writing about advanced cyber threats.
As a specialist in enterprise ransomware attacks and nation-state intrusions, including the world’s first ransomware cartel and the infamous Black Vine cyberespionage group, he has exposed the criminal organizations behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks, and discussed his work with The New York Times, Bloomberg, Fox, CNN, Royters, and Wired.
ARTICLE LINKS:
MGM, Caesars File SEC Disclosures on Cybersecurity Incidents (darkreading.com)
MGM Hack
- Looks Like MGM Resorts Just Get Hacked (msn.com)
- MGM Resorts: Slot machines go down in cyber-attack on firm - BBC News
- MGM Resorts shuts down IT systems after cyberattack (bleepingcomputer.com)
- Casino hackers demanded ransoms from MGM and Caesar's (qz.com)
https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claim
Previous Episode
Breach Class-Action, Help Desk Trickery, and Sextortion Scams
Welcome back for episode six of Unmasked! This week, we take a deep dive into the headlines of September, providing you with valuable context and insights into the latest cybersecurity events. The reverberations of the MOVEit disaster are still keenly felt, and this time, they've led to a class-action lawsuit against Progress Software, with over 600 organizations seeking answers. The pivotal question we dissect is, who bears the ultimate responsibility when software vulnerabilities trigger catastrophic data breaches? This legal battle against Progress Software isn't merely another courtroom drama; it has the potential to reshape the entire landscape of software liability.
But that's not all! We swiftly shift gears to explore the world of secure practices for managing password changes and account requests. In a digital age where even well-intentioned service desk personnel can inadvertently pose security risks, we delve into a treasure trove of strategies organizations can adopt to fortify their defenses.
Our journey continues, though. We fearlessly navigate the uncharted waters of the digital realm, unveiling the myriad cyber threats that lurk in the internet's darkest corners. From exploiting software vulnerabilities to orchestrating extortion and romance scams, we shine a powerful spotlight on the cunning tactics employed by cybercriminals as they attempt to infiltrate personal data and seize valuable assets.
All this and more await for your cyber-listening pleasure!
You can subscribe to Unmasked on Spotify, Amazon, or wherever you get your podcasts.
Show notes
Headlines for early September
Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit (darkreading.com)
- A nationwide class-action suit filed against Progress Software in the wake of the massive MOVEit breach could point to additional litigation against software companies whose vulnerable applications are exploited in large-scale supply chain attacks, a legal expert says.
- filed by consumer-rights law firm Hagens Berman
- compromised the sensitive personal information of more than 40 million people, and promises that more class actions are on the way as more of the 600 affected organizations come forward.
Okta: Hackers target IT help desks to gain Super Admin, disable MFA
- Okta released a warning about social engineering attacks targeting IT service desk agents at U.S.-based customers in an attempt to trick them into resetting multi-factor authentication (MFA) for high-privileged users.
- attackers' goal was to hijack highly-privileged Okta Super Administrator accounts
- The hackers used their admin access to elevate privileges for other accounts, reset enrolled authenticators, and they also removed the two-factor authentication (2FA) protection for some accounts.
Children's snack recalled after its website caught serving porn
- Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK.
- Last month, Lidl stores across the UK started recalling four types of PAW Patrol snacks because of an issue with its packaging. According to the retailer, a URL printed on the snack's packaging was compromised and, to everyone's
Next Episode
Brightpoint's IT Spirit Week, Infrastructure Security, AI's Limitations
Welcome to another captivating episode of Unmasked! Join us as we embark on a thrilling journey into the dynamic realm of cybersecurity, led by the always entertaining and insightful Paul Blacker and Mark Harvey.
In this episode, we're excited to discuss Assura's involvement in Brightpoint Community College's IT Spirit Week. In this remarkable event, our expert team shared valuable insights into penetration testing and other aspects of offensive security. For Assura, giving back to the community isn't just a noble gesture; it's an essential commitment. Get a recap of how a tag on LinkedIn initiative this collaboration and details of Assura's participation.
Our podcast then takes you from local to global, delving into the profound impact of large-scale conflicts on security. We explore the evolution of security, transcending mere physical fortifications to encompass the complex world of digital defenses. Join us for an array of tips on how to remain vigilant in an ever-evolving digital landscape.
Our hosts dissect pressing cyber headlines, shedding light on the paramount importance of cybersecurity in local utilities, including the safeguarding of our precious water resources. We unravel the intricate challenge of insider threats, which often subvert even the most well-intentioned policies and procedures. Plus, we delve into why merely checking security boxes is a recipe for organizational failure and what forward-thinking measures are essential to stay ahead in the game. You'll also learn why you shouldn't rely too heavily on AI technology.
All this and more in this thrilling episode! So, don't miss out on this power half-hour of cyber insights. Tune in to gain perspective that helps you navigate the complex and ever-changing world of cybersecurity.
Unmasked - Special Guest: Jon DiMaggio, Chief Security Strategist & Author
Transcript
Welcome to Unmasked , brought to you by Ashura , where the superheroes of cybersecurity provide a clearer understanding of the threats we face in our digital world .
Speaker 1Welcome to another episode of Unmasked . We'd like to welcome the Chief Security Strategist at Analyst One , also the author of the Art of Cyber Warfare you can get that from
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/unmasked-373529/special-guest-jon-dimaggio-chief-security-strategist-and-author-53486525"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to special guest: jon dimaggio, chief security strategist & author on goodpods" style="width: 225px" /> </a>
Copy