CyberWire Daily - Iran's covert cyber operations exposed.
Episode Date: April 24, 2024The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water... treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes: Cryptographic life cycle Cryptographic method Public key infrastructure (PKI). Industry Voices On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Selected Reading Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers) Congress passes bill that could ban TikTok after years of false starts (Washington Post) Russian hackers claim cyberattack on Indiana water plant (The Record) Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.) Global attacker median dwell time continues to fall (Help Net Security) New Password Cracking Analysis Targets Bcrypt (SecurityWeek) North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine) Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer) Sweden's liquor shelves to run empty this week due to ransomware attack (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. The DOJ indicts four Iranian nationals on hacking charges.
Legislation to ban or force the sale of TikTok heads to the president's desk.
A Russian hacking group claims a cyber attack on an Indiana water treatment plant.
A roundup of dark web data leaks. Mandiant monitors dropping dwell times. B-crypt bogs
down brute forcing. North Korean hackers target defense secrets. In our Learning Layer segment,
hosts Sam Meisenberg and Joe Kerrigan continue their discussion of Joe's ISC2 CISSP
certification journey. On our Industry Voices
segment, Tony Vileccia, CEO of Cyberproof, joins us to explore some of the pain points that CISOs
and CIOs are experiencing today and how they can improve their cyber readiness.
And ransomware may leave the shelves of Sweden's liquor stores bare.
It's Wednesday, April 24th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. briefing. Thanks for joining us here. It is great to have you with us. The U.S. government has indicted four Iranian nationals for hacking operations targeting various U.S. entities,
nationals for hacking operations targeting various U.S. entities, including the Treasury and State Departments, defense contractors, and two New York-based companies, allegedly
for the Iranian Islamic Revolutionary Guard Corps.
They face charges of computer fraud and wire fraud, with potential sentences ranging up
to 20 years for each count of wire fraud.
Additionally, the Treasury Department has sanctioned these individuals,
and the State Department is offering up to $10 million for information leading to three of the men.
The operations involved two IRGC front companies and lasted from 2016 to at least April 2021,
primarily targeting defense contractors and other U.S. businesses.
Congress has passed legislation mandating the sale or ban of TikTok due to national
security concerns related to its Chinese ownership by ByteDance. The bill, which received
strong bipartisan support, was part of a larger package that also included
aid for Israel, Ukraine, and Taiwan. The Senate approved it with a significant majority,
and President Biden is expected to sign it into law. Once enacted, ByteDance will have about nine
months, extendable by 90 days, to divest TikTok. The legislation highlights the serious concerns about potential Chinese
government access to American data through TikTok, despite the app's economic and cultural
influence in the U.S. TikTok disputes these claims and plans to legally challenge the legislation,
arguing it infringes on free speech rights. The move marks a significant step in the U.S. government's ongoing scrutiny
over foreign technology influences and data security.
A hacker group known as the Cyber Army of Russia
has claimed responsibility for a cyber attack on the Tipton wastewater treatment plant in Indiana,
as revealed in a video on their Telegram channel. Despite the
group's claim, local officials confirmed the attack but stated that the facility continued
to operate normally with minimal disruption. The group, which has been linked to the Russian
state actor Sandworm by security firm Mandiant, has a history of targeting U.S. infrastructure
and portrays itself as a hacktivist
collective. The true extent of the damage from the attack remains unclear as investigations are still
ongoing. The SOC Radar dark web team discovered a database leak from Honda Vietnam containing
sensitive customer information. This leak is part of a broader collection of cyber threats
the team has discovered being offered on dark web markets,
including a new insider information service
and a malware service which endangers corporate and email security.
Moreover, sensitive data of Chinese citizens using Huawei and iPhones
obtained from major carriers is being marketed.
Additional detected threats include unauthorized network access for sale to a French construction
company and data from critical U.S. airports also for sale. Mandiant's M-Trends 2024 report
indicates a notable improvement in global cybersecurity,
with the median dwell time for attackers within systems dropping to just 10 days in 2023 from 16 days in 2022.
This reduction is attributed to a higher proportion of ransomware incidents
and better internal detection capabilities, as organizations have enhanced their systems defenses.
Despite this progress, the report highlights a rise in the use of zero-day exploits by attackers
to evade detection and extend their presence in compromised systems. Notably, the Asia-Pacific
region saw the most significant decrease in dwell time, while the EMEA region experienced a slight increase.
The report stresses the importance of maintaining vigilant threat hunting and
effective incident response strategies to counter these evolving cyber threats.
The latest analysis on brute force password cracking from Hive Systems now focuses on passwords hashed with bcrypt, shifting from
the less secure MD5 algorithm. Using NVIDIA GeForce RTX 4090 GPUs, the study found that
passwords under 7 characters can be cracked within hours. Comparatively, weak 11-character
passwords now take 10 hours to crack with bcrypt,
a significant improvement from being instantly broken last year.
Strong passwords exceeding 8 characters featuring a mix of numbers, symbols, and mixed-case letters
remain secure for months or even years.
Hive's results highlight the robustness of bcrypt for protecting well-constructed passwords
and caution against the predictability of non-randomly generated passwords,
which can be cracked much faster.
South Korean police have exposed a substantial hacking campaign by North Korea
that compromised defense secrets from up to 83 defense contractors and subcontractors over a year.
defense secrets from up to 83 defense contractors and subcontractors over a year.
The campaign, led by North Korean state-backed groups Lazarus, Kim Suk-hee, and Andariel,
successfully extracted sensitive data from 10 companies between October 2022 and July 2023.
Many targeted companies were oblivious to the breaches until notified by police.
Techniques used included exploiting email vulnerabilities to download files without authentication,
hijacking accounts with poor password practices, and malware introduction through compromised third-party maintenance accounts.
Meanwhile, North Korean hackers exploited the update mechanism of eScan antivirus
to deploy the GuptaMiner malware on large corporate networks, according to a report by Avast.
This sophisticated malware, hidden within normal antivirus updates,
gains system-level access through DLL sideloading, using eScan's legitimate operations.
side-loading using eSCAN's legitimate operations. It then fetches additional payloads,
establishes persistence, and manipulates DNS, among other malicious activities.
GuptaMiner also checks for the presence of specific security and monitoring tools to avoid detection and executes on machines with sufficient hardware resources to evade sandbox detection.
Despite remediation efforts by eScan, including more secure update protocols,
infections persist, suggesting some systems remain vulnerable.
Avast links Guptaminer to the North Korean group Kimsookie,
based on operational similarities. Coming up after the break, on our Learning Layer,
Sam Meisenberg and Joe Kerrigan continue Joe's CISSP certification journey.
In our Industry Voices segment, Tony Vilecha, CEO of Cyberproof,
joins us to explore some of the pain points that CISOs and CIOs are experiencing today.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty. We could go skating. Too blues. We could try hot yoga. Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages,
it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply. Air Transat. Travel moves us.
Do you know the status of your compliance controls right now? Like, right now? We know
that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's Vanta.com slash cyber for a
thousand dollars off. And now a message from Black Cloak. Did you know the easiest way for cyber
criminals to bypass your company's defenses is by targeting your executives and their families a message from Black Cloak. Did you know the easiest way for cyber criminals
to bypass your company's defenses
is by targeting your executives
and their families at home?
Black Cloak's award-winning
digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives
are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached. Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
On our latest Learning Layer segment,
host Sam Meisenberg joins my Hacking Humans co-host Joe Kerrigan to continue their discussion of Joe's CISSP certification journey. Welcome back to another Learning Layer segment.
We're joined again by Joe Kerrigan
as he gets ready for his CISSP.
So Joe, you, since last time we talked,
you were making good momentum.
Yep.
You finished Domain 2 and you're on to Domain 3.
So, what do you, very different flavor of material,
Domain 2 to Domain 3.
Domain 3 is a little more technical.
Yes.
So, how did that feel?
I love the cryptography stuff.
Yeah, yeah.
You know, that was all very, very native to me.
Yeah.
There's not, first off,
they're not teaching you how to be a cryptographer.
Right, right.
Don't worry.
You don't have to worry,
understand how, why factoring large prime,
large products and prime numbers is N-hard.
Yeah.
You don't need to know that.
Yeah.
In fact, that's the only thing I really understand
about asymmetric cryptography. Sure. Is very large prime numbers multiplied together. But that's one
algorithm. And also, while we're on the topic, I remember that you're a crypto guy because when we
talked about the diagnostic, maybe even for like the CC exam, you were mad because it was technically
a wrong answer choice. I was mad. Right. I was mad about a wrong answer on the CC exam, you were mad because it was technically a wrong answer choice
about...
I was mad.
Right.
I was mad about a wrong answer
on the CC exam
that I don't think
should have been wrong.
Right.
And it was because
it was how do you ensure integrity
and they said,
well,
the answer was hash.
Right.
Right.
But if you just send a hash
and I intercept that message,
I'm changing the hash as well.
So you have to encrypt that hash with your private key,
and that becomes the digital signature.
Right, exactly.
So you need both.
Exactly.
You need a hash and a private key.
They talk about that here.
Right, exactly.
I was about to say,
it's almost a perfect tie-in because those who might be studying along with Joe,
you know,
the reason why that it ensures non-repudiation
is because, as you said, since this is encrypted with the sender's private key, what's the
only thing in the world that could decrypt it?
It's the sender's public key.
Which means it had to be encrypted by the sender's private key.
And who's the only person in the world with the sender's private key?
The sender. The sender. That's how you know it came from the person.'s private key. And who's the only person in the world with the sender's private key? The sender.
The sender.
That's how you know it came from the person.
Yeah, right.
In theory, that's the way it is.
And if somebody breaches your private keys,
then that's a problem, of course.
But let's not assume
that we're talking about that kind of error.
We're talking about an error,
you know, a situation where
all the key management is happening well
and the system is working as it should be,
you're correct. That provides non-repudiation. So, Joe, what's interesting is you have a background
in crypto. You're probably really strong on Domain 3, yet you told me before we started recording
that you watched all of the videos in the short video library and you watched the longer videos.
Yeah, this is the way I'm going through the course. So that's fine. I will say it's probably, you know, not how most people do it. Okay. Which again,
whatever works for different people. But can you tell me about, I guess, just walk us through the
difference between the short videos and the longer ones and then maybe what you're getting from each
when you go through it.
Okay. So I'll tell you what I'm doing with each. First with the short videos, I just have in my Google Drive, I have a series of notes files for each domain. So, so far I have domains one,
two, and three as note files. And I'm going through these videos. They're in a logical order. And sometimes there are multiple videos under a topic and I'm just going through. And as I'm going through these videos. They're in a logical order.
And sometimes there are multiple videos under a topic.
And I'm just going through.
And as I'm going through, I'm taking notes.
And I'm probably generating at least five or six pages of notes per domain.
But that's also kind of helping me as I learn through it.
But that's also kind of helping me as I learn through it. Once I get through the domain, then I go and I look at the video that is, you know, the lecture that talks about that domain.
There's just one, like usually one-hour lecture that goes over the content of the domain.
Yep.
And that is also paired with a book, you know, a notebook that's in the materials that I've printed
out. And I'm going through now with a piece of paper and a mechanical pencil, writing down things,
notes in this as well. So I don't have any sources on this, but I have educators who have told me,
so I'm going to believe the educators,
that writing things down with your hand and writing things down by typing them are two different modalities.
So you're going to be using different parts of your brain,
which means that you stand a better chance of recalling the data.
So I'm doing it twice for that reason.
Yes, I'm going through all the material,
and you've said that that's not how most people use the course,
but that's how I'm using it.
Sure.
You know, and if you paid for the material,
you might as well look at all of it, right?
But the point I want to make about those videos is that
since they are just, again, more of an overview of the domains, it pulls out all the most important testable material from the domain.
Right.
So it's almost like you're in the weeds with the short videos.
Yep.
In the video library, and then you zoom out a little bit, and you see the whole forest and how things kind of, you know, come together and all the connections across the domain on all the stuff
that is really important for the exam. Right. So, if we harken back to domain one, we start talking
about the risk management and quantified risk management. There's all those formulas back there
that I, frankly, I needed to sit through those lectures because those were very helpful. And
once you've seen those lectures, it's very intuitive. Yeah, sure.
And I thought that the cryptography lectures were also helpful to go through things,
even though I already knew a lot of the stuff that was in there.
Yeah, exactly. And another point is that you basically want to bank time on easy questions.
Like on exam day, you want to answer the ones that you know really well as quickly as possible, right?
Right.
So that when you're struggling or wrestling between two answer choices,
you have a little bit extra time to kind of make that decision.
So basically by really owning your strengths, it actually lets you go faster on test day.
Right.
Which helps you with your weaker areas.
Yes.
it actually lets you go faster on test day,
which helps you with your weaker areas.
Yes.
So Joe, I would normally end the episode by asking you if you have any content questions about Domain 3 of what you studied,
but I should be asking you because you're the expert.
So we'll just end it there.
We look forward to continuing your journey
and learning next time about Domain 4.
That's my Hacking Humans co-host, Joe Kerrigan,
with N2K's Sam Meisenberg.
Tony Valencia is CEO of Cyberproof, And in today's sponsored Industry Voices segment,
he joins us to explore some of the pain points that CISOs and CIOs are experiencing
and how they can improve their cyber readiness.
The landscape is changing dramatically for companies here in the U.S. that are public.
For example, the SEC rules were just rolled out.
So if you are talking in the CISO
circles, they're worried about potential criminal liability as well as all the new requirements that
are coming and how they have to be very careful about understanding what's material and what's
not. More generally, I think CISOs are struggling with the fact that there's just a massive explosion of new types of attacks.
I can rattle off a few statistics here.
We have a threat intelligence team, so we keep track of some of this ourselves.
And over the last few months, we've had over 2,400% increase in number of posts
and dark web forums about chat TPT.
So you're seeing, as you know, chat TPT got started last year.
So you're seeing a rapid increase in the curiosity and ways, things you can do,
although we're not seeing the attacks and things happen.
But you are seeing things like 135% surge in social engineering attacks.
Many of these use chat TPT to get better, right?
So it's much easier to create an attack, ask it to write something, and it's much more effective.
We used to be able to count on misspellings and things like that.
We're seeing a fairly big increase in the types of attacks coming from the conflicts there in Ukraine and probably Israel as well,
but going from around 9.8% to 46% of the types of attacks.
And these tend to be more advanced persistent threat type of attacks.
And the other one I'll just throw out is there are 78% of organizations
that were attacked by ransomware
were targeted by multifaceted types of extortions, right?
So they not only attack you
and come in with an attack and lock up your data,
they also steal the data
and then they hold you ransom for bringing your data back,
but also whether they're going to leak it.
On top of that, they've been working with both IT and OT, so we're seeing different
types of endpoints and devices targeted.
So from an attacker standpoint, there's just a tremendous amount of change in things that
are happening.
Now, the other thing that I'll mention is there are, in the security space in general,
CISOs are generally buying preventative
solutions and things like that. There are just so many out there and many are starting to question,
are there too many? Have I bought too many? Do I have them all implemented? And can I keep layering?
So you're starting to see a little bit of a worry about maybe I need to consolidate some of this and
bring it together. We're also seeing, as usual, a lack of skilled labor in our industry.
You just cannot find people.
And these are complex skills to be able to diagnose types of attacks
or even to be able to develop secure architectures.
We've always had kind of a cost problem.
Nobody wants to pay for cyber insurance in a corporation
because it's like buying insurance.
You hope you don't get attacked,
but you have to do the basics around regulatory compliance.
But you have that.
But we're seeing more,
the need to bring in more and more data
to be able to defend ourselves.
And this gets very expensive
in terms of the core solution like SIMS
within security operations.
I kind of mentioned the explosion of endpoints,
but you can imagine, I like to say,
even the car is the endpoint these days, right?
Because now you have self-driving cars
that are talking to the internet
and to the cloud applications,
and these become various new ways
of creating threats to our environment.
And finally, I'll just mention this,
but the attacks are getting faster,
meaning what used to happen over months, low and slow, is now happening very fast with the use of Gen AI.
So, multifaceted problem that CISOs have, it's growing in every dimension you can think of.
Can we tackle the terminology itself? I mean, in your view, what comes under the umbrella when you say cyber readiness?
What does that entail?
I like to follow the NIST model, actually.
And you're actually seeing that what's coming under the security umbrella is expanding.
Regulatory compliance has always been there.
It's everything from just making sure your users are properly trained or your people are properly trained to understand and not create errors when it comes to cyber attacks.
Generally, though, you're looking at, within the compliance, all the things you need to do to make sure you're preventing.
There's a setup part, which is making sure you have your users managed, you have your assets, inventory uncovered, but then you need to prevent attacks.
So there's generally a layering of technology that CISO selects to be able to make sure that they're preventing the attacks most effectively.
But then the security operations, which is the ability to detect and respond to attacks.
And then the last dimension of NIST is recover.
And I think it's interesting.
It's an area of opportunity
because many have not really done as much here.
But if you think of ransomware,
we have to think not only about how I contain the attack
so it's not further propagating,
but if my systems are impacted, for example,
and they're down,
I have to bring them up within a certain amount of time so the business impact is minimized.
So all of this comes under the realm of a subcategory, but it's a hot topic.
And that's just what I call vulnerability and posture management, which is the ability to make – in preventing cyber attacks, you want to make sure that you're not introducing vulnerabilities.
And every day there's a new software patch or something that comes out.
and every day there's a new software patch or something that comes out.
But in the case of cloud, there's an opportunity because there's posture management, which means you can put your policies out there,
and as soon as a firewall rule is changed or something changes,
which is outside of your security policy,
you can be notified or you can even have auto-patching to correct much of that.
Well, let's talk about some of the solutions here.
I mean, from your point of view, how can these cybersecurity leaders come at this issue?
Oh, that's a great question.
So I'm going to spend probably a little more time
on what I call the prevent, detect, and respond.
Because I think there's a lot of folks
that will talk about compliance,
and we can talk about compliance in a problem
because we're seeing more and more requirements coming in there.
They're splintered.
But let's talk a little more about really protecting against the actual attacks themselves.
Now, one of the key challenges I mentioned before for CISOs is we're just seeing more and more products every day, which is great because there's innovation.
But the challenge is it's up to the CISO
to do a lot of the integration of these products
or the CISO or the engineering teams
and to be able to make these solutions work together.
So, and it gets complicated
because it changes rapidly.
I think we're starting to see, and this is a good thing,
some consolidation in the industry. And it's also happening in a space, when you go to the
events that CISOs go to, you generally see the same players. But in the new world, you're starting
to see players like Microsoft and Google get into the game.
So as a hyperscalers start getting involved, they're consolidating.
So, for example, Microsoft has made many acquisitions, different products and solutions.
They're creating an integrated security center.
In the case of Google, very similar approach there.
They're really built.
They've done an acquisition around SOAR. They use their search capability to create really a next
generation high performance SIEM. And then they
acquired Mandiant, which brings a lot of the intel and data around
attacks and security. So they're starting to consolidate from that
angle as well. I think one of the things that
the opportunity for many of the security specialists
today is to start stepping back and taking a more fundamental look. Their organizations are going
through kind of a cloud-first strategy already. So it's a good opportunity to step back and say,
should I rethink my technology stack? Are there ways to save money at the same time? I think this
is critical. All of us, the major complaints when CISOs get together is just, there's only so much
budget to do so much. There's only so many people that they can do it. They always feel they're
behind the curve and not able to keep up. So I think this becomes an opportunity
as we go forward to create those solutions.
Now, those solutions are not just,
they're really falling to prevent, detect, and respond.
And frankly, even a recovery area
because cloud offers a number of new ways
to set up for recovery.
How do you recommend folks get started here?
You know, it seems,
I can imagine somebody looking at this and thinking,
this is an overwhelming problem.
You know, where do I take my first bites
or my first nibbles at this?
Any words of wisdom there?
You know, unfortunately,
what that sort of depends on where you are,
but I'd say more fundamentally,
I do think it's good to step back.
Because some of this information you're not getting through your normal channels, for example.
I think you'll start seeing more and more of it this year as we see the hyperscalers get more deeply involved.
You'll start seeing them at the typical security events.
But I think it is time to take a look at the hyperscalers, what they're doing. Does it
offer you a different way of looking at some of these problems? One of the more fundamental
opportunities or one of the more fundamental trends that I think is driving this is the
generative AI trend itself, right? And what that means is you're seeing the advent of these co-pilots.
That's what Microsoft calls it.
And what they mean is
if you are in the process
of trying to understand all this,
corporations generally have silos.
You can have one that's
team is doing vulnerability management.
Another team is patching.
Another team that's your security operations.
Sometimes for larger corporations, threat hunting and threat intelligence teams are separated.
But the ability to have co-pilots that can see across large sets of data, understand language,
and be able to interpret and correlate some of these things at that level is, I think, is a game changer.
level is, I think, is a game changer. So when we start looking at problems in cybersecurity,
one of them is just getting data into a place or a structure that, when I talked about integrating these products, that it's more useful. And there are opportunities to save money when you do that
on cloud, right? Because you can set up the large-scale data lakes are being designed
for logs and other sources, and there's means of storing that. And potentially even talking with
the CTO about structuring the same log sources for both IT and OT that can be used together.
So there are, I think my first recommendation is take a look into the opportunities that many of the clouds,
the new solutions that are coming out in the cloud offer you.
I think it's a fundamental shift.
I still think there's a best-of-breed approach in various different areas.
So it totally depends on what you are and what you've already procured,
where your licenses are when they expire,
and what's been integrated and
implemented properly. But I think a very fundamental recommendation is just take a look at what
this new trend of consolidation and hyperscalers and things are starting to look like.
That's Tony Valencia from Cyberproof.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, a ransomware attack
has left Sweden's exclusive liquor distributor scrambling,
potentially leaving the shelves of the nation's sole alcohol retailer sparse by week's end.
The cyber assault has been attributed to a North Korean group by the distributor's CEO
and threatens not just the availability of spirits,
but also the essential paper bags needed to carry them home.
This digital drama unfolds as Sweden revamps its national cybersecurity center,
integrating it with the country's signals intelligence to enhance its cyber defense,
following what the government criticized as subpar performance.
The urgency for better security measures was underscored earlier this year when
Teitovre, a major cloud services provider in Sweden, also fell victim to a ransomware attack,
impacting numerous customers and forcing some store closures. So, clearly, Sweden's digital
defenses are being tested as they work to cork these cybersecurity shortfalls.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com. We'd love to know what you think of this podcast. You can email us Thank you. dot com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music by
Elliot Peltzman. Our executive producers are Jennifer Iben and Brandon Karp. Our executive
editor is Peter Kilby and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable Thank you. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.