Podcast not found
Podcast not foundDigest
This podcast episode features Graham Clouley, Carol Terrio, and guest Jane Wakefield, discussing current cybersecurity threats. The episode begins by introducing Jane's new podcast, "Scan Detectors," focused on scams. A significant portion details the January 2024 hack of the SEC's Twitter account, revealing a SIM swap attack by a 25-year-old resulting in a fraudulent Bitcoin ETF approval message and a temporary price surge. The discussion then shifts to the growing problem of AI-generated disinformation, highlighting the challenges in distinguishing fake videos from real ones and the implications for a "post-truth" era. The Paris AI summit and its potential impact are briefly mentioned. Finally, the episode delves into the ongoing issue of ransomware, examining annual cybersecurity reports and debating the proposed UK ban on ransomware payments for public sector entities. The complexities of such a ban, the evolving ransomware landscape, and the fragmentation of ransomware gangs are explored.
Outlines
Introduction and SEC Twitter Hack
The episode introduces the hosts and guest, Jane Wakefield, and details the January 2024 SIM swap attack on the SEC's Twitter account, leading to a fraudulent Bitcoin ETF announcement and a temporary price spike.
AI Disinformation and Ransomware
Jane Wakefield discusses the rise of AI-generated disinformation, its impact, and the difficulties in detection. The episode then transitions to a discussion on ransomware, focusing on annual reports and the proposed UK ban on ransomware payments for public sector bodies.
Keywords
SIM Swap
A SIM swap attack involves tricking a mobile carrier into transferring a phone number to a SIM card controlled by an attacker, enabling access to accounts using two-factor authentication.
Ransomware
Malicious software that encrypts a victim's data and demands a ransom for its release. Often involves data exfiltration.
AI-generated Disinformation
Fake videos, images, and text created using artificial intelligence, used to spread false information and manipulate public opinion. Difficult to detect and combat.
Bitcoin ETF
An exchange-traded fund that tracks the price of Bitcoin, allowing investors to indirectly invest in cryptocurrency through traditional stock markets.
Cybersecurity Threats
A broad term encompassing various threats to digital security, including ransomware, SIM swap attacks, and AI-generated disinformation.
SEC Twitter Hack
The January 2024 hack of the Securities and Exchange Commission's Twitter account, resulting in a fraudulent Bitcoin ETF announcement.
Ransomware Payments Ban
A proposed ban on ransomware payments, particularly for public sector organizations, aimed at disrupting the ransomware business model.
Q&A
How did the SIM swap attack on the SEC's Twitter account work?
The attacker obtained the victim's personal information, created a fake ID, obtained a new SIM card and phone, received the two-factor authentication code, and then passed it to an accomplice to post the fraudulent message.
What are the challenges in combating the rise of AI-generated disinformation?
The sophisticated nature of AI-generated content makes it difficult to detect. Social media platforms are increasingly reluctant to moderate content, citing free speech concerns. A critical eye and media literacy are crucial for combating this.
Is a ban on ransomware payments effective?
The effectiveness is debated. It aims to disrupt the ransomware business model but may force organizations to choose between paying the ransom or facing significant operational disruptions and data breaches. The impact on cryptocurrency markets is also a concern.
What are some of the trends in the ransomware landscape?
Ransomware remains a significant threat, with attacks continuing to rise. There's evidence suggesting a decrease in payments to large ransomware gangs due to arrests and disruptions. The landscape is fragmenting, with smaller, harder-to-track groups emerging.
Show Notes
The story of how hackers managed to compromise the US Government's official SEC Twitter account to boost the price of Bitcoins, AI isn't helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware?
All this and more is discussed in episode 404 of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Jane Wakefield.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- SEC's Twitter account hacked to say Bitcoin ETFs approved - Hot for Security.
- Twitter says it’s not its fault the SEC’s account got hacked - Graham Cluley.
- SEC Twitter hack blamed on SIM swap attack - Hot for Security.
- The SEC’s X account got hacked by a 25-year-old who went by ‘AGiantSchnauzer’ and got paid in Bitcoin, feds say - Fortune.
- Pupils share conspiracy theories for fun, with girls ‘more susceptible’ - The Times.
- AI chatbots unable to accurately summarise news, BBC finds - BBC News.
- US-led cybersecurity coalition vows to not pay hackers' ransom demands - TechCrunch.
- 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments - Chain Analysis.
- Ransomware: proposals to increase incident reporting and reduce payments to criminals - GOV.UK.
- The 2024 Ransomware Landscape: ‘Looking back on another painful year’ - IT Wire.
- The Space Doctor’s Big Idea by Randall Munroe - The New Yorker.
- Reading guide: Creation Lake by Rachel Kushner - Booker Prizes.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.
- Tripwire Enterprise - Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.
- Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive playground at scanner.dev/demo
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Table of contents
United States
