In this episode, Andy sits down once again with Paul to continue their conversation about Microsoft’s struggles with security. The episode focuses on a recent report from ProPublica about a Microsoft whistleblower named Andrew Harris. The report alleges that Microsoft was aware of a serious vulnerability in its on-premises Active Directory Federation Services (ADFS) software that could have enabled the SolarWinds supply chain attack, but chose not to fix it or disclose it to customers.

Andy and Paul discuss how Microsoft’s focus on new features and cloud growth over security, as well as the desire to win lucrative government contracts, may have contributed to this decision. They also touch on the challenges faced by Microsoft’s security response team and the broader issue of security being seen as a cost center rather than a profit driver.

Key Takeaways:

• Microsoft ignored a serious ADFS vulnerability that could have enabled widespread attacks.
• Security is often viewed as a cost center at Microsoft, rather than a profit driver. This mindset led to the ADFS vulnerability being ignored, as fixing it was not seen as a priority compared to delivering new features and products.
• Microsoft was criticized for not being transparent about the ADFS vulnerability and not giving customers the option to implement mitigations, even if it meant sacrificing some functionality.
• The ADFS incident is symptomatic of broader security culture problems at Microsoft, where security is not always prioritized, and technical debt or legacy systems are not adequately addressed.

Timestamps:

(02:22) – Explaining the Whistleblower’s Allegations and the SolarWinds Attack

(07:32) – Vulnerability in ADFS and Microsoft’s “Security Boundaries” Argument

(13:06) – Why Was the Issue Swept Under the Rug?

(19:16) – The Challenges Faced by the Microsoft Security Response Center (MSRC)

(26:24) – Satya Nadella’s Comments on Prioritizing Security over New Features

(27:38) – The Controversy Around the “Recall” Feature in Windows 11

Episode Resources:

ProPublica Article

In this episode of the Security Swarm podcast, host Andy is joined by Romain Basset from Hornetsecurity to discuss the cybersecurity implications of the upcoming 2024 Olympic Games in Paris, France. The conversation explores how the geopolitical landscape, with ongoing global tensions and conflicts, creates a high-profile stage that threat actors may target for hacktivism, financial gain, or destabilization.

Throughout the episode, they highlight the increased risks leading up to the 2024 Games, noting that French infrastructure has already been targeted by various threat actor groups, including DDoS attacks. They discuss the blurring lines between cybercrime and geopolitical threats, with many threat actors now engaging in both financially and politically motivated attacks.

Key takeaways:

• The Olympics are a prime target for cyber-attacks due to the global attention and geopolitical tensions surrounding the event.
• Past Olympic games have seen a variety of cyber-attacks, including distributed denial-of-service (DDoS) attacks, malware, and false flag operations to mislead attribution.
• Cyber-attacks targeting the Olympics can have far-reaching consequences, including international chaos, disinformation campaigns, and real-world impacts on businesses and infrastructure.
• While the threat landscape is complex, the best defense is to focus on cybersecurity basics like user training, multi-factor authentication, and regular backups – rather than getting distracted by the latest “shiny object” threat.

Timestamps:

(01:15) – Why Cybersecurity is Important for the Olympics

(02:25) – Geopolitical Tensions and Threat Actors

(04:31) – Potential Cyber Attacks – Scams, Extortion, Disinformation

(06:50) – The 2018 Pyeongchang Olympics Cyber Attack

(12:48) – False Flags and Attribution Challenges

(16:05) – Overlap Between Cybercrime and Geopolitical Destabilization

(19:13) – Real-World Impacts of Geopolitical Cyber Tensions

(23:08) – Cybersecurity Best Practices and Advice

Episode Resources:

Read our blog about Russia’s notorious history of attacking the Olympics

Protect your business before it’s too late with 365 Total Protection

Train your users to spot phishing emails during the Olympics with Security Awareness Service

For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed. 

This is part 2 of a 2-part episode.

For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed.

This is part 1 of a 2-part episode, with part 2 coming next week.

Key Takeaways:

• AI-powered tools are a double-edged sword, capable of both beneficial and malicious applications.
• Botnets and malware continue to be a persistent threat, as attackers adapt and find new ways to circumvent disruptions.
• Email-based social engineering remains a significant vulnerability, as human nature makes it a difficult problem to solve.
• Immutability and backups are critical for protecting against ransomware and data loss.
• Securing cloud-based platforms like Microsoft 365 requires a nuanced approach, as the responsibility is shared between the provider and the customer.
• Security awareness training can be challenging to implement effectively, requiring a balance between engagement and cost.
• Navigating the relationship between IT administrators and CISOs is crucial for effective security management.

Timestamps:

(00:31) Using ChatGPT to create ransomware – still a relevant and evolving topic

(02:22) How tech pros should handle security news and zero-days

(09:09) The re-emergence of Emotet and the challenges of disrupting botnets

(12:04) The persistent problem of social engineering and email attacks

(13:25) The importance of immutability and backups against ransomware

(16:29) The security of Microsoft 365

(19:35) Deep dive on the QuickBot malware

(20:20) The necessity of advanced threat protection (ATP)

(22:58) Guidance on effective security awareness training

(25:41) Tips for IT admins on working with CISOs

(26:07) Microsoft’s throttling of legacy on-premises Exchange servers

(28:11) Discussing Episodes 12 and 13, recorded live at InfoSecurity Europe, on compliance and security horror stories

In this episode of the Security Swarm Podcast, host Andy is joined by Romain Basset, the Director of Technology Strategy at Hornetsecurity. They’re exploring the topic of Open-Source Intelligence (OSINT) – what it is, how threat actors use it to launch effective attacks, and the dangers it poses.

Throughout the episode, they discuss the ease with which OSINT can gather information using AI and other tools and provide examples of how it can be used in phishing, business email compromise, and even deep fake attacks. The conversation also touches on the importance of privacy awareness and security awareness training to mitigate these threats.

Key Takeaways:

• OSINT refers to publicly available information that threat actors can easily gather to launch targeted attacks. This includes social media profiles, online forums, data breach databases, and more.
• Threat actors are using OSINT to not only target individuals, but also find vulnerabilities in organizations’ web-facing software and infrastructure.
• Combating OSINT-powered attacks requires a multi-pronged approach of improving privacy awareness and implementing robust security awareness training programs.

Timestamps:

(02:24) – Definition of OSINT

(07:17) – How AI makes OSINT-powered attacks easier

(15:22) – Using OSINT to target organizations

(25:35) – Mitigating OSINT-powered attacks

Episode Resources:

Train your users with a personalised Security Awareness Service

Business Email Compromise: The $43 Billion Scam

In this episode of the Security Swarm Podcast, host Andy and recurring guest, Paul, talk about the challenges and opportunities organizations face amidst the Broadcom acquisition of VMware. They discuss the steep price hikes for VMware licenses and the security vulnerabilities recently discovered in VMware products.

This acquisition has prompted many businesses to consider alternative solutions, and the episode provides a comprehensive overview of the available options within the Microsoft ecosystem. They cover a range of migration strategies, including moving to the Microsoft ecosystem through Azure, Azure Stack HCI, and on-premises Hyper-V solutions.  Andy and Paul offer valuable insights into ensuring a secure and seamless transition away from VMware, making this episode essential listening for IT professionals navigating these significant changes.

Key takeaways:

• Broadcom’s Acquisition of VMware is Causing Major Disruption due to massive license cost increases of 300-500% for many organizations.
• Microsoft Hyper-V is a Viable Alternative to VMware. It offers a mature, enterprise-ready hypervisor that can be a cost-effective replacement for VMware.
• Azure Stack HCI Provides an On-Premises VMware Alternative. It provides a hyperconverged infrastructure solution with Hyper-V at the core, along with integration to Azure services for management and modernization.
• Security pitfalls can arise when organizations rush to migrate away from VMware due to the Broadcom situation. Proper planning, understanding the security posture of the new platform, and ensuring critical configurations like backup are in place are essential to mitigate risks.

Timestamps:

(02:51) – Vulnerabilities in VMware

(07:30) – Migrating to the Microsoft Ecosystem

(13:38) – On-Premises Microsoft Options

(38:45) – Security Considerations for Migrations

(44:52) – Pragmatic Approach to Platform Selection

Episode Resources:

Microsoft and Broadcom to Support License Portability

Paul’s article on options for migrating from VMware to Microsoft 

VMware Sandbox Escape Bugs