The Security Swarm Podcast

In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity’s Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.

In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board’s (CSRB) report assessment of the Storm-0558 attack, the FTC’s reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions.

Key takeaways:

• The cybersecurity landscape is evolving rapidly with a variety of threats, from supply chain attacks to impersonation scams.
• Transparency and security diligence are crucial in preventing and mitigating cyber threats.
• End-user training and awareness play a significant role in enhancing overall cybersecurity posture.

Timestamps:

(05:26) – Rising Trends in Email Threats and Cybersecurity Impersonation Tactics (15:26) – The Importance of Email Security and Supply Chain Attacks in Today’s Cyber Landscape (18:12) – Uncovering the Storm-0558 Breach: Analysis and Recommendations (27:33) – FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity (34:25) – Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions (40:22) – Insights on Cybersecurity Issues and Mitigations

Episode Resources:

The Full Monthly Threat Report for April 2024

Fully automated Security Awareness Training Demo

In this episode of The Security Swarm Podcast, host Andy Syrewicze is joined by Matt Lee from Pax8 to discuss the risks associated with deploying always on remote access software on managed endpoints.  

The conversation spans various topics, including Matt Lee’s extensive background in the MSP space, where he shares insights gained from his experience with a mass ransomware event. Together, they explore the risks and implications of constant remote access, emphasizing the need for organizations to adopt a more proactive stance toward cybersecurity.  

Key takeaways: 

• Embrace the journey of continuous improvement in cybersecurity practices, focusing on being reasonable and defensible rather than striving for perfection. 
• Follow established cybersecurity controls and be willing to adapt and improve security measures over time. 
• Consider the risks associated with constant remote access and prioritize security measures that reduce exposure to threats. 
• Take small steps towards improving cybersecurity practices and be open to learning from past failures to enhance security protocols. 

Timestamps: 

(11:08) – Navigating Remote Access in Highly Regulated Managed Service Provider (MSP) Environments 

(14:02) – Maximizing Security with Just in Time, Just Enough Access 

(17:41) – The ConnectWise ScreenConnect Vulnerability and the Importance of Communication 

(26:32) – The Need for Maturity in the Cybersecurity Space 

(31:10) – Don’t Let Perfect be the Enemy of Good 

Episode Resources: 

Matt Lee 

Hornetsecurity

We’re thrilled to have Jan Bakker, a seasoned Cloud Consultant with over 10 years of IT experience, joining us from the Netherlands. In this episode, Andy and Jan explore the revolutionary concept of passkeys, a technology that aims to replace traditional passwords and enhance security by providing phishing resistance. The conversation delves into the significance of passkeys and their value in improving user experience and security measures. The guys even discuss what is currently known publicly about passkeys in M365. 

Key takeaways 

• Passkeys offer a more secure and user-friendly alternative to traditional passwords by eliminating the need for storing secrets on the server side. 

• Public key cryptography forms the foundation of passkeys, ensuring strong authentication without the risk of password breaches. 

• Passkeys provide phishing resistance and streamline the authentication process for end users, reducing the reliance on complex passwords and additional MFA steps. 

• While passkeys offer significant security benefits, they are not a standalone solution and should be complemented with other security measures such as phishing prevention and identity protection strategies. 

Timestamps: 

(00:13) – Unveiling the Power of Pass Keys in Cybersecurity with Jan Bucker 

(03:47) – The Rise of MFA Bypass Kits and Adversary in the Middle Attacks 

(14:55) – Unlocking the Future of Passwordless Authentication with Passkeys 

(24:55) – Addressing Persistent Access in Malicious Apps and OAuth: A Call for Improved Security Practices 

(29:59) – Unpacking the Importance of Phishing Resistance and Token Security in Cybersecurity 

(33:01) – Enhancing Security with Passkeys and Onboarding Procedures in Public Services 

Episode resources: 

Passkeys Directory 

Jan Bakker’s website 

The Security Swarm Podcast – EP24: The Danger of Malicious OAuth Apps in M365 

Start your free trial of M365 Total Protection

In today’s fast-paced world, digital transformation has become a necessity for businesses to stay ahead of the game. With the increasing reliance on digital tools, however, there has been a seemingly corresponding rise in security incidents. Coincidence?  

The evolving landscape of IT and technology has brought to the forefront the question of whether the latest tech “innovations” are actually accelerating security threats.  

In this episode, Andy and Paul delve deeper into this issue, exploring how businesses can balance their need for technological advancements with maintaining robust security measures to protect against cyber threats. 

Timestamps: 

(2:54) – Commentary on the Rate of Change in Technology 

(13:21) – How has Innovation in Microsoft Cloud Services Contributed? 

(23:33) – What is the Cost of Innovation on Security Postures? 

Episode Resources:

Article from Andy Robbins

Listen to episode 34

Listen to episode 22

365 Total Protection Free Trial

Ever wondered what it takes to break into the exciting world of cybersecurity? Join us in our latest podcast episode as we sit down with Grant Collins, an infrastructure security engineer and cybersecurity career coach. From choosing the right degree to navigating the hiring process, acquiring essential skills, and building a robust professional network, Grant and Andy share their personal experiences and insights.

Throughout the episode, they debate on academic vs practical learning by comparing the merits of pursuing a cybersecurity/IT degree versus gaining real-world experience and self-directed training. They discuss the pros and cons of each approach, offering valuable insights to help you chart your own path in the cybersecurity landscape.

Timestamps:

(5:08) – Why Should You Consider a Career in Cybersecurity?

(11:30) – What Educational Pathways Can I Take to Learn Cybersecurity?

(26:15) – How can I Cultivate Practical Skills in Cybersecurity?

(34:13) – What are Some Tips and Tricks for Landing a Job in Cybersecurity?

Episode Resources:

Check out Grant’s YouTube Channel

cybersecurity (reddit.com)

TryHackMe | Cyber Security Training

Hack The Box: Hacking Training For The Best | Individuals & Companies

Security headlines have been buzzing with major security events this month. In this podcast episode, Andy and Eric Siron discuss Hornetsecurity’s Monthly Threat Report, analyzing recent security incidents and sharing expert insights.

Tune in for more information on Lockbit’s takedown and its reemergence days later, the CVSS 10 vulnerability in ConnectWise Screenconnect, and the Change Healthcare cyber-attack that has practically paralyzed prescription refills and is likely contributing to numerous deaths in the US.

Timestamps:

3:32 – Hornetsecurity Industry Data Review for Feb 1st to March 1st

14:10 – The “takedown” and re-emergence of LockBit

18:33 – CVSS 10 Vulnerability in ConnectWise ScreenConnect

31:11 – Optum/Change Healthcare Ransomware Attack

Episode Resources:

Read the full report 

Lockbit Takedown Notice

ScreenConnect Vulnerability – CVE-2024-1709

Ransomware Attack on Optum / Change Healthcare

365 Total Protection

Join host Andy and special guest Philip Galea, R&D Manager at Hornetsecurity, as they explore insider threats within Microsoft 365. In this episode, the focus is on SharePoint Online and OneDrive for Business, shedding light on the nuances of insider threats and offering valuable insights on safeguarding against them. 

Tune in for expert analysis and practical tips on fortifying your defenses and protecting your organization’s sensitive data in the evolving landscape of cloud-hosted infrastructures. 

Episode Resources:

Effortlessly manage Microsoft 365 permissions 

During last week’s episode, we briefly spoke about major security incidents that took place between January and February 2024, including the Midnight Blizzard attack. Today, we’re delving deeper into the specifics of this attack. From exploiting OAuth mechanics to navigating Microsoft’s corporate environment, the attackers demonstrated a level of sophistication that evaded conventional detection controls.  

Tune in to hear Andy and Paul examine its intricate attack chain and discuss their insights on what Microsoft should do in response.  

Timestamps: 

(2:00) – What does the attack chain for this breach look like? 

(7:11) – Timeline of the Attack 

(8:53) – Thoughts on Microsoft’s Response 

(18:55) – A Definition of an OAuth App and a Service Principal 

(27:36) – What do Admins need to do about this? 

(33:20) – Does the speed of change and the scale of Cloud Services negatively impact security? 

Episode Resources: 

Andy and Paul Discuss Malicious OAuth Apps

YouTube Video from Andy Robbins

BingBang 

The Monthly Threat Report by Hornetsecurity is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. For this episode, Andy is joined by Hornetsecurity’s CTO – Dr. Yvonne Bernard, for an in-depth analysis of major security breaches and ransomware attacks that occurred between January and February 2024. 

From the Midnight Blizzard attack on Microsoft to a ransomware attack that cost Johnson Controls 27 million USD, our hosts explore what went wrong and provide expert recommendations from the Security Lab at Hornetsecurity on how to protect your business from similar threats. 

Timestamps: 

(3:20) – Email Threat Trends from January 

(6:51) – What were the Most Targeted Industries for January? 

(9:52) – What were the most impersonated brands in January? 

(12:30) – A Discussion on the Midnight Blizzard attack on Microsoft 

(22:38) – The Recent Breach of AnyDesk 

(27:15) – $27 Million Cost of Ransomware attack on Johnson Controls 

(32:34) – A C-Suite Look at Microsoft 365 Co-Pilot and the Danger of Misconfigured Permissions 

Episode Resources:

Episode on Malicious OAuth Applications

Microsoft post on Midnight Blizzard Attack

Detailed Tactics Post from Microsoft on Midnight Blizzard Attack

Any Desk Public Announcement

Effortlessly manage Microsoft 365 permissions, enforce compliance policies, and monitor violations with 365 Permission Manager

Monthly Threat Report – February 2024

The use of Large Language Models (LLMs), like ChatGPT has skyrocketed, infiltrating multiple facets of modern life. In today’s podcast episode, Andy and Paul Schnackenburg explore Microsoft 365 Co-Pilot and some surprising risks it can surface. Microsoft 365 Co-Pilot is more than just a virtual assistant: it’s a powerhouse of productivity! It is a versatile generative AI tool that is embedded within various Microsoft 365 applications, and as such, it can execute various tasks across different software platforms in seconds. 

Amidst discussions about Co-Pilot’s unique features and functionalities, many wonder: How does M365 Co-Pilot differ from other LLMs, and what implications does this hold for data security and privacy? Tune in to learn more!

Timestamps:

(4:16) – How is Co-Pilot different from other Large Language Models? 

(11:40) – How are misconfigured permissions a special danger with Co-Pilot? 

(16:53) – How do M365 tenant permission get so “misconfigured”? 

(21:53) – How can your organization use Co-Pilot safely? 

(26:11) – How can you easily right-size your M365 permissions before enabling Co-Pilot? 

Episode Resources:

Paul’s article on preparing for Co-Pilot

Webinar with demo showcasing the theft of M365 credentials

Start your free trial of M365 Total Protection

Effortlessly manage your Microsoft 365 permissions