The Security Swarm Podcast
Welcome to The Security Swarm Podcast – a weekly conversation of the most critical issues facing the world of cybersecurity today, hosted by Andy Syrewicze, Security Evangelist at Hornetsecurity. From the malicious use of AI tools to social engineering scams, each episode hones in on a pertinent topic dissected by an industry expert and backed up by real-world data direct from our Security Lab.
The world of cybersecurity should not be taken on alone – it’s time to join the swarm.
Spotify
Google Podcasts
Apple Podcasts
Youtube
Microsoft vs Midnight Blizzard
During last week’s episode, we briefly spoke about major security incidents that took place between January and February 2024, including the Midnight Blizzard attack. Today, we’re delving deeper into the specifics of this attack. From exploiting OAuth mechanics to navigating Microsoft’s corporate environment, the attackers demonstrated a level of sophistication that evaded conventional detection controls.
Tune in to hear Andy and Paul examine its intricate attack chain and discuss their insights on what Microsoft should do in response.
Timestamps:
(2:00) – What does the attack chain for this breach look like?
(7:11) – Timeline of the Attack
(8:53) – Thoughts on Microsoft’s Response
(18:55) – A Definition of an OAuth App and a Service Principal
(27:36) – What do Admins need to do about this?
(33:20) – Does the speed of change and the scale of Cloud Services negatively impact security?
Episode Resources:
Andy and Paul Discuss Malicious OAuth Apps
Midnight Blizzard, AnyDesk Breach & a $27 Million Ransomware Attack
The Monthly Threat Report by Hornetsecurity is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. For this episode, Andy is joined by Hornetsecurity’s CTO – Dr. Yvonne Bernard, for an in-depth analysis of major security breaches and ransomware attacks that occurred between January and February 2024.
From the Midnight Blizzard attack on Microsoft to a ransomware attack that cost Johnson Controls 27 million USD, our hosts explore what went wrong and provide expert recommendations from the Security Lab at Hornetsecurity on how to protect your business from similar threats.
Timestamps:
(3:20) – Email Threat Trends from January
(6:51) – What were the Most Targeted Industries for January?
(9:52) – What were the most impersonated brands in January?
(12:30) – A Discussion on the Midnight Blizzard attack on Microsoft
(22:38) – The Recent Breach of AnyDesk
(27:15) – $27 Million Cost of Ransomware attack on Johnson Controls
(32:34) – A C-Suite Look at Microsoft 365 Co-Pilot and the Danger of Misconfigured Permissions
Episode Resources:
Episode on Malicious OAuth Applications
Microsoft post on Midnight Blizzard Attack
Detailed Tactics Post from Microsoft on Midnight Blizzard Attack
Co-Pilot and Misconfigured Permissions – A Looming Threat?
The use of Large Language Models (LLMs), like ChatGPT has skyrocketed, infiltrating multiple facets of modern life. In today’s podcast episode, Andy and Paul Schnackenburg explore Microsoft 365 Co-Pilot and some surprising risks it can surface. Microsoft 365 Co-Pilot is more than just a virtual assistant: it’s a powerhouse of productivity! It is a versatile generative AI tool that is embedded within various Microsoft 365 applications, and as such, it can execute various tasks across different software platforms in seconds.
Amidst discussions about Co-Pilot’s unique features and functionalities, many wonder: How does M365 Co-Pilot differ from other LLMs, and what implications does this hold for data security and privacy? Tune in to learn more!
Timestamps:
(4:16) – How is Co-Pilot different from other Large Language Models?
(11:40) – How are misconfigured permissions a special danger with Co-Pilot?
(16:53) – How do M365 tenant permission get so “misconfigured”?
(21:53) – How can your organization use Co-Pilot safely?
(26:11) – How can you easily right-size your M365 permissions before enabling Co-Pilot?
Episode Resources:
Paul’s article on preparing for Co-Pilot
Webinar with demo showcasing the theft of M365 credentials
The Dark Side of QR Codes
QR Codes are used everywhere in our society, from reading restaurant menus to accessing Wi-Fi networks and authenticating payments. However, as with any technological advancement, there’s a flip side. While QR codes are not malicious in their essence, the landscape has shifted in recent years.
Threat actors have evolved their tactics to exploit QR codes in various ways, posing new cybersecurity challenges. In this episode, host Andy teams up with Microsoft Certified Trainer Paul Schnackenburg to discuss the darker side of QR codes and the different ways in which threat actors are deceiving individuals.
Episode Resources:
The Danger of Malicious OAuth Apps in M365
Train your users to spot malicious emails with the Security Awareness Services Demo
Safeguard your users from malicious QR codes with Advanced Threat Protection
EP30 (PART 2): Dissecting Microsoft’s Secure Future Initiative
In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors.
Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications.
Episode Resources:
Episode 17: On-Prem Security vs. Cloud Security
Microsoft’s Announcement Regarding the Secure Future Initiative
EP30 (PART 1): Dissecting Microsoft’s Secure Future Initiative
In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors.
Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications.
Stay tuned for part 2!
Timestamps:
(2:55) – An Update on the Microsoft Storm-0558 Breach
(8:40) – The Microsoft Secure Future Initiative (SFI)
(12:12) – Comparison with the 2002 Trustworthy Computing Initiative Memo
(17:39) – The Trustworthiness of On-Prem vs. The Cloud
(23:04) – How Does Microsoft Want to Use AI in Security?
Episode Resources:
365TP Compliance & Awareness Free Trial
EP17: On-Prem Security vs Cloud Security
Monthly Threat Report – January 2024
We’re kicking off 2024 with our Monthly Threat Report analysis. Every month, our Security Lab looks into M365 security trends and email-based threats and provides commentary on current events in the cybersecurity space.
In this episode, Andy and Eric Siron discuss the Monthly Threat Report for January 2024. Tune in to learn about the top-targeted industries, brand impersonations, the MOVEit supply chain attack, the active attack by the Iranian hacking group “Homeland Justice” on the Albanian government, and much more!
Episode Resources:
Full Monthly Threat Report for January 2024
Annual Cyber Security Report 2024
Monthly Threat Report – December 2023
Our final episode for 2023 is here! To wrap up the year, Andy and Umut Alemdar will be discussing our Monthly Threat Report for December 2023. The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Umut are focusing on data from the month of November.
Tune in to hear about Microsoft’s recent zero-day vulnerabilities, the most common file types used to deliver malicious payloads, M365 brand impersonations and a lot more!
Episode Resources:
EP29: Security Then vs Now: What’s Changed?
As the year comes to a close, the Security Swarm podcast takes a reflective journey, comparing the landscape of security then and now. In this special episode, Andy and Eric Siron explore the intriguing evolution of cybersecurity from the days of floppy disks and DOS to the complex, interconnected world of today.
Tune in to learn about the significant shifts in security incidents, drawing correlations and highlighting differences. From the era of viruses attempting to one-up each other with floppy disks to the present, where data theft and ransomware dominate the landscape.
Timestamps:
(2:56) – What was security like in the early days of IT and how does it compare to now?
(12:18) – Why are threat-actors more persistent now than they used to be?
(23:33) – Security horror stories then vs. now
(44:40) – How has Andy and Eric’s Stances on Security Changed from then vs. now?
Episode Resources:
Central African Republic and El Salvador Adopt Cryptocurrency as Legal Tender
EP28: Differences Between DNS/Route-Based Email Security and Email Security via API
Remember the days of DNS route-based email security? It’s been a steadfast approach, but in recent years, the landscape has shifted towards API-driven solutions, particularly evident in platforms like Microsoft 365 utilizing the Graph API for enhanced security.
In this episode, Umut Alemdar from Hornetsecurity’s Security Lab joins Andy once again to discuss email filtration, particularly the DNS route-based approach versus the emerging API-based method. Tune in as they compare these two methodologies, weighing the pros and cons, discussing caveats, and navigating the intricacies of email security.
Episode Resources: