Cybercriminals shift tactics from disruption to data leaks. [CyberWire-X]

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 17 July 2022

⏱️ 29 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

On this episode of CyberWire-X, we examine double extortion ransomware. The large-scale cyber events of yesterday – Stuxnet, the Ukraine Power Grid Attack – were primarily focused on disruption. Cybercriminals soon shifted to ransomware with disruption still the key focus – and then took things to the next level with Double Extortion Ransomware. When ransomware first started to take off as the attack method of choice around 2015, the hacker playbook was focused on encrypting data, requesting payment and then handing over the encryption keys. Their methods escalated with Double Extortion, stealing data as well as encrypting it - and threatening to leak data if they don’t receive payment. We’ve seen with ransomware groups like Maze that they will follow through with publishing private information if not paid. In the first part of the show, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, talks with Wayne Moore, Simply Business' CISO and CyberWire Hash Table member, and, in the second half of the show, the CyberWire's podcast host Dave Bittner talks with Nathan Hunstad, episode sponsor Code42’s Deputy CISO. They discuss how classic ransomware protection such as offsite backups are no longer enough. They explain that Double Extortion means that you need to understand what data has been stolen and weigh the cost of paying with the cost of your data going public. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire X, a series of specials where we highlight important security topics
0:25.2	affecting security professionals worldwide.
0:28.0	I'm Rick Howard, the chief security officer, chief analyst and senior fellow at the
0:31.9	CyberWire,
0:32.8	in today's episode we are talking about
0:35.0	double extortion ransomware.
0:37.0	A program note, each CyberWireX special features two segments.
0:41.0	In the first part, we'll hear from an industry expert on the topic
0:44.0	at hand and in the second part we'll hear from our show's sponsor for their point of
0:47.8	view. And since I brought it up here's a word from today's sponsor Code 42.
0:53.0	Did you know that there's a one in three chance
0:57.0	did you know that there's a one in three chance that your company will lose intellectual property or IP when an employee quits?
1:08.0	Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak, and theft.
1:15.9	The annual Data Exposure Report of 2022 from Code 42 revealed three key trends that are
1:21.8	accelerating insider risk.
1:23.6	First, the continued adoption of cloud technologies
1:26.6	and a lack of visibility into them.
1:28.8	Second, the impact of the great resignation
1:31.6	and departing employees theft of IP and sensitive data, and third, the challenges of the new hybrid remote workforce and uncertainty over how to address it.
1:41.0	As insider risk grows, Code 42's insider risk
1:44.5	management approach helps protect data without slowing down the
1:48.0	business. Learn more at Code42.com
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.