Symantec Cyber Security Brief Podcast

Follow Symantec Cyber Security Brief Podcast
Share on
Copy link to clipboard

Your weekly dose of cyber security news, hosted by threat researchers from Symantec Security Response

Security Response Team


    • Nov 17, 2022 LATEST EPISODE
    • every other week NEW EPISODES
    • 24m AVG DURATION
    • 122 EPISODES

    4.8 from 30 ratings Listeners of Symantec Cyber Security Brief Podcast that love the show mention: brilliant.



    Search for episodes from Symantec Cyber Security Brief Podcast with a specific topic:

    Latest episodes from Symantec Cyber Security Brief Podcast

    New Billbug campaign, Prestige ransomware, and multiple arrests of alleged cyber-crime gang members

    Play Episode Listen Later Nov 17, 2022 25:38


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the Symantec Threat Hunter Team’s latest blog detailing a recent campaign by the Billbug espionage group, in which it targeted a certificate authority and multiple government agencies in various countries in Asia. We also discuss a new strain of ransomware called Prestige, which is being used in attacks against Ukraine, while we also take a look some recent arrests of suspects that are alleged to have been involved in major cyber crime groups - with one suspect alleged to have been involved in the JabberZeus gang arrested in Switzerland, while an alleged member of the LockBit ransomware group was apprehended in Canada.

    Exbyte exfiltration tool, Cranefly uses new tools and novel technique, and OpenSSL bug is downgraded

    Play Episode Listen Later Nov 3, 2022 20:42


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss two recent Symantec blogs, including one detailing the new Exbyte data exfiltration tool, which is being used by at least one affiliate of the BlackByte ransomware gang. We also discuss our blog about a group called Cranefly, which is using a new dropper and malware, as well as a novel method of reading commands from legitimate IIS logs. We also discuss the OpenSSL vulnerability that caused a lot of headlines over the last week, and the ransomware losses that occurred in 2021.

    Budworm espionage activity, Spyder Loader malware, and Ransom Cartel links to Sodinokibi

    Play Episode Listen Later Oct 20, 2022 18:14


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Kevin Sovey to discuss a blog we recently published about the Budworm espionage group targeting organizations in the U.S. We also discuss another blog we published this week about the Spyder Loader malware being deployed on the machines of government agencies in Hong Kong. We also talk about apparent links between the operators behind Ransom Cartel and the REvil/Sodinokibi ransomware family.

    Witchetty espionage group activity, Microsoft Exchange Server zero days, and U.S. defense sector targeted by APT groups

    Play Episode Listen Later Oct 6, 2022 27:50


    On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.

    Espionage activity targeting Asian governments, Webworm develops customized tools, and latest Noberus TTPs

    Play Episode Listen Later Sep 22, 2022 25:24


    On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss some of the recent blogs that the Symantec Threat Hunter team has published. We discuss a new wave of espionage activity targeting Asian governments by attackers who were formerly associated with the ShadowPad malware but who appear to have now adopted a new toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. We also examine the current activities of a group we call Webworm, which has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. We also discuss a blog we have published about the Noberus (aka BlackCat ) ransomware, and the recent tactics, tools, and procedures we have seen deployed alongside that ransomware recently.

    Mobile app security, Russian invasion of Ukraine cyber impact continues, and Evil Corp switches focus

    Play Episode Listen Later Sep 8, 2022 31:07


    The Cyber Security Brief is back after its summer break! In this episode, Brigid O Gorman and Dick O’Brien cover some of the stories you might have missed while we were off air. Dick discusses a recent Symantec blog that looks at the implications of poor security practices in the mobile software supply chain, and how this can lead to the exposure of an alarming amount of data. Brigid discusses some of the continuing effects of the Russian invasion of Ukraine in the world of cyber security, including some activity by the Shuckworm APT gang aimed at Ukraine, as well as a seemingly increased focus by Chinese espionage actors on Russia since the invasion began. Finally, we also discuss some recent developments by the Evil Corp cyber crime gang, and what these might mean.

    Bumblebee loader analysis, Raccoon Stealer returns, and LockBit launches a new version

    Play Episode Listen Later Jun 30, 2022 23:17


    In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman are joined by Symantec threat researcher Chris Kiefer to discuss our latest blog about the Bumblebee loader. We discuss this new malware’s place on the cyber crime landscape, its capabilities, and how it is being leveraged by ransomware actors. We also discuss the appearance of new versions of both Raccoon Stealer and LockBit, as well as an FBI warning about deepfakes being used in job interviews. The podcast will be taking a short break for the summer and we will be back with new episodes in September.

    BlackCat ransomware, Follina vuln used by Russian actors, and a new version of Metasploit

    Play Episode Listen Later Jun 16, 2022 28:10


    In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how Russian espionage actors are exploiting the Follina vulnerability, the release of the latest version of Metasploit, and a new phishing campaign that’s been underway on Facebook. We also discuss ransomware extensively, including what authorities were able to find when they took down the Netwalker ransomware gang, the increasing activity of the BlackCat ransomware, and some new research into the Hello XD ransomware. We also speculate about the impact turmoil on the cryptocurrency markets may have on the types of payment ransomware actors might demand.

    The Follina Microsoft Office vulnerability, Conti break-up, and more ransomware activity

    Play Episode Listen Later Jun 2, 2022 26:10


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the recently discovered Follina vulnerability in Microsoft Office, as well as some recent ransomware stories. One thing we talk about is the apparent break up of the Conti ransomware gang, with evidence pointing to the group folding itself into other ransomware gangs, including Hive, which carried out a recent attack on the health service in Costa Rica. The Clop and REvil names have also appeared in news reports in recent weeks, but are these ransomware gangs really back? And what are the signs of pre-ransomware activity that organizations need to look out for on their networks because they may indicate a ransomware attack in preparation?

    Chinese cyber-espionage activity, Conti gang threatens Costa Rica government, and U.S. warns about North Korean citizens seeking jobs in IT

    Play Episode Listen Later May 19, 2022 25:45


    In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman discuss the recent in-depth whitepaper the Symantec Threat Hunter team produced about Chinese cyber-espionage activity, which details the most active groups operating out of that country at the moment, as well as the tactics, tools, and procedures they leverage, the custom malware they use, and who their victims tend to be. We also talk about recent warnings from U.S. authorities about North Korean nationals posing as citizens of other countries to gain employment, and threats from the Conti ransomware gang to “overthrow” the government of Costa Rica.

    North Korea’s Stonefly, commodity malware, and the potential return of the REvil ransomware

    Play Episode Listen Later May 5, 2022 31:58


    In the latest Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the recent research published by Symantec’s Threat Hunter Team, including our blog about the activity of North Korean APT group Stonefly, and our latest whitepaper on the topic of Commodity Malware. We also talk about some stories that were in the news over the last week or so, including the possible return of the REvil/Sodinokibi ransomware gang, a new loader called Bumblebee that might be a successor to BazarLoader, and a China-on-Russia intelligence-gathering attack.

    Shuckworm targets Ukraine, Lazarus Dream Job campaign continues, and two dark marketplaces get taken down

    Play Episode Listen Later Apr 21, 2022 27:42


    On this week’s Cyber Security Brief, Brigid O Gorman is joined by Symantec threat researchers John-Paul Power and Alan Neville. In this week’s podcast we discuss some recent research published by Symantec detailing new activity in the Dream Job campaign carried out by the North Korean Lazarus APT group, as well as continuing attacks aimed at Ukraine carried out by the Russia-linked APT group Shuckworm. Also, we talk about a critical vulnerability in the Windows Remote Procedure Call Runtime (RPC) protocol, the shut down of two well-known dark marketplaces, and the emergence of a new marketplace offering stolen data for sale.

    Spring4Shell, Cicada campaign, new Verblecon malware, and Ukraine invasion cyber activity update

    Play Episode Listen Later Apr 7, 2022 23:38


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the research published by Symantec’s Threat Hunter team over the past couple of weeks, including a new Cicada/APT10 espionage campaign targeting government organizations and NGOs in multiple countries worldwide. We discuss the new Verblecon malware, which is being deployed in sophisticated campaigns that appear to have the relatively low-reward goal of cryptocurrency mining as their main objective. We also talk about the Spring4Shell vulnerability that briefly caused a lot of consternation last week, and give an update about the latest information that has emerged about the cyber activity that has been seen targeting organizations in Ukraine.

    What you need to know about hacking group Lapsus$, cyber impacts of Ukraine invasion, and BazarBackdoor deploys new tactics

    Play Episode Listen Later Mar 24, 2022 30:54


    In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien talk about extortion hacking group Lapsus$, which has made headlines in recent weeks by claiming to have compromised numerous high-profile companies including Microsoft, Okta, and Nvidia. We tell you what we know so far about this controversial new actor. We also discuss the impact the Russian invasion of Ukraine has had in the world of cyber security, from Russia potentially running out of data storage facilities due to international cloud providers pulling out of the country, to warnings about attacks on critical infrastructure being issued by authorities in the U.S. and the UK. Finally, the BazarBackdoor malware is seen deploying some new tactics.

    Daxin special: How this advanced malware was discovered

    Play Episode Listen Later Mar 10, 2022 30:14


    In this special edition of the podcast, Dick O’Brien is joined by Symantec threat researchers and analysts Piotr Krysiuk and Vikram Thakur to discuss the Symantec Threat Hunter team’s discovery of Daxin, which is the most advanced piece of malware we have seen from China-linked actors. We published a blog about the discovery of Daxin last week, as well as two in-depth technical blogs with more information on the tool this week. Piotr discusses his work analyzing the malware, and when he realized the significance of this discovery, while Vikram talks about liaising with customers impacted by the malware as well as working with the Cyber Security and Infrastructure Security Agency (CISA) to engage with multiple foreign governments targeted with Daxin to assist with detection and remediation.

    Hive and BlackByte ransomware, the money made by cyber criminals, and BEC scammers’ new tactics

    Play Episode Listen Later Feb 24, 2022 23:33


    In this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss some of the activity we saw in Ukraine prior to the escalation of the last couple of days. We also heavily cover ransomware in this podcast, including discussing a recent FBI alert about the BlackByte ransomware, and a possible decryptor for the Hive ransomware, as well as some research into how long ransomware gangs are remaining active for these days and the amount of money they are making. Finally, we also discuss how BEC scammers are leveraging virtual meeting platforms in their attacks.

    FBI seizes $3.6 billion in cryptocurrency, cyber attacks against Ukraine continue, and financial organizations in Taiwan targeted

    Play Episode Listen Later Feb 10, 2022 19:27


    In this week’s Cyber Security Brief podcast, Dick O’Brien and Alan Neville discuss how Chinese state-backed advanced persistent threat (APT) group Antlion targeted financial institutions in Taiwan in a persistent campaign over the course of at least 18 months. Also up for discussion is the recent arrest of a New York couple and the seizure of $3.6 billion in cryptocurrency allegedly linked to the 2016 Bitfinex hack, as well as continuing attacks carried out by the Russia-linked Shuckworm APT group against targets in Ukraine.

    Ukraine cyber attacks, law enforcement activity, and a Noberus ransomware attack

    Play Episode Listen Later Jan 27, 2022 27:23


    In this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O Gorman discuss the tumultuous situation in Ukraine, where cyber attacks, including destructive cyber attacks, have been aimed at government and private sector organizations. The WhisperGate attacks, as they have been dubbed, have been compared by many to the infamous 2017 NotPetya wiper attacks. Also up for discussion is recent law enforcement activity aimed at cyber criminals in Russia and elsewhere, and some ransomware news, including a Noberus ransomware attack, and the FBI officially linking the Diavol ransomware to the creators of Trickbot and Conti.

    BadUSB attacks, a new backdoor, and how one APT group managed to infect itself with malware

    Play Episode Listen Later Jan 13, 2022 21:58


    Welcome to the first Cyber Security Brief of 2022! In this week’s podcast, Dick O’Brien and Brigid O Gorman chat about some of the biggest news stories of the last couple of weeks. The topics up for discussion in this episode include: FIN7 BadUSB attacks return, an interesting new multi-platform backdoor, and the latest way attackers are attempting to abuse Google Docs. Also, a jump in the number of extortion DDoS attacks, how payments to suspicious cryptocurrency wallets have exploded in recent months, corruption of open source libraries as a form of protest, and how one APT group managed to infect itself with its own malware.

    Log4j vulnerabilities, likely Iran-backed attacks on telecoms companies, and new Rust-based Noberus ransomware

    Play Episode Listen Later Dec 16, 2021 28:17


    On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec Threat Analyst Alan Neville to discuss the vulnerabilities in Apache Log4j that made lots of headlines this week. We also discuss two other blogs that Symantec published this week, including one looking at an attack campaign aimed at telecoms companies in the Middle East and Asia that appears likely to have originated from Iran-based attackers. Meanwhile, we also talk about a blog we published covering details about a new Rust-based malware we have dubbed Noberus (ALPHV/BlackCat). This is our last Cyber Security Brief podcast of 2021, we will be back on January 13.

    Yanluowang ransomware update, possible Conti link to Emotet, and the importance of strong passwords

    Play Episode Listen Later Dec 2, 2021 23:01


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the latest Symantec blog, some updated research about the Yanluowang ransomware gang, with fresh activity appearing to show that this ransomware isn’t a flash-in-the-pan. We also discuss how quickly exposed cloud services are compromised by malicious actors, how off-putting strong passwords are for attackers employing brute-forcing techniques, and apparent attempts by Russian hackers to collaborate with Chinese-speaking actors. Also, the Conti gang’s possible role in the return of Emotet, and North Korean actors continue to target security researchers with fake job offers.

    Attacks on critical infrastructure, ransomware arrests, and the return of Emotet?

    Play Episode Listen Later Nov 18, 2021 22:05


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some recent attack campaigns aimed at critical infrastructure organizations in several countries around the world, the possible return of the Emotet botnet, and some law enforcement activity that has led to the arrest of people involved with both the REvil and Gandcrab ransomware. We also discuss some new techniques being used by the BazarLoader gang, and an FBI system being compromised and used to send out fake information security alerts.

    BlackMatter updates, lots of law enforcement activity, and new SquirrelWaffle malware is one to watch

    Play Episode Listen Later Nov 4, 2021 24:28


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of our recent blogs, including at least one BlackMatter ransomware affiliate using a new data exfiltration tool in attacks, and also the breaking news that the BlackMatter ransomware operation is apparently winding down. We also discuss another recent blog we published about banking Trojan activity in Latin America, while recent law enforcement activity cracking down on ransomware criminals is also up for discussion. Elsewhere, we also talk about SquirrelWaffle, a reasonably new malware that is used as a loader and has been mentioned as a potential successor to the notorious Emotet for the delivery of threats.

    New research about the Yanluowang ransomware and two separate campaigns targeting victims in Asia

    Play Episode Listen Later Oct 21, 2021 20:09


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss several new blogs that the Symantec Threat Hunter Team has published recently. Firstly, we uncovered a new ransomware threat that we dubbed Yanluowang, which appears to be deployed in a targeted fashion and is certainly a new threat as various indications point towards it still being in development. We also published two blogs detailing two separate campaigns targeting organizations in Asia. The Harvester group is a previously unknown, likely nation-state backed group targeting victims in South Asia, while elsewhere a new espionage campaign is targeting the defense, healthcare, and ICT sectors in South East Asia. Meanwhile, we also discuss new activity from a targeted attack group dubbed LightBasin, and the return of the Lyceum group.

    Governments tackle cyber crime, ransomware arrests, and an interesting phishing campaign

    Play Episode Listen Later Oct 7, 2021 20:47


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how the UK and the U.S. are planning to increase their efforts to tackle cyber crime, ransomware being blamed in court for the death of a baby, and the arrests of some ransomware criminals in Ukraine. Also, the Conti ransomware gang makes some threats, evidence of the Pegasus spyware allegedly found on the phones of French cabinet ministers, and an interesting targeted phishing campaign.

    A new ransomware whitepaper and some recent ransomware stories, plus new botnet is carrying out giant DDoS attacks

    Play Episode Listen Later Sep 23, 2021 22:05


    We are back for Season 4 after our summer break, and on this week’s Cyber Security Brief podcast Dick O’Brien and Brigid O Gorman spend a lot of time discussing the subject that also dominated the last season of the podcast - ransomware. We discuss some of the ransomware stories we missed while we were off air, as well as a ransomware whitepaper we recently worked on and made available to our customers. Apart from ransomware, we also discuss Mēris - a huge botnet that emerged over the summer and has aimed massive DDoS attacks at various organizations around the world.

    Ransomware, the rising cost of data breaches, and the U.S. points finger at China for Microsoft Exchange Server attacks

    Play Episode Listen Later Jul 29, 2021 24:04


    On this week’s Cyber Security Brief, we discuss some recent ransomware stories, as well as giving a sneak peek into some research we have been doing into ransomware. We also talk about recent announcements from U.S. authorities that attributed some recent cyber attacks, including the Microsoft Exchange Server campaign, to Chinese actors, and we also discuss the rising cost of data breaches. This is the last podcast of season 3, we will be taking a short break and will return with new episodes in September.

    Kaseya ransomware supply chain attack, new SolarWinds vulnerability, and the rising cost of cyber insurance

    Play Episode Listen Later Jul 15, 2021 31:55


    On this week’s Cyber Security Brief, Gavin O’Gorman joins us to discuss the Kaseya ransomware supply chain attack that occurred over the July 4 holiday weekend in the U.S. The REvil/Sodinokibi ransomware gang were behind this attack, and Gavin and Dick O’Brien discuss whether this is a sign that we now need to be aware of ransomware actors targeting victims through supply chain attacks, which would more traditionally be associated with state-sponsored hackers, as well as some of the other interesting aspects of this attack. Meanwhile, Brigid O Gorman discusses the latest news of a new vulnerability in SolarWinds software being exploited by a Chinese hacking group, energy companies being targeted in a year-long espionage campaign, and the rising cost of cyber insurance.

    Ransomware attackers using virtual machines, over-60s lost $1 billion online in 2020, and the EU launches a new cyber security unit

    Play Episode Listen Later Jul 1, 2021 23:12


    On this week’s Cyber Security Brief podcast, Dick O’Brien fills us in on the latest research we have published on our blog about how a growing number of ransomware attackers are using virtual machines in their attacks. We also discuss a few other ransomware-related stories, including REvil introducing a new Linux version of its ransomware, a Babuk ransomware builder being leaked online, and a couple of stories showing the amount of money that can be involved in ransomware operations. Elsewhere, the FBI recently released a report stating that over-60s lost around $1 billion through online fraud in 2020, the U.S. Secret Service released a cyber crime Most Wanted list, a FIN7 gang member was jailed, and the EU launched a new cyber security unit.

    Ransomware, takedowns, and political promises to tackle cyber crime

    Play Episode Listen Later Jun 17, 2021 26:38


    In this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O Gorman discuss some of the biggest cyber security stories of the last two weeks. Ransomware has once again dominated the news headlines, with news about huge ransom payments and ransom recovery operations being reported. Meanwhile, cyber security comes to the fore in the political sphere following pronouncements from the G7 and NATO summits. Elsewhere, attackers leveraged Slack to attack one of the world’s biggest gaming companies, one of the largest online marketplaces for stolen credentials in the world was taken down by authorities, and how law enforcement used a backdoored chat app to spy on criminals, leading to hundreds of arrests.

    In-depth look at the ransomware attack on Ireland’s national health service, as major meat producer JBS also hit with ransomware

    Play Episode Listen Later Jun 3, 2021 33:57


    On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman are joined by Symantec threat researcher Gavin O’Gorman to discuss the Conti ransomware attack on Ireland’s national health service, how the response to this attack is going, and what the likely consequences of it may be. Elsewhere, another ransomware attack, this time on the world’s largest meat producer, JBS Foods, and Sweden’s Public Health Agency is also hit with some hack attempts. Meanwhile, the alleged leader of an ATM fraud gang responsible for stealing more than $1 billion from tourists, is arrested in Mexico.

    Colonial Pipeline attack, Darkside ransomware gang, and crypto mining makes a comeback

    Play Episode Listen Later May 20, 2021 23:17


    In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman discuss the implications of the Colonial Pipeline ransomware attack and the activities of the group behind it, Darkside. We also talk about what appears to be a reasonably new ransomware - Avaddon - that has been used in a string of attacks recently, while we also discuss an idea Brian Krebs wrote about that could potentially help deter ransomware actors from infecting your network. Away from the world of ransomware we talk about Lemon Duck and something of a resurgence in crypto mining, while we also discuss what CISOs are most worried about in 2021.

    MFA causes headaches for attackers, and a look at living off the land activity

    Play Episode Listen Later May 6, 2021 26:50


    On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss some research we have recently been working on at Symantec. First, we discuss a blog we published this week, which looks at multi-factor authentication and how it has become a headache for malicious actors, leading them to adopt new attack techniques in an attempt to bypass or avoid it completely. We also discuss a report that we shared with customers recently looking at living off the land attack techniques and the activity and trends in that area, as well as some steps you can take to try and protect your network from this kind of activity.

    Pulse Secure VPN zero-day, SolarWinds and Exchange Server developments, and spies approach UK employees on social media

    Play Episode Listen Later Apr 22, 2021 21:56


    On this week’s Cyber Security Brief, Alan Neville joins Brigid O Gorman and Dick O’Brien to discuss the recent discovery of a zero-day vulnerability in popular VPN product Pulse Secure. We also discuss some recent developments in the SolarWinds and Microsoft Exchange Server stories. Finally, we discuss a recent potential data breach at software testing company Codecov, and look at why UK authorities are warning government employees about potential approaches from foreign spies on social media.

    Facebook data leak, cyber attack aimed at EU institutions, and cyber criminals use a call center to spread malware

    Play Episode Listen Later Apr 8, 2021 17:58


    On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the big Facebook data leak that has made headlines around the world this week, as well as a cyber attack aimed at European Union institutions, and a cyber incident impacting Australia’s parliament. We also discuss warnings from authorities in the U.S. about attackers attempting to exploit vulnerabilities in Fortinet FortiOS, while authorities in the UK have issued warnings about an increased risk of ransomware attacks targeting the education sector. Meanwhile, some cyber criminals have started using call centers to distribute malware, with the tactic reportedly proving quite successful for several cyber crime groups.

    Ransomware attackers leverage the Microsoft Exchange Server vulns, WeLeakInfo users hit by data breach, and ransomware payments increase

    Play Episode Listen Later Mar 25, 2021 20:32


    On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss how ransomware attackers are now attempting to leverage the vulnerabilities in Microsoft Exchange Server. We also talk about an interesting interview given by one of the ReEvil ransomware gang to Recorded Future, evidence that ransomware payments increased over the last year, and the users of WeLeakInfo falling victim to their own data breach. Also, we warn U.S. taxpayers to be on the lookout for phishing campaigns at this time of year, and the hacker who made headlines a few weeks ago for hacking security cameras used in Tesla offices and elsewhere is indicted on numerous hacking charges in the U.S.

    All you need to know about the Microsoft Exchange Server attacks, and some SolarWinds developments

    Play Episode Listen Later Mar 11, 2021 21:58


    On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss the biggest cyber security story of the last couple of weeks - the vulnerabilities in Microsoft Exchange Server. Alan gives a comprehensive overview of the vulnerabilities, what’s happened since they became public knowledge last week, and the steps you can take to keep your organization’s network safe. He also talks about some of the post-compromise activity that Symantec has seen. We also chat about some other topics: new research into the SolarWinds hack, and the arrest of an alleged GandCrab ransomware gang member.

    Accellion product vulns, Equation group tool copied by Chinese APT, and software supply chain attacks in France

    Play Episode Listen Later Feb 25, 2021 23:21


    On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman discuss some of the biggest cyber security stories of the last few weeks. Among the stories up for discussion are the bugs in Accellion’s 20-year-old FTA product, which led to multiple companies worldwide reporting breaches related to it. We also talk about the reports saying the Sandworm group has been carrying out a long-running spying campaign against multiple French IT services providers by compromising an open-source IT monitoring tool called Centreon, and a Chinese APT group reportedly cloning an Equation group tool. Some interesting law enforcement activity in recent weeks is also up for discussion.

    Emotet takedown, water plant cyber attack, and a SolarWinds update

    Play Episode Listen Later Feb 11, 2021 22:50


    On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman round up some of the biggest cyber security stories of the last two weeks. We bring you the latest developments in the SolarWinds hack investigation, and chat about the significance of the disruption to the Emotet botnet. We also discuss some other recent takedowns and arrests, as well as some of the biggest ransomware stories of the last couple of weeks. We also talk about the recently reported cyber attack on a water treatment plant in the Florida town of Oldsmar - was this just a one-off incident or do industrial control systems like water plants need to be on high alert?

    Raindrop: How the additional tool was discovered in Solarwinds investigation

    Play Episode Listen Later Jan 28, 2021 25:04


    Old threats and new feature in this week’s Cyber Security Brief podcast. Dick O’Brien and Gavin O’Gorman discuss the latest developments in the Solarwinds hack investigation, including how Symantec investigators found Raindrop, an additional piece of malware used in the SolarWinds attacks against a select number of victims that were of interest to the attackers. We published a blog about Raindrop last week, and Dick and Gavin discuss how this new malware was discovered. Also, romance scams and DDoS attacks make a comeback.

    The latest on the Solarwinds hack, a lot of ransomware activity, and healthcare hit hard by cyber attacks

    Play Episode Listen Later Jan 14, 2021 24:58


    On this week’s Cyber Security Brief, the first of 2021, Dick O’Brien brings us a comprehensive update about some of the developments in the Solarwinds hack story, with a lot having happened since our last podcast. We also discuss some recent ransomware attacks, and how the healthcare sector is having a hard time with cyber attacks at the moment.

    Sunburst: Everything we know about the supply chain attack targeting SolarWinds users

    Play Episode Listen Later Dec 17, 2020 28:13


    In this week’s Cyber Security Brief, the last one of 2020, find out all you need to know about the biggest news story of the week - the Sunburst supply chain attack targeting customers of software company SolarWinds. This is one of the biggest cyber security stories of the year, with thousands of organizations affected. Dick O’Brien and Symantec threat analyst Gavin O’Gorman give a comprehensive rundown of everything we know about this attack so far. Also, Twitter is handed a big fine by the Irish data regulator, and bug reports jump in 2020.

    Cyber predictions for 2021, botnets turn to ransomware, and the Gootkit infostealer reemerges

    Play Episode Listen Later Dec 3, 2020 24:09


    On this week’s Cyber Security Brief podcast, we discuss what card skimmers are up to during the busiest shopping time of the year, while also bringing some good news about how EU authorities prevented almost $50 million in card fraud this year. Also on the agenda, are botnets abandoning banking Trojans in favour of ransomware? It looks like they might be. We also take a look at some COVID-19 related cyber security stories that are making the headlines, as well as the reemergence of the Gootkit infostealer. Also, Dick O’Brien brings us his predictions for what to expect on the cyber security landscape in 2021 - including predictions around ransomware, the impact of work from home, and increased cooperation between cyber crime gangs.

    New research about attacks on Japan-linked companies, and APT groups target COVID-19 vaccine makers

    Play Episode Listen Later Nov 19, 2020 19:34


    In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. There are multiple stories about APT groups to cover this week, including our own Threat Intel blog detailing a wide-ranging attack campaign that targeted Japan-linked companies in multiple sectors in 17 regions worldwide. We also discuss other public reports about a Chinese APT targeting governments in South East Asia, and nation-state backed attacks from Russia and North Korea targeting COVID-19 vaccine makers and researchers. We also discuss a separate campaign in which Lazarus is targeting victims in South Korea, and examine some developments in the world of ransomware.

    Maze 'retires' while Ryuk ramps up activity, U.S. election, and the UK ICO hands down a historically large fine

    Play Episode Listen Later Nov 5, 2020 19:01


    In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. Of course, this week’s U.S. Presidential Election gets a mention, while we also discuss the recently announced ‘retirement’ of the Maze ransomware gang, as well as a threat alert issued last week by authorities in the U.S. about Trickbot and the Ryuk ransomware. Elsewhere, a Russian man was jailed this week for his involvement with a financial botnet, and the UK’s Information Commissioner’s Office handed down a US$23.8 million fine to the Marriott Hotels group.

    Trickbot disruption, newly released Seedworm research, and some noteworthy indictments

    Play Episode Listen Later Oct 22, 2020 27:47


    On this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman are joined by Symantec threat researchers Vikram Thakur and Alan Neville. Vikram discusses Symantec’s role in the cross-industry initiative to disrupt the Trickbot botnet. Symantec was part of a global partnership that secured a court order directing hosting providers to take down Trickbot’s infrastructure. Trickbot had spread prolifically across the internet for years and became one of the most commonly blocked types of malware, suggesting it was one of the world’s largest botnets. Alan is on the podcast to discuss some newly-published Symantec research into Seedworm, as the Iran-linked group continues to target organizations in the Middle East, while we also chat about some of the indictments that have recently been announced against various nation-state backed actors around the world.

    Round up: Financial sector threats, North Korean actors, WastedLocker and more

    Play Episode Listen Later Oct 8, 2020 20:19


    We are back! Welcome to Season 3 of the Cyber Security Brief podcast, recording now from home. We will be with you every fortnight going forward and we are delighted to be back to tell you all about what is happening in the world of cyber security. In this episode, Dick O’Brien and Brigid O’Gorman discuss some of the projects they have been working on while the podcast was off air - threats against the financial sector, North Korean threat actors’ activity, the WastedLocker ransomware, and an attack linked to the Palmerworm APT group are all covered.

    Round-up: A whole host of vulnerabilities, and the hackers hacking other hackers

    Play Episode Listen Later Mar 12, 2020 23:10


    In this week's Cyber Security Brief podcast, Brigid O'Gorman and Dick O'Brien discuss some of the biggest infosec news stories of the last week, including, new vulnerabilities in Intel chips, and the Microsoft SMB protocol, as well as the Rowhammer vulnerability being back in the headlines. As well as this, there is an intricate phishing scam targeting Russian speakers that uses a chatbot to help you hand over your information, a mysterious Vietnam-based group is releasing Trojanized hacking tools to try and hack other hackers, the chief suspect thought to be behind the Deer[.]io online marketplace is arrested, and BEC scammers make the headlines once again.

    Round-up: Ransomware criminals continue to innovate, and BEC scammers hit a high-profile victim

    Play Episode Listen Later Mar 5, 2020 21:40


    On this week’s Cyber Security Brief, we bring you a round-up of some of the biggest cyber security stories of the last 7 days. Among the topics up for discussion are the latest innovations of ransomware criminals, a data breach at a controversial facial recognition company, and an investigation by Brian Krebs into a series of cyber attacks on companies in France that led to an interesting conclusion. Also this week, a survey reveals that many government employees feel ill-prepared to cope with a cyber attack, and a judge on Shark Tank falls victim to BEC scammers.

    Special Edition: The RSA Conference 2020

    Play Episode Listen Later Feb 27, 2020 26:19


    Candid Wueest and Dick O’Brien join the Cyber Security Brief from the RSA Conference in San Francisco this week. Both Candid and Dick were presenting at RSA this week – Dick on the topic of targeted ransomware, and Candid on the subject of formjacking. They fill us in on how their presentations went, the other interesting sessions they attended, what the big themes of the conference are this year, and their overall impressions of RSAC 2020.

    Focus On: Pegasus spyware

    Play Episode Listen Later Feb 20, 2020 13:19


    This week’s Cyber Security Brief is part of our regular Attack Group of the Month series, though this time around it’s more like Tool of the Month, as we take a closer look at Pegasus. Pegasus is a mobile spyware that is owned and sold by Israeli company the NSO Group, which says it is a legitimate tool that it sells exclusively to law enforcement and government agencies. However, there have been many cases where Pegasus appears to have been misused and has been found on the phones of journalists, activists and government critics in some countries. Symantec engineer Alexey Kleymenov has examined Pegasus extensively, and joins Dick O’Brien to discuss the malware and its technical abilities and sophistication.

    Claim Symantec Cyber Security Brief Podcast

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel