Threat Talks - Your Gateway to Cybersecurity Insights

From ships and cities to hospitals and airports, Operational Technology (OT) keeps the world running. The problem? It was never designed with cybersecurity in mind. In this episode of Threat Talks, host Karin Muller is joined by TC Hoot (VP of Contracts at TAC) and Luca Cipriano (Threat Intel Specialist at ON2IT) to explore how airports, hospitals, ports, and even water systems can be compromised.  Key topics they tackle:

Zero Trust is about more than just IP addresses and firewalls: it's about understanding what truly matters to your business. In step one of Zero Trust: define your protect surface, we focus on how to prioritize what you want to protect, how to avoid common pitfalls, and how to kick off your Zero Trust journey from a solid, business-aligned foundation.In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas get down to the basics of step one of Zero Trust: defining the protect surface. They explore:✅ Methods for defining protect surfaces ⛨ Establishing the relevance of each protect surface

Zero Trust is everywhere – but what does this actually mean? Is it a cybersecurity strategy, a set of tactics, a product you can buy, or just clever marketing? In this kickoff episode of this Zero Trust series, Lieuwe Jan Koning and Rob Maas explore what Zero Trust actually is, how to think about it strategically, and why it's not just about identity or buying new tools.They discuss: ✅ Why Zero Trust isn't a product, and what it actually is

What happens when a cyber threat actor doesn't want to make headlines? Volt Typhoon, a state-sponsored group tied to the People's Republic of China, has been quietly infiltrating Western critical infrastructure, staying under the radar by avoiding malware, using native tools, and taking things slow.  In this episode of Threat Talks, Lieuwe Jan Koning is joined by Rob Maas and Luca Cipriano to break down how these attackers operate and what their endgame might be. 

Dark Markets are making cybercrime more accessible than ever. Malware, remote access tools, phishing kits, credit cards information: all of it is readily available, and oftentimes available as a service, if you just know where to look. Subscribing to these illicit services is now as easy as signing up for Disney+.  In this Deep Dive, host Rob Maas and special guest, cybersecurity researcher Michele Campobasso, discuss dark markets, and the rise of cybercrime-as-a-service. Key questions answered in this Deep Dive:

The Dark Web Economy: Hacks for $10?Would you pay $10 for access to a corporate system? Because someone on the dark web already has. In this episode of Threat Talks, host Lieuwe Jan Koning talks to cybersecurity researcher Michele Campobasso about the business of cybercrime. From ransomware services to stolen credentials, the dark web is thriving. 

⏳ What happens when time goeswrong? Time synchronizationis an overlooked but essential part of cybersecurity. A few microseconds ofdrift can lead to failed transactions, inaccurate forensic logs, or evensecurity breaches. In this episode of ThreatTalks, host Rob Maas (Field CTO, ON2IT) and guest Jan van Boesschoten(Innovation Manager, AMS-IX) discuss: ·      How does time impact cybersecurity, and whathappens when it drifts?·      Why is NTP no longer sufficient for high-speeddigital transactions?·      How does Precision Time Protocol (PTP) providemicrosecond accuracy (and why does that matter)?·      Could time manipulation be an attack vector,and how do organizations mitigate this risk? From financialtransactions to forensic log analysis, knowing exactly when an eventoccurs can make or break an organization's security posture.

Many organizations hesitate to implement SSL decryption due to concerns over complexity, privacy, and performance. However, the reality is that failing to decrypt means failing to see threats.In this Deep Dive, host Lieuwe Jan Koning and Rob Maas (Field CTO at ON2IT) explore why decrypting SSL traffic is critical for cybersecurity. Why is SSL decryption necessary, and what are the risks of ignoring encrypted traffic?How do modern malware and attacks leverage encryption to bypass traditional security measures?What are the top three things organizations must do to implement SSL decryption effectively?Why do only 3.5% of organizations have an active SSL decryption policy, and how can this change?Rob Maas explains how decrypting SSL traffic allows security teams to detect and stop threats at an early stage, preventing malware downloads, phishing attempts, and web-based attacks before they reach endpoints.

Cybersecurity shouldn't always be about playing defense – it can also be about disrupting attackers before they succeed. In this Deep Dive, host Lieuwe Jan Koning and cybersecurity expert Rick Howard break down the Intrusion Kill Chain and the strategic shift it introduced in the world of cybersecurity.  How does the Intrusion Kill Chain flip the script on cyberattacks?The 250 active adversary campaigns that security teams must trackHow MITRE ATT&CK and the Diamond Model strengthen modern defense strategiesWhy global governments and intelligence agencies aren't doing more to share cyber threat intelligence Despite decades of talk about intelligence sharing, most information is still exchanged manually, often via spreadsheets. As Howard points out, a true global threat-sharing framework could give defenders the upper hand. Don't miss this deep dive into adversary strategies and what they mean for the future of cybersecurity.

I think, therefore I am, is René Descartes'first principle. But how does that relate to cybersecurity?  In this episode of Threat Talks, hostLieuwe Jan Koning is joined by Rick Howard – former Commander of the US Army'sComputer Emergency Response Team and former CSO of Palo Alto Networks – todiscuss the first principle of cybersecurity.  ❓What's the difference between cybersecurity strategy and tactics?❓How come some random geezers are better at cybersecurity forecastingthan industry pros?❓Is resilience the ultimate cybersecurity strategy?❓Why does Rick Howard think Zero Trust is a passive strategy?   And for the book lovers amongst us – over500 cybersecurity books are published each year. Wanna know which are worthyour time?  Rick Howard's Cybersecurity Canon has gotyou covered: https://icdt.osu.edu/about-cybersecurity-canon

Quantum computing promises unprecedented computational power, but it also threatens the encryption standards we trust today.In this episode of Threat Talks, Jeroen Scheerder from ON2IT delves into post-quantum cryptography and answers key questions:What is Quantum Computing?Why does it challenge RSA and other encryption standards?What is Q-Day, and when will it happen?How can companies prepare for the post-quantum era?

Ever wondered what it's like to see cybersecurity through a hacker's eyes? In this episode of Threat Talks, Lieuwe Jan Koning talks with Tom van der Wiele, ethical hacker and founder of Hacker Minded, about how cybercriminals operate and how businesses can defend themselves.

Salt Typhoon: Inside the Coordinated Breach of Nine Telecom Providers A sweeping cyberattack, known as Salt Typhoon, has exposed the vulnerabilities of nine major telcos, leaving sensitive communications and surveillance data in the hands of attackers. How did this happen, and what lessons can we learn? In this Threat Talks Deep Dive, host Lieuwe Jan Koning teams up with ON2IT's Rob Maas (Field CTO) and Jeroen Scheerder (Security Researcher) to dissect every aspect of this high-profile breach.

ONCD: The Cyber Catalyst with Davis Hake How can governments lead the charge in global cybersecurity efforts? In this compelling episode of Threat Talks, host Lieuwe Jan Koning sits down with returning guest Davis Hake, cybersecurity expert and advisor, to explore the critical role governments play in the cyber landscape.

The State of Cybersecurity in the European Union Cyber threats know no borders, and in the European Union, harmonizing cybersecurity efforts across 27 member states is no small feat. In this episode of Threat Talks, host Lieuwe Jan Koning speaks with Hans de Vries, Chief Cybersecurity and Operational Officer at ENISA, about the critical work being done to secure Europe's digital future.

2025: The Year of AI and Cybersecurity Evolution Kick off 2025 with the latest insights from Threat Talks! In this episode, host Lieuwe Jan Koning sits down with Peter van Burgel, CEO of AMS-IX, to discuss how AI and cybersecurity are reshaping the landscape this year.

Imagine the names, job functions, email addresses and phone numbers of police officers, DAs, and even critical key witnesses being hacked and leaked to the public. This isn't the opening to some spy novel – it's what actually happened when the Dutch Law Enforcement suffered a serious data breach in September of this year. Initially reported as a breach ‘only' involving personal data of 65.000 law enforcement employees, it later became clear that much more data was leaked - and not just data from law enforcement personnel. In this Deep Dive, host Lieuwe Jan Koning, Security Expert Jeroen Scheerder and Field CTO Rob Maas take an in-depth look at how this breach unfolded, the poor security track record of the software that was used and what the Dutch Law Enforcement could've done better when it comes to handling the publicity of a data breach.

"Hello! I'm a Printer! Please Let Me In!" “Hello! I'm a printer! Please let me enter, thank you!” – It may sound absurd, but this is how attackers can trick your Linux systems through the cups-browsed service..   In this latest Threat Talk, Lieuwe-Jan Koning reveals, with ON2IT's Rob Maas and Luca Cipriano how a seemingly harmless printer can turn into a hacker's gateway to your network.   With open ports and weak default configurations, your Linux environment could be more exposed than you think.  

⏰ How much time would you spend on executing the perfect hack? ⏰   The user going by the name of ‘JIAT75' spent almost three years infiltrating and contributing to a GitHub repo for one singular reason – access to release manager rights for the next XZ Utils update. In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Thomas Manolis, Information Security Officer at AMS-IX, and Jeroen Scheerder, Security Specialist at ON2IT, to discuss this meticulously executed breach in the open-source community.   Using clever social engineering tactics, Jia Tan (JIAT75) built a credible reputation within said community, gaining trust and access to introduce malicious code undetected. The breach was only discovered by chance when Andres Freund, an engineer at Microsoft, traced unusual system latency back to XZ Utils and uncovered the backdoor.   What exactly happened? How lucky did we get with Freund discovering the backdoor? And how do we know that something like this hasn't happened before?

☠️ CrowdStrike: 8.5 million blue screens of death ☠️ Did you know that last July's CrowdStrike outage led to closed airports, inaccessible bank accounts and hospitals that were only delivering emergency care that did not require any computers?   In this Threat Talk, Lieuwe Jan Koning is joined by Rob Maas and Jeroen Scheerder as they discuss the CrowdStrike outage and, more importantly, what could have been done to prevent such an impactful event from happening in the first place.   What exactly are the inherent risks of automatic updates? And can they be set up in such a way that what happened with CrowdStrike won't happen again?

Imagine creating millions in cryptocurrency…without spending a cent.

AIS (Advanced Identification System) is a key tool in maritime navigation. It helps ships transmit their location and data to other vessels and satellites, preventing collisions and supporting rescue operations.

Compliance doesn't always mean security. In this episode of Threat Talks, we dive deep into the critical operational gap between being compliant and being secure. Host Lieuwe Jan Koning, along with ON2IT's CISO Tim Timmermans and Pieter de Lange, CISO at Transdev, discuss how organizations can bridge this gap to not just tick boxes but to truly protect themselves from cyber threats. Learn the essential strategies that go beyond compliance and ensure robust security measures. Don't miss this insightful discussion that could redefine your approach to cybersecurity! #compliancemanagement #cybersecurityexperts #threattalks ===

Ethan Hunt is known for doing the impossible.

How do James Bond's spy skills compare to modern cyber espionage? The Nexus Barracuda Hack was performed by highly skilled, Chinese cyber attackers, who exploited a zero-day vulnerability in Barracuda's Email Security Gateway (ESG).

Explore the hidden world of cyber warfare and advanced persistent threats (APTs) in this episode of Threat Talks. Join cybersecurity experts Lieuwe Jan Koning, Luca Cipriano and special guest Martijn Peijer as they discuss real-life cyber espionage cases and the latest cybersecurity strategies. Show notes Summary of I-S00N leaks | Github Anxun and Chinese APT Activity | VX-underground Github summary | VX-underground Find all episodes and request your own Threat Talks T-shirt on https://threat-talks.com.

Explore the rising threat of DDoS attacks on European elections in this special episode of Threat Talks. Join Lieuwe Jan Koning and cybersecurity experts Octavia de Weerdt and Frank Dupker as they discuss the motivations behind these attacks, the role of the Anti-DDoS Coalition, and strategies to safeguard our digital democracy. Find all our episodes and request your own Threat Talks T-shirt on https://threat-talks.com/.

Join Lieuwe Jan Koning on this special Threat Talks as he explores the evolving landscape of DDoS attacks with Junior Corazza and Miguel Regalado Querol. Discover if these cyber threats are truly diminishing or if we're just getting better at defending against them. Tune in to understand the current state of DDoS mitigations and the importance of cybersecurity collaboration. Find all our episodes and request your own Threat Talks T-shirt on https://threat-talks.com/

Have you ever wondered how a simple game app could lead to your bank account being emptied? In this deep dive of Threat Talks, Lieuwe Jan Koning dives into the sinister world of Vultur Android malware. Joined by experts Rob Maas and Luca Cipriano, they unravel the mechanics of this malicious threat and discuss practical steps to safeguard your devices. Tune in to learn how to protect yourself from these covert cyber threats and stay one step ahead of hackers.

Let's uncover how cybercriminals almost stole a billion dollars through sophisticated spear phishing and malware tactics. Dive into the Bangladesh Bank SWIFT attack with Lieuwe Jan Koning, Rob Maas and Luca Cipriano. Learn about the vulnerabilities they exploited, the steps of the attack, and the cybersecurity measures that could have thwarted it. Enhance your understanding with our downloadable infographic, available alongside the podcast. Tune in now to stay ahead of cyber threats and protect your digital assets! Want to know more about breaking the bank? Then our main episode will be very interesting for you. Listen to it here, pay close attention, and win a T-shirt by providing the code for the treasure hunt!

Cybersecurity expert Jayson E. Street shares insights on how he legally "robs" banks to expose vulnerabilities. By exploiting human vulnerabilities rather than advanced technology, Jayson demonstrates how simple tools and social engineering can bypass even the most secure systems. Jayson, along with host Lieuwe Jan Koning and Threat Intel Specialist Luca Cipriano, discusses real-life incidents like the SWIFT Gateway vulnerability, the Vulture Android banking malware, and the Binance crypto hack. Heard the code of the Treasure Hunt? Fill it in and get your Threat Talks T-shirt here: https://threat-talks.com/breaking-the-bank/

This episode of Threat Talks delves into the world of DDoS attacks with special guests Remco Poortinga from SURF and Martijn Peijer from the Dutch Tax Office. Discover how easy it is to launch these attacks and learn about the strategies to counter them. We'll explore different types of DDoS attacks, the importance of collaboration, and how regular exercises can strengthen defenses. Plus, don't miss our special treasure hunt for a chance to win a T-shirt! Tune in for insightful discussions on cybersecurity and the ever-evolving threats in the digital landscape. Get your Threat Talks T-shirt here: https://threat-talks.com/threat-talks-on-tour-cyber-guardians-anti-ddos-coalition

Discover how Zero Trust can effectively protect against cyber threats and hear firsthand experiences from industry leaders! Lieuwe Jan Koning and cybersecurity expert John Kindervag dive into the concept of Zero Trust at the RSA Conference in San Francisco. They discuss the prevalence and importance of Zero Trust in the cybersecurity landscape, sharing insights from the conference and Kindervag's extensive experience. Learn about the fundamentals of Zero Trust, its evolution since 2010, and why it remains a critical strategy in combating modern cyber threats. Whether you're an IT professional, cybersecurity enthusiast, or just curious about the latest in cyber defense, this episode offers actionable insights and expert perspectives on a vital security strategy.

Join host Lieuwe Jan Koning as he interviews John Kindervag, creator of Zero Trust, at the RSA conference. Explore the origins, principles, and impact of Zero Trust on modern cybersecurity. Download the NSTAC report discussed in the episode here. Get your Threat Talks T-shirt on https://threat-talks.com/!

CVE-2024-1709 is a critical vulnerability in ScreenConnect that has been exploited in multiple healthcare-related breaches, highlighting significant security risks. Explore the Change Healthcare attack caused by compromised Citrix credentials and learn about critical cybersecurity measures like network segmentation and EDR tools. Explore the infographic for an in-depth look at the ScreenConnect vulnerability: https://threat-talks.com/deep-dive-screenconnect/

How did Ireland's largest healthcare network, HSE, fall victim to a crippling ransomware attack? What security flaws were exploited, and how can you prevent similar threats? Join us in this Deep Dive of Threat Talks as we uncover the details of the attack, the tactics used by cybercriminals, and essential strategies to protect your organization. Can your defenses withstand a ransomware attack? Tune in to find out! Download the infographic here: https://threat-talks.com/deep-dive-hse-ransomware/

Discover the vulnerabilities of the DICOM protocol in healthcare and the significant risks it poses, including data breaches and manipulation. This deep dive covers practical solutions for protecting sensitive patient information and enhancing cybersecurity measures in medical systems. Join host Lieuwe Jan Koning with guests Jan van Boesschoten and Sina Yazdanmehr as they explore these critical issues and provide actionable advice for healthcare providers. Download the infographic here: https://threat-talks.com/deep-dive-dicom/