This episode covers three critical cybersecurity developments affecting healthcare organizations. First, FBI warnings about Scattered Spider ransomware group targeting employees through Slack and Microsoft Teams, including their alarming tactic of creating fake identities to join incident response calls and monitor remediation efforts. Second, leaked chat logs from the Conti ransomware group reveal these criminal organizations operate like structured tech startups with HR policies, management layers, and performance reviews - highlighting the sophisticated nature of modern cyber threats. Finally, CrowdStrike intelligence reveals over 900 North Korean operatives have quietly embedded themselves in US companies using deepfakes and fake identities, wiring paychecks back to the regime. The episode also mentions CISA's new free Thorium tool for malware analysis and forensic investigations.
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Hey everyone. I'm direct sand. This is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 Project. Cybersecurity and risk community here at this week, health Sign up at this week, health.com/subscribe, and you'll get all the latest healthcare insights, including of course, our security and risk updates.
Great to see everyone today. Here's some stuff you might wanna know about. FBI and others are warning that Scattered spider. Yeah, that ransomware, ransomware group I talk about regularly here, that Scattered Spider is targeting employees through Slack and Microsoft Teams. Now when you read the article, there's a bunch of interesting info, but the one point I kind of got stuck on, I wanted to make sure that I passed along.
I've heard this before, but I've never actually experienced it myself. Once you're in the middle of a cyber incident. Organizations often take to slacker teams or conference calls to help manage that incident, but in this case, scattered spider. Creates new identities in those apps so they can participate in those calls.
They're quietly listening to your remediation activities so they can figure out how to sidestep your actions. So if you've trained your staff on email phishing, and of course you have, now's the time, maybe you have to extend that awareness to your internal chat platforms and you need a process to make sure that you know and roll.
Call everyone on any remediation call. And when that happens, you got a much better chance of avoiding having a bad guy lurking in the back of the virtual room, listening to your every move, and make sure that you also integrate that same behavior into your training. Here's another creepy look behind the curtain.
New reporting out of Australia walks through leak chat logs from the Conti Ransomware group, and honestly, it kind of feels like a really bad office episode. I've talked about this before, how cyberg gangs operate a lot like regular commercial companies. They have HR policies and management layers and performance reviews, and even things like drama around who gets the best equipment.
They're not hoodie wearing loaners. They're structured, well paid and running ops like a modern day tech startup. If that tech startup was in the business of stealing your money and info and breaking care for patients and families, healthcare organizations haven't been up against disorganized criminals for the most part.
For a while, a while back, I had a post where I had to eat crow on that statement, so I'll just adjust it and say for the most part, but in most every case today, you're up against global operations that are structured a lot like your own. Just with worst ethics and better funding, CISA just released a tool called Thorium.
It's built for malware analysis and forensic investigations. It's free and open source, and based on years of internal work at DHS, the platform helps defenders, isolate, analyze, and track malware in memory. The intention is to make deep dive investigations more accessible to smaller security teams. And this is not a recommendation.
I've not used it, but I'd say it's worth a look. And if you've checked out Storium, I'd love to hear from you. I'm drex at this week, health.com, and the final story. Today, according to new intel from CrowdStrike, north Korean operatives have quietly embedded themselves in hundreds of US companies, including healthcare.
If they're being hired remotely, sometimes using deep fakes and fake IDs, and then they're wiring their paychecks back to the regime. CrowdStrike estimates that over 900 active operatives are currently working under assumed identities in US organizations, and based on some of the reporting that I've read and that I've done since May, I wonder if that number's even higher.
More on all those stories and a lot of other healthcare innovation, tech and security news at this week, health.com/news, and you can find all our security podcasts, including all the ones you might've missed at this week. health.com/unh hack. That's it for today's two minute drill. Thanks for being here.
Stay a little paranoid. I'll see you around campus.
© Copyright 2024 Health Lyrics All rights reserved
