October 3rd, 2024
Defender Fridays Wrap-Up: September 2024
Nicole Boyd
Supply Chain Issues with OSS Libraries with Carlos Perez of TrustedSec
Carlos Perez, Director of Security Intelligence at TrustedSec, joined Defender Fridays to discuss supply chain issues with open-source libraries. He highlighted the prevalence of malicious packages on platforms like PyPI and npm, emphasizing that many organizations lack proper inventory and checks for these dependencies. Perez stressed the importance of vetting and maintaining open-source packages, sharing examples of how easily malicious code can be introduced through abandoned or compromised libraries. He also discussed the challenges of dependency management, including the vast number of nested dependencies that can be introduced by seemingly simple package installations.
Links:
In the Wild vs. Active Exploitation with Corey Bodzin of GreyNoise
Corey Bodzin, Chief Product Officer at GreyNoise, joined Defender Fridays to discuss the difference between vulnerabilities "in the wild" versus those under active exploitation. Bodzin emphasized the importance of prioritizing vulnerabilities based on real-time threat intelligence, highlighting GreyNoise's ability to provide hourly updates on active exploitation attempts through their global sensor network. He stressed that while traditional vulnerability scoring systems like CVSS are valuable, understanding which vulnerabilities are actively being targeted can help organizations focus their resources. Bodzin also discussed the evolving landscape of edge device vulnerabilities and offered advice for smaller organizations on operationalizing threat intelligence to improve their vulnerability management processes.
Links:
Ransomware as a Business with Ken Westin of LimaCharlie
Ken Westin, Senior Solutions Engineer at LimaCharlie, joined Defender Fridays to discuss ransomware from a business perspective. He highlighted how ransomware groups operate like startups, with specialized roles, affiliates, and an underlying economy of partners providing services like initial access and phishing. Westin emphasized the importance of understanding ransomware as a financial crime and explaining it to business leaders in terms they comprehend, noting that multiple security failures typically occur before ransomware can be successfully deployed. He also discussed evolving tactics like targeting smaller businesses, employing double and triple extortion techniques, and leveraging detailed financial analysis to determine ransom demands.
Links:
Ascension Suffered $1.3 Billion Hit From Cyberattack, Analysis Finds
‘BadUSB’ Poses Threat to Industrial Control Systems, Says Security Researcher
Ransomware gang files SEC complaint over victim’s undisclosed breach
Fred Hutch patients receiving email threats following cyberattack
Book: Never Split the Difference: Negotiating As If Your Life Depended On
The Evolution of the SOC with Jon Bagg of Salem Cyber
Jon Bagg, Founder and CEO of Salem Cyber, joined Defender Fridays to discuss the evolution of Security Operations Centers (SOC). He highlighted EDR as a transformative technology, noting its ability to provide higher fidelity data and analytics. Bagg also examined the impact of automation and SOAR platforms on SOC operations, while expressing some skepticism about the long-term viability of deterministic playbook approaches. The discussion concluded with insights on the rise, fall, and potential hybridization of managed security services, as organizations navigate balancing in-house capabilities and outsourced expertise.
Links: