In this episode, Jim Love discusses significant cybersecurity events including Coinbase's refusal to pay a $20 million ransom after a data breach, Broadcom's patch for VMware tools vulnerabilities, and Telegram's shutdown of two illegal marketplaces handling $35 billion in transactions. The episode also covers the Co-op’s preemptive measures to thwart a ransomware attack and the broader implications for cybersecurity in retail. Experts urge organizations to be prepared with strategic playbooks for potential cyber-attacks.
00:00 Introduction and Headlines
00:26 Telegram's $35 Billion Black Market Shutdown
01:59 Broadcom Patches VMware Tools Vulnerability
03:20 Coinbase Ransom Refusal and Data Breach
04:57 Co-op's Ransomware Defense Strategy
07:36 Conclusion and Upcoming Episodes
Episode Transcript
Coinbase refuses to pay a $20million ransom after hacker's bribe.
Support contractors.
Broadcom patches, VMware tools,vulnerabilities, allowing file tampering
in virtual machines, and Telegram shutsdown a $35 billion black market operation.
After a blockchain firm raisesthe alarm this is Cybersecurity
(00:23):
today, and I'm your host, Jim Love.
In what has been called the largesttakedown of its kind Telegram
shut down two massive illegalmarketplaces that handled more
than $35 billion in transactions
After investigators at blockchain firm,elliptic uncovered their operations,
Elliptic provides blockchain analyticsolutions for financial crime compliance,
(00:46):
anti-money laundering, and regulatoryrequirements in the cryptocurrency sector.
The platforms, Haowang Guarantee andXinbi Guarantee acted as escrow services
for illegal goods and services, includingscams, frauds, and even human trafficking.
The majority of the payments weremade using Tether and possibly
other stable coin cryptocurrencies.
(01:07):
Haowang linked to a Cambodiancompany called Haowang Group.
Handled over $27 billion andXinbi incorporated in Colorado.
Processed $8.4 billion Both operatedopenly on Telegram until elliptic
published its findings and mediareports published in Wired triggered
a crackdown following the report.
(01:28):
Telegram banned thousands of accounts.
US financial regulatorsthen stepped in as well.
Fin send the Treasury Department'sfinancial crimes unit labeled
Haowang a major money launderingconcern, effectively cutting it off
from much of the financial system.
The take down is a win for cyber crimeinvestigators, but experts warn the
(01:48):
groups behind these marketplaces mayresurface elsewhere as criminal shift to
encrypted and decentralized platforms.
Enforcement remains a challenge.
Broadcom has released a security patch fora newly discovered vulnerability in VMware
tools identified as CVE 20 25 22 2 4 7.
(02:10):
This flaw allows users with limited accessto a virtual machine to manipulate local
files, potentially compromising the VMs.
Integrity.
The vulnerability affects VMwaretools, versions 11 and 12 on
Windows and Linux platforms.
It also impacts theopen source counterpart.
Open VM Tools commonlyused in Linux environments.
(02:32):
Mac OS versions remain unaffected.
Broadcom has addressedthe issue in VMware tools.
Version 12.5 0.2
For Linux users, patches will bedistributed through respective vendors
with version numbers varying accordingly.
There are no available workarounds makingthe update essential for affected systems.
(02:54):
The vulnerability was privatelyreported by Sergey Bliznyuk of
Positive Technologies and has notbeen observed in active exploitation.
However, given the potentialrisks in multi-user environments,
timely patching would be critical.
organizations utilizing VMwaretools on Windows or Linux should
promptly update 12.5 0.2 tomitigate potential security risks.
(03:20):
. Hackers stole customer data from Coinbase,the largest crypto exchange in the us.
They did this by bribing overseas supportcontractors and then using that rogue
group, the hackers demanded $20 million inransom, which Coinbase refused to pay and
is now turning the tables and offering a$20 million reward for help catching them.
(03:42):
According to information releasedby Coinbase, the attackers got
access to the personal informationof less than 1% of Coinbase users.
Stolen data included names,addresses, government id,
images, masked, bank details, andpartial social security numbers.
According to the reports, no passwords,private keys or crypto funds were taken.
(04:03):
The hackers used the stoleninfo to impersonate Coinbase
support and tried to trick usersinto handing over their crypto.
Months later, Coinbase discovered theunauthorized access months earlier.
They fired the contractors involvedand notified the affected customers.
The breach highlights the risks tiedto outsourcing customer service.
(04:25):
Coinbase says it is cooperating withlaw enforcement and has added stronger
processes to screen contractors andimplemented scam alerts to its platform.
Coinbase public rejection of theransom and decision to fight back
with a $20 million bounty Sendsa clear message to Extortionists.
One report said that this had costthe company over $400 million, but the
(04:48):
company says it's focused on long-termsecurity and not short-term payoffs.
The cooperative group, the co-opin the UK successfully thwarted a
significant ransomware attack byproactively disconnecting its systems
upon detecting suspicious activity,and thereby preventing further damage
(05:11):
According to BBC News hackersassociated with a cyber crime group,
Dragon Force claimed responsibilityfor the attempted attack.
They intended to deploy ransomwareto encrypt co-op systems, but were
impeded when Co-op's IT team took theinitiative to shut down their computer
services disrupting the attack.
In progress, The attackers expressedfrustration over Co-op Swift
(05:34):
action stating Co-op's networksnever ever suffered ransomware.
They yanked their own plug,tanking, sales burning logistics
and torching shareholder value.
Cybersecurity experts, includingJen Ellis from the Ransomware Task
Force commended Co-op's decision.
Ellis noted that opting for theimmediate self-imposed disruption
(05:54):
was a strategic move to avoid moresevere criminal imposed consequences.
The same group of hackers also claimedresponsibility for a cyber attack on
Marks and Spencer over the Easter weekend.
unlike co-op Marks, and Spencerdid not detect the breach promptly
resulting in prolonged disruptions,including suspended online orders
(06:15):
and compromised customer data.
so did Co-op do the right thing?
Is this the right strategy for others?
Well, as noted, it had an upside in thatit appears to have reduced the damage
that the attackers could do, but italso had some negative consequences,
and these need to be taken into account,and as I've heard from others, it
(06:35):
could destroy evidence necessary forinvestigation and prosecution of hackers.
The point is that you don'twanna be making those decisions
while you're being attacked.
Companies of any size should havea playbook considering these things
upfront and getting advice from expertsso that when, and it's probably not
if, but when you get attacked, you canrespond not just quickly, but correctly.
(06:58):
this may be even more importantfor retailers since there's every
indication that the group that hastaken credit for attacking Co-op,
Dragon Force operates an affiliateor ransomware as a service offering.
As a result, no one is sure who hasattacked the retailers, but the tactics
are seen to be similar to that of aloosely coordinated group of hackers
who have been called Scattered Spider.
(07:19):
Or Octo Tempest, that gang operateson Telegram and Discord channels
and is English speaking and young.
In some cases they thinkpossibly only teenagers.
And according to some sources,they may be taking this attack
to the US in the near future.
And that's our show this weekend.
We have our month in review panel a littlelate, but it got bumped by our breaking
(07:42):
story from the whistleblower last week.
And We're back with our paneland some great discussion.
I hope you can join us Saturdaymorning or whenever you're free to.
Listen.
It's our big Canadian holidaythis weekend, and we will not
have an episode Monday morning.
I'll be off and back in thenews chair on Wednesday morning
with more cybersecurity news.
I'm your host, Jim Love.
(08:03):
Thanks for listening, and if you'rein Canada, enjoy the two four weekend.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.