The Security Swarm Podcast (Hornetsecurity)
Explore every episode of The Security Swarm Podcast
| Pub. Date | Title | Duration | |
|---|---|---|---|
| 26 Oct 2023 | EP25: Key Takeaways from our Ransomware Survey | 00:31:47 | |
In today's digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks. In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business. Timestamps: (3:20) – How important is ransomware protection in terms of IT priorities? (4:41) – How many organizations do NOT have a DR plan in place? (9:28) – How many organizations protect their backups from ransomware? (12:10) – What types of tools are organizations using to combat ransomware? (15:45) – How many organizations have been victims of ransomware? (18:12) – How many ransomware victims managed to recovery from backup? (20:50) – What are the most common vectors of attack for ransomware? (24:00) – How many people see real value from security awareness training? (27:37) – How many organizations using M365 have a DR plan in place for ransomware? Episode Resources: Full Ransomware Survey Results EP12: What We Learned by Asking the Community About Compliance | |||
| 22 Aug 2024 | How Threat Actors Tamper with Elections | 00:36:09 | |
In this episode of the Security Swarm Podcast, host Andy is joined by Umut Alemdar, Head of Security Lab at Hornetsecurity, to explore the escalating threat of election interference by cyber threat actors across the globe. They talk about motivations driving these actors and the various tactics used to infiltrate political parties, target election equipment, and spread misinformation, including the use of deepfakes. The episode also revisits significant cases of election meddling, from the 2015 German Bundestag hack to the 2020 Iranian hack of U.S. city election websites, highlighting the ongoing risks. Andy and Umut conclude with strategies to combat these threats, emphasizing the importance of policy changes, enhanced public communication, and rigorous cybersecurity training for election officials. Key Takeaways:
Timestamps: (01:00) Introduction and Categorizing Threat Actors (08:00) Infiltrating Political Parties and Targeting Election Equipment (09:44) Consequences of Spreading Misinformation (14:00) Past Attacks: Germany, France, and Ukraine (21:32) US-Based Attacks: 2016 Presidential Election and Breaching City Websites (28:30) What Can Be Done? Policies, Communication, and Monitoring Episode Resources: | |||
| 28 Jun 2023 | EP11: On-Prem Exchange Server Throttling | 00:33:35 | |
Microsoft's recent decision to throttle traffic from old and outdated versions of On-Premises Exchange has sent shockwaves through the tech community. In today's episode, Andy and Paul Schnackenburg delve into the details of Microsoft's plans to protect Exchange Online against persistently vulnerable on-premises Exchange Servers by throttling and blocking emails from these unsupported servers. Tune in to understand the reasoning behind Microsoft's strategy with this change, how organizations can keep themselves protected through process, and where third-party vendors can plug in and provide value. Timestamps: 4:00 – Microsoft’s plan details and communication 10:50 – Paul and Andy’s thoughts on why Microsoft is making this change 18:40 – Is it “Ethical” for Microsoft to block on-prem Exchange traffic? 26:31 – What should affected organizations do? Episode Resources: Hornetsecurity's 365 Total Protection | |||
| 12 Jul 2024 | Summer Olympics 2024: How and Why Threat Actors Target the Games | 00:30:00 | |
In this episode of the Security Swarm podcast, host Andy is joined by Romain Basset from Hornetsecurity to discuss the cybersecurity implications of the upcoming 2024 Olympic Games in Paris, France. The conversation explores how the geopolitical landscape, with ongoing global tensions and conflicts, creates a high-profile stage that threat actors may target for hacktivism, financial gain, or destabilization. Throughout the episode, they highlight the increased risks leading up to the 2024 Games, noting that French infrastructure has already been targeted by various threat actor groups, including DDoS attacks. They discuss the blurring lines between cybercrime and geopolitical threats, with many threat actors now engaging in both financially and politically motivated attacks. Key takeaways:
Timestamps: (01:15) - Why Cybersecurity is Important for the Olympics (02:25) - Geopolitical Tensions and Threat Actors (04:31) - Potential Cyber Attacks - Scams, Extortion, Disinformation (06:50) - The 2018 Pyeongchang Olympics Cyber Attack (12:48) - False Flags and Attribution Challenges (16:05) - Overlap Between Cybercrime and Geopolitical Destabilization (19:13) - Real-World Impacts of Geopolitical Cyber Tensions (23:08) - Cybersecurity Best Practices and Advice Episode Resources: Read our blog about Russia’s notorious history of attacking the Olympics Protect your business before it’s too late with 365 Total Protection Train your users to spot phishing emails during the Olympics with Security Awareness Service | |||
| 20 Jul 2023 | EP14: The Permissions Management Nightmare in SharePoint Online | 00:37:45 | |
We’re back for another episode with Philip Galea, R&D Manager at Hornetsecurity. In today’s episode, Andy and Philip discuss the frustrations and challenges IT admins face when managing permissions and sharing effectively in SharePoint Online. As more organizations embrace remote work, collaborate with external freelancers, and rely on tools like Microsoft Teams and emails for sharing files, the need to manage permissions has become crucial. Tune in to this episode to learn about the complexities of SharePoint and discover ways to regain control over your access management. Timestamps: 4:44 – The problems with managing permissions in SharePoint Online 8:34 – The ease of file sharing in M365 has created a problem. 11:16 – Have SharePoint security capabilities just been “lifted and shifted” to the cloud? 14:43 – The egregious problem with duplicate named SharePoint custom roles. 23:32 – What should M365 admins be doing about this problem? 27:10 – Behind the scenes with M365 Permission Manager by Hornetsecurity Episode Resources: Introducing 365 Permission Manager – Webinar Find Andy on LinkedIn, Twitter or Mastadon Find Philip on LinkedIn | |||
| 29 Feb 2024 | Microsoft vs Midnight Blizzard | 00:38:18 | |
During last week’s episode, we briefly spoke about major security incidents that took place between January and February 2024, including the Midnight Blizzard attack. Today, we're delving deeper into the specifics of this attack. From exploiting OAuth mechanics to navigating Microsoft's corporate environment, the attackers demonstrated a level of sophistication that evaded conventional detection controls. Tune in to hear Andy and Paul examine its intricate attack chain and discuss their insights on what Microsoft should do in response. Timestamps: (2:00) – What does the attack chain for this breach look like? (7:11) – Timeline of the Attack (8:53) – Thoughts on Microsoft’s Response (18:55) – A Definition of an OAuth App and a Service Principal (27:36) – What do Admins need to do about this? (33:20) – Does the speed of change and the scale of Cloud Services negatively impact security? Episode Resources: | |||
| 16 May 2023 | EP05: What is Immutability and Why Do Ransomware Gangs Hate it? | 00:33:09 | |
In today’s episode, we welcome Philip Galea, an esteemed expert in immutability and backups at Hornetscurity. With ransomware being one of the most pervasive issues in the industry today, immutability emerges as a powerful weapon against ransomware gangs. The term immutability is thrown around a lot in the cybersecurity community, but what does it mean, and why do ransomware gangs hate it? This episode provides a fascinating insight into immutability and its vital role in the fight against ransomware. Timestamps: 4:25 – What is immutability? 9:34 – How ransomware drove the need for immutability 12:30 – Ransomware creation via ChatGPT 18:12 – Are there benefits and use cases for immutability outside of backup? 21:30 – How does immutability really work? 24:57 – What’s to stop a rogue admin from “Tinkering” with immutable storage? Episode resources: | |||
| 30 Aug 2023 | EP19: How to Sell Cybersecurity to the C-Suite | 00:30:33 | |
As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point. This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy! Timestamps: 2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle 15:50 – Compliance and Similar Issues Often Drives C-Suite Attention | |||
| 17 Jan 2024 | Monthly Threat Report - January 2024 | 00:52:06 | |
We're kicking off 2024 with our Monthly Threat Report analysis. Every month, our Security Lab looks into M365 security trends and email-based threats and provides commentary on current events in the cybersecurity space. In this episode, Andy and Eric Siron discuss the Monthly Threat Report for January 2024. Tune in to learn about the top-targeted industries, brand impersonations, the MOVEit supply chain attack, the active attack by the Iranian hacking group "Homeland Justice" on the Albanian government, and much more! Episode Resources: Full Monthly Threat Report for January 2024 Annual Cyber Security Report 2024 | |||
| 09 May 2024 | Microsoft's SFI Expansion, UK's New PSTI Law & Updates on Change Healthcare Attack | 00:45:09 | |
In this week's episode, Andy and guest Eric Siron discuss the cybersecurity landscape based on data from the Monthly Threat Report for May 2024. They cover a range of news items, including Microsoft's recent announcement to expand the Secure Future Initiative, the new PSTI (Product Security and Telecommunications Infrastructure) Act in the UK and a significant brand impersonation campaign targeting the German financial entity Commerzbank. Additionally, they provide updates on the Change Healthcare ransomware attack. Key takeaways:
Timestamps: (04:02) Insights from the Latest Monthly Threat Report: Decrease in Email Threats, Top Targeted Industries, and Impersonated Brands (14:02) Breaking Bad Habits: QR Codes, OAuth, and User Training (15:18) Microsoft's Security Issues and Response to CSRB’s Criticism: Committed to Improve Security (25:23) New UK Law Mandates Security Standards for Consumer IoT Devices (34:02) Impact of Ransomware Attack on Change Healthcare and the Dilemma of Paying Ransom
Episode Resources: Full Monthly Threat Report May 2024 Sharpen your Instincts with Security Awareness Training
| |||
| 06 Jun 2023 | EP08: Advanced Threat Protection: A Must Have in Today’s Ecosystem? | 00:29:00 | |
We’re back for another episode with Umut Alemdar - Head of Security Lab here at Hornetsecurity. Today, we’re discussing Advanced Threat Protection (ATP) and its crucial role in detecting, preventing, and responding to increasingly sophisticated cyber threats. Throughout the episode, Andy and Umut discuss common ATP techniques such as sandboxing, time of click protection, and spam filters, all of which are critical in fortifying defenses against malicious actors. Furthermore, they emphasize the vital function of the natural language understanding module in ATP in detecting sophisticated social engineering attacks. While this episode focuses on ATP in general, Andy and Umut draw concrete examples from our own ATP scanning methods here at Hornetsecurity. Timestamps: 2:05 – What is Advanced Threat Protection 5:50 – What are common scanning techniques used by ATP technologies 10:35 – How does Sandboxing work in ATP scanning techniques? 13:07 – What is the role of AI within ATP scanning? 18:09 – Concrete example of where ATP saves the day 20:11 – Scanning for malicious QR codes Episode Resources: We used ChatGPT to Create Ransomware Umut on LinkedIn | |||
| 23 Feb 2024 | Midnight Blizzard, AnyDesk Breach & a $27 Million Ransomware Attack | 00:38:42 | |
The Monthly Threat Report by Hornetsecurity is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. For this episode, Andy is joined by Hornetsecurity’s CTO – Yvonne Bernard, for an in-depth analysis of major security breaches and ransomware attacks that occurred between January and February 2024. From the Midnight Blizzard attack on Microsoft to a ransomware attack that cost Johnson Controls 27 million USD, our hosts explore what went wrong and provide expert recommendations from the Security Lab at Hornetsecurity on how to protect your business from similar threats. Timestamps: (3:20) – Email Threat Trends from January (6:51) – What were the Most Targeted Industries for January? (9:52) – What were the most impersonated brands in January? (12:30) – A Discussion on the Midnight Blizzard attack on Microsoft (22:38) – The Recent Breach of AnyDesk (27:15) – $27 Million Cost of Ransomware attack on Johnson Controls (32:34) – A C-Suite Look at Microsoft 365 Co-Pilot and the Danger of Misconfigured Permissions Episode Resources: Episode on Malicious OAuth Applications Microsoft post on Midnight Blizzard Attack Detailed Tactics Post from Microsoft on Midnight Blizzard Attack | |||
| 06 Sep 2024 | The Magic Behind DMARC, DKIM, and SPF? | 00:27:39 | |
In this episode of the Security Swarm Podcast, host Andy and his guest Michael Posey discuss the email authentication protocols of SPF, DKIM, and DMARC. They explain what these protocols are, how they work, and why they are important for protecting against email spoofing and impersonation attacks. Michael shares his insights from working with MSPs and the channel, noting that while these protocols are not overly complex, they are often overlooked or misunderstood by IT professionals. The hosts dive into the specifics of each protocol - SPF defines which mail servers are allowed to send email for a domain, DKIM adds a cryptographic signature to validate the message's origin and integrity, and DMARC ties the two together to specify how receivers should handle authentication failures. The discussion covers the benefits of these protocols in improving email security and reputation, as well as the importance of adopting them industry-wide to reduce impersonation tactics used by threat actors. The hosts also touch on the history of cryptography and the need to layer security controls rather than relying on any single solution. Overall, this episode provides a comprehensive overview of these essential email authentication standards. Key Takeaways:
Timestamps: (05:50) SPF (Sender Policy Framework) (11:23) DKIM (DomainKeys Identified Mail) (16:11) How DMARC brings SPF and DKIM together (21:32) Key Protocols for Security and Compliance (24:11) Defense in Depth Episode Resources: | |||
| 09 Apr 2024 | Security Risks of Always On Remote Access | 00:35:33 | |
In this episode of The Security Swarm Podcast, host Andy Syrewicze is joined by Matt Lee from Pax8 to discuss the risks associated with deploying always on remote access software on managed endpoints. The conversation spans various topics, including Matt Lee's extensive background in the MSP space, where he shares insights gained from his experience with a mass ransomware event. Together, they explore the risks and implications of constant remote access, emphasizing the need for organizations to adopt a more proactive stance toward cybersecurity. Key takeaways:
Timestamps: (11:08) - Navigating Remote Access in Highly Regulated Managed Service Provider (MSP) Environments (14:02) - Maximizing Security with Just in Time, Just Enough Access (17:41) – The ConnectWise ScreenConnect Vulnerability and the Importance of Communication (26:32) – The Need for Maturity in the Cybersecurity Space (31:10) – Don't Let Perfect be the Enemy of Good Episode Resources:
| |||
| 06 Mar 2024 | Insider Threats in Microsoft 365 | 00:32:08 | |
Join host Andy and special guest Philip Galea, R&D Manager at Hornetsecurity, as they explore insider threats within Microsoft 365. In this episode, the focus is on SharePoint Online and OneDrive for Business, shedding light on the nuances of insider threats and offering valuable insights on safeguarding against them. Tune in for expert analysis and practical tips on fortifying your defenses and protecting your organization's sensitive data in the evolving landscape of cloud-hosted infrastructures. Episode Resources: | |||
| 26 Sep 2023 | EP22: Can You Trust Microsoft with Security? | 00:38:40 | |
In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident. The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud. Timestamps: (1:55) – There has been a recent string of security issues at Microsoft (6:42) – Storm-0558 (16:38) – Follow up on the SolarWinds attack from 2020 (20:50) – Multiple Exchange on-prem vulnerabilities over the last several years (22:55) – Power Platform cross-tenant un-authorized access (26:61) – Communication seems to be a sore spot across all these issues (31:21) – Trust is critical for the survival of “the cloud” Episode Resources: Monthly Threat Report - September 2023 Microsoft 365: The Essential Companion Guide - Free eBook Paul’s recent article on Microsoft’s security issues Results of Microsoft’s Storm-0558 Investigation | |||
| 12 Sep 2024 | The Complexity and Confusion of the Defender Ecosystem | 00:40:34 | |
In this episode of the Security Swarm Podcast, host Andy Syrewicze and our regular guest, Paul Schnackenburg, provide a comprehensive overview of the Microsoft Defender ecosystem. They cover the various Defender products, including:
They also discuss the "Defender adjacent" services like Microsoft Entra (identity), Microsoft Purview (data security/governance), and Microsoft Defender for Cloud Apps (CASB). A key focus of the discussion is the complexity and management challenges that come with this expansive Defender suite. The host and the guest note the large number of different management portals, the difficulty of adequately configuring and leveraging all the features, and the need for dedicated security teams to utilize these enterprise-grade tools fully. Further down the line, Andy and Paul explore the significant value that third-party security solutions can provide in augmenting or simplifying the M365 security experience. They highlight how third-party tools can offer easier deployment, management, and specialized capabilities that may be outside the core focus of the broader Defender ecosystem, thereby enhancing the overall security posture of an organization. Overall, this episode takes a deep dive into the Microsoft Defender landscape, exploring the pros and cons of the comprehensive suite and offering insights on how organizations can optimize their security with a mix of Microsoft and third-party solutions. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways:
Timestamps: (02:00) Overview of the Microsoft Defender ecosystem (07:00) Differences between Microsoft Defender for Endpoint P1, P2, and Business Premium (13:00) Explanation of Microsoft Defender for Identity and its on-premises vs cloud components (19:00) Discussion of Microsoft Defender Vulnerability Management and its challenges for small/medium businesses (32:00) Value that third-party security solutions can provide compared to the Microsoft Defender suite Episode Resources: Security Swarm Episode on M365 Security Licensing -- Overwhelmed by the complexity of the Microsoft Defender ecosystem? Simplify your Microsoft 365 security, risk management, governance, compliance, and backup with 365 Total Protection by Hornetsecurity. | |||
| 02 Sep 2024 | Egregious Security Practices in the Workplace | 00:52:54 | |
In this episode of the Security Swarm Podcast, host Andy and his regular guest, Eric, talk about the worst workplace security practices they've seen. From weak password policies to unsecured devices and poor data management, they share real-life stories and insights that will make you cringe - and hopefully inspire you to tighten up your organization's security posture. They also discuss the importance of employee security training, the challenges of software patching, and the dangers of "security by personality" - when people make decisions based on gut feelings rather than data. It's a candid, sometimes humorous look at the security nightmares that keep IT pros up at night. Whether you're an infosec professional or just someone who wants to keep your company's data safe, this episode is packed with valuable lessons. Grab a pen and paper - you'll want to take notes on what not to do when it comes to workplace cybersecurity. Key Takeaways:
Timestamps: (00:00) Welcome to the Security Swarm Podcast (03:19) Exploring Weak Password Policies (11:26) The Importance of Employee Security Training (19:16) Unsecured Devices: A Dangerous Vulnerability (27:34) Mismanaging Data: Risky Business (37:40) The Perils of Ignoring Software Updates (45:30) Security Decisions Driven by Personality, Not Data Episode Resources: Security Risks of Always on Remote Access GM shared our driving data with insurers without consent, lawsuit claims | |||
| 14 Feb 2024 | Co-Pilot and Misconfigured Permissions - A Looming Threat? | 00:32:09 | |
The use of Large Language Models (LLMs), like ChatGPT has skyrocketed, infiltrating multiple facets of modern life. In today's podcast episode, Andy and Paul Schnackenburg explore Microsoft 365 Co-Pilot and some surprising risks it can surface. Microsoft 365 Co-Pilot is more than just a virtual assistant: it's a powerhouse of productivity! It is a versatile generative AI tool that is embedded within various Microsoft 365 applications, and as such, it can execute various tasks across different software platforms in seconds. Amidst discussions about Co-Pilot’s unique features and functionalities, many wonder: How does M365 Co-Pilot differ from other LLMs, and what implications does this hold for data security and privacy? Tune in to learn more! Timestamps: (4:16) – How is Co-Pilot different from other Large Language Models? (11:40) – How are misconfigured permissions a special danger with Co-Pilot? (16:53) – How do M365 tenant permission get so “misconfigured”? (21:53) – How can your organization use Co-Pilot safely? (26:11) – How can you easily right-size your M365 permissions before enabling Co-Pilot? Episode Resources: Paul’s article on preparing for Co-Pilot Webinar with demo showcasing the theft of M365 credentials Start your free trial of M365 Total Protection Effortlessly manage your Microsoft 365 permissions
| |||
| 20 Sep 2023 | EP21: Life as a Cybersecurity CEO - An Inside Look | 00:28:34 | |
In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry. With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape. Timestamps: (2:13) – What is it like being the CEO of a Cybersecurity Company? (7:27) – What are the main methods that Daniel uses to keep up to date on the industry? (10:05) – What was the main driving reason behind founding Hornetsecurity? (13:26) – Solving security problems with a unique approach. (18:28) – How is AI changing the cybersecurity industry? (24:08) – Daniel’s cybersecurity predictions for the future. Episode Resources: Hornetsecurity’s Advanced Threat Protection Episode 18: Generative AI in Defensive Tools
| |||
| 31 May 2023 | EP07: A Discussion and Analysis of Qakbot | 00:25:28 | |
In today’s episode, Andy and Umut Alemdar explore one of the most malicious botnets in today’s digital threat landscape: Qakbot. What makes Qakbot so dangerous? Qakbot originally started out as an information stealer back in 2007. Over the years, it has undergone significant transformations, evolving into a multi-modular malware that poses a severe threat to businesses. In our discussion and analysis, we uncover its attack chain from infecting a system to downloading malicious payload. Timestamps: 3:24 – What is Qakbot? 5:18 – An overview of Qakbot’s attack chain and capabilities 14:38 – Mitigation and defence strategies for Qakbot 19:48 – What does the future look like for Qakbot? Episode Resources: The Reemergence of Emotet and Why Botnets Continue to Return Find Andy on LinkedIn, Twitter or Mastadon Find Umut on LinkedIn | |||
| 02 May 2024 | A Breakdown of CSRB's Findings on Microsoft Storm-0558 Breach (PART 2) | 00:28:38 | |
Today’s episode of the Security Swarm Podcast is a continuation from last week’s episode where Andy and Paul discussed the CSRB’s findings on Microsoft’s Storm-0558 Breach. In their discussion, they continue picking apart the findings and providing their insights. Episode Resources: | |||
| 24 Nov 2023 | EP28: Differences Between DNS/Route-Based Email Security and Email Security via API | 00:37:46 | |
Remember the days of DNS route-based email security? It's been a steadfast approach, but in recent years, the landscape has shifted towards API-driven solutions, particularly evident in platforms like Microsoft 365 utilizing the Graph API. In this episode, Umut Alemdar from Hornetsecurity's Security Lab joins Andy once again to discuss email filtration, particularly the DNS route-based approach versus the emerging API-based method. The discussion isn’t just a comparison; it’s an exploration of how these two approaches can complement each other in a hybrid model, offering a more robust and versatile email security framework. Episode Resources: | |||
| 01 Aug 2024 | Inside Anonymous Sudan: Threat Actor Group Behind Major Cyber Attacks | 00:30:08 | |
Romain Basset is back for another podcast episode. Today, Andy and Romain discuss the notorious threat actor group, Anonymous Sudan. They explore who this group is, their affiliations, motivations, and the tactics, techniques, and procedures (TTPs) they employ. The discussion includes an overview of various types of threat actor groups, situating Anonymous Sudan within this landscape, and providing a detailed background on the group's emergence, targets, and the significant impact of their attacks. Key Takeaways:
Timestamps: (02:43) - Categories of Threat Actor Groups (05:44) - Ties Between Anonymous Sudan and Russia (10:59) - Tools Used by Anonymous Sudan (15:47) - Techniques and Procedures of Anonymous Sudan (24:08) - Typical DDoS Attack Procedure Episode Resources:
| |||
| 04 Oct 2023 | EP23: The Importance of Certification in the Security Space | 00:34:31 | |
You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let's face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take. In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today's ever-changing cybersecurity landscape. Timestamps: (2:45) - Why is certification important in the Security Space (7:28) - What are the benefits of getting certified? (11:45) - Vendor-specific certifications (16:05) - Are Linux certifications relevant to security professionals? (22:21) - What are the most important vendor-agnostic security certifications? Episode Resources: Careers at Hornetsecurity (We offer training!) Umut on LinkedIn | |||
| 09 Oct 2023 | Monthly Threat Report - October 2023 | 00:35:45 | |
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023. The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company's security culture and its ability to safeguard its vast user base. Tune in for more details! Timestamps: (2:37) – Email Threat Numbers for the data period. (4:18) – File Types used for the delivery of malicious payloads. (7:39) – What are the top targeted industry verticals? (11:19) – What were the most impersonated brands during the last month? (21:15) – Microsoft’s Continued Security Issues (31:19) – Vulnerabilities in libwebp Episode Resources: | |||
| 14 Aug 2024 | CrowdStrike Chaos, VMware ESXi Vulnerability & More | 00:46:14 | |
In today’s episode of the Security Swarm Podcast, Andy and Eric Siron discuss the Monthly Threat Report of August 2024. They cover the aftermath of the CrowdStrike incident, Microsoft's proposed enhancements to improve the security of their ecosystem, as well as the discovery of a vulnerability in AMD processors that could allow persistent malware. Additionally, they discuss the emergence of new AI jailbreak attacks, which can bypass content restrictions and generate harmful outputs and a VMware ESXi vulnerability that could allow attackers to gain access to virtual machines. Key Takeaways:
Timestamps: (01:00) CrowdStrike Incident and Lessons Learned (04:14) Importance of Proper Software Testing and Development Processes (7:21) Potential Consequences of Rushed Software Updates (28:18) AI Jailbreak Attacks and Generative AI Risks (33:43) VMware ESXi Vulnerability and Potential Ransomware Implications (37:53) Bumblebee Loader and the Threat of Rapid Active Directory Compromise (39:41) HealthEquity Data Breach and the Normalization of PII Breaches (40:17) Anonymous Sudan and Their Disruptive DDOS Attacks (41:54) Cyber Attacks on the Olympic Games and the Role of Nation-State Actors Episode Resources: Podcast episode on Anonymous Sudan Webinar where Andy covers the ways threat actors use Generative AI VMware ESXi Authentication Bypass Exploit Security Swarm Podcast re: threat actor attacks on the Olympic Games | |||
| 06 Sep 2023 | EP20: What's Going on With Azure AD? | 00:34:21 | |
Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Microsoft Entra ID, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Azure AD is/was and its crucial role in the Microsoft Cloud ecosystem. Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform's functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same. Timestamps: 2:03 – Azure AD is Now Microsoft Entra 9:35 – Relevant Acronyms for the Identity Space 13:49 – Entra Internet Access 21:28 – Entra Private Access 26:44 – M365 / Entra ID Tenant Restrictions 30:23 – How Do These Features Factor Into the Storm-0558 Breach? Episode resources: Hornetsecurity 365 Total Protection Podcast episode: Licensing Security Features in M365 Azure Active Directory Domain Services | |||
| 26 Apr 2023 | EP02: How Tech Pros Handle Security News | 00:29:31 | |
Welcome back for another episode of the Security Swarm Podcast, the podcast that brings you the insights and expertise straight from the Security Lab here at Hornetsecurity. In this episode, we’ll be diving into recent security disclosures with Eric Siron, Microsoft MVP, and discussing how organizations should respond when vulnerabilities are discovered. We’ll focus on two major incidents as examples throughout this episode; the Outlook Vulnerability CVE-2023-23397, and the re-emergence of Emotet. In today’s digital landscape, threats are constantly evolving and becoming more sophisticated, making it critical to respond quickly and efficiently minimize the impact of such incidents. Whether you’re a SysAdmin working in a small organization or the CISO of a large business, you have to be more vigilant, and have a plan. Tune in to learn valuable insights into how tech professionals should handle security news. Timestamps: 3:16 – A baseline example of a busy security news-cycle 8:00 – Keeping an eye on the security news-cycle and has it always been this way? 17:45 – What should organizations be doing to keep tabs on the security news-cycle? 23:21 – What can vendors be doing better to help SysAdmins handle security news? Episode resources: | |||
| 17 Nov 2023 | Monthly Threat Report - November 2023 | 00:40:44 | |
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October. During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft’s response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape. Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike. Timestamps: (3:07) – What is the general state of email threats during the last month? (6:31) – What types of files are being used to deliver malicious files? (9:38) – What industries are being targeted the most throughout the data period? (14:40) – What are the most impersonated brands during the last month? (18:52) – An update on the Microsoft Storm-0558 breach (23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler (30:31) – Commentary on the SEC’s charges against SolarWinds and their CISO Episode Resources: Full Monthly Threat Report for November Law Enforcement Shutdown of Qakbot Paul and Andy Discuss Storm-0558 Security Awareness Service - Request Demo | |||
| 04 Apr 2024 | Passkeys: The Future of Authentication? | 00:38:04 | |
We're thrilled to have Jan Bakker, a seasoned Cloud Consultant with over 10 years of IT experience, joining us from the Netherlands. In this episode, Andy and Jan explore the revolutionary concept of passkeys, a technology that aims to replace traditional passwords and enhance security by providing phishing resistance. The conversation delves into the significance of passkeys and their value in improving user experience and security measures. The guys even discuss what is currently known publicly about passkeys in M365. Key takeaways
Timestamps: (00:13) - Unveiling the Power of Pass Keys in Cybersecurity with Jan Bucker (03:47) - The Rise of MFA Bypass Kits and Adversary in the Middle Attacks (14:55) - Unlocking the Future of Passwordless Authentication with Passkeys (24:55) - Addressing Persistent Access in Malicious Apps and OAuth: A Call for Improved Security Practices (29:59) - Unpacking the Importance of Phishing Resistance and Token Security in Cybersecurity (33:01) - Enhancing Security with Passkeys and Onboarding Procedures in Public Services Episode resources: | |||
| 22 Aug 2023 | EP18: Generative AI in Defensive Tools | 00:31:41 | |
In today’s episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI's darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity's suite of products leverages AI to display a concrete example in the industry. Join us as we shift the narrative from AI's potential for malicious use to how defensive toolsets and security experts are harnessing its power. Timestamps: 3:12 – How has AI changed the threat landscape? 6:10 – How can AI help blue teams? 16:08 – An example of AI used defensively in a software stack 26:24 – What advancements in AI in the security space are we likely to see in the future? Episode Resources: EP08: Advanced Threat Protection: A Must Have in Today's Ecosystem? EP03: The Reemergence of Emotet and Why Botnets Continue to Return OpenAI Cybersecurity Grant Program AI can steal data by listening to keystrokes with 95% accuracy Umut on LinkedIn | |||
| 27 Jun 2024 | Celebrating 50 Episodes: A Review of our Top Security Discussions (PT1) | 00:31:12 | |
For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed. This is part 1 of a 2-part episode, with part 2 coming next week. Key Takeaways:
Timestamps: (00:31) Using ChatGPT to create ransomware - still a relevant and evolving topic (02:22) How tech pros should handle security news and zero-days (09:09) The re-emergence of Emotet and the challenges of disrupting botnets (12:04) The persistent problem of social engineering and email attacks (13:25) The importance of immutability and backups against ransomware (16:29) The security of Microsoft 365 (19:35) Deep dive on the QuickBot malware (20:20) The necessity of advanced threat protection (ATP) (22:58) Guidance on effective security awareness training (25:41) Tips for IT admins on working with CISOs (26:07) Microsoft's throttling of legacy on-premises Exchange servers (28:11) Discussing Episodes 12 and 13, recorded live at InfoSecurity Europe, on compliance and security horror stories
| |||
| 15 May 2024 | Did the CSRB Force Microsoft's Hand on Security? | 00:47:32 | |
Microsoft has recently been criticized for not prioritizing security enough. Following the CSRB's Report on the Storm-0558 attack, Microsoft announced that security is now a top priority, with a commitment to address security issues before new product innovations. In this podcast episode, Andy and Paul Schnackenburg discuss the blog post which analyzes the Secure Future Initiative and its advancements. The conversation brings up the burning question: Was it the Cyber Safety Review Board (CSRB) that catalyzed Microsoft’s proactive stance on security? Key takeaways:
Timestamps: (06:52) Key Insights from Charlie Bell’s Blog Post Addressing Cyber Security Concerns (11:22) Enhancing Security Measures in Response to the CSRB’s Report (21:22) Top Security Practices for Protecting Tenants and Production Systems (24:46) Enhancing Cloud Security with Micro Segmentation and Software Supply Chain Protection (30:44) Challenges and Considerations in Cloud Security Logging and Storage (34:37) Enhancing Cloud Security with Microsoft Sentinel and Vulnerability Reporting (37:37) Unveiling Common Vulnerabilities and the Importance of Secure Authentication in Cloud Environments (42:34) Analyzing Microsoft's Response to a Security Incident Episode Resources: The Blog Post from Charlie Bell | |||
| 03 May 2023 | EP03: The Reemergence of Emotet and Why Botnets Continue to Return | 00:21:25 | |
Welcome back to the Security Swarm Podcast! In this episode, our host Andy Syrewicze talks with Umut Alemdar, Head of Security Lab here at Hornetsecurity, about the reemergence of Emotet and the pervasiveness of botnets. Why do they keep coming back? Emotet, a well-known botnet for spreading malware and stealing personal information, had been dormant since December before reappearing in March 2023 with new tactics and capabilities. The Botnet has a modular architecture that allows threat actors to include any kind of payload that gets executed on the victim’s device. Tune in to hear Andy and Umut discuss the attack chain of Emotet, how it has evolved and the risks it may pose to your organization. They also explore why botnets such as Emotet persist despite efforts to shut them down. Timestamps: 1:58 – What is Emotet? 6:25 – Emotet’s Attack Chain 12:20 – How do Botnets continue to return? 14:44 – How can organizations guard against botnets like Emotet? Episode resources: Hornetsecurity Article Regarding Emotet Hornetsecurity CyberSecurity Roundtable Discussion | |||
| 13 Jun 2023 | EP09: Real-World Guidance on Security Awareness Service | 00:32:46 | |
In today’s episode, our host Andy sits down with Lia Fey, Customer Success Lead at Hornetsecurity, to discuss why employees need to be trained on security awareness and what type of training works best. In addition, they explore the challenges businesses face when trying to train their employees in today’s digital landscape. Lia Fey brings her expertise to the table and sheds light on real-world scenarios where organizations have successfully prevented attacks because an end user possessed the knowledge and ability to react appropriately. Timestamps: 2:32 – What is a security awareness service? 9:38 – Why is security awareness training so effective? 12:45 – Measuring end-user success and right-sizing training 20:11 – What is the right kind of end-user security training? 24:22 – Some real-world scenarios 28:35 – Do security awareness services help spot threats outside of email? Episode Resources: Andy on LinkedIn, Twitter or Mastodon Lia on LinkedIn | |||
| 03 Jul 2024 | Celebrating 50 Episodes: A Review of our Top Security Discussions (PT2) | 00:32:54 | |
For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed. This is part 2 of a 2-part episode. | |||
| 12 Sep 2023 | Monthly Threat Report - September 2023 | 00:36:52 | |
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. During the episode, Andy and Yvonne explore the overall threat trends including:
Timestamps: (3:22) – General threat trends for this month’s data period (7:11) – What were the most used file types used for malicious payloads during the data period? (10:10) – What are the most targeted industries for this data period? (12:04) – The most impersonated brands from this month’s report (16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet (22:54) – An update on the Microsoft Storm-0558 breach (33:46) – Data breaches account for 14 million lost records Episode Resources: Full Monthly Threat Report - September 2023 | |||
| 25 Jul 2024 | Why Confidential Computing Matters | 00:35:29 | |
In this episode, host Andy is joined by Paul to provide a comprehensive overview of confidential computing - what it is, why it's important, and how it's being implemented in cloud platforms like Microsoft Azure. Key Takeaways:
Timestamps: (03:00) The Need for Confidential Computing (06:28) How Confidential Computing Works (14:38) Trusted Execution Environments and Trusted Computing Base (21:47) Confidential Computing in Azure and Beyond (27:58) Confidential Computing in Apple's AI Episode Resources: The Confidential Computing Consortium Watch: BlueHat IL 2024 - Ben Hania, Yair Netzer - Compromising confidential VMs and then fixing it | |||
| 09 May 2023 | EP04: The Modern Take on Social Engineering in Email | 00:21:04 | |
In this episode, we delve into the world of social engineering, phishing, and spam campaigns, exploring modern techniques threat actors are using to trick users into divulging sensitive information through email. Security Evangelist Andy and guest expert Umut Alemdar, head of the Security Lab here at Hornetsecurity, explain how phishing remains the top method of attack for many cybercriminals due to its cost-effectiveness and ability to exploit human vulnerability. Attackers use excellent context and timing to create convincing email messages that trick even the most savvy users into divulging sensitive information. Despite the prevalence of anti-spam solutions, phishing continues to rise as attackers adapt and evolve their techniques. Tune in to gain a better understanding of social engineering and how to protect your organization in the modern age. Timestamps: 1:47 – Social engineering, phishing, and spam campaigns: still a problem in the modern era 6:30 – Why is phishing so effective, even today? 11:43 – What other types of attacks does phishing enable for end users? 16:48 – How does the industry ultimately solve the problem of phishing? Episode resources: | |||
| 10 Jun 2024 | New Threat Campaign Distributing DarkGate Malware & The Massive 911 S5 Botnet Takedown | 00:38:40 | |
In this episode of the Security Swarm Podcast, host Andy and recurring guest Eric Siron discuss the Monthly Threat Review for June 2024. They explore a new threat campaign distributing the Darkgate Malware using a technique called pastejacking. Additionally, they touch upon the 911 S5 Proxy Botnet takedown and how threat actors are exploiting Stack Overflow to distribute malware. Key takeaways:
Timestamps: (03:15) - Insights into Email Threat Trends and Industry Targeting in Cybersecurity Landscape (13:15) - Unveiling New Cybersecurity Threat Campaign using Pastejacking (23:31) - Massive Botnet Take Down and Arrest of Operator: A Victory Against Cybercrime (29:29) - Beware of Malicious Packages: A Cautionary Case Study from Stack Overflow Episode Resources: | |||
| 07 Feb 2024 | The Dark Side of QR Codes | 00:31:38 | |
QR Codes are used everywhere in our society, from reading restaurant menus to accessing Wi-Fi networks and authenticating payments. However, as with any technological advancement, there's a flip side. While QR codes are not malicious in their essence, the landscape has shifted in recent years. Threat actors have evolved their tactics to exploit QR codes in various ways, posing new cybersecurity challenges. In this episode, host Andy teams up with Microsoft Certified Trainer Paul Schnackenburg to discuss the darker side of QR codes and the different ways in which threat actors are deceiving individuals. Episode Resources: The Danger of Malicious OAuth Apps in M365 Train your users to spot malicious emails with the Security Awareness Services Demo Safeguard your users from malicious QR codes with Advanced Threat Protection
| |||
| 08 Aug 2023 | Monthly Threat Report - August 2023 | 00:38:29 | |
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. Every month, Andy will be hosting an episode to dive into the key takeaways from the report. In today’s episode, Andy and Umut will be sharing a threat overview based on data from the Security Lab throughout July 2023. From the changing tactics in email attacks, to new brand impersonations and the impact of dark-web generative AI (Artificial Intelligence) tools like WormGPT, we will equip you with the right information to help you stay ahead of these new emerging threats. Timestamps: (2:43) – Net increase in all email threat categories during the data period (4:17) – The mostly commonly used file-types for payload delivery during the data period (7:24) – The most targeted industry vertical during the data period (10:13) – Most impersonated brands during the data period (15:49) – The rise of malicious generative AI like WormGPT (22:55) – The continued fallout from the MOVEit vulnerabilities (26:46) – The breach of Microsoft Cloud services by Storm-0558 Episode Resources: Monthly Threat Report - August 2023 EP 01 - We Used ChatGPT to Create Ransomware Umut on LinkedIn | |||
| 23 May 2024 | Passkeys in Microsoft Entra: Benefits, Implementation Tips & More | 00:35:16 | |
In this episode of the Security Swarm Podcast, our host Andy and guest speaker Jan Bakker discuss passkeys in the Microsoft ecosystem. They cover topics such as the definition of passkeys, prerequisites, tips for implementation, and the user experience. They also highlight the user-centric enrollment process, the role of conditional access, and the potential challenges and advantages of transitioning to passkeys. Key takeaways:
Timestamps: (03:04) - Unlocking the Future of Passkeys and the Evolution of Authentication (06:18) - Exploring the Security Benefits of Device Bound and Syncable Passkeys (14:54) - How to Prepare for Passkeys in Microsoft 365 (23:03) - Navigating the Rollout of Passkeys for Enhanced Security: Admins vs End Users (29:03) - Maximizing Security with Passkeys, Conditional Access, and Authentication Policies (33:01) - Unveiling the Convenience of Device-Bound Passkeys in Vasquez for Microsoft 365
Episode Resources:
| |||
| 01 Aug 2023 | EP16: Backup’s Modern Role in Security | 00:28:35 | |
In today's episode, Andy has a special guest from our product development team at Hornetsecurity - Jean Paul (JP) Callus. The episode goes into an insightful discussion on how threats have morphed over the years. Andy and Jean Paul recount the days when backup primarily served as a safety net against accidental data loss and hardware failures. Fast forward to today, and backups have become a key weapon in the fight against ransomware and other sophisticated attacks. Tune in to discover the power of modern backups in the ever-evolving world of cybersecurity and how organizations can establish seamless data protection measures, ensuring minimal data loss and downtime in the face of cyber threats. Timestamps: (2:16) – Ransomware continues to drive backup and recovery decisions. (10:10) – How has the industry traditionally mitigated ransomware and how are things done now? (14:13) – Revisiting the 3-2-1 backup strategy and adding an extra “1” (16:10) – Cloud backups and WORM (Write Once Read Many) states. (19:10) – What other backup technologies play a role in security? (23:43) – Deduplication, Immutability, and Backup Episode resources: Podcast EP01: We Used ChatGPT to Create Ransomware Podcast EP05: What is Immutability and Why Do Ransomware Gangs Hate it? Hornetsecurity Ransomware Attack Survey Find Andy on LinkedIn, Twitter or Mastadon Find Jean Paul on LinkedIn
| |||
| 18 Apr 2023 | EP01: We Used ChatGPT to Create Ransomware | 00:27:36 | |
In our very first episode we welcome Yvonne Bernard to the show for an in depth discussion into the security implications of ChatGPT. There is no doubting that ChatGPT and other recent AI models have brought some very positive change to a number of industries. However, did you know that there is potentially a darker side to AI? Can it be used for malicious purposes? The short answer is yes! In fact, we were able to use ChatGPT here at Hornetsecurity to essentially create ransomware! In today’s episode we discuss the particulars of that process, the implications as well as other methods threat-actors can use to get ChatGPT to help them with illicit activities! Timestamps: 5:51 - What are the cybersecurity benefits of ChatGPT? 10:05 - How is ChatGPT used for malicious use by threat-actors? 17:15 - Does OpenAI have controls in place to prevent malicious use? 20:48 - What are the legal implications that ChatGPT brings to the industry? 23:40 - What does the industry do about the potential security implications of ChatGPT? Episode Resources: | |||
| 22 Jul 2024 | Microsoft’s Security Saga Continues: Insights from Whistleblower | 00:35:42 | |
In this episode, Andy sits down once again with Paul to continue their conversation about Microsoft’s struggles with security. The episode focuses on a recent report from ProPublica about a Microsoft whistleblower named Andrew Harris. The report alleges that Microsoft was aware of a serious vulnerability in its on-premises Active Directory Federation Services (ADFS) software that could have enabled the SolarWinds supply chain attack, but chose not to fix it or disclose it to customers. Andy and Paul discuss how Microsoft's focus on new features and cloud growth over security, as well as the desire to win lucrative government contracts, may have contributed to this decision. They also touch on the challenges faced by Microsoft's security response team and the broader issue of security being seen as a cost center rather than a profit driver. Key Takeaways:
Timestamps: (02:22) - Explaining the Whistleblower's Allegations and the SolarWinds Attack (07:32) - Vulnerability in ADFS and Microsoft's "Security Boundaries" Argument (13:06) - Why Was the Issue Swept Under the Rug? (19:16) - The Challenges Faced by the Microsoft Security Response Center (MSRC) (26:24) - Satya Nadella's Comments on Prioritizing Security over New Features (27:38) - The Controversy Around the "Recall" Feature in Windows 11 Episode Resources: | |||
| 31 Jan 2024 | EP30 (PART 2): Dissecting Microsoft's Secure Future Initiative | 00:29:41 | |
In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors. Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications. Episode Resources: Episode 17: On-Prem Security vs. Cloud Security Microsoft’s Announcement Regarding the Secure Future Initiative | |||
| 09 Aug 2024 | How to Insulate your Business from Vendor Risk | 00:35:42 | |
This episode of the Security Swarm podcast features guest Eric Siron, a Microsoft MVP in cloud and data center management. Eric works primarily with healthcare organizations and small-to-medium businesses, helping them navigate security and IT challenges. The episode focuses on the important topic of vetting and selecting third-party software vendors. Andy and Eric discuss the recent CrowdStrike incident that caused major disruptions for many businesses. They use this as a case study to explore best practices for evaluating vendors, including assessing their security track record, testing their solutions thoroughly, understanding their update and patch management processes, and having contingency plans in place in case of vendor failures. Key takeaways:
Timestamps: (02:20) - CrowdStrike Incident (04:17) - Vetting Third-Party Vendors (11:42) - Compliance and Industry-Specific Considerations (13:46) - Detailed Testing of Solutions (19:26) - Common Problems with Third-Party Vendors (22:40) - The CrowdStrike Incident and Vendor Processes (29:10) - Mitigation Strategies | |||
| 28 Mar 2024 | Are Tech “Innovations” Accelerating Security Threats? | 00:36:04 | |
In today's fast-paced world, digital transformation has become a necessity for businesses to stay ahead of the game. With the increasing reliance on digital tools, however, there has been a seemingly corresponding rise in security incidents. Coincidence? The evolving landscape of IT and technology has brought to the forefront the question of whether the latest tech "innovations" are actually accelerating security threats. In this episode, Andy and Paul delve deeper into this issue, exploring how businesses can balance their need for technological advancements with maintaining robust security measures to protect against cyber threats. Timestamps: (2:54) – Commentary on the Rate of Change in Technology (13:21) – How has Innovation in Microsoft Cloud Services Contributed? (23:33) – What is the Cost of Innovation on Security Postures? Episode Resources: 365 Total Protection Free Trial
| |||
| 26 Jul 2023 | EP15: A Frank Discussion on Licensing M365 Security Features | 00:35:37 | |
Join us for an insightful discussion on the topic of licensing Microsoft 365 security features. Microsoft Certified Trainer, Paul Schnackenburg, joins us once again to share his valuable insights on how M365 licensing practices have evolved and why they’ve become so complex. In this episode Andy and Paul look at all the different ways native security features in M365 are licensed, what challenges come along with that process, how the process is confusing and more! This includes some discussion around how M365 licensing in general is flawed as well as how third-party software vendors help plug-in and do what they can to simplify this mess. Timestamps: 2:22 – O365 licensing vs M365 licensing 5:06 – Is the complexity in M365 licensing deliberate? 7:09 – Licensing and security with M365 business 13:30 – Licensing and security in the M365 Enterprise SKUs 19:30 – What about the EMS Suite? 21:42 – What are E5 Compliance and E5 Security? 28:05 – How can a 3rd party vendor help make licensing security features easier? Episode Resources: SysAdmin Dojo Podcast Episode on General M365 Licensing | |||
| 24 May 2023 | EP06: How Secure is Microsoft 365? | 00:33:10 | |
In this episode, Andy and Paul Schnackenburg, Microsoft Certified Trainer, investigate the burning question on everyone's mind: Is Microsoft 365 a secure platform? As we discuss the intricate details and inner workings of Microsoft 365 security, we leave no stone unturned. Tune in to learn valuable insights and expert analysis on the subject, as well as how Microsoft 365 holds up in today's ever-changing threat landscape. Timestamps: 2:30 – Is Microsoft 365 secure? 6:32 – Management portal and configuration creep in M365 13:28 – Does file sharing in M365 create a security problem? 20:07 – Lack of transparency in regards to internal cloud infrastructure CVEs 25:36 – The mentality of security – just because it’s in “the cloud” 29:38 – Ultimately it’s the “customer’s” responsibility to stay safe Episode Resources: Microsoft 365 Security Checklist 365 Total Protection Compliance & Awareness - Free Trial Azure Blunder left Bing Results Editable 365 Permission Manager Free Trial | |||
| 31 Oct 2023 | EP26: Questionable Methods for Protecting Backups from Ransomware | 00:34:31 | |
In today’s episode, we’re delighted to welcome back Eric Siron, who’s no stranger to our show. Andy and Eric will be exploring some historical methods devised by the security community to safeguard backups against ransomware such as air gapping, removable media and application whitelisting. But here's the twist: we're approaching these protective measures from the mindset of a relentless threat actor, someone who's determined to breach your defenses and make your backups their own. Throughout the episode, we will discuss common misconceptions surrounding these historical solutions, often described as the ultimate ransomware defenses. Do they genuinely live up to the hype? Why do they seem to fall short when used in a vacuum? Tune in to learn more! Episode Resources: The Backup Bible by Eric Siron EP22: Can You Trust Microsoft with Security? Immutable Protection Against Ransomware | |||
| 21 Jun 2023 | EP 10: Tips and Tricks for Working with CISOs | 00:26:20 | |
We’re back for another episode with Lia Fey, Customer Success Lead at Hornetsecurity. In today’s episode, Lia brings her wealth of experience working closely with CISOs on a daily basis to share valuable insights and strategies for effectively collaborating with them. CISOs face a unique set of challenges as they operate in high-pressure environments and navigate the intersection of compliance requirements as well as the security needs of an organization. Join us as we explore the multifaceted nature of working with CISOs on security awareness and discover tips and tricks for fostering effective partnerships in the ever-evolving security and compliance landscape. Timestamps: 3:25 – Initial Impressions and responsibilities of CISOs? 5:47 – CISOs and Interactions with the Rest of the Organization 8:47 – Responsibilities of CISOs 15:59 – What is the Most Effective Way to Communicate with CISOs 21:40 – How can we help CISOs solve difficult business challenges? Episode Resources: EP09: Real World Guidance on Security Awareness Service Andy on LinkedIn, Twitter or Mastodon Lia on LinkedIn | |||
| 27 Sep 2024 | Top Spear Phishing Methods | 00:34:19 | |
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity. The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways:
Timestamps: (03:26) Discussion on initial contact fraud (07:12) Exploration of tax fraud and W-2 phishing (13:35) Examination of C-suite fraud and the importance of processes (19:25) Lawyer Fraud and Enterprise vs. SMB Differences (23:47) Banking Fraud and Processes (26:39) Gift Card Fraud Episode Resources: The Top 5 Spear Phishing Examples and Their Psychological Triggers -- Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks. | |||
| 01 Dec 2023 | EP29: Security Then vs Now: What’s Changed? | 00:50:12 | |
As the year comes to a close, the Security Swarm podcast takes a reflective journey, comparing the landscape of security then and now. In this special episode, Andy and Eric Siron explore the intriguing evolution of cybersecurity from the days of floppy disks and DOS to the complex, interconnected world of today. Tune in to learn about the significant shifts in security incidents, drawing correlations and highlighting differences. From the era of viruses attempting to one-up each other with floppy disks to the present, where data theft and ransomware dominate the landscape. Timestamps: (2:56) – What was security like in the early days of IT and how does it compare to now? (12:18) – Why are threat-actors more persistent now than they used to be? (23:33) – Security horror stories then vs. now (44:40) – How has Andy and Eric’s Stances on Security Changed from then vs. now? Episode Resources: Central African Republic and El Salvador Adopt Cryptocurrency as Legal Tender | |||
| 26 Apr 2024 | A Breakdown of CSRB's Findings on Microsoft Storm-0558 Breach (PART 1) | 00:32:13 | |
In this episode of The Security Swarm Podcast, Andy and Paul discuss the Cyber Safety Review Board's findings of the Microsoft Storm-0558 breach. During the episode, they talk about the implications of the breach and explore Microsoft’s security culture, stressing the need to prioritize robust security measures over rapid feature developments. Key Takeaways:
Timestamps: (10:07) - Microsoft's Security Culture: Past, Present, and Future (15:45) - Uncovering Lack of Transparency and Accountability in Major Cloud Vendors (20:09) - Microsoft's Security Standards: A Critical Assessment and Call for Action (28:53) - A Discussion on Cloud Audit Logging Episode Resources:
| |||
| 19 Jun 2024 | OSINT in The Hands of Hackers | 00:32:59 | |
In this episode of the Security Swarm Podcast, host Andy is joined by Romain Basset, the Director of Technology Strategy at Hornetsecurity. They’re exploring the topic of Open-Source Intelligence (OSINT) - what it is, how threat actors use it to launch effective attacks, and the dangers it poses. Throughout the episode, they discuss the ease with which OSINT can gather information using AI and other tools and provide examples of how it can be used in phishing, business email compromise, and even deep fake attacks. The conversation also touches on the importance of privacy awareness and security awareness training to mitigate these threats. Key Takeaways:
Timestamps: (02:24) - Definition of OSINT (07:17) - How AI makes OSINT-powered attacks easier (15:22) - Using OSINT to target organizations (25:35) - Mitigating OSINT-powered attacks Episode Resources: Train your users with a personalised Security Awareness Service Business Email Compromise: The $43 Billion Scam
| |||
| 18 Oct 2023 | EP24: The Danger of Malicious OAuth Apps in M365 | 00:30:19 | |
Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed! In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy! Timestamps: (1:57) – What are malicious OAuth Applications? (5:21) – Who can authorize OAuth Applications in a M365 tenant? (8:25) – How are malicious OAuth Applications getting past Microsoft Review? (14:56) – An example of a how a malicious OAuth Application might function in an attack (17:44) – Mitigation and prevention of malicious OAuth Application attacks (25:35) – The M365 Essential Companion Guide eBook Episode Resources: Free eBook 'Microsoft 365: The Essential Companion Guide' | |||
| 31 May 2024 | Windows Server 2025: New Security Features Revealed | 00:46:14 | |
In this podcast episode, Andy and Paul discuss the upcoming release of Windows Server 2025 and the myriad security enhancements it will bring. They delve into various topics such as improvements to Active Directory, delegated managed service accounts, Kerberos protocol enhancements, SMB enhancements, hot patching, REFS file system for confidential computing, and extended security updates. Key takeaways:
Timestamps: (07:05) - Enhancements in Active Directory Security and Numa Support: A Deep Dive (13:19) - Revolutionizing Service Accounts: Delegated Managed Service Accounts Explained (20:28) - Revamping Windows Server Security: Say Goodbye to NTLM and Hello to Kerberos (28:15) - Revolutionizing SMB with Quick Protocol and Hot Patching in Windows Server 2025 (32:34) - Revolutionizing Patching with Hot Patching in Windows Server and Azure (36:02) - Revolutionizing Data Protection with Resilient File System and Confidential Computing (39:34) - Exploring Confidential Compute, Server Upgrades, and Extended Security Updates in Windows Server Environment (42:37) - Windows Server 2025 Release Date Speculations and Future Episode Teasers Episode Resources: | |||
| 11 Jul 2023 | EP13: Real-Life Security Horror Stories | 00:25:36 | |
Join host Andy and special guest Martin Tanner from ADM Computing as they discuss real-life security horror stories. This fun and engaging episode was recorded live at Infosecurity Europe in London. Expect to hear interesting stories which both Andy and Martin have experienced first-hand. With a mix of humor and valuable insights, this episode is a must-listen for anyone interested in the fascinating, and at times terrifying, world of real-life security horror stories. Timestamps: 2:28 – The Dangers of Unmanaged IOT devices 5:30 – Hacked Video Conferencing Unit and Premium Rate Numbers 8:18 – Email Forwarding Rules and Data Leakage 11:59 – The Need for Proper Backup and Archival + Scheduled Payment Woes 15:40 – Rogue Admin and Embezzlement 18:17 – A Flattened Network and Ransomware Infection 22:16 – The Publicly Accessible Hypervisor Episode Resources: Email Encryption from Hornetsecurity Find Andy on LinkedIn, Twitter or Mastadon Find Martin on LinkedIn | |||
| 06 Dec 2023 | Monthly Threat Report – December 2023 | 00:32:12 | |
Our final episode for 2023 is here! To wrap up the year, Andy and Umut Alemdar will be discussing our Monthly Threat Report for December 2023. The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Umut are focusing on data from the month of November. Tune in to hear about Microsoft’s recent zero-day vulnerabilities, the most common file types used to deliver malicious payloads, M365 brand impersonations and a lot more! Episode Resources: | |||
| 19 Sep 2024 | Data Broker Breaches - Insider Threats and More | 00:40:27 | |
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Eric Siron provide a comprehensive monthly threat review. They cover several major cybersecurity incidents and trends from the past month, including:
They also touch on the topics of vendor risk management and the history of election tampering and provide recommendations for organizations to mitigate these threats. In conclusion, EP62 provides valuable insights into the ever-changing cybersecurity landscape and offers practical advice for security professionals. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways:
Timestamps: (03:17) The National Public Data Breach (12:21) The Issues with Social Security Numbers (18:02) The Danger of Insider Threats (27:10) The Risks of Vendor Dependence (34:12) Recommendations for Protecting Against Threats Episode Resources: How Threat Actors Tamper with Elections (hornetsecurity.com) -- Secure your organization against the evolving threat landscape! Discover how Hornetsecurity's Advanced Threat Protection, Security Awareness Service, and 365 Total Protection can safeguard your business from data breaches, insider threats, and more. Learn more and protect your organization today! | |||
| 14 Mar 2024 | Lockbit's Return, ScreenConnect Vulnerability & a US Healthcare Cyber Attack | 00:47:29 | |
Security headlines have been buzzing with major security events this month. In this podcast episode, Andy and Eric Siron discuss Hornetsecurity's Monthly Threat Report, analyzing recent security incidents and sharing expert insights. Tune in for more information on Lockbit's takedown and its reemergence days later, the CVSS 10 vulnerability in ConnectWise Screenconnect, and the Change Healthcare cyber-attack that has practically paralyzed prescription refills and is likely contributing to numerous deaths in the US. Timestamps: 3:32 – Hornetsecurity Industry Data Review for Feb 1st to March 1st 14:10 – The “takedown” and re-emergence of LockBit 18:33 – CVSS 10 Vulnerability in ConnectWise ScreenConnect 31:11 – Optum/Change Healthcare Ransomware Attack Episode Resources: ScreenConnect Vulnerability – CVE-2024-1709 | |||
| 24 Jan 2024 | EP30 (PART 1): Dissecting Microsoft's Secure Future Initiative | 00:30:42 | |
In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors. Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications. Stay tuned for part 2! Timestamps: (2:55) – An Update on the Microsoft Storm-0558 Breach (8:40) – The Microsoft Secure Future Initiative (SFI) (12:12) – Comparison with the 2002 Trustworthy Computing Initiative Memo (17:39) – The Trustworthiness of On-Prem vs. The Cloud (23:04) – How Does Microsoft Want to Use AI in Security?
Episode Resources: 365TP Compliance & Awareness Free Trial EP17: On-Prem Security vs Cloud Security EP18: Generative AI in Defensive Tools EP22: Can you trust Microsoft with Security?
| |||
| 04 Jul 2023 | EP12: What We Learned by Asking the Community About Compliance | 00:26:17 | |
Get ready for an eye-opening episode recorded live at Infosecurity Europe in London. In this episode, Andy and Matt Frye dissect the results of a comprehensive IT compliance survey conducted by Hornetsecurity. In the rapidly evolving digital landscape, maintaining IT compliance has become a pressing concern for businesses worldwide. Tune in to explore the key findings from this survey, featuring insights from over 200 IT professionals representing diverse roles, regions, industries, and experience levels. Timestamps: 02:32 – Compliance is a growing concern 03:52 – Do businesses see compliance as important? 06:24 – The burden of compliance on IT teams 12:08 – How are businesses verifying compliance? 14:46 – Trust in the cloud continues to be a problem for some organizations 17:00 – M365 administrators are struggling with compliance tools 20:57 – The cost of non-compliance Episode Resources: IT Cybersecurity Compliance Survey Find Andy on LinkedIn, Twitter or Mastadon Find Matt on LinkedIn | |||
| 07 Nov 2023 | EP27: The Story of Backup and Recovery in Microsoft 365 | 00:27:17 | |
Paul Schnackenburg is back for another episode with Andy and this time, to discuss the story of backup and recovery inside of Microsoft 365. M365 backup has been a confusing experience over the years, especially with Microsoft's contradictory "no backup needed" guidance. To add to the confusion, Microsoft has introduced its own M365 backup product. During the episode, we'll look at the various methods and tools that have been used natively within M365 to help with backup, as well as why these methods frequently fall short. Don't miss out on this informative discussion as we delve into the complexities of data protection and recovery in M365! Episode Resources: Free eBook - Microsoft 365: The Essential Companion Guide 365 Total Backup – Request a Trial | |||
| 21 Mar 2024 | Tips and Tricks for Getting Started in Cybersecurity | 00:43:40 | |
Ever wondered what it takes to break into the exciting world of cybersecurity? Join us in our latest podcast episode as we sit down with Grant Collins, an infrastructure security engineer and cybersecurity career coach. From choosing the right degree to navigating the hiring process, acquiring essential skills, and building a robust professional network, Grant and Andy share their personal experiences and insights. Throughout the episode, they debate on academic vs practical learning by comparing the merits of pursuing a cybersecurity/IT degree versus gaining real-world experience and self-directed training. They discuss the pros and cons of each approach, offering valuable insights to help you chart your own path in the cybersecurity landscape. Timestamps: (5:08) – Why Should You Consider a Career in Cybersecurity? (11:30) – What Educational Pathways Can I Take to Learn Cybersecurity? (26:15) – How can I Cultivate Practical Skills in Cybersecurity? (34:13) – What are Some Tips and Tricks for Landing a Job in Cybersecurity? Episode Resources: Check out Grant’s YouTube Channel TryHackMe | Cyber Security Training Hack The Box: Hacking Training For The Best | Individuals & Companies | |||
| 14 Jun 2024 | The Security Implications of Migrating from VMware | 00:46:59 | |
In this episode of the Security Swarm Podcast, host Andy and recurring guest, Paul, talk about the challenges and opportunities organizations face amidst the Broadcom acquisition of VMware. They discuss the steep price hikes for VMware licenses and the security vulnerabilities recently discovered in VMware products. This acquisition has prompted many businesses to consider alternative solutions, and the episode provides a comprehensive overview of the available options within the Microsoft ecosystem. They cover a range of migration strategies, including moving to the Microsoft ecosystem through Azure, Azure Stack HCI, and on-premises Hyper-V solutions. Andy and Paul offer valuable insights into ensuring a secure and seamless transition away from VMware, making this episode essential listening for IT professionals navigating these significant changes. Key takeaways:
Timestamps: (02:51) - Vulnerabilities in VMware (07:30) - Migrating to the Microsoft Ecosystem (13:38) - On-Premises Microsoft Options (38:45) - Security Considerations for Migrations (44:52) - Pragmatic Approach to Platform Selection Episode Resources: | |||
| 16 Apr 2024 | The XZ Utils Backdoor, CSRB's Report on Storm-0558 & More | 00:43:18 | |
In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity’s Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board's (CSRB) report assessment of the Storm-0558 attack, the FTC’s reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions. Key takeaways:
Timestamps: (05:26) - Rising Trends in Email Threats and Cybersecurity Impersonation Tactics (15:26) - The Importance of Email Security and Supply Chain Attacks in Today's Cyber Landscape (18:12) - Uncovering the Storm-0558 Breach: Analysis and Recommendations (27:33) - FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity (34:25) - Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions (40:22) - Insights on Cybersecurity Issues and Mitigations Episode Resources: | |||
| 16 Aug 2023 | EP17: On-Prem Security vs Cloud Security | 00:40:19 | |
In today’s episode we have Eric Siron, Microsoft MVP, joining Andy for a discussion on the debated topic of On-Prem Security versus Cloud Security from a security standpoint. The digital landscape has transformed, raising questions about securing multiple cloud services, APIs, and the scattered user base. We explore how defenses have evolved and although default protections have strengthened, attack vectors have grown smarter with the growth of ransomware. Join us as we dissect these changes and their impact on modern security paradigms in an era where protection and adaptation are paramount. Disclaimer: This episode was recorded just before news of the Microsoft breach hit the headlines. Thus, while some of the perspectives may seem momentarily misaligned due to the unfolding events, the core insights and conclusions drawn remain the same. Timestamps: 3:50 – What is the current state of on-premises infrastructure in terms of security? 12:37 – How does compliance factor into on-premises security? 21:12 – Is Infrastructure in the cloud more secure? 33:12 – Is “The Cloud” or “On-Premises” more secure? Episode Resources: Monthly Threat Report - August 2023 Andy and Paul Discuss M365 Security Andy and Paul Discuss the Difficulty of Licensing Security Features in M365 Hornetsecurity Ransomware Survey Findings | |||