Know Your Adversary™
14 episodes - English - Latest episode: over 1 year ago - ★★★★★ - 2 ratingsKnow Your Adversary™ is hosted by Nisos, The Managed Intelligence Company. At Nisos we combine diverse intelligence expertise, tools, and technologies to solve complex problems and inform high-stakes security investigations for our clients. In this podcast series, we will show you how organizations can achieve attribution, unmask adversaries, and understand the context of threats against their enterprise. Our stories highlight real-life investigations - some well-known, others until now, not so well known. Our investigative stories revolve around cyber threat intelligence, supply chain risk, disinformation, adversary research and attribution, executive protection, physical security, trust and safety, fraud, and brand protection.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Democratizing Ransomware as a Service with Nisos Intelligence Advisory Paul Malcomb
March 28, 2023 13:27 - 26 minutes - 24.6 MBIn Episode 91 of TheCyber5, we are joined by Paul Malcomb, Intelligence Advisory for Nisos. Paul brings over 15 years of experience from Fortune 500 security teams and the public sector including incident response, threat intelligence, and third-party risk management. In this episode, Paul explains how the ransomware-related ecosystem is evolving and provides insights to some of the newer threats organizations face. Below are the three major takeaways: Ransomware actors no...
Insider Threat Extortion Attempt of $300,000 Leads to Arrest
February 22, 2023 14:48 - 35 minutes - 28.3 MBIn Episode 11 of Know Your Adversary®, we chat with an undisclosed security team that prevented an insider threat actor from extorting $300,000 from a global company. The result of the six months long investigation resulted in the arrest of the suspect who, as it turns out, was motivated by pride and money. One morning, the security team received an email asking for $300,000 as an extortion payment or the data would be released. Upon showing “proof of life” that the attacker possessed the...
Compare and Contrast Saudi Aramco and Colonial Pipeline Cyber Attacks
May 31, 2022 22:47 - 42 minutes - 34.4 MBIn Episode 10 of Know Your Adversary™, ICE Miller Managing Partner Guillermo Christensen discusses the difference between the 2012 Saudi Aramco destructive cyber attacks and the 2021 Colonial Pipeline ransomware attacks. In 2012, Iran attacked Saudi Arabia-based Aramco’s information technology (IT) infrastructure, denying service to the entire company to the point that Aramco gave gas away for free. Fast forward to 2021, a Russia-based ransomware gang Darkside attacked the IT infrastructur...
OneSight Backstage Management System: Attributing a Chinese Marketing Firm’s Tools to Disinformation Campaigns
May 04, 2022 10:49 - 31 minutes - 25.4 MBIn Episode 9 of Know Your Adversary™, Nisos researcher Zeshan Aziz revealed that Chinese commercial marketing firm OneSight, developed a sophisticated social media management and monitoring system called OneSight Backstage Management System to propagate political disinformation against the Uyghur community. The research indicates the Chinese Communist Party (CCP) likely conducted the campaign. Previous research into a breach of OneSight identified sophisticated social media surveillance to...
Human Intelligence Recruitment of an Employee to Deploy Ransomware
February 15, 2022 21:21 - 30 minutes - 27.7 MBIn Episode 8 of Know Your Adversary™, we detail an August 2020 investigation when a Russian gang member named Egor Igorevich Kriuchkov traveled to the United States to recruit an employee of a US-based manufacturing company and to install ransomware on the network via USB thumb drive. He offered the employee $500,000, and if the operation was successful, the Russian gang was going to extort the company for $5,000,000. Fortunately, the company prepared the employee for this type of scenari...
Investigating the T-Mobile Hack: Direct Threat Actor Engagement with John Binns
December 07, 2021 14:02 - 22 minutes - 20.7 MBIn Episode 7 of Know Your Adversary™, we detail the August 2021 compromise disclosure of T-Mobile. A typical compromise of a sophisticated production network starts with an unwitting employee executing malware on their device. The threat actor then spends significant time moving laterally from the corporate network to the production network. However, in August 2021, John Binns, a US Citizen living in Turkey, disclosed that he compromised T-Mobile customer data by directly accessing the T-...
Supply Chain Attacks Escalation and Evolution by Foreign Nation States
August 31, 2021 15:33 - 38 minutes - 31.1 MBIn Episode 6 of Know Your Adversary™, we detail a previous supply chain attack from 2007 and then again in 2015 against a security software company. Foreign nation state adversaries conducted detailed reconnaissance and knew when a router was going to be rebooted for maintenance updates. Upon rebooting the router, the attackers “slipped through the crack” and into the software provider’s network by exploiting a vulnerability of the router model. This gave them a foothold into the software pr...
Nisos Attributes and Unmasks Insider Threat Saboteurs Who Caused $1M in Business Loss
June 29, 2021 14:21 - 38 minutes - 30.5 MBIn Episode 5 of Know Your Adversary™, we discuss a 2018 Nisos insider threat investigation of network sabotage that caused almost $1,000,000 in business operations loss. Following a recent merger and acquisition transaction, IT engineers of the nearly acquired subsidiary were upset with their new roles. They were also disgruntled over the fact that the parent company refused to integrate with their open source and cloud infrastructure. They decided to resign (one unbeknownst to the parent co...
Attribution to Russian GRU for 2015 and 2016 Cyber Attacks on Ukraine Energy Power Stations
May 25, 2021 01:23 - 36 minutes - 33.4 MBIn Episode 4 of Know Your Adversary, we are joined by Gigamon Senior Manager Joe Slowik. Our discussion takes a look into the world of Russian nation-state hacking units, particularly the GRU and the SVR. We take a deep dive into the 2015 and 2016 cyber attacks against the Ukrainian power grid and review how Russia’s capabilities are increasing in sophistication, mainly through lateral hand-offs between the teams of hackers operating in IT and OT environments. We discuss the technical detail...
Identifying and Disrupting Malicious Bot Programmers and Security Researchers
April 18, 2021 18:47 - 31 minutes - 25.2 MBIn Episode 3 of Know Your Adversary™ we are joined by Shawn Valle, former Chief Information Security Officer at Rapid 7. Our discussion takes a look into the world of online platform abuse and fraud. Shawn tells us about two major threats he faced prior to taking on his current role. Each of those threats warranted different levels of attribution. In the first case, he was faced with bot programmers who abused the platform to “cut in the digital line” when major retailers were having online...
Selling Backdoor Access to a Managed Service Provider
March 24, 2021 01:50 - 30 minutes - 27.6 MBIn Episode 2 of Know Your Adversary™, we discuss an attempted compromise of a managed service provider (MSP) by a disgruntled former employee who tried to sell backdoor access on the dark web. Our guest is former Senior FBI Computer Scientist and current VP of Threat Hunting & Counterintelligence at Binary Defense, Randy Pargman. In 2019, Binary Defense engaged with an actor selling backdoor, unauthorized, and illegal access to an MSP in the eastern United States. The MSP provided out-sou...
The Attribution, Arrest, and Sentencing of Spyeye Malware Developers Alexander Panin and Hamza Bendellaj
February 17, 2021 14:10 - 25 minutes - 20.6 MBIn episode 1 of the Know Your Adversary™ Podcast, we are joined by Mark Ray, former FBI Special Agent, Kamal Ghali former Assistant US Attorney and current partner at Bondurant, Mixon & Elmore, and former FBI Forensics Expert and current Technical Principal at Nisos Willis McDonald. We discuss one of the most famous cyber criminal cases of the 21st century, the attribution and takedown of Spyeye malware developer Alexander Panin and his primary facilitator Hamza Bendallaj. Spyeye was commo...
Introduction to Know Your Adversary™
February 16, 2021 16:50 - 46 seconds - 632 KBWelcome to the podcast series, “Know Your Adversary™”. In this podcast series, we will show you how organizations can achieve attribution, unmask adversaries, and understand the context of threats against their enterprise. Nisos will share investigative stories revolving around trust and safety, adversary attribution, supply chain risk, executive protection, disinformation, brand protection, fraud, and cyber threat intelligence. Thank you and stay tuned for our first episode which will b...
Introduction to Know Your Adversary
February 16, 2021 16:50 - 46 seconds - 632 KBWelcome to the podcast series, “Know Your Adversary”. In this podcast series, we will show you how organizations can achieve attribution, unmask adversaries, and understand the context of threats against their enterprise. Nisos will share investigative stories revolving around trust and safety, adversary attribution, supply chain risk, executive protection, disinformation, brand protection, fraud, and cyber threat intelligence. Thank you and stay tuned for our first episode which will be...