Episode 53: 2016 Cybercrime Predictions and State of the States’ Cybersecurity with Francesca Spidalieri

December 18, 2015

Everyone's been making predictions about how cybercrime will change in 2016, and we discuss some of the stand-out trends related to cybercrime heading into the new year. Trending cybercrime events include a point-of-sale breach at Elephant Bar as well as Anonymous campaigns against Trump and others. Advisories include a new DDoS report from Arbor Networks, new ransomware attacks, and more malvertising campaigns. The legal side saw new developments with the Cybersecurity Information Sharing Act (CISA), fines for Comcast and the University of Washington Medicine, and another class action against Excellus BlueCross BlueShield. The funny story of the week involves an Internet-connected holiday gift with some security issues – Hello Barbie.

This week's guest is Francesca Spidalieri, Senior Fellow for Cyber Leadership at the Pell Center for International Relations and Public Policy at Salve Regina University, and we talk about her recent report, "State of the States on Cybersecurity," and what the best states are doing to combat cybercrime. The interview starts at 28:00.


Episode 52: DDoS Attacks, New Cybercrime Laws and Keyless Security with Secret Double Octopus’ Raz Rafaeli

December 11, 2015

Trending cybercrime events include a breach at pub chain JD Wetherspoon as well as DDoS attacks against the UK academic network. Two reports were released – one from Akamai saying DDoS attacks are now more frequent but less powerful and one from Kaspersky saying the Dark Web malware market has settled and is moving towards simpler, more cost effective attacks. Trending advisories include more warnings about social engineering and wire fraud, Iran-based espionage, and Microsoft making news for both Xbox Live man-in-the-middle-attacks and ATMs running Windows XP no longer receiving support. On the legal side, the EU signed off on new cyber rules while several lawsuits and settlements went ahead involving Wyndham, Mercedes-Benz, Samsung and LexisNexis. And our funny story of the week involves an Internet-connected car ratting out its bad driver.

This week's guest is Raz Rafaeli, CEO of Secret Double Octopus, and we talk about the company's unique name and security approach, which employs secret sharing that eliminates the need for cryptographic keys and provides protection that information theory has postulated is unbreakable. The interview starts at 33:00.

Register for our upcoming webcast, "The Legal Reality of a Cyber Security Breach": http://info.surfwatchlabs.com/webcast/legal-reality-of-cyber-security-breach


Episode 51: Australia’s Massive Breach, High-Profile Lawsuits and Data Breach Response with Nuix’s Chris Pogue

December 4, 2015

Two large breaches were announced – one by toy maker VTech and one by the Australian Bureau of Meteorology. The FBI is warning of increased point-of-sale (PoS) malware as more hotels confirm they were victims of PoS-related breaches. Other advisories include fake terror alert emails being used by cybercriminals to dupe curious clickers, an exploit kit that combines ransomware with a password stealer, and "zero detection malware." On the legal front all the big players seemed to be in the news this week with developments involving Target, Home Depot, Sony, Anthem and others.

This week's guest is Chris Pogue, senior vice president, cyber threat analysis, at Nuix. We chat about breach response, legal ramifications around breaches, and why "a breach is the start of trouble, not the end." The interview starts at 28:50.