Cybersecurity Advisors Network

The Cybersecurity Advisors Network (CyAN) connects cybersecurity experts from around the world to provide benefits and peer interactions in a siloed industry. Through CyAN, members gain access partner institutions, the expertise of their peers, and assistance with their projects. We have an abundance of stories to tell of members taking advantage of this trust network and connecting to create incredible opportunities through the complementarity of their profiles and experiences.

Nigel Phair - Nigel Phair - Cybercrime, Cybersecurity, Cyber-Certification, and More 07/25/2025

Philipp Amann - Policy, Patching, Programming 07/25/2025

Artificial Intelligence, Cybersecurity, and Society - With Vilija Vainaite 07/23/2025

Return of the Bride of Terrorism, With Bjørn Ihler 05/21/2025

Bjørn Ihler - Let's Talk Terrorism, Part II 05/19/2025

Let's Talk Terrorism, With Bjørn Ihler 05/15/2025

DPO & Hacker Éthique : Une synergie stratégique au cœur de la cybersécurité 04/28/2025

Information Sharing, Cybersecurity Politics, Threats, and More 03/21/2025

Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience 03/20/2025

State of (Cyber)War - Military Cryptology, Part II: The Cold War and Beyond 01/20/2025

Military Cryptology, Part I: Antiquity Through the End of World War II 01/16/2025

Chinese Cyber-Range Exercises 12/06/2024

Subsea Cables Part II – Mind the Sharks 09/24/2024

Subsea Cables – A Crunchy Target 09/11/2024

Iranian Cyberwarfare History and Capabilities 05/29/2024

Iranian Cyberwarfare History and Capabilities State of (CyberWar) Episode 6.2 In part III of our Middle East cyberwarfare mini-series, and talk about probably the most complex topic yet - Iran. Following our analysis of the , and of , today's episode is an overview of Iran - the history of its online conflict capabilities, the history behind the establishment of these, and some major cyberattacks and influence campaigns attributed to the country and its various agencies and stakeholders. Notes and Links: As with our previous vide on Israel, it's difficult to judge the impartiality and factualness of many websites describing Iranian capabilities. We will thus stick to Wikipedia unless there’s something better - we tend to trust most US or European government agencies' and mainstream vendors' analysis, and certain reputable news sites unless there is a compelling reason not to do so. We lean a lot on "the usual suspects" such as the BBC, The Guardian, the Council on Foreign Relations, and particularly, Wikipedia; yes, we know you're not supposed to do that. As always, do your own homework and draw your own conclusions, we’re not here to push a narrative. We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint. As with Hebrew, we don't speak a word of Farsi. Online translations tend to be even less consistent than those for Hebrew, so again, your mileage may vary. 01:24 Because someone will inevitably get mad, and we don't want that. 02:13 Islamic Republic of Iran Armed Forces: (or if you prefer the official website: ) 02:02 IRGC: 02:18 IRGC, aka "Sepah" (in Iran, ): - a very cursory search didn't yield an official website. Possibly they have some SEO work to do. 02:29 Quds Force: 02:34 Hezbollah: 02:35 Houthis: 02:58 We may have gotten confused here - the US government has multiple pages listing sanctions on the "IRGC-CEC", but outside of these, and news articles covering these sanctions, we can't really find anything on this organization. There is, however, the IRGC Cyber Defense Command: 03:50 A lot of information comes from either US government sanctions (see above), Iranian anti-government activist groups, and vendors/CSIRTs providing threat actor information - it is surprisingly difficult to find objective, well-researched information on IRGC and regular armed forces cyber actors. The language barrier is probably a major issue. 03:45 Information on the Supreme Council of Cyberspace () is slim, for example or Wikipedia´s page at - the has a lot of photos of guys in hats meeting and looking serious. 05:07 National Information Network: 05:17 Great Firewall of China: - this comparison may be a bit of a stretch, although by some accounts we've read, Iran's domestic Internet offers pretty high speeds as well as content filtering/surveillance, so maybe it's not a terrible analogy. 06:20 Al Jazeera article on the topic: 07:20 - includes a link to INSS report on the topic (the mentioned Israeli think tank) 07:51 Honker Union: 07:57 2010, sorry. Article: 08:25 08:32 08:44 For example: and - that said, we may have gotten things a bit mixed up since there are also a lot of non-malware (of the massive-pile-of-FPGA type) Iranian cryptominers - a bunch of which were shut down in 2019 after power usage concerns: 09:16 Russian government entities may not be big ransomware actors, but Russian state-affiliated and state-tolerated actors are sure a different story... 09:40 A 2022 indictment of Iranian ransomware actors came alongside OFAC sanctions of IRGC-affiliated ransomware attacks around the same time: 10:51 11:12 OilRig / Helix Kitten: 12:42 13:20 13:52 Shamoon: 14:00 Sony Pictures hack: 14:55 Operation Ababil: 15:24 Nope, not gonna link it 15:35 16:37 Edalat-e Ali: - note that a lot of sites discussing this group seem to have a decidedly anti-regime view. Not that that's a bad thing, but we're really trying to keep it factual 17:11 18:18 Islamic Republic of Iran Broadcasting: + - again, the Iranian government is really not great at (at least English language/international) SEO for their own websites 18:57 20:57 21:30 - according to a linked to in the above Wikipedia article, Khamenei ordered the Supreme Council of Cyberspace to ban VPNs outright in February 2024. 23:04 AnonGhost; - a lot of sites associate it with #OpIsrael, for example - but given Anonymous' decentralized and fluid nature, who knows (a (pdf) that makes only passing reference to #OpIsrael refers to "Anon" as a group which it most certainly is not...)| 28:18 31:14 31:44 33:02 34:54 Press TV: - Wikipedia: 38:06 Also check out our episode on Chinese disinformation activities, including the 50 Cent Party: Bonus links about Iranian disinformation activities: always has some good resources on disinformation: New York Times - "From Opposite Sides of War, a Hunt for Elusive Facts": Israel-Hamas armed conflict resource hub: How Longstanding Iranian Disinformation Tactics Target Protests - Israel-Hamas armed conflict resource hub - You can find CyAN's Secure-in-Mind YouTube channel at - and of course, our videos about cyber conflict on the . All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn - links on . Original video at Intro music courtesy of AlexiAction via Pixabay: Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ /episode/index/show/secure-in-mind-institute/id/31511417

Israeli Cyberwarfare History and Capabilities 05/28/2024

Israeli Cyberwarfare History and Capabilities State of (CyberWar) Episode 6.1 Join and for the latest part of our Middle East cyberwarfare mini-series. We decided to split a more in-depth discussion about the two most capable actors in the region, Israel and Iran, into two half-episodes. Join us as we look at the organizations that make up Israeli cyberwarfare and -defense capabilities, the history of Israeli state-sponsored and state-aligned cyber campaigns, We also take a brief tour of Israeli media and social media operations, including information, propaganda, disinformation, and manipulation. If you haven't watched it yet, please consider checking out our first overview of the overall Middle East situation: Notes and links: Because of the highly emotionally and politically charged nature of current events, we can't tell how impartial many of the websites describing Israeli capabilities are or aren't. We will thus stick to Wikipedia unless there's either an original Israeli government webpage available, or a source we feel is somewhat authoritative, even if it's biased - in any case, do your own homework and draw your own conclusions, we're not here to push a narrative. We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint. Neither of us speaks even a bit of Hebrew. We are thus at the mercy of translation engines and webpages in languages we understand. Your mileage may vary. 02:03 CFR overview of cyberwarfare capabilities: 02:50 Unit 8200: 03:05 Military Intelligence Directorate, aka Aman: 03:57 Unit 81: 05:01 Havatzalot: - Google's horrible translation of the Hebrew wikipedia page indicates it's some kind of lily. Flowers are nice. 05:16 Talpiot: - the name's apparently some biblical reference from Song of Songs 4:4 according to their LinkedIn page, that we can't figure out 06:55 Technion / Israel Institute of technology: 06:56 Hebrew University of Jerusalem: 07:30 IDF Information Security Department: - it's unclear whether it's the same as these guys: 07:40 Mamram: https://en.wikipedia.org/wiki/Mamram - apparently an abbreviation of the Hebrew for "Center of Computing and Information Systems" 09:15 This may be the Israel Innovation Authority - - we're not 100% sure though 11:14 Stuxnet: 11:22 Specifically, Siemens PCS7, WinCC, and STEP7 control software, and various Siemens S7 programmable logic controllers (PLCs). 22:59 TAO: 12:16 We're going to assume you're capable of looking up Snowden and his revelations on your own 12:30 Stuxnet 2.0: 15:37 Duqu: 15:38 Flame: 15:39 Duqu 2.0: - the Guardian is one of the outlets that linked Duqu 2.0 to Israel 16:21 Kaspersky's Equation Group overview: 17:13 Some info on those particular negotiations: 17:45 The NY Times article: 18:38 Correction: Iranian officials disconnected oil terminals themselves as a reactive measure. BBC reporting about initial attack - - and followup: 19:44 Pegasus (NSO Group): - interestingly, just after we finished this recording, there were reports of "fake" Pegasus variants for sale: 20:16 Kaspersky on Flame: 20:51 NSO Group: 21:18 Chrysaor: 21:34 21:41 Should have dug just a little more: 22:33 Again the Guardian: 23:32 Start here: - see you in a few months 23:56 24:09 This is a very contentious, and very open legal question. 24:21 (German link) - caveat: it's Wikileaks. They have been known to have...issues. That said, the investigation was closed in 2015 due to insufficient evidence: - again, make of that what you will. 25:26 Predatory Sparrow/Gonjeshke Darande: (with bonus steel mill fire video and dramatic music). Wired article with timeline of attacks: 25:54 28:50 - interestingly, a lot of the best investigative journalism exposing this kind of Israeli activity comes from the Jerusalem Post, Haaretz, and other Israeli news channels. Another story from , and one from on the topic 31:13 Very intelligently, we failed to note down the link to the specific story. Good job. But looking for idf manipulate social media site:haaretz.com yields a bonanza of articles on the topic. 31:51 Given Eurovision's colorful history of political controversies, we're not even going to start on this one...for the 2024 contest, there's numerous claims that the Israeli Ministry of Foreign Affairs ran a campaign to influence audience voting - here's an article (in Hebrew, use the translation site of your choice) from Ynet: 32:36 For example, via the IDF Spokesperson's Unit International Media Branch: . In fairness, a lot of government agencies / armed forces actively try to shape public perception through relationships with private sector channels. The US Defense Department's relationship is a very well documented example, with the providing personnel and equipment to film productions that follow strict rules about how the US armed forces are portrayed: (Wikipedia: ). It's a safe assumption that most major militaries do not have just media and public relations teams, but actively cultivate contacts with journalists to try and influence their reporting. Bonus links from Hugo: - a list of resources surrounding disinformation in the Israel-Hamas conflict Our friends at on disinformation in the Mideast conflict: The New York Times on fact hunting in the Israel-Hamas conflict: Original video at You can find CyAN's Secure-in-Mind YouTube channel at - and of course, our videos about cyber conflict on the . All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn - links on . Intro music courtesy of AlexiAction via Pixabay: Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ /episode/index/show/secure-in-mind-institute/id/31492037

Linux Malware and Security, with Craig Rowland 04/17/2024

Linux Malware and Security, with Craig Rowland In today's conversation, Craig Rowland joins us to talk about the often overlooked significance of Linux as a key part of global communications and computing infrastructure, and discuss various types threats targeting Linux systems. Malware, attackers, and techniques are often very distinct from those seen on Windows; Craig shares insights all of these from his extensive experience both writing and reverse-engineering Linux malware. Craig is CEO of Sandfly Security, a New Zealand-based provider of Linux threat behavior scanning tools. Full disclosure: John Salomon is a paid consultant to Sandfly Security. Notes from the video: 03:48 I can't find a source for the 95% figure, but a 2023 ZDNet article says 90%, which seems to be the most common figure: https://www.zdnet.com/article/linux-has-over-3-of-the-desktop-market-its-more-complicated-than-that/ 03:55 Percentage of top million websites running Linux is another interesting statistic, which seems to be well above 90%. For example: https://gitnux.org/linux-statistics/ 04:08 https://www.linuxinsider.com/story/the-flying-penguin-linux-in-flight-entertainment-systems-65541.html etc. etc. 05:54 France's Gendarmerie Nationale: https://en.wikipedia.org/wiki/GendBuntu 06:40 https://www.zdnet.com/article/linux-not-windows-why-munich-is-shifting-back-from-microsoft-to-open-source-again/ 14:10 A propos, F5 has some interesting ways of using web shells as an attack vector: https://www.f5.com/labs/learning-center/web-shells-understanding-attackers-tools-and-techniques 14:40 "attacks on kubernetes" is a fun web search string. Same for "attacks on S3 buckets". Enjoy. 14:56 https://redis.io/solutions/messaging/ 15:42 https://en.wikipedia.org/wiki/Patch_Tuesday 17:40 To be fair, Bob in Accounting is a pretty powerful entry point to the organization for various types of cyberattackers. 19:35 Mirai botnet: https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/ 19:37 NoaBot: https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining 20:35 Chroot (change root directory): https://wiki.archlinux.org/title/chroot 27:42 PuTTY: https://www.putty.org/ 29:45 There are several cryptojackers that try to neutralize competing malware, e.g. ChaosRAT https://www.trendmicro.com/en_th/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html or Jenkins https://www.f5.com/labs/articles/threat-intelligence/new-jenkins-campaign-hides-malware--kills-competing-crypto-miner 35:30 For example LockBit: https://www.akamai.com/blog/security/learning-from-the-lockbit-takedown 35:37 My mistake - AvosLocker is also a Linux port of Windows malware: https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker - HiddenWasp may be a better example: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/hiddenwasp-malware-targets-linux-systems-borrows-code-from-mirai-winnti 35:42 Diamorphine LKM rootkit: https://github.com/m0nad/Diamorphine 36:44 https://core.vmware.com/esxi - an example is ESXiArgs ransomware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a 38:42 Abuse.ch MalwareBazaar: https://bazaar.abuse.ch/ 38:49 Fraunhofer FKIE Malpedia: https://malpedia.caad.fkie.fraunhofer.de 39:35 You could just run a Linux version of the virus aquarium: https://xkcd.com/350/ 39:52 A few examples of VM detection: https://www.cynet.com/attack-techniques-hands-on/malware-anti-vm-techniques/ 41:15 Joe Sandbox: https://www.joesandbox.com/ 42:10 No I won't, because I can't find it. Bit of Baader-Meinhof going on there... 42:59 https://www.youtube.com/@SandflySecurity Craig on LinkedIn: https://www.linkedin.com/in/craighrowland/ Sandfly Security: https://sandflysecurity.com Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of Studio Kolomna via Pixabay: Original video available at https://youtu.be/W-7edx7Le6Y?si=NOoOy1kF3KiVOPUe /episode/index/show/secure-in-mind-institute/id/30874833

Cyber Conflict in the Middle East - Round One 04/10/2024

China's Increasingly Muscular Cyberwarfare Capability 03/05/2024

China's Increasingly Muscular Cyberwarfare Capability In today's episode of State of (Cyber)War, Hugo Tarrida and John Salomon talk about China's approach to cyberwar. What is the history behind Chinese cyber capabilities? What are Chinese geopolitical, economic, and social objectives that drive their international cyber activities? What are some of the biases that we should be aware of when evaluating the trajectory of China and its cyberwar abilities? Also don't forget to check out our previous video about Chinese disinformation activities here: https://youtu.be/xBAJ2rBKrMc Notes and links: Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/ Wikipedia article worth reading about Chinese cyber warfare: https://en.wikipedia.org/wiki/Cyberwarfare_by_China 05:42 Granted, Stuxnet was a joint US-Israeli venture - https://en.wikipedia.org/wiki/Stuxnet 07:06 https://www.reuters.com/world/russia-says-its-working-major-new-agreement-with-iran-2023-12-12/ 14:05 Titan Rain - https://en.wikipedia.org/wiki/Titan_Rain Related: Operation Aurora (2009) - https://en.wikipedia.org/wiki/Operation_Aurora 15:20 https://www.npr.org/2022/05/11/1098368201/a-spying-scandal-and-the-fate-of-western-sahara 17:07 The case of Wen Ho Lee, one of several perpetrators of military espionage: https://sgp.fas.org/crs/nuke/RL30143.pdf 20:30 https://nattothoughts.substack.com - Nellie Ohr and her team do excellent analysis work 20:50 "An Analysis of China's Great Cannon" - https://www.usenix.org/system/files/conference/foci15/foci15-paper-marczak.pdf Shoutout to fellow UC Berkeley CSUA member Nick Weaver for co-authoring this paper) 27:48 E.g. "The 'Century of Humiliation' and China's National Narratives" - https://www.uscc.gov/sites/default/files/3.10.11Kaufman.pdf 29:42 Belt and Road Initiative - https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative 32:38 Referenced here: https://en.wikipedia.org/wiki/Chinese_information_operations_and_information_warfare ("Definitions" section) 32:45 The Three Warfares: https://apps.dtic.mil/sti/tr/pdf/ADB372300.pdf 34:04 The Nine-Dash Line: https://chinaus-icas.org/research/map-spotlight-nine-dash-line/ 34:52 In fact, ruled to be explicitly illegal by the Permanent Court of Arbitration in 2016: https://pca-cpa.org/en/news/pca-press-release-the-south-china-sea-arbitration-the-republic-of-the-philippines-v-the-peoples-republic-of-china/ 36:19 US FBI director Christopher Wray recently warned about this: https://www.npr.org/2024/01/31/1228153857/wray-chinese-hackers-national-security The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics. We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format. Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: Original YouTube video at https://youtu.be/HLVPDojARh0 /episode/index/show/secure-in-mind-institute/id/30245328

50 Cent Army? What a Bargain! China and its Disinformation Campaigns 01/17/2024

50 Cent Army? What a Bargain! China and its Disinformation Campaigns Join James Briscoe and John Salomon in the latest episode of the State of (Cyber)War podcast as they discuss the People's Republic of China and some of its disinformation capabilities. This informal conversation includes discussion about Chinese foreign election interference, domestic social media manipulation, Taiwan, China's foreign political and economic interests and more. John Salomon - https://www.linkedin.com/in/johnsalomon/ James Briscoe - https://www.linkedin.com/in/jimbriscoe/ 02:10 Xi Jinping's new year's address, via CCTV: https://youtu.be/TEd3CtcL1pU?si=MAiKGP-SPjm8cjCe 02:50 Xi Zhongxun, Chinese revolutionary leader: https://en.wikipedia.org/wiki/Xi_Zhongxun 04:00 Taiwanese elections 2024: https://en.wikipedia.org/wiki/2024_Taiwanese_general_election 04:08 Kuomintang: https://en.wikipedia.org/wiki/Kuomintang 04:27 Democratic Progressive Party: https://en.wikipedia.org/wiki/Democratic_Progressive_Party 05:45 1992 Consensus: https://thediplomat.com/2022/07/the-1992-consensus-why-it-worked-and-why-it-fell-apart/ 07:15 These are the Valemax ore carriers: https://vale.com/w/fleet-of-ships-serving-vale-receives-first-ore-carrier-in-the-world-equipped-with-rotor-sails 09:12 50 Cent Party: https://en.wikipedia.org/wiki/50_Cent_Party 09:52 Nine-dotted line: https://en.wikipedia.org/wiki/Nine-dash_line 10:04 Belt and Road Initiative: https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative 13:00 https://www.reuters.com/article/idUSSIN277923/ 13:43 NY Times article on the topic: https://www.nytimes.com/2023/09/11/us/politics/china-disinformation-ai.html 14:15 https://en.wikipedia.org/wiki/2023_Chinese_balloon_incident 14:42 A lot of this is obviously speculation. https://www.wired.com/story/east-palestine-ohio-train-derailment-tiktok/ 16:42 Asia Infrastructure Investment Bank: https://www.aiib.org/en/index.html 19:35 An article about PRC influence on the Taiwanese elections: https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence 20:32 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections 21:05 A US State Department briefing on this topic: https://www.state.gov/briefings-foreign-press-centers/how-the-prc-amplifies-russian-disinformation 24:15 United Front Work Department: https://en.wikipedia.org/wiki/United_Front_Work_Department 26:25 Some points about interference in US elections: https://gdil.org/russian-and-chinese-influence-actors-and-operations-against-the-american-electorate/ 29:34 Hundred Years of Humiliation: https://en.wikipedia.org/wiki/Century_of_humiliation 30:30 The Avoidable War, by Kevin Rudd: https://www.avoidablewar.com/ 32:23 Natto Thoughts: https://nattothoughts.substack.com/ 32:26 The disinformation handbook (part I): https://nattothoughts.substack.com/p/disinformation-handbook-a-concise A few links on the topic worth reading: Chinese information operations against Taiwan: https://therecord.media/taiwan-elections-china-interference https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence https://thediplomat.com/2024/01/beijing-tries-to-capitalize-on-taiwans-controversial-rocket-alert/ https://thediplomat.com/2024/01/rip-off-the-blindfold-let-taiwanese-civil-society-learn-from-ukraine/ https://fpri.org/article/2023/12/whats-at-stake-in-upcoming-taiwan-election/ General Chinese disinfo operations: https://www.rand.org/pubs/commentary/2023/10/dismantling-the-disinformation-business-of-chinese.html https://www.defenceconnect.com.au/joint-capabilities/13356-report-massive-chinese-disinformation-campaign-uncovered-on-youtube https://medium.com/doublethinklab/propaganda-analysis-how-different-actors-in-chinas-information-ecosystem-portray-the-ukraine-war-ac82713c2f68 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics. We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format. Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: Original YouTube video at https://youtu.be/xBAJ2rBKrMc /episode/index/show/secure-in-mind-institute/id/29535573

Japan's National Cyberdefence - It's Not a Military Thing, Honest 12/27/2023

Japan's National Cyberdefence - It's Not a Military Thing, Honest Welcome to episode 2 of CyAN's State of (Cyber) War series. Today, James Briscoe and John Salomon talk about Japan - its national cyberdefence capabilities, the regional and global threat landscape, regulations and laws, and how all of these are evolving in the face of changing geopolitical realities and technologies. A few notes from our chat: 02:25 US-Japan 1960 joint security treaty: https://www.mofa.go.jp/region/n-america/us/q&a/ref/1.html 02:37 Article 9 Japanese constitution: https://en.wikipedia.org/wiki/Article_9_of_the_Japanese_Constitution 02:45 SCAP: Supreme commander allied powers 02:58 Japan Self Defense Forces: https://en.wikipedia.org/wiki/Japan_Self-Defense_Forces 05:01 2019 US-Japan security treaty update: https://www.mofa.go.jp/files/000470738.pdf 06:54 national security strategy end of 2022: https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf 08:14 Lazarus Group: https://www.aljazeera.com/news/2023/12/9/us-japan-south-korea-launch-new-efforts-to-counter-n-korea-cyber-threats 10:35 Lazarus Group's cryptocurrency thefts: https://www.coindesk.com/markets/2023/12/01/north-korean-hackers-lazarus-group-stolen-3b-in-cryptocurrency/ 11:29 https://www.dragonflyintelligence.com/news/japan-shift-to-a-more-offensive-cyber-posture-in-2023/ 11:35 https://asia.nikkei.com/Politics/Japan-to-quadruple-cyber-defense-forces-meeting-threats-head-on 12:47 The 2016 revision in question: https://www.mofa.go.jp/files/000143304.pdf 13:37 The spending increase to 2% request: https://www.reuters.com/business/aerospace-defense/japan-makes-record-defence-spending-request-amid-tension-with-china-2023-08-31/ 13:59 It's actually 2% as well: https://www.nato.int/docu/review/articles/2023/07/03/defence-spending-sustaining-the-effort-in-the-long-term/index.html 14:39 CCDCOE: https://ccdcoe.org/ 14:46 Locked Shields exercise: https://ccdcoe.org/exercises/locked-shields/ 15:33 The official in question was former US Director of National Intelligence Dennis Blair: https://japannews.yomiuri.co.jp/politics/political-series/20221122-72394/ 16:05 The Japanese National Security Strategy allows for development of a posture for information warfare and introduction of active cyber defence in cybersecurity. It will create a government information warfare department, allowing government to aggregate and analyze the situation on disinformation originated abroad. The National Center for Incident Readiness and Strategy for Cybersecurity is to be restructured to establish an new organisation to coordinate policies between the police and JSDF. This will allow for active cyber defence against attackers. Training for 4000 cyber ‘warriors’ and 16k cyber-capable JSDF members over 5 years is also foreseen. The Ministry of Foreign Affairs plans AI to enhance monitoring of information and intelligence analysis. Furthermore, defence industry profit margin will be permitted to increase to a max of 15%. 16:45 The Nagoya port ransomware attack of July 2023: https://www.bloomberg.com/news/articles/2023-07-06/nagoya-port-delays-restart-following-alleged-ransomware-attack 17:10 The Chinese cyberattack on the Japanese defence network: https://www.japantimes.co.jp/news/2023/08/08/japan/japan-china-hack-defense-network/ - WaPo article: https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/ 17:23 KillNet ceases attacks on Japan: https://english.kyodonews.net/news/2022/09/9846d4bf7aee-pro-russia-hacker-group-stops-cyberattacks-on-japan-due-to-money-woes.html 20:17 2023 Amendments to Telecommunications Business Act: https://www.dataguidance.com/news/japan-amendments-telecommunications-business-act-enter 20:20 Unauthorized Computer Access Law (UCAL): https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/japan James Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at Original YouTube video version: Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ /episode/index/show/secure-in-mind-institute/id/29243713

State of (Cyber) War - Russia, Offensive Cyber Operations, and Terror, Oh My 12/21/2023

State of (Cyber) War - Russia, Offensive Cyber Operations, and Terror, Oh My Welcome to episode 1 of CyAN's new State of (Cyber) War series. Join John Salomon and James Briscoe in a discussion of offensive cyberoperations involving Russian actors, parallels to historical attacks on civilians, expectations and limitations of information operations, and more. A few notes from our chat: 05:10 James' research paper on Russia/Ukraine: https://www.linkedin.com/feed/update/urn:li:activity:6899132398601162752/ 05:30 Conti ransomware group: https://flashpoint.io/blog/history-of-conti-ransomware/ 08:55 2016 Ukraine power grid attacks: https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/ 11:15 Stuxnet: https://en.wikipedia.org/wiki/Stuxnet 12:47 James' follow-up work: https://www.linkedin.com/feed/update/urn:li:activity:6944843584533581824/ 14:35 The Dukes: https://www.cfr.org/cyber-operations/dukes Cozy Bear: https://www.crowdstrike.com/adversaries/cozy-bear/ NotPetya: https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks 18:32 Lazarus Group: https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations 20:11 2022 Yandex Moscow taxi hack: https://www.euronews.com/my-europe/2022/09/02/gridlock-as-hackers-order-hundreds-of-taxis-to-same-place-in-moscow 20:25 2023 GUR Russian state tax service hack: https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service 23:22 2022 Belarus railway hack: https://www.theguardian.com/world/2022/jan/25/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup 24:04 Alexander Lukashenko and the Ukraine invasion map: https://www.independent.co.uk/news/world/europe/lukashenko-ukraine-russia-belarus-invasion-map-b2026440.html 25:23 Syrian Electronic Army: https://en.wikipedia.org/wiki/Syrian_Electronic_Army 29:03 Momotarō no Umiwashi came out in 1942: Original YouTube video is at James Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/ Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ /episode/index/show/secure-in-mind-institute/id/29182323

The Snatch Ransomware Gang - Juan Nicolossi, PRODAFT Threat Intel Team Lead 11/23/2023

Disinformation, AI, and Security - Dmytro Bilash 11/23/2023

The Paradoxes of Personalization, Regulation, and Trust - Kojo Osei Amoyaw-Osei Presents his Thesis 11/13/2023

Jillian Kwong - Cybersecurity Challenges in Small to Medium Enterprises (SME) 11/10/2023

Jillian Kwong - Cybersecurity Challenges in Small to Medium Enterprises (SME) Thanks Jillian Kwong, Research Scientist at Cybersecurity at MIT Sloan (CAMS), for joining us today as we discuss Jillian's work in cybersecurity third party risk management and more. Jillian has a PhD in Communication from the Annenberg School for Communication at the University of Southern California, where her dissertation looked at the human and managerial side of data privacy (e.g. GDPR, CCPA) implementation within mostly small and medium sized enterprises (SMEs). She's also a participant in the Cybersecurity Advisors Network (CyAN) mentorship pilot programme. Cybersecurity is a metrics-driven field; "soft" factors like management style, or how humans process information, are a major challenges for less mature, smaller enterprises. This is more and more the case as regulatory and good practices requirements drive firms to understand their supply chain risk. How can smaller organisations live up to these expectations? Even when a tremendous wealth of information and resources are available to help such firms, doing the right thing can be a daunting, difficult process. Jillian has significant experience in understanding the day-to-day challenges of small business and their management through interviews and case studies as a complementary approach to more objective, quantifiable cybersecurity. This has allowed her to document the interconnected, complex nature of cybersecurity activities in SMEs. Visit Jillian on LinkedIn at https://www.linkedin.com/in/jilliankwong Cybersecurity at MIT Sloan: https://cams.mit.edu The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find our channels via Original source video at Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ /episode/index/show/secure-in-mind-institute/id/28581423

Hugo Tarrida on Cyberdefence and Information Warfare 11/06/2023

Privacy, Encryption, Authentication...a chat with Remy Bertot, CTO of Passbolt 09/29/2023

Florian Hantke - pen tester, vulnerability researcher, cybersecurity doctoral candidate 09/27/2023

Florian Hantke - pen tester, vulnerability researcher, cybersecurity doctoral candidate Today's Secure-in-Mind episode features a discussion with (soon to be Dr.) Florian Hantke, a candidate in the pilot intake of the CyAN mentorship pilot programmed. Florian is conducting advanced research on vulnerability management and information security trends as part of the secure web applications group at CISPA Helmholtz, a major German academic research network. He is an accomplished penetration tester, capture-the-flag contestant, and ethical hacker. Among the topics we visit today are an overview of his current project on using "web archeology" - using web archives to evaluate past cybersecurity trends, Florian's views on the effectiveness of information security topics in German academia and how what it entails, and his recent experience in finding and reporting a number of embarrassing web vulnerabilities. We talk about generational differences in spotting fraud and security issues, getting into cybersecurity as an area of interest and career choice, and more. Florian's LinkedIn: https://www.linkedin.com/in/florian-hantke-59ba0522b/ Website: https://fhantke.de/ Twitter: https://twitter.com/fh4ntke CISPA Helmholtz Center for Information Security - https://cispa.de/ "You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements" - https://swag.cispa.saarland/papers/hantke2023archaeology.pdf Florian's blog post describing his experiences reporting web vulnerabilities in wedding photo sharing sites: https://fh4ntke.medium.com/till-breach-do-us-part-the-uninvited-guest-at-your-wedding-2aed35755456 Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at Original YouTube video: https://youtu.be/zwMSUbDeYfU Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ /episode/index/show/secure-in-mind-institute/id/28158467

From Academia to Cybersecurity Career - A Chat with Emlyon Business School 07/13/2023

Cybersecurity Advisors Network

TOPICS