Hi. We have to have the talk. Um, while our audience keeps growing, we continue to lose money on the podcasts. Why? Let's be honest, we suck at selling advertising. we don't turn it down, but we don't really work at selling it because in many ways we find we were always worried about whether it'll compromise our integrity and it takes time that we could spend on the programming. So we've decided to see how much our audience wants these programs, and we're asking you.
Would you consider the equivalent of buying us a cup of coffee every month? If even a fraction of our audience did that, we'd have enough revenue to keep going and even expand some of our services. Now, I don't wanna turn these podcasts into an NPR like begging for dollars any more than I wanna fill them with ads. So I'm gonna ask you today to go out to buy me a coffee. Dot com slash tech podcast. That's buy me a coffee.com/tech podcast and consider giving us like five bucks a month. Canadian.
If enough of you do that over the next day or so, we'll have enough money to keep going. That's it. Thanks a lot. We appreciate your listenership and we want to keep the program going, so buy me a coffee.com/tech podcast and now back to our regularly scheduled programming. A new ransomware as a service group fills the void created by law enforcement, takedowns researchers discover a backdoor in a popular Bluetooth chip set and signals president sounds the alarm on AI agents.
This is cybersecurity today. I'm your host, Jim Love. Recent successes by law enforcement have disrupted some of the big players in the ransomware as a service world.
With Nobus and Lock Bit being two of the biggest, but the void left by these players has been rapidly filled by new groups, including Spear Wing, Ransomware as a service leveraging the Medusa malware to conduct extensive cyber attacks since its inception in early 2023, SpearWing has rapidly expanded its operations, listing nearly 400 victims on its data leak site, and demanding ransoms ranging from $100,000 to $15 million.
Recent analysis indicates a significant uptake in Medusa ransomware incidents attacks surged by 42% between 2023 and 2024 with the trend persisting into 2025. Notably the first two months of 2025 have already seen over 40 attacks, nearly doubling the figures from the same period in 2024. There is, however, some question about whether Spear Wing really is a ransomware as a service operation, Renting its software and fulfillment to other attackers.
The questions are raised because of the operations, the way they exhibit consistent tactics, techniques, and procedures, which suggests either a centralized operational model or a very tight collaboration with a limited number of affiliates.
The group primarily gains initial access by exploiting unpatched vulnerabilities in public facing applications, especially liking Microsoft Exchange servers post infiltration, they employ remote management tools like Simple Help Any Desk and mesh agent for persistent access and lateral movement. A notable tactic is the bring your own vulnerable driver approach where attackers deploy. Signed yet vulnerable drivers to disabled security software, thereby evading detection.
Spear wings attacks span various sectors including healthcare, finance, and government organizations. The group employs a double extortion strategy, exfiltrating sensitive data before encrypting systems to pressure victims into paying ransoms failure to comply results in the public release of stolen data on their leak site. The rise of SpearWing underscores the resilience of the world of ransomware, where major takedowns of large groups provide opportunities for emerging groups to fill the void.
So as much as we can applaud successes for international law enforcement, we can never really let our guard down making the case for those who say that maybe paying ransoms should be outlawed. Because as long as there's a profit to be made, there will be groups to fill any void created so that even big victories by law enforcement will be short-lived.
The Akira Ransomware group has demonstrated a novel attack method by leveraging an unsecured webcam to circumvent endpoint detection and response or EDR systems leading to the successful encryption of a victim's network. Initially, Akira gained access to target networks through an exposed remote access solution, deploying the any desk remote management tool for persistent access and data exfiltration.
Subsequent attempts to deploy ransomware on Windows servers are often thwarted by the organization's EDR, which detects and quarantines the malicious payload. But undeterred, the attackers are scanning the networks for alternative entry points and identified several. Internet of things, devices, including webcams and fingerprint scanners that lack adequate security measures.
They then go on to exploit these vulnerable webcams running a Linux-based operating system compatible with a Kira's Linux ransomware variant to bypass EDR protections Using webcam vulnerabilities. Akira has mounted Windows server message block network shares of the organization's devices onto the webcam. Then they executed the Linux Encrypter from the webcam, encrypting files across the victim's network without detection devices are often not monitored by the security team.
If we needed a wake up call to get us to secure iot devices within our networks, this has got to be it. Unmonitored and unpatched devices serve as back doors for attackers to bypass traditional security measures. Implementing network segmentation, regular security audits of connected devices and continuous monitoring are essential steps to mitigate such sophisticated attack vectors. But any perceived separation between systems is a thing of the past.
We need comprehensive security strategies that include all network connected devices security researchers have uncovered undocumented commands in the ESP 32 microcontroller, a widely used chip enabling wifi and Bluetooth connectivity in over a billion devices globally. Manufactured by expressive the ESP 30 twos. Hidden functions could allow attackers to spoof trusted devices, access unauthorized data, and potentially establish persistent control over affected systems.
Spanish researchers from Tar Logic Security presented their findings at Rooted KH in Madrid. They demonstrated that exploiting these undocumented commands could enable adversaries to impersonate legitimate devices and bypass audit controls, thereby infecting critical systems.
The ESP 32 chip is integral to numerous Internet of things devices making this vulnerability particularly concerning compromised devices could serve as entry points for broader network intrusions, highlighting the necessity for manufacturers to scrutinize and disclose all functionalities within their hardware components. And once again, firmware updates disabling, unused features above. All segmenting. I iot devices are key steps to follow, but overall.
Is a critical need for vendors to improve hardware design and for purchasers to demand independent and rigorous security assessments. Hats off to these researchers. And finally, signal President Meredith Whitaker has issued a stark warning about the privacy and security risks associated with Ag agentic ai, AI systems capable of performing tasks autonomously without direct user input. Whitaker emphasized that while these. AI agents promise convenience.
They require extensive access to personal data, including browsing histories, credit card details, calendars and messaging apps. She raised concerns that these AI powered assistance would likely process sensitive information in the cloud, increasing the risk of data breaches and unauthorized access. Whitaker also warned that integrating such AI tools into secure messaging platforms like Signal could fundamentally undermine privacy protections by granting them access to encrypted conversations.
People might think they're just getting a helpful assistant, but they're actually signing up for pervasive data collection. AI Pioneer Yeshua beo echoed these concerns, cautioning that the rapid development of artificial general intelligence could introduce further security vulnerabilities if not properly regulated. Both experts underscored the need for stronger oversight of AI development to prevent widespread privacy erosion.
And as companies race to develop AI assistance capable of handling complex tasks, privacy advocates warn that users may be unknowingly sacrificing their digital autonomy in exchange for automation. And that's our show for today. You can reach me with comments, questions, or tips at [email protected]. I'm your host, Jim Love. Thanks for listening.