As I’m doing a longer show today, let’s get into the security stories, too.
Per coverage in The Register, Organizations are struggling to implement adequate logging measures, making it difficult for defenders and incident responders to identify the cause of infosec attacks. In many cases, cybercriminals disable or wipe telemetry and logging capabilities to evade detection and maintain access within a system. Lack of logging is often due to resource constraints and limited IT capabilities, but it can also indicate attempts to cover up an attack. Implementing strict access controls, regular backups, SIEM systems, and immutable logs can help prevent logs from being wiped. Logs are crucial for detecting and investigating security incidents, as well as for performance monitoring and resource access control. Ransomware attacks are becoming faster, with dwell times measured in hours rather than days. Increasing friction for attackers can buy valuable response time and mitigate the impact of attacks.
I wondered why there hadn’t been an arrest for the MGM hack. Reuters reports that according to cybersecurity responders, the FBI has struggled to disrupt a cybercrime gang targeting corporate America for the past two years. The FBI has known the hackers’ identities responsible for the casino hacks, but there have been no arrests. The group, known as “Scattered Spider,” has caused significant damage to companies and has been difficult to track due to its loose-knit structure. The FBI’s investigation has faced challenges, including a lack of staffing and victims’ hesitancy to cooperate.
And here’s a new tactic. A ransomware group known as Alphv and BlackCat has filed a complaint with the US Securities and Exchange Commission (SEC) against MeridianLink, accusing the company of failing to disclose a data breach within the required timeframe. The cybercriminals claim to have stolen customer data and operational information and are threatening to leak it unless a ransom is paid. This is the first time a ransomware group has filed an SEC complaint against a victim.
Why do we care?
I just want to observe that cybercriminals are using the system against us, and our own defenses are underfunded. Despite knowing the identities of the hackers, the FBI hasn’t been able to make arrests. The FBI’s efforts are hampered by staffing issues and the reluctance of victims to cooperate. That second one is something this community can directly help with, and the first, well.. that’s your civic vote.

