FBI Strikes Back: The Takedown of PlugX Malware and LockBit's Struggles

[00:00:00] Richtig spannend, richtig vielfältig. Das ist deine Karriere bei Kaufland. Ob Trainee-Programm, Direkteinstieg, Studentenjob oder Praktikum, finde bei uns den Einstieg, der zu dir passt. Profitiere von einer attraktiven Vergütung, spannenden Aufgaben und individuellen Entwicklungsmöglichkeiten. Werde jetzt Teil unseres Teams. Bewirb dich jetzt unter www.kaufland.de. slash Studenten. Kaufland. Hier bin ich richtig.

[00:00:55] Das ist die Business von Tech. Ich werde starten mit einem wirklich guten News. Die FBI hat ungefähr 4,200 computers in den USA zu eliminieren eine Malware known als PlugX, die hat sich in China verwendet, die staatlich-sponsored hackers in China zu steil sensitive information. Die Department des Justice revealed die Operation auf Jan 14. PlugX hat in den letzten Jahren schon seit 2010,

[00:01:22] die die aktuellen von USB-Cole zu vermeiden, dann mit dem Modell zu kontrollieren und glaubwürden wie sie in der Kaffee. Die FBI hat einen Einstieg mit dem Spruch, mit der French von Kaffee, das auch in dem Fallen gesetzt, festgestellt von PlugX. infections. By accessing the hacker's command and control server, the FBI was able to issue commands that remove the malware from victims' computers. Axios took a look at the LockBit takedown from last year. It dealt a lasting blow to one of the most notorious cyber criminal

[00:01:51] organizations. The U.S. Justice Department reported that LockBit had attacked over 2,500 organizations worldwide, including major corporations and a children's hospital. Following their takedown, the gang is still struggling to regain its footing nearly a year later. Law enforcement not only seized their infrastructure but also took control of their dark web site, undermining their reputation in the cyber criminal community. Brent Leatherman from the FBI stated that

[00:02:19] the goal was to make LockBit radioactive. Recent estimates from the United Kingdom's National Crime Agency revealed that 194 individuals utilized LockBit's services before the takedown, with only 69 being active at that time. As the gang plans to launch a new version of its ransomware, the landscape of cybercrime continues to evolve, raising concerns about future attacks.

[00:02:44] Microsoft has filed a law scoot against 10 individuals involved in a hacking-as-a-service scheme, claiming they used breached Azure OpenAI services to generate malicious content between July and August. The defendants allegedly compromised devices and accounts by leveraging stolen application programming interface keys and employed a software tool to identify phrases flagged by Microsoft and OpenAI.

[00:03:10] Alongside the lawsuit, Microsoft obtained a temporary restraining order to seize the hacker's domain, enabling the company to redirect communications for investigative analysis. A spokesperson stated that this action will help preserve evidence related to the infrastructure used by the defendants. The Cybersecurity and Infrastructure Security Agency's Cyber Hygiene Service has seen a remarkable

[00:03:34] growth of 201 percent over the past two years, with nearly 7,800 critical infrastructure organizations enrolling between August 2022 and August 2024. The communications industry experienced the highest increase in enrollment, followed by emergency services, critical manufacturing, and water and wastewater sectors. This surge is linked to significant improvements in the agency's cybersecurity performance goals,

[00:04:01] including reductions in exploitable services and known vulnerabilities. Despite these gains, operational technology protocols remain a concern, particularly in government services and facilities. The findings were reported by CyberScoop and underscore the growing influence of CISA initiatives on critical infrastructure sectors. Why do we care? For the IT service industry, this is a prime example of government intervention working to mitigate the fallout from

[00:04:28] advanced persistent threats. The FBI's operation is a clear indication that governments are willing to take aggressive action to neutralize threats, even if it involves accessing private systems without explicit consent. It sets a precedent for how public and private organizations might work together in the future. The FBI's actions do raise legitimate concerns about the boundaries of law enforcement accessing private systems,

[00:04:52] even with the intent to remove malware. How does this align with privacy rights, and how will customers respond if they feel their systems were touched without explicit consent? The LockBit takedown serves as an example of how coordinated efforts can cripple ransomware-as-a-service operations. IT providers can leverage this story to educate clients about ransomware defense strategies, particularly the importance of offline backups, network segmentation, and employee training.

[00:05:22] And for Microsoft, this move reinforced its commitment to combating cyber threats. For providers, aligning with vendors like this may assure clients about the security of the tools they use. Lawsuits and restraining orders may disrupt specific groups, but they do little to address systematic vulnerabilities. IT providers cannot rely on legal interventions to protect their clients. That said, the Sysa data shows efforts collectively do work.

[00:05:52] Are your customers getting the most from their Microsoft 365 Business Premium subscriptions? Are you delivering maximum value while ensuring best-in-class margins? Nerdio's new modern work features let you streamline the management of Microsoft technologies like Azure Virtual Desktop, Windows 365, Intune, and Defender. Reduce the need for multiple tools, consolidate your vendor stack, and deliver greater value to your customers.

[00:06:17] Help your customers maximize their investments, free up your team for strategic tasks, and drive meaningful business outcomes. With Nerdio Manager for MSP, a single, flexible platform with mix-and-match plans ensures a flexible, perfect fit for you and your customers. Deliver solutions that achieve real business impact. Visit GetNerdio.com to find out more.

[00:06:43] Chief Information Security Officers are grappling with the dual pressures of executive enthusiasm for generative artificial intelligence and the inherent security risks it poses. A recent survey by NTT Data revealed that while 89% of C-suite executives are deeply concerned about the security risks associated with generative AI, they also believe the potential benefits and returns on investment outweigh these risks.

[00:07:10] This dichotomy leaves CISOs overwhelmed, with nearly half of them expressing negative sentiments towards generative AI due to the pressures they face. Experts warn that the risks of generative AI are unprecedented, with concerns about data leakage and malicious code injection becoming increasingly prominent. So it's timely that the Cybersecurity and Infrastructure Security Agency, along with leading U.S. technology companies,

[00:07:35] introduced a new plan aimed at reporting and sharing information about security threats to artificial intelligence models. This initiative highlights the critical nature of addressing security flaws that could potentially endanger not just model creators, but any company utilizing AI applications. The new playbook, crafted by the agency's Joint Cyber Defense Collaborative, serves as a guide for companies on how to report ongoing cyber threats and system vulnerabilities.

[00:08:04] It includes checklists for reporting incidents and new vulnerabilities, and was inspired by feedback from two AI security tabletop exercises conducted last year. As the new Trump administration prepares to take office, the future of the cybersecurity agency does remain uncertain. Yet industry leaders like Alex Levinson from Scale AI express commitment to continue sharing intelligence with partners, regardless of political changes.

[00:08:31] The overarching goal is to foster trust in AI technologies, while ensuring that security is a top priority for developers and users alike. Why do we care? As companies rush to adopt these technologies, the urgency for effective risk management strategies has never been greater, especially as bad actors seek to exploit vulnerabilities in these new systems. The AI playbook represents a golden opportunity to offer targeted services, especially in AI security consulting, governance, and compliance.

[00:09:01] Positioning yourself as an expert in implementing AI-safe practices will help secure long-term client relationships. The tension between innovation and security is not unique to AI, but the risks of generative AI are notable in their scale and complexity. IT providers that invest in understanding AI-specific threats will gain a competitive edge as these technologies proliferate.

[00:09:26] Gradient MSP launched its Managed Billing Reconciliation Service, aimed at helping managed service providers streamline their billing processes. This fully managed service combines advanced software tools with expert billing specialists to relieve MSPs of the burdens of vendor usage reconciliation. Colin Knox, CEO of Gradient MSP, emphasized the importance of accuracy and trust in billing,

[00:09:52] stating that their new approach allows MSPs to focus on their core business while ensuring precise billing. With over 1,000 MSPs already benefiting from their Reconcile module, Gradient MSP's Managed Billing Reconciliation promises to save providers significant time each month by handling every detail of the reconciliation process. Citricom announced its acquisition of Televi, enhancing its infrastructure software for managed service providers.

[00:10:18] The strategic move aims to bolster Citricom's offerings in security and risk management, integrating advanced capabilities in attack surface management and data security posture management. The acquisition reflects Citricom's commitment to meet the growing needs of MSPs through an integrated platform. Zane Konkel, CEO of Citricom, emphasized that this development will empower partners to communicate cybersecurity value effectively to their clients.

[00:10:44] The expansion will allow managed service providers to conduct comprehensive security risk assessments, streamline compliance processes, and provide automated reporting. Why do we care? Both Gradient MSP and Citricom are addressing pain points for providers, billing accuracy and cybersecurity respectively. So two thoughts for MSPs to consider. While billing reconciliation is an important issue, it's only one of many operational challenges the providers face.

[00:11:11] Gradient MSP may need to expand its offerings to address other operational bottlenecks in order to stay competitive in the long term, and they've launched a number of products over the years to varying degrees of success. The MSP channel is already crowded with cybersecurity vendors offering similar solutions from attack service management to compliance reporting. Citricom will need to differentiate itself not just on features, but on execution, pricing, and ease of use to stand out. Thanks for listening.

[00:11:40] Today is National Bagel Day, National Hat Day, National Pothole Day, and National Strawberry Ice Cream Day. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash mspradio,

[00:12:11] and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech. Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast.

[00:12:40] And if you want to advertise on the show, visit mspradio.com slash engage. Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.