Last Month in Security Episode 008: Zscaler CISO Sam Curry on Supply Chains and National Security

In this edition of the Halcyon video/podcast series Last Month in Security, host Anthony M. Freed and panelists Ben Carr and Steve Salinas are joined by Sam Curry, Global VP and CISO at Zscaler.

We jump right into the ransomware attack on Blue Yonder that disrupted its private cloud services and impacted over 3,000 organizations from grocery chains and Fortune 500 companies, including major companies like Walgreens, Albertsons, DHL, and Anheuser-Busch. The group claimed to have stolen 680GB of sensitive data.

“Supply chain” is getting throw around a lot but has two different meanings in a security context, so the panel discusses the difference between an attack on a critical supply chain target like Blue Yonder versus a supply chain attack like we saw with SolarWinds a few years back.

We then move on to pressing question: can we all just stop pretending the Russian and Chinese governments are not influencing a subset of ransomware attacks?

We examine whether the Russians tipped their hand again with the Stoli attack like they did with the Ukraine invasion, where if you recall, ransomware attacks dipped dramatically at the onset of the Ukraine invasions. It was assessed that Russia redirected cybercriminals to attack Ukraine.

The story goes like this: Stoli Group's U.S. subsidiaries have filed for bankruptcy following a series of ransomware attacks that appear to be in coordination with official government actions that strongly suggest the Russian government is directing cybercriminals in at least some of their targeting choices.  

In a nutshell – Putin has been trying to destroy Stoli with lawsuits and more since the early 2000’s when they fled Russia, beginning with an executive order by Vladimir Putin aimed at reclaiming trademarks. More recently Russian authorities seized Stoli’s last remaining assets in the country—two distilleries valued at $100 million.

At about same time Stoli was hit with a crippling ransomware attack targeting the company’s IT systems. Mere coincidence, or further evidence that Russian influences some ransomware attack targeting?

The we discuss China, where the US just announced sanctions against Chinese cybersecurity firm Sichuan Silence and one of its employees, Guan Tianfeng, for their role in the April 2020 Ragnarok ransomware attacks targeting U.S. critical infrastructure.

The attackers leveraged a zero-day SQL injection vulnerability in Sophos XG Firewalls to infiltrate systems, deploying malware and exfiltrating sensitive data. And we also look at the recent Volt Typhoon operation targeting of critical U.S. infrastructure – Chinese official blamed the attacks on a ransomware gang.

The attacks suggest a broader objective: testing vulnerabilities in systems vital to national security. FBI Director Christopher Wray issued a stark warning that Chinese actors have “burrowed into U.S. critical infrastructure” and could strike in conjunction with larger military operations.  

This is not cybercrime; this is subtle cyberwarfare, and our failure to designate some ransomware attacks as acts of state aggression is not just a policy gap, it’s a strategic blunder.  

Ransomware attacks are a multifaceted threat that extends far beyond simple financial motives. Their dual purpose—enriching cybercriminals while advancing the geopolitical agendas of adversarial nations—calls for a comprehensive and unified response.

About Our Guest:

Sam Curry is Global VP and CISO at Zscaler and a Fellow at the National Security Institute. Most recently prior to Zscaler, Sam was CSO & CPO at Cybereason, CTO & CISO for Arbor Networks (NetScout), and was CSO & SVP R&D at MicroStrategy. He has also held executive roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC (where he was a distinguished engineer and Fellow nominee), as General Manager, CTO, Head of RSA Labs (MIT) and SVP of Product. Sam teaches as an adjunct at Wentworth Institute of Technology and at Nichols College. He also has over two dozen active patents in cybersecurity from his time as an architect, has been a leader in two successful startups and is currently a board member of the Cybersecurity Coalition, Rampart Inc and most recently CyberTrust Massachusetts in addition to a number of advisor-ships across the technology spectrum.

Your Hosts:

Anthony M. Freed, Halcyon Director of Research and Communications: Freed is a strategic communications leader, award-winning writer, publisher and podcast producer who was previously a freelance security journalist leading headline-making investigations that included the Symantec NAV source code leak, the mass compromise of US government agency account credentials, the denial-of-service attack that took down WikiLeaks, and more. Freed is also the principal researcher who produces the quarterly Halcyon report Power Rankings: Ransomware Malicious Quartile - Inside Data Extortion Attacks.  

Ben Carr, Halcyon Advisory CISO: Carr is a Security & Risk Executive and recognized thought leader with more than 25 years of results driven experience in developing and executing security strategies. Carr has served in global leadership roles at advanced technology, high risk, and rapid growth companies such as Ericsson (Cradlepoint), Qualys, Aristocrat, Tenable, Visa and Nokia. Ben has served as a member of the Board of Directors for organizations such as IT-ISAC and NTXPKUA. He is an advisor for Noname Security and Syn Ventures and has previously served on Advisory boards for Living Security, TruStar, Mimecast, Qualys, and Accuvant.  

Steve Salinas, Director of Product Marketing: Steve is a seasoned product marketing professional specializing in crafting messaging, launches, targeted content creation, analyst relations, and being the "voice of the customer" when working with product management. Over his 20-year career, Steve has developed the ability to translate complex technical capabilities into relatable value-based messaging that educates the audience, leading to many successful product launches and millions of dollars in revenue.

Subscribe to the Show:

• Apple Podcasts  

• Spotify  

• Amazon  

• Podcast Index  

• Podcast Addict  

• Podchaser  

• Pocket Casts  

• Deezer  

• Listen Notes  

• Player FM

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.