In this episode of Storm Watch, the hosts discuss a recent noise storm, which is an event where a capable attacker group sends out massive amounts of TCP packets without three-way handshakes. These noise storms can cause problems for data processing pipelines and are sometimes used to distract security professionals from other malicious activities. The hosts also mention that some early noise storms were in close proximity to large-scale military engagements, leading to speculation about their purpose.
The podcast also covers a recent ransomware attack by the AlphaV group, which targeted MGM via Okta, a popular identity and access management platform. The hosts discuss the group's articulate statement and snarky tone, as well as the fact that the group seems to be based in the US, which may contribute to their proficiency in English. They also mention that GreyNoise has coverage for this emergent threat and provides advice for security professionals on how to handle it.
Additionally, the hosts announce the launch of GreyNoise Labs, a platform for deep technical dives and research. Labs is designed for ultra-nerds who want to know the nitty-gritty details of various security topics. The hosts also discuss the potential for predicting security events by correlating anomalies with news articles and breaches.
Finally, the hosts touch on the "jet stream" of the internet, which consists of always-on threats like Mirai and SSH brute force attacks. They mention that these threats behave differently over time and are accompanied by smaller pockets of thunderstorms and systems moving in. Overall, the episode covers a wide range of cybersecurity topics, from noise storms and ransomware attacks to the launch of GreyNoise Labs and the ever-present threats on the internet.