The €600,000 gold heist, powered by ransomware | Smashing Security podcast
🎯 Summary
[{“key_takeaways”=>[“A ransomware attack on the Paris Natural History Museum disabled security systems, enabling a subsequent physical heist where €600,000 worth of gold specimens were stolen.”, “Ransomware attacks, like the one hitting Jaguar Land Rover (JLR), cause massive financial losses and disrupt entire supply chains, potentially leading to business failures.”, “The Shai Halund attack compromised over 40 developer accounts on the NPM registry, publishing malicious packages that spread malware to developers using compromised code dependencies.”, “The Shai Halund worm specifically targeted Linux and Mac OS developer environments, suggesting a targeted approach based on the likely operating systems of the intended victims.”, “Supply chain attacks demonstrate the need for developers to rigorously validate dependencies, as simply updating packages can introduce malicious code.”, “The hosts note that the impact of cyberattacks extends beyond data encryption to include severe operational halts (like airport check-in failures) and significant employee stress.”, “The episode concludes with a ‘nitpick’ criticizing Samsung for forcing ads onto smart fridge screens via updates, highlighting the normalization of intrusive advertising.”], “overview”=>”This episode of Smashing Security dives into the far-reaching consequences of cyberattacks, highlighted by a €600,000 gold heist at a Paris Natural History Museum that occurred because the security systems were disabled by a prior ransomware attack. The hosts also discuss the significant disruption caused by the Shai Halund NPM supply chain attack, illustrating how digital compromises can lead to severe real-world operational and financial damage across various sectors.”, “themes”=>[“Ransomware Impact and Secondary Effects”, “Supply Chain Security (NPM)”, “Physical Security Vulnerabilities Exploited by Cyber Incidents”, “Developer Security Practices”, “The Normalization of Digital Intrusions (Ads)”]}]
🏢 Companies Mentioned
💬 Key Insights
"yes, update, but validate first. If you have dependencies, maybe do a couple versions, like a version behind or something, or have a robust process to validate that it isn't doing something naughty before installing it into production."
"if that pre-built code is compromised, then hackers can compromise the code that developers are using to build their apps rather than attacking applications directly."
"A couple of months ago, a German phone repair and insurance company filed for bankruptcy after being hit by ransomware."
"When I first heard the headline that JLR had been hit by a ransomware attack, I mixed them up with that pop group, JLS, and I thought they'd been hit, said, but turns out JLR is completely different. It's Jaguar Land Rover. They look like they can be shut down for weeks. They're bleeding 72 million pounds every day while its production lines are gathering dust."
"I think integrity checks is very important, making sure that you know where your dependencies are, what they're doing, and what they're supposed to be doing. You need to know your baseline, right?"
"automation is super useful, but it's also for threat actors. So don't count on it being like, 'Oh, well, I'll know, and I can stop it in time.' No, expect that if your system is compromised, you need to react very quickly."