In this episode of the podcast (#221): Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the revelations this week about APT 40, the Chinese group that the US has accused of a string of attacks aimed at stealing sensitive trade secrets. Also: is Salesforce the next SolarWinds? In our second segment, we continue our series on Left-Shifted Security with Waqas Nazir of DigitSec, a start up that helps secure Salesforce apps.
The Biden Administration continued its forceful diplomacy on the issue of cyber security this week, with an announcement on Monday that named four Chinese nationals the U.S. says are responsible for a string of attacks on companies in the aerospace, biomedical, defense, healthcare, and manufacturing sectors, as well as academic research institutions.
Naming Names With APT 40
The announcement was just the latest by the U.S. government – dating back to the Obama Administration, and continued during the Trump Administration to name not only foreign governments responsible for disruptive cyber attacks (as with North Korea’s hack of Sony) but to specifically calls out individuals working on behalf of foreign governments, as with the six, Russian GRU officers named in a DOJ indictment related to the hack of the 2018 Olympics.
It’s a tactic that experts note is designed as much as a message to foreign nations about the U.S.’s intelligence prowess as it is an effort to inform the public. But is the strategy working? And what can companies in sensitive industries do to protect themselves from incursions like those mentioned in the indictment?
To answer those questions we invited Andrew Sellers, the Chief Technology Officer at QOMPLX* back into the studio to talk about the indictment. Andrew previously led enterprise network modernization and design efforts for the Air Force and large Department of Defense initiatives that included critical and global aspects of security architecture and information transport infrastructure.
In this conversation, he and I talk about the limits of the U.S. government’s “name and shame” campaign, and we did into some of the tactics, techniques and processes used by APT 40, the chinese advanced persistent threat group believed responsible for the attacks.
Is Salesforce The Next SolarWinds?
Salesforce.com on Wednesday announced that it completed its record $27 billion acquisition of Slack Technologies. The deal, which adds Slack’s digital messaging and collaboration platform to the Salesforce roster, is part of a Salesforce plan to create what CEO Marc Benioff called a “digital HQ that enables every organization to deliver customer and employee success from everywhere.”
The company, which now employs more than 60,000 people, started more than 20 years ago -one of the first Software as a Service (SaaS) firms. But what started as a play to democratize pricey Customer Relationship Management tools like those sold by SAP and Oracle has, in two decades, become much more. Today, Salesforce is a platform on which thousands of third party applications extend the capabilities of the core platform.
But as the recent attacks on SolarWinds and Kaseya show: robust cloud-based applications and services are a double edged sword: giving access to powerful features affordably, but also introducing new cyber risks. In our second segment of the podcast, we continue our series on Left-Shifted Security by speaking with Waqas Nazir of the firm DigitSec, a startup that is focused specifically on securing Salesforce applications. In this conversation, Waqas and I talk about the growing risk of software supply chain attacks and the kinds of risks and threats that Salesforce customers face, and about steps they can take to limit their risk.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.