The CISO Signal | INSIDE CNA's $40M BITCOIN RANSOM | The Hack That Changed Cybersecurity - EP 4

In this episode of The CISO Signal, we go deep inside the cyberattack that shook the financial world.

Join us as we unravel the haunting details of the 2021 ransomware attack on CNA Financial, which resulted in a record-breaking $40 million ransom payment in Bitcoin.

This wasn't just another breach. This was a black swan event cloaked in silence, executed by a mysterious threat actor known as Phoenix. They slid past defenses, encrypted over 15,000 devices, and vanished with a payday big enough to fund a small nation-state.

How did one of the largest U.S. insurers, an industry built on managing risk become the ultimate risk?

🧠 GUEST CISO CO-HOST: Matan Eli Matalon

We’re joined by Matan Eli Matalon, CISO of OP Innovate. With a battlefield-hardened perspective from years in offensive and defensive cybersecurity, Matan brings a rare blend of red team psychology and blue team pragmatism to decode the dark mechanics behind this quiet catastrophe.

From ransomware tactics and insurance industry blind spots to negotiating with digital extortionists, Matan provides unparalleled insights.

📌 In This Episode:

ATTACK ANATOMY: How the CNA ransomware attackers gained access and detonated their payload.

ROOT CAUSE: The critical role of stolen credentials, Active Directory, and legacy systems.

THE RANSOM DECISION: Why a $40M ransom was paid and what it signals for future attacks.

THE AFTERMATH: The eerie silence that followed and the legal/PR playbook that unfolded.

KEY TAKEAWAYS: What security leaders can learn from CNA’s nightmare to prevent the next one.

🔐 FOR CISOs, BY CISOs.
The CISO Signal is a cinematic, story-driven podcast for security leaders, SOC professionals, and infosec veterans. Each week, we dissect high-stakes breaches with the insight of top CISOs and the pace of a true crime thriller.

SUBSCRIBE NOW! for weekly episodes that go beyond the headlines and deep into the shadows of today’s cyber underworld.

👍 LIKE, COMMENT, and SHARE this episode with your security team.
🌐 Visit thecisosignal.transistor.fm for full episodes, bios, and more.

#CNAFinancial #RansomwareAttack #Cybersecurity #CISOPodcast #TrueCybercrime #Infosec #Ransomware #CyberInsurance #SecurityLeadership #BreachAnalysis #IncidentResponse #SOC #CyberRisk #CIO #CTO #Hacking #DigitalExtortion #Cyberthreats #CybersecurityNews #Datasecurity #MatanMatalon

THE UBER BREACH: HOW A 17-YEAR-OLD HACKED A FORTUNE 500 COMPANY

A 17-year-old hacker. A simple social engineering tactic. A taunting message posted to Uber’s internal Slack channel. In one of the most audacious breaches in recent memory, a teenager allegedly affiliated with the Lapsus$ group compromised a Fortune 500 company, exposing critical vulnerabilities in even the most sophisticated security frameworks.

In this episode of THE CISO SIGNAL: TRUE CYBERCRIME, we go behind the scenes of the Uber breach to tell the full story of how this attack unfolded. We investigate the chain of events that led to the compromise and shine a light on the human element—the weakest link in cybersecurity.

Our special guest co-host is ORI STEIN, CISO at TrustNet Security, part of the Tama Group. Ori breaks down the anatomy of the attack and shares actionable intelligence on how to protect your organization from similar social engineering threats.

IN THIS EPISODE, WE DISCUSS:
👉 How a simple text message and MFA fatigue became the keys to the kingdom
🔹 The role of the Lapsus$ threat group and their unusual tactics
⚠️ Why even a strong security team can be vulnerable to human factors
🛡️ Actionable strategies to bolster your MFA and incident response protocols
📈 The leadership lessons CISOs can take away from this high-profile breach

ABOUT OUR GUEST:
Ori Stein is a seasoned CISO with extensive experience in security strategy and incident response. He serves as CISO at TrustNet Security, part of the Tama Group.

FOLLOW "THE CISO SIGNAL" ON:
🌐 Website: www.thecisosignal.transistor.fm
🔗 LinkedIn: www.linkedin.com/company/the-ciso-signal

DON'T FORGET TO LIKE, SUBSCRIBE, AND SHARE TO STAY AHEAD OF THE LATEST CYBERCRIME THREATS!

#Cybersecurity #UberBreach #SocialEngineering #CISO

🎙️ The CISO Signal | S1E2 — The SolarWinds Hack: How 18,000 Orgs Were Compromised

One trusted software update. Thousands of victims. A breach that changed the cybersecurity landscape forever.

In this episode, we investigate the SolarWinds supply chain attack, a nation-state cyber operation that exposed the deep fragility of the modern software ecosystem. What made this breach so dangerous wasn’t just how many organizations were compromised; it was how long the attackers went undetected and how deeply they infiltrated the systems we rely on most.

🧠 Jeremy Ladner with Guest Co-Host: Alberto Deto Hassan
Veteran CISO and former head of Israel’s National CERT, Alberto, joins Jeremy Ladner to analyze the SolarWinds hack from both strategic and technical perspectives with lessons every CISO and security leader needs to hear.

🔍 In This Episode:

• How Russian APT actors compromised 18,000+ organizations using a poisoned software update
• Why perimeter-based security models failed
• How this attack ignited the Zero Trust movement
• What today’s CISOs must do to secure their software supply chain
• Real-world advice from one of the world’s leading cybersecurity experts

👂 Who Should Listen:

• CISOs, security architects, and incident responders
• Cyber threat intelligence and red team professionals
• Fans of true cybercrime and nation-state breach stories
• Anyone who wants to understand how trust was exploited and how to defend against it

The CISO Signal is a cinematic, story-driven podcast that turns major breaches into case studies for security leaders — blending narrative storytelling with expert CISO insight.

🔐 For CISOs. By CISOs. But, made to thrill fans of true crime, cyber warfare, and the breach stories that shaped our world.

🔗 Subscribe, Review & Share:

Follow us for weekly episodes exploring the breaches that define cybersecurity today.
💬 Leave a review if you enjoy the show — it helps us reach more security pros and true cybercrime fans.

The CISO Signal | S1E1: DEAD IN THE WATER | How Sandworm Crippled Maersk — The $10 Billion Breach

In this premiere episode of The CISO Signal, we uncover the chilling true cybercrime story of the NotPetya attack — a weaponized piece of malware launched by the Russian state-backed hacking group Sandworm, which brought Maersk, the world’s largest shipping company, to its knees.

What began as an attack on Ukraine’s infrastructure cascaded across the globe, infecting critical systems, halting operations, and costing the logistics giant over $10 billion in damage.

But this isn’t just a story about malware — it’s a case study in lateral movement, trusted access abuse, and what happens when even the most mature enterprises are blindsided by nation-state warfare masquerading as ransomware.

🎧 With Guest Co-Host: Shlomi Avivi
We’re joined by Shlomi Avivi, a veteran cybersecurity executive and former CISO of several hyper-growth companies. With 20+ years in the trenches of risk management and enterprise security, Shlomi brings a sharp, modern lens to what went wrong, and what CISOs everywhere need to understand today.

Shlomi is a strong believer in forward-thinking security strategies that evolve with the threat landscape, and in this episode, he helps unpack how legacy vulnerabilities met modern warfare… and lost.🎧 In this episode:

- How a single compromised update triggered global chaos
- What Maersk lost — and how close they came to losing everything
- The technical and emotional toll on security teams
- What CISOs can learn from one of history’s most destructive cyberattacks

🧠 Guest Commentary from Top CISOs
We bring in real-world CISOs to analyze the breach, not as victims, but as expert investigators. Together, we examine the breach’s timeline, the security failures, and the haunting “what ifs” that still echo through the infosec world.

🔐 For CISOs, by CISOs.
The CISO Signal is a cinematic true cybercrime podcast designed for cybersecurity leaders, red teamers, and infosec pros. Each episode dissects a real breach with the tone of True Detective, the rhythm of The Twilight Zone, and the insight only seasoned CISOs can provide.

🧭 Subscribe now for weekly episodes that turn infamous cyberattacks into case studies every security team should hear.
👉 Don’t forget to like, comment, and share with your security team.

#Cybercrime #NotPetya #MaerskHack #Sandworm #TheCISOSignal #CISOPodcast #CybersecurityPodcast #TrueCybercrime #IncidentResponse #NationStateAttack #InfoSec #BreachAnalysis #SOC #RedTeam #SecurityLeadership #SupplyChainSecurity