Iran, Matt You, Netflix discussed on Beers with Talos

Beers with Talos
|

Automatic TRANSCRIPT

Enough. There's nobody else cares. Yeah absolutely no. They absolutely had no they. They never thought that they wouldn't be discovered. I guess so but the point I was going to is that I don't want people to get tunnel vision and think that they're going to see another windows worm in this particular case there's hard there's a lot of ways to influence policy. There's a lot of ways to get the government's attention and yeah. I think going after a large portion of civilian computers is probably not one of the easiest ways to do that. Now on the other hand. If you've got a pile of windows zero rotate maybe it is. But there's not going to be an easy way to predict this there's not going to be There's a ninety percent chance at this anyone who says that I would take that with a giant Matt Grain of salt targeted Craig's. At right. I mean if you do something like that. craigslist is not really targeted. Because you'RE GONNA lose content of the with way right. I'll remind you that not pets. You was targeted. Not PECI was specifically targeted to companies. That did business with Hugh crain hundred targeted was built in a way that specifically did not leave the network under you know. Under almost all circumstances almost almost every infection that we're aware of involved a compromise not pet miyake's but that was also like one of the most incredible cyberattacks that has ever happened in terms of the way they access it the way they abuse the supply chain the way they constructed the virus. The virus was just enormously enormously effective. Move very quickly but also stayed in. Its Lane it only affected places where it was sent. It was an amazing being. You know like like separating the very bad things that it 'cause it was amazing move but I don't know that Iran's new position where they can pull that off but on the flip side it were also in a place where maybe Iran's way to show more of its hand would have before and we don't know what's in that hand. I think we may see some interesting things happen over. DNS You know. I want to be one hundred percent clear you know when we saw the actors Fiddling with DNS over the last two years we do believe that there were more than one Now now I do think we may see some things happen. I I do think they may be isolated. But it's definitely Out For you know especially if you're in a country whose registrars have been When that have had actors play games of them in the past I would have severe concerns? Yeah I mean it's it said easier your target than most. I think again whatever they're going to do if it's Iran whatever it's going to be as targeted as possible right right because you need. They need to make a statement and that's why they're going to do it and anything that's kind of the bleeds over into the effects or the countries or other people are not American. You know whatever all the parts the wilderness and that is not something that they're going to be interested in doing. It's going to to be something. which is you know a targeted event that they can claim responsibility for us? Back kind of thing works well but I don't want people able to get a false sense of security though right. People may be targets by accident. They may be because of their relationship with American. Companies vigilance is what we're saying. The the cyber war thing is there's no start this no end it's an ongoing thing right. Yeah I mean. We're kind of lucky this time because we do know something's coming right. Yeah you're expecting it. We know something's coming we just don't know in what form whether it be physical or or You know or all digitally wealth. Yeah so it kind of goes back to what I what What we said earlier? Is You know all the things that you were concerned about before this. You should still be concerned about. There's no magic protect me from Iran thing You know so. That's a concern and be vigilant be aware and Or Be Safe Matt said right. This is the time when you got to run down the leads. This isn't the time to say hunt. That's weird but you know what it's four thirty on Tuesday and I WANNA go home early. It's a bad week to do that. Run it down assigned to the next team check into it and we talked a little bit about that Matt You. You gave some some good tips at the top there. But what are when. We're talking about Espionage Cyber Warfare on this scale we obviously know they. You know these nation-states sit on a no day or they'll have some of the kind of ingress into a system through any any other vector imaginable What are the top ones? Folks should be looking out for the other than the obvious. We've gotTA keep systems updated. Your patch level has got to be on one point Where possible and make sure defenses up to greet time to roll out two factor authentication so yeah two two F. as good so I would? I'd Kinda turned away and this this is this is more for more mature her organizations but once you had like like if you if you put up your fences and you've got your you know your stakes in the ground and everything's good and you've patched and everything anything else now you need to turn to. How do I see what's happening in my network? It's when you are working both pre and post riposte compromise with with NASA's state actors and more advanced criminal actress as well phys abilities key for you to be able to answer the questions that are gonNA come up. You're never gonNA have those kind of weird moments that we're talking about where you're like. We were. That's weird what happened. Why did that happen? If you don't have Netflix. Monitoring Windows event logging Assem helping you out. Packet capture stuff like that. So that when you're like Oh what what is this then you can kinda start stringing together. They're all those visibility elements the place that we like when we are doing like I are the thing that hurts. The most is a lack of of visibility in. So that's the main thing if you're if you're really seriously thinking all right you know. I'm a legit target For this particular actor because of XYZ. Here's your I've been notified by the government that they think that I'm in an industry that they may be able after that visibility once you get your basics in order her visibilities the like the Super Media Nextstep because just having everything patched to the best of your ability is only the first step You really need to start being able to put place things you see what's going on so you've got your self patched you've got your fences this setup you've done. TEFA MFA you've you've even worked on your visibility some now and you can see what's going on with Netflix monitoring with logging with with other other things but brewing you even segment segmenting. Nice Nice. So you've done the things right and still yet. You fear that you've been attacked should At what point and for what organization is time to phone a friend not every organization has is IRA capability in house in the can trace this down. They don't have a huge sock rate that can handle these events themselves but at what point is it time to be like. Oh Shit I think you hit the nail on the head though right like if you don't have a plan. This is the time to make a plan. There's going to be a large number of businesses out there who don't have a plan. They don't have an incident response team. They don't know what to do. This is a good opportunity to get some brochures. You know You don't necessarily have to pay you. Don't necesssarily at the do it but have a plan. have an idea on paper have talked her executive team's about it. Talk to your SEASO's about it talk to your staff about it and make sure that that should something happen. You know what you're going to do. You know being aware of what to do in the aftermath or during an attack can help save valuable time it can limit the extent of the damage now is it going to magically stop everything no but it.

Coming up next