Listen to the latest updates, developments, and insights into the world of cybersecurity. Learn how to protect yourself against the ever evolving threat of cybercrime from leading talk radio shows and premium podcasts.
Ransomware Gang Reportedly Drops Encryption
"The babic ransomware gang says it's dropping the encryption of data of victims as a tactic instead will focus strictly on data theft and blackmail to enrich itself until now the gang did both stealing data from victim organizations and then encrypting the data on the corporate servers. The threat to the victim was pay for the decryption keys. Or the copy data will be released embarrassing. You and your customers. If the company didn't have a good data backup it faced to threats embarrassment and loss of business and the loss of data this double extortion. Tactic started being adopted by ransomware groups about two years ago but creating and maintaining encryption isn't easy some cyber security companies have cracked the encryption of a few gangs and are giving away the decryption keys to any victims m saw off is one of the companies that crack the babba code now. Barbeque has apparently decided that is easier and perhaps just as lucrative to only steal data and hold it for ransom a researcher adam soft doubts that other ransomware groups will follow this strategy by the way last week the babak gang gone into the computer systems of the washington dc police department and stole data. It is still threatening to release the names of police informants unless it is paid in an interview with the new site in poland babba claim. The police departments virtual private network was hacked. With a zero day vulnerability that is vulnerability that hasn't been disclosed. That claim hasn't been confirmed.
German Parliament Sustains Another Attack
"Several security companies have released news about revived. Threats will run through a few of the more. Prominent discussions fire is mandy unit. This morning updated its research into ghost rider and influence operator that came to attention last year. As it sought to affect public opinion in latvia lithuania and poland its messaging then was anti-nato the campaigns of twenty twenty relied upon heartlessly crude forgeries and implausible rumor. Mongering but of course disinformation doesn't need to be art as long as it can get the write amplification which ghostwriter work to accomplish. It was easy for officials to quickly. Debunk such hogwash. As the claim that canadian soldiers were spreading covid nineteen or that an internal memos circulating in the polish ministry of defence called for resistance against an american army of occupation a forged memo helpfully provided hijacked social media accounts used to lend plausibility to a very implausible. Cyber scoop offered a useful account of these efforts at the end of last july. But of course lies can have a bit of a run if they're provided with a head start. In any case ghost writer has now expanded its thematic content to include disruption of domestic polish politics and also according to tonga. Shell credential theft attacks on german political figures fire. I believes the threat actor it tracks says. Unc eleven fifty one. Some portions of ghostwriter the firm characterizes. Unc eleven fifty one. As a suspected state sponsored cyber espionage actor that engages in credential harvesting and malware campaigns tanga shell calls the chaos troops which is apt enough for an operation that aims at disruption. At least seven members of germany's bundestag have received phishing emails as have some thirty members of the lender assembly. That is the state level. Legislators german authorities are taking activity seriously.
Call for an Australian National AI Strategy
"Hello and welcome to moscow screen. Tv now taking sick weekly be joined once again and welcome. Ron gushy. They chief executive officer with the australian industry association and the industry there's cooling for at least a two hundred million dollar investment into strays i- strategy a national strategy. So we'll get an update from ron. On how the. I w i i is going in. They recent coal app to government. Run galaxy that chief executive officer with the i aa i run. Thanks for joining us once again. Thanks to the chris. Much rishon artificial intelligence in the release came out. From the i w i do like how you guys up right off. You know you you kinda push and comment very very quickly. And promptly on government initiatives Maybe if he can give us not died or background from the realistic climate decoding for two hundred fifty million dollars for a billion dollar investment into the i. nationalized strategy. What's what's the background to this. And you we are cooling for is significant allocation In my phil- budget what the premises whibley kate. Primary industries are exposed when we look at the level of being made my in iowa offshore. of dollars. Investments across europe and asia and and in that region and that means that we are at prime ministries are at risk of becoming uncompetitive and probably unattractive globally and consumers that will become a country. Can she was rather than the juices. And it's a pity because the strike. Has i recognize leadership position experts in zenaida and and the kowloon basements across fiddles night governments have been targeted towards raicevic in i Small small bits and pieces fashion in an s fragmented with that any extra commercialization agenda
European MPs Targeted by Deepfake Video Calls
"Someone impersonating a spokesman for imprisoned russian opposition figure alexander navalny conducted zoom meetings with european parliament members. The sessions featured. What the guardian and nl times called a deepfake video call purporting to be volley associate leonid volkov which volkov himself said looked pretty convincing. Speculation about responsibility for the incident has focused on vo van and lexus. Two well-known russian prank callers pranksters and such nuisance. Humorous are known. The incident is of course troubling for coming at a time when navalny is imprisoned and on a life threatening hunger strike and it's worth noting that relatively senior political officials were taken in by the scam but to place it in perspective. This is more shock jock stuff than it is a spore of new and devilish lena. Various approach to disinformation technically. It's a cut above the kind of jerk who had called the live news coverage to holler bubba buoy during the slow motion. Chase of oj. Simpson's bronco down the four zero five in los angeles but let's keep it in perspective. The lesson is that video that appears genuine alive call need not be and that some authentication beyond look and feel is necessary but we already knew that it's even become atropine gag insurance commercials where there's a guy video conferencing with his move colleague and so forth. At any rate on balance not very funny and vo von alexis themselves aren't novices. We note. they pranked to name. Just three sir. Elton john the duke of sussex and senator bernie sanders but of their targets have been critics of the russian regime. Mr putin himself has not been pranked and seems unlikely to be
Codecov Breach Impacted ‘Hundreds’ of Customer Networks
"Hundreds of networks reportedly hacked in kodakov supply chain attack following on with the story. We have been covering this week. New reporting from reuters shows that hundreds of customer networks have been breached in kodakov incident expanding. The scope of this breach beyond its own systems. Kodakov is an online software testing platform. That can be integrated with get hub projects to generate code coverage reports statistics in this attack threat actors gained co two cubs credentials from their flawed docker image that was then used to alter kotenkov bash. Uploaded script used by its customers. Kotenkov has over twenty nine thousand customers including prominent names like go. Daddy atlassian the washington post and proctor and gamble making this a noteworthy supply chain incidents and an ongoing story. Remote code execution vulnerabilities uncovered in smart air. Fryer researchers from cisco talos have disclosed to remote code execution vulnerabilities in the koussari. Five point eight quart. Air fryer a wifi connected kitchen product that leverages the internet to give users remote control over cooking temperature times and settings according to tell us researchers cassara did not respond appropriately within the typical ninety day vulnerability disclosure period which is why it has now been made public. Though consumers may consider this situation to be innocuous it is an example of an iot endpoint of unr- ability that can leverage a home connection to cause damage there or anywhere else
A highlight from SN 818: News From the Darkside - Exim Email Server, Tor's Exit Nodes, TsuNAME, Project Hail Mary
"We call him james tiberius gibson captain of the ship. Security steve gibson steve yolande. Oh what's ons again. Well you know. I did not want to talk about dark side but you have not hel way not to not to about dark side and what was interesting because like how long. How much time have i spent promising our listeners that you know we wouldn't keep talking about ransomware. But when this thing moves from you know an incidental concern about from like. It people to something that you know where our parents or grandparents or you know those who are predate. The internet like What ransomware what's that. I mean and when it steps out to dramatically affect our infrastructure and this group has a weird twist also like they've have an ethics page posted their site on the on the dark web about their intentions. Anyway we'll get to that. There was enough interest about this. Like enough insider information that war listeners would not have picked up from the mainstream media that i thought okay. We gotta talk about that but this is episode eight eighteen for patch. Tuesday of may which will be talking about next week because you know we have to wait to see what happens. We're going to look at a new and old threat to our global dns infrastructure. We also ask what the heck google is planning with their so called two step verification. We examine a huge new problem with the internet's majority of email servers microsoft exchange. That was march. And they're by no means the the biggest player it turns out that the biggest player. Xm has some like really bad problems. So buckle up We're also going to look at the reality of tor exit node. Insecurity leo and really substantiate the statements. You've been making when you're talking about our vpn sponsors that you know that's a just using tour doesn't do the problem. Yeah we're also going to touch on a new scifi novel from a very well known author Share a bit of closing the loop feedback from our listeners. And then we're going to settle down and take a look at this arguably the highest profile ransomware attack ever from what was previously a low key attacker. We'd never talked about dark side before you know we're talking about re yukan all these other guys and this player sort of interesting so l. n. For those listeners. Who've haven't well actually you. And i all of our conversation about our pitcher of the week was before you hit the record button. We have a picture that we're not going to explain. And we will explain watson iq tests. Actually it's not. It's a test of your educational levels. Maybe i don't. I don't think it's an intelligence test but it is a test so we'll we'll we'll have that in a moment But i word from our sponsor. This is a test. are you sure. There's no one on your network right now snooping around exfiltrated information. Getting ready to encrypt everything with ransomware. Sure that's what the colonial pipeline guys thought to. They needed this. They needed the things to canary. The last thing anyone wants right now. Is that data. Breach exfiltration It said that the pipeline folks hundred gigabytes of data was exfiltrated and then encrypted Rather than the villain lying in. Wait i'm going to suggest there is a hero in this story or there will be in your story if you know about the thinks canary thinks canary companies. Usually find out way too late. They've been compromised even if they've spent millions on. It security It's just not enough because as you know. Security is a layered thing. No one thing will fix everything but man you gotta have the canary. You just gotta and there's no reason not to it's affordable it's basically a honeypot. That's easy to configure easy to install and is irresistible to bad guys. So when they're going around looking for stuff to exfiltrated servers to log into they'll see the canary and it won't look vulnerable. It'll look valuable for instance. I've configured my canary to look like him. My sinology nass. Because i know the nasa i know the logging. I know exactly what it looks like. It came down to the mac address. It has an official mac address that is identical to a sinology mac address. You can say with the mac address is you can choose what it is. You can choose the user interface and when the bad guy sees that sinology use interfacing logs in you get a notification. You don't get overwhelmed by millions. And out of gatien's you just get very concise actionable notifications that include by the way the logging password. They use which is valuable information understanding. What they know already ran. The canary has completely changed. The game is designed to be installed and configured in minutes. And then if you'll forgive the pun left to its own devices you don't have to think about it in fact if you don't hear anything from the canary you can feel good.
A highlight from 208 Bringing Tools of National Power to Fight Ransomware
"I have really led a very circuitous passed over the years i. I began my my career many many years ago. Now as someone who was fundamentally focused on questions surrounding human behavior in wyatt is that that people do the things that they do to include engaging in things like warfare. I've been everything under the sun have been a schoolteacher Have been a chef I've been a gardener But i found myself sitting raytheon company as a as a research assistant supporting engineers in the space and airborne systems unit in really needed to to get into the fray in so i moved to washington. Dc went to johns hopkins. Seis got a job. Eventually in the of the secretary of defense for policy in the pentagon and was focusing primarily on regional issues south asia in particular where that was responsible for helping. Make sure that nuclear weapons didn't fall into the hands of terrorists Tackling everything under the sun that you can think of was to convert over to the white house where i was able to work had the amazing opportunity where for president obama for four years on the national security council staff and my final role. I was the senior director for south asia. Where i had responsibility from ever for everything in our relationships with folks in the region primarily india and had set up a cyber security dialogue with them with working with them on nuclear energy policy climate. Change you name it head. So have since achieved escape. Velocity him back out here in california. got out of washington and Have been back here in california building institute for security technology over the last few years. Well can you tell us about the. Is t what is what is the organization's Mission so the mission really at its core is to reimagine the think tank and provide trusted venues for technologists so people who are actually building things and deploying them providing venues for those folks to be able to engage with national security policy makers and what we have found and i think we all live this everyday is that at one time policy really is what drove technological development and that is very much been flipped on its head where is driving policy across a range of public policy challenges right whether it's education health care you name it but in the security space. It's so stark. And what we've discovered there really aren't the venues where people can get together and have no full throated debate in have arguments where it's a trusted space where they can actually put ideas on the table. And so we've been building an institute with the core mission of trying to to cross level playing field. How do you come out that problem. I mean we look at I think certainly the the current situation here in the states is one that is very divided. it's hard to have a conversation about anything and yet these are serious issues that you all are taking on so what we have what we've found. I mean we're we're a five. Oh one c. three so we're nonprofit. We don't have anything driving us except for quite honestly altruistic intent and where we're a mix of folks who are entrepreneurs and ceos folks who've built in sold companies but also folks who have worked in the national security establishment served at the pentagon and at the white house. My board chairs of former air force officer We know both sides of the coin and we come at this really as strongly as we possibly can. Has bipartisan bicameral as possible because our our stance if you will is that we can't solve these solutions if if folks remain in their stovepipes and so we come into pretty neutral and in doing so. I think we're able to bring more people to the table. How do you bring your message to the international stage. When when we certainly we have our allies but also our adversaries one Challenges here is is being able to state the case any yet continue a conversation. I think the you know the skills that. I was able to cultivate when i was working at the white house for president obama to be able for instance to to sit down with our with our pakistan counterparts. And two very bluntly say. I'm interested in supporting your activities at your efforts to counter terrorism to go after al-qaeda to go go after those who are targeting your state but you need to stop harboring insurgents who are destabilizing. The government in kabul and so there are means through which you can engage with international counterparts. Who may be adversarial in some ways. But who i think have a vested interest in getting ahead of these similar challenges. They're they're they're not safe from cybercrime. They're not safe from these sorts of online threats. I think they have a vested interest in directing them elsewhere. But i think they also have a direct a vested interest in maintaining their ability to function within international structures to include financial systems. So there's means through which you can have pretty open honest conversations even with with adversaries but you have to have carrots and sticks brought into the equation. Where does the us sit right now in terms of being able to deliver that message to the rest of the world's are we do. We enjoy a position of being on a. I don't know for lack of a better word. A moral high ground when it comes to these issues. I think the the united states. It's got its its fair share of responsibilities in my opinion where we have such immense resources in such a men's technical capability in such a mets. Still today i am convinced of this. Such a men's value that we bring to a conversation that people want us there. They want us to help drive toward solutions. There are reasons why there are folks who are you. Know they have pause has to activities. Perhaps the united states government engages in there needs to be a level of transparency there To be able to have that kind of conversation. But i do think that the us is still uniquely positioned to be able to help lead some of these conversations in particularly looking at the ransomware discussion. I think there are others. Who are who are interested in partnering up with the us to to collaboratively get after that. That's what we heard through all of our discussions whether it's with the australians the dutch the the brits i think the canes the israelis the indians i think folks definitely could use someone who's willing to step forward and help lead such an international effort and i think the united states remains uniquely positioned to do so. Let's dig into some specifics together You and your team at the i. S t recently Put out Publication called combating ransomware A comprehensive framework for action key recommendations from the ransomware task force What prompted the creation of of this study so we found ourselves last fall watching and listening to all of our colleagues in the folks in the infosec community just scrambling as as this tidal wave of attacks was starting to hit the healthcare industry and as we are really seeing ransomware hitting every sector you know. You're done manufacturing logistics. Now you're seeing it hit hospitals in educational institutions and it struck us that you know with our experience having sat at the white house for example and seeing what needs in could be brought to bear on on a problem like this. The question was what. Why hasn't someone hold together. Everyone has a stake in this and figured out a more comprehensive approach in so we started reaching out to to friends and colleagues both in a in a nonprofit society sector but in industry but also in government and so we started talking to folks at
A highlight from Application Security in the Cloud
"Our guest today is miller at business information officer at as a global so this sounds like a fun tight lisa. Would you care to give us a brief outline. Bisa really needs yes. I get that question a lot. What is a b. So i not see so is but what is this thing or is it a b. instead of a c and really the easiest way to explain it is that it's like a c so but i'm specifically focused on one division of our organization and instead of dealing divisional see so that reports into a centralized cease organization in info security. I actually report into the division into the divisions cto so my goal ultimately in the focus of my role is to bridge that gap between the business and centralized security team helping the business understand how they can apply these requirements and practices from the security team but also the other way around to pushing back on the security team and giving them more business contacts so as they're trying to develop new policies and standards and other things they can do it in a way that makes sense for what we're doing with our engineering teams and across the business lines Okay that actually does make sense. And i wish more lodge global federated companies would have that because it sounds sometimes. The team was kind of confused about this whole central decentralized centralized requirement so i think that makes sense so we wanted to hit on the topic of application security in the cloud because i do see a fair bit of confusion in the industry about like Whose responsibilities those how to fix problems. So in your opinion melissa. How application security practices changed as organizations launch their cloud transformation clogged migration efforts. What changes. And how also you touched. I want already right. The responsibility really begins to shift security people. We've been talking about push left for years probably better than two decades. I think trying to get devs to take on more responsibility for security and get them to understand and from a secure coding practice when we start moving into these cloud native technologies and we start expanding into things like infrastructure as code or we get into containers and even now you'll functions as a serve as an all. These things are defined in code so suddenly our developers have a lot more responsibility across more than just the software that they write. And you've got now. Our infrastructure teams have really shifted right. launching 'sorry teams now kind of seem to manage the bulk of the infrastructure if you will in our cloud environments but that infrastructure again could be lambda it could be cooper netease docker it could be. Ec two instances running whatever flavor of whatever operating system so from an application security perspective. First of all that means that that responsibility has to lay across all of those teams so when we think like cops for instance which is so often a part of people's cloud transformation that speaks right to that like we need our teams to understand information security. They need to understand obscurity they not on infrastructure security. We need the dabs to be. A part of an alien needs security to become a better part of the development process. Security can't be this gate anymore that slows us down in instead. It's gotta be something that's well integrated so with all these challenges of new technologies and faster development and faster deploys in different ways we build up. That's the biggest change is everybody has to be a part of it. And that's where a lot of those transformations really struggle is. How do we bridge application security across all of these disciplines. So let's let's imagine the case where we fail to do that. And we just do a big old lift and shift of. Somebody's big fat complex application. Somebody else's i ask. What are the bad things that happen there. How's that go wrong well. Inevitably you send up with configuration issues. No matter how much we think cloud is going to secure us. In honestly i tend to see more with the organizations that do just do like a straight lift in Forklift bare metal servers into ec. Two or something there. That's where we see most that attitude of. Oh it's in the cloud in the cloud providers to secure so google or aws azure. Whoever they're going to make sure that i'm safe and secure and so he missed a lot like the really simple configuration. Things that create a lot of vulnerabilities and then from the application side. You're in a whole new environment. Where networking is a little different right. You launch your virtual private cloud and the communication isn't the same as what we're used to normal environments and so creates new vulnerabilities are new attack. Factors that if we're not aware of it. We're not testing for application security processes. We tend to miss those things. And so what you see is real explosion and then you get a lot of finger pointing right when there's vulnerability is everywhere.
A highlight from SN 817: The Ransomware Task Force - Scripps Health, REvil Hacks Quanta Computer, Emotet Botnet, QNAP
"Great to be with you. At as we begin may down here. We have may grey. I don't know if you have made gray. In northern california we do followed. They called marine layer. I s and it's followed by june gloom right While all summer long let's face it tries not to happen. Thanks a lot I have sort of ambivalent feelings about this. Which i will articulate by the end of today's podcast but but because it's happening and it's a thing i thought we had to talk about it. And that is the recently announced ransomware task force. No i house have mixed feelings about bureaucracies in general thought. Big fan of enlist committee meetings. I i i've mentioned before that. Grc got to a point where i once years later discovered an outline which i had created for to prepare for meetings about our meetings and i realize got our meetings are having meetings. So i just like yeah. That's not the way. I wanted to run my company. Consequently we no longer have meetings. Because i'd have small very yeah so but anyway There were a couple interesting pieces of information we haven't had before. Although most of what's going on with the ransomware world we know as well covered but still worth talking about. I wanted to sort of plant that flag so that we can then go from there and see if anything develops from it. We're gonna touch on a couple of topic surrounding ransomware. I of course. I i know you've been talking about it. This revival attack that affected apple through one of their suppliers. We're also gonna look at just this past weekend's attack the brought down southern california's world renowned scripts health system Ouch We also are going to catch up on some. That had been going on but i was waiting for the other shoe to drop to see what would happen. That happened sunday. Before last with a really interesting coordinated multinational take down of the imo. Tet bought net Which has been like. It's a huge botnets. Somehow we just hadn't talked about it and i'll to explain why later but i like since two thousand fourteen it had been growing And as sort of part of that the f. b. i. contributed more than four million compromised email addresses to troy hunts. Have i been postponed We're gonna follow up talking about that by looking at two notification services that troy now offers and leo. You're gonna wanna be poking at one of these 'cause you can now have have. I been postponed check for any compromised email addresses by domain as starred star at twit dot tv. And that's good i did. I did that. And i had to get my heart back under after after it returned. One hundred and fifty five g. r. c. dot com compromised email addresses which. I'll explain so anyway. You could cheat and scroll ahead of you want to and be
A highlight from #93 - Open Banking with Nathan Coffing
"I'm good. I'm conservative mike. Ask the little that i have left and driving my guess kausar car when a lot of concern gas but You know. I'm living in the southeastern united states where Our guests supply has been affected by two things one is cybersecurity attack that happened on the pipeline that fuels a lot of the southeast. In the second is by panic buying everybody rushing out the up their tank all on the same day. It's the same thing that happened. You know read after covid where everybody had to rush out and buy toilet paper volt things. Yeah i saw a picture of you. Feeling gas tanks and putting them into the trunk of a car or something like that Maybe make a few extra bucks on the side here. The good old american way capitalism that of thing we all knew her bunker so actually you bring up the pipeline thing so the latest that we have as of wednesday may twelfth recording this. And this'll go out into the internet in all of our listeners on the following monday seventeenth That it's is that the pipeline hack may have come from the exchange vulnerabilities that were widely touted. A couple months ago. I think was back in march. Or whatever means and yet again patching didn't get in place and wasn't remediated in here. We are another ransomware story in our. We're seeing prices on gas. Go up because of that but also because of the economy. I think starting to open up a little bit here in the us. So i guess. Keep those systems patched while. I think you know a lot of the rents were attacks. Are you know eventually. Boil down to basic blocking and tackling. We talked to dark jas cunningham on the show a few months back and you know he mentioned that these types of attacks are moving downstream not that utilities and kind of core infrastructure is a far downstream. But they're going from new government agencies bags down to you know companies that haven't seen themselves as prime targets in the past. But i think what you. And i have seen a lot of organizations. We work with is that they're understaffed. And you've got a lot of You know not enough people running around trying to keep up and they're doing yeoman's work and there i m heroes but if they don't have the tools like mfa everywhere There's only so much that they can do. And so you run into these situations where nobody wants to end up on the front page of the newspaper. But the certainly what's happening. Yeah i mean job security. I guess right Human arrogance involved and people start to You know fall behind. I think you know one thing that we see a lot. Right as underfunded undermanned. Understaffed teams Really doing heroic effort to keep organizations as as best they can but they can't do it all the can't do it forever so something to certainly consider. Yeah well hey we we've been talking a lot about That by the end of this year. We're hoping to be able to do some business travel again. It's there's nothing like a year of no business travel to make you miss business travel But i think you'd agree that probably the faith business travel is conferences because we get to see and interact with people in our industry Hopefully when that starts up again we'll get to meet a lot of the folks who listened to the podcast. But i had an interesting story and that our guest today Is somebody that. I met at a conference at actually. A couple of four draw conferences. That i can recall one of the cool things about four drop was especially in the early days. Was you know the location of some of their conferences. In a lot of times. The two that i'm thinking of in california which is such a beautiful state but the a soul mark conference center it was like a pine forest right on the woods and our. I'm sorry read on the beach and it was such a cool place to be. And the other was at the ritz. Carlton half moon bay in the bay area and while i mean could pick a better place to to go for work trip. Yeah i enjoy going west for that for for conferences. i'm california guy side like it So speaking of our guests. Why don't we go ahead introduce Nathan coughing he is the head of strategy at cloud entity. Welcome nathan to the show. Thanks for joining us. Thanks for having me really really glad to be here. Thanks for going to the way. Back machine There's those are wonderful conferences both technical point of view as well as you know the the atmosphere actually phenomenal idea sharing in kind of growing the. Im states yeah. It's fun to interact with folks I do miss the conference thing. I you know i never thought it would say this. Is i miss being in the line to get onto a united flight scrambling with two hundred other people. Trying to fight for overhead stays or under under seats bays may be so maybe at some point here in a future that will resume. I know we're gonna talk today about open banking and how that has started to. I guess we'll open up right for organizations start taking advantage of But before we get to that. I think it would be helpful for the folks who are listening to kind of understands your journey. You've known jim for for time in prior roles and sort of You know the maturation of your own career. But how did you get into the im space. Is it something you chose or did you choose it. Well we gotta go in the in the way way back machina. Back to the netscape planet. Days where i was.
A highlight from The Power of Well Cultivated Business Relationships
"Ultimately the end of the day. The big thing i like to do is get people out in the field with actual customers to see and observe with her own eyes and ears to me is one of the most powerful underrated secret weapons that you could have. Technology is transforming how we think how we lead in how we win from intervision. This is status quo. The show helping. It leaders move beyond the status quo master their craft and propel their it vision. It's not often. You meet someone and you feel an immediate connection a connection because you share similar backgrounds interests and philosophies why i met today's guest we immediately began calling each other brothers from another mother because of that connection as you know not all relationships are that easy that immediate some relationships take time all relationships take work. I'm your host jeff ton and on this episode of status go. We're gonna talk about relationships and no. Today's guest is not dr phil. We're going to talk about the business relationships. And why they are so fundamentally important to. It leaders across the globe. Today's guest joe to pinker cio author speaker visionary in coach joe is the author of it partnerships a field guide a fantastic resource for it leaders want to build a business relationship management practice from the ground up or rescue a practice that isn't delivering results. Welcome to the show. Joe thanks jeff. It's so great to be here. Thanks for having me on. I'm so looking forward to this conversation because you and i have a similar approach to running. It in that we've valued the relationship side of so much. And i just love your imagery of a field guide so take us on your journey by telling us a little bit about your career. And what led you to the work that you're doing today you know i've been in. It for forty plus years now and started out as a software engineer. Back in the late nineteen seventies so that seems like Ancient times where we wrote code on stone tablets. Would i would assume right before the punchcards since the stone town exactly and i worked my way through management and i work for a really innovative company back in the day. it's now part of f. i. S. it was emini. Bank data services mantovani went through several different name changes but it was owned and started by that bank that banking organization years ago. That leadership team Was super innovative. And they wanted us to be more than it professionals. So they invested assen taught us Some business principles Sentenced to customize class at northwestern and we learn about product management and. So that's really when the light bulb went on for me back in the nineteen ninety s and it made me think differently about my role as an it professional and so i started to manage a portfolio of software products Like you what any kind of product. And so that's where the enlightenment came from. So i started thinking about markets and value and sustainable competitive advantage and things of that nature. And that sort of shaped the way i think about my. It role and my imire ultimately as a cio sabina cio for twenty two years in various companies of varying sizes as well across many different industries including banking and manufacturing and retail And high-tech spent the last almost seven years at a company in charlotte Where were the company built home. Entertainment equipment embedded software
A highlight from Ep. 146 - Demand Transparency with a blue shirt with Jason Frank
"They are the music theme for everything. We do here at social engineer. As well as neil fallon being one of the board members of the iowa which just makes him even a bigger goat than possible. You don't know what that means. Look it up. Okay anyhow and last but not least i mentioned the innocent lives foundation dot org. Check out the amazing team. They're the things that we're doing We just completed our three hundred and twenty seven case if you can believe that Just four years. We've been around going on for years and that five. Oh one c. Three works hard with law enforcement. Unmasked child predators. And we're doing a a great work. There's just check out the innocent la- innocent lives foundation dot or not the in the url. Let's get to the subject at hand. I am excited We this month we are. We are joined by jason frank. His has extensive background in helping both government and fortune one hundred organizations and has served as a course instructor for black hat security conference which is a really great You're going to be back there this year. You're going to be back there this year. So you can catch him there this year. He's currently the. Coo at spector ops where he's accountable for all execution of the company tasks and things that are overseeing there. He oversees adversary simulation. Love the fact that you're using that phrase. We'll talk about that too and detection. Delivery capabilities were helps clients to understand the and respond to adversaries. Jason we cannot thank you enough for coming on the show. Absolutely chris yeah i'm ryan's counterpart for specter ups can make the gears run where in a smaller company have many hats that we wear finance legal non fund stuff but then occasionally allowed to go out and actually talk to clients. Which is my favorite just exit ryan. I hear this same. Exact speech from ryan almost weekly. I wonder if i should just exit stage left here and you guys could just talk it. Sounds you are ryan's counterpart for inspector ops. You know i wanna get. I really wanna. I don't wanna forget i'm gonna touch on this adversarial simulation thing but i wanna i wanna get your background. Just tell us how. How did you get to where you are now. I mean you look like you're fifteen years old so this background seems really extensive. I mean look really young. So how the heck are you where you are right now. Yeah you know It's it's it's kind of interesting. I when i was in school. I i went to penn state the degree behind me and at the time Offensive security was very nascent. Subject like it was. It was something at the allegation had. Cdc's yet so there were a lot of universities that They didn't even want to acknowledge the field because they were worried about liability. And you know retraining hackers sue. You know all kinds of stuff so there is a competition. I think it was one of the first ones out of the university of california. Santa barbara Where school to school competition yet to set up a firewall. Vpn tunnel attack.
A highlight from Protecting Intellectual Freedom (Part 2)
"Two hundred and twenty today for may seventeenth twenty twenty one Before we get to part two of our interview. I've got three really fun announcements so First of all. I just had the podcast. Tables flipped on me. I was interviewed on someone. Else's podcast. I will be a guest on our bites. Podcast called lock and code. That i believe will air next monday. I'll let you know for sure when when it is an up. Put a link to the show notes. Of course it's hosted by guidon. David reese who has been on my podcast. I went back and looked several times Maybe as many as john graham coming. I was surprised that i'd had him on so many times but he was at the f. f. That's where i first met him and then he moved onto our bites. I had him on the show when he was about our bites and got to talk and recently and decided we would flip the script. And so now i am the guest and he interviewed me for his podcast with a lot of fun. We had a talk about dark. Patterns was the was the subject matter so anyway. That'll that'll be coming out soon. Definitely check that out when it drops and my second fund but a news is. I am officially going to defcon twenty nine. That is the hacker conference. That's annual held in las vegas. It was not held last year. I think maybe. I guess they did. Virtual last year to covid now is actually planning to go. Last year is my first one. This is always what a bucket list thing for me. I've been wanting to go to defcon for manny. Manny manny years. I tried to get try to get cisco to send me and could never quite quite get them to pay for that trip. It was a little bit a little little different boondoggle. I really wasn't in the security group. It was kind of hard to justify so But now i'm going. I bought my registration. Normally they do not register at a time. Normally it's cash the door because they for privacy reasons they don't want your information but because of covid and some of the precautions are going to have to do this year. They really needed a solid headcount so this year they're doing registration. And i just registered cannot wait. I bought some swag got my hoodie. What could be more official. That a hacker hoodie From defcon so. Anyway i'm super psyched. I'm are actually. I'm really hoping that. I'm gonna get a chance to meet some of the guests that i found on the show. I mean i've met very very few of the people i've interviewed in person. It's always been remote in fact many times. I've even seen them. Because it's been audio only even locally. I'm not we don't use video to try to save bandwidth so doesn't eat into the audio quality so i've never met or even seen a lot of my guests so anyway. Some of those people would definitely be the kinds of people that would go to a defcon conference. So i'm hoping to baby bump into those people out there and have a drink. That would be great now. It's going to be limited this year. I guess it's going to be a hybrid conference so it'll be a little different. Actually i think that might not be a bad way to go for the first time if it's a little less crowded maybe and a little little a little more contained the i don't know what to expect but If i like it this year. I'm sure i'll go again next year and get the full on experience. Of course next year will be defcon thirty. So i'm sure it's going to be a huge party so Yeah that that. That's the by really looking forward to it. Can't wait finally. And of course the highly collectible security enhancement device. I wish that made a really cool acronym but it doesn't need to actually come up with a funding for this thing and it will be announced in one week. Come hell or high water. It is long long since time. This thing debuts And i cannot wait for it to be out there and for you to hear all about it and The website just gotta come with it which anybody can use. But i'm reserving these highly collectible items For patrons if you're already a patron by the way i will make sure that you can have access to these as well. Certainly my longtime patriots. But i'm also into uses to attract brand new patrons and they're just i think they're super cool so
A highlight from Cyber Security Today, May 17, 2021 - The latest on ransomware gangs and their strategies
"Were also taken by someone from the gangs payment server which is where victims nayed ransomware payments. Now all of this came after. Us president joe biden urged moscow to take action against the reportedly russia-based group for its attack on the colonial pipeline in the us and biden. Promise the us would disrupt the gang on top of this one. Russian cybercrime forum suddenly banned all discussion threads about ransomware saying the topic is now toxic and the are evil gang has been quoted as saying it will keep a closer eye on affiliate who want to use his ransomware platform can make sure they stay away from attacking what it called the social sector and governments so our ransomware gangs disbanding area afraid of aggressive law enforcement or is this smoke and mirrors first of all note that are evil is merely saying. It's going to be more. Selective in targets apparently thinks that will cool things off as regards side. Perhaps some of its money is gone but the gang still has its expertise and source code and besides many expert think dark side is linked to our evil. There's too much money in ransomware for security professionals to think these attacks are going away. Organizations need to ensure if they allow access to their corporate network through windows remote desktop protocol or through a virtual private network that access is tightly controlled. These are entry points recently favored by any attacker and multi factor. Authentication must be added to deny access to attackers who only have a username and password. Bread callo based threat researcher. For 'em soft told me why dark side went dark isn't clear and there's no confirmation that any law enforcement agency seized it cites or it's money callo suspects that dark side merely got cold feet with the bad publicity of the colonial pipeline attack and set up an exit scam so they don't have to split money owed to their partners in crime unfortunately callo ads. They'll likely be back under a different name. He also notes. A new posting from ransomware. Gang called the book. It says it's setting up a new platform where crooks who don't have their own leak. Websites can post and sell data. That they have stolen from corporate victims is another sign. Cybercrime isn't going away. More thoughts on the colonial pipeline attack. If as the company says the operational network overseeing the pipeline is separated from the it side and that was the side that was hit by ransomware. Why did the company temporarily shut the pipeline. The new york times quoted an expert saying that if colonial had confidence the ot and it networks were separated there was no reason shot the pipeline however an analyst at the sans institute has a theory the billing system of the pipeline company was affected by the attack if colonial couldn't bill for transporting gasoline than the pipeline. Couldn't run there are many lessons to be learned from this attack and we still don't know how it started or how long the attackers were in the colonial network before the ransomware was launched. Meanwhile ireland's health service executive continues trying to recover from a ransomware attack last week. It shut down. Its it system affecting other things. Medical systems needed for ordering tests according to the bleeping computer news. Service the conti ransomware gang is demanding twenty million dollars for the
A highlight from Ep: 182 Task Force 7 Cyber Security Radio - May 17th, 2021
"One seventy nine defending your company against supply chain attacks. Jim rav we had to bring it back on last week folks. It was nice to hear it again. Jim breaking down. What company should be doing to defend their Defend themselves against supply chain attacks. How so should be thinking about their devops progress He also gave his thoughts on how the new administration should cyber security policy was. The timing is great on that since administration just put out the new executive order. Jim also talked about if the sanctions against russia when far enough to be a successful deterrent against future attacks. He wrapped up the show with his thoughts on cyber critic job market in a talent. War broke down with employee retention. Should really look like all this folks and much much more on encore episode number one seventy nine of task or several radio. Well folks run at least eleven. Different playback mediums. You could find us everywhere that was episode. One seventy nine defending your company against Supply chain attacks a last week episode of task force seven radio while folks you can you see it all in the news right. Solar winds in the colonial pipeline. Random attacks are happening like crazy by inputs out the new eeo. I had to bring on a friend of the show Former director of cybersecurity at cisa in current founder and ceo. Of next five. Brian where. Brian is a highly regarded technology leader. An innovator he started companies patented technologies raised venture capital and private equity in recently served at the nation's leading cybersecurity executive Brian is a ceo of next five. It technology focused business. Intelligence company insuring. Us leadership in critical emerging technologies including ai. quantum space bio and more. He serves on the world economic forum global future council on cybersecurity in his adviser technology companies investors prior to founding next five. Brian was the first presidentially appointed director of cybersecurity. It system leading. The one thousand person will point. Two five billion dollar organization appear to intense volatility in aggressive interference from nation state adversaries at Brian developed the agency's first. Five year strategy and plan to modernize sensor computing infrastructure transform. The way the agency deliver services and scale the agency to protect critical infrastructure under his leadership systems operational partnerships with the private sector national security community. Intelligence international partners were significantly enhance prior is operational role at sister. Brian was an assistant secretary. Dhs serving as the secretary's advisory cybersecurity emerging technology matters leaning strategic initiatives across the us government in in allies to counter chinese espionage and unfair business practices. Brian is an entrepreneur co founding of intel artificial intelligence company in nineteen ninety eight which he led as ceo through multiple rounds of venture capital investment until. It was acquired twenty thirteen by haystacks after serving a cto of haystack for several years during which he helped the company acquire leading cloud technology cyrus companies. Brian took over as ceo. Haystacks twenty sixteen until its acquisition in twenty eighteen. Brian started his professional career leading. Defense contractors working on advanced technology platforms like the star wars programme early. Uav payloads in immersive simulation in he holds a degree in applied optics from rose home in institute of technology. It's my pleasure introduce a former director cybersecurity at cisa current founder and ceo of next five. Mr brian wear brian. Welcome to task for seven radio. Budding also glad to be here. Thank u m s. Been awhile since we were hanging out. It's been since the pandemic we're able to get together scottsdale for a sign it in really hang. You're still insists at the end and it was great to catch up with you and i'm always please. Would i get a chance to hang around. You'll get your like minded and you're just killing it out. There appreciate taking time was up right before right after our 'save is if it was right before it was it was actually my last time on an airplane was january february of last year. January writers scottsdale generates might have been my last time. Also we'll look at next time with a another warm place to go. Hang out at some point this winter. It's just a lesson. Andy that when you got up opportunity to be at a resort in scottsdale drinking wine You should you should take full advantage of it and treat it like it's your last because it was on be that's right it's might be. I know it's lessons for life right. You never know. I love it will look. I'm super excited. Heavy on and You've done so much in your career. I know you barked on a new journey next five. We'll get into that. But i'd love for you to set the stage for the audience around just a little bit about your journey and then how did that land over at cisa and kinda. How'd that play out in definitely wanna hear you know kind of what you're doing next. Yeah that's awesome. I so i started my educational career as a as a scientist is what i wanted to be when i grew up. I figured out that wasn't a great college student. certainly didn't want to go get a phd. Which kind of what. The physics required. So i went out and try to get a job in the first job that i that i got. Put a computer my desk instead of put me in a laboratory And you know. I was trying to help build simulations of the the star wars system of the strategic defense initiative and knowing really very little about computer programming knowing just enough you know optics physics to be dangerous and i guess the next thing. I kind of figured out my career was. I wasn't a great computer programmer. Either but it was a pretty decent designer. I can understand you know hard problems and try to translate those into into software Compelling interfaces and tools for user and that became a real passion of mine in a real strength of mine and worked for a number of defense kind of contractors building optical systems for. Uab's or very very early uav's before we can build uab's their payloads and eventually some friends. And i decided that we were tired of working for the man so to speak and felt like we. Could you know we could build our own company Build it to be more a product company. So we started coming. Cultural sandbox digital sandbox is all about using What now everyone calls. Ai but just using analytics good algorithms to to make To reason about nick predictions about the future in ways that you could prioritize like the most likely the most risky things to happen and then overlay on does out risk management strategy so we built a digital inbox ran into a couple rounds of venture capital. You know ended up with about a third of our customers during the law enforcement stays in about a third of the national security space third of were large Corporate brands large banks. The nfl and others really need business that i learned a lot as the ceo of amid i sold at school. Private equity platform called haystacks. And we just kept building building your take advantage of a lot of a i in digital sandbox and combining with it security cloud security companies to build more cyber analytics business. And i left at. I let into ceo and then found my way
A highlight from Project management careers in the military and private sector | Cyber Work Podcast
"Spent much for career in the project management space for cybersecurity previously working at tech systems in both the texas army national guard and the us army so a recent guest project manager. Jackie o shack recommended jimmy for the show And as we had a ton of people tune in to see jackie's episode we realized that our listeners are pretty passionate and thirsty for more project management in it and cyber content as a career path. So i'm really looking forward to talking with jimmy butler career path as well as some of the unique aspects of doing project management work on federal and military level. So ginny thank you for joining me and welcome to cyber work. Anchoring scrape to be here. Thank you very much so we like to start with the usual origin story. Question what i got you interested in. It and security. I see that you did. It project management. Going all the way back to your earliest days in the us army so did you learn these skills in your military training or did you bring them to your military training saturday. That's interesting question. And the i i'm very interested in it. I was is actually for my mother because she was a restaurant manager. And that's when windows came out. She wanted to somebody to make poster for her to make worse and all that and speci- so she pretty much told me. Jeanie you're pleased. Learn excel so found a way to learn excel and i was able to do everything for her and fast to the military and i wasn't even in the it. Feel i was in. The warehouse feels processing repair parts. However i guess i type really very fast and my boss was looking at me so people in style processing thirty a day. I was able to three hundred dollars a day. I don't know he was my typing skill. Anything so put. She put me in the office. And at that time i was doing come in a little bit command printing on the unix system and i had no idea what that was i knew i was in the route. But that's all. I knew but that that's when i we realize. Hey i might be good at that. Let me go pursue this field. So i got degree. Computer information system in the bachelor and management information system s master and graduate degree. here i am okay and so you brought you brought your degrees in your experience with you to the us army then is that right. I so i. I was fortunate enough to brench signal corps which to army company occasion branch so when we go into training and of course they did. The army dead provide me enough technical training to understand what is what is the semi model. Ought not really teach you how to manage so my first job is really. Hey you in this first job you got the basic skill you need to enable us to tell us by means my customer my customer my by men is my bosses and they all around me and is okay you better make it hacker so guess what or think you'll may happen there you go. That's probably the best way to learn anything that's for sure. Yeah so. I guess that a few months back we had your colleague genteel shack on to talk about cyber security project management and we were delighted to find out that people are eager to hear more about it. We got a thousand listeners for the episode in just the first week alone so we were like. Let's talk more. Let's talk more about cybersecurity project management so for those who are just considering this type of work. Tell us what a project manager does in cybersecurity. Space like yourself. How does how does your work fit into the larger security landscape at dell so yes i work with jackie so i heard her talking about this. Podcast and jackie is really from laminar project managers. So i'm glad we have her in the few so your questions. First of all. I want to say like in s a project manager in cybersecurity is really come down to and i want to break it down like this and it comes down to three parts. Which is your personal power. You'll expert power and your positional power. So and i can tell you. Seventy percent is my life for me is personal powers twenty percent. It's my expert power expert power.
A highlight from May 17, 2021
"Asa have been struck by a ransomware attack. The avalon ransomware group a. v. a. d. o. n. claimed on their league side that they had stolen three terabytes of sensitive data from axa's asian operations. In addition there was a dido's attack against a global websites making them inaccessible for some time on saturday on the attack comes just a week after. Asa stated that they would be dropping reimbursement for ransomware extortion payments when underwriting cyber insurance policies in france dark side said it lost control of servers and money a day after biden threats. One day after. Us president joe biden. Said the us plans to disrupt the hackers behind the colonial pipeline. Cyber attack the operator of the dark side ransomware group said they had lost control of their web servers and some of the funds they made from ransomware payments stating that crypto currency had been withdrawn from the gangs. Payment server opinion varies as to whether this was a coordinated take down by us authorities or a route that will allow the gang to return under a new name. Ceo's could face jail time for iot attacks by twenty twenty. Four gartner has warned that as many as five percent of business leaders could be held liable by two thousand twenty four due to increased regulations around so-called cyber physical systems cps's such as iot an operational technology stating that the financial impact of such attacks on cps's resulting in fatalities could reach as much as fifty billion dollars by twenty twenty three. Tell filmon research vice president at gardner states that many business leaders aren't even aware of the scale of cps investment in their organization often because projects have happened outside of the control of it. She says technology leaders in the organization must step up to help c. e. o.'s. Understand the risks that cps represents an why more budget needs to be allocated to operational resilience management in order to secure them. Colonial pipeline did not tell ceasar about the ransomware incident. Cease did not have technical details about the colonial attack. As of tuesday morning of last week. The agency's top official told senators at the senate homeland security and governmental affairs committee. Meeting held that day in fact the only found out through the fbi with whom they have close information sharing relationship. Although season was forgiving about colonials lack of communication one republican senator in attendance called the attack quote potentially the most substantial and damaging attack on us critical infrastructure. Ever end quote referring to the fact. It's shutdown withheld. Its daily delivery of one hundred million gallons of fuel products and prompted the biden administration to declare an emergency triggering the environmental protection agency to issue.
A highlight from The Colonial Pipeline Ransomware Attack
"Welcome to episode one. Seventy three of the weekly shared security show and joining me. This week is the legendary pen. Tester and pen maker. kevin johnson will played played. I like seventy three thousand. Nine hundred seventy three was when i was born is in the people out there that think revealed information i started. It was february. Twenty seventh nineteen seventy-three That waves even more information. I probably shouldn't which by the way is the birthday. My son which i shouldn't share so son was born days. You were no no not year. That would be really weird. I wasn't going to share that. I math does not compute there. No no yeah. So i'm old. Your son is not. that's right that's right sahara things going pretty well. We're busy which is good. I like busy Means payroll is not as hard to make. We are quickly approaching our next run of the pay. What you can sespe very cool. I'm really. i'm not trying to pimp the program. But i'm really excited by a number of people who are taking the opportunity to take the class at no cost or very very low cost i because it sounds goofy to say but i'm really adamant about the idea of helping people get into the field and were seeing so many people who who can't afford or couldn't do this site of saying being able to do it and i think the right way to say this. I'm really proud of that. I you know. A john strands got some cool stuff going on with the same thing we can blake to encourage other companies to do it. You know it it's important it's important it's well needed because as you know there's so many vendors out there that training is just unaffordable for a lot of people will say in a particular customer. Let's let's just without french talking Being way too expensive for years. I always laugh that it was without security. If you translate down but it is awesome seeing your classes grow and you keep doing this and they are popular. We'll definitely link that in the show notes for everyone interested and we've talked about your courses before in the show but definitely worth talking about again. So i'm good. I'm good. I'm i'm it's been a busy newsweek as well with this whole colonial pipeline and that is the topic for this show wanted to get everybody up to date and kind of the current state of. What's going on by the time you listen to this on monday. I'm sure it'll all be changed. Actually they announced was it last night or this morning than ounce that by the end of the week they'll have the pipelines. Yes i i'll be. I'll be blunt part of this really really makes me angry and part of mitt makes me laugh by the way all of the pictures. I've seen so far in videos. I've seen so far people up. Plastic bags with gas are not current plan. Please don't do that by the way to do that. Do not sell a plastic bag. I thought threat where people are like. Oh man the personal homeless person is so rude. They should have offered to help. And i'm like help. What if the hers was dumb enough to fill a plastic bag with gasoline and put it in the trunk of their car. I'm not sure how much help you can offer. And i might. No i don't know. I don't know i. I think this one's interesting. I wonder clear. I we can talk about this and say man. This is bad and this is what happened. That was bad and as far as me. I'm assuming you're in the same boat. We're talking about public information. I have no insider knowledge about what's going on beyond ten. We read is before Other organizations and i think the most interesting part in this one is a ransomware attack against corporate network shutting down not network and i've seen a lot of people talking about like oh man. The pipeline got ransomware. No my understanding and of course this just reading my understanding is that the reason they shut down the pipeline as they can't bill for the oil and gas in multiples right.
A highlight from Episode 263 - Introducing Hyprfire and the Firebug Intrusion Detection System
"Copied executive editor. And today we're going to be joined by australian scott up from perth and we've got stephan crandall they say. Ti and tim jonze the managing director jen. Thanks for joining us. Thanks for having us. I add stephan. Your if consi- being the abbot of the brian child behind afa and It's exciting always speak to us. Sort of almost a brand new up and particularly a fifth boys so it's good to have a an australian startup from perth introduced to the technology. And where you're currently at yet. Sorry hotter fires. Entire technologies by stack is based around a concept called power. I which we've developed basically. It's designed to shift the away. That security network technologies from a from a machine learning first perspective to a more well-thought-out statistics perspective that reduces the amount of computer quiet and makes these things lightweight enough that you can pretty much any way. Cloud virtual prime wherever and the technology has come abound from. You'll research their university have well. Let me talk us through the process because interesting story in its iron rhine not yet absolutely so my phd research is what spawned this wonderful bank. they're these series of statistical laws that we know of That are basically consistent with nature everywhere right there in bold in Fun of technical so the things such as likes on facebook. Follow us on twitter The laws are really really strong in such that. If you are not that. There's something if something doesn't match it when it should you already know. You're something's wrong. You don't know what the reason for the anomalies yet but you know that there is one which in and of itself is a big jump away from having to figure out what normal is before you can say what isn't on essentially what happened was is during my research. We found that there was this paper that suggested that network traffic actually conformed to these laws and we went. Hang on if that's the case that means we don't have to do all this machine learning only detection in the first place. We can sort of just type the metadata from network packets figure it out from there and sort of the pyramids instead of having to learn everything. You just kind of nowhere and work it out Soldered initially this was designed as a sort of Initially this was designed as a denial of service mitigation system. Which we have we actually built a prototype all part aside but essentially what you consider is simply from a packet metadata itself you can identify using these properties which packets belong to the audio back even if the packets themselves. Look exactly the same as the packets. They're being simple. Legitimate uses at something like ninety something percent ninety nine point something percent accuracy with a full percent less False positive right not lost. It's really important because the tcp in udp retransmission right as built originally into the into the internet is less than four percent. Sorry is this just a little bit bigger than focusing so if it's less than full percent what it means. Is that if you're doing this no one should have an arduous op trials and tests. We've noticed that no one does the other thing you can do. This is obviously because we're able to pick out these sorts of anomalies and it's such a strong detection tactic of we can use this as as an a priori based method of just knowing immediately win. Something's wrong with the network. I could be something. Generic life someone's loved in for the first time into something or someone's copping files they don't usually copy say the dead of night but These sorts of events things as security team. You want to know about once investigate because if someone is copying a big file tonight. Why are they doing that right. That's something unusual. And of course it's able to sort of detect these anomalous activities without requiring policy to determine win. These sorts of things are happening Which means you can do it really really quickly and have a grasp on way sort of anomalous stuff in the networks happening that feeding itself is really really handy if you've got a sort of established seem an established aid because that can direct you to which sort of false positives if you will a more interesting to investigate as if something saying that a whole bunch of things happening on the network and this says will these machines over here seem like something needs going on these machines over here. Seems like something's going on. That's we want sorta investigate first because mathematically bass with the most unusual stops happening so it is. It's happening in real time as well. It's not something that is analyzing it and takes a little bit of time in real time. Yeah no this is. This is incredibly quick The amount of math that's required to pull it off is very very small in comparison with machine learning machine learning his incredibly bulky osler ability right to train and then retrying.
A highlight from Ep. 157 How It's Like Working with Instacart
"Hollow lower by. Thanks for taking the time to listen to the lease in grace episode but in graz episode but welcome to episode one fifty seven. All delay allegri podcasts. Always on the gray here or short known us just leon but however so today I'm going to beat talking about Instacart and supposedly. I was supposed to work on episode one fifty seven. Friday have it published but due to Insofar that got me busy and haven't had time to post Episodes more freaking frequent fashion and so then yet again. I just been delayed and i got tired after doing several cars last week. And so today i wanna give you full on details on audio. What is like working with instacart. So before we begin into discussing on instacart. I want to go and give you a shallow to day partners i am sponsoring with and so today i am wanting to give a huge huge shoutout to zanny and scrooge case so let me go into detail about zero and those that don't know what zana's is right now. Zinni is a anti blue light protective glasses. That protect your eyes from Whenever your work on the computer for long periods of time or whatever it may be you're doing gaming or Doing whatever it is Or even music productions dot right there. If you're working on the computer for batch dono person let's say about two to three hours minimum You'll start to feel the effects of your eyes and with me working on computer for a long time. I feel it's anyone can feel at all if you're in front of a computer screen for long periods of time. Just as good. I love it. i recommend the for. Denny's what you're waiting for. And i'm sure that you you or your significant one will love as well next and foremost it is Scrooge case sketchy if not heard of scrooge case this will be a good time to get into case because scrooge is an awesome. Awesome a little. Kick stan cover case phone. I love it. They have tons of Skins that you can choose for For your case not just skins by have on many colors and the best part about scratch is at is not just a Protective case also comes with a kick stand so lets you let you stand your phone anywhere. So you don't have to leave it flat on the table or fly anywhere else. So they'll kick stan. Amazing is not just a stand as well by. If you are traveling like i m you can go ahead and use the stand To put it into your dashboard. And if you don't want if you don't like the option into let's just say amounting your car right in front of your dashboard and having deal with the he sieve Glue that comes with those Mount does gps mountains. Not to worry. You do not have to ruin your dashboard. He could stick to kick. Stand right roy Right in front of the of ventilators of the car. And that's it. It makes it super super simple You'll fall in love with coach. That's at go ahead and pick yourself a scrooge case right away what you're waiting for scooters and you will love now going through today's sponsors let's get right into what is instacart and instacart. It's just been growing with popularity for some time now as and for those that don't know what it is about now here in the states. Insecure it's It's is a grocery delivery application which I've would i like the concept a lot which However this right here. I actually embrace that on toll later on but the idea is actually really really simple. I've really fascinating which if you are someone. That's looking to for instagram vacation. A having your deliveries right to your door or picked him up yourself. Instacart is it is it. I'm gonna get in today's show and step by step. What might experience about instacart has been like so far. And so i've done right now as of as of now i've done about over forty five And they've been pretty good experience. Actually in this case. I think It's a car at some something i've Enjoyed using a lot. I think the education The application is really really convenient.
A highlight from Zeroing in on zero trust. [CyberWire-X]
"Extra hop and capital reina of crowd strike. Here's rick howard. I had the chance to sit down at the sabir. Wire hash table with an honest to goodness internet celebrity. His name is john kindergarten currently the senior vice president of cybersecurity strategy and group fellow at the onto it grew. He's also an old friend of mine and colleague. We both worked at palo alto networks together for about five years. But more importantly he's the guy that wrote the original white paper on zero. Trust back in two thousand ten that we all base our zero trust deployments on today the papers called no more chewy centers introducing zero trust model of information security and he wrote it when he was working for forrester a cybersecurity research and consulting firm in that paper. He became the first person to say that we should all just assume that our networks were already compromised by the likes of fin seven wicked panda and cozy bear and that we should design them. Accordingly to reduce the probability of material impact to be fair john didn't originate zero. Trust idea after all the concept started kicking around security circles in the early two thousands. The jericho forum started talking about de perimeters ation as far back as two thousand four. The problem they were trying to solve was that most of us install an electronic perimeter a wall that bars access to our digital assets. But once you have legitimately logged in you have access to everything inside the electronic wall by d. parameters ation the jericho forum meant that verifying identity and granting access authorization. What happened away from all of our digital assets. In other words it would happen outside the electronic wall once granted the user get access to the asset they needed not all the assets within the perimeter the us military incorporated some of these ideas into their black coroner in two thousand seven somewhere between then and two thousand ten. The community started to refer to d- perimeter ization as software defined perimeter or sdp in two thousand and ten john kiner vogg working for forrester published his essential zero trust white paper that solidified the concept and expanded upon it that same year because google got hit by a massive chinese cyber espionage attack coined operation aurora their site reliability engineers rolled out an internal version of sdp as part of a network redesign a few years later about the same time that the cloud security alliance adopted as dp as a best practice. Google lhasa commercial offering of their internal. Sdp architecture called beyond core. But let me be clear. Sdp is not a complete solution as john. Kindergarten would likely point out. There are many things you can do to improve your zero trust posture. But if you deploy the nest ep architecture you would be a long way down the road on your zero trust journey. John would disagree with that. He really is annoyed with vendors who claim that there. Sdp solution is zero trust solution and he would be right at best they give you a framework to hang your zero trust policy on at worst. They are collection of new and shiny tools. That security practitioners would have to deploy and maintain and we already have too many of those. We are responsible for. I personally like the frame idea. But that's just me regardless. Since i john at the hash table i asked him what drove him to write the original paper. In the first place. I had been a security engineer and architect. Prior to coming to forrester in two thousand eight and i had always been frustrated with this idea of trust in digital systems because when you installed old school firewalls which is still true today but even worse back then you had to assign an arbitrary trust level to various interfaces in order to get traffic to flow because that was what policy was based upon and in fact you were going from an internal interface that had the highest trust level one hundred to an external interface that had the lowest level zero. You wouldn't have to have a alpo rowlonin at all which are found to be just scary. Why don't we put out by rules on this because we just don't we don't have to because we're going from trust untrusted. I thought that was silliness. And then i started to investigate trust. I met some people who thought about it. A lot and started explaining the differences between say direct trust. I know you for a long time. So i i trust you and then you have a friend who you tell me about. And you say he's a good guy that's transitive trust and i understood it at a human level but i realized those concepts didn't translate well into the digital world the poster children for why we all need a robustly deployed zero trust. Posture are edward snowden and chelsea manning because according to john these government whistle blowers proved that identity is not sufficient to prevent data leaks. We'll snowden and manning are still the most famous. Because they're like the beyond saying madonna cybersecurity. They were trusted users on trusted devices. They had the right patch level. The right antivirus but nobody looked at their packets post. Authentication they're still the two best use cases because it automatically shuts down this idea. That zero trust equals identity. I've proven to you. With two words snowden manning the zero trust does not equal identity because the identity of those packets. What user they were tied to was not in question on those networks just no one looked at him. No one cared. They had way open access. Remember john wrote the original paper over a decade ago. He also wrote a bunch of follow up papers. After but the forrester leadership team decided to hide that behind a paywall as such most of us have never read them including me. And i'm one john friends. The result is that there has been a void in pushing the idea forward other authors and researchers have jumped in to fill the vacuum and put their own spin on the idea. Evan gilman and doug barth published their own book on the subject called zero trust networks building secure systems untrusted networks and security vendors have begun claiming that all of their product for zero trust solution. Which as you might imagine has caused some confusion amongst us practitioners and that annoys
A highlight from Jack Voltaic: Army Cyber Institute's critical infrastructure resiliency project, not a person. [Research Saturday]
"From all over the nation. Come to help. Whatever the affected area is and her thought was what if we could do something similar would cyber. We have struggles in having the appropriate number of cyber personnel. We have a negative unemployment rate in cyber. So what have we could lift and shift personnel when there's a major disaster and so that's how the cyber mutual assistance workshop in twenty sixteen happened and at that workshop. They discovered that there was difficulty in translating things. Across companies and across sectors and so the broader research became. How do we help these sectors topped with each other and leverage each other in the event of some type of cyber incident and so they conducted jagval take one in new york city in partnership with city And from jagval take one. They tested a terrorist attack with a cyber attack that occurred afterwards particularly targeting the finance transportation and energy sector and the data. They came out of that. Show that we weren't really prepared. Four opportunistic cyber attacks and so new york city was able to leverage that research and have since stood up their very own cyber command. And then you move on to jack Take to what was What was the program there so with jack. Full take two. We decided that we were going to take a look at another major metropolitan area. In this case it was houston and with that we also incorporated beaumont texas which is where we do a lot of port activity on the surface deployment and distribution command. Does they move stuff out of the port of beaumont and so we brought them into the scenario and we were looking at what happens in the event of hurricane and then a cyberattack kind of plane on the chaos that surrounds hurricanes and then what we learned from that is one during a hurricane. All the ships are going to be pushed out of the port so any cyber attacks that happened after that are basically overcome by events and don't have an effect and but what we also learned is what we tend to think of as the center of gravity. You know you. You look at energy. Particularly isn't going to always be the center of gravity For houston water and wastewater was actually a bigger issue because of the amount of water needed to shut down the chemical plants there. And so these jack full take events kind of pulled these threads that no one's gone you know all the way down the rabbit hole on and we learn new things every time we conduct one well today. We're going to be focusing on jack. Voltaire three Before we dig into to what you all did this this time round I'm sure there's some folks in our audience who are wondering about the name itself which i'll admit i find a bit delightful Can you give us a little. The back story. How did come to be called jack. Voltaire we'll sure So in the army military in general we tend to give things these two word names. And so judy really liked the term voltaire pick and kept kind of trying to figure out what would go with that and then hit upon jack and the bad thing about jack. Full take is. It's often caused people to ask us. Who will take is and expect a man to show up for these discussions came. No it's it's it's certainly Catchy an easy to remember. And i think fitting for the type of exercises. You're doing here. Well let's dig into the third iteration What did you all set out to do this time round. So i'm gonna go back just a little bit right before we did the third iteration. We were asked to do a series of workshops across america. We went to six different port cities and this was jack. Voltaire two dot five and what we saw. Was that these port cities. Even though you know. They're they're all port cities. Every single port city is different. And so that kind of led us in jacksonville. Take three to not just look at port cities but also make it more of a regional focus. it's kind of trivial completely trivial but fairly trivial if you can pivot from one port to another that's within a couple of hour drive where it becomes difficult is when you have to ports that are in close proximity to each other that are both experiencing problems. And then you've got to start looking further away to give it to a different port if you're trying to do A force deployment and so for. Jv three we were looking at pulling the thread that we couldn't pull with service distribution and deployment command our deployment and distribution command During jv
A highlight from Ransomware hoods and their enablers may be feeling some heat. Supply chain compromise and third-party risk. Colonial Pipeline resumes deliveries (but paid ransom to no avail).
"Dark side. says it's feeling the heat and is going out of business. But some of its affiliates are still out an active for now at least a popular. Hackers forum says it will no longer accept ransomware ads. The bash loader supply chain compromise afflicts another known victim colonial pipeline resumes. Delivery of fuel irresponsible disclosure of vulnerabilities hands attackers a big advantage. Carol -tario looks at nf. Nfc's joe kerrigan wonders about the return on your ransomware payment investment. And there's a lot of amazon theme division going on
A highlight from Cyber Security Today Week In Review for May 14, 2021
"A controversial new worldwide data sharing policy with facebook comes into effect tomorrow last week. What's at promised. It wouldn't cut users off if they didn't agree to the new terms time for some discussion with me. This week is dina davis of arkhipov. Hi there hi. How are you doing today. I'm doing great in. It's nice and sunny outside and with any luck this afternoon. Get out for a walk. Yeah my daughter. Made it into the pool for the first time. Yesterday mom i was wearing a bulky. Vast. 'cause i was so cold standing outside with it being only thirteen degrees but she was a happy little fish in the twenty three degree water. It's great the colonial pipeline attack. It's been on everybody's mind this week. Which is why. We're giving it scrutiny. Right off the top start off with some background so on friday may seventeenth colonial pipeline disclosed. That they had taken key. It systems offline because of a security incident and it turns out. there's a group called dark side who has attacked them and they are a ransomware group. The big deal about this one is that it has impacts hugely in the united states right. Its colonial supplies. The gas for a very large portion of the united states and taking down their. It systems also meant that their operational systems went down to so leaves. People very worried about getting gas. I've seen some crazy. Video is on at of people actually filling up plastic bags with gas case like to store it which seems just nuts but it's caused quite the chaos and as we were recording. This podcast news came out that colonial actually paid five million dollars in ransom to the game behind this. They did and the crazy part is it. Looks like they did get the decryption software from dark side but it was so to us that they've still had to go to restoring from their backups. So as almost useless paying for it because it took too long for that software to work which is even more crazy rate but it also means the impact of the attack just spreads out more one thing. Cincinnati may point to is the lack of readiness a critical infrastructure firms. It isn't clear because we don't know how the attack started but more importantly it seems that the operation all network of the company which runs the pipeline was not hit cricked so the company says it close pipeline temporarily as a precaution after the. It system was hit. Colonial told the associated press that the it network is strictly segregated from the pipeline control systems. I hope it is a canadian expert. I spoke to said that canadians shouldn't be smoke. That the attack happened south of the border because it could have happened here. Do you have a sense of the readiness of canadian. Critical infrastructure providers to withstand cyberattacks. I don't really but you know this is wake up. Call for everyone in the world right as if solar wins and other things weren't enough either but this could happen to any of us in any company can have a bad day. But are you actually ready for this. If it happens to you when it happens to you and so. I think there's a lot of seaso's in and ceo's this week maybe in the energy sector going. Oh boy. could this happen to us. Do we need to go and look at things. What's going on the interesting thing. I thought was stealing. Data from a critical infrastructure supplier could be as damaging as actually damaging its operations so for example in in colonials case it says it temporarily closed pipeline an abundance of caution well that caused gasoline shortages. And so my point is if an attacker you can get companies to do that. It's as effective as compromising the pipeline. It absolutely is any way that an attacker can put pressure on you to pay. Hay is good for the attacker rate. So if it's that you are forced to turn off the service that you are providing such as gasoline or energy you know people clamoring to get that back which will put much more pressure on to the company in trying to figure out what to do and clearly. This company felt the pressure and they paid the ransom until one lesson is. You've got to be prepared for a cyber attack because it may succeed on on on the one hand you're going to be spending money on technology and the idea is to block the attack but this is a matter of of reducing risk. You're not going to be able to block every attack and companies have to be prepared. Yup absolutely and you know a data theft alone can be costly because it. It may include confidential business information on acquisitions on product pricing. Accompany may shrug about that. But what baby. Solar navy personal information of employees. Right and so. That's very dangerous because employees sure. Don't want their gates of birth their social insurance numbers maybe their bank accounts numbers if the company's making a direct deposits for salaries and that may be worth paying a ransom for so. I think this incident is just more of an incentive for firms in critical infrastructure to tighten their cyber security. It absolutely is the other interesting thing is the threat actor. Here is of a newer threat. Actor called dark side and they are a growing group of ransomware as a service providers. And what's interesting is dark. Side has two main goals to accomplish when they infiltrate a victim organization so they move laterally through the network and infiltrate sensitive data. Like you're talking about the one at grab as much of it as possible because they to find a lever. They need a lever for you to pay. Whether that's a denial of service attack. Basically mickey you shut down your pipeline or stealing your data and threatening you that they will publish if you don't pay and then once they've got your data they're gonna go and encrypt everything on the systems that they can find. The one thing we know about dark side is their signature is that they actually go and do a lot of research about the person attack before they do it. I'm kind of their hallmark. So usually they will go after these places get all that information posts that and then really pushed for them to pay the money in this case. We haven't seen them put a post up about colonial. We haven't seen them put a post up with colonial data in it yet. Maybe that's because colonial paid five million dollars early could eight exactly and maybe they don't wanna draw any more attention to themselves. This was maybe a bigger hit in a more attention than they anticipated. They published an advertisement for their service in november of twenty twenty which is quite interesting actually so it was a russian speaking actor called dark sup that advertised it in russian language forums in so the interesting piece about it is that the affiliate affiliates are the people who actually will use their software to run the attack. They actually have an interview process like you have to be accredited like in a new credited criminal. Guess that you actually know what you're doing with this ransomware stuff. The affiliates retain about seventy five percent of the ransom if it's less than five hundred thousand but up to ninety percent if the ransom is over five million dollars so dark side always takes a cut but you know the affiliates get quite the cut here as well but the very most interesting part of this is that The actor dark up has stated that the affiliates are prohibited from targeting hospitals schools universities nonprofit organizations and public sector entities. Now you might think. Oh it's because they have a good heart. No i think it's actually because they don't want to be attacked. They don't want to have the authorities come after them. They're also interestingly prohibited from targeting organizations in the commonwealth of independent states so like russia and kazakhstan and belarus georgia. And that kind of stuff so that that's also interesting right so my guess is here. They're trying to lay low after this one because they did not expect something this high profile to hit them. nor did they want it Yeah we i mean it was interesting that dark side issued a statement this week seemingly in response to fbi allegations that it's linked to the russian government. Here's what it said quote. We are apolitical. We do not participate in geopolitics. Do not need to tie us with a defined government. Our goal is to make money and not creating problems for a society from today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future Yeah they they didn't like it. They didn't like that. There are affiliate went after colonial. I it sort of sounds like that. Sounds like they were urust causing long lineups. That american gas stations and attracting the attention. Not only of the fbi but also the president of the united states I talked to greg.
A highlight from Cyber Security Today, May 13, 2021 - Beware of fileless malware, a Wi-Fi warning and more
"Are increasingly turning to what's called phyliss methods it's done by having the malware execute in a computer's memory that avoids files which can be spotted by antivirus systems. The latest example has been discovered by a security company called anomaly. It's as a threat. Group is using a free microsoft software development application called m. s build to plant a remote access tool on victims system and then it installs malware that steals passwords. Al isn't known yet how systems were initially compromised but typically gets done by tricking a person into using a legitimate looking but hacked application information. Security professionals are warrant to educate employees about proper sabir security procedures when handling emails with attachments and not downloading unapproved software. Wi fi has been in use since nineteen ninety-seven well. That's how long several design flaws have been sitting in routers smartphones and other devices. according to a researcher. He dubs them frag attack. If an adversary is near victim using wifi they could steal data or their device. A fortunately these flaws are hard to abuse unless there have