Transcript

welcome to the cyber rants podcast
where we're all about sharing the forbidden secrets
and slightly embellished truths
about corporate cyber security programs
we're ranting
we're raving
and we're telling you the stuff that nobody talks about
on their fancy website and trade show giveaways
all to protect you from cybercriminals
and now here's your hosts
mike ratando
zac fuller and loro chavez
welcome to the cyber ants podcast
this is zac fuller
joined by guess who
mike ratando and laura chavez
yep it's gonna be one of those episodes
so we're gonna dive right in today
we're winging it
there's some interesting stuff in the news
there are a lot of things going on
we're just gonna chat
talk about what we're seeing
what's going on out there in the wild and
and so let's get it all teed up
mike you want to kick us off with the news
app developers increasingly targeted via slack
devop tools
this is a very interesting story right now
slack docker
coober netties
and other applications that allow developers
to collaborate
have become the latest vector
for software supply chain attacks
developers are increasingly under attack
through the tools they use to collaborate
in the produced code
from cybercriminals
in nations states
cybercriminal claimed in september
to have stolen slack credentials to access
and copy more than ninety videos
representing the early development of grand
theft auto six
according to trend micro
they discover that attackers are systematically
searching for and attempting to
compromise misconfigured dockling containers
neither attack involved
vulnerabilities in the software programs
but targeted security missteps
or misconfigurations by the developers
in their test environments
attacks against the software supply chain
and developers are produced and deployed
the software have grown quickly in the past two years
in twenty twenty one
attacks that aimed to compromise developer software
and open source components
widely used by developers
grew by six hundred and fifty percent
corner of the twenty twenty one
state of the software supply chain report
published by software security
form sona type
so if you write in code
make sure you secure your environment
more good news
the cyber mercenary group void balooer
continues hack for higher campaigns
the cyber mercenary group void balooer
continues expanding its hack for higher campaigns
despite disruptions to its online advertising personas
it's their marketing problems
their new information comes from
cyber security experts at sentinel labs
voyebellore was first reported in twenty nineteen
under the name equilite
then again in twenty twenty
when they hit amnesty international
in november
twenty twenty one
our colleagues at turn michael provide the largest
larger set of malicious activity
and named of actor void ballor
based on a monster of east european folklore
attacks are often very generic and theme
may appear opportunistic in nature
and account for targets make making use of mfa
further the group regular
tries to gain access to well known email services
social media and instant messaging platforms
and corporate accounts
void ballorum remains a highly active
involving threat to individuals across the globe
from the targeting well known email services
the offering of hacking corporate networks
the group represents a clear example
of the hack for higher market
we expect this type of actor to be
an increasing common to be observed in the wild
lazarus lure is aspiring crypto pros with fake exchange
job postings
researchers
are warning that lazarus has expanded his campaign
using fake jobs of cryptocurrency exchange
to trick mac os users into downloading malware
just last month
research observers researchers observed lazarus
which is an apt
group with ties to north korea
is using coin based job openings to trick mac os users
into a downloading malware
now central one says
the same threat group has expanded its fishing campaign
to include fraud job posting to crypto com
according to sentinel
one report on the new crypto job lure
the additional victims
are initially contacted by lazarus through linkedin
this is a really interesting story
for those that say well
i have got nothing for you to steal
why are they hacking me
well crypto miners
hijack fifty three dollars worth of system resources
to earn a dollar
security researchers estimate that the financial
impact of crypto miners infecting cloud servers
cause victims about fifty three dollars
for every dollar worth of cryptocurrency
threat actors mine or hijack on hijack devices
the activities generally attribute to certain
financially motivated hacking groups
most notably team tnt
that perform large scale attacks against vulnerable
docker hubs aws
redis and cooper
now these deployments
the reactors load modified os images
and claiming xm
rig a minor for monero
which is a privacy oriented
hard to trace cryptocurrency
and currently the most profitable cpu based mining
the mining programs are
use the hack devices cpu
so the threat act regenerates income
by hijacking hardware
compared to ransomware
road crypto
mining is a low risk activity for the attacker
much less likely to attract law enforcement attention
good email here called
your guide to the latest email fraud
and identity exception
friends there's a high chance that someone you know
has been impacted by email fraud or identity theft
at minimum you've
likely received a variety of spam emails
and text messages
asking to provide a payment
or confirm your identity
that cyber security protection evolved
so do the attack methods
used to steal your personal information
two thirds of fortune
five hundred companies
remain vulnerable to getting impersonated
and fishing scams
targeting their customers
partners and investors
in the general public
here's some alarming statistics
ninety two percent of malware is delivered by email
nearly sixty
million people in the us
have been impacted by identity theft
here's some new fishing
methods out there
some of them are kind of old
form jacking
social media identity theft
buy now pay later
medical identity theft
then synthetic identity theft
business in person
personation
and child identity fraud
for those of you powerpoint warriors
here's a scary one
hackers use powerpoint files
for mile silver malware delivery
hackers believe to be worked
to work for russia
have started a new
using a new code execution technique
that relies on mouse movement in
microsoft powerpoint presentations
to trigger malicious
powershell script
no malicious macro is necessary
for the malicious code to execute
and download the payload
for a more for a more insidious
intact report
a report from the threat
from threat intelligence company
cluster twenty five
says that apt
twenty eight
which is also known as fancy bear
threat group
attributed to
the russian gru
like it's kind of like the kgb
have used a new technique
to deliver the graphite malware
as recently as september
ninth and third
actor lures targets with a powerpoint file
allegedly linked to
the organization for economic cooperation
and development
entered governmental organization
working towards stimulating economic progress
and trade worldwide
so you know
we got that going for us
got a couple other
interesting headlines
lockwood publishers
stolen datas of hospital rejects extortion
hackers use no mixer and seo
to spread malware more efficiently
there's more adware on google play
american airlines is learning about its breach
from the fishing targets
which is great
and there's a new rce firewall bug in sofos
laura what do you got for us bud
well i've got a few good things this morning
mike thanks for
thanks for the news
a lot of good headlines there
i'm gonna start out exploits today with a zero day
that just dropped from microsoft
for microsoft exchange server this morning
the thirtieth
so just a little background on this
so yeah right
like big big surprise big shock
but you know
normally these have come out during the week
and you have an opportunity
to bring these up in the news
this particular one drop this morning
and i want to bring it out because it it's
there's a couple cds involved in this one
okay so i guess the big one here is
twenty twenty two four
ten eighty two
all right this is the powershell manipulation
that can be exposed in microsoft exchange server
so to make a long story longer
the easiest thing to resolve this
is to check and make sure you've got ports fifty nine
eighty five in
fifty nine eighty six secured
so you don't want to be publishing that
you know this is
you know they got access powershell
so it's gonna be something on the internal network
it is a remote code execution
but if you're
if you're listing those powershell agent ports
outside of your environment
for automated changes and things like that
you want to turn those down right now
until microsoft gets a handle on this
so those are
those are being exploited on the weather
there's there's news reports of these being exploited
on the wild today
so again check to make sure you don't have tcp
fifty nine eighty five
or fifty nine eighty six
open to the public
internet of things
be a very bad day for you
we don't want to get a call
a couple other things in the exploit news
i want to talk about
so vmware workspace one
this involves cbe
twenty twenty two
thirty one six sixty
essentially there's a workspace one
which is a component of vmware
contains a vulnerability that one of the horizon users
which is part of their embedded operating system
can escalate privileges to get root with
essentially modifying a file
restarting the vmware server
and now being able to log in as route
so what's important about this exploit
is that this was disclosed by vmware on eight two
so august the second
and now less than
less than thirty days later
we have a payload exploit
that will go right into your metasploit framework
and will exploit this particular vulnerability
so take a look at that
if you're using vm workspace one
check out twenty twenty two
thirty one six sixty c v e
to make sure you're not vulnerable to this
if you are make sure you patch it
the other one is for everybody using bitbucket
get command
there is an injection attack that's out there that
again this one got released on eight twenty four
and today nine twenty
or i'm sorry
a couple days ago
nine twenty one
we have the exploit payload ready to go
ready to deploy
and be used in the wild
this manipulates the api in points
as part of the bit bucket
get right your rest apis
which is essentially
you know these application interfaces
that are sitting there like an alexa
okay think of it
it's a good analogy
if someone comes in your home and says alexa play
you know rick astley and get rick rolled
you know what i mean
so yeah never gonna give you up
sort of thing
it's gonna alexa's gonna play an api's a lot like that
it's gonna sit around
it's gonna wait
wait for commands to come in
so if you've got some of these
apis that are being leveraged for the
for a bit bucket get
make sure you're checking those out
this is going to apply to all of your projects
project repository
archive areas in git
so supplying null bites essentially allows
the passing of additional arguments for the attacker
in this case
so if you're using bitbucket and doing the command
get command stuff with it
make sure that you're checking those apis
for the presence of that command injection
so that's that's pretty much it for exploits today
aside from the microsoft on fire of course
it's microsoft
of course they did this
probably not on purpose
i mean probably somebody dropped
like a soggy donut on the keyboard
i'm sure that's the reason this happened
you never know
it was some kombucha
that got spilled on someone's frothy brew
got poured onto the keyboard
causing this
that's right
no and i'm sure that micro
go ahead i could say
there's no donuts anymore
it's kale chips
right come on
come on now
what generation are we in
so that's how this got created
someone snuck a donut into the microsoft campus
it was eating it
like secretly at the desk
and like one of the supervisors came around the corner
like what are you doing
and they dropped it on the keyboard and that's
that's how you have this powershell vulnerability now
and of course
microsoft is never going to give you up
to vulnerabilities
i see what you did there
i see what you did
you just rick rolled my ears
yeah you just put
you put it out into the universe first brother
okay fair enough
i have a feeling that's not the last time that comes up
this episode
outstanding and no w word today so that's good
oh the w is out there i just wasn't gonna mention it
i shouldn't have said anything
well outstanding
you know it's been interesting
there's a lot of stuff going on
i mean there's always a lot of stuff going on
who are we kidding right
but just some
some interesting things
you know more and more ramp up of the mfa fatigue right
it's like somebody
a big successful attack happens
and everybody else latches on
oh well we're gonna try that too right
and i bet a lot of the general public
isn't aware of that at this point
so it's still probably highly effective
there's you know
trusted applications getting attacked
all these great things
so looking forward to
just seeing where the conversation goes today
but long story short
it doesn't sound like cybersecurity's coming
to an end anytime soon
so we'll continue the discussion
here right after a quick commercial break
want even more cyber rants
be sure to subscribe to the cyber rants podcast
get your copy of our best selling books
cyber rants
on amazon today
this podcast is brought to you by silent sector
the firm dedicated to building world class
cyber security programs
for bedmarket and immersion companies across the us
silent sector also provides industry
leading penetration tests and cyber risk assessments
visit silent sector com and contact us today
and we're back with cyberranz podcast
today we're just going to talk about
some of the things that are on our mind
no particular agenda
but i promise there will be some nuggets of gold
because these are always some of the best
i should say always the best episodes
but there's probably some that we've done
that are playing that are pretty good too
they're all good but
well thanks for all the
thanks for all the unnecessary pressure
to make this a good podcast zach
i appreciate it
all i can do is think about rick astley right now so
yeah i'm pretty much toast for the next twenty minutes
come on rick let's roll
you mentioned
you know the the
the mfa exhaustion
you know i think
you know like you talked about it
once somebody figures out that that method works
everybody jumps on it
there's another one out there
it's kind of
out of the realm of what we normally talk about
but you may have heard about
the usb stick
that can unlock a late model kia and a hyundai
and you can essentially pop away the plastic
around where your key fob goes in
and because these are vehicles with an actual
you know key chip that
that does the bluetooth pairing in
that these didn't have
these models didn't have that
but you can take a usb
because it's the right shape
and plug it into there
it'll override the computer
essentially shorting it out
and allow you to start the car
so there's been a
you know someone posted this on TikTok
it's been a couple months
you know this isn't
and it's honestly been around longer than that
i think it's really gained a lot more traction
the last couple months
but a couple
a couple kids figure this out
um you know
at a local mechanic shop
you know messing around
and then make a TikTok video
and the next thing you know
everybody's trying to break into these late model keys
and hyundais
and so in chicago
one of the most popular items was the club the old
the age old metal bar
that you put between your steering wheels
the most low tech thing you could
i mean aside from a boot on the tire
right i mean
that's pretty much the most low tech security appliance
that you can get
and for whatever reason
that is the most popular item now
due to the you know
to the increase in thefts
and i think you're gonna see
you know similar activities with when
you know again
when the bad guys get wind that something works
well now here we go right
everybody's gonna try to get their
their jobs in
so by stocking club now
it's always the low tech stuff
that all ends up working in the long run
isn't it it is
well that's why humans will always
be necessary in cyber security
is because it doesn't matter how high tech you make
the appliances
and the capabilities of ai based cyber security
you know hunter seeker kind of thing
you always need the human
you always need the low tech piece
to not only plug it up and care and feed it
but you know
take care of the take
did you just burp on
yeah i didn't get to mute
that was awesome
i was trying to get to mutant
i started to burp before i click my finger
that's great tire
that's perfect but yeah
i just said you got to care and feed these technologies
and yeah just like that mike
exactly exactly yes
you guys a bunch of savages
tell you what yes
try to bring
you try to make us
you know come in here and be professional
and you know that's not
that's not kind of how
how it goes in real life mike
is ohio state shirt world is like a
it's like a reality tv show going on kind of
kind of is yeah
it's gonna say if you're listening to this podcast
you're taking a risk right
because you just might hear some truth
that you weren't ready for
yeah that's true
well hey you know
on the topic of kind of old school
going back to the club
you know it's interesting too
to see more and more trusted
it's like you can't trust anybody nowadays right and
and that's probably that's
that's probably zero trust man saying
right zero trust
bring it into the new age
and now it's the same thing that
that people on the rockers
on the porch have been saying for
you know ever years
i remember the first time that conversation
i like to think that
the first time that zero trust conversation happened
between two gentlemen with you know
coffee of their cups
or probably whiskey
if we know things better
but it was like
yeah zero trust
man's about not trusting anybody
the other technicians like
so we unplug the ethernet cable from the rack and like
no no no no
it's not it's not that
i don't mean like
i don't mean like full zero trust
i mean like zero plus zero plus one trust you know
just
can't hack a piece
a piece of paper
so there's always
you can't especially if you have bad handwriting
yeah yeah yeah yeah
the filing cabinet is the club of cyber security
right exactly it's
that's how it goes
but what i was saying is
it's interesting to see these
attacks go on through trusted vendors
and i'm curious my
this is this comes from
a little bit of background in this stuff
and a little bit of speculation
so this is not a guarantee
and i also don't want to get arrested
for saying anything wrong here
by the federal government
so um one would
one would guess though
anybody listening who has a background
and the intelligence community understands how
things work
when it comes to compromising certain assets
you know espionage
that sort of thing
which of course
the united states would never do
right but we're talking about other countries here
i believe a lot
of these attacks are coming down the pipeline
trusted software
trusted vendors
trusted hardware that
are people are infiltrating companies
you know i trusted organizations
you know i was about to throw microsoft
i don't know there's
there's a certain level
there's a use case there
i don't know
i want to go further than that
it's a pretty strong use case
apple take take
take solar winds
right all those
these things that are going on
my assumption is there there are
these companies are gearing up right now for
and if they're not
those that aren't
should be gearing up for inside or malicious activity
right because something as critical as our core devices
core applications
core operating systems
that organizations all over the world are using
that is a tremendous strategic and tactical advantage
for nation state threat actors
and we know they put people into the us
or even onboard us citizens
build intelligence networks
get them in these organizations
to actually do malicious things
so this is a big conversation
and probably off topic
of what we're really focused on here
and kind of our core
the core audience that we speak to
but we need to be
especially large corporations
if you're listening
this from a major organization
have any decision making authority
we need to be extra
extra careful
of what's going on within the walls of the organization
you know digital walls right
understand the remote work and all that
but we need to be extra careful
of who's doing what in that organization
and we i believe
we need to have counter intelligence operations
in every organization that's offering any type of
any type of information system that's used widespread
because if we don't
the cost could be just absolutely
absolutely devastating
way worse than anything we've ever seen
so i'm not trying to be a conspiracy theorist here
i do have some
level of education to be able to speak to this but
that's probably one of my bigger concerns
when it comes to cybersecurity
it's not so much just
the hacking groups and sites that are working remotely
but it's what nation states are doing around the world
around the world too
and that's heavily funded
extremely meticulous stuff going on
it's good stuff
and yeah yeah
i mean so one of the things that you can do
to prevent some of that internally
is a strong change management process
right so you ensure that things are checked
and double checked
so the ability to insert something into code
becomes that much more difficult
or to implement a rogue change
you know bust out tripwire and load fem
and hire seven people to read logs
stuff like that
it will save you though
i mean it will
it's a good point
and i think that something that we can point to
that's happened recently
where we can demonstrate the insider threat
is with the sim card cloning
that occurs when
when the cybercriminal rings
try to steal someone's crypto wallets
and you know
we've been directly involved in the
the incident where
we were on the phone call with the individuals as their
their third crypto bank account was compromised
and this is done by you know
having somebody on the inside of one of the telco
providers like att or mirai's owner
probably t mobile for sure
you know i mean
anyways that's talk crap
but anyways
like you know
the crickets of the world
like they got crickets in there anyways
but it doesn't matter
the telephone company
it's hard to determine
when and where this is going to happen
but these criminal organizations
have implanted individuals that they can call upon
when they need something
and so this individual is probably gonna get fired
and they're gonna lose their job and all this stuff
but they're gonna make a heck of a lot of money
especially if they're
if they're gonna swap the clone
the sim of a card
that's gonna give the criminal organization
access to a crypto wallet
that's got hundreds and millions of dollars in it
they're probably gonna make
two or three or four hundred thousand dollars
to make that swap
the verizon infrastructure
i would hope so
i mean some of them may be cheaper
i mean you might be able to get a sim swap
for ten k these days
i mean you know
who knows right
with inflation
right you know
interest rates by the fed
and you know
who knows right
but you know
well they need to negotiate their salary better
they need to negotiate their product
you know yeah
they need to talk to their criminal organization
hr about getting a fair package
when they do these dangerous activities
of course but
but we see that happen
right and that's
that's one of the
you know one of the places that it's it's been
i'll say this
it's been obvious to everybody that there was someone
that it was implanted there right
that got paid off to do this sort of activity
and it's happened several times in the last
couple years
so same could be said about larger organizations
i mean you know
the solar winds
the solar winds
orion hack was
you know profound
because like you said zach there
there's a trusted piece of software
that everybody in the world
not everybody
but everybody who's anybody
is using that
knowing that mys and that's all
automatically allows you to get access into
these organizations that are the who's who of global
you know in
you know not only deformed offense
but energies and finance tech and the whole bit
everybody's using that tool
and that was a
just a nightmare a couple christmases ago
well and they also had it happen at tesla
they there was an admin that got paid a million dollars
by some russian oligarch or whatever
to hack the systems internally
it was just this admin at tesla
so that happened a couple years ago too
twitter twitter too right
wasn't twitter the last one they
i can't remember
was it donald trump's account
i believe or
i don't remember what
what accounts got hit
but yeah it was a twitter same thing
it was an admin at twitter that decided to go rogue
i mean there's a lot of possibilities out there
i mean you think about like
if you've got an msp
that manages your entire infrastructure and
social security
right social security
your software developer
you know and they're developing users
they're creating users for you with
some of them are on finding
right yes but my point being is that
that you know you very easily could create a rogue user
i mean you could
you're trusting this company to do these things for you
someone decides they're gonna do
you know do this and they're gonna steal data
they're gonna steal you know pii
they're gonna steal epi they're gonna steal pci data
what whatever
it all happened so
okay well the other one that's super risky
i know zach's been like
he's got his hand up
go ahead zach
i'll show up
i was gonna say i was
well actually
i'm curious to hear you because you said super risky
so i'm all ears go for it
mine can wait
my it's super super risky
okay super risky
you've got um
a department of defense tech company
and they you know
you know these
these organizations are making some really really
really next level stuff for the
for our military and department of defense contractors
and stuff like that right
and so a lot of these smaller companies
they can't afford to have
you know a major
you know vr involved in the
you know the administration
engineering
of their system
so they'll get a local it person
right so it's like a myself or mike
you know that's more geared towards
you know building your
building a couple backup servers
and hosting those in a home
or manage them at a local data center
or you know
even managing them on the cloud
and they're usually just a one person
they're usually have some
you know random
you know last person's name it
and there's nothing wrong with
with using these
these individuals are usually very smart
and very capable
but they're stretched thin
and i want to talk about a risk here
that since we're kind of on this topic
so these individuals
they're gonna get more business
and more business and more business
and they're gonna stretch themselves very thin
and now they're gonna start looking for assistance
and that assistance is going to be difficult to find
and so they may reach out to an overseas vendor
at this point
to offset some of that
right and now you've got a
would be validated
you know essentially right
your security has been validated
you're a united states citizen
you're operating it infrastructure
for these department of defense contractors
but now you've subletted some work
to offset stuff that you can't handle
to an overseas environment
and now they have access to all of these organizations
and a lot of that doesn't get approved
you just think that
you know hobo joe's
it's coming in
and fixing your stuff
but it's somebody in iran or pakistan or turkey
that's actually leveraging hobo joe's it infrastructure
that proposes them to do work on their behalf
and you're not
you're not really always in the know who is
who is the real person
from what organization and what country of origin
is coming in through your it service providers
technologies
to do quote
unquote normal
daily work right
they can involve copying files down
and other types of things
wasn't that the thing behind the opm breach
that they had outsourced to a company
that outsourced the
venezuela and then outsource to china
yeah and that was the whole thing behind the opm breach
yeah i was always finding it was
shifting the work to another
another set of hands
you know and so
you know it's just like building a home
if you you know
subcontract the drywall
and the drywall contractors
like my guys
are all busy
but i got these
i got these guys from skid row
they're gonna come over and drive all your house
and you may not know that happened right
you just come back
and you like
we did the drywall here
you know so that
that really happens
and you've got these one
these one individual
one human it shops
and not only do you have
the limitation of the human in general right
because it can only do
you can only do so much really
effectively right
you may be able to handle fourteen companies
but can you handle forty
fourteen companies
do as good of a job as you could do
if you're only handling three or four
and so the performance will start to wane
customers might complain
this individual is going to reach out for help
probably not going to be able to find it locally
is going to go and use some form of online service
that doesn't
doesn't vet their individuals as well
and that's kind of how this starts
right microsoft
and you can take any large vendors
the same way
they're looking for developers
there's not a lot of developers
in the united states
so it's hard
if you've got a government
base program
and you're saying
we need to hire us based
or sovereign country based developers
and you can't get because
so what's the next thing you do
right you look at another country
another organization
a lot of the organizations in turkey and iran
and pakistan and india
they'll put their company headquarters in like the uk
so it looks like you're hiring a uk company
but all of the people doing the work
are in various countries that are less than preferred
i'd say to do that type
of intense thing for your it infrastructure
yeah i remember the old days
old days back in the nineties
when i was working on lotus notes
there were not for export
pieces of software we couldn't send overseas
so i mean that's how serious it was then
i don't know if it's still that same way now
do we have those controls in place
but it's something that we have to revisit
so there was something at one point for our
our nvidia graphics cards like
and i think processing chips to
at one point
like intel couldn't export
but certain chipsets to the other parts of the
of the world
because of the security ramifications right then
i remember it was a seventies or eighties that
that was like
there was an encryption export limitation that it could
you can only export encryption that the us could break
encrypted devices like the us could break
i think it was called the sailor chip with ibm so
i can't remember which computer it was
but apple even came out with a computer that
at the time was considered so powerful
that it was a consumer device
a time that's so powerful
they wouldn't export it to certain countries
the government restriction
they thought it would be too much
i don't remember
it wasn't that long ago either
yeah that was one of the pro
the first macbook pros i think or
or maybe it was the
yeah the customer
the consumer
available pro workstations or something like that
i do remember that too but yeah
there was chips that weren't allowed to get sent
i think you know
the moral of the story here is
know where you're
know the industry
and know the data you're protecting
obviously that's pretty clear
but understand your vendors
vendors all right
and where that information is going
like mike said
or maybe it was eularo
that could have a uk headquarters
and then that work could happen
who knows where
so i think there's tremendous benefits from
offshore development teams
in certain situations and such
but you got to know
you gotta know
that's a whole business in itself
knowing who's who
usually it's good to have somebody that's
maybe dual citizen or back and forth
that you know and trust
and have the ability to have some recourse
hopefully on a us based company
if things go bad as well
because it i mean
just legally speaking
it's very very tough to
you know get
get any kind of recourse
when you're dealing with overseas operations
for overseas companies
so that being said
also look and going into kind of
what can you do about it
on the human element side
i mean it's some of the soft stuff that really helps
prevent the rogue
and malicious
employee scenarios
i mean it's never going to be a hundred percent
never going to be perfect
but i mean it's culture you know
and understanding what's going on with your people
that sort of thing
there is a component
when you're looking to build a source
in the intelligence world right
which is essentially what the cybercriminals are doing
they're looking for somebody
in your organization
that has some triggers that they can pull
that will cause them to do certain malicious activities
and maybe otherwise in life
they wouldn't do
a lot of times
these are financial hardships
it might be something
it might be something big
it might be a divorce
it might be something
that causes them
to have some sort of huge overhead
or something like that
and if they're posting about this stuff on social media
guess what the cybercriminals are going to say
oh yeah that looks like somebody we can reach out to
hey how would you like to make an extra ten grand
it's easy it's true
nobody will trace it
nobody will know
right they're going to have those conversations
and that's how
that's exactly how they do this
they're also looking for people
that are just flat out pissed off right
they have a
chip on their shoulder
they're angry
they want to get back at the company
and again where are they going to go
to get this information
nowadays most of time it's going to be social media
sometimes in large organizations
there may be somebody in there that's
and not to sound like a conspiracy there's
but this in fact happens
there may be somebody in there that is a handler
that's looking
that's creating relationships
that's looking for people in these situations
absolutely i think it's algorithms
you know what i mean
so um you know i not
not to cut you off
but i think you'd strike a good point here
with TikTok
there's a rumor
i don't want to call it a conspiracy
because i think we know that these
these applications
like TikTok and instagram and facebook
can collect a certain amount of data about the user
who is interfacing with it
right that's
it was the drive behind marketing
okay well there's a rumor that TikTok and
is being used specifically to create behavioral
um categories and behavioral
traits around humans that are interfacing with it
and so just like you said
now they have a behavioral category
to put a certain user in
and they have
those categories are being
you know looked at and reviewed on the backend by ai
to say this individual
based on what they post and what they like
is more susceptible to potentially doing
something we might need them to do in their daily work
right so i think that those
behavioral profiles are being built
again there's talk about this
that they're using a lot of the social platforms
to build these sort of behavioral profiles
where they can kind of isolate you in a group and say
well you know
he's you know
he's listening to ohio state all the time
and he's wearing an ohio state shirt
and all those pictures
he must like ohio state you know
like because when ohio state keeps winning
so there's really not much manipulation
i'm pretty just happy yeah exactly
it's like mike rotundo
biggest ohio state fair in the world
he be like how did you know that
because you wear ohio state shirt man
but yeah it's a it's simple observations
they're gonna build familiarity
they're gonna get right in the door
you know that's part of it
social engineering
one o one right
well hey we're running up on time here
but this has been a super interesting and i think
i mean there's so much we could dig into here but
we want to keep along with the topic
and a lot of this
is going to be very difficult for mid market
emerging sized companies to handle
but i think if they can understand the basics
what to watch out for that's helpful
so any final words of wisdom before we wrap up
stay off social media
you don't need it
move on from
yeah that's a good one
that's a hard one
i'll say my words of wisdom is that remember
as you traverse the dangers of the internet of things
that everything you do and say and click
is being recorded to a big flat text file in a database
that could be searched later
yep everything
everything is being archived
everything you do
everything you like
everything you click on
and it's gonna build a story one day about you
and for all of those out there participating
think about what that story is gonna say
at the end of that data profile
what is that story gonna say about you
so just think about browser history
yeah i've got
i've got an emergency
i've got one of those bracelets
it doesn't call for help
it deletes my browser history if i'm about to die
there you go
i gotta tell you i
you know real quick story
i was interviewing some high school
doing some op interviews for some high school kids
for their advanced placement for
they want to be cyber security
and one of the things i said was get off social media
and you should have seen their eyes
they were like saucers
they were like what
how does that even happen
so it needs to have
except that one
that's fine yeah right
TikTok is not good
well moderation right
moderation is key for all things
but yeah just
just remember when you're playing in the digital realm
everything about you is being recorded
to text and everything
even this podcast
yeah yeah it is important to accept the fact that hey
people are going to use this stuff
it's going to be out there
they're going to be doing it
so it's but i
so i agree a hundred percent on
be conscious of what you're putting out there and
and conscious of what's going out there
whether you're pushing it or not
right yourself right
knows a tremendous amount about your life so just
just understand that
i think the listeners to this show certainly
certainly know that and understand that
but i think it's important
if we can share this and
and remind people to educate their teams and
people around them and their families and their kids
then we've done something good for the world
and that's good
you know that's what we want to be doing here
so thank you for listening to the cyberranz podcast
hope you enjoyed this episode
we always like to
take some time and just talk about what
what's on our minds
but we also want to talk about what's on your mind
so reach out
linkedin is a great place
cyberrencepodcast com
rate the episodes
share all that good stuff
help us get this information out
and we greatly appreciate you
we will see you on the next episode
pick up your copy of the cyber ants
book on amazon today
and if you're looking to take your cyber security
program to the next level
visit us online at w w w dot silence sector dot com
join us next time
for another edition of the cyber rants podcast