Episode Transcript
[00:00:04] Speaker A: You're listening to Technado.
[00:00:06] Speaker B: Hey. Greetings, everyone, and welcome to another great episode of the Technado, where we make all your wildest cyber dreams come true. That might be a bit of an oversell.
[00:00:15] Speaker C: I think so.
[00:00:16] Speaker B: But, hey, marketing, right? Speaking of marketing, don't forget ACI learning, the sponsor of the Technado. And for that lovely, lovely discount code of Technato 30, we'll get you some. Some good training.
[00:00:28] Speaker C: Yeah. It should be ingrained in your head.
[00:00:30] Speaker B: Yeah. And you. You might see one and or both of us. Joining me, as not always, is the one mister Ronnie Wong. Ronnie, welcome to Technado, sir.
[00:00:39] Speaker C: Well, thank you for. For having me here. Yeah. Hard to fill Sophie's shoes in that sense, because they're really tight.
[00:00:47] Speaker B: Yeah. You try to get your foot into that bad boy, it's gonna be a bit of a squeeze, but you'll. You've probably noticed that Sophia is not here, here today. That's because she had the gall and audacity to take vacation. I know.
[00:01:00] Speaker C: I got to talk to her manager about that.
[00:01:01] Speaker B: You should. Yeah.
[00:01:02] Speaker C: He's terrible.
[00:01:03] Speaker B: He's really got to step up his game on how to keep them on the whip, you know, keeping it cracking.
[00:01:10] Speaker C: No more.
[00:01:10] Speaker B: Back to work.
[00:01:11] Speaker C: Yeah, no more. No more PTO or Dtos. Yeah. Done.
[00:01:15] Speaker B: Fun fact. Ronnie is her boss. What?
That would be yourself? That would be yourself.
[00:01:21] Speaker C: Yeah, that's.
[00:01:21] Speaker B: Can't really boss her around if she is a strong woman like that. Uh, but it is fun to try. Uh, but we are here at tech NATO. I know I'm not a great host. I can never come close to being as good as this as Sophia is. She has got all the cool bits down when it comes to these things. I do want to. Before we get too far down the road, I do want to give a shout out to Jessica Archer. Jessica Archer from trusted Sec. Oh, thank you so much for the shirt.
[00:01:49] Speaker C: That is a nice shirt.
[00:01:50] Speaker B: I really enjoy it. I was happy to have acquired it.
[00:01:54] Speaker C: Well, you know, speaking of that, I got a few shirts, but I understand that there's. There's something special about this shirt. Cause not everybody got one.
[00:02:01] Speaker B: Not everybody got one. They. Unfortunately, they were running low.
[00:02:04] Speaker C: Low. Yep.
[00:02:05] Speaker B: On the shirts. So it was a real. It was a real, like, battle. Yeah. Like, on the serengeti for food, kind of, to be able to get one of these shirts, I came out victorious. So big thank you to Jessica for that and the trusted SEC community.
[00:02:22] Speaker C: Very.
[00:02:24] Speaker B: You know, we're kind of high on. Honestly, on coming back from fest. At a great time. That's where I got this shirt and many others. Hats, stickers, bunch of cool swag, great badge, great time, great talks, you name it. Ronnie, what was your favorite thing?
[00:02:39] Speaker C: Yeah, I was really impressed this year at the amount of talks that were really, you know, super relevant to things that I was kind of dealing with, even at the management level, you know, that I kind of dealt with. And AI was, of course, like everything else, right? Involved in everything. And so that, and then the ability to actually just talk to people was also great and not feel rushed to have to go from one, oh, I gotta rush off to this next one. So I thought it was. It was one of the best conferences I've been to for that. That fact.
[00:03:14] Speaker B: It is my absolute favorite conference on God's earth. And so I look forward to doing again next year. Hopefully we'll get to see you good folks out there. Make a. Make it a point, put it on your calendar, do it now. You see them tickets come available, you better strike while the iron is hot because it sells out fast.
[00:03:28] Speaker C: Right.
[00:03:28] Speaker B: It's a very small venue. They do have another one coming up.
[00:03:30] Speaker C: In February, though, in Denver, mile high hack and fest.
[00:03:35] Speaker B: So a new addition to the hack and fest family. Look forward to that. All right, let's get to some news, shall we? That's what you're here for. That's what we're gonna bring you. We start off with our first and most fun segment, which is breaking news.
Breaking news.
[00:03:52] Speaker C: Nice.
[00:03:52] Speaker B: Satisfied? I just enjoy.
Never ceases to make me chuckle. Was that live? That was live, yeah. So Ronnie's not privy to the fact that some of the audio elements are not added until post production.
[00:04:08] Speaker C: What in the world was that?
[00:04:10] Speaker B: Ronnie's like, is that the real thing? Yes, it actually is. And our breaking news for today comes from the hacker news. See. So. Warns of active exploitation in SolarWinds help desk software vulnerability. Uh oh. The worst has happened. The US cybersecurity Infrastructure Security Agency, aka sees on Tuesday added a critical security flaw impacting SolarWinds web help desk, the WHD, to its known exploited vulnerabilities, otherwise known as the Kev catalog. Citing evidence of. There's a lot of. Of acronyms going on in there. Are citing evidence of active exploitation.
That is not what you want to see. Ultimately, what's going on here is SolarWinds made a. Made a boo boo. They made a whoopsie. Where they. They said, you know what? This software could really use hard coded credentials. You nailed it on the nose. Hard coded creds. Man, that makes life easy. And I like it. We're doing it. It's in the movie.
And since it's in the movie, somebody found out that little Easter egg was in the movie. They stayed for the end roll credit, or the post credit scene, as it were. And there it was, hard coded creds. And now they are being exploited now.
Poor solar winds. You know, they've been getting punched quite a bit here lately.
[00:05:29] Speaker C: Yeah, pretty hard overall. I mean, everybody use SolarWinds for a long time, right? I mean, they're trusted everywhere. And their tools, top notch tools here. But we're starting to see now with, I guess, the, the advent of the way that the cyber community has, you know, started examining everything, now that we're starting to see more and more of these flaws come out and it's got to be expected. But at the same time, you hate to see a company like that take the hit for something like this.
[00:05:58] Speaker B: Yeah. It says that the SolarWinds help desk contains hard coded credential vulnerability that could allow. Wait for it.
[00:06:06] Speaker C: Remote.
[00:06:06] Speaker B: Remote unauthenticated users to access internal functionality. And our modified right there. Dun, dun, dun.
Modified data.
Yeah, that's not what you want because that's bad if people can modify your data and they're not authorized to do so.
I know it sounds crazy, but there, did you know there are people out there that will use that for nefarious things? No, I know.
[00:06:33] Speaker C: Yeah.
[00:06:34] Speaker B: I was appalled.
[00:06:36] Speaker C: Yeah. And it's kind of a recent, like what details were first disclosed by SolarWinds in late August of 2024. So as of this recording, not too long ago, which means that everybody's probably still scrambling a little bit. Hopefully they've patched this thing now and. Or at least coming close to patching. I was trying to read, I believe.
[00:06:59] Speaker B: There is a patch. Right. But my favorite part of this whole article, again, this was breaking news. I read this literally maybe an hour ago before we started filming here. It says, it's not currently clear how the shortcoming is being exploited in real world attacks and by whom.
But hey, you know, we have seen that is the development comes two months after cease added another flaw in the same software.
[00:07:27] Speaker C: Yeah.
[00:07:27] Speaker B: I don't know what's going on over there at SolarWinds in the dev group of the WHD, the World Health disorganization. I don't know.
It's the web help desk software, but they've got some, they got some meetings they're about to be a privy to, and someone's probably going to be a bit red faced and Madden and going, you know, I'm going to use some acronyms like whiskey, tango, Fox and.
[00:07:57] Speaker C: Yeah, just a bit there on. On this one. When. Talk about not currently clear how shortcoming is being exploited in real world attacks and by whom. Makes sense because the credentials were hard coded.
[00:08:08] Speaker B: Right.
[00:08:08] Speaker C: They're using that, you can.
[00:08:09] Speaker B: Well, at least you would see some, like. Like, ip traffic or things of that nature. Other iocs, right. Usually kind of leads to where and who some types of attribution could come from. And maybe they just haven't kind of gotten to the nitty gritty of it yet. And maybe on those iocs, but. Yeah, well, they're just like, hitting the oh, crap. Button.
[00:08:33] Speaker C: Yeah, that's kind of the nature of what they have to do, right, is just triage at the beginning, right? And then, okay, we've got it passed now, but if we don't announce that, somebody's going to say they found it anyway, so maybe this is more of just a, hey, oh, by the way, we had this, but we're fixing it right now. Yeah. Shouldn't have to worry about it again.
But now I guess they don't really know, like, the history of how many people have already taken advantage of this thing.
[00:09:00] Speaker B: Yeah, well, like you said, ronnie, at least they're a small company. Nobody uses them.
[00:09:02] Speaker C: Yeah, nobody.
[00:09:04] Speaker B: That should help you sleep at night. Yeah, but there you go. That's our breaking news segment. If you've got that web help desk from SolarWinds, make sure you're up to date on that and up to speed on all the security update updates that are available for you and you have applied them, because we don't like to see poor people getting bereached. All right, moving on.
Now, we have this lovely. I'm gonna call. Just because of the way the article is kind of worded and said, I'm gonna call this a tinfoil hat. Second, the moon landing was fake.
[00:09:42] Speaker C: Paul McCartney's been dead since 1966. Dogs can't see color.
[00:09:46] Speaker B: 5G causes syphilis. Do you understand that? I do. I do understand that. Thank you, Alex, for that rousing question, a rhetorical as it may be.
[00:09:57] Speaker C: Should we have actually had tinfoil hats on that?
[00:09:59] Speaker B: You know, we gotta make some. We should probably make some.
[00:10:02] Speaker C: Be able to put them on.
[00:10:03] Speaker B: Add to the element of the tin foil hat segment. I don't have a tinfoil hat. How am I. You know. Anyway, moving on, this also comes from the hacker news chinese. I'm sorry, Chinese. China accuses us of fabricating Volt typhoon to hide its own hacking campaign.
Well, really, you know, said the liar.
[00:10:22] Speaker C: Yeah, this is. This is kind of weird. As I started reading through this article, okay, it seems legit. But then when I started realizing, like, this whole thing is really pushed from one side. Right. So beginning in the report there, China national computer virus emergency Response center says, you know, that they're reporting over. Hey, by the way. Yeah, no, this is not really happening. They're just making it up. And then they show you all the ways that they're saying that it's being made up. Then you finally go, yeah, they're pushing a narrative of some sort that we have to look out for.
[00:10:52] Speaker B: What's interesting to me, though, is, like, so, fun fact, China and the US, not the best of buts. We've got a weird relationship with them for some strange reason, even though we're quite hostile to each other. More them than to. Than to us.
[00:11:08] Speaker C: Yeah, it's a weird trade relationship.
[00:11:11] Speaker B: Yeah. I'm not saying we don't engage in that kind of thing. I'm sure that we do.
But let's not. Let's not pretend that you're like this little lamb, white as the driven snow with a halo over your head.
It's like, let's, for the sake of a argument, just say that you're right. That volt typhoon is a made up fabrication of the us government to hide their own hacking campaigns.
What about all the other stuff y'all do? Yeah, like on the daily.
[00:11:42] Speaker C: And the weird thing is, they dragged everybody else into this, too.
[00:11:45] Speaker B: Right?
[00:11:45] Speaker C: So when they said, hey, this is the agency's collaboration with everybody else, essentially accused the us federal government, intelligence agencies, five eye countries conducting everything against.
[00:11:58] Speaker B: Cyber, cyber espionage activities.
[00:12:00] Speaker C: China, France, Germany, Japan, and the Internet users globally.
[00:12:05] Speaker B: Like, we don't know this anymore, right? A. Yes, I know that the us government is spying not only on you, but me and you and you and you and you and you.
[00:12:14] Speaker C: We're connected to the Internet. We get it.
[00:12:16] Speaker B: Right. And if we can't do it directly, we do it indirectly through the Five Eyes nations and all the other fun stuff that goes on to. That doesn't mean that we shouldn't be, like, keeping an eye on your activities, China. Yeah, right. And I don't think you really, again, made the real point here.
[00:12:31] Speaker C: No.
[00:12:31] Speaker B: Right. It says that they have ironclad evidence indicting that the. I'm sorry. Indicating that the US carries out false flag operations in an attempt to conceal its own malicious cyber attacks, adding it's inventing the so called danger of chinese cyber attacks. I think that's where we've gone into real fantasy world, Roddy.
[00:12:51] Speaker C: Yeah.
[00:12:52] Speaker B: And that has established a large scale global Internet surveillance network. Of course it has.
Like, do you really? What. What are we doing here? You try. That's like going. The sky is blue.
Yes.
[00:13:07] Speaker C: Thank you. Yeah, that. That doesn't seem to clarify anything but ironclad evidence. You would think that they could give some example of the ironclad evidence.
[00:13:16] Speaker B: Well, and the fact that, like, what it seems to me is like they are trying.
Just from what I'm getting from this article, what they are trying to do is kind of shift the focus away from themselves.
That's why I kind of made the joke at the beginning, said the liar. Right.
You are known bad guys. You are known liars. You are known to be doing all sorts of nefarious and weird crap that many people are not fans of.
[00:13:45] Speaker C: Yeah.
[00:13:47] Speaker B: And then you're gonna come to me and, like, claim umbrage. Yeah. Well, that we're performing espionage or.
[00:13:55] Speaker C: Yeah. Strangely, that they call it a false flag, but they may be pining the false flag to call our false flag.
[00:14:00] Speaker B: Right, right. Like, this reeks of.
[00:14:04] Speaker C: Yeah.
[00:14:06] Speaker B: And what I love is that they say that right here it says.
And the fact that the US adopted supply chain attacks, implanted backdoors, Internet products pre positioned, has completely debunked the vault typhoon that they put in. Where is it? Right. Right down here. That this is a misinformation campaign orchestrated by the us intelligence agencies that they.
Where is it? Where is it that they use different, like, languages to. Like, they implant languages that are different, like Chinese, Korean, so on and so forth into the malware, into the things that are doing to push blame onto the other. I didn't realize this was so long.
[00:14:51] Speaker C: Yeah.
[00:14:51] Speaker B: Oh, yeah. They used names like Typhoon and Panda and Dragon. Right. Absurd monikers with obvious geopolitical overtones.
[00:14:58] Speaker C: There you go.
[00:14:59] Speaker B: Right. That's. They. They use all these different languages. So you're saying that the evidence that it's the US.
That the US is Volt Typhoon is the fact that it looks like you're doing it.
[00:15:12] Speaker C: Yeah.
[00:15:14] Speaker B: That's weird.
[00:15:15] Speaker C: Yeah. On this one, it. You know, they're. They're obviously trying to play on political feelings.
[00:15:20] Speaker B: Right.
[00:15:20] Speaker C: The way that people are saying. Essentially saying that, hey, we would never do this. We would never use politically motivating terms, geopolitical overtones, like, does not happen Typhoon or.
[00:15:34] Speaker B: You know, I like Sophia's answer to that. We'll just start calling you Diaper boy.
[00:15:38] Speaker C: Diaper boy. Yeah, I. Yeah, Diaper boy was a good. Is a good term.
[00:15:42] Speaker B: Yeah, turd monkey.
You're just flinging feces. Yeah, I was trying to. My turd monkey at the zoo.
[00:15:50] Speaker C: Yeah, it was slow, but I was getting there. Yeah, I get it now. Yep. Sure.
[00:15:54] Speaker B: That'll be fun, right? I used to call each other turd monkeys when I was a kid.
One of my favorite monikers.
[00:16:03] Speaker C: So you're in the cyberspace community. More than that. Voltai vault Typhoon.
[00:16:08] Speaker B: Volt Typhoon. Yeah, electric storm.
[00:16:10] Speaker C: Have we, has there been known any type of association with Volt Typhoon? Some type of vulnerability that they've exploited or anything that you can think of?
[00:16:18] Speaker B: I'm sure they have. I mean, there's so many apts out there, I don't really keep a running memory list unless it's like, super.
I have definitely heard Volt Typhoon before. Yeah, I know that they probably put some stuff in here as far as, like, what they're known for. Yeah, I think some, most apts are kind of known for the way they operate. Maybe a form of malware that they developed that they use constantly. So there's probably some attribution as far as maybe some malware goes as well. I still remember it off top of my head.
[00:16:50] Speaker C: Well, you know, the overall organization that called this out, that the US is planning this false flag, they also have advice for, for those of us that are not as sophisticated. The very last paragraph there, if you take a look at that again, we'd like to call for extensive international collaboration in this field. It concluded, moreover, cybersecurity communities and research institutions here should focus on counter cyber threat technology research and better products and services for users. So they're saying, hey, you know, we're more sophisticated, so we're not just throwing blame, we're saying, let's call for a better community that actually focuses on improving and helping all of mankind and not throwing shade or false flags at everybody. Yeah, they're better at this than we are.
[00:17:37] Speaker B: Oh, well, good for them. That's just amazing. Why are you crying about espionage?
I don't want to be blamed for any of the bad things I didn't do. I only want to be blamed for the bad things I did do. Gotcha.
Glad we had this talk. Well, there you go. Just thought that was a very interesting article.
[00:17:58] Speaker C: Yeah, it is.
[00:18:00] Speaker B: So, moving on. Didn't know if you knew this, Ronnie, but this is a fun, fun article we've got today.
This actually happened this week a little earlier in the week. Internet Archive data breach impacted 31 million users.
Oh, man. The Internet archive disclosed a data breach. The security incident impacted more than 31 million users of its. The Wayback machine. The Internet Archive is an american nonprofit digital library website that provides free access to collections of digitized materials, including websites, software, applications, music, audio, visual, and print materials. As of September 5, 2024, the Internet Archive held more than 42.1 million print materials, 13 million videos, 1.2 million software programs, 14 million audio files, 5 million images, 272,660 concerts, and over 866 billion web pages.
[00:18:53] Speaker C: That's a lot.
[00:18:54] Speaker B: That's a lot in the Wayback machine. Its mission is committed to providing universal access to all knowledge. Ronnie, you use the wayback machine at all?
[00:19:02] Speaker C: I've used it a couple of times, but just so that we set it right, maybe for a new user, maybe somebody new in cybersecurity, wayback machine, give a little bit of context for that. What does it help?
[00:19:14] Speaker B: I love it. So it kind of, kind of takes snapshots of the Internet, right? And that's the cool thing about it. And I say that what it does, let's say you make a website, right? You're like, cool. I've got Ronnie. You love knitting hats for small animals. So Ronnie's pat hats.com, he spins that up, throws it out on the Internet. There's his listings, all this stuff. The wayback machine kind of goes, hey, a site, let's take a picture of that. Let me download that site and keep a copy of it, and you can go to the wayback machine. And now, two years later, Ronnie's site is booming. It's doing phenomenal. And you're like, oh, I don't like the new look and feel. And there was a product. I can't remember what it is. He used to sell this particular hat for, you know, kangaroos. I don't know why we have a kangaroo, but whatever, you got a kangaroo as a peter. He had a hat for it. It was knitted to perfection. You just can't seem to find it on his new site. You go to the wayback machine and you start looking through where you remember, well, it was like last year around Christmas time, I was looking at it. So you go to the previous year. There's a calendar, and it shows a snapshot in that area. Click on that and you can view that entire page like it was at that point in time.
[00:20:28] Speaker C: It's pretty amazing because it, it helps you to actually get a context for things. And especially in today's day and age when stuff goes missing and you don't know, it's gone missing. It allows us to be able to search back. I know it existed. I know it was there. And here it is in the Wayback machine. But this compromise here, 31 million users.
[00:20:48] Speaker B: Of wayback, that's a big, and that's a big number.
[00:20:51] Speaker C: Yeah, that's a pretty big number.
[00:20:52] Speaker B: Obviously a lot of people like the Wayback machine. You know, another other really interesting thing about the Wayback machine is when people spin up their first website or the first iteration of a website, sometimes they don't like, take security into effect. And there's some security things that might be exposed in that older version that is no longer exposed in the newer version and yet might still be there. So a lot of hackers will use the Wayback machine as a way to do reconnaissance research on their target, find interesting pieces of information and go, oh, you have an entry in your robots TXT file that's not in the new version. I wonder if that endpoint still. Yep, it still exists. And oh look, it's like, you know, like an XML statement of a bunch of different elements that I would no longer have access to at this point, but now I do. Thank you, Wayback machine. So a lot of that stuff can, can really be useful. But then back to your point, the fact that there's 31 million records. Now, it does say exactly what was in those records, which it was like a big SQL file, 6.4GB, a SQL file named Iausers SQL. And there we go. It confirmed it has stolen 31 million records, including email addresses, screen names, b, crypt password hashes and timestamps for password changes. Which is good to know if you're wanting to crack those passwords because you're like, oh, maybe they've changed it by now, or maybe they haven't. Maybe they haven't, you know what I mean? So that could be useful for your.
[00:22:34] Speaker C: All right, so let's say that I'm new at this. I'm just putting this idea. And it says the threat actors that breach the popular website has also shared a copy of the stolen data with the data breach notification service. I have been pwned.
[00:22:47] Speaker B: Yeah, have I been pwned?
[00:22:48] Speaker C: Oh, have I been pwned? Why would they do that?
[00:22:52] Speaker B: I guess they're not total dbags.
[00:22:53] Speaker C: Okay, well, I think part of it was that they already said what, that 54% of what they had already was already in their platform?
[00:23:02] Speaker B: Yeah, we've constantly been making the joke like how many breaches does it take before we reach an equilibrium where it doesn't matter anymore. All your data is now exposed forever and for all time. And obviously, things change, so it'll be really tough to find that equilibrium. But. Yeah, the fact that 50. How much? 51%.
[00:23:22] Speaker C: 54% is 54%. Yeah.
[00:23:25] Speaker B: Already out there.
[00:23:26] Speaker C: Already out there.
[00:23:26] Speaker B: So they only increased the have I been pwned database or at least those records, you know what I mean? Like, by not as large of a margin, which is kind of scary when you think about it, honestly.
[00:23:40] Speaker C: Yeah.
[00:23:41] Speaker B: Makes me. Yeah. I think I'm peeing down my leg a little.
[00:23:46] Speaker C: Yeah. And they also had the same bad luck of having a possible, like, insane coincidence. Right. Of a denial of service attack during the same time.
[00:23:55] Speaker B: And why would someone DDoS the wayback machine?
[00:23:58] Speaker C: Yeah, that doesn't seem.
[00:24:00] Speaker B: That's weird.
Just because funsies several times, or did. Maybe these hackers accidentally kicked it over? Or were they, like, didn't remember reading that part?
[00:24:09] Speaker C: Yeah.
[00:24:10] Speaker B: It says the Internet founder Brewster, confirmed at a DDoS attack, has brought the website offline several times on Tuesday. So, no, this is not the breach. This is a completely different thing. Yeah, what we know. DDoS attack fended off for now. Defacement over website via J's library, breach of usernames, email assaulted, encrypted passwords. What we've done disabled the J's library. Scrubbing systems, upgrading security. We'll share more as we know it. Sorry, but DDoS folks are back and knocked archive.org and openlibrary.org offline, so that's just weird.
[00:24:43] Speaker C: Yeah.
[00:24:45] Speaker B: Now, a lot of times, a DDoS attack can be like, hackers will set fire to one side of your compound so that all the first responders rush over there to triage, and now their eyes are off of over here.
[00:24:59] Speaker C: Right.
[00:24:59] Speaker B: So they can attack. So maybe they're under another attack again, the part who the heck wants in. I mean, other. All the usernames and passwords have already been nailed.
[00:25:07] Speaker C: Right.
[00:25:08] Speaker B: So why the ddos? Like, what's the purpose of this? Yeah, it's a nonprofit, if I'm not mistaken.
[00:25:13] Speaker C: Mm hmm.
[00:25:14] Speaker B: Right. So there's, like, do they just. They just watch the world burn? What do you think? The. The impetus? What's the reason? What's the motivation behind this comment below, if you have any idea? Because it's just escaping me for whatever reason. Probably because I haven't thought about it at all until now. Because, like I said, I don't remember reading that part. I might have not made it to the bottom of the article before we fired it up.
That can be neither confirmed nor denied, but there you go, Ronnie.
[00:25:44] Speaker C: Yes.
[00:25:44] Speaker B: The wayback machine.
[00:25:46] Speaker C: Pretty cool.
[00:25:47] Speaker B: Yeah, very cool. Unfortunate disasters that are going on over there. I hope they get that worked out soon because I enjoy the wayback. I have used it for so many weird and various reasons. It is a very useful tool. So if I, if you've never heard of it before, you're welcome.
[00:26:03] Speaker C: Yeah, yeah, I like it.
[00:26:05] Speaker B: Moving on, moving on, moving on. This is a great article. Soc teams. This comes from dark reading. Sock teams. Threat detection tools are stifling us.
Stifling threat detection. Yeah. Threat detection tools yield too many false positives. Security pro se, leading to burnouthen and resentment.
Like, I hate this thing. I absolutely love this thing. And this is an interesting topic coming back from wild west hack and almost everybody there. I would say probably 75% of the people that are at the conference are in cybersecurity.
[00:26:42] Speaker C: Yep.
[00:26:43] Speaker B: Like, they work in some capacity in cyber. The other 25% are people that are very new or complete noobs.
[00:26:51] Speaker C: Yeah. Trying to get in.
[00:26:52] Speaker B: Wanting to get in to.
[00:26:53] Speaker C: Right.
[00:26:54] Speaker B: Which is awesome. I love that there's so many people trying to get in. I think that's totally cool. One of the things they don't put in the sales pitch of cybersecurity is it can be burnout central.
It can be very.
What's the word, Ronnie? Infuriating.
[00:27:15] Speaker C: Frustrating.
[00:27:16] Speaker B: Yeah, frustrating. And for the very reasons of your job is to try to make things more secure.
[00:27:22] Speaker C: Right, right.
[00:27:22] Speaker B: That's. Can we all agree the idea behind cybersecurity is, hey, we got to protect these things so that we can sigh a breath of relief and sit back in our chairs and go, what else can we do? We can work on new technology and we can do other things because we have secure systems.
Unfortunately, the world as it is, like, people like Volt Typhoon are out there, whoever they may be, doing all the dumb crap that they do means you got to sit there and worry about going, well, am I being attacked by people such as volt Typhoon? So we build alarms and fences and trip wires. Yeah. To kind of help us with that.
Ronnie, what's your experience with using any kind of security alerting system?
[00:28:12] Speaker C: So, ironically speaking, back to SolarWinds, that's pretty much where it kind of goes back to Orion or the engineering tools and all that stuff. Stuff that goes back. These tools are really good if you know what you're looking for. And I think that that's kind of the big thing. Right. If you know what you're looking for. They're really fantastic. And then the second thing is your ramp up time to actually getting good and actually finding exactly what you're looking for over the 9 million clicks it used to take to do so. And then you can actually find exactly what you're looking at, and then you're like, man, this is gold. This is great. But I think there came a time in a lot of these tool developments or the development of these cybersecurity tools where they tried to make it super easy and say, look, we're making this easier so you can do your job faster and better. I think what that also led to is people saying, well, why do I need to be able to identify this stuff if the tool is going to do it for me faster and better?
These tools have continued to try and get better in that sense of to try and help you out in your job. Cause there's so much more data coming in. But I think it also led to that, that point where it's like, well, now the tool isn't working, and I'm not super skilled up and trying to be able to identify some of these things that we used to at the very beginning of. Of trying to work with these tools. Like, oh, yeah, this is what it should show me. So it was like confirming, like when we. When I first started doing it, it was literally confirming, like, okay, it's showing me this. Yes, I would have gotten there eventually. Yeah, I knew what the steps were. So that, to me, is the frustrating thing is now it seems like everybody just said, let's just buy this tool, and it's going to work 100% for us. And now you update it, and then it's still showing you these false positives longer than you think it's supposed to, and you're not getting to the place where you think you should be getting to.
[00:29:58] Speaker B: Yeah.
[00:29:58] Speaker C: And I think it's because we have dependent on these tools. I like the tools, but it shouldn't be the only focus, which is my focus, is to get the tool to work.
[00:30:06] Speaker B: Well, it's shocking. And when we look at the statistics in this article, it says security operations centers practitioners are struggling thanks to an overwhelming volume of false alarms from their security tools. Right. And if you start looking at some of these different statistics, an average of 3832 security alerts per day.
For a sense of just how unimaginable that might be, consider that an average SoC might be staffed by a few dozen people, or just a few, depending on the size of the organization and the investment security. We've got 81% of SoC staffers spend at least 2 hours a day simply sifting through and triaging security alerts. 54% of vector respondents said that rather than making their lives easier, the tool they work with increased their daily workloads. And that 62% of security alerts ultimately just get ignored. Yep. They just get ignored. Volume alert fatigue is a thing. Right. You just, right. The sheer volume is just like, you start to become like jaded.
[00:31:09] Speaker C: You have to.
[00:31:10] Speaker B: Yeah.
[00:31:10] Speaker C: Because you just can't absorb that much data. And it's like watching network news or, you know, cable news. Right.
[00:31:18] Speaker B: Yeah.
[00:31:19] Speaker C: When they flash across that Chiron at the bottom and it's always, you know, special alert or special mission critical.
[00:31:26] Speaker B: It seems to be special. Yeah.
[00:31:28] Speaker C: After a while when everything is that way and it's because, oh, you know, the president just, you know, walked off the plane.
[00:31:34] Speaker B: Yeah.
[00:31:35] Speaker C: Okay. Well, thank you.
[00:31:36] Speaker B: I remember the first time I realized that I flipped on the news and it had, you know, breaking news, special alert, whatever. That ticker at the bottom. And I'm like, oh crap, something happened. Something's going. I'm like, that was like yesterday. It was like three days ago. Like, oh, this is just the news. Yeah, you're giving me the news out of the talking head plus ticking all the other news. Bye. At the bottom, there's no real, like, we'll get to it. You got a 24 hours news station. I believe you got the time to cover these things.
[00:32:04] Speaker C: So, so now imagine all these logs coming in and they're all marked critical or high alert or whatever. And every single one of them's like that for 3000 of the 3832.
[00:32:16] Speaker B: And most of them are a big nothing burger. Yeah, right? Yeah, I love that. We got more statistics here. A full 71% reported worrying every week that they'll miss an attack buried in a flood of less important alerts. 50% went so far as to say that their threat detection tools are more of a hindrance than a help in spotting real attacks. Then you move down here. Around 60% of respondents reported that they have been burying or, I'm sorry, they've been buying security software, mostly just to tick a compliance block box. 47% don't trust these programs outright. A similar 62% believe that the vendors are intentionally cynically flooding them with alerts so that when a breach occurs they're more likely to be able to say, we warned you.
[00:32:58] Speaker C: That's it.
[00:32:58] Speaker B: Right? Cover cya. A majority, 71% of Soc practitioners said that the vendors need to take more responsibility in failing to prevent breaches.
[00:33:08] Speaker C: Yikes.
[00:33:09] Speaker B: Jeez, man.
[00:33:12] Speaker C: Harsh.
[00:33:13] Speaker B: This, this, this is like this. I thought this article was interesting.
[00:33:16] Speaker C: Yeah.
[00:33:17] Speaker B: Didn't know if y'all finding it interesting, but I definitely find I was unaware of the numbers. I just have like a, a general sense from the people I talk to and the tools I work with that you get it, right? Like, yeah, I mean, I've got outlook rules or at least I have in the past that would be like, yeah, this is bunk. This is bull. And I would find those specific pieces of wording or whatever that were very like telltale that it was a false positive and I would. To the trash. Yeah. Right. And even if I was in all the real earths I was getting, I would just check a couple of times a day because I could not sift through every single alert and I would have to just take times out of my day and go, okay, let me go through some alerts and see what's real and see what's not and try to fix what I can. Because you only got so much time in the day and you're only so many people.
[00:34:03] Speaker C: And for, for the company that only has a few people. Right. They're probably not only trying to monitor this, but also price six other jobs at the same time that they need to do. And so this may not get as higher as a prior, as high of a priority.
[00:34:16] Speaker B: When I worked as a sysadmin, there were three of us for a company of like 5000 people.
[00:34:22] Speaker C: Right?
[00:34:23] Speaker B: Three, three people.
I do not include the help desk because their basic job was to change passwords and help you install a printer. Right. They did not work on this kind of stuff at all.
[00:34:33] Speaker C: Right.
[00:34:33] Speaker B: So alerts and stuff came to me and two other people.
[00:34:36] Speaker C: Yeah.
[00:34:37] Speaker B: And I was the point on, on security alerts from our AV software, our EDR system, all that. So it was like it first came to me.
You know, you throw your hands in the air, what do you do? Now that, that does take us to the article does not leave us without a witness.
[00:34:53] Speaker C: Right.
[00:34:54] Speaker B: It does have, hey, you know what?
We might be able to do something about this. I don't know if you've heard of this cool technology that's been kind of gaining some ground here lately. We call it artificial intelligence.
[00:35:08] Speaker C: Never heard of it.
[00:35:09] Speaker B: I know. It's a new thing. It's breaking ground.
[00:35:11] Speaker C: Yeah. First I've heard of it this year.
[00:35:13] Speaker B: You know, we, we interviewed a lot of people at Wild West Hack and fest and we asked them what their biggest scare was when it comes to cybersecurity. Most of them said ransomware or AI deepfakes kind of thing. Right.
AI can definitely be used nefariously, but it can also be a great tool to help us do stuff like this. This is exactly the kind of thing that it should be used against.
[00:35:36] Speaker C: Absolutely.
[00:35:37] Speaker B: Right. This is where AI shines.
Right? This is where it's not taking our jobs.
[00:35:42] Speaker C: Nope.
[00:35:43] Speaker B: It's going to make it to where I can actually do the job you hired me to do.
[00:35:46] Speaker C: Yes.
[00:35:47] Speaker B: Right.
[00:35:48] Speaker C: With the AI, it gives, it's like I said, when we start to take a look at what AI can really do, well, it's the tedium of those things, right. It's the repetition. It's just like automation we were talking about a year ago. If we can get AI to help us to improve on that, it helps us to streamline and really let us focus in on an alert that may be really important, instead of reading through half of an alert and then getting another one in the screen and it flashing up in the back as I'm trying to read the first one, and that makes me have more anxiety as I do. So having an AI that can actually alert us and say, hey, this is important, or, here's the most important ones out of these 3822 that are coming in that you need to address right away, that's the stuff that really does provide the help that we need. And AI is good at that. We shouldn't depend on AI to say, hey, you know, now that you've got that, now I need you to deep analyze us and give me spit out a report. No, I need to be able to take the time to do that. So our friend Don Pezet, right, our mutual friend Don Pezet, he told me when he was working at the bank that there was one day that he said, I think it was Thursdays. I don't know why that stuck in my head, but he said that Thursdays was his day to check logs. He did nothing but check logs. He knew that that was so important for his particular role at that bank that he said Thursdays he only was doing audit and checking logs. So he tried not to actually have anything else interfere with that so that he could focus that time. Our problem is we can't do that anymore. And then with the advancement of all these tools, and they're saying, oh, this is gonna make your work so much more efficient. You should be able to actually do more things now because we're taking over. All this, I think, has led to this as well, that, that we just kind of depend on it so much.
[00:37:29] Speaker B: Yeah.
[00:37:29] Speaker C: And then it floods us and now we're like, crap. We shouldn't have been doing.
[00:37:32] Speaker B: So to your point, the article goes off to say, this is a quote from a person called, I cannot say that name without butchering it, so I won't even try. But there's, the person they interviewed says AI is the path to a whole mindset shift. Quote, security thinks in terms of individual attack surfaces. I have a network, endpoints, identities, emails, now generative AI. Okay, I'm going to buy tools to do threat detection across these siloed attack surfaces, then ask a human being to ask a human being to make sense of it all. That's how security thinking has fundamentally been for the past ten years. Modern attackers just see one giant attack surface that they can move around in. So why isn't security thinking the same way? Why aren't we looking at threats holistically across the entire attack surface, using AI to piece together the detections that are indicative of attack attacker behavior, correlating these detections and then giving one integrated signal to the SoC analyst. Yes, yes, yes. A thousand times yes. Right. And don't get me wrong, I'm sure there's edge cases and reasons that would be against that kind of idea and why this, we should continue on this road. But I think that if I'm weighing the two things, pros and cons, I'm probably going to end up with. Absolutely. Let's start looking at our attack surfaces as everything holistically together as one big thing. Use things like AI to help correlate, collate, put everything together, and then give the SoC analyst the things that are the most likely to be actual issues.
[00:39:10] Speaker C: Agreed.
[00:39:11] Speaker B: How is this a bad plan?
[00:39:12] Speaker C: No, it's a great plan. Right. If we can, if we can use AI to help show those correlations and then also use AI to show, hey, that's actually a causation. It really does now give the analyst a chance to be able to evaluate it much better than saying, all right, well, it shows me a correlation, but I don't have any causation because there's 19,000 points that are now correlated.
[00:39:33] Speaker B: Yeah, yeah.
[00:39:34] Speaker C: So AI can help us filter that out very much efficiently to bring causation.
[00:39:38] Speaker B: That's right. So all the doom and naysayers out there about AI, yes, I get it. And in some ways I absolutely agree that AI can and probably will be our technical overlord before too very long. But until then, let's put it to work to do some good stuff. Right. Let's increase the AI's capabilities to help us in real and effective ways. Great article. Dark reading. Thank you for publishing that. I thought that was very insightful and thought provoking, as well as a great conversation starter for you and your cyber friends out there. So get into that conversation. We'd love to hear the what you think about that. Jump down in the comments section and give us your thoughts, opinions, comments, all that great stuff on that very topic. I think it could be a great conversation for all us to have. That said, it is time for us to take a break and pay the bills for just a moment, but coming back we'll have more great articles, so stay tuned.
[00:40:30] Speaker A: Hey, I'm Sophie Goodwin, edutainer at ACI learning and subject matter expert for our new course, cybersecurity fundamentals. If you're new to cybersecurity, this is the course for you, anyone from high school students to professional switching careers. These episodes are designed for you as an introduction to essential security terms and concepts. So we'll walk through security principles, governance, risk and compliance, access controls, threats and attacks, incident response, network security, and we'll look at some best practices for security operations. Security doesn't have to be scary. Check out cybersecurity fundamentals in the ACI learning course library.
[00:41:11] Speaker C: There's a new CCNA in town, and here at ACI learning we've got you.
[00:41:15] Speaker B: Covered with a brand new CCNA version.
[00:41:20] Speaker C: This course covers the theory that you need to succeed, as well as the practical, hands on applications of technologies you're going to learn. Network Fundamentals Network Access technologies IP connectivity IP services don't waste any more time. Get signed up for the new CCNA here at ACI learning.
[00:41:53] Speaker B: Welcome back, everyone. I hope you enjoyed that little commercial. And yeah, take advantage of that scenario because that's some, that's some good training right there, if I do say so myself.
Now, that being said, I know we left with our last article touting how AI could actually help us, right? But this article is what I'm going to go ahead and label in our segment. Pork chop sandwiches.
[00:42:17] Speaker C: Pork chop sandwiches. Oh.
[00:42:21] Speaker B: Pork chop sandwiches.
I don't know if it's an actual pork chop sandwiches, but I just really enjoy pork chop sandwiches.
[00:42:28] Speaker C: Okay.
[00:42:29] Speaker B: Yeah, because it makes me laugh. Makes me laugh. Speaking of making you laugh, if our little show here has made you laugh, if you've enjoyed it, if you found some value in it, make sure you hit that like and subscribe button. Hit the notification bell. And if you don't like what you see, make sure you hit the like and subscribe button. So. And the notification.
[00:42:47] Speaker C: I like the two options.
[00:42:48] Speaker B: Yes, great options. So that you can hate everything we do on a schedule as long as.
[00:42:54] Speaker C: You like and subscribe it.
[00:42:55] Speaker B: That's right. That's how we know you didn't like it is if you hit like and subscribe. So, yes, there's that.
[00:43:01] Speaker C: I agree.
[00:43:02] Speaker B: Now, talking about AI, this comes from GB hackers beware of fake AI scam calls that take over your Gmail account.
Yay.
Right? AI, like we said, it says spam scammers are use sophisticated AI technology to impersonate tech giants like Google, aiming to take over unsuspecting users Gmail accounts. A recent incident highlights these fraudsters cunning tactics, underscoring the need for heightened vigilance. That is no joke. Things have gotten a little weird out there, a little scary.
AI, as we saw, could be useful as far as helping us discern which one of these sock alerts are more realistic than others on the other side of the fence. There's a bunch of, there's a technical term for them, a holes. That's it out there that will also use AI for things that we don't really enjoy, like scamming you to take over your accounts. And now they have gone so far as to, they've really gotten sophisticated with like, I think the word sophistication or sophisticated kind of gets played a lot of. No, this is the absolute definition of sophistication.
[00:44:16] Speaker C: Yeah. With the, I guess the quickness, how we want to say, the speed of the technology. Right. And the way the AI is coming along on the deepfakes. But now with this type of attack that they're talking about, you don't know because they're literally giving you phone calls. And it sounds like a human being is actually talking to you. So unless you're really good at spotting and identifying it, if you're like me, half the time you're kind of paying attention to a phone call, unless my wife calls and I pay attention for everything. But overall, though, if you're, you're kind of half paying attention, you might not know. And then go, okay, yeah, sure, I'll press nine. I don't care. Yeah, and go through it. So it's amazing how well these things work. You and I were actually involved in a CTF that actually kind of proved like, you know, when we interacted with the AI there. It was pretty good.
[00:45:08] Speaker B: It was, it was not bad, especially for being kind of like cobbled together as like a proof of concept.
[00:45:13] Speaker C: Right?
[00:45:13] Speaker B: So Ronnie and I, when we were at Wild and Hat West, Hackenfest, uh, the good folks over at Red Siege, specifically, Jason Downey, he developed a way, because he does a lot of social engineering. He developed an AI system that allowed you to social engineer an entire company, a fake company that he created using AI technologies. You call phone numbers, you talk to people, and you interact with them. You attempt to social engineer your way through to gain access to the CEO's employee id and password. And if you get that, will you find yourself over at the booth and get yourself a lovely little challenge coin?
[00:45:50] Speaker C: Yeah.
[00:45:51] Speaker B: Such as this, which Ronnie and I both got because we were. We worked as a team, the ACI crew. We had a little fun with it. Sophia, I think, was the most interested in it because she was like, cool. I'm not really technical, so this seems like I could actually do it. And then Caleb was like, yeah. And Christian was like, yeah, let's. So we all kind of. And I was kind of over there, like, just guiding the process. And then eventually I couldn't help myself, and I got involved because it was so much fun. We had a big belly laugh. It was a lot of fun to mess with the AI, but it was really good and really crazy to see how you can utilize AI this way. Now, Ronnie, to your point, that that's. It could seem like a real person on the other end of the phone.
[00:46:34] Speaker C: Yeah. And that's the scary part. Right? Because you normally, you know, we're normally used to going through a phone tree, right? If you just hold on and then music starts to play and you kind of, okay, nine, nine or what? Zero, zero. Until you get to whatever you want to do. But this really did provide some type of interaction to what you were saying. And for us, once we figured it out, they're like, there were keywords.
[00:46:55] Speaker B: Yeah.
[00:46:56] Speaker C: That we could. Kim, you know, then we kind of realized it was like, okay, now he's just responding to the keywords. And now we know. But if you just interact with it, it's going to figure out, like, hey, you're. You're spending more time, you're doing this. And I think that if there was more time developed in that, we probably would've been fooled more.
[00:47:13] Speaker B: Well, and I think this. This article actually kind of points out how sophisticated you can get with this, because it says that the author of the article started off with, they received a prompt for a password reset from Google, and they were like, denied. I'm not resetting any password. Then they received a phone call from what seemed like Google help. Right. Like it was some sort of support system from Google. And even when they did a reverse on the number, it said it came from Google. Right. Which is crazy, but it's not, it's not Google. Then they told the AI, which they didn't, you know, obviously they thought something was fishy about it, but they said, hey, send me a verification email. And they received a verification email immediately. This system has been set up very, like I said, we tend to throw sophisticated out there. No, this is absolutely sophistication right here.
[00:48:08] Speaker C: Yeah. Imagine getting an immediate response. Not like an automate. I mean, like, right, you asked me for it, I'm going to show you, I'm going to send you.
[00:48:15] Speaker B: And then here it comes.
[00:48:16] Speaker C: Yeah. And you're like, oh my gosh.
[00:48:19] Speaker B: Absolutely right. So from then on, they received this email, then they get a follow up call later. Right. With another prompt, according. So this is Sam Mitrovic blog report. Exactly one week later, another recovery notification from the United States arrived following a call by an australian number. This time the user answered, or because they, I think they ignored the first one. Right on the line was a polite, professional american voice claiming to be from Google, warning of suspicious activity on the account. The caller inquired about the recent logins from Germany and claimed that the account data had been downloaded over the past week. While speaking, the user searched for the phone number online and found it linked to official Google documentation. Despite this awareness, the number spoofing kept suspicion alive.
When asked to send an email, the caller complied and an email, seemingly from Google domain arrived shortly after. And that's when that kind of started falling apart. The good thing was this person is kind of aware of security best practices and we're able to spot some of the weird little tells that really raise their eyebrow and go, oh, this is obviously a phishing campaign, things like that. It was a non Google domain, even though it was very well typo squatted. I think it says it was disguised as Google Mail right here, googlemailternalcasetracking.com dot, which is not a Google domain.
[00:49:40] Speaker C: Right, right.
[00:49:41] Speaker B: But to the untrained mom and pop out there just trying to live their life and go throughout their day and don't know these things, this totally would have smoked them.
Additionally, the caller's voice exhibited uncanny precision and pronunciation and spacing, suggesting AI generated it right again. It was too clean, it was too good. I think that has been one of the big telltale signs of just about any kind of AI technology that's a, whether it be audio or visual or whatever, even where attackers are using AI to generate phishing emails and things of that nature. They're too good.
I will obviously in the future be because I saw that one of the things that they use to detect whether or not AI generated a phishing email is does it use an Oxford comma? And I use Oxford commas appropriately all the time. All the time. So everybody's going to think my emails AI generated every time just because I use an Oxford comma. Probably, probably after today. But there you go. Says realizing this could be an AI driven scam, the user hung up, investigated further. They checked a recent sign in activity, found no unauthorized access. They examined email headers and revealed that Salesforce was used to spoof the sender's address over Gmail servers.
Incidents is a stark reminder that lengths of scammers will go to deceive their targets. And then of course we have a laundry list of things that we can do that will protect ourselves against such scams.
[00:51:07] Speaker C: And I think that that laundry list is a good laundry list.
[00:51:10] Speaker B: Yeah.
[00:51:11] Speaker C: For someone that technically knows what's going on. But when we start heading into like number four inspect email headers, then all of a sudden that's probably when it's going to get over the heads of a lot of people.
[00:51:22] Speaker B: What we should do is make that easier.
[00:51:24] Speaker C: Right.
[00:51:24] Speaker B: Right. We say hey, let's stop hiding them. Right. Because you got to go through a process to unhide them because it clutters up the top. Who cares? Now I think in some systems now it's just a click. Yeah, click on that and it will display.
[00:51:40] Speaker C: But some of them more information. Yeah. Good luck in finding, yeah, unless you go, okay, we're going to have to open this up and this up as well. And they can hide it.
[00:51:49] Speaker B: Yeah.
[00:51:50] Speaker C: And I'm thinking about this more for like this spear phishing type of attack right. Where the CEO doesn't know. It's like, well it sounds legit and they, they go ahead and they, they do this thing and then they never say anything because they don't want anybody to know that they actually had this happen to them as well.
[00:52:08] Speaker B: Do you know what my number one way of avoiding this type of a problem is?
[00:52:12] Speaker C: Don't look at your emails.
[00:52:14] Speaker B: Well that will definitely help. But if it's a call, I don't answer numbers. I don't, yeah, I don't answer numbers. I don't care if it said Google. Yeah, I'll be like, google's not calling me. And if they are they'll leave a message. If it's important, I'll call them back.
[00:52:26] Speaker C: And that's, that's what I do. I screen my calls in that way. I was like, if they really needed me, they'd leave their number and their name and I can call them back.
[00:52:33] Speaker B: Well, even if they left the number, I'm going to go to Google and I'm going to look up their contact information and I'm going to call that support number that I find on their legit website, not the one that they told me it was on the phone. You just can't trust any information unsolicited that's coming towards you. Right. If they are suspicion.
[00:52:51] Speaker C: Yeah.
[00:52:52] Speaker B: Right. That is the biggest red flag is that they reached out to you.
Right.
[00:52:57] Speaker C: Yeah.
[00:52:58] Speaker B: Now, do bad things happen? And they are by law required to, hey, we have data breach, we have blank, you know, x, Y or z happen. Yeah. But you're going to get an email that says that and they're not going to put a link in there. And if they do, don't follow it. Right. Just follow the steps that they add to the, the email. If they don't give you any, go log in normally, don't click the link that says log in here.
Nah. Nine.
No, don't do it. That's wrong.
You go do the things. Is that a harder way of doing things? Absolutely. But is it harder, say, than trying to back out of like, identity theft?
[00:53:35] Speaker C: No. Yeah. No.
[00:53:36] Speaker B: Right. That seems harder to me than looking up a phone number and waiting on hold to get a hold of somebody for. And being inconvenienced for maybe an hour. Yeah.
[00:53:46] Speaker C: So at some point everyone's gonna have to turn into us. You know, I don't wanna say skeptical. I think is right. Cynic. Yeah. To take a look at anything that you're doing that may have AI involved in it. Yeah. Possibility. Yeah. I think you're gonna have to have that mindset. I need to be skeptical of everything that I'm actually seeing or hearing at this point. And it's not a bad position to hold.
[00:54:10] Speaker B: That's exactly right. Last words from Mister running Wong. Heed them or live in peril.
[00:54:16] Speaker C: Happens every once in a while. Not too often.
[00:54:18] Speaker B: Happens every once in a while. You know, we're going to continue down this AI trend because what the heck, it's AI day here at Seknato. Our next article comes from security week says OpenAI says iranian hackers use chat TPT to plan ics attacks.
OpenAI has disrupted 20 cyber and influence operations this year, including the activities of iranian and Chinese. Now hold on, we've got it under good authority from the chinese government. That's all just a misinformation campaign from the US.
[00:54:49] Speaker C: There's no way you don't do that stuff.
[00:54:51] Speaker B: They are just sweethearts and don't do anything bad. Anywho, a report published this week by OpenAI reveals that the artificial intelligence company has disrupted more than 20 cyber and covert influence operations since the beginning of the year, including the activities of iranian chinese sponsored hackers. The report highlights the activities of three threat groups that have abused chat, GTP, jet chat, GPT, to conduct cyber attacks. And one of these is the cyberavengers group. That is the Iran's Islamic Revolutionary Guard Corps that has made headlines for going after the water sector. I think last week. Did we. I don't remember if we reported on it last week, there was an ICS attack that definitely made it in my feed against the water plant. It probably was this one. It was the water utility in Pennsylvania.
Yeah, that. That's not good. We like water. Water good. Stop it, Iran. But the. Obviously, the big takeaway here from this article is going to be the fact that. Open a. So hold on, OpenAI, the organization that creates chat GPT, are obviously monitoring.
[00:56:02] Speaker C: Yes.
[00:56:03] Speaker B: What's going on in your prompts, right? Because how else would they know and be able to thwart and stop iranian and chinese state sponsored d bag groups from doing debaggery.
[00:56:18] Speaker C: Yeah. If you're using a chat GPT account that's not tied to pay, let's say, even if it's tied to paid, but if it's not tied to paid, you, you definitely know that, hey, your data, whatever you're actually entering in there, whatever is actually happening, right? It's going to be available to someone to be able search, at least OpenAI to be able to go through and scan all that stuff, because they're getting.
[00:56:39] Speaker B: All the data, how they know it was iranian, maybe it was the way they were prompting, probably, or that the account was like, oh, yeah, it's coming from Iran.
[00:56:47] Speaker C: Or they might sign into cyber Avengers. Cyberavengers at Iran.
[00:56:54] Speaker B: This is true. You know, they're like, what are you gonna do? Right?
I know that's silly, but cyber Avengers.
[00:57:03] Speaker C: You never know, right?
[00:57:05] Speaker B: This is true.
[00:57:06] Speaker C: Hey, this is a cool email address.
[00:57:08] Speaker B: I'm not giving up my OG account just so that I don't get a. What are they going to do, come and arrest me?
But here was the interesting kind of big takeaway from this. I'm going to surmise this article for you out there.
They use chat GPT to help them look for and exploit vulnerabilities, create code for malware and exploits and all sorts of other things.
And at the bottom of the article they make sure to say that this isn't a very long article.
It says, here we go. However, OpenAI's investigation into the hackers activity on chat GPT showed that these interactions did not provide cyberavengers with any novel capability, resource or information, and only offered limited incremental capabilities that already, that are already achievable with public, publicly available non AI powered tools. So what they're trying to say is, well, yes, they did use chat GPT. It's not like chat GPT was like the fifth hacker in the room going, well, you know, we should do, I've got this idea, right, or that they were able to create something that was amazeballs, that that blew everybody's minds sitting in their little hacker group doing their hacker thing.
It was more like how you probably use chat CPT and how you use, hey, I don't remember how to make an HTTP request using python. Can you tell me how to do that chat CPT? And he goes, yes, to make an HTTP request, certainly. You know, and it pops. It always starts off with certainly, yeah, and it populates. Oh yeah, that's right. And you don't have to go read the python docs or go to stack overflow to do that thing you don't do normally, but needed some help with.
That's what it was doing.
[00:59:02] Speaker C: Yeah, it was basic reconnaissance. Right. When it comes down to it, they were trying to figure out like, hey, here's an ICS system, tell me what the vulnerabilities are. What do we actually tend to see?
[00:59:11] Speaker B: Is there like known creds for this? So instead of Google searching it, they chat GPT searched it, and it says, certainly there are well known credentials for ICS systems using water capabilities. When it comes to this system, which hard coded credits are this is, or well known creds are that and so on and so forth. And they went, cool, let's try those. And they did, and they were successful because, you know that Ot space is a bit of a dumpster fire when it comes to security. They are playing a lot of catch up and they're not doing it really fast for whatever reason. I don't understand that other than like, I would assume that it has a lot to do with if we turn this off or do anything with it, that we hacked the system we denial of serviced ourselves, because it's just gonna fall over. It's so old and insecure that anything we do to it probably will screw with it and make it fall down and go ow.
[01:00:06] Speaker C: And I think that for them, at least according to the article and I highlighted here on screen, if we can show that as well.
Specifically, the hackers asked chat GPT for industrial ports and protocols that can connect to the Internet, industrial routers and PLC's commonly used in Jordan, as well as electric electricity companies and contractors in this country. And default passwords for tritium Niagara devices and Hirschman RS industrial routers. So that probably led them to try and understand because they started probably seeing a pattern that a lot of people are leaving these devices with their default passwords or they can't change them. Whatever it might be, then this might be a way to, to infiltrate or to, to get access to things that they don't know. So. Yeah. Yeah, so it is. It's reconnaissance.
[01:00:55] Speaker B: Yeah. I'm guessing security Week is just an arm of the us intelligence agencies because it says right here that open I. OpenAI has also summarized the activities of China linked threat actor sweet specter, which not only used chat GPT for reconnaissance, vulnerability research, malware development and social engineering, but also attempted to send emails delivering malware to OpenAI employees. They really went for the gusto, didn't they?
[01:01:19] Speaker C: Yeah.
[01:01:19] Speaker B: Malicious emails were blocked before reaching the targeted inboxes. The AI company said. So again, we've got AI. AI can do a variety of different things. It is a tool at the end of the day, how we end up using it. Now, obviously we're trying to make that tool the master of the entire world for whatever reason, but for right now, it's just a tool that we still control and it can be used for good, it can be used for bad, it can be used for neutral things.
[01:01:49] Speaker C: Right.
[01:01:49] Speaker B: It's how it's employed that makes it good or bad, but it's, it's just a tool. And hopefully we can use AI to stop a. I don't know, maybe that's how it goes and it just implodes upon itself and like, spy versus spy. Yeah. We go back to living an agrarian society or something. I don't know. Spy versus spy. Yeah, they blow each other up.
[01:02:08] Speaker C: You can hope.
[01:02:10] Speaker B: You can only hope.
And just when you thought that we were done talking about AI, there's no way. Not this episode, kids, that's not how we roll. This is actually probably going to tickle you a little bit because I thought this was really great. Another really good way. So we've seen one good way, we've seen a couple of bad ways AI can be used. Let's show you another really good way that AI can be used with coming from cybersecurity news chat or GPT honey new Linux honey pot to engage in real time with threat actors.
Ooh. Now I've been really interested in honey pots lately. I've been playing around with teapot a little bit. Very cool framework for doing honey pots. Lots of great dashboarding and capabilities. Super easy to spin up, little time consuming, but still phenomenal resource. I cannot wait to get my hands on she TP honey. I cannot wait because this thing is going to be the bomb of honey pots. You like using AI to try to trick me? Well guess what? I could turn that table right back around on y'all out there, you dirty threat actors.
[01:03:16] Speaker C: Yeah, this is, this is kind of a, the thing that probably we can get more information from, right?
[01:03:22] Speaker B: Yeah.
[01:03:23] Speaker C: Four, in terms of honey pots, we were really observing, you know, passively, right, in trying to get, you know, the techniques or whatever we wanted to get from them as much as we could. But now it looks like GPT honey.
GPT honey. I don't know why I keep saying a bee, but whatever. Yeah. It can, it can actually interact with you, show you like hey, here you are, you're at a shell and that's going to interact with you and so you might even be able to, you know, for us in terms of engineering, right. Try and get more information from you as you interact with it.
And that's kind of amazing because now you're, you're live timing it and you're saying this thing is going to keep searching and digging for that, that attacker to try and provide more information, right?
[01:04:09] Speaker B: It's trying to get it to stay on the hook, right? It is. And it does it to each attacker. Attacker. It can curtail what it's doing to be specific to that attacker and go, oh, okay, it does a lot of really cool stuff. If we look down here we can see some of its says. Not only that, even. It also serves as a lure that enables organizations to monitor and analyze the tactics and techniques used by threat actors.
It says that new Linux honeypot can engage in real time with a threat actor as this honey potential dubbed GPT honey. I cannot read. And it tells you down here, it's like, look at this new approach mimics a Linux based operating system to interface commands instead of simulating a terminal which is capable of dealing with SSH connections on port 22 as the attacker executable input. In contrast to traditional honey pots, GPT honey provides individual, separate, self contained shells for each IP. Not only that, it even also has detailed command history logs, which enables it to have session persistence so the attackers can keep coming back to the well. Right. This is the systems architecture incorporates three distinct plugin types. Type one for direct API communications, type two for pre API command processing, and type three for post API response modification. This is crazy cheap et Hani is adept at constructing the most convincing corporate environments focused on financial, healthcare and technology. Here's a bit of a workflow for it. I'll let you read that. But it's very, very cool on how it hits the different types and how it works and responds with the help of a sophisticated prompt YAML configuration file. It creates those convincing corporate environments with realistic file systems, user management and command execution rules. This is super crazy, super awesome.
Like I said, it says, it creates an engaging and tricky environment that can maintain attacker interest for an extended period of time. Right. Lots of things that it continues to do to make sure the simulation maintains authenticity while collecting comprehensive logs of attacker behavior in a controlled environment offers delayed ping response, customizable SSH banners.
Here below, we have mentioned all the key features. Ultra lightweight AI generated response to commands, real time dynamic environments for each actor, which is the big deal. Custom command handling via plugins, detailed logging os changes via plain english prompts. Such a cool system. Such a cool. This is like, this is what excites me about what we can do with AI, right? This is how we can use it. We've been talking because it's really hard for us. I've seen it. I've seen people talking about how you can tune your honey pots. You build honey pots very, in such a specific way to waste the time of the attacker, gain more information about the attacker. But to Ronnie's point, it's static. It doesn't adjust itself to the wants and needs of the person attacking it. This does. Yeah, that's crazy.
[01:07:21] Speaker C: And then you're monitoring it, you're getting logs, you're getting persistence, you're, I mean that you're gonna learn more about that person. Yeah, you're gonna learn more about that attack as they come back, like, oh, I wonder if this is still up. It's still up.
[01:07:34] Speaker B: Yeah.
[01:07:35] Speaker C: Let me go ahead and see what else I can get, what else I can do.
[01:07:37] Speaker B: It's dripping with honey.
Anyway, we have fun here. So I just thought it was a really cool tool. I can't wait to see it come out. I looked for it. I don't see any way to like interact with it or download it quite yet. So maybe this is all, you know, pre capability before it actually hits the real world.
But I super look forward to being able to interface with this thing to see how it works, spin it up in my own environment. I've access to it. However it works, I want it.
[01:08:08] Speaker C: Yeah, I do too.
[01:08:10] Speaker B: Yeah. Gonna be fun. Gonna be fun.
All right, GPT honey, I promise. That is the last of the articles when it comes to AI for us today, I wanted to bring in another article and kind of a salute to our missing comrade, Sophia. She typically kind of handles all the tech and gaming news. She's really into gaming, which can't blame her. Who's not, right? Who's not? We all have our little alcoves when it comes to what kind of games we enjoy and things of that nature. But I wanted to add some, some gaming news to the, to the spectrum for us today. We've got this one here from ign.com.
pokemon developer game Freak reportedly hacked stolen data on unannounced games as well as Nintendo's two, the Switch two code name leaked online. Ooh, dun dun dun. This is definitely some interesting stuff because we have been long awaiting for the Switch, two things of that nature. It says the company.
This is an update. Game Freak has issued a statement confirming the company suffered a data breach in August 2024. Company said its server was illegally accessed with 2606 cases of current, former, and contract employee names. Awesome email addresses accessed the japanese language statement carries a date of October 10 and does not mention the Pokemon data that has emerged since. In the statement, Game Freak apologized to all those affected by the data breach and insisted that the vulnerability at the heart of the attack was since rebuilt. Okay, the original story, Pokemon developer game Freak has reportedly suffered a significant hack, resulting in the leak of stolen data that includes code names for 10th generation Pokemon games and even the Nintendo Switch two as reported by Nintendo Life. Data leaked online includes the codenames of Nintendo's next gen consoles, reportedly outs the code name of the announced 10th gen Pokemon game, reportedly Gaia, and the codename of the announced Pokemon legends. Za ikaku. Cool. Neither Nintendo nor Pokemon, the Pokemon company have issued a statement on the leaks, which I think they probably have at this point. IGN has asked both for a comment. Yeah, they have now issued a statement which they showed above. I'm sure they can neither confirm or deny.
[01:10:27] Speaker C: Nope.
[01:10:27] Speaker B: Whether or not those names are. They did confirm that there was a data breach, but I think they were kind of neither confirm nor deny any of the naming conventions that have been leaked out, whether or not they are true or not. That is the names of those, whether, you know that is a part of the next generation of Pokemon games or Nintendo Switch stuff. But a lot going on. People are clamoring. Apparently it's been quite a while since the Pokemon game has hit the market, Ronnie.
[01:10:51] Speaker C: Yes, that is what I understand, too. What is it? Years now?
[01:10:55] Speaker B: Years.
[01:10:56] Speaker C: Years.
[01:10:57] Speaker B: Which I can see one or two, maybe three.
Getting long in the tooth if it's four. But has it said how long it's been since we, since we've had a Pokemon game?
[01:11:08] Speaker C: Verify. Okay. I didn't get all the way down to the bottom here.
[01:11:12] Speaker B: I'm gonna look up the Pokemon, Pokemon franchise, and let's see here.
When was the reactions general concept were the games? Does it not have a list of games?
I would assumed it would have had a list of games. List of Pokemon.
Look for Scarlet and Violet.
Scarlets.
Okay, there's Scarlet and Violet says the most recent main installments of the games series are the generation was at six, right? Is that six? I think that's six. No, nine. Yeah, it's an x, not a V.
Pokemon Scarlet and Violet, which released since November 2022. So it hasn't been too long since we've had some Pokemon games.
[01:12:07] Speaker C: A couple of years.
[01:12:07] Speaker B: Yeah.
I. I still. My kids love the Pokemon games. Right. They've. They played the old GBA one, so, like, the firered and Emerald Green, I believe, are their favorites.
[01:12:20] Speaker C: Yeah. My daughter played it. I have no clue what she.
[01:12:22] Speaker B: I remember when the office was always crazy with Pokemon go.
[01:12:27] Speaker C: Yes.
[01:12:27] Speaker B: When Pokemon go came out, had a great effect that everybody was kind of getting outside and doing stuff outside.
Megan, one of our director producers around here, she was. Titus, she is a gamer. Yeah, that girl's a gamer. She's all about game. Yeah, that's right. Titus was a big deal when it came to Christian. Were you a Pokemon go fan?
[01:12:47] Speaker C: Yes. There you go.
[01:12:48] Speaker B: He answered yes if you couldn't hear him.
[01:12:50] Speaker C: Yeah.
[01:12:51] Speaker B: Yeah. It was a really good game. So looking forward to seeing how this works out, what's gonna look like and how that goes. They did say that there were some Nintendo games as well. Like I wanna say it was.
[01:13:05] Speaker C: This is more about exciting news for people that are fans of Pokemon. The leaks that are coming out well.
[01:13:11] Speaker B: And Nintendo Switch, too.
[01:13:12] Speaker C: Nintendo Switch, too.
[01:13:13] Speaker B: Which, if I'm not mistaken, the article kind of leads you to believe that the next Pokemon games, the next generation Pokemon games will be on the switch two.
[01:13:23] Speaker C: Nice.
[01:13:23] Speaker B: That they're kind of working hand in hand. Maybe even when it comes to that. Again, I'm not the hugest, like, Nintendo freak fanatic. I'm interested. We don't have a switch yet. Spoiler alert, kids. If you're watching, to my children, that is, which they're not. We're going to buy them a Nintendo switch Christmas.
[01:13:45] Speaker C: Oh, whoa.
[01:13:47] Speaker B: You know the oled?
[01:13:48] Speaker C: Oh, yeah.
[01:13:49] Speaker B: Nice model. Because they've, every time we go to Walmart or something, now they're all about, can we go play the switch?
[01:13:56] Speaker C: Yeah.
[01:13:56] Speaker B: I'm like, okay, if you're that interested in it, you're going to actually play the thing.
[01:14:00] Speaker C: I think they're social engineering you. Yeah, I think that they're just like, okay. I see. They keep walking over to it.
[01:14:05] Speaker B: My problem is I also have to buy, like, a pro controller or something or maybe.
[01:14:08] Speaker C: Oh, that's true.
[01:14:09] Speaker B: Joy Cons.
[01:14:09] Speaker C: Yeah.
[01:14:10] Speaker B: For. Cause there's five of us, so even my son, who's four, is ready to go. He's ready to play. Yeah.
[01:14:16] Speaker C: Can't blame him.
[01:14:17] Speaker B: I'll get a pro controller for myself.
[01:14:20] Speaker C: Ah, yeah.
[01:14:22] Speaker B: I'm not saying I'll play.
[01:14:24] Speaker C: Just, yeah, I just want it.
[01:14:25] Speaker B: I am gonna play. My God, I'm gonna have a pro controller in my hands. Damn those joy cons.
They're built for, like, I don't know.
[01:14:34] Speaker C: Oh, yeah, my kids elves or something. My kids are gonna want one. But the reality is, Daniel wants a pro control.
[01:14:40] Speaker B: You shut your mouth, Ronnie. Shut your mouth right now. This is for my children.
[01:14:45] Speaker C: I see the altruism that's coming out in you.
No, it's really for the kids.
[01:14:50] Speaker B: Yeah, yeah, yeah. And then, of course, as soon as I buy one switch, two will come out and it'll drop the switch to 250. And I'll be like, I'll go to a used market. I'll buy one. Used kids won't know. They don't care.
[01:15:05] Speaker C: No, yeah, they don't know.
[01:15:06] Speaker B: Yeah, yeah. Just find it in the box. Used model for, you know, 275 or 300.
Sure.
[01:15:14] Speaker C: I know nothing about these games, Ronnie.
[01:15:16] Speaker B: Was the last time you actually gamed?
[01:15:19] Speaker C: 1994, maybe?
[01:15:20] Speaker B: That was a while back.
That was a. That was a hot minute.
[01:15:24] Speaker C: I am. I am the worst at video games. As soon as I play one and I die, I'm like, okay, I'm done. I just. I can't. Yeah. I'm like, it's so frustrating for me. So I did try at one particular point in time, and then, yeah, once they got really fancy, I couldn't keep up with them anymore. I was just done.
[01:15:45] Speaker B: So Sophia and I have talked about this. There's different levels of games, and they tend to be a bit black or white. They either be. They're either like, very involved.
[01:15:56] Speaker C: Yes.
[01:15:57] Speaker B: Very lengthy. They don't want you to ever leave the ecosystem. They just want you to continue to find value. So there's in game purchases and all the other stuff that you can do. The NPC's are getting better every day. And of course, you're interacting with actual real other players online. Yeah. Buying skins and doing all sorts of fun stuff, trading things and so on and so forth. And then there's the. It's for kids, right.
[01:16:20] Speaker C: That would be free. Yeah.
[01:16:21] Speaker B: And you can't really lose the game. You don't have to.
[01:16:26] Speaker C: That's more my speed then. Yeah, I'd do that.
[01:16:29] Speaker B: If you want some time, kill Ronnie and you want to go into modern gaming. Those games exist. You'll have a great time.
[01:16:34] Speaker C: Yeah.
[01:16:34] Speaker B: I played a few of them with. We did like a gaming episode of Techneta where we just played games.
[01:16:39] Speaker C: Yeah. It was when my daughter wanted me to play whether it was some type of battle game.
[01:16:44] Speaker B: Elden rings. Right now what it's called.
[01:16:47] Speaker C: I don't know it. Yeah. Sometimes battled between Nintendo characters that you pick your character and they could battle Smash bros. Bro. I think that's what it was called. My character kept walking off the edge of the screen, and I was like, I don't know what I'm even doing.
[01:17:02] Speaker B: Ronnie said not stop holding the controller in the down position. I don't know what the problem is. It just kept walking.
[01:17:08] Speaker C: I was like, I don't know what I'm doing here. So I finally gave up after three times dying.
[01:17:13] Speaker B: At least you tried.
[01:17:14] Speaker C: Yeah, I did.
[01:17:15] Speaker B: Speaking of trying, at least we tried to make an episode today. Hopefully we succeeded. Hopefully you guys enjoyed it.
[01:17:21] Speaker C: Yeah.
[01:17:21] Speaker B: But that's fun. Is the tech nado? Ladies and gentlemen, we do appreciate you joining us today.
I'm sure there's a bunch of marketing spiel that Sophia has on the top of her head. Like November.
[01:17:35] Speaker C: November.
[01:17:35] Speaker B: November. Remember, remember the 6 November? Because then we have an all things cyber. We have an all things. Or is it the fifth?
[01:17:43] Speaker C: It's November. I should know this, but.
[01:17:46] Speaker B: Yeah, you should, because you just booked us here. While he's looking that up, it's with a one mike Saunders, a good friend of mine, of ours, honestly, from Red siege.
He's gonna make an appearance here. Red team. Lead Red team and security analyst for and consultant for Red Siege.
[01:18:06] Speaker C: November 7.
[01:18:06] Speaker B: November 6. We got it right somewhere in there. I'm like, November 5 is when we vote.
[01:18:12] Speaker C: Yeah, right.
[01:18:13] Speaker B: I'm like, can't be that. That's okay. So that's a Tuesday, right? Duh.
[01:18:17] Speaker C: Yeah. Hello, November 7.
Listen, Saunders and coming back for all things cyber.
[01:18:23] Speaker B: That's right. Gonna be an awesome time. He is a wealth of knowledge. He's created shellcode obfuscations that are amazing. He if you need something answered when it comes to the offensive side of security, the man has probably got something for you. So I would highly recommend you come and sign up for that. I don't know if we have that on the website just yet.
[01:18:45] Speaker C: Probably not.
[01:18:46] Speaker B: Keep an eye out. It's going to be at aci learning.com webinars. Keep an eye out there. Once it's on the website, you'll be able to register for that. But we'll also be on like YouTube. And I don't know if we do LinkedIn live and Zoom and everything. I forget which channels we have again. Not Sophia. Not Sophia. I don't know those or have me neither access to that information. I'm just really good at talking to cybersecurity people and getting the info because I want to know. I want to just as bad as you do. Answer those questions. Have a good time running. Thanks for joining me in. Thanks for filling in.
[01:19:21] Speaker C: Appreciate being asked to be here.
[01:19:23] Speaker B: Appreciate you doing it. And we appreciate you watching. Until next time, keep hacking.
[01:19:28] Speaker A: Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.