Inside Security Intelligence

Joining us this week is Jason Steer, principal security strategist at Recorded Future. Our conversation centers on the state of threat intelligence in a rapidly changing security environment, how organizations are adapting and evolving their threat intelligence strategies, as well as Jason Steer's outlook on some of the security challenges professionals are likely to face in the year ahead.

Rick Howard has enjoyed a distinguished career in cybersecurity, including time in the U.S. Army and as chief security officer at Palo Alto Networks. These days, I'm proud to call Rick my colleague at the CyberWire, where he serves as our chief security officer and chief analyst.  Rick Howard is also creator of the podcast series CSO Perspectives, where he explores the wide spectrum of issues facing chief security officers. In an early season of that show, Rick focuses on the notion of first principles, the foundational notions on which our fundamental security ideas and beliefs rest. Rick Howard joins us this week for an overview of first principles — what it means, how to implement it, and how to convince the powers that be in your organization that it's the right thing to do.

Bad actors continue to accelerate their use of inauthentic or captured online identities to facilitate their activities. Whether it's phishing for credentials, making use of leaked identity databases or scraping publicly accessible information, they take advantage of weaknesses in identity management systems and inadequate awareness to make their way into and, once inside, around systems. Our guest this week is Recorded Future's Vice President of Product Management, Jamie Zajac. She explains the ongoing challenges organizations face with identity fraud, and what can be done to prevent it.

Distributed Denial of Services attacks continue to grow in size, frequency and sophistication, and it's in every organization's best interest to properly prepare themselves against this sort of online attack.  The team at Cloudflare recently published their 2021 Q3 report on DDoS, outlining their observations and recommendations for mitigating DDoS attacks. Joining us is John Graham-Cumming, CTO at Cloudflare, to share his insights on the state of the DDoS threat, and where things may be headed.

Joining us this week is Herbert Lin, Senior Research Scholar at the Center for International Security and Cooperation and Hank J. Holland Fellow at Stanford University. He's author of the book, Cyber Threats and Nuclear Weapons, in which he outlines the challenges the U.S. faces in modernizing the control systems for our nuclear weapons arsenal, the dangers of connecting these systems to the internet, and the peril of feature-creep and increased complexity in the nuclear age.

Recorded Future's Insikt Group recently published a report titled, “Cyber Threats to Veterans in 2021: Spam and Scams Exploit Support for Veterans.” The report outlines the ways online scammers are targeting both veterans themselves and people who may be sympathetic to causes that claim to support veterans.  Andrew McIntyre and David Carver are members of the Recorded Future Insikt Group's subscriptions and periodicals team, and they join us with insights from the report. 

On this week's show we welcome back Recorded Future's Allan Liska to discuss his newly published book, Ransomware: Understand, Prevent, Recover. In the years since Allan co- authored his previous book on ransomware much has changed, with an increased sophistication from the threat actors, higher ransom demands and extortion thrown into the mix. Allan Liska explains these changes, and provides his expert insights on what organizations need to do to protect themselves from this continuing threat. 

The Cybersecurity and Infrastructure Security Agency, better known as CISA, was spun up in 2018, operating under the Department of Homeland Security. In July of 2021, Jen Easterly was confirmed by the US Senate as director of CISA, and under her leadership the organization has continued its efforts toward public private partnerships in cybersecurity. CISA recently established the Joint Cyber Defense Collaborative (JCDC), an effort by the agency to lead the development of proactive cyber defense operations plans. Kiersten Todt is chief of staff at CISA, and she joins us with insights on the agency's efforts.

Deepfakes and other synthetic media have been grabbing headlines recently for a spectrum of reasons, from unauthorized celebrity pornography to comedy memes and even alleged fraud cheating companies out of hundreds of thousands of dollars. It's a rapidly evolving technology that, like most technological innovations, can be used for good or evil. Henry Ajder is head of policy and partnerships at Metaphysic, an organization at the cutting edge of synthetic media. He joins us to help make sense of synthetic media, and why as security professionals we need to stay vigilant about the pros and cons of the technology.

The cybercriminal group FIN7 made a name for themselves in the criminal underworld for being responsible for large-scale payment card theft campaigns, resulting in the exposure of over 20 million card records. More recently they've set their sights on ransomware, as well, and to support their efforts they began recruiting employees using a bogus cybersecurity company using the name Bastion Secure. Our guest today is Ilya Volovik, team lead for the threat intelligence team at Gemini Advisory, a Recorded Future company. He and his colleagues recently published research titled FIN7 Recruits Talent For Push Into Ransomware. He describes how a source reached out to describe being recruited by the FIN7 decoy company, which led to insights into some of the tools they use.

Like most emerging technologies, artificial intelligence can be used for good or bad, depending on who's using it, their intentions and how they apply it. There can also be unintended consequences, which presents policy makers with challenges when trying to apply guard rails to things like AI.    Our guest today is Megan Jacquot. She's an associate cyber security threat intelligence analyst at Recorded Future. On today's episode, Megan describes her work with international non profit ForHumanity, and how they aim to be an informed source for policy makers who are setting the rules of the road on the future internet.

Recorded Future's Insikt Group recently discovered a new Canada-focused darknet marketplace called WeTheNorth. This localized criminal marketplace features a variety of illegal goods and services for sale, many of which pose a threat to local and global enterprises. WeTheNorth administrators have gone to great lengths to create a marketplace geared toward protecting Canadian buyers and sellers and fostering a relatively safe place to complete transactions. On this week's episode we welcome back Recorded Future threat intelligence analyst Charity Wright to provide insights on WeTheNorth and the techniques she and her colleagues used to analyze the group.

Our guest this week is Harry Kemsley. He's president of national security and government at defense intelligence organization, Janes. Prior to joining Janes, he spent 25 years in the Royal Air Force.  Harry Kemsley is author of a recent opinion piece published in The Hill, titled In OSINT we trust? In it, he makes the case that many intelligence organizations around the world would do well to increase their use of open source intelligence. To do that, there are cultural issues regarding the reliance on classified sources that may need to be overcome, but in the end, he believes the benefits are worthwhile.

Our guest this week is Kimberly Grauer. She is the director of research at Chainalysis, where she examines trends in cryptocurrency economics and crime.  Kimberly Grauer joins us with insights on the state of cryptocurrency around the world, the cultural and regional considerations that play into adoption by individuals, organizations and governments, and where she thinks things are headed. 

Ransomware threat actors continue to make their way into systems of organizations big and small all over the world, leading to business interruptions, financial loss, and reputational damage. Even more troubling are recent reports attributing loss of life to ransomware attacks on medical facilities.    Our guest this week is Recorded Future threat intelligence analyst Dmitry Smilyanets. He brings his experience and unique insights to the conversation, with the latest tactics, techniques and procedures he and his colleagues are tracking from ransomware operators. 

Our guest this week is veteran journalist and author Dina Temple-Raston, the newest member of the team at The Record by Recorded Future. Her distinguished career has included assignments at Bloomberg, The New York Sun, and most recently NPR, where she was a member of their Breaking News Investigations team. She shares her own professional story, why she chose to join the team at The Record, and how she sees cybersecurity journalism shaping up in the coming years. 

Recorded Future's Insikt Group recently published a report titled, Dark Covenant: Connections Between the Russian State and Criminal Actors. The report outlines the categories of cyber criminals enjoying privileged status within Russia, along with their often fluid relationships with official Russian authorities.  Joining us to discuss the report is a Senior Threat Intelligence Analyst from Recorded Future's Insikt group. Due to the sensitive nature of the report and her part in gathering information in it, we are respecting her request to remain anonymous. 

Joining us this week is John Kelly, founder and CEO of Graphika, a software as a service platform for contextual influence mapping, social media marketing, advertising and analytics. He shares his career journey toward the formation of Graphika, and explains the foundational principles behind mapping complex online social networks, the challenges it presents, and what it means for a world faced with ever-increasing levels of disinformation and influence operations.

Our guest this week is Gunter Ollmann, chief security officer at security analytics firm Devo. He shares his insights on the history and evolution of security analytics, the challenges organizations face when implementing them, the network effects of cloud migration, as well as strategies for making the case to the organizational powers that be that security analytics are a wise investment.

Scholars and researchers from the think tank New America recently released an education policy initiative titled, Teaching Cyber Citizenship — Bridging Education and National Security to Build Resilience to New Online Threats. The report outlines challenges facing educators when it comes to preparing students for the online world, describes the broad spectrum of reasons why it's important that they are properly prepared, and provides resources and potential solutions for communities and school systems to adopt.  Joining us this week are two of the report's coauthors, Lisa Guernsey, director of New America's Teaching, Learning and Tech Program, and Peter W. Singer, strategist and senior fellow.

Joining us this week is Jamil Jaffer, senior vice president for strategy, partnerships & corporate development at IronNet Cybersecurity, the organization founded by retired General Keith Alexander, former Director of the National Security Agency and Founding Commander of U.S. Cyber Command. Our conversation covers a variety of topics, including Jamil Jaffer's own career journey on Capitol Hill and as a self-described “recovering lawyer”, his views on the steps the Biden administration has taken so far in cyber defense, as well as IronNet's involvement in defending the network operations center at this year's BlackHat.

Our guest this week is Lauren Zabierek, Director of the Cyber Security Project at Harvard's Belfer Center. She's co-author of a recently published report on the Belfer Center's Russia Matters website titled, “US-Russian Contention in Cyberspace: Are Rules of the Road Necessary or Possible?” It's a compelling look into the state of Russo-American relations in cyberspace, why progress in this area is challenging, and what steps might be taken to help both nations work toward improved understanding and, someday, cooperation.

Our guest this week is Rachel Lerman, technology reporter at The Washington Post. She's coauthor of a recent piece featured in the Post's technology section titled, The Anatomy of a Ransomware Attack. The piece explains the who, what, when, where, and why of the growing, global problem of ransomware attacks. It's one of those helpful explainers that those of us in the cybersecurity business can keep at the ready to pass on to our friends and colleagues who ask what this whole ransomware thing is all about, and why they should be concerned.

Recorded Future's Insikt Group recently released research outlining China's attempts at what they describe as digital colonization. A focus of China's efforts involve providing attractive, cost-effective infrastructure deals for developing African nations, using technology sourced from China, technology that includes substantial surveillance capabilities. For some regimes this is all the better, but for others it means joining the online global marketplace in exchange for allowing Chinese authorities an unfettered view into their nation's online activities.  To help us understand the implications of this bargain we welcome back to our program Recorded Future's Charity Wright, expert cyber threat intelligence analyst. 

Joining us this week is Ryan Chapman, Principal Incident Response & Forensics Consultant at Blackberry.  Our conversation centers on his belief that most organizations aren't nearly as prepared for a ransomware incident as they think they are, a belief that has been formed from countless engagements with groups who found out the hard way that their backups have issues, or their overall incident response plan comes up short. We explore the spectrum of reasons why that may be so, and discuss practical ways for security professionals to balance their organization's resources with their appetite for risk.

Our guest this week is Ryan Naraine. He's the creator and publisher of Security Conversations, a publication covering the business of cybersecurity through the lens of a veteran journalist and storyteller with a focus on the business trends driving decisions for CEOs, CISOs, and engineering decision makers. We'll learn how Ryan helps bridge the gap between well-intentioned CISOs doing their best to keep their organizations safe and secure, and cybersecurity vendors trying to cut through the marketing noise and hype.

Recorded Future's Insikt Group recently published the latest version of their annual report focused on the political landscape facing the LGBTQIA+ community worldwide in the last year. The report is titled Pride and Prejudice in Shifting Landscape of LGBTQIA+ Laws Worldwide, and it tracks both progress and challenges the Pride Community face around the globe.  Joining us to share insights from the report as well as the story behind its inception are Recorded Future's Lea Cure and Evan Akin. 

It's fair to say that the explosive growth in ransomware attacks over the past year or so, combined with the big-game-hunting approach from ransomware operators, has set the cyber insurance industry back on its heels. As the direct and indirect costs of cyber attacks have increased, insurance providers have taken a renewed approach to cyber, and the role they play in helping set standards for detection, resilience and incident response. Michael Phillips is Chief Claims Officer of the cyber insurance firm Resilience. He also serves as Co-Chair of the Ransomware Task Force convened by the Institute for Security & Technology. He joins us with insider insights on how specialists in the cyber insurance world are adapting to a rapidly evolving landscape. 

There's a versatile, easy-to-use utility being offered for sale on underground hacker forums, called HackMachine. It allows users to target victim domains and scan sites for known vulnerabilities, attempt brute force attacks, and ultimately inject paycard skimmers or exfiltrate user databases and personally identifiable information. Ilya Vovovik and Shane Asher are researchers at Gemini Advisory, a Recorded Future company, and they join us with key findings from their research into HackMachine, along with advice on how to best protect your organization against it.

Joining us this week is Jon Ford, Managing Director of Global Government Services & Insider Threat Risk Solutions at Mandiant. Our conversation centers on his experience with effective insider threat programs, from both a technical and human perspective. With twenty years of experience in the FBI before joining Mandiant, Jon Ford gained extensive knowledge from bringing to justice some of the world's most notorious cyber criminals, knowledge which informs his approach to solving today's most pressing security issues.

This week we welcome back to the show Lindsay Kaye, director of operational outcomes with Recorded Future's Insikt Group. We'll discuss their recently published report, titled “Bad Code: Upstream Code Flaws Have Far-Reaching Consequences.” The report highlights some of the often-overlooked ways in which code can be compromised. Lindsay takes us through specific examples from the report, and provides her expertise on how to best protect your organization's supply chain from them.

Joining us this week is Jack Cable. He's a security researcher and student at Stanford University, currently a researcher with the Stanford Internet Observatory and the Stanford Empirical Security Research Group. Jack built a reputation for himself in hacker circles as a talented and prolific bug bounty hunter, and is ranked within the top 100 hackers all-time on HackerOne. He started his cyber security pursuits as a teenager, and joined the Defense Digital Service out of high school, where he helped run the Hack the Pentagon bug bounty portfolio, advised on the next iteration of the DoD Vulnerability Disclosure Program, and built innovative cybersecurity assessment tools.

Our guest this week is Niloo Razi Howe. She is a Senior Operating Partner at Energy Impact Partners, and an investor, entrepreneur, and cybersecurity expert.  Our conversation centers on some of the cybersecurity policy decisions coming out of the Biden Administration, the challenges of ransomware and attribution, dealing with adversary nation states willing to turn a blind eye on cybercrime, as well as her outlook for possible solutions to these challenges.

The Emotet malware and cybercrime campaign recently made headlines, not for infecting victims with Trickbot or Qbot malware or spinning up a new botnet, but instead for being taken down by law enforcement. In January of this year, an international effort led by Europol took control of Emotet infrastructure, effectively taking it down, as well as making arrests of alleged perpetrators in Ukraine.  To help us understand the impact of the takedown on the global malware ecosystem, I'm joined this week by Greg Lesnewich, senior intelligence analyst with Recorded Future's Insikt Group.

The Institute for Security and Technology recently published a report titled, “Combating Ransomware: A Comprehensive Framework for Action, Key Recommendations from the Ransomware Task Force.” In their words, the report, “details a comprehensive strategic framework for tackling the dramatically increasing and evolving threat of ransomware, a widespread form of cybercrime that in just a few years has become a serious national security threat and a public health and safety concern.” Joining us to discuss the report is Philip Reiner, Chief Executive Officer at The Institute for Security and Technology.

Our guest this week is Collin Barry, Director of Cyber Threat Intelligence at Expedia Group. He shares his career path, including globetrotting stops at the CIA and with Booz Allen Hamilton, and what his day-to-day looks like at Expedia Group, leading their threat intelligence efforts, protecting their online travel and marketplace endeavours. He shares his experience starting a threat intelligence operation from scratch, how he established buy-in from stakeholders, as well as why he believes attribution is secondary to understanding adversary tactics. 

This week we welcome back to our program security pioneer Graham Cluley. After starting his career writing the original version of Dr. Solomon's Antivirus Toolkit for Windows, Graham moved on to senior position at Sophos and McAfee. In 2011 he was inducted into the Infosecurity Europe Hall of Fame. These days, he's an independent blogger, podcaster and media pundit. Our conversation takes a sometimes nostalgic look back at the origins of computer malware, what it was like fighting the good fight back then, how things have developed over the years, and what he thinks the future may hold. 

Our guest this week is Anjuli Shere. She's an analyst, writer, and researcher, currently pursuing a doctorate in Cyber Security at the University of Oxford. Anjuli's research centres on emerging threats to journalists from new internet-connected technologies. She is creating a framework for news organizations and journalists in democratic countries to improve the protection of their staff and sources against threats from the Internet of Things.

Recorded Future's Insikt Group recently published a research report titled, The Business of Fraud: An Overview of How Cybercrime Gets Monetized. The report describes the types of fraud methods and services currently used by threat actors to facilitate their campaigns. It provides an overview of some notable recent developments, lists some of the top vendors of these services on the criminal underground, and provides suggested mitigations for defenders to implement.  Joining us this week to discuss their findings are Recorded Future's Kirill Boychenko and Roman Sannikov both members of the Insikt Group's team cybercrime and underground. 

Joining us this week is Madiha Fatima, a director and head of third-party risk management at Angelo Gordon.  Our conversation centers on creating and maintaining an effective third-party risk management program. We discuss creating an effective due diligence process, integrating automation and process efficiencies, as well as some of the emerging risks she and her team are tracking. We address the human side of risk management, and Madiha shares her advice for keeping your risk management program thorough, while not finding yourself overwhelmed.

For this week's show we welcome back Allan Liska, a member of Recorded Future's CSIRT security team. Allan updates us on the latest trends he and his colleagues are tracking on the ransomware and online extortion fronts. We discuss the growing sophistication of the tools and tactics attackers are using, and the remarkable brazenness with which they do their business.

We're sharing a special bonus episode in your feed this week, from the CyberWire's CSO Perspectives podcast hosted by Rick Howard.  This episode, Cybersecurity First Principles: Intrusion Kill Chains, Rick talks about why intrusion kill chains are the perfect companion strategy to the passive zero trust strategy he talked about last week. The key takeaway here is that we should be trying to defeat the humans behind the campaigns collectively, not simply the tools they use independently with no context about what they are trying to accomplish.

Our guest this week is a true internet pioneer. Paul Vixie describes himself as a “long time defender of the internet.” He's  an author or co-author of several RFC documents and open source software systems including BIND and Cron, a serial entrepreneur now CEO and co-founder of his fifth startup company, Farsight Security, and an inductee into the Internet Hall of Fame.  He joins us with insights on how we are suffering the ramifications of early internet design choices, what that means for global networking going forward, and, specifically, why he believes it's best not to rely on outsourcing your DNS.

On the occasion of this, our 200th episode of the Recorded Future podcast, we welcome back our very first guest, Robert M. Lee, CEO of industrial control systems security company Dragos. They recently published their 2020 ICS security year in review report, and Rob joins us to share some of the insights he and his team have gained over the past year, as well as the long term security trends they're tracking.

Our guest this week is Sir David Omand. He is former director of GCHQ, one of the UK's primary intelligence agencies, and  is currently Visiting Professor in War Studies, King's College London.  We'll be discussing his career in intelligence and public service, the changes he's seen along the way, and we'll discuss his most recent book How Spies Think: 10 Lessons from Intelligence.

On today's program, a conversation with a pair of CEOs from leading companies in the cyber security industry. Joining us are Marten Mickos, CEO of bug bounty platform provider HackerOne, and Christopher Ahlberg, CEO at Recorded Future.  They share their insights on what it takes to be a successful CEO in a rapidly changing cybersecurity field, the importance (or not) of having deep technical skills, differentiating yourself in a crowded marketplace, and the ongoing challenges of the unknown unknowns.

Deepfakes continue to be a growing security concern. As the technology to alter video footage and replace one person's face with another's has advanced in ease, sophistication and availability, the use of deepfakes has become more broadly prevalent, extending beyond novelty use to become another tool in the adversary's playbook.  Our guest today is Andrei Barysevich, cofounder and CEO of fraud intelligence firm Gemini Advisory. He shares his insights on the growing criminal market for deepfakes, and how organizations can best prepare themselves to defend against them.

Our guest this week is Simon Hodgkinson. He's a security professional with over 35 years of experience in the space, most recently as CISO for BP. In our conversation, Simon shares his thoughts on the evolution of the cyber security space that he's witnessed over the course of his career, and how we might address the industry skills gap that's leaving millions of jobs unfilled. We'll get his take on threat intelligence, as well as his advice for folks who are looking to pursue a career in cyber security.

The last few years, and the most recent election cycle in particular, have brought unprecedented levels of misinformation and disinformation to the fore. This era of online disinformation bots, fake news, and  interference from foreign adversaries has sown the seeds of division in our culture, much of it distributed and amplified on social media platforms.  Jane Lytvynenko is a senior reporter at Buzzfeed News, and the past several years she's been focused on disinformation — where it comes from, who's seeing it, how it works, and what might be done to defend against it. She joins us to share her insights.

Our guest is Nick Sinai, Senior Advisor at Insight Partners, a global venture capital and private equity firm investing in high-growth software companies. Before joining Insight in 2014, Nick served in the White House, where he was U.S. Deputy Chief Technology Officer. At the White House, Nick led President Obama's Open Data Initiatives and helped start and grow the Presidential Innovation Fellows program, which brings entrepreneurs, innovators, and technologists into government.  Nick is a senior fellow and former adjunct faculty at the Harvard Kennedy School, where he taught a technology and innovation in government field class. Nick is also an advisor to Coding It Forward, a nonprofit that places computer science, data science, and design students in federal agencies.

The COVID-19 global pandemic has, predictably, attracted bad actors intent on using fear and uncertainty as a framework for a variety of actions, from run of the mill money scams to targeting phishing, business email compromise and even espionage.  Recorded Future's INSIKT research group has been following these money trails and correlating them with a spectrum of bad actors around the globe. They recently published their findings in a blog post titled, “Follow the Money: Qualifying Opportunism Behind Cyberattacks During the COVID-19 Pandemic”. On today's episode we've got a pair of INSIKT group researchers joining us to share their expertise. Lindsay Kaye is Director of Operational Outcomes for the Insikt Group at Recorded Future, and Charity Wright is a Cyber Threat Intelligence Analyst.