POPULARITY
AI models today have a 50% chance of successfully completing a task that would take an expert human one hour. Seven months ago, that number was roughly 30 minutes — and seven months before that, 15 minutes. (See graph.)These are substantial, multi-step tasks requiring sustained focus: building web applications, conducting machine learning research, or solving complex programming challenges.Today's guest, Beth Barnes, is CEO of METR (Model Evaluation & Threat Research) — the leading organisation measuring these capabilities.Links to learn more, video, highlights, and full transcript: https://80k.info/bbBeth's team has been timing how long it takes skilled humans to complete projects of varying length, then seeing how AI models perform on the same work. The resulting paper “Measuring AI ability to complete long tasks” made waves by revealing that the planning horizon of AI models was doubling roughly every seven months. It's regarded by many as the most useful AI forecasting work in years.Beth has found models can already do “meaningful work” improving themselves, and she wouldn't be surprised if AI models were able to autonomously self-improve as little as two years from now — in fact, “It seems hard to rule out even shorter [timelines]. Is there 1% chance of this happening in six, nine months? Yeah, that seems pretty plausible.”Beth adds:The sense I really want to dispel is, “But the experts must be on top of this. The experts would be telling us if it really was time to freak out.” The experts are not on top of this. Inasmuch as there are experts, they are saying that this is a concerning risk. … And to the extent that I am an expert, I am an expert telling you you should freak out.Chapters:Cold open (00:00:00)Who is Beth Barnes? (00:01:19)Can we see AI scheming in the chain of thought? (00:01:52)The chain of thought is essential for safety checking (00:08:58)Alignment faking in large language models (00:12:24)We have to test model honesty even before they're used inside AI companies (00:16:48)We have to test models when unruly and unconstrained (00:25:57)Each 7 months models can do tasks twice as long (00:30:40)METR's research finds AIs are solid at AI research already (00:49:33)AI may turn out to be strong at novel and creative research (00:55:53)When can we expect an algorithmic 'intelligence explosion'? (00:59:11)Recursively self-improving AI might even be here in two years — which is alarming (01:05:02)Could evaluations backfire by increasing AI hype and racing? (01:11:36)Governments first ignore new risks, but can overreact once they arrive (01:26:38)Do we need external auditors doing AI safety tests, not just the companies themselves? (01:35:10)A case against safety-focused people working at frontier AI companies (01:48:44)The new, more dire situation has forced changes to METR's strategy (02:02:29)AI companies are being locally reasonable, but globally reckless (02:10:31)Overrated: Interpretability research (02:15:11)Underrated: Developing more narrow AIs (02:17:01)Underrated: Helping humans judge confusing model outputs (02:23:36)Overrated: Major AI companies' contributions to safety research (02:25:52)Could we have a science of translating AI models' nonhuman language or neuralese? (02:29:24)Could we ban using AI to enhance AI, or is that just naive? (02:31:47)Open-weighting models is often good, and Beth has changed her attitude to it (02:37:52)What we can learn about AGI from the nuclear arms race (02:42:25)Infosec is so bad that no models are truly closed-weight models (02:57:24)AI is more like bioweapons because it undermines the leading power (03:02:02)What METR can do best that others can't (03:12:09)What METR isn't doing that other people have to step up and do (03:27:07)What research METR plans to do next (03:32:09)This episode was originally recorded on February 17, 2025.Video editing: Luke Monsour and Simon MonsourAudio engineering: Ben Cordell, Milo McGuire, Simon Monsour, and Dominic ArmstrongMusic: Ben CordellTranscriptions and web: Katy Moore
SAN FRANCISCO — RSA Conference 2025 "Sixty percent of the attacks we're tracking target low-profile vulnerabilities—things like privilege escalation and security bypasses, not the headline-making zero days," says Douglas McKee, Executive Director of Threat Research at SonicWall. Speaking live from the show floor at RSA 2025, McKee outlined how SonicWall is helping partners prioritize threats that are actually being exploited, not just those getting attention. In a fast-paced conversation with Technology Reseller News publisher Doug Green, McKee unveiled SonicWall's upcoming Managed Prevention Security Services (MPSS). The offering is designed to help reduce misconfigurations—a leading cause of breaches—by assisting with firewall patching and configuration validation. SonicWall is also collaborating with CySurance to package cyber insurance into this new managed service, providing peace of mind and operational relief to MSPs and customers alike. “Over 95% of the incidents we see are due to human error,” McKee noted. “With MPSS, we're stepping in as a partner to reduce that risk.” McKee also previewed an upcoming threat brief focused on Microsoft vulnerabilities, revealing an 11% year-over-year increase in attacks. Despite attention on high-profile CVEs, SonicWall's data shows attackers often rely on under-the-radar vulnerabilities with lower CVSS scores. For MSPs, McKee shared a stark warning: nearly 50% of the organizations SonicWall monitors are still vulnerable to decade-old exploits like Log4j and Heartbleed. SonicWall's telemetry-driven insights allow MSPs to focus remediation on widespread, high-impact threats. SonicWall's transformation from a firewall vendor to a full-spectrum cybersecurity provider was on display at RSA Booth #6353 (North Hall), where the company showcased its SonicSensory MDR, cloud offerings, and threat intelligence. "We've evolved into a complete cybersecurity partner," McKee said. "Whether it's in the cloud or on-prem, we're helping MSPs and enterprises defend smarter." Visitors to the SonicWall booth were treated to live presentations and fresh coffee—while those not attending can explore SonicWall's insights, including its February 2024 Threat Report and upcoming threat briefs, at www.sonicwall.com.
Red models associated with AI technologies highlight real-world vulnerabilities and the importance of proactive security measures. It is vital to educate users about how to explore the challenges and keep AI systems secure. Today's guest is Dr. Aditya Sood. Dr. Sood is the VP of Security Engineering and AI Strategy at Aryaka and is a security practitioner, researcher, and consultant with more than 16 years of experience. He obtained his PhD in computer science from Michigan State University and has authored several papers for various magazines and journals. In this conversation, he will shed light on AI-driven threats, supply chain risks, and practical ways organizations can stay protected in an ever-changing environment. Get ready to learn how the latest innovations and evolving attack surfaces affect everyone from large companies to everyday users, and why a proactive mindset is key to staying ahead. Show Notes: [01:02] Dr. Sood has been working in the security industry for the last 17 years. He has a PhD from Michigan State University. Prior to Aryaka, he was a Senior Director of Threat Research and Security Strategy for the Office of the CTO at F5. [02:57] We discuss how security issues with AI are on the rise because of the recent popularity and increased use of AI. [04:18] The large amounts of data are convoluting how things are understood, the complexity is rising, and the threat model is changing. [05:14] We talk about the different AI attacks that are being encountered and how AI can be used to defend against these attacks. [06:00] Pre-trained models can contain vulnerabilities. [07:01] AI drift or model or concept drift is when data in the training sets is not updated. The data can be used in a different way. AI hallucinations also can create false output. [08:46] Dr. Sood explains several types of attacks that malicious actors are using. [10:07] Prompt injections are also a risk. [12:13] We learn about the injection mapping strategy. [13:54] We discuss the possibilities of using AI as a tool to bypass its own guardrails. [15:18] It's an arms race using AI to attack Ai and using AI to secure AI. [16:01] We discuss AI workload analysis. This helps to understand the way AI processes. This helps see the authorization boundary and the security controls that need to be enforced. [17:48] Being aware of the shadow AI running in the background. [19:38] Challenges around corporations having the right security people in place to understand and fight vulnerabilities. [20:55] There is risk with the data going to the cloud through the LLM interface. [21:47] Dr. Sood breaks down the concept of shadow AI. [23:50] There are also risks for consumers using AI. [29:39] The concept of Black Box AI models and bias being built into the particular AI. [33:45] The issue of the ground set of truth and how the models are trained. [37:09] It's a balancing act when thinking about the ground set of truth for data. [39:08] Dr. Sood shares an example from when he was researching for his book. [39:51] Using the push and pretend technique to trick AI into bypassing guardrails. [42:51] We talk about the dangers of using APIs that aren't secure. [43:58] The importance of understanding the entire AI ecosystem. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Aditya K Sood Aditya K Sood - LinkedIn Aditya K Sood - X Aryaka COMBATING CYBERATTACKS TARGETING THE AI ECOSYSTEM: Assessing Threats, Risks, and Vulnerabilities Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks Empirical Cloud Security: Practical Intelligence to Evaluate Risks and Attacks
We thought you might enjoy this episode of Threat Vector podcast from the N2K CyberWIre network as we continue our observance of Women's History Month. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. In this special Women's History Month episode of Threat Vector, host David Moulton speaks with four trailblazing women in cybersecurity who are shaping the industry: Kristy Friedrichs, Chief Partnerships Officer; Tanya Shastri, SVP of Product Management; Sama Manchanda, Consultant at Unit 42; and Stephanie Regan, Principal Technical Architect at Unit 42. They share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship. From AI-driven security to digital forensics, these women have made a lasting impact. Tune in to hear their advice for the next generation and why cybersecurity remains one of the most exciting and dynamic fields to be in today. Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/ Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @paloaltonetworks Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices
MWC25 has wrapped up – an annual convention about connectivity and mobility -- and so I'll play an interview with AT&T's John Wojewoda, Head of Global Roaming and Satellite, about the near future of using your smart phone to communicate over satellite when you can't reach cell towers (even video calls)Also from Barcelona, we learn all about HONOR's ambitious AI-related announcements, when I sit down with Matt Swider, Founder and Editor in Chief of The Shortcut, the no. 1 consumer tech Substack with more than a million followersIt's tax time, and so McAfee's Abhishek Karnik, Head of Threat Research, chats with me about the latest tax scam research and how to fight backThank you to Visa and SanDisk for your partnership on Tech It Out
While we are taking a publishing break to observe Washington's Birthday here in the United States, enjoy this primer on how to create a podcast from our partners at Palo Alto Networks direct from the CyberMarketingCon 2024. Podcasts have become vital tools for sharing knowledge and insights, particularly in technical fields like cybersecurity. "Threat Vector," led by David Moulton, serves as an essential guide through the complex landscape of cyber threats, offering expert interviews and in-depth analysis. In this session, David will discuss the process behind creating "Threat Vector," highlighting the challenges and rewards of developing a podcast that resonates with industry experts. Attendees will learn about the foundational elements of podcasting, from initial concept development to content creation and audience engagement. David's approach integrates his extensive background in storytelling, design, and strategic marketing, enabling him to tackle intricate cybersecurity topics and make them accessible to a broad audience. This session will dive into how to present intricate cybersecurity topics in an accessible and engaging manner and explore various techniques for producing compelling content and effective strategies for promoting a podcast to a wider audience. Join David and guest host David J. Ebner of Content Workshop for an informative discussion on using podcasts as a medium for education and influence in the cybersecurity field. This session is ideal for anyone interested in starting a podcast or enhancing their approach to cybersecurity communication. Join the conversation on our social media channels: Website: http://www.paloaltonetworks.com Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/palo-alto-networks/ YouTube: @paloaltonetworks Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Kevin O'Connor is the Director of Threat Research at Adlumin. In this episode, he joins host Heather Engel to explore the cybersecurity landscape for 2025, including the emerging threats that organizations must be ready to face, from advanced ransomware tactics to AI-driven attacks. Cyber Tide is a Cybercrime Magazine podcast series brought to you by Adlumin. Working to revolutionize the way organizations secure sensitive data, Adlumin finds the newest cracks being exploited and shines a light on correcting the issue in real-time, with expert guidance. To learn more about our sponsor, visit https://adlumin.com
DOGE's unchecked access to federal networks sparks major cybersecurity fears. Senator Hawley's AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users' data. North Korean ‘FlexibleFerret' malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security risks. On our Threat Vector segment, David Moulton and his guests look at the potential dangers of DeepSeek. U.S. Government is quietly altering the Head Start database. And a moment of inspiration from a spacefaring poet. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Artificial intelligence is advancing fast, but with innovation comes risk. In this segment of Threat Vector, host David Moulton sits down with Sam Rubin, SVP of Consulting and Threat Intelligence at Unit 42, and Kyle Wilhoit, Director of Threat Research, to explore the vulnerabilities of DeepSeek, a new large language model. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday. Selected Reading Musk's DOGE effort could spread malware, expose US systems to threat actors (CSO Online) As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts say (The Record) Senator Hawley Proposes Jail Time for People Who Download DeepSeek (404 Media) Apple Service Ticket portal Vulnerability Exposes Millions of Users Data (Cyber Security News) N. Korean ‘FlexibleFerret' Malware Hits macOS with Fake Zoom, Job Scams (Hackread) Google fixes Android kernel zero-day exploited in attacks (Bleeping Computer) GrubHub Data Breach - Customers Phone Numbers Exposed (Cyber Security News) Here's all the ways an abandoned cloud instance can cause security issues (CyberScoop) Texas to Establish Cyber Command Amid “Dramatic” Rise in Attacks (Infosecurity Magazine) Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System (Cyber Security News) ‘Forbidden Words': Github Reveals How Software Engineers Are Purging Federal Databases (404 Media) T-Minus Deep Space: Inspiration4 with Dr. Sian “Leo” Proctor. (T-Minus Deep Space podcast) Dr. Sian Proctor got her ticket to space after being selected for her poetry (Instagram) 2025 SpaceCom: Interview with Dr. Sian Proctor (YouTube) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year's event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.The Growth of Zero Trust WorldNow in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company's own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.What to Expect: Hands-On Learning and Key DiscussionsOne of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker's perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there's something to gain from these hands-on labs.High-Profile Speakers and Industry InsightsBeyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.Networking, Certification, and MoreZero Trust World isn't just about education—it's also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.A Unique Capture the Flag ChallengeFor those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event's commitment to real-world application of cybersecurity techniques.Join the ConversationWith so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.Whether you're looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you're attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year's event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.The Growth of Zero Trust WorldNow in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company's own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.What to Expect: Hands-On Learning and Key DiscussionsOne of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker's perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there's something to gain from these hands-on labs.High-Profile Speakers and Industry InsightsBeyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.Networking, Certification, and MoreZero Trust World isn't just about education—it's also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.A Unique Capture the Flag ChallengeFor those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event's commitment to real-world application of cybersecurity techniques.Join the ConversationWith so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.Whether you're looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you're attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
DeepSeek blames DDoS for recent outages. Hackers behind last year's AT&T data breach targeted members of the Trump family, Kamala Harris, and Marco Rubio's wife.The EU sanctions Russians for cyberattacks against Estonia. ENGlobal confirms personal information was taken in last year's ransomware attack. CISA issues a critical warning about a SonicWall vulnerability actively exploited. A large-scale phishing campaign exploits users' trust in PDF files and the USPS. Apple patches a zero-day affecting many of their products. A ransomware attack on an Ohio-based operator of skilled nursing and rehabilitation facilities affects over 70,000. President Trump has a tumultuous first week back in office. Our guest is Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. A nonprofit aims to clean up the AI industry's mess. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. Check out Bitdefender's research on the topic here. Selected Reading DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge (SecurityWeek) DeepSeek FAQ (Stratechery) We tried out DeepSeek. It worked well, until we asked it about Tiananmen Square and Taiwan (The Guardian) Hackers Mined AT&T Breach for Data on Trump's Family, Kamala Harris (404 Media) European Union Sanctions Russian Nationals for Hacking Estonia (SecurityWeek) ENGlobal Says Personal Information Accessed in Ransomware Attack (SecurityWeek) CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild (Cyber Security News) Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam (Security Boulevard) Amazon Prime Security Warning As Hackers Strike—What You Need To Know (Forbes) Apple plugs exploited security hole in iOS, updates macOS (The Register) Nursing Home, Rehab Chain Says Hack Affects Nearly 70,000 (GovInfo Security) A Tumultuous Week for Federal Cybersecurity Efforts (Krebs on Security) Initiative Aims to Enable Ethical Coding LLMs (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Ismael Valenzuela, VP of Threat Research & Intelligence, and Jacob Faires, Principal Threat Researcher, from Blackberry discussing the team's work on "LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign." In April 2024, BlackBerry uncovered a significant evolution of the LightSpy malware campaign, attributed to Chinese cyber-espionage group APT41. The newly introduced DeepData framework, a modular Windows-based surveillance tool, expands data theft capabilities with 12 specialized plugins for tasks like communication surveillance, credential theft, and system intelligence gathering. The campaign targets a wide range of communication platforms, including WhatsApp, Signal, and WeChat, with advanced techniques for monitoring and stealing sensitive information from victims across the Asia-Pacific region. The research can be found here: LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Ismael Valenzuela, VP of Threat Research & Intelligence, and Jacob Faires, Principal Threat Researcher, from Blackberry discussing the team's work on "LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign." In April 2024, BlackBerry uncovered a significant evolution of the LightSpy malware campaign, attributed to Chinese cyber-espionage group APT41. The newly introduced DeepData framework, a modular Windows-based surveillance tool, expands data theft capabilities with 12 specialized plugins for tasks like communication surveillance, credential theft, and system intelligence gathering. The campaign targets a wide range of communication platforms, including WhatsApp, Signal, and WeChat, with advanced techniques for monitoring and stealing sensitive information from victims across the Asia-Pacific region. The research can be found here: LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, Threat Vector by Palo Alto Networks. See you in 2025! Announcement: We are pleased to share an exciting announcement about Cortex XDR at the top of our show. You can learn more here. Check out our episode on "Cyber Espionage and Financial Crime: North Korea's Double Threat" with Assaf Dahan, Director of Threat Research at Palo Alto Networks Cortex team. Join host David Moulton on Threat Vector, as he dives deep into the rapidly evolving XDR landscape with Allie Mellen, Principal Analyst at Forrester. With expertise in security operations, nation-state threats, and the application of AI in security, Allie offers an inside look at how XDR is reshaping threat detection and response. From tackling the SIEM market's current challenges to optimizing detection engineering, Allie provides invaluable insights into the people, processes, and tools central to an effective SOC. This episode offers listeners a thoughtful exploration of how to navigate today's complex threat landscape and separate XDR hype from reality. Perfect for cybersecurity professionals looking to stay ahead in the field, tune in to hear expert perspectives on the next steps in cybersecurity resilience. Ready to go deeper? Join Josh Costa, Director of Product Marketing, Allie Mellen, Principal Analyst at Forrester and David Moulton, Director of Content and Thought Leadership for Unit 42 as they discuss the State of XDR https://start.paloaltonetworks.com/State-of-XDR-with-Forrester. Join the conversation on our social media channels: Website: http://www.paloaltonetworks.com Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/palo-alto-networks/ YouTube: @paloaltonetworks Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices
Pundits predict Trump will overhaul U.S. cybersecurity policy. Experts examine escalating cybersecurity threats facing the U.S. energy sector. Palo Alto Networks patches a pair of zero-days. Akira and SafePay ransomware groups claim dozens of new victims. A major pharmacy group is pressured to pay a $1.3 million ransomware installment. Threat actors are exploiting Spotify playlists and podcasts. An alleged Phobos ransomware admin has been extradited to the U.S. Rapper “Razzlekhan” gets 18 months in prison for her part in the Bitfinex cryptocurrency hack. On today's Threat Vector, David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks' Cortex team, about the rising cyber threat from North Korea. Swiss scammers send snail mail. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On this segment of Threat Vector, host David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks' Cortex team, about the rising cyber threat from North Korea. To hear the full conversation between David and Assaf, listen to Cyber Espionage and Financial Crime: North Korea's Double Threat, and catch new episodes of Threat Vector every Thursday on your favorite podcast app! Selected Reading More Spyware, Fewer Rules: What Trump's Return Means for US Cybersecurity (WIRED) How to remove the cybersecurity gridlock from the nation's energy lifelines (CyberScoop) Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek (SecurityWeek) SafePay ransomware: Obscure group uses LockBit builder, claims 22 victims (SC Media) Akira Ransomware Drops 30 Victims on Leak Site in One Day (SecurityWeek) Gang Shaking Down Pharmacy Group for Second Ransom Payment (GovInfo Security) Spotify abused to promote pirated software and game cheats (Bleeping Computer) Suspected Phobos Ransomware Admin Extradited to US (Infosecurity Magazine) Heather ‘Razzlekhan' Morgan sentenced to 18 months in prison, ending Bitfinex saga (The Record) Now Hackers Are Using Snail Mail In Cyber Attacks—Here's How (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, Chris is joined by Gregory Richardson, Vice President and Global Advisory CISO at BlackBerry, and Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry. They address how AI is changing the threat landscape, why human defenders remain a key part of our cyber defenses, and the explain the AI standoff between cyber threat actors and cyber defenders.
This week, Chris is joined by Gregory Richardson, Vice President and Global Advisory CISO at BlackBerry, and Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry. They address how AI is changing the threat landscape, why human defenders remain a key part of our cyber defenses, and the explain the AI standoff between cyber threat actors and cyber defenders.
This week we are joined by Chester Wisniewski, Global Field CTO from Sophos X-Ops team, to discuss their work on "Crimson Palace returns: New Tools, Tactics, and Targets." Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace, targeting Southeast Asian government organizations. After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold. The research can be found here: Crimson Palace returns: New Tools, Tactics, and Targets Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of Trust Issues, host David Puner welcomes back Lavi Lazarovitz, Vice President of Cyber Research at CyberArk Labs, for a discussion covering the latest developments in generative AI and the emerging cyberthreats associated with it. Lavi shares insights on how machine identities are becoming prime targets for threat actors and discusses the innovative research being conducted by CyberArk Labs to understand and mitigate these risks. The conversation also touches on the concept of responsible AI and the importance of building secure AI systems. Tune in to learn about the fascinating world of AI security and the cutting-edge techniques used to protect against AI-driven cyberattacks.
Google and iVerify clash over the security implications of an Android app. CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk. Ransomware attacks targeting industrial sectors surge. Microsoft is rolling out mandatory MFA for Azure. Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors. A popular flight tracking website exposes users' personal and professional information. San Francisco goes after websites generating deepfake nudes. Daniel Blackford, Director of Threat Research at Proofpoint, joins us to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Scammers Use Google to Scam Google. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Daniel Blackford, Director of Threat Research at Proofpoint, joined us while he was out at Black Hat to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states. Selected Reading Google to remove app from Pixel devices following claims that it made phones vulnerable (The Record) Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App (WIRED) SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day (SecurityWeek) Microsoft Mandates MFA for All Azure Sign-Ins (Infosecurity Magazine) New Banshee Stealer macOS Malware Priced at $3,000 Per Month (SecurityWeek) Dragos reports resurgence of ransomware attacks on industrial sectors, raising likelihood of targeting OT networks (Industrial Cyber) CISA Releases Eleven Industrial Control Systems Advisories (CISA) FlightAware Exposed Pilots' and Users' Info (404 Media) AI-powered ‘undressing' websites are getting sued (The Verge) Dozens of Google products targeted by scammers via malicious search ads (Malwarebytes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: AXRP Episode 34 - AI Evaluations with Beth Barnes, published by DanielFilan on July 28, 2024 on The AI Alignment Forum. YouTube link How can we figure out if AIs are capable enough to pose a threat to humans? When should we make a big effort to mitigate risks of catastrophic AI misbehaviour? In this episode, I chat with Beth Barnes, founder of and head of research at METR, about these questions and more. Topics we discuss: What is METR? What is an "eval"? How good are evals? Are models showing their full capabilities? Evaluating alignment Existential safety methodology Threat models and capability buffers METR's policy work METR's relationship with labs Related research Roles at METR, and following METR's work Daniel Filan: Hello everybody. In this episode I'll be speaking with Beth Barnes. Beth is the co-founder and head of research at METR. Previously, she was at OpenAI and DeepMind, doing a diverse set of things, including testing AI safety by debate and evaluating cutting-edge machine learning models. In the description, there are links to research and writings that we discussed during the episode. And if you're interested in a transcript, it's available at axrp.net. Well, welcome to AXRP. Beth Barnes: Hey, great to be here. What is METR? Daniel Filan: Cool. So, in the introduction, I mentioned that you worked for Model Evaluation and Threat Research, or METR. What is METR? Beth Barnes: Yeah, so basically, the basic mission is: have the world not be taken by surprise by dangerous AI stuff happening. So, we do threat modeling and eval creation, currently mostly around capabilities evaluation, but we're interested in whatever evaluation it is that is most load-bearing for why we think AI systems are safe. With current models, that's capabilities evaluations; in future that might be more like control or alignment evaluations. And yeah, [the aim is to] try and do good science there, be able to recommend, "Hey, we think if you measure this, then you can rule out these things. You might be still concerned about this thing. Here's how you do this measurement properly. Here's what assumptions you need to make," this kind of thing. Daniel Filan: Gotcha. So, mostly evaluations. But it sounded like there was some other stuff as well, like threat modeling you mentioned. Beth Barnes: Yeah. We also do policy work recommending things in the direction of responsible scaling policies. So, saying what mitigations are needed based on the results of different evaluations and roughly how labs or governments might construct policies around this, how evals-based governance should work roughly. Daniel Filan: Okay. So, should I think of it as roughly like: you're an evaluations org, you want to evaluate AIs, there's some amount of threat modeling which goes into "what evaluations should we even care about making?", there's some amount of policy work on the other end [about] "okay, if we do this evaluation, how should people think about that? What should people do?" And it's sort of inputs to and outputs of making of evals. Is that a fair…? Beth Barnes: Yeah. What is an "eval"? Daniel Filan: Cool. So, if it centers around evals, what counts as an evaluation rather than a benchmark or some other ML technique that spits out a number at the end? Beth Barnes: Yeah, I mean I guess the word itself isn't that important. What we're trying to do is that: we have specific threat models in mind and we're trying to construct some kind of experiment you could do, a measurement you could run, that gives you as much information as possible about that threat model or class of threat models. Generic ML benchmarks don't necessarily have a specific goal for what you're measuring, or you might have a goal for measuring something that's more like a particular type of abstract ability or something. Whereas we'...
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber's Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene's VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity. [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices
Ismael Valenzuela, Vice President Threat Research & Intelligence, from Blackberry Threat Research and Intelligence team is discussing their work on "Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages." BlackBerry has identified Transparent Tribe (APT36), a Pakistani-based advanced persistent threat group, targeting India's government, defense, and aerospace sectors from late 2023 to April 2024, using evolving toolkits and exploiting web services like Telegram and Google Drive. Evidence such as time zone settings and spear-phishing emails with Pakistani IP addresses supports their attribution, suggesting alignment with Pakistan's interests. The research can be found here: Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages Learn more about your ad choices. Visit megaphone.fm/adchoices
Ismael Valenzuela, Vice President Threat Research & Intelligence, from Blackberry Threat Research and Intelligence team is discussing their work on "Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages." BlackBerry has identified Transparent Tribe (APT36), a Pakistani-based advanced persistent threat group, targeting India's government, defense, and aerospace sectors from late 2023 to April 2024, using evolving toolkits and exploiting web services like Telegram and Google Drive. Evidence such as time zone settings and spear-phishing emails with Pakistani IP addresses supports their attribution, suggesting alignment with Pakistan's interests. The research can be found here: Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages Learn more about your ad choices. Visit megaphone.fm/adchoices
Amit Malik, Director of Threat Research at Uptycs, is sharing their work on "New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware." The Uptycs Threat Research Team has discovered a large-scale Log4j campaign involving over 1700 IPs, aiming to deploy XMRig cryptominer malware. This ongoing operation was initially detected through the team's honeypot collection, prompting an in-depth analysis of the campaign. The research says "The JNDI plugin is particularly useful to attackers because it allows them not only to fetch the values of environment variables in the target system but also to freely define the URL and protocol resource for the JNDI network connection." The research can be found here: New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware
Amit Malik, Director of Threat Research at Uptycs, is sharing their work on "New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware." The Uptycs Threat Research Team has discovered a large-scale Log4j campaign involving over 1700 IPs, aiming to deploy XMRig cryptominer malware. This ongoing operation was initially detected through the team's honeypot collection, prompting an in-depth analysis of the campaign. The research says "The JNDI plugin is particularly useful to attackers because it allows them not only to fetch the values of environment variables in the target system but also to freely define the URL and protocol resource for the JNDI network connection." The research can be found here: New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware Learn more about your ad choices. Visit megaphone.fm/adchoices
Episode Topic: Welcome to an insightful episode of PayPod. We get into the evolving landscape of fraud prevention and cybersecurity with Armen Najarian, the Chief Marketing Officer of Sift. The conversation delves into Armen's unique career journey, from opening a coffee shop to becoming a key player in the tech world. They explore how Sift uses AI-powered technology to combat the impact of blockchain technology and online fraud prevention on the industry. Armen shares insights on various types of fraud, including social engineering attacks like pig butchering and romance scams, and how businesses can protect themselves and their customers. Lessons You'll Learn: Listeners will gain a comprehensive understanding of the latest trends and challenges in fraud prevention. Armen Najarian discusses the importance of scalability in fraud detection and how adaptive machine-learning models help keep up with evolving threats. He also highlights the role of blockchain technology in fraud prevention, emphasizing its potential to enhance transparency and trust in financial transactions. Additionally, Armen offers practical advice for consumers on protecting their personal data and maintaining good cybersecurity hygiene. This episode provides valuable knowledge for both industry professionals and everyday users looking to stay informed about cybersecurity and fraud prevention. About Our Guest: Armen Najarian is the Chief Marketing Officer of Sift, a leading company in AI-powered fraud prevention. With a diverse background that includes accounting, entrepreneurship, and a successful transition into the tech industry, Armen brings a wealth of experience to the conversation. At Sift, he oversees marketing and also holds the title of GM of Threat Research, a role that combines his expertise in marketing with his passion for cybersecurity. Armen's journey from running a coffee shop to leading efforts in fraud prevention is both inspiring and informative, offering listeners a unique perspective on the importance of adaptability and continuous learning in one's career. Topics Covered: The episode covers a range of topics, including the significance of blockchain technology and fraud prevention in today's digital landscape. Armen Najarian explains how Sift uses AI and machine learning to detect and prevent fraudulent activities in real time. The discussion also touches on the various forms of social engineering attacks, such as pig butchering and romance scams, highlighting the sophisticated methods used by fraudsters. Other topics include the importance of consumer awareness and the growing need for skilled professionals in the cybersecurity field.
Douglas McKee, Executive Director, Threat Research at SonicWall, recently evaluated the company's telemetry data and found the most widespread network attacks to small businesses (SMBs) today are older vulnerabilities. In light of this data, prioritization is a critically important factor for today's CISOs who are asked to manage and prioritize risk. In this podcast, Douglas will talk about: The Top 5 threats impacting SMBs today and how old they are The methodology used to assemble this data How to prioritize those threats The importance of ongoing patch management The tactics used by attackers How SMBs can better utilize MSPs to help develop a better security posture About SonicWall Capture Labs SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time. About SonicWall SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks Unit 42's Threat Vector podcast featuring host David Moulton's discussion with Jacqueline Wudyka about the SEC's Cybersecurity Law. In this episode of Threat Vector, we dive deep into the new SEC cybersecurity regulations that reshape how public companies handle cyber risks. Legal expert and Unit 42 Consultant Jacqueline Wudyka brings a unique perspective on the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape. Whether you're a cybersecurity professional, legal expert, or just keen on understanding the latest in cyber law, this episode is packed with insights and strategies for navigating this new terrain. Tune in to stay ahead in the world of cybersecurity compliance! If you're interested to learn more about Unit 42's world-class visit https://www.paloaltonetworks.com/unit42 Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/unit42 Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @PaloAltoNetworksUnit42 Twitter: https://twitter.com/PaloAltoNtwks Learn more about your ad choices. Visit megaphone.fm/adchoices
In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks' Unit 42 podcast, Threat Vector, featuring David Moulton's discussion with Wendi Whitmore about the evolving threat landscape. In this conversation, David Moulton from Unit 42 discusses the evolving threat landscape with Wendi Whitmore, SVP of Unit 42. Wendi highlights the increasing scale, sophistication, and speed of cyberattacks, with examples like the recent Clop ransomware incident, and emphasizes that attackers, including nation-state actors and cybercriminals, are leveraging AI, particularly generative AI, to operate faster and more effectively, especially in social engineering tactics. To protect against these threats, businesses must focus on speed of response, automated integration of security tools, and operationalized capabilities and processes. The conversation underscores the importance of staying vigilant and leveraging technology to defend against the rapidly changing threat landscape. Theat Group Assessments https://unit42.paloaltonetworks.com/category/threat-briefs-assessments/ Please share your thoughts with us for future Threat Vector segments by taking our brief survey. Join the conversation on our social media channels: Website: https://www.paloaltonetworks.com/unit42 Threat Research: https://unit42.paloaltonetworks.com/ Facebook: https://www.facebook.com/LifeatPaloAltoNetworks/ LinkedIn: https://www.linkedin.com/company/unit42/ YouTube: @PaloAltoNetworksUnit42 Twitter: https://twitter.com/PaloAltoNtwks About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42's unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com
In this sponsored standalone episode I speak with Ismael Valenzuela, VP of Threat Research and Intelligence at Blackberry Cylance. We discuss: Modern Threat Intelligence The shifting attention of attackers GenAI attacks How defenders are adapting to AI attacks And many other topics Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Fun fact: There are more vulnerabilities and exploits below the OS layer than above it! CPUs, BIOS, Firmware, embedded Linux, FPGAs, UEFI, PXE... The list goes on an on. What are we supposed to do about that? Allan asked Yuriy to come down to the 'Ranch to discuss this issue with him. Yuriy is CEO at Eclypsium, member of the Forbes Technology Counsel, Founder of the open source CHIPSEC project, former head of Threat Research at McAfee, form Senior Principle Engineer at Intel… He is uniquely qualified to discuss these issues. Full DISCLAIMER: Allan is CISO at Eclypsium. Note that he asked Yuriy to come on the show, not the other way around. Nobody knows this space like Yuriy and his team. Allan asks Yuriy about: The history of CPU exploits Unauthorized code in chips in network gear The various hacks available at this layer The role of SBOM in all this The open source CHIPSEC project It's an eye-opening show to say the least. Y'all be good now!
The current state of cybersecurity and the looming threats warrant serious attention. In this Brand Story episode of "Reflections from 2023", Nadav Avital, Head of Threat Research at Imperva, sheds intriguing light on this cyber landscape.Avital outlines prominent threats of 2023, highlighting the prevalence of distinct attacks such as supply chain and distributed denial of service attacks, and business logic attacks. He emphasizes that, to navigate the evolving threat landscape effectively, it is vital to look backward to look forward.Cyberattacks have presented consequential impacts on organizations, from monetary losses to operational disruption, and even reputational damage. For instance, Avital mentions how ransomware attacks and denial of service attacks have left businesses grappling with restoring systems, ransom payments and downtime, citing examples from real-life scenarios drawn from his observations.Imperva's Threat Research team takes on the monumental task of monitoring, analyzing, and protecting against these cyber threats. They utilize open-source intelligence, deep web resources and data from deployed sensors and customer networks. This multifaceted intelligence gets productized and integrated into Imperva's solutions, ensuring customers can focus on their businesses rather than worrying about cyber threats.However, the battle against cyber threats extends beyond just protective measures. Raising awareness through communication plays a crucial role in helping the broader business and cybersecurity community understand and tackle these threats. The sharing of research findings through various channels such as blogs, newsletters and reports, helps impart invaluable knowledge, equipping readers with the necessary context and understanding of the evolving threat landscape.Imperva's forward-thinking approach in harnessing different intelligence resources to create protective solutions demonstrates their unrivaled expertise in the realm of cybersecurity. As Avital pointed out, it's not solely about using advanced techniques for quality attacks but also about creatively using existing ones.As cyber threats continue to evolve, it's paramount for organizations and cybersecurity professionals to stay abreast of these trends. Resources and research made available by teams like Imperva's Threat Research serve as a goldmine of intelligence information commanding our attention. Make cybersecurity a priority, leverage resources at your disposal and stay a step ahead of threats. Connect with the Imperva Threat Research team and be part of their mission to secure cyberspace. Imperva's journey into innovations and solutions is one worth following and learning from as we continue moving forward in this cyber landscape. Note: This story contains promotional content. Learn more.Guest: Nadav Avital, Head of Threat Research at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/nadav-avital-a508244/On YouTube | https://www.youtube.com/channel/UCH5blYEvvzUcWD7ApRVP9YgResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Threat Research: https://www.imperva.com/cyber-threat-index/threat-research/Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The current state of cybersecurity and the looming threats warrant serious attention. In this Brand Story episode of "Reflections from 2023", Nadav Avital, Head of Threat Research at Imperva, sheds intriguing light on this cyber landscape.Avital outlines prominent threats of 2023, highlighting the prevalence of distinct attacks such as supply chain and distributed denial of service attacks, and business logic attacks. He emphasizes that, to navigate the evolving threat landscape effectively, it is vital to look backward to look forward.Cyberattacks have presented consequential impacts on organizations, from monetary losses to operational disruption, and even reputational damage. For instance, Avital mentions how ransomware attacks and denial of service attacks have left businesses grappling with restoring systems, ransom payments and downtime, citing examples from real-life scenarios drawn from his observations.Imperva's Threat Research team takes on the monumental task of monitoring, analyzing, and protecting against these cyber threats. They utilize open-source intelligence, deep web resources and data from deployed sensors and customer networks. This multifaceted intelligence gets productized and integrated into Imperva's solutions, ensuring customers can focus on their businesses rather than worrying about cyber threats.However, the battle against cyber threats extends beyond just protective measures. Raising awareness through communication plays a crucial role in helping the broader business and cybersecurity community understand and tackle these threats. The sharing of research findings through various channels such as blogs, newsletters and reports, helps impart invaluable knowledge, equipping readers with the necessary context and understanding of the evolving threat landscape.Imperva's forward-thinking approach in harnessing different intelligence resources to create protective solutions demonstrates their unrivaled expertise in the realm of cybersecurity. As Avital pointed out, it's not solely about using advanced techniques for quality attacks but also about creatively using existing ones.As cyber threats continue to evolve, it's paramount for organizations and cybersecurity professionals to stay abreast of these trends. Resources and research made available by teams like Imperva's Threat Research serve as a goldmine of intelligence information commanding our attention. Make cybersecurity a priority, leverage resources at your disposal and stay a step ahead of threats. Connect with the Imperva Threat Research team and be part of their mission to secure cyberspace. Imperva's journey into innovations and solutions is one worth following and learning from as we continue moving forward in this cyber landscape. Note: This story contains promotional content. Learn more.Guest: Nadav Avital, Head of Threat Research at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/nadav-avital-a508244/On YouTube | https://www.youtube.com/channel/UCH5blYEvvzUcWD7ApRVP9YgResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Threat Research: https://www.imperva.com/cyber-threat-index/threat-research/Catch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
As we approach the next season, threat actors will be keeping a close eye on dating apps. These apps have become a prime target for threat actors due to the size of the market expanding to over 300 million users and the rich information stored in these apps. Today's guests are Jason Kent and Will Glazier. Jason is a hacker-in-residence at Cequence Security. He has a diverse information security, networking, and IT background and a generous level of knowledge for most pieces of the IT spectrum including firewalls, security architecture, security controls, and security infrastructure. Will Glazier is the Head of Threat Research at Cequence Security where they protect some of the world's largest brands from sophisticated bot attacks and threats against the public facing APIs. Will has a background in fraud abuse and prevention as well as building threat intelligence systems. Show Notes: [1:18] - Jason and Will share their backgrounds and current roles at Cequence Security. [5:24] - As common as scams and fraud are, even Jason and Will have personal experience with them. [7:39] - Dating app attacks are particularly hard because they prey on vulnerable people. There are so many cases, that there should not be shame around talking about it. [9:32] - The first red flag is when someone you are talking to on a dating app tries to get you over to texting or another app. [11:37] - In any given month, the amount of malicious API transactions that Cequence is blocking is in the billions. [13:52] - Fake accounts are constantly made but not as heavily used as taken over accounts. [16:08] - Scammers are now paying for premium accounts to appear more legitimate and the investment pays off when they scam someone. [18:11] - There are tools people can buy to make all accounts look real through automation. [19:29] - It is essential that people in a fraud department can trust the information and push it out to Cequence. [22:04] - Some organizations will pay a ransom to decrease the time wasted and money lost. In their eyes, the money lost to pay the ransom isn't as much. [26:11] - Margins are getting tighter for the bad guys. [30:31] - The infrastructure that scammers use varies. There are some that are really well known at Cequence and some that are more difficult. [32:51] - It is easier to take out one big player than to take out hundreds of small ones. [36:03] - There are human and political pressures that make things more challenging for security. [38:07] - Romance scammers are employing new tactics and switching them up. [39:48] - If you put too much trust in the platform that it makes you trust the random person you're talking to, take a step back. [42:40] - Take a look online for things that have been done by scammers historically, especially if you are new to dating apps. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Cequence Security Website
In this episode, Host Ron Eddings, discusses new tactics of adversaries with Director of Threat Research at Sysdig, Michael Clark. Michael digs into the cloud and shares trends about the AMBERSQUID operation and how to protect yourself from potential container-based threats. Impactful Moments 00:00 - Welcome 01:20 - Introducing guest Michael Clark 03:09 - Finding AMBERSQUID 06:46 - Mining and Monitoring AWS Services 10:47 - Defending Against AMBERSQUID 14:03 - The Speed of Container-Based Threats 18:13 - The Costs of Freejacking 23:08 - Attribution & The Future Threat 26:30 - CIEMs Like You Have Secrets Links: Connect with Michael Clark: https://www.linkedin.com/in/michaelclarkinpa/ Check out Sysdig's Threat Research: https://sysdig.com/threat-research/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord
In this episode of CISO Tradecraft, host G Mark Hardy talks to Kevin O'Connor, the Director of Threat Research at Adlumin. They discuss the importance of comprehensive cybersecurity for Small to Medium-sized Businesses (SMBs), including law firms and mid-sized banks. The conversation explores the complexities of managing security infrastructures, the role of managed security service providers, and the usefulness of managed detection and response systems. The discussion also delves into the increasing threat of ransomware and the critical importance of managing data vulnerabilities and providing security awareness training. Big Thanks to our Sponsor: Adlumin - https://adlumin.com/ Transcripts: https://docs.google.com/document/d/1V_qkMFdGC4NRLCG-80gcsiSA8ikT8SwP Youtube: https://youtu.be/diCZfWWB3z8 Chapters 00:12 Introduction and Sponsor Message 01:42 Guest Introduction: Kevin O'Connor 02:29 Discussion on Cybersecurity Roles and Challenges 03:20 The Importance of Defense in Cybersecurity 04:23 The Role of Managed Security Services for SMBs 07:26 The Cost and Staffing Challenges of In-House SOCs 14:41 The Value of Managed Security Services for Legal Firms 16:30 The Threat Landscape for Small and Mid-Sized Banks 18:19 The Difference Between Compliance and Security 20:08 Understanding the Reality of Cybersecurity 20:45 The Challenges of Building IT Infrastructure 21:08 Outsourcing vs In-house Security Management 21:55 The Importance of Understanding Your Data 22:43 Security Operations Center vs Security Operations Platform 24:21 The Role of Managed Detection and Response 24:54 The Importance of Quick Response in Security 28:07 The Threat of Ransomware and Data Breaches 34:31 The Role of Pen Testing in Cybersecurity 36:33 The Growing Threat of Ransomware 38:28 The Importance of Security Awareness Training 40:42 The Role of Incident Response and Forensics 42:11 Final Thoughts on Cybersecurity
John Wilson, Senior Fellow, Threat Research at Fortra, joins to discuss email impersonation attacks which found that nearly 99% of these threats can be classified as business email compromise. Dave and Joe share some listener follow up from Terry, who writes in with some comments on episode 262 regarding cybersecurity jargon used. Joe's story comes from a listener this week, this individual writes in sharing the horror story he had to deal with when him and his wife ended up on a target list for scammers. Dave's story follows Elon Musk and Joanna Gaines, co-host of the HGTV show "Fixer Upper," and how they are selling a scam device that claims to lower your electricity bills. Our catch of the day comes from listener William, who writes in sharing an email he received from the"Tampa International Airport Police Department Florida," saying they want to release his fund with the service of DHL Courier Company. Links to the stories: Worst fake "power saver" plug yet Better Business Bureau Elon Musk Energy Saving Device: The Scam You Need to Know About Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Arstechnica is reporting that identity and authentication management provider Okta has been hit by another breach.Deep Instinct's Threat Research team has identified a new campaign from the “MuddyWater” group. Google is warning of multiple threat actors sharing a public proof-of-concept exploit that leverages its Calendar service to host command-and-control infrastructure.BlackBerry Research and Intelligence Team has found a wiper variant that targets Windows systems being deployed by hacktivists in support of Hamas.
Guest: Chloe Messdaghi, Head of Threat Research, Protect AIOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/chloe-messdaghiOn Twitter | https://twitter.com/ChloeMessdaghiOn LinkedIn | https://www.linkedin.com/in/chloemessdaghiOn Instagram | https://www.instagram.com/chloemessdaghi/Website | https://www.securebychloe.com__________________________SponsorsAre you interested in sponsoring an ITSPmagazine Channel?
Guest: Chloe Messdaghi, Head of Threat Research, Protect AIOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/chloe-messdaghiOn Twitter | https://twitter.com/ChloeMessdaghiOn LinkedIn | https://www.linkedin.com/in/chloemessdaghiOn Instagram | https://www.instagram.com/chloemessdaghi/Website | https://www.securebychloe.com__________________________SponsorsAre you interested in sponsoring an ITSPmagazine Channel?
In an era where global spending on cybersecurity solutions is forecasted to surpass $200 billion in 2023, and nearly $300 billion by 2026, the persistence of cyberattacks is a baffling paradox. More perplexing is the fact that phishing attacks constitute more than 90% of these cyber incursions. To dissect the reasons behind this incongruity and chart a viable way forward, I spoke with Max Gannon, Vice President of Threat Research at Cofense, a company that stands at the forefront of anti-phishing solutions. Max Gannon offers an eye-opening perspective that challenges conventional cybersecurity wisdom. He argues that the overreliance on technology to solve phishing problems is a fundamental flaw in how organizations approach security. Despite the sophistication of machine learning algorithms and threat detection systems, technology alone is unable to fully understand the human behaviors and decision-making processes that often lead to successful phishing attacks. This brings us to another pivotal point made by Max: the underestimated value of Security Awareness Training (SAT). In a digital culture where checking boxes often substitutes for comprehensive understanding, SAT programs can sometimes be reduced to a perfunctory exercise. Max emphasizes the necessity of evolving these programs into continuous educational experiences that adapt to ever-changing threat landscapes. Integrating human intelligence into cybersecurity strategy is not just an add-on; it's imperative. According to Max, human intelligence can catch the nuances and intricacies that often evade machine-led security measures. Organizations can leverage both human and machine capabilities with a more foolproof defense mechanism by having a more integrative approach. During our conversation, we also explored the current state of the cyber threat landscape, highlighting the limitations of current email security measures. Max notes that even the most advanced technologies can fall prey to sophisticated social engineering attacks, making up 98% of social engineering attacks according to some statistics. We also delved into the future of cybersecurity, examining potential strategies and solutions that organizations can adopt to stay one step ahead of increasingly inventive and aggressive cyber adversaries. This engaging dialogue with Max Gannon is a conversation and a call to organizations to rethink their cybersecurity strategies. As phishing remains a ubiquitous threat, the insights from Max offer a robust framework for reinforcing organizational cybersecurity measures. I highly recommend tuning into this enlightening discussion to learn how to fortify your defenses in an ever-volatile cyber world.
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023. The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company's security culture and its ability to safeguard its vast user base. Tune in for more details! Timestamps: (2:37) – Email Threat Numbers for the data period. (4:18) – File Types used for the delivery of malicious payloads. (7:39) – What are the top targeted industry verticals? (11:19) – What were the most impersonated brands during the last month? (21:15) – Microsoft's Continued Security Issues (31:19) – Vulnerabilities in libwebp Episode Resources: Full Monthly Threat Report - October 2023 Andy and Paul Discuss Microsoft Security Problems
Tune in to the latest #FortiGuardLabs Outbreak Alert as Watch as #Fortinet's Jonas Walker explains the Agent Tesla Malware Outbreak detailing the Microsoft Office vulnerabilities for exploitation, Spyware used to steal credentials and Telemetries showing active detection and prevention by the FortiGuard services. Learn more in the full Outbreak Alert: https://www.fortiguard.com/outbreak-alert/agent-tesla-malware-attack?utm_source=social&utm_medium=youtube-org&utm_campaign=sprinklr More about FortiGuard Labs: https://www.fortinet.com/fortiguard/labs?utm_source=social&utm_medium=youtube-org&utm_campaign=sprinklr Read the latest in threat research: https://www.fortinet.com/blog/threat-research?utm_source=social&utm_medium=youtube-org&utm_campaign=sprinklr
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In today's episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. During the episode, Andy and Yvonne explore the overall threat trends including: The most common malicious file types used to deliver payloads, with HTML files taking the lead The decline of malicious PDF and archive files, likely due to the disruption of Qakbot. The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks. The impact of the FBI's disruption of Qakbot. The Storm-0558 breach. A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors. Timestamps: (3:22) – General threat trends for this month's data period (7:11) – What were the most used file types used for malicious payloads during the data period? (10:10) – What are the most targeted industries for this data period? (12:04) – The most impersonated brands from this month's report (16:52) – Commentary on the FBI's disruption of the Qakbot Botnet (22:54) – An update on the Microsoft Storm-0558 breach (33:46) – Data breaches account for 14 million lost records Episode Resources: Full Monthly Threat Report - September 2023 EP07: A Discussion and Analysis of Qakbot Security Awareness Service Andy on LinkedIn, Twitter, Mastadon Yvonne on LinkedIn
Don Smith is the Vice President of Threat Research at Secureworks. In this episode, he joins host Steve Morgan to discuss CISOs and the boardroom, including what organizations need to know. Secureworks is a leader in cybersecurity providing best-in-class solutions and threat intelligence that reduces risk, optimizes IT and security investments, and fills security team talent gaps. To learn more about our sponsor, visit https://secureworks.com
While generative AI offers powerful tools for cyber defenders, it's also enabled cyber attackers to innovate and up the ante when it comes to threats such as malware, vulnerability exploitation and deep fake phishing. All this and we're still just in the early days of the technology. In this episode, CyberArk Labs' Vice President of Cyber Research Lavi Lazarovitz, discusses with host David Puner the seismic shift generative AI is starting to bring to the threat landscape – diving deep into offensive AI attack scenarios and the implications for cyber defenders.
Tito: CEO and Founder of HiddenLayer, securing organizations building or using machine learning models Previously VP of Engineering at Qualys Previously Senior Director of Data Science at Agari Previously Director of Threat Research at Cylance when they were hit by a model inference attack back in 2019 Fun fact: The HiddenLayer co-founders have worked together for the last five years! Check out the episode for our conversation about real-world attacks against machine learning models, the current state of AI security capabilities including monitoring and scanning, and the market appetite for this tooling. https://hiddenlayer.com/ https://github.com/Azure/counterfit https://incidentdatabase.ai/
About MichaelMichael is the Director of Threat Research at Sysdig, managing a team of experts tasked with discovering and defending against novel security threats. Michael has more than 20 years of industry experience in many different roles, including incident response, threat intelligence, offensive security research, and software development at companies like Rapid7, ThreatQuotient, and Mantech. Prior to joining Sysdig, Michael worked as a Gartner analyst, advising enterprise clients on security operations topics.Links Referenced: Sysdig: https://sysdig.com/ “2022 Sysdig Cloud-Native Threat Report”: https://sysdig.com/threatreport TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Something interesting about this particular promoted guest episode that is brought to us by our friends at Sysdig is that when they reached out to set this up, one of the first things out of their mouth was, “We don't want to sell anything,” which is novel. And I said, “Tell me more,” because I was also slightly skeptical. But based upon the conversations that I've had, and what I've seen, they were being honest. So, my guest today—surprising as though it may be—is Mike Clark, Director of Threat Research at Sysdig. Mike, how are you doing?Michael: I'm doing great. Thanks for having me. How are you doing?Corey: Not dead yet. So, we take what we can get sometimes. You folks have just come out with the “2022 Sysdig Cloud-Native Threat Report”, which on one hand, it feels like it's kind of a wordy title, on the other it actually encompasses everything that it is, and you need every single word of that report. At a very high level, what is that thing?Michael: Sure. So, this is our first threat report we've ever done, and it's kind of a rite of passage, I think for any security company in the space; you have to have a threat report. And the cloud-native part, Sysdig specializes in cloud and containers, so we really wanted to focus in on those areas when we were making this threat report, which talks about, you know, some of the common threats and attacks we were seeing over the past year, and we just wanted to let people know what they are and how they protect themselves.Corey: One thing that I've found about a variety of threat reports is that they tend to excel at living in the fear, uncertainty, and doubt space. And invariably, they paint a very dire picture of the internet about become cascading down. And then at the end, there's always a, “But there is hope. Click here to set up a meeting with us.” It's basically a very thinly- veiled cover around what is fundamentally a fear, uncertainty, and doubt-driven marketing strategy, and then it tries to turn into a sales pitch.This does absolutely none of that. So, I have to ask, did you set out to intentionally make something that added value in that way and have contributed to the body of knowledge, or is it because it's your inaugural report; you didn't realize you were supposed to turn it into a terrible sales pitch.Michael: We definitely went into that on purpose. There's a lot of ways to fix things, especially these days with all the different technologies, so we can easily talk about the solutions without going into specific products. And that's kind of way we went about it. There's a lot of ways to fix each of the things we mentioned in the report. And hopefully, the person reading it finds a good way to do it.Corey: I'd like to unpack a fair bit of what's in the report. And let's be clear, I don't intend to read this report into a microphone; that is generally not a great way of conveying information that I have found. But I want to highlight a few things that leapt out to me that I find interesting. Before I do that, I'm curious to know, most people who write reports, especially ones of this quality, are not sitting there cogitating in their office by themselves, and they set pen to paper and emerge four days later with the finished treatise. There's a team involved, there's more than one person that weighs in. Who was behind this?Michael: Yeah, it was a pretty big team effort across several departments. But mostly, it came to the Sysdig threat research team. It's about ten people right now. It's grown quite a bit through the past year. And, you know, it's made up of all sorts of backgrounds and expertise.So, we have machine learning people, data scientists, data engineers, former pen-testers and red team, a lot of blue team people, people from the NSA, people from other government agencies as well. And we're also a global research team, so we have people in Europe and North America working on all of this. So, we try to get perspectives on how these threats are viewed by multiple areas, not just Silicon Valley, and express fixes that appeal to them, too.Corey: Your executive summary on this report starts off with a cloud adversary analysis of TeamTNT. And my initial throwaway joke on that, it was going to be, “Oh, when you start off talking about any entity that isn't you folks, they must have gotten the platinum sponsorship package.” But then I read the rest of that paragraph and I realized that wait a minute, this is actually interesting and germane to something that I see an awful lot. Specifically, they are—and please correct me if I'm wrong on any of this; you are definitionally the expert whereas I am, obviously the peanut gallery—but you talk about TeamTNT as being a threat actor that focuses on targeting the cloud via cryptojacking, which is a fanciful word for, “Okay, I've gotten access to your cloud environment; what am I going to do with it? Mine Bitcoin and other various cryptocurrencies.” Is that generally accurate or have I missed the boat somewhere fierce on that? Which is entirely possible.Michael: That's pretty accurate. We also think it just one person, actually, and they are very prolific. So, they were pretty hard to get that platinum support package because they are everywhere. And even though it's one person, they can do a lot of damage, especially with all the automation people can make now, one person can appear like a dozen.Corey: There was an old t-shirt that basically encompassed everything that was wrong with the culture of the sysadmin world back in the naughts, that said, “Go away, or I will replace you with a very small shell script.” But, on some level, you can get a surprising amount of work done on computers, just with things like for loops and whatnot. What I found interesting was that you have put numbers and data behind something that I've always taken for granted and just implicitly assumed that everyone knew. This is a common failure mode that we all have. We all have blind spots where we assume the things that we spend our time on is easy and the stuff that other people are good at and you're not good at, those are the hard things.It has always been intuitively obvious to me as a cloud economist, that when you wind up spending $10,000 in cloud resources to mine cryptocurrency, it does not generate $10,000 of cryptocurrency on the other end. In fact, the line I've been using for years is that it's totally economical to mine Bitcoin in the cloud; the only trick is you have to do it in someone else's account. And you've taken that joke and turned it into data. Something that you found was that in one case, that you were able to attribute $8,100 of cryptocurrency that were generated by stealing $430,000 of cloud resources to do it. And oh, my God, we now have a number and a ratio, and I can talk intelligently and sound four times smarter. So, ignoring anything else in this entire report, congratulations, you have successfully turned this into what is beginning to become a talking point of mine. Value unlocked. Good work. Tell me more.Michael: Oh, thank you. Cryptomining is kind of like viruses in the old on-prem environment. Normally it just cleaned up and never thought of again; the antivirus software does its thing, life goes on. And I think cryptominers are kind of treated like that. Oh, there's a miner; let's rebuild the instance or bring a new container online or something like that.So, it's often considered a nuisance rather than a serious threat. It also doesn't have the, you know, the dangerous ransomware connotation to it. So, a lot of people generally just think of as a nuisance, as I said. So, what we wanted to show was, it's not really a nuisance and it can cost you a lot of money if you don't take it seriously. And what we found was for every dollar that they make, it costs you $53. And, you know, as you mentioned, it really puts it into view of what it could cost you by not taking it seriously. And that number can scale very quickly, just like your cloud environment can scale very quickly.Corey: They say this cloud scales infinitely and that is not true. First, tried it; didn't work. Secondly, it scales, but there is an inherent limit, which is your budget, on some level. I promise they can add hard drives to S3 faster than you can stuff data into it. I've checked.One thing that I've seen recently was—speaking of S3—I had someone reach out in what I will charitably refer to as a blind panic because they were using AWS to do something. Their bill was largely $4 a month in S3 charges. Very reasonable. That carries us surprisingly far. And then they had a credential leak and they had a threat actor spin up all the Lambda functions in all of the regions, and it went from $4 a month to $60,000 a day and it wasn't caught for six days.And then AWS as they tend to do, very straight-faced, says, “Yeah, we would like our $360,000, please.” At which point, people start panicking because a lot of the people who experience this are not themselves sophisticated customers; they're students, they're learning how this stuff works. And when I'm paying $4 a month for something, it is logical and intuitive for me to think that, well, if I wind up being sloppy with their credentials, they could run that bill up to possibly $25 a month and that wouldn't be great, so I should keep an eye on it. Yeah, you dropped a whole bunch of zeros off the end of that. Here you go. And as AWS spins up more and more regions and as they spin up more and more services, the ability to exploit this becomes greater and greater. This problem is not getting better, it is only getting worse, by a lot.Michael: Oh, yeah, absolutely. And I feel really bad for those students who do have that happen to them. I've heard on occasion that the cloud providers will forgive some debts, but there's no guarantee of that happening, from breaches. And you know, the more that breaches happen, the less likely they are going to forgive it because they still to pay for it; someone's paying for it in the end. And if you don't improve and fix your environment and it keeps happening, one day, they're just going to stick you with the bill.Corey: To my understanding, they've always done the right thing when I've highlighted something to them. I don't have intimate visibility into it and of course, they have a threat model themselves of, okay, I'm going to spin up a bunch of stuff, mine cryptocurrency for a month—cry and scream and pretend I got hacked because fraud is very much a thing, there is a financial incentive attached to this—and they mostly seem to get it right. But the danger that I see for the cloud provider is not that they're going to stop being nice and giving money away, but assume you're a student who just winds up getting more than your entire college tuition as a surprise bill for this month from a cloud provider. Even assuming at the end of that everything gets wiped and you don't owe anything. I don't know about you, but I've never used that cloud provider again because I've just gotten a firsthand lesson in exactly what those risks are, it's bad for the brand.Michael: Yeah, it really does scare people off of that. Now, some cloud providers try to offer more proactive protections against this, try to shut down instances really quick. And you know, you can take advantage of limits and other things, but they don't make that really easy to do. And setting those up is critical for everybody.Corey: The one cloud provider that I've seen get this right, of all things, has been Oracle Cloud, where they have an always free tier. Until you affirmatively upgrade your account to chargeable, they will not charge you a penny. And I have experimented with this extensively, and they're right, they will not charge you a penny. They do have warnings plastered on the site, as they should, that until you upgrade your account, do understand that if you exceed a threshold, we will stop serving traffic, we will stop servicing your workload. And yeah, for a student learner, that's absolutely what I want. For a big enterprise gearing up for a giant Superbowl commercial or whatnot, it's, “Yeah, don't care what it costs, just make sure you continue serving traffic. We don't get a redo on this.” And without understanding exactly which profile of given customer falls into, whenever the cloud provider tries to make an assumption and a default in either direction, they're wrong.Michael: Yeah, I'm surprised that Oracle Cloud of all clouds. It's good to hear that they actually have a free tier. Now, we've seen attackers have used free tiers quite a bit. It all depends on how people set it up. And it's actually a little outside the threat report, but the CI/CD pipelines in DevOps, anywhere there's free compute, attackers will try to get their miners in because it's all about scale and not quality.Corey: Well, that is something I'd be curious to know. Because you talk about focusing specifically on cloud and containers as a company, which puts you in a position to be authoritative on this. That Lambda story that I mentioned about, surprise $60,000 a day in cryptomining, what struck me about that and caught me by surprise was not what I think would catch most people who didn't swim in this world by surprise of, “You can spend that much?” In my case, what I'm wondering about is, well hang on a minute. I did an article a year or two ago, “17 Ways to Run Containers On AWS” and listed 17 AWS services that you could use to run containers.And a few months later, I wrote another article called “17 More Ways to Run Containers On AWS.” And people thought I was belaboring the point and making a silly joke, and on some level, of course I was. But I was also highlighting very clearly that every one of those containers running in a service could be mining cryptocurrency. So, if you get access to someone else's AWS account, when you see those breaches happen, are people using just the one or two services they have things ready to go for, or are they proliferating as many containers as they can through every service that borderline supports it?Michael: From what we've seen, they usually just go after a compute, like EC2 for example, as it's most well understood, it gets the job done, it's very easy to use, and then get your miner set up. So, if they happen to compromise your credentials versus the other method that cryptominers or cryptojackers do is exploitation, then they'll try to spread throughout their all their EC2 they can and spin up as much as they can. But the other interesting thing is if they get into your system, maybe via an exploit or some other misconfiguration, they'll look for the IAM metadata service as soon as they get in, to try to get your IAM credentials and see if they can leverage them to also spin up things through the API. So, they'll spin up on the thing they compromised and then actively look for other ways to get even more.Corey: Restricting the permissions that anything has in your cloud environment is important. I mean, from my perspective, if I were to have my account breached, yes, they're going to cost me a giant pile of money, but I know the magic incantations to say to AWS and worst case, everyone has a pet or something they don't want to see unfortunate things happen to, so they'll waive my fee; that's fine. The bigger concern I've got—in seriousness—I think most companies do is the data. It is the access to things in the account. In my case, I have a number of my clients' AWS bills, given that that is what they pay me to work on.And I'm not trying to undersell the value of security here, but on the plus side that helps me sleep at night, that's only money. There are datasets that are far more damaging and valuable about that. The worst sleep I ever had in my career came during a very brief stint I had about 12 years ago when I was the director of TechOps at Grindr, the gay dating site. At that scenario, if that data had been breached, people could very well have died. They live in countries where that winds up not being something that is allowed, or their family now winds up shunning them and whatnot. And that's the stuff that keeps me up at night. Compared to that, it's, “Well, you cost us some money and embarrassed a company.” It doesn't really rank on the same scale to me.Michael: Yeah. I guess the interesting part is, data requires a lot of work to do something with for a lot of attackers. Like, it may be opportunistic and come across interesting data, but they need to do something with it, there's a lot more risk once they start trying to sell the data, or like you said, if it turns into something very unfortunate, then there's a lot more risk from law enforcement coming after them. Whereas with cryptomining, there's very little risk from being chased down by the authorities. Like you said, people, they rebuild things and ask AWS for credit, or whoever, and move on with their lives. So, that's one reason I think cryptomining is so popular among threat actors right now. It's just the low risk compared to other ways of doing things.Corey: It feels like it's a nuisance. One thing that I was dreading when I got this copy of the report was that there was going to be what I see so often, which is let's talk about ransomware in the cloud, where people talk about encrypting data in S3 buckets and sneakily polluting the backups that go into different accounts and how your air -gapping and the rest. And I don't see that in the wild. I see that in the fear-driven marketing from companies that have a thing that they say will fix that, but in practice, when you hear about ransomware attacks, it's much more frequently that it is their corporate network, it is on-premises environments, it is servers, perhaps running in AWS, but they're being treated like servers would be on-prem, and that is what winds up getting encrypted. I just don't see the attacks that everyone is warning about. But again, I am not primarily in the security space. What do you see in that area?Michael: You're absolutely right. Like we don't see that at all, either. It's certainly theoretically possible and it may have happened, but there just doesn't seem to be that appetite to do that. Now, the reasoning? I'm not a hundred percent sure why, but I think it's easier to make money with cryptomining, even with the crypto markets the way they are. It's essentially free money, no expenses on your part.So, maybe they're not looking because again, that requires more effort to understand especially if it's not targeted—what data is important. And then it's not exactly the same method to do the attack. There's versioning, there's all this other hoops you have to jump through to do an extortion attack with buckets and things like that.Corey: Oh, it's high risk and feels dirty, too. Whereas if you're just, I guess, on some level, psychologically, if you're just going to spin up a bunch of coin mining somewhere and then some company finds it and turns it off, whatever. You're not, as in some cases, shaking down a children's hospital. Like that's one of those great, I can't imagine how you deal with that as a human being, but I guess it takes all types. This doesn't get us to sort of the second tentpole of the report that you've put together, specifically around the idea of supply chain attacks against containers. There have been such a tremendous number of think pieces—thought pieces, whatever they're called these days—talking about a software bill of materials and supply chain threats. Break it down for me. What are you seeing?Michael: Sure. So, containers are very fun because, you know, you can define things as code about what gets put on it, and they become so popular that sharing sites have popped up, like Docker Hub and other public registries, where you can easily share your container, it has everything built, set up, so other people can use it. But you know, attackers have kind of taken notice of this, too. Where anything's easy, an attacker will be. So, we've seen a lot of malicious containers be uploaded to these systems.A lot of times, they're just hoping for a developer or user to come along and use them because your Docker Hub does have the official designation, so while they can try to pretend to be like Ubuntu, they won't be the official. But instead, they may try to see theirs and links and things like that to entice people to use theirs instead. And then when they do, it's already pre-loaded with a miner or, you know, other malware. So, we see quite a bit of these containers in Docker Hub. And they're disguised as many different popular packages.They don't stand up to too much scrutiny, but enough that, you know, a casual looker, even Docker file may not see it. So yeah, we see a lot of—and embedded credentials and other big part that we see in these containers. That could be an organizational issue, like just a leaked credential, but you can put malicious credentials into Docker files, to0, like, say an SSH private key that, you know, if they start this up, the attacker can now just log—SSH in. Or other API keys or other AWS changing commands you can put in there. You can put really anything in there, and wherever you load it, it's going to run. So, you have to be really careful.[midroll 00:22:15]Corey: Years ago, I gave a talk at the conference circuit called, “Terrible Ideas in Git” that purported to teach people how to get worked through hilarious examples of misadventure. And the demos that I did on that were, well, this was fun and great, but it was really annoying resetting them every time I gave the talk, so I stuffed them all into a Docker image and then pushed that up to Docker Hub. Great. It was awesome. I didn't publicize it and talk about it, but I also just left it as an open repository there because what are you going to do? It's just a few directories in the route that have very specific contrived scenarios with Git, set up and ready to go.There's nothing sensitive there. And the thing is called, “Terrible Ideas.” And I just kept watching the download numbers continue to increment week over week, and I took it down because it's, I don't know what people are going to do with that. Like, you see something on there and it says, “Terrible Ideas.” For all I know, some bank is like, “And that's what we're running in production now.” So, who knows?But the idea o—not that there was necessarily anything wrong with that, but the fact that there's this theoretical possibility someone could use that or put the wrong string in if I give an example, and then wind up running something that is fairly compromisable in a serious environment was just something I didn't want to be a part of. And you see that again, and again, and again. This idea of what Docker unlocks is amazing, but there's such a tremendous risk to it. I mean, I've never understood 15 years ago, how you're going to go and spin up a Linux server on top of EC2 and just grab a community AMI and use that. It's yeah, I used to take provisioning hardware very seriously to make sure that I wasn't inadvertently using something compromised. Here, it's like, “Oh, just grab whatever seems plausible from the catalog and go ahead and run that.” But it feels like there's so much of that, turtles all the way down.Michael: Yeah. And I mean, even if you've looked at the Docker file, with all the dependencies of the things you download, it really gets to be difficult. So, I mean, to protect yourself, it really becomes about, like, you know, you can do the static scanning of it, looking for bad strings in it or bad version numbers for vulnerabilities, but it really comes down to runtime analysis. So, when you start to Docker container, you really need the tools to have visibility to what's going on in the container. That's the only real way to know if it's safe or not in the end because you can't eyeball it and really see all that, and there could be a binary assortment of layers, too, that'll get run and things like that.Corey: Hell is other people's workflows, as I'm sure everyone's experienced themselves, but one of mine has always been that if I'm doing something as a proof of concept to build it up on a developer box—and I do keep my developer environments for these sorts of things isolated—I will absolutely go and grab something that is plausible- looking from Docker Hub as I go down that process. But when it comes time to wind up putting it into a production environment, okay, now we're going to build our own resources. Yeah, I'm sure the Postgres container or whatever it is that you're using is probably fine, but just so I can sleep at night, I'm going to take the public Docker file they have, and I'm going to go ahead and build that myself. And I feel better about doing that rather than trusting some rando user out there and whatever it is that they've put up there. Which on the one hand feels like a somewhat responsible thing to do, but on the other, it feels like I'm only fooling myself because some rando putting things up there is kind of what the entire open-source world is, to a point.Michael: Yeah, that's very true. At some point, you have to trust some product or some foundation to have done the right thing. But what's also true about containers is they're attacked and use for attacks, but they're also used to conduct attacks quite a bit. And we saw a lot of that with the Russian-Ukrainian conflict this year. Containers were released that were preloaded with denial-of-service software that automatically collected target lists from, I think, GitHub they were hosted on.So, all a user to get involved had to do was really just get the container and run it. That's it. And now they're participating in this cyberwar kind of activity. And they could also use this to put on a botnet or if they compromise an organization, they could spin up at all these instances with that Docker container on it. And now that company is implicated in that cyber war. So, they can also be used for evil.Corey: This gets to the third point of your report: “Geopolitical conflict influences attacker behaviors.” Something that happened in the early days of the Russian invasion was that a bunch of open-source maintainers would wind up either disabling what their software did or subverting it into something actively harmful if it detected it was running in the Russian language and/or in a Russian timezone. And I understand the desire to do that, truly I do. I am no Russian apologist. Let's be clear.But the counterpoint to that as well is that, well, to make a reference I made earlier, Russia has children's hospitals, too, and you don't necessarily know the impact of fallout like that, not to mention that you have completely made it untenable to use anything you're doing for a regulated industry or anyone else who gets caught in that and discovers that is now in their production environment. It really sets a lot of stuff back. I've never been a believer in that particular form of vigilantism, for lack of a better term. I'm not sure that I have a better answer, let's be clear. I just, I always knew that, on some level, the risk of opening that Pandora's box were significant.Michael: Yeah. Even if you're doing it for the right reasons. It still erodes trust.Corey: Yeah.Michael: Especially it erodes trust throughout open-source. Like, not just the one project because you'll start thinking, “Oh, how many other projects might do this?” And—Corey: Wait, maybe those dirty hippies did something in our—like, I don't know, they've let those people anywhere near this operating system Linux thing that we use? I don't think they would have done that. Red Hat seems trustworthy and reliable. And it's yo, [laugh] someone needs to crack open a history book, on some level. It's a sticky situation.I do want to call out something here that it might be easy to get the wrong idea from the summary that we just gave. Very few things wind up raising my hackles quite like companies using tragedy to wind up shilling whatever it is they're trying to sell. And I'll admit when I first got this report, and I saw, “Oh, you're talking about geopolitical conflict, great.” I'm not super proud of this, but I was prepared to read you the riot act, more or less when I inevitably got to that. And I never did. Nothing in this entire report even hints in that direction.Michael: Was it you never got to it, or, uh—Corey: Oh, no. I've read the whole thing, let's be clear. You're not using that to sell things in the way that I was afraid you were. And simultaneously I want to say—I want to just point that out because that is laudable. At the same time, I am deeply and bitterly resentful that that even is laudable. That should be the common state.Capitalizing on tragedy is just not something that ever leaves any customer feeling good about one of their vendors, and you've stayed away from that. I just want to call that out is doing the right thing.Michael: Thank you. Yeah, it was actually a big topic about how we should broach this. But we have a good data point on right after it started, there was a huge spike in denial-of-service installs. And that we have a bunch of data collection technology, honeypots and other things, and we saw the day after cryptomining started going down and denial-of-service installs started going up. So, it was just interesting how that community changed their behaviors, at least for a time, to participate in whatever you want to call it, the hacktivism.Over time, though, it kind of has gone back to the norm where maybe they've gotten bored or something or, you know, run out of funds, but they're starting cryptomining again. But these events can cause big changes in the hacktivism community. And like I mentioned, it's very easy to get involved. We saw over 150,000 downloads of those pre-canned denial-of-service containers, so it's definitely something that a lot of people participated in.Corey: It's a truism that war drives innovation and different ways of thinking about things. It's a driver of progress, which says something deeply troubling about us. But it's also clear that it serves as a driver for change, even in this space, where we start to see different applications of things, we see different threat patterns start to emerge. And one thing I do want to call out here that I think often gets overlooked in the larger ecosystem and industry as a whole is, “Well, no one's going to bother to hack my nonsense. I don't have anything interesting for them to look at.”And it's, on some level, an awful lot of people running tools like this aren't sophisticated enough themselves to determine that. And combined with your first point in the report as well that, well, you have an AWS account, don't you? Congratulations. You suddenly have enormous piles of money—from their perspective—sitting there relatively unguarded. Yay. Security has now become everyone's problem, once again.Michael: Right. And it's just easier now. It means, it was always everyone's problem, but now it's even easier for attackers to leverage almost everybody. Like before, you had to get something on your PC. You had to download something. Now, your search of GitHub can find API keys, and then that's it, you know? Things like that will make it game over or your account gets compromised and big bills get run up. And yeah, it's very easy for all that to happen.Corey: Ugh. I do want to ask at some point, and I know you asked me not to do it, but I'm going to do it anyway because I have this sneaking suspicion that given that you've spent this much time on studying this problem space, that you probably, as a company, have some answers around how to address the pain that lives in these problems. What exactly, at a high level, is it that Sysdig does? Like, how would you describe that in an elevator without sabotaging the elevator for 45 minutes to explain it in depth to someone?Michael: So, I would describe it as threat detection and response for cloud containers and workloads in general. And all the other kind of acronyms for cloud, like CSPM, CIEM.Corey: They're inventing new and exciting acronyms all the time. And I honestly at this point, I want to have almost an acronym challenge of, “Is this a cybersecurity acronym or is it an audio cable? Which is it?” Because it winds up going down that path, super easily. I was at RSA walking the expo floor and I had I think 15 different companies I counted pitching XDR, without a single one bothering to explain what that meant. Okay, I guess it's just the thing we've all decided we need. It feels like security people selling to security people, on some level.Michael: I was a Gartner analyst.Corey: Yeah. Oh… that would do it then. Terrific. So, it's partially your fault, then?Michael: No. I was going to say, don't know what it means either.Corey: Yeah.Michael: So, I have no idea [laugh]. I couldn't tell you.Corey: I'm only half kidding when I say in many cases, from the vendor perspective, it seems like what it means is whatever it is they're trying to shoehorn the thing that they built into filling. It's kind of like observability. Observability means what we've been doing for ten years already, just repurposed to catch the next hype wave.Michael: Yeah. The only thing I really understand is: detection and response is a very clear detect things and respond to things. So, that's a lot of what we do.Corey: It's got to beat the default detection mechanism for an awful lot of companies who in years past have found out that they have gotten breached in the headline of The New York Times. Like it's always fun when that, “Wait, what? What? That's u—what? How did we not know this was coming?”It's when a third party tells you that you've been breached, it's never as positive—not that it's a positive experience anyway—than discovering yourself internally. And this stuff is complicated, the entire space is fraught, and it always feels like no matter how far you go, you could always go further, but left to its inevitable conclusion, you'll burn through the entire company budget purely on security without advancing the other things that company does.Michael: Yeah.Corey: It's a balance.Michael: It's tough because it's a lot to know in the security discipline, so you have to balance how much you're spending and how much your people actually know and can use the things you've spent money on.Corey: I really want to thank you for taking the time to go through the findings of the report for me. I had skimmed it before we spoke, but talking to you about this in significantly more depth, every time I start going to cite something from it, I find myself coming away more impressed. This is now actively going on my calendar to see what the 2023 version looks like. Congratulations, you've gotten me hooked. If people want to download a copy of the report for themselves, where should they go to do that?Michael: They could just go to sysdig.com/threatreport. There's no email blocking or gating, so you just download it.Corey: I'm sure someone in your marketing team is twitching at that. Like, why can't we wind up using this as a lead magnet? But ugh. I look at this and my default is, oh, wow, you definitely understand your target market. Because we all hate that stuff. Every mandatory field you put on those things makes it less likely I'm going to download something here. Click it and have a copy that's awesome.Michael: Yep. And thank you for having me. It's a lot of fun.Corey: No, thank you for coming. Thanks for taking so much time to go through this, and thanks for keeping it to the high road, which I did not expect to discover because no one ever seems to. Thanks again for your time. I really appreciate it.Michael: Thanks. Have a great day.Corey: Mike Clark, Director of Threat Research at Sysdig. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment pointing out that I didn't disclose the biggest security risk at all to your AWS bill, an AWS Solutions Architect who is working on commission.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.