Transcript

welcome to the cyber rants podcast
where we're all about sharing the forbidden secrets
and slightly embellish truths
about corporate cyber security programs
we're ranting
we're raving
and we're telling you the stuff that nobody talks about
on their fancy website and trade show giveaways
all to protect you from cybercriminals
and now here's your hosts
mike ratando
zack fuller
and loro chavez
hello and welcome to cyber rants podcast
this is your co host
zack fuller
joined by loro chavez and mike ratando
guess what's coming up
twenty twenty three
so we are going to look
deep into the cyber ants crystal ball for the new year
talk about our predictions
what's going to happen
and they're probably all come true
so this one was worth a lesson
so we'll dive right into that
after mike kicks us off with the news
and laro does something a little bit different here
for new podcast moving forward
mike why don't you jump in and kick us off
hello and welcome to the news
thanks for that great entry zack
i feel special
the last pass
go to announce security incident
last pass in its affiliate
go to formally log me in
have announced
that they have suffered a security incident
and in last pass's case
a possible data breach
based on the investigation
the date results have shown that an unauthorized party
using information obtained in august
twenty twenty two instant
was able to gain access
to certain elements of our customers information
but that the customer's passwords
remained safely encrypted
due to lastpass zero knowledge architecture
the august twenty
twenty two incident resulted in a breach
and the x fill of portions of source code
and some proprietary last past technical information
whether that stolen information was helped
had helped attackers perpetuate
this latest breach is yet unknown
but as confirmed by the company a month later
the previous breach did result in code poisoning
or malicious code injection
nor the theft of customer data some look for
in twenty twenty three
hyundai app bugs
allowed hackers to remotely unlock and start cars
vulnerabilities
and mobile apps exposed hyundai and genesis car models
after twenty twelve
remote attacks
that allowed unlocking and even starting the vehicles
security researchers at yugo lab found the issues
and explored
explored similar attack surfaces
in the sirius xm smart vehicle platform
using the cars from other toy makers
like toyota
honda fca nissan
acura and infinity
that allowed them to remotely unlock
start locate
flash and honk them
created a new account using the target email address
with an additional control character at the end
as of yet there's no
way of protecting yourself from that
other than don't buy one of those cars
there's two stories here
it's all both about fortnet
third actors
are offering access to corporate networks by
unauthorized fort net vpn access
cyberattackers selling access to networks
compromised by a recent fort net flaw
long story short
fortnite customers that have not yet passed
the critical authentication bypass
vulnerability that their vendor disclosed in october
in multiple versions of its fort os
ford a proxy
ford a switch manager
technologies
now have an additional reason to do so quickly
at least one thread actor
operating on a russian dark web forum
has been selling assets to multiple networks
compromised by
the vulnerability
cve twenty twenty two
oro six eight
four and more
could follow suits soon
researchers from sibel
responded the threat activities
cries the victim organizations
as likely using unpat
and out of date versions of four o s
just my own editorial
patch your stuff
come on if it's not
patch patch it
there's no reason not
it shouldn't be patched by now um
malicious android app found
powering account creation services
a fake android sms application
with a hundred thousand downloads on google play store
has been discovered to secretly act as an sms relay
for an account creation service
for sites like
microsoft google
instagram telegram
and facebook
at the time of this writing
the app remains available on google play
five point four million
twitter users stolen
data leaked online
more shared privately
expect over
five point four million
twitter users
records containing non
public information
stolen using an api vulnerability
fixed in january
have been shared for free
on a hacker form
another massive
potentially more significant
data dump of millions of twitter records
has also been disclosed
by our security researcher
demonstrating how widely
abused the bug
was by threat actors
the data consists of
fake public information
as well as private
phone numbers
email address
and then it meant
not meant for the public
predatory loon
mobile apps grab data
harass users
and their contacts
researchers
have discovered
nearly three hundred
android and ios apps
that trick victims into unfair loan terms
exhaltrate excessive
user data from mobile devices
and then use it to pressure
and shame the victims
for repayment
aimed at consumers in developing countries
the apps reportedly
offer quick
fully digital
loan approvals
with reasonable loan terms
but they exploit the victim's desire
for quick cash
to trap borrowers
borrowers into predatory loan contracts
and required them to grant access to sensitive
information
such as contacts
and sms messages
after downloading one of these apps
users first asked to share
personal and financial
information
name address
employment history
education banking
information etcetera
be also required to perform an id
verification
verification
of video selfie
then the app
asks the user
to access their contacts
photos and media
and be allowed to make and manage phone calls and send
i send the view
sms messages
cutting the end
the research
found nearly
three hundred these apps
two hundred fifty
one on google play
with over fifteen million
collective downloads
and thirty five on apple
apple app store
i'm just gonna
send a shout out
to those of you who
use your phone
for everything
don't apply for a loan
on your phone
if you don't
if it's not
like a bank
or something
be careful lastly
there's a couple
interesting headlines
researchers
accidentally
crash crypto
mining bot nets
there's a slippery ransomware
exx malware
moves to rust
evading virus total
there's an oracle issue
and some cyber threat groups
exploiting a
rcu vulnerability
and campaign
called bleed you
so with that
we're gonna move over to
laurels corner
where he's gonna share
tips and tricks
and how to be
a better cyber security person
and a better person
in general what
that was golden
that was such a golden pass off
thank you thank you
and mike is right
we are changing
the exploits
to something
i'm going to call
personal cyber
protection tips
because exploits only help
a small percentage of us
than the community
that are dealing
specifically
with those types of things
in large organizations
certainly helpful
but we also feel that
those individuals
know where to go
to look for that
information
if they need to find it
and we should use this time
to better help
everyone who's listening
to the podcast
so in laros corner
apparently we're going to be
talking about
the personal
cyber protection tip
and the first
one that we're going to deliver is
this always
use a manual pen
screen lock code
on your phone
the one that you're doing mobile
banking with
and applying for loans
that mike was just
talking about
okay i'm gonna repeat that
your personal cyber
protection tip
for this week
is always use
a manual pin
screen lock code
on your phone
there's a reason for that
in cryptography
there's a golden rule
you never share
your private key
with the public
okay sounds funny
we'll get into that
so let's talk about
all the new
capabilities
that we have
some of the phones
and some of the laptops
that are coming out today
that with you
can do biometrics
you can put a
fingerprint in there
you can do face
recognition
which is really cool
because hey
let's face it
who really wants to have to
put in a six digit
code every time
when you can just
hold the phone up
and look at it
and log in or
simply by grabbing it
you can log into the phone
well those features
also buy you some
personal risk
and that's why
we're talking about that
as our first
protection tip
again you never
show your private
key with the public
what is your
fingerprint
your fingerprint
is a public facing key
so is your face
so things like biometrics
they can be
forced okay
your fingerprint
because it is
a public facing
artifact and
also a very
private key
that gives you
access to your phone
and maybe other compute
can be taken
and forced onto the pad
likewise if you're
using a facial
recognition piece
all the deep fake
the three d
modeling with ai
even high resolution photos
have been proven
to be able to defeat
even apple's
facial recognition
system on their
older version
of the macbook
so keep in mind that
while these features
are really cool
they do not
give you the extra
protection that a
mandorned pin works
why because
the pin is in your head
is that public facing
absolutely not
so i want to
use this example
because we have
the world cup
going on right now
it's in qatar
and people are going nuts
people are doing
things that
are completely
out of the realm
of what the qataris
would consider
to be normal
for their culture
so there's been
a lot of arrests
there's been a lot of
filming that is
that is not
not allowed
and not permitted
and highly illegal
as far as that
culture's concerned
so these individuals
get wrapped up
by personal security
the qatari security
they're getting
taken to these
holding places
and what are they doing
they're asking
them for their
phones okay
they're gonna
pick that phone up
and they're gonna look
and be like oh
it says place
your finger
on the phone to unlock
what do you think
they're gonna do
they're gonna grab
your finger
they're gonna
unlike that phone
they're gonna
start going
through that
find out what
you posted and
if they can
further charge you
again you're not buying
by the laws
in the united
states here
further charge
you based on
their specific
government same goes
for a facial
recognition
if it's facial
recognition
they're simply gonna
hold that phone
up to your face
it's gonna unlock
they're gonna
have access
to that phone
at least with a pin
code in this
extreme situation
you would have
the ability
to not deliver that code
unless under
extreme pain
or threat of death
probably but
you would have
an opportunity
to at least
get legal counsel
before you were able
to commit that
data and as
relevance for
evidence for a case
is relevant
evidence for a case
with things like fingerprint biometrics and face
that can be
that opportunity to withhold your rights
can be taken from you
without your consent
so keep that in mind
remember always use that pin lock code
that's going to be the best thing
it's not as cool
it's not as fancy
but in the worst case scenario that something happens
you pass out at a party and you get drunk
and your friends get access to your phone
they're not going to be able to unlock it
and see all the dirty texts you sent to your friend
or found out things about you that
no one should probably know
so keep that pin code in place
and that is your personal cyber protection
tip of the week in laros corner apparently
small here outstanding
well it's a
it's a nice corner lauro and excellent excellent point
you know those people that say
oh well it makes it harder
for me to unlock my phone
so i can text and drive at the same time
well you shouldn't be texting and driving anyway
so take that extra step
excellent excellent point there
well we're going to be right back
shortly with the cyber ants podcast
talking about cyber security
predictions for twenty twenty three
what even more cyber rants
be sure to subscribe to the cyber rants podcast
get your copy of our best selling books
cyber rants
on amazon today
this podcast is brought to you by silent sector
the firm dedicated to building world class
cyber security programs
for bidmarket and immersion companies across the us
silent sector also provides industry
leading penetration tests and cyber risk assessments
visit silent sector com and contact us today
and we're back with the cyber rants podcast
talking about cyber security
predictions for twenty twenty three
and oh i have a bunch of them
looking into the crystal ball
it's telling me some things that are just mind blowing
but i don't want to steal the show guys
why don't you
anybody have anything they want to start off with
what's gonna happen
well show us the future
we always know that windows is going to have a major
vulnerability
and we always know that santa is going to bring
wordpress something fatal as well
for the holiday season
moving into next year
but my prediction would be that cyber insurance
is almost unobtainable for some organizations oh yeah
yeah that's i think
what do you think
what's if we were to put a wager on it
are you thinking thirty percent price increase
fifty percent on average
i'm going with twenty five
yeah mike at twenty five percent
i agree with mike
i think he's right online
with the crystal ball in this one
what i think other than the price increase
is that there's going to be organizations that lose it
and then flat out don't have
don't have the minerals
in their business operations to even get it
so they're gonna have to buy their cyber insurance
from those exploitive people on the phone apps that
yeah
you go down to the bad part of town
and go into the cyber insurance
the little building there next to the tire shop
you know and get your high dollar
high premium interest insurance
yeah they're selling cyber insurance at the break
its break your screen
i fix your screen place
exactly exactly
and a carton
a carton the mall
yeah it's a kiosk in the mall
there you go
well that's
i can say that's pretty much a guarantee
i'm gonna go ahead and go with
since mike with went with twenty five percent
i'm gonna go ahead and go with twenty six percent
so whoever have you been watching
the price is right this morning one dollar
take twenty four so you'd be on the other side
and we'll see
we'll see how it goes
so more to come
more to come on that
let's let's look back at the end of twenty
twenty three and see who is right
all right yeah
i predict those google searches will be like
if i can't get cyber insurance
and then what
you know what i mean yeah
well we're already i mean i
we're already prepping clients for the
when the renewal dates
i mean i've got
just kind of a shameless plug but
that's what i've been doing with some of our clients is
you guys need to be aware of this so
and the big one
the big sticking point
that a lot of people are running into
is that these guys want offline backups
and it's like
well what do you do
when you have a hundred terabytes of data
how do you do that
offline backup
yeah yeah and that's
that's after you've
you've validated
you have security policies
and procedures and standards for the business
and dedicated money to risk management
and it's you know
there used to be three things on the questionnaire
and now they're full blown security questionnaires
and it's like being a repeat offender for speeding
you know what
he's gonna want to ensure you
yeah if you didn't listen to the previous episode
about cyber insurance with adam guyton
go back and listen to that
he's an expert in this field
specifically
specializes in it
and covers a whole range of what's going on there
price increases
so i think this is
i think we're going to be
right on the money here with this
i mean i don't see this changing anytime soon
i certainly don't see insurance policy costs
or requirements going down anytime soon
so i'm gonna go ahead and put a hundred percent
guaranteed stamp of approval on that one
you know one thing that i see mine for most
go ahead mike
was say one of the things that i see that's becoming
what's gonna become mandatory
and twenty twenty three and really expanded compliance
so you know
like sock to pci nist iso
those kind of things are going to become
you know requirements for the smaller companies
as they deal with larger companies
and larger clients because
you know it flows down from the top right
so the primes that deal with the dod
have to have cmmc
and then they have to make their entire supply chain
just like that
that's going to work with everybody else
if you're a healthcare organization
the hospital that you're providing a service for
a hospital organization
it's going to have certain requirements
by their cyber insurance security
and it's going to roll down to the smaller
and smaller customers
so that's going to become a big thing too
i agree vendor
vendor management right
vendor and supplier management
risk management
and no one can escape
and we've even
you know we've had organizations of like
three guys in a garage with some cnc
machinery approaching us
because of the trickle down effect
of the compliance requirements
so i think i think cybersecurity and risk management
and risk compliance
is going to be on the tongues of a lot more people than
twenty three definitely
i'd add to that by saying
keep an eye on the state ramp requirements popping up
right we're all familiar with ccpa
and the new york financial requirements
and then all the different requirements are popping up
and now state ramp to do business with the state
very much mirroring
the commonly known fed ramp requirement
right is popping up all over
and it's like the
you know the flavor of the week
so we have more and more requirements around that
and i think we're going to see
the enforcement of new requirements
that haven't been previously enforced
on a heavy basis
so for example ftc
ftc safeguards rule came out right
they probably start to see more enforcement on that
more audits
things like that
we'll probably see other industries popping up
their own requirements
i wish we could all just get along
and come up with a standard
yeah it would be much more effective for everybody but
and everybody can contribute their input
and all that good stuff
but nope we all
every industry's got to be different
every state every
you name it
i mean there's some good in that
because if you look at gdpr
that standardized procedure
written by lawyers
not technology
people is a boondoggle and a half so it is
it's fun it really is not
the problem is it's
and it's only focused
you know really on protecting that consumer data right
and we need something that's more holistic
that organizations adopt around the country
around the world not just
not just one segment of
of data security
cyber security
so what i mean
it would be nice if the feds came out with a standard
you know not ccpa
because that is a cluster on its own right
but something similar
course again
four hundred thirty five lawyers writing a document
a law for technology
i'm not confident in um
but you know it it
it would be nice to have that kind of standard
it says you know
you do have to do this
you have to protect the client
consumer data
blah blah blah blah
but not getting too far into the weeds um
the other thing that people have to keep in mind
is not just california new york
but oregon's got one
washington's got one
texas has one
alabama has one
there's all sorts of data
state data requirements out there
that are mirroring
or some flavor of california's and new york's
so hey those
those attorneys consult it people don't they
before they write this stuff
i mean no they know everything
will search stuff
do they know
they know everything
scary so yeah
that's certainly not going anywhere
well the funny thing
is that they're all
they're all versions of the same thing
just yeah you know
everybody has their point of focus
which makes it even more confusing
well if you look at the tech council
for the federal government
it's microsoft
and that's
not even a joke
that's like a fact
yeah i think facebook and google
i think are the big three
and then like
i don't know who else
but yeah yeah
the last thing i need is microsoft
walking into my house talking about how to do security
and i think they're looking at word like press
as a member
probably like
you know what
finish your coffee and leave
please finish your coffee and leave
yeah we're doomed
well just goes to show you
governments don't run the world right
corporations do
so there you have it
proof of it
well i don't know that they run it
they're certainly taking advice though from these
from you know
from these organizations
because i think of the
the financial power they willed
but clearly as
you know as a whole
i mean you can look at the product base
that any one of these organization puts out
it's just inferior
yeah yeah i mean
i'm not gonna talk crap about meta
because i don't have to
that is a complete sham
like why why we've
we've gone all the way into the
into twenty twenty two
to build a multiverse
three d world
that looks like something worse than nintendo
sixty four you know what i mean
yeah it's terrible
merry christmas everybody
yeah don't buy yourself
but don't get involved in the
if your kid wants a metaverse thing
don't buy it for him again
you might get shot for this
because apparently that just happened to
but it's certainly not worth it
you could just show them
show them a live feed on youtube
and they won't want it anymore
just be normal
and give everybody a new playstation or xbox
just watch the movie
ready player one
i mean that's basically what they're trying to recreate
yeah that's exactly
only not as cool
it looks like ready player one
i'd play it
it doesn't it looks like old school nintendo
it's ridiculous
read the book that ready player one is based off of
use your mind
the greatest imaginary tool out there
yeah go build something
with a hammer and nails and scrap wood
like i did when i was a kid
i was gonna say here's a
here comes a fuller childhood experience
back in my day
back in my day
dad can i watch batman
no go build something
go build some
go ride your bike
get outside
well yeah and i'm grateful for that
but back in our predictions i'll add
i'll add another one here
more supply chain attacks
right that's the popular flavor of
twenty twenty two
twenty twenty one
twenty twenty
i think we're gonna
it's extremely effective
i think there's going to be more and more of that
it gets to the point of
who do we trust in our technology environments
right i mean
we joke about
we joke about certain companies that i won't rename
but the reality is
we have to use these technologies right
that's just part of it
they're the big players
the big fish
so who do we trust
and how do we protect
protect against otherwise trusted vendors right
and trusted solutions in our environment
and i think a lot of times
the underlying technology is solid
even microsoft
but if you're not patching like that fort in that story
i mean there's no reason to have not had
patched that yet
really literally no reason whatsoever
but my guess is that someone is
you know rolling the dice on a risk management
and doesn't want to spend the money
and they're gonna
you know we're retiring this application
and you know
we're just gonna take our chances
and they don't realize what they're hazarding it's
i'd like to see the education of management in twenty
twenty three
for some of these decisions
that are holding back the technologies
we've all had experiences
where we've gone to management
as a security guy working at a big company
and them saying nope
we're not gonna do that right now
because of financial reasons
it's like whatever
your butt not mine
i do predict that the
the executive leaders won't be any
smarter in cyber security in twenty twenty three
unless you're one of the lucky few that gets hacked
by ransomware or something
yeah and unfortunately your education comes swift
yes of course
yeah like drink it through a fire hose
you know that's such a good point
we might move you up from a corner to a neighborhood
laurel thanks
will you be my neighbor
would you my cdp neighbor
gg a nice cardigan
excellent well speaking of patching
i think laura needs to make a puppet for the show
a mascot that its name will be patch
right and that'll be our reminder to patch your stuff
i think we beat that one to death
maybe but yeah laura's corner might have that
laura's neighborhood might have that
outstanding
well i'm gonna stay in my own neighborhood
thank you very much
my own corner
hey another
another thing we need to be
another prediction for twenty twenty three i don't
i'm not a glass half empty type person or anything else
but i also don't anticipate
that the economy is going to dramatically
turn around all of a sudden or improve
i think we still have some downward momentum
and i think there
and i think it's a long needed correction
i think this has been long overdue
but that being said
we can anticipate budget cuts right
for a lot of different
lots of different types of companies
some organizations will do awesome through this
others not so much
and and when there's budget cuts
you know cybersecurity is one of those things that
unfortunately will get cut
as much as we disagree with it
fact of the matter is
cybersecurity is not a recession proof industry
people do cut
you know cut measures
if it's not generating top line revenue and they can't
they can't justify it
then a lot of things will get cut
so that being said
companies are going to need to one
get the most out of what they've already invested in
right so before layering on new tools and technologies
maximize capabilities of what they already have
and that means being smarter
about how those are deployed
that means putting a more focus on people and processes
in the organization
it means investing in humans
who can solve problems creatively
rather than just layering on more stuff
right because that won't be an option
with severely restricted budgets
and it might also mean looking outside the organization
so something that
a role that maybe you had in house before
you might look to a third party
right or a fractional resource
a shared resource for that specific role
that's one of the
one of the things that was presented to me
right out of the crystal ball
so it's got to be true
yeah unfortunately a lot of these cuts
and law and i have been around in big companies
where it's like all right
we're gonna cut eleven percent across
and without any rhyme or reason
and so it just
eleven percent of your workforce gets hacked
and if that'll collect up saturday there's no
no thought or there's no
who's the most viable
you know it's always
are gonna protect your sales guys and your
protect your money makers
but people you know
they need to understand or be educated
fact that cybersecurity makes you money
simply by keeping you safe protected
you don't have to remediate
you're not getting ransomware you're
so you know if you're gonna do those layoffs
if you're one of those layoffs
people be smart about what you're laying off and who
yeah i've actually
i've actually noticed that the trend hasn't really
hasn't really
because there've been a lot of layoffs
in the tech industry lately
but those those positions that i've at least
been permitted to look at
are mostly development positions
and some management positions
i didn't see any risk
cyber security related individuals
being part of that layoff
which doesn't mean it's not gonna happen
at least gives me some faith
that business leaders are like well
we're not making enough money
so let's get rid of this
you know outsourced development team
or you know
when they're looking at like
what can we get rid of
to you know
get some budget back
i'm hoping that they're looking at the risk
professionals and saying okay
well we got to keep this stuff in place
because we got to stay protected
even if you know
even through this time right
you can't really reduce that level of risk management
because it introduces risk
which could cause you not to come out of a recession
or a downturn
or you know
loss of revenue
whatever you call it
exactly yeah let's hope
it's definitely
it's definitely something to be conscious of
for the leaders out there
faced with those financial decisions right
because if you're already tight on margins as it is
just imagine what a ransomware attack or any
you know any type of cyber
some sort of compromise
or something that results in a lawsuit
it could even be
you know a small compromise but ends up in a lawsuit
i mean that could be dramatic for the organization so
well remember
it cost between four and six times the amount to fix
a breach as it does to prevent one
so absolutely so
well excellent
excellent stuff
any other i don't know man
i'm getting the feeling twenty
twenty three sounds a little bleak
from the cyber security perspective
and i'm not seeing a lot of hope out there that
you know suddenly everybody's gonna be smarter
let's talk about that though
i think there is
i think there's silver lining
think there is some silver lining
i mean scientists just created a real
well i guess it depends on what scientist you ask
but theoretically
they've created a wormhole between two
quantum computer arrays that via
you know that are
that have photons in superposition through entanglement
right over the fabric of the universe
so there's some very good news for twenty twenty three
coming out in the technology space now
in cyber security
i'd like to think that we're gonna have
my prediction for twenty three
is that we're gonna have some new minds
hopefully coming into this field
and so i think that the last couple years
with colleges and universities
and getting things kind of involved with cybersecurity
that there's
there's a little more
i want to say hyper on it
but there's a little more interest in this field
and so i one of my predictions
that is a good prediction
is it will have a new crop of professionals
in twenty twenty three to dedicate to the field
to help us all in this kind of good fight against risk
and the cybercriminals at large
be nice it would be nice
it would be nice
if they came out coachable and teachable
give it if it came out with good writing skills that
yeah that's fine
i'll take the interest
that's fine
we'll work on the writing skills and everything else
you know what i mean
just just just have the interest
i was you know
another thing that
i don't know if this is
this is good or bad
but with the
with what's been going on in the cryptocurrency world
that's got a hinder some of the criminals out there
a lot all the criminals you know
and the malicious attackers out there
getting crushed simply because of the crypto market
getting crushed
yeah that's kind of fun
right that's
that's good
i mean i'm sorry for those of you listening
that had big portfolios and you
you know lost some of that value
but it was you know
it was probably in the sky anyway
we all you know
it was a pyramid scheme
we all knew it was
but anyways right
yeah sure i mean
people go to the casino and lose money all the time
it's the same thing
you know so
you know those people they
i think the the true
the true gamblers of the hoddlers
or whatever they're called they get
they give ride both right
the ride when they're winning
and they ride when they're losing
you know they get that
they get that adrenaline rush either way
but to your point zach
that's very good news
because the crypto industry is suffering some blowback
yeah so that does limit the amount of money
that these organizations can
can ask for
and so now when they come to you
hopefully right in twenty three
comes to you and they get ransom where they're like
we'll unlock you for one bitcoin
you're like sweet man
that's like
yeah yeah they'll come back like we want us dollars
you guys take ethereum
leftover pesos from my visit to san juan last year
you guys take that so i do know some bigger companies
that have bitcoin on reserve
poor ransomware
so that's gonna be a hit to their bottom line
oh it did yeah
they invested in it and then lost money and all
half value right
yeah it's sixty thousand dollars
we need to buy some
so we have it if we get hit by ransomware
goodness this is a lot to lost
just remember that one
see so you and i worked with that
the company got hit with ransomware
one of the divisions did
and he came in he's like all right who do i pay
i was like well wait a minute
yeah yeah it's like the first thing yeah
who do i pay
yeah as much as we beat on it that's
you're actually funding terrorism
those payments that people still just go oh let's just
you know hey well at least it's not our business
you know we need to
yeah i can see operational but hey let's fund terrorism
like that's just
i don't know
it's just such a screwed up mentality
and i think most of it's all
it's just from lack of awareness of what
the stuff really where this all filters down to right
and it's actually people's lives and it's
it's not just
well there's a some
go ahead sorry
i'm sorry zach
no there's a
but in the third world somewhere
there's a dirty little warehouse right
it's probably got animals and stuff in it
but this is where like
all the cybercrime money
from all your ransom we were paying
it funnels its way right to some dirty little warehouse
where they receive a shipment of stuff
you know what i mean
on this money that you paid
so i'd like to think that right now
there's some really dirty individuals
hanging out that warehouse
waiting for that shipment to show up
and they are expecting like you know
hundreds of firearms or big load of specific explosives
and all that shows up is a little thing of suckers
there you go
like what happened
you know like bitcoin
you know town
you know that's all we can get
we thought we'd buy suckers with the money
because that's what we are
you know and i mean as is some of our
favorite nation state threat actors out there
are not doing so well economically speaking
just their overall political environments
you know feel absolutely blessed
to live here in the united states
and really feel for the citizens of those countries
you know good people
because they're in these regimes that the
you know governments have just completely screwed up
the people in power
but i think there's a weakening of their ability to
fund and attract resources into their dark ways
i'll leave it at that
without going into any detail
but you can
read the message behind the message in that and
and make what you will of it
but i think that that's
a positive thing for the world of cyber security
yeah yeah and for twenty
twenty three certainly
certainly yeah
the you know
getting squashing bitcoin values is
is certainly good for everybody that is
you know trying to run a business
you know the free market traders
and they're gonna curse me for this
but that's fine
that's one side of the story
you know to mean
you got to understand that
you know it's also can be used as a weapon too
it's a lot harder to extort
american organizations with american cash right
which is eminently more traceable
yeah absolutely
this is certainly not a silver lining
but i do think there's going to be a lot more
disinformation you know
psychological operation type campaigns wrapping up
but at the same time
i think people are getting more
little more educated right
i think there's a little bit more of awareness
people are starting to
maybe believe less of what they see online
and this is evidence by all that
you know all the news about deep fakes
and when people can actually see a video
that looks like somebody
a politician or somebody
actually looks and sounds real
and they're told it's fake
then their paradigm expands right
their minds open up and they realize that hey
actually maybe this
some of this other stuff
that's maybe not even as well put together
is not actually real
you know just words on a website don't
don't actually mean it's
it's true or accurate information
so i think that's good
overall we we need
especially in the us
we need people to be aware that
not everything that they see online
or tv for that matter is true
only believe half of what you hear
and none of what you see or
no that's not the word
it's none of what you hear and half of what you see
i think is what the old phrase is
it was none of what you hear and
and none of what you see
yeah that's called zero trust
yeah industry for that so
and and also
eighty two percent of statistics are made up
they're just pulled out of thin air
so sixty seven percent of the time
that's right exactly
so well with that any other
any other predictions
anything else you want to share
for what's in store for twenty twenty three
and what to look out for
i don't know
what i'm taking from this podcast
is a quote from clubber lang from rocky three
twenty twenty three would be pain
pain that's not good
well i think that we're in an evolutionary stage right
where a lot of these organizations
have to go through the hallway of slabs
before they understand the
you know the
you know the benefits of having risk management
and those sorts of things
right and yeah they
everybody wants to make money
and unfortunately
if the integrity
of your business is shook
then you're not gonna be able to make money
so you have to
and though they say
you got to spend money to make money
this is one of those cases
and i just think that this is part of the evolution
so i think next year will get better
um i think there's gonna be pain
mike for sure
there's always gonna be a little pain there but i
i hope that a lot of these organizations especially
you know in
in take care
because this this
if we have something happen over christmas this year
it'll be the third year in a row
that something has happened over the christmas holiday
solar winds
and then um
there was no
i remember the other one from last year was a blue keep
anyways but yeah
so it's like every christmas in a row
something happens
so be vigilant out there for that
but also so you know
be understanding on your pathway of your business
evolution and risk management
because you can't
you can't escape
you can't escape this
unfortunately it's gonna
it's a necessity
whether you
you want it to happen or not
eventually they're gonna be leaders and investors
they're gonna want to see it happen
or clients and customers
they're gonna require it
before they do business with you
so might as well just jump on the bandwagon
get there ahead of time
and then just be ready for all this stuff yeah
outstanding
well luckily
our listeners
just by the nature of listening to this podcast
are proactive
and taking this stuff seriously
so we thank you all for listening
for joining us on the cyberranz podcast
let us know your requests for different topics
your questions
anything like that
feel free cyberrants podcast com
and share the episodes
rate them all that good stuff
so we can get this information out to the world
and make the world a more secure place
at least in terms of its computing resources
so thanks everybody
hope you enjoyed the episode
and we'll see you on the next one
pick up your copy
of the cyber ants book on amazon today
and if you're looking to take your cyber security
program to the next level
visit us online at
silentsector com
join us next time
for another edition of the cyber rants podcast