• Garrett O'Hara

    Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

    Comments:0

    Add comment
Garrett O'Hara

Cyber News Roundup - Accession hack, the potential end of EMOTET, and deep fake Twitter profiles attack

Content

Gar and Brad are back with the latest cyber security news and insights for 2021. In this episode the guys discuss the Accellion hack that was behind the Reserve Bank of New Zealand data breach and the dangers of supply chain hacks, how law enforcement and judicial authorities worldwide disrupted EMOTET banking trojan and took control of its infrastructure, the SocialArks leak of 214 million scraped social media profiles including private and public details for 2 million Australians, and how AI has was used to create deep fake social profiles on Twitter to attack the Belgian government’s 5G plans.

Graphika report on the Twitter clusters attack: https://public-assets.graphika.com/reports/graphika_report_fake_cluster_boosts_huawei.pdf

Content

The Get Cyber Resilient Show Episode #42 Transcript

Garrett O'Hara: [00:00:00] Welcome to the Get Cyber Resilient Show. I'm Gar O'Hara. This podcast, along with our website, getcyberresilient.com, have a simple mission, provide you with the latest news, insights, and stories from cybersecurity professionals and industry leaders from across the globe to help you get cyber resilient. Today's our news roundup with Bradley Sing, so let's get over to the episode.

Welcome to the Get Cyber Resilient Podcast, and welcome to the This Month in Security episode that we're going to run fortnightly this year. And, uh, I'm joined today by Bradley Sing. How you going, Brad?

Bradley Sing: [00:00:40] Hey. Good, thanks, Gar. It's, uh, good to be back in the new year. How are you?

Garrett O'Hara: [00:00:44] I'm good. I'm kind of shaking off a little bit of the rust and the dust of, uh, the, the holiday season and, yeah, just trying to get my brain back into what we do. So, um, yeah. Looking forward to chatting today.

Bradley Sing: [00:00:54] Did I hear fortnightly?

Garrett O'Hara: [00:00:56] You did. Yeah. We're moving this to a, a fortnightly format, so we're having a little bit of a revamp on the format, um, just trying to look at how we kind of service the audience, yeah, in a better way. So, yeah, one of the things we're doing is moving to fortnightly. So, good times.

So let's g- let's get into it. Um, we have a bunch of different stories that we wanted to talk through on today's, uh, episode, and we're going to open with the Accellion software. And, um, you know, it's hit the news. I've seen it on a bunch of different cybersecurity blogs on, on sort of mainstream media. So it's been kind of well covered.

It's a piece of software that's kind of used globally and used by many kind of government organizations, professional services, legal orv- organizations for essentially f- transferring files in a secure way. But it looks like there's been some issues there.

Um, do you want to talk us through that, Brad and, and kind of let us know kind of what happened and, and what your thoughts are?

Bradley Sing: [00:01:49] Yeah. Certainly. So I think f- for most people, they might have seen this hit the news originally under, under the lines of, um, ASIC a- ASIC being breached or the Reserve Bank of New Zealand. Um, but Accellion as an organization, so they're a pretty small firm based out of Palo Alto in America. Um, but effectively, they provide this tool, to Gar's point, around allowing secure transfer of documents to external sources, effectively via an [inaudible 00:02:11] plugin. But their software's called Accellion File Transfer Appliance.

Um, what it looks like has happened is that there's a lot of customers out there using an old, out of date version of it. Uh, in total there's around, I think there's around 50 impacted customers who were using software which had been around for close to 20 years.

And it looks to be that the hackers effectively gained access to that SAF software to then breach things such as credit applications, as an example of ASIC. So I know it's definitely a, a common theme we've seen in terms of supply chain attacks and, you know, old, outdated software.

Garrett O'Hara: [00:02:25] It is a, a really, really interesting problem that I think the world is going to have to really acknowledge and wrap its arms around, you know, the, the notion of supply chain and how we are all digitally linked these days.

And, um, you know, we've seen it gone right back to things like NotPetya, right, where, um, you know, that, that was the way in. It was sort of a compromise of a [laughs] Ukrainian, um, from memory, uh, it was document management system. I can't, uh, um, remember the name of the company now. It's, I'm drawing a blank.

But it, it seems to be kind of the way of the world. Y- We talk about this a lot in, you know, our organization, where we look at more the, I suppose the outright use of supply chain to do things like wire transfers, you know, which is a fairly basic level of, um, exploiting the trust between organizations, more at a human level in that case, right?

You know, you're pretending to be, I don't know, Acme Organization and selling concrete but, you know, the concrete doesn't exist and, uh, the phone call or the email has come in from a completely fake organization that's looking to just kind of steal some, some coin.

Um, but there's also, yeah, I suppose the digital interdependence of organizations now and, and how, you know, using a piece of software within your organization and getting updates could lead to potential compromise.

Bradley Sing: [00:03:58] Yeah. I think, I mean, if we look at the breaches of the past couple of years, and you touch on the key world supply chain, I, I think [laughs] nearly everyone would probably involve that at some point. A- And it comes back to the same, the same recommendations, right, as well. Like, Petya systems, you know, look at your technology. Make sure it's up to date. Basic things around multifactor access.

But we keep seeing the same guidance and the same alerts come out and, you know, huge organizations which hold large amounts of personal data being breached time and time again.

Garrett O'Hara: [00:04:25] Yeah. It is. It's definitely, um, it is unfortunate. And, like, I agree with you. I think there's, uh, an argument to be made. Not an argument. It's probably just [laughs] a strong recommendation around, you know, as best you can, keeping up to date with patches and, um, you know, best practice, um, security approaches, you know, whitelisting where you can do that, uh, all of those kind of, almost like DAST, essentially, you know, if you can do those.

I think there, there is also I think something to be said around how difficult patch management can be sometimes. And I know from conversations with the security leaders out there and CSOs that sometimes they know a patch needs to be rolled out, but because of other dependencies and how technology grows organically over time, they know the patch needs to happen, but because it breaks five other systems, they have to hold off, you know, while they figure out how to do that.

And then, you know, potentially a breach happens and, you know, everyone points the finger. But actually, they were doing all the right things. But, you know, at an organization level, the cost of patching is just, can be very expensive because of the implications to secondary or tertiary systems that rely on a primary system that needs patching. So I've got sympathy, uh, I suppose-

Bradley Sing: [00:05:37] [laughs]

Garrett O'Hara: [00:05:37] ... is the message for [laughs] for anyone who's sitting in those senior roles, where, you know, there's a tendency to kind of point the finger and say, "Hey, hang on, you know, the patch was available for, like, three months. What happened?" But actually, you know, there's reasons internally that, um, you know, those things can't necessarily happen as quickly as we may like them to.

Bradley Sing: [00:05:55] Oh, absolutely a good point. And [laughs] yeah, it's very easy for us to sit here and go say, "Hey, patch your systems." But obviously, there's a lot behind it.

The only thing I'll say on that, though, is that it seems like it's a bigger problem, right, though? Like, the more you hold off, the more technological debt you, you build, and then-

Garrett O'Hara: [00:06:08] Mm-hmm [affirmative].

Bradley Sing: [00:06:09] ... you're just, you're fighting a losing battle. And with the amount of patches [laughs] software vendors are coming out these days, you've really got to try and be on top of it.

Garrett O'Hara: [00:06:16] 100%. And, and to maybe close the loop, you know, your, your thing there is, you know, patch management is more than applying patches based on, you know, what we're seeing in the world at the moment. Uh, you know, evaluation of patches, which is always something that people in theory should have been doing. You know, does it break anything? Does it work? Et cetera. Um, or does it present a security present? You know, that's now part of the, the equation. So, yeah.

Bradley Sing: [00:06:39] Mm.

Garrett O'Hara: [00:06:39] It's just become more complex [laughs] rather than, than less complex. But, um, maybe in, in some better news, in some better news, we've seen, uh, some good news around Emotet. W- What's going on there?

Bradley Sing: [00:06:52] Yeah. Good news around Emotet. Um, so effectively, what happened, uh, late last week, um, s- a, a, effectively initiative, uh, kind of spearheaded by Europol and several law enforcement agencies in eight countries around the world, they took control of part of, or at least the majority of Emotet. Um, for those who, who can't remember what Emotet was, I might quickly run through [laughs] and kind of explain what it was, but-

Garrett O'Hara: [00:07:13] Yeah.

Bradley Sing: [00:07:14] ... Emotet was a very popular banking Trojan. You probably heard about it in the news for sure. Um, first seen back in 2014. The idea of a banking Trojan is it's generally th- the idea is it's trying to gain remote access to the computer to effectively solicit banking details, so trying to steal your online banking details so they can log in and take, take money.

Um, the big interesting thing about Emotet back then, though, it was one of the, the largest campaigns to utilize macro enabled documents via email. And just in the same vein to the idea of a supply chain attack, quite often, they were using, uh, the reply to address of a previously interacted with email. So at some point, they potentially, you know, compromised somebody in the supply chain, you know, got a copy of emails and, you know, had a, had a reference in terms of, of how that th- the pattern of communication.

But I think the, the best cr- craziest thing about Emotet is that it was also one of the largest if not the largest malware as a service platform providers. So we talk about AWS, Azure being these massive platforms. Emotet was a massive platform as well where, you know, they rented access to other hacking groups out there around the world so they could then use that botnet power.

Garrett O'Hara: [00:08:17] I- It is phenomenally, um, interesting to me, you know. You almost think is there an equivalent of a Jeff Bezos sitting in the background or something, you know, comman- [laughs] commanding Emotet. But it was one of those things that, for me, like, it s- it came up in so many conversations. You know, it was, it was just talked about so, so much. But, you know, now we're seeing that, um, you know, that takedown. Um, what a, what an incredibly good news story. I know there's a lot of people around the world, um, breathing a, a sigh of relief.

Bradley Sing: [00:08:48] Yeah. Certainly. And, like, I think to, to, I guess, understand in terms of how commercialized this as well, there was a quote from, um, one law enforcement f- official was that the, the authors behind Emotet were unlikely to continue hacking because they've probably made enough money [laughs] retire several times over. Um, so there probably is a Jeff Bezos sitting up [laughs] somebody, somewhere, uh, behind Emotet.

Um, but interesting enough, you know, then seeing it, you know, be spread by other methods, and I'm sure you've heard of QBot and TrickBot, but-

Garrett O'Hara: [00:09:16] Mm.

Bradley Sing: [00:09:16] ... it just continued to propel it. Um, but what we've seen recently is that, you know, those, uh, law enforcement agencies, um, you know, working across multiple countries to take it down. Effectively, by taking control of the botnet, you effectively disable it, right, because you, you now [laughs] you now control it. So it's almost like the, the beast out there in the wild, right?

Garrett O'Hara: [00:09:35] I, in my head when I think of these things, I always think of, uh, the, the movie The Lost Boys from years ago, where, you know, if you killed a head vampire, all the, the sort of, uh... What are they called? Subservient or, you know, s- second vampires, whatever they're called, they all kind of die out.

So, um, in my head, I always picture, yeah, you know, getting the, the main guy or the main, um, you know, command and control, um, servers and getting them down. It's, you know, it's game over, you know, and s- that's what you, you want to see.

One of the interesting things I did, uh, read about this takedown was just the level of collaboration that happened, um, and not just with the, you know, the primary law enforcement agencies, but in jurisdictions where that's traditionally been difficult to get collaboration.

What I've read is that there's actually been behind the scenes and some informal work done between security practitioners where they were able to get things done through sort of informal channels, um, which I thought was quite interesting given that, you know, the stakes were so high. And as you say, Emotet was just so big. Um, you know, it was interesting to see that, um, you know, global collaboration.

I wonder. I don't know. What do you think? Is this pointing to, like, a new normal where the, the problem of cyber crime, of ransomware, has become so big that we're now seeing that, you know, the emergence of true global collaboration for, for cyber crime take down?

Bradley Sing: [00:10:54] Yeah. I think, like, it, it's, um, it's an interesting point. Like, I think obviously, coming to world t- sorry, coming together as a, a cybersecurity community is really important. But I think it also kind of highlights a, a bigger area of risk, right? Like, it's almost like they're vigilantes protecting [laughs] uh, the Internet from these hackers where really, there should be, you know, judicial and, and, you know, law enforcement helping these areas as well.

Garrett O'Hara: [00:11:18] Yeah. Hopefully, hopefully, we get there. Um, you know, to... I think it's slow sometimes, but a constant march towards better collaboration. So, yeah. Hopefully that, uh, that continues.

Um, moving on, then. So, you know, looking at, um, the next story which is around a, a fairly massive data leak. Uh, it looks like there's an organization called Safety Detectives found a massive dump of social information. What was going on there?

Bradley Sing: [00:11:45] Yeah. So a company called Safety Detectives, they're cybersecurity researchers, they found a, a dump of, uh, social information by a company called Socialarks, which [laughs] I'd never heard of them either. They're, they're a Chinese social media/influencer company. So I imagine if you, you want to become an influencer o- or push your Instagram profile, uh, you can come to these guys. Um, but effectively, what this research company found is they found a, uh, a s- a unsecured elastic search database-

Garrett O'Hara: [00:12:12] Mm-hmm [affirmative].

Bradley Sing: [00:12:12] ... with around 214 million entries. And so we're talking, like, personal identifiable information. Mostly it seemed to be scraped, uh, copies of people's social media, so, like, their public Facebook information, their Instagram information. I think around two million Australian records in there, as an example. But, yeah. Just, um, interesting stuff if we think about, you know, that, that public information which is just, yeah, [laughs] available for download.

Garrett O'Hara: [00:12:35] It is astonishing, isn't it, the amount of stuff that we put online. And it almost points to the, the issue of kind of data aggregation or even inference when you look at what you can pull from, you know, all the, all the information that we put online. When you pull it together, you start to see trends and maybe even influencing trends, to your point.

Bradley Sing: [00:12:55] Mm.

Garrett O'Hara: [00:12:55] And, you know, we've seen that with other social media companies where they potentially affect election outcomes and, you know, nudge things in certain directions at a societal level. Um, with the, the company you mentioned, so when you say social media management and influencer, are they managing people who have social media presences to kind of make, what, make recommendations about how to get higher profiles and that kind of stuff?

Bradley Sing: [00:13:19] Yeah. I believe that's it. So it's like, you know, effectively, they might even take control of your Instagram, as an example, and do-

Garrett O'Hara: [00:13:25] Okay.

Bradley Sing: [00:13:26] ... some of the posting on, on, yeah, maybe your, uh, I know you run a bakery and, and you don't have somebody to manage your social media, so you, you hire a company to do it.

I think it also kind of highlights, I guess, the amount of... I mean w- this year and last year, been a lot of news Facebook and a lot of news in terms of how social media manage your data. But we've then got this huge proffer of third party companies which are now using that data as well, and quite often unsolicited. And then, you know, what's the security integrity around that?

And I think for this one, whilst you could argue that it's potentially all public information, they have also seemed to correlate some of the information as well. So looking at people's Facebooks and Instagrams, but also then getting things like their email address, which technically isn't public information but, you know, through other tools, you can potentially get that information quite easily, too.

Garrett O'Hara: [00:14:10] It's an important point, though, you know, that, that sort of cross referencing of information from different platforms to, you know, to effect an, uh, an attack.

Um, you know, you see that in OSINT. I mean, that's pretty much the whole point, right? You take geolocation. You take LinkedIn information. You take personal information. You know, pull it all together, and it puts you in a position where you can impersonate somebody or find a way into an organization, you know, depending at what level you're doing it at.

But I, I do think, um, it feels like there's a, a shift in psychology needed from populations in general, and I would say-

Bradley Sing: [00:14:45] Mm.

Garrett O'Hara: [00:14:45] ... businesses, too, in terms of what are the things that is, it's safe to put online versus not, as the case may be? Um, because I think, yeah, we, we certainly as a society have a tendency to massively, massively, I would say, overshare, you know, what's going on day to day. Um, it, it blows my mind.

You, you [laughs] you're well aware that I'm very averse to any kind of digital presence. I mean, I'm, I'm on LinkedIn, but that's pretty much it. I don't, I don't really do any of the other socials. Um, it kind of freaks me out a little bit, but, um-

Bradley Sing: [00:15:15] Uh, you're a security guy. You're, you're going to look after your privacy. But I mean, if we think about, like, even recently, like the Capitol Hill riots, right, like, a big-

Garrett O'Hara: [00:15:22] Yeah.

Bradley Sing: [00:15:22] ... I guess, challenge for a lot of the pr- um, you know, the people that were there who are now getting arrested and, and being charged is that they live streamed themselves breaking the law. Like, they, they willingly put that up on social media.

Garrett O'Hara: [00:15:34] Y- Yeah. Like, so that's an interesting point, because I think we've almost disconnected from what it means to post something online, right? We think it's just, uh, you know, it's for likes or for attention or, you know, for whatever connection. Um, but actually, it's a permanent record. You know, we're literally post [laughs] posting-

Bradley Sing: [00:15:50] [laughs]

Garrett O'Hara: [00:15:50] ... all this stuff to our permanent record. Honestly y- you know, when you think about, you know, people quote 1984 or dystopian future type stuff, and we've all just kind of w- and, God, I'm getting maybe a little bit huli-

Bradley Sing: [00:16:00] [laughs]

Garrett O'Hara: [00:16:00] ... political here, but we've all just kind of willingly marched into it because, you know, the, the promise of getting [laughs] a little thumbs up button, um, clicked or whatever or the, you know, the promise of connection just seems so appealing. Um, yeah. Like, I, I find it, as you're well aware, you know, when we've had our, our beers and whatnot in the past, I, I just, I find it all kind of bizarre. I get the connection side of things, but, um, it just, it for me personally just feels like a, a price that is too high to pay for, um, yeah, for a fleeting moment of gratification, you know.

Bradley Sing: [00:16:31] Well, just was the, just, I r- there was that app, wasn't there, which was, um, I think it was [laughs] authored by a nation state which made you look older or something or, like-

Garrett O'Hara: [00:16:38] Yes.

Bradley Sing: [00:16:38] ... put a filter on you which made you look-

Garrett O'Hara: [00:16:40] [laughs]

Bradley Sing: [00:16:40] ... [laughs] 40, 50 years older. And I remember when it was around, everyone was, like, downloading it, sending it around, and I thought that looked silly. But, you know, that ended up [laughs] to be, what, a very successful malware just based on the fact that, you know, people were curious about a, a simple filter.

So you're right. It is, I think, a bit of a societal reset, to a degree. But, yeah. I don't know. It's, um, I think we're all, we're starting to be aware of the problem. But people also want to be heard, right? They want to be on social media and, and they, and they like having their life out there. So it's, uh, it's a bit of a conflict, isn't it?

Garrett O'Hara: [00:17:08] It, it definitely is. It definitely is. Um, yeah. And I, I wonder, you know, I wonder what the solution is. I'm sure we're not going to solve it on the Get Cyber Resilient Podcast, but, um-

Bradley Sing: [00:17:16] [laughs]

Garrett O'Hara: [00:17:17] ... Yeah. Hopefully [laughs] hopefully we kind of figure it out. I... Look, there's a generation of younger folks that are coming up that I, I genuinely worry about. I, you know, see some of the behaviors just out and about, um, where it, you know, people taking selfies and photos, and it just feels like people are glued to devices and phones but not really in the world, um, so often. But anyway-

Bradley Sing: [00:17:38] Uh.

Garrett O'Hara: [00:17:38] ... Yeah. Like I say, we're, we're probably not going to solve that today.

Bradley Sing: [00:17:41] [laughs] Certainly.

Garrett O'Hara: [00:17:43] Um, so, look, you know, we're sort of talking about social media and, and some data being exposed. And, you know, one of the, the more interesting things that I have seen in quite some time, we were kind of talking about this as we were prepping for today's episode, and, um, you were kind of walking me through this story. And it, it blows my mind in, in many ways, and it's quite sort of [laughs] it's quite scary.

But the, yeah, the Belgian government. So they, like many global governments, have a, a stance on their 5G and how they're going to build that out, and what providers they're going to use to do that. Um, but it's resulted in, in sort of some interesting Twitter activity through bots. Um, yeah. What was going on there?

Bradley Sing: [00:18:22] Yeah. Well, I mean, should be no surprise to, to, yeah, everyone listening that Twitter and... [laughs] It seems like this is our, social media is our hot topic of the new year, but, um-

Garrett O'Hara: [00:18:30] It's, it does. [laughs]

Bradley Sing: [00:18:30] ... uh, you know, social media can be used to, you know, to spread information or, or misinformation. Uh, and we've seen fake profiles being used, you know, pretty much every geopolitical event, you know, within the past three to four years.

What's quite interesting about this one, though... And, and we have to attribute this report to an organization called Graphika. Um, there'll be a link to the, uh, the download of this report as well. But effectively, they looked at this, this Twitter attack, and what was interesting about this Twitter attack is that they were using AI, so something called, uh, generative adversarial networks, which is effectively creating fake profiles, fake images of people as well.

Um, and if... And in some of their analysis, the way they were able to discern whether or not they were the same profiles was by looking at the eyes. The only thing that was the same about all 14 profiles were the eyes, whereas the rest of the faces were different. So we talk a lot about deep fakes in, in television and, you know, media, but, you know, it's just the, the same concept on social media with AI in the mix as well.

Garrett O'Hara: [00:19:26] Uh, so I have the report that you sent over, which we can put in the show notes, as you said. I'm looking at some of the imagery here, and it is, uh, it's unsettling, to say the least. And when I think about this from a, an organizational cyber resilience perspective, like, where my, where my mind goes is, you know, we've talked about deep faking on this show before, you know, deep fake voices for just basic fraud, you know, get a wire transfer going or-

Bradley Sing: [00:19:51] Mm.

Garrett O'Hara: [00:19:51] ... back up a, um, social engineering attack on, you know, a particular person through a, a fake voice. But then you get into, you know, potentially manipulation a, maybe a brand's reputation through social media using bots and AI to make it look like real people with real voices and real opinions.

And, you know, when we were talking before we started recording, one of the things we were discussing was, like, how do you even d- detect that? You know, there's no necessarily en- there's no engine that you could run a profile through to say, "Yes, good or bad." And, and do we end up with almost, like, ORBLs or reputation blackout lists for [laughs] social media accounts where, you know, is that the end state, where you have to almost install a, you know, social media security platform-

Bradley Sing: [00:20:34] [laughs]

Garrett O'Hara: [00:20:34] ... that can filter out profiles that it knows are bad because, you know, they end up on a, an ORBL or the equivalent of for social media? I don't know. Why do you think? Like, where does this end?

Bradley Sing: [00:20:44] Yeah. I mean, like, I mean, it sounds like a silly idea, but it's, it's almost not, right, because these are massive platforms and I guess you have to leave it up to the platform to police it. And obviously, this has been really topical recently with, um, you know, Donald, Donald Trump being banned off, off pretty much every major, uh, social media platform.

And I think the interesting thing if you look at Facebook is that they're going through, like, the [laughs] it's like the internal high court of Facebook where basically they say-

Garrett O'Hara: [00:21:10] Yeah.

Bradley Sing: [00:21:10] ... whether or not he gets his account back. But how do you... Who do you give the control to? Is, is it up to the company? And then, you know, they've already got, you know, just technology looking through for fake posts, but, you know, h- h- who can solve this problem? Because this is the start of it, right?

And we're seeing now, you know, this is next level AI and automation coming into play. How do we stop this from becoming a bigger problem? Uh, [laughs] again, similar to our last point, I'm not sure if we have the answer.

Garrett O'Hara: [00:21:35] Yeah. Well, you, uh, maybe we're just being a little bit too negative. We, we need more solutions. But I'm, I'm almost thinking, did I just give away, um, you know, our billion dollar idea, you know, our s- social media-

Bradley Sing: [00:21:47] Oh.

Garrett O'Hara: [00:21:47] ... [laughs] security-

Bradley Sing: [00:21:48] [laughs]

Garrett O'Hara: [00:21:48] ... SMS and, you know, it's already got an acronym there that's going to be n- confusing enough for people, um, you know, where we could spin a... get some VC going, angel investors, and away we go. We could be the next, I don't know, we could be the next, uh, Jeff Bezos. What do you reckon, Brad?

Bradley Sing: [00:22:02] So it's like, yeah, it's a API linked into all your social platforms. We've got, uh, custom ORBL feeds.

Garrett O'Hara: [00:22:07] Yeah.

Bradley Sing: [00:22:08] I like it. It's, uh-

Garrett O'Hara: [00:22:09] FRED sourced.

Bradley Sing: [00:22:10] [laughs]

Garrett O'Hara: [00:22:10] Uh, yeah. We, we vote everybody up or everybody down. Let it be like Lord of Flies.

Bradley Sing: [00:22:13] I, I'm sure this exists. Right?

Garrett O'Hara: [00:22:15] It probably does. Yeah.

Bradley Sing: [00:22:16] [laughs]

Garrett O'Hara: [00:22:16] Like, I'm the guy who invents things that have already been invented a billion times. So, yeah. I'm definitely... [laughs] I've got to call that out straightaway.

Um, but, you know, b- back to, I suppose, the core of this show, you know, when you think about this from an organizational perspective, it's the stuff we probably need to really start thinking about, because we've talked about business email compromise for a really long time.

But we're seeing more and more the LinkedIn profiles also, um, being used as a way in to start an email conversation, quite often, or as a way to back up a, an inbound email. So you see a business email compromise type email come through and, uh, you know, if you're, if you're wired that way, you might go and look at a profile to make sure that it's a real person and, yes, they exist.

Bradley Sing: [00:22:58] Mm.

Garrett O'Hara: [00:22:58] They're on LinkedIn, so therefore, they're real. But maybe they're not, you know. Maybe they're a, a fake profile, fake person, and, um, you know, it's all kind of been sort of generated by bots in the background. So, you know, there's a, a real consideration here, I would say, for organizational resilience when you think about, you know, emails.

It's going to continue, I would say, to be the number one way in. It's so easy. But, you know, if the prize is big enough, why wouldn't you build up a, you know, a background profile to support whatever way you're going to socially engineer a particular person or an organization? Um, yeah. It's definitely interesting days ahead.

Bradley Sing: [00:23:34] Right. Yeah. You're 100% right. And I think for a lot, especially for, you know, for anyone who might work in a small business here, or, or, you know, as part of your supply chain you work with smaller Australian businesses, quite often, they, they don't have formal websites. Like, their social presence is their main method of communication. Like, th- you know, potentially still have an email address as well.

But I think for, you know, because we have this, you know, growing focus on social and it, you know, it's a bigger part in terms of how we consume media, it's a bigger message and, and a bigger part of our brand of our companies as well. So you're 100% on the money. It's, uh, something we need to be very cautious about.

And interestingly enough, if we, we look at those fake accounts that were, um, you know, tweeting with, with the AI network behind them, at one stage, it did tweet something Australian. [laughs] Um.

Garrett O'Hara: [00:24:16] Right.

Bradley Sing: [00:24:17] Uh, Metro Trains tweeted about their, uh, V2 locomotive, which was, uh, uh, decorated in 1918. And then one of the accounts mistook it for virtual reality and then [laughs] yeah, retweeted an old steam train.

Garrett O'Hara: [00:24:29] Got to love it. Uh, bring the b- bring the steam trains back, I say, them and vinyl, and, yeah, let's go back to analog mobile phones-

Bradley Sing: [00:24:37] [laughs]

Garrett O'Hara: [00:24:37] ... back to a simpler time. But, you know, and maybe this is where we c- excuse me, round out, but, um, I've been having, I don't know about you, Brad, but, like, more and more conversations around brand protection in general, you know, that idea of the risk. You know, we think about cyber risk, um, as downtime, you know, a, a service outage or PII exposure breaches, those kind of things. But we're seeing, I, I think more of an interest from the broader business, um, and probably brand managers and marketers being-

Bradley Sing: [00:25:07] Mm.

Garrett O'Hara: [00:25:07] ... you know, the, the, the teams that are getting more interested in the cybersecurity side of things, because there's a, a material impact to the value of a brand if you have a service outage because of a breach or if somebody's gone and cloned your website and spun up something that looks exactly the same as, you know, um, you know, bobslocalmuffins.com and, you know, they're, they're trying to, you know, I don't know, socially engineer local people to give up, you know, credentials or credit card information, or bigger com- companies, um, you know, being popped where spin up of, you know, spin up clones of their website get a cousin domain and then go after either employees using that or potentially customers. But, um, yeah. It, it seems like a, it's a conversation that we're seeing, um, more and more of.

And that's... Yeah. Look. I'm looking at the clock here. We're, we're basically, um, we're, we're done. Um, we've, we've very much hit the end of the 30 minutes that we're [laughs] we were aiming for informally.

Bradley Sing: [00:26:05] Really? [laughs]

Garrett O'Hara: [00:26:06] Yeah. It, it goes by so, so quickly. But Brad, thanks so much for the, the conversation. And, you know, I always do, uh, love, uh, speaking to you about this stuff. I know we, we do it during the week when we're not recording, so I think the [laughs] recording tends to be a reflection on the sorts of things we end up talking about anyway. Um, but, yeah.

Thank you so much for, for taking the time out on the, the stories and selecting them. Um, particularly liked the, you know, the 5G AI, um, bot based fakes on social media. I think that's kind of disconcerting in an interesting way. So, um, yeah. Thank you for your time this week. And, um, yeah. I look forward to catching everybody on the next episode.

Bradley Sing: [00:26:43] Nice. Thanks for having me, Gar. And, look, uh, if anybody listening has any ideas for, for TMIS in terms of, you know, potential news articles, um, Gar and I love to chat cybersecurity, so feel free to send them across, too. And as Gar mentioned, we'll include a copy to that, uh, that, uh, Twitter, uh, report, uh, which is, is quite fascinating.

Garrett O'Hara: [00:27:00] It definitely is. I have it open in front of me at the moment, um, and it's certainly, certainly worth a read. Um, so, yeah. With that, thank you all, and we will catch you on the next episode.

And that's a wrap for this month in security. Don't forget to check out our previous episodes, and if you like what you hear, hit subscribe and let us know what you think in the comment section. For now, thanks for listening to the Get Cyber Resilient Podcast, and I look forward to catching you on the next episode.

 

Principal Technical Consultant

Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

User Name
Garrett O'Hara