• Daniel McDermott

    Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.

    Comments:0

    Add comment
Daniel McDermott

The latest cyber news and resilience insights - 6/9/21

Content

This week our cyber experts discuss the implications of the new Australian Identify and Disrupt Bill that was seemingly rushed through senate last week and grants police powers to spy on criminal suspects online, disrupt their data and take over their accounts. The team also take a closer look at how the smishing scam ‘Flubot’ has evolved to now mimic parcel delivery text messages, and give you the lowdown on the new ransomware encryption technology ‘LockFile’.

Content

The Get Cyber Resilient Show Episode #70 Transcript

Daniel McDermott: Hello and welcome to episode 70 of the Get Cyber Resilient show. I'm Dan McDermott, and I'll be your host for today. In this episode, we'll be exploring some of the hottest topics in cyber over the past fortnight. And these include an online safety bill that the coalition has put in place to create powerful, new warrants, allowing authorities to modify and delete data and even take over accounts.

And it has passed Senate very quickly A warning from the ACCC for Australian online shoppers on the Flubot parcel tracking scam, which continues to gain momentum. And we'll take a look at the latest ransomware attacks using a new technology called a LockFile, how to use intermittent encryption to evade a detection, making it even harder for us.

cybersecurity professionals. So with that, I am joined by our resident cybersecurity experts, Garrett O'Hara and Bradley Sing. Welcome gentlemen, and we'll get straight into it. with taking a look at the online safety bill that passed parliament recently.

Bradley Sing: Certainly. So look, I think it's been a busy week, in cybersecurity as always Dan, but when it comes to legislation, something which we've seen rush or fairly rushed through parliament, it seems is uh, a new set of effectively a bill designed around online safety.

which Gives um, the government a lot more power to effectively gain access or, or do investigations or even disrupt cyber operations. So in terms of government intervention, it's definitely, I think a big step forward in terms of their response and potentially their role in cyber cyber in general.

Garrett O'Hara: Yeah, it's got a really interesting name, the identify and disrupt bill It sounds very powerful.

I think the biggest thing I've seen kind of highlighted here, and I think I personally would be concerned about also is, is how quickly it passed through. And you know, some of the reports saying in 24 hours or something that I would say is, is fairly significant as far as legislation goes. And then the other big concern that's been raised by a number of organizations and people is just the, the very low bar or perceived low bar.

Who can uh, authorize the, the warrants that are involved and given that those warrants can enable the AFP uh, or the Australian criminal uh, intelligence commission to do things like modify and delete data take over accounts and actually spy on Australians. Um, when they're in networks So the- there's a suspicion of committing crimes, like that's a pretty big remit and there's no sort of equivalent in other five eyes nations.

So, it's a very. It feels like a very big piece of uh, legislation. Um, with, I I don't know if it was just me, I didn't see a whole lot of conversation on this happening before on the run-up to it.

Daniel McDermott: No, it definitely passed through very quickly. no doubting that, and even they were saying in the Senate that they were getting a briefing the night before, and then it went through the house the next day.

So like you said, that moves pretty quickly. I don't know if I'm reading too much into it. It takes me back a bit to the Patriots act and, and-

Garrett O'Hara: 100%.

Daniel McDermott: ...and in particular, the thing that I think we all remember from the Patriots act is the ability to record conversations and use those, you know, um uh, of American citizens on, under the guise of, you know, looking for terrorism, I guess really is where it came from.

Um, it's interesting that that provision out of the Patriots act actually um, doesn't exist anymore. It's actually defunct for a number of years now. Um, but I think everyone still thinks it's there and that it exists and, and that, but it, it's very, It seems very akin to. you know, you know, Big brother, right? It is the government sort of, you know, spying on its own citizens.

And like you say, it's, it's, what's the remit for that to be allowed. Um, and what's the safety nets, I guess in place is probably what people would want to understand a bit more.

Garrett O'Hara: The safety net is the critical part here Dan. Cause I think, what a lot of people have called for is judicial oversight and that's astonishing to me that something so severe wouldn't have that. Um, but to your point, like every time we see legislation like this kind of driven through, especially so quickly pa- you're spot-on with the Patriot act as a comparison, you know, this was brought through based on the, the, the standard three thing, standard three things, excuse me, pedophilia.

Terrorists, you know, and you know, drugs and, you know, you, call it those three and then it puts everybody else in the position of, you know, what are you, are you pro-pedophilia? and so, well, actually, no, you know, this isn't about that. It's about the. You know, huge amount of power and the potential overreach.

And look, we've seen that. We've seen that with other legislation here and in other countries where it's designed for one thing it comes in and then when, [laughs] when you do the oversight reporting later on, it turns out actually here's all these instances where, you know, proper process wasn't followed and you know, we had Australian citizens being monitored in really kind of, ju- just unusual ways, given that it's our own government. Yeah. just It seems. odd to me.

Bradley Sing: I just don't really know what it's designed to protect. Like, I guess you said it there, Gar, like it's designed to. stop, You know, like, pedophilia and I guess all those illegal bad online-based crimes and the networking aspect of it as well, but it's definitely not designed to stop hacking right?

Like it's effectively spying on your own citizens. And if we think back to the success, or the, if it was the success of operation, Ironside the one thing I still find funny about that is that the FBI logged apparently millions and millions of minutes of phone calls of criminals in America, but they couldn't use a single piece of it because their privacy laws are Normal, but because they were so weak, they could you know, prosecute over 200 people based on those phone taps. So, I don't know, it's ...it kind of raises a few big red flags here, like what's going on and who is advocating for our privacy on a, on a, on a government level. And who's defending it. Cause it doesn't seem like anyone really.

is.

Garrett O'Hara: Yeah, there's Uh, it's some really interesting stuff here. And I've got uh, friends who work in like just call them interesting roles and security. Um, and the reality is they, they face huge frustrations with technology. Um, and actually on the flip side, sometimes they have an incredibly easy time of surveillance, and through back doors that large manufacturers can provide when they ring the bat phone and say it's for XYZ. Um, but the flip side is that this this idea of kind of potential overreach. You look back at some of the other legislation in other uh, countries around the world. And when you do the review of how effective it was in actually stopping terrorism. So often like absolutely minimal effect.

If any, sometimes to the point where, for some laws, you just see zero correlation between the law and actual convictions. Um, but it seems really good on paper. I feel like, I don't, I could see utility here. definitely, I wouldn't be against this, but I'd be. Sort of only pro or for this, with the proper oversight.

That's my big concern here. It's not the fact that they can sort of modify, the data or take over accounts. That's amazingly powerful if you're in law enforcement and doing it for the right reasons. It's the bit where it's, It's not, I mean, think about in a ...you know, from a media perspective or even other politicians you know, the, the potential use of this for, you know, [laughs] going after your enemies from a political perspective.

And I know we all think, Hey, we're all good. It's Australia. Who knows, like we might not always be in that situation. And I think that's always the concern with privacy advocates and security people is it's not now, it's what happens in 10 years. Or if we have a, the, you know, the equivalent of a Trump gets into Australia.

Daniel McDermott: Yeah. And I think that uh part of it though, is is probably a, a bit of a, a warning shot across the bow, I think though as well, right. That it is, you know, if you are, you know, perpetrating in these sort of activities look out, cause we're gonna to be listening in, we're gonna be paying closer attention.

We've got greater rights to get across them. Um, and I think that, we've seen sort of, I guess, law enforcement, you know, moving more and more. To needing to use cyber channels. Right?

Garrett O'Hara: Mm-hmm [affirmative].

Daniel McDermott: I mean, we saw earlier in the year when we had the conversation on the show regarding the Anom app and its effectiveness in sort of bringing down the criminal gangs in Australia and that sort of things. So I mean, a really interesting use of [laughs] technology and, and listening if you like but for a very specific purpose, I guess, in some ways it feels like this is taking that further. at broader scale, right? That it's, it's getting access to anything for those type of purposes. Um, and I think. is Trying to provide a bit of a warning to people, of, you know, if you are going to be involved in these things, then you know, we, we'll be listening in and we we'll come after you, whether that's gonna be effective.

we'll wait and see.

Garrett O'Hara: Yeah, and you're spot-on, And uh, I spoke to somebody this morning uh, who looks like one of your guests in the pod. And I think very interesting person, but they made a comment about "You know, this is where the fight is at. Um, cyber is kind of it. And he had don't know if it fits his scope, but it's beautiful. And kind of said, that, look, if you're in a position where you're firing bullets, you've already lost.

Like the fight is actually cyber that's where warfare is happening. It's where organized crime is going en masse because there's just such an amount of money to be made here. So I get it like Dan I think you're spot-on. the success of operation Ironside like Brad said, it.

And they're going to make a movie of that.

Cause it was just beautiful and they did catch some very bad people. Um, so this stuff works. I don't think anyone's pro- probably against, the, the idea of the identify and disrupt bill, but it's, it's the oversight. I think that's the bit that worries everybody.

Daniel McDermott: Yeah, And I think uh, it's ...It will be all fine until it's not is often the case with those things, right.

It's once-

Garrett O'Hara: 100%.

Daniel McDermott: ... once something gets leaked and it's used for the wrong reasons. And that then all of a sudden there'll be much more scrutiny applied to it and then revision afterwards and that, but I guess that, you know, I think at the same time, I I guess you've got to look at, you know, what the intent is and, and, and hope that it you know, can fall within the confines of what it's lu- intended to do.

And if so, then, you know, potentially if it ...even if it doesn't bring anyone it doesn't stop people doing some things in the first place is I think part of hoping ...what they're hoping to achieve,

Bradley Sing: I think we should just watch this one. I'll like definitely come back to it on the podcast in a few months, because yeah.

just If you think about it, like there are protections already in the bill, again for, for journalists and the AFP have definitely been known to rage and also in the past. it's happened multiple times. So. Yeah, just definitely watch this bill. I'm also just like, I can't stop thinking about China's digital surveillance laws and kind of comparing them to to, to kind of where we're heading as well.

And I wonder if this includes almost NSA-style rooms of operators sitting there just monitoring communications. Is that the extent of it? And and uh, I, guess I worry about the breadth of it, but, yeah, I think it's definitely one we should watch out for in the future.

Daniel McDermott: For Sure. So we'll keep an eye on that. And one topic that we covered last time that continues to rear its ugly head is, is the notion of the the Flubot malware.

Um, that's happening. We're seeing that it seems to have taken uh, an even new, I guess, greater bounds in recent times, Brad, what's happening here where now, they're actually Starting to even uh, attach it to parcel tracking, which we know is a hot topic. Given the fact that all of us on on this are you know, in the endless state of lockdowns in Melbourne and Sydney you know, everyone's getting something delivered all the time.

It's the highlight of the day. So, what's happening with Flubot at the moment?

Bradley Sing: Yes, certainly. Well, it's, it's quite funny actually. I think Gar was messaging our group about Flubot, and at the same time I was getting spammed by Flubat ... Flubot. but I'd also just purchased something online, doing a little bit of retail therapy since, you know, lockdown and whatnot. Um, and just as soon as I got my, my legitimate DHL message through, I go the fake DLH message through and they were kind of you know, polar opposites, but they were they were, yeah, it wasn't a really good attempt to, in, in my opinion, But Yeah, just the raw volume. The the ACCC has put out a, a warning about them or an alert as well.

And well, as soon as the ACCC are doing that, they must have received a number of complaints for alerts from the public generally as well. So it's something that we're really seeing en masse. and something also, I think, which is very visible to a lot of people from a cybersecurity perspective.

If that makes sense, like emails they're there, they're on your phone, but you have to go onto the app. This is nearly every Australian constantly looking at their phone, getting hammered. by, you know, a, a cyber attack. Like when has that happened before? Really like at su- such a personal level?

Garrett O'Hara: I'm, I'm so curious about the epidemiology here on like how this is, you know, kind of how it is such volume and the amplification.

I know the three of us have had kind of conversations in the side channels about it. And I I just keep coming back to, this This is it's available only if you got sideloading available in Android. And I don't know what the percentage of the population that would have that, but it feels like it would be sub-1%. It's it's a fairly. I think a fairly obscure thing to do, given the place where it has most of what most people would want and, then, you know, I know people will do it. So then the question is like, is it a small number of compromised handsets that now is actually responsible for a huge volume of. Spam SMS messages or is there something else going on here?

Like it's it's more of a question than a statement, but it just seems, yeah. Like from an epidemiology uh, perspective we're, we're like, what is going on there? And the other question that the three of us were kind of chatting about during the weeks is like, "Where are the numbers coming from like, as in the mobile numbers?

Cause um, initial reports were. It's around them gema- generated mobile numbers. I'm sure they would use uh, preset number first four digits, and then just have a go at the remaining six. Um, and you know, you know, given the volume, you're going to get hits there, but you know, I think Dan, you raised it, you know, is there another source here?

Are they pulling data from other reaches, which is fairly easy to do. you know, collate the data from another breach and use that as a way to kind of be more efficient or effective rather than randomized numbers. Just go straight to the ones that, you know, work already. It's it's yeah. It's interesting stuff.

I don't, I don't remember anything like this, hitting the news in such a big way.

Daniel McDermott: And like you said, the compromised accounts Or phones is probably fairly small. Right.

Garrett O'Hara: Mm-hmm [affirmative].

Daniel McDermott: But I think it's the volume of activity-

Garrett O'Hara: Yep.

Daniel McDermott: ...is what's worrying people. And what sort of grabbed my attention. was actually, as Brad mentioned before the screenshot he shared with us of from his own phone, where it's like, DHL real message.

DHL Flubot, next message. M- It seemed too ...like too coincidental, right? It's almost like, it how did, like, how do they, I mean, there's a lot of delivery services. It doesn't have to be DHL. How did they know Brad's getting something from DHL? And is it random and they're just you know, spamming so much that it was it just happened to be lucky.

And it was coincidental or is there greater intelligence actually going into this and starting to target people in a more refined. basis?

Garrett O'Hara: I I think that volume though, like you do start to see those weird, you know, just really weird things where it feels like, hang on. They they must know And so it's a little bit like, "Are the [laughs] are the phones listening to us.

Daniel McDermott: [laughs].

Garrett O'Hara: It's the same. I feel like it's, fairly similar. It's just, they're hitting so many people at such volume. That the people we end up talking about are exactly that, you know, Brad gets two messages, but is there you know, like 20 or 100 people who didn't get those two messages so close and, you know, that's why we don't kind of think about it when we see them.

Uh, here's a, here's a question again, more than a statement, but you know, a lot of outsourcing is happening in delivery, supply chain at the moment just 'cause the volume is ...has just exploded with COVID and I wonder about this security along the delivery supply chain. Um, And I've no idea what those larger courier firms, how much of it is in-house and how much is, you know, contract work.

Um, and what are the provisions for security and how much did those contractors care? is the other thing, you know, do they, do they really care? Um, are they doing things that could potentially compromise the people they're delivering to?

Bradley Sing: I think they need to go through like police checks and stuff like that.

Like, I think it's fairly,

Garrett O'Hara: Yeah.

Bradley Sing: ...fairly vetted in Australia, yeah? but like, you're right. They're still technically subcontractors. And then we've heard stories of. Uber drivers Doing terrible things in the past, right? Like it's happened in in, in all places around the world. I would like to hope that the attack is random and that I'm not my shopping activity is not being watched [

Garrett O'Hara: laughs]

Bradley Sing: [laughs] by a group of hackers, 'cause they've definitely got a lot of opportunities to hack me. Um, but what I would also say in terms of, the sideloaded devices, so in terms of Google/Android phones on the US/English locale, I've got some data here. Apparently it's only 0.4% is sideloaded. And this data is a few years old. so Not five years old.

Um, but in locales like China or other parts of Asia, that number can be much higher. And that could, be 'cause maybe there's a dodgy company who's just installed or like a fake brand, Samsung as an example. Um, but technically it's sideloaded because it unlocks and it can be used in every network. So attacks like this may be a lot more common in, in the past.

And in certain other areas, of the world where, where sideloading is a lot more. vulnerable.

Garrett O'Hara: And, but I think ...yeah. And then this has been reported as huge in Europe. And then also, Australia.

Bradley Sing: All right.

Garrett O'Hara: But I haven't really seen, And, you know, again, it could be, but I just haven't seen reports of other, you know, I haven't seen that in China or India, but it raises the question.

Like we're, we're reporting the attacks here and receive like receipt of the SMSs. But what's the source of those? Is it like, I don't know. I mean, maybe they're coming from overseas. I certainly am getting some weird uh, numbers. I'm normally reasonably good at spotting. Like where you know, the two digits at the start are from And there's some number that kind of was there where I'm like, "I've no idea where these SMSs are coming from."

Bradley Sing: Oh, 'cause it's coming from overseas.

So you know, suggesting that it's still. part of ... It's Part of a a global compromised network Yeah.

Garrett O'Hara: Don't know, yeah. I mean, like, we're talking about Flubot and its effects on Australia. And I know it came through Europe, but is it, and when you think about the, you know, the starting point and endpoint, are they both, you know, in Australia or is the starting point overseas and we're reporting Flubot ...the effects of Flubot locally.

Bradley Sing: Yeah. Wouldn't it be great to be able to interview? I don't know if we could ever do that, like interview the people behind Flubot or something And just get them on the podcast [

Garrett O'Hara: laughs]

Bradley Sing: ...and just, like just, just, tell us what the sweet plan is cause it, it is such fascinating, Like how it spreads and where it's going and, and how do you stop something like that?

Theoretically, like, 'cause it ultimately just, And there's probably a service somewhere that It has to find home to or something, but ultimately theoretically, you could create something which could never be stopped. Right.

Daniel McDermott: Well Gar, you made a great point on uh, you know, the role of subcontractors and and the rise of the notion of the gig economy.

You know, as people work in multiple for multiple people. And how much do those people care about? I guess, the cybersecurity of the firms that they're working for, right? And are they just potentially adding a new layer of vulnerability but do check out a great article on, getcyberresilient.com on that exact topic.

So take a look at that and it sort of explores that issue a little bit further. as well.

Garrett O'Hara: That's a great article. We, We could probably put that in the show notes, right. as a shortcut. Yep. [

Daniel McDermott: laughs] Yeah. and just on a, on a on a personal note, we had a highlight in the McDermott household the other day. Um, my 14-year-old got his first, machine text and uh, came over and.

then Said dad, I, I I need you to take a look at this and he said, it looks dodgy. So did the right and said, I need your cybersecurity brain. And I laughed at him and said, I'm in marketing mate, like calm down. So, um but it was he did the right thing, noticed it and uh, re- reported it straight away, So it was it was well-done. but it was, it was tempting 'cause it was so he could make a whole bunch of money by clicking on a link.

So so I'm surprised he didn't, but he yeah, he saw it. and probably did the right thing.

Garrett O'Hara: Sounds all right. I'd [inaudible 00:19:44].

Daniel McDermott: [laughs].

Garrett O'Hara: we're going off-script here guys, but our, our company, actually the threats enter from [Uncast 00:19:50]. I don't know if you guys saw that. I think it just came out today. They, they they've seen a campaign over in the US where they're ...it's targeting students so higher education, but they're going after them in, in two ways, getting credentials compromised first, and then using that as a way to kind of propagate the campaign within the university space. But it's an offer of basically work from home. Um, but you know, the end game is once you've provided all your personal information, the first thing they ask you to do is ca- cash a check.

[laughs]. So basically your work-from-home gig is as a mule account. [

Bradley Sing: laughs]

Garrett O'Hara: So if anyone out there is interested, I'm sure we can. hook you up.

Bradley Sing: Just just on that, that, that story you told Dan, like, I'm just thinking, is that like a, a moment of I don't know, kind of like growing up or puberty almost where when you first learn to shave, but now it's like, oh, you you spot your first phishing attack.

Like, oh, this a thousand-a-fortnight bucks. They're not real, but like as a kid, like that's such a good point, right? Like, Because If your kid gets hacked, then suddenly you you're hacked as well. Like it's just, it's that, you know, such an easier uh, way in, in a lot of ways. So, I don't know, it's um,

Garrett O'Hara: I can hear the Cat's in the cradle playing in my head right now.

Daniel McDermott: [laughs]

Garrett O'Hara: Tear slowly trickles down down its cheek with the emotion of the moment.

Daniel McDermott: [laughs] That's right. They're so proud. [laughs]

Garrett O'Hara: [laughs]

Daniel McDermott: Like I said, it it was a strangely proud moment. You're right. [laughs] the last topic that we wanted to cover today is that ... is a new sort of ransomware attack that's occurring called LockFile. And this is using intermittent encryption Brad, Can you tell us, like, why is intermittent encryption different and and why is this sort of, you know, coming to life at the moment in terms of a new attack? vector?

Bradley Sing: Yes, certainly. So e- encryption is something which I think definitely black hat hackers have been using for a long time. I guess [laughs] the good guys as well, but the main idea is that if you take something which is known bad, even if it's been out there for ages, if you can effectively encrypt it.

you could hide it with the hashes, right. Like you can change the contents of it. And I think we've seen a lot of advances over the years where we've had to use things like sandboxing technology to effectively emulate or operate or operate or see what the phone would do. The challenge with something like uh, LockFile, where encryption is constantly changing.

It. It's literally the keys to the lock constantly changing. And Yeah, it's it's I think it's it's, a newer concept, but it also starts raising ideas in terms of how do we detect it? Um, I would think they would still be able to see things like memory changing as an example or, or random patterns, but I guess from a, from a baseline level, it does lead to an an extra level of sophistication.

Garrett O'Hara: It's I find this one really just clever. Um, and I know we're not supposed to, but I do find myself admiring attackers. So often, you know, I do, oh man, there's a cleverness there. Um, like this one, this one is different. Uh, there is partial encryption. you know, we've definitely seen that before Lockbit 2.0 which we talked about in our last episode, That was the one where they were offering jobs as part of the. Uh, the ransom message DarkSide, BlackMatter. Um, they encrypt the start of the docs or the, the things that are being, They're essentially ransomed or corrupt corrupted, and that's the point of encryption in this? he- here is it's corruption of data, right?

It's to kill the availability part of the CIA triad. And what's beautiful about this approach is the elegance that they have taken, which is they basically encrypt every 16 bytes of data and. um, What that does is the ransomware protection that's normally out there. uses statistical analysis to understand, basically, Let's put it this way.

If you encrypt a file, there's a thing called a cheese score and that cheese score basically tells you the, the, the, the sort of you know, is this thing. Encrypted. There's a data analysis you can do well beyond anything. I really [laughs] understand. [

Daniel McDermott: laughs]

Garrett O'Hara: But the point is that breaks down when you start messing with the statistical models, which is exactly what these guys are doing.

It seems so clever to me. So you got a couple of, a couple of really cool outcomes. First of all, the statistical models that are used to basically understand "Has a file been encrypted, that breaks. And then secondly, the encryption and the thing that's killing the availability part of the CIA Triad happens way quicker 'cause you don't have to encrypt the whole file.

You're just encrypting half of it. Um, just, Well, I know we shouldn't say I'm so, admiring, but really elegance, you know, really clever stuff. Um, and they're also doing a bunch of other things to evade detection. So they're ...um, the executable is built in three parts and it does some cool stuff where it kind of pre-loads into the first part, the parts that will be executed, blah, blah, blah, like.

Cool interesting stuff. Um, it uses the WMI to, basically kill processes that could lock up the things like, so databases, the kind of things that this ransomware may want to encrypt and then actually it doesn't do any writing to disk, which is another thing that ransomware detection tools will look for is like disk activity.

And they're actually doing the modifications in RAM, And then the operating system commits the changes back to the file. So a bunch of yeah, a bunch of fairly cool and elegant yeah, elegant stuff. I mean it just comes to almost back to the previous conversation around Flubot.

Uh, attackers are not sitting on their hands thinking, Hey, we figured it out.

They are constantly looking at very, very clever ways to evade detection and kind of get their outcome.

Bradley Sing: So, So it doesn't constantly change. So it's basically like. If you think about it, you've got like let's say a million dollar system, whatever it is, it just takes that little bits of that million dollar system.

And because of that, it makes it

Garrett O'Hara: Yeah.

Bradley Sing: ...really hard to put together because you need all those pieces of data 'cause otherwise your files corrupted and it doesn't write to disk which to your point. Yeah, that's really clever, isn't it? But may- maybe the next iteration is it constantly changes encryption or something?

I'm not too sure. But Yeah, we shouldn't be in awe of it. though, Gar. Yeah. that's, uh-

Garrett O'Hara: It's hard not to be though. It's hard not to be. [

Bradley Sing: laughs].

Garrett O'Hara: It's like the, the, the, the superhero movies where I'll be honest with you, sometimes I'm rooting for the bad guy. Cause they're just really

cool and [crosstalk 00:25:39]-

Bradley Sing: The anti-hero, right, like ... You know?

Daniel McDermott: What I heard there Gar, was that, that now it's, it's more like Swiss cheese than the, than the cheese course, So, in terms of that, so

Garrett O'Hara: the analogy it kind of works. doesn't it? cause if it's Swiss cheese, you take it. and you put in holes in the cheese and you get less cheese. The Cheese is [crosstalk 00:25:57].

Bradley Sing: But I like Swiss cheese, like people like Swiss cheese.

Daniel McDermott: Indeed, but it is uh ...like you say, it's it's interesting that like, that it makes the, encry- like the ransomware attack happen quicker. Right. it's Cause they're encrypting the small parts, so you don't have to wait all this time. So basically they're in, and they've got success very early. Right. And then it's sort of like, and then it will continue to grow from there, but that means.

that people can be compromised very quickly as well. Right. So there's certainly a lot of challenges for, for everybody out there in terms of, one, how do you, how do you stop it? How do you detect it? How do you respond quickly? All of those usual things, but then it'd be coming at a pace as well. Um, you know, as another layer of, I think, you know, I guess complexity and stress to being able to manage and, and be able to respond to those.

as well.

Garrett O'Hara: 100%. You know, we talk about this a lot, that in the meantime to detect, to resolution all those things. And those numbers are getting smaller and smaller and smaller. Um, And I think that's partly what you're seeing here is that they that the attackers are going to know they got to do their thing. They got to do it very quickly because everyone on our side.

Um, and and let's be honest. I don't know if I'm gonna stay on our side cause I'm fascinated by the dark side [

Daniel McDermott: laughs]

Garrett O'Hara: ...and then they just seem to make more money and do very cool things.

Daniel McDermott: careful. There's an online safety bill now. So, [crosstalk 00:27:10] [laughs]-

Garrett O'Hara: yeah, true. I'm probably going to get all my accounts taken over.

Daniel McDermott: You shouldn't have said that out loud. [laughs]

Garrett O'Hara: But Yeah. I mean, it's that right there. There's a race to be quicker and this is, I think it's a pretty elegant approach to.

do that.

Daniel McDermott: Indeed. Well, I think on that note I'd like to thank Brad and Gar again, appreciate all your insights as always. And, Gar, who's our specialist guest for next week's episode.

Garrett O'Hara: Uh, next week we have Dave Furman. So Dave is the um, regional kind of CISO for Netscope. Um, probably needs no introduction. To be honest with you.

I think many people and around the world actually globally. uh, would know David. Um, so we'll talk about a bunch of different things, kind of, the difference between security and resilience the human part and how they're kind of core to resilience. Um, some of the problems with awareness campaigns, zero trust is a big passion topic for, for uh, David.

So yeah, su- such a rich conversation and, a phenomenal guy. So yeah, definitely a good episode.

Daniel McDermott: Fantastic. Looking forward to hearing David and all of his insights next week. So that brings this week's episode to a close. If you'd like to continue exploring key topics in cybersecurity, please jump onto getcyberresilient.com and check out some of the hottest articles, including an overview of F- Flubot malware scam from Brad, a look into how state governments are solving for infrastructure security by Nick Lennon, and even an insight uh, as to what your data may be worth on the dark web By yours truly. So thanks for listening until next time. Stay safe. .

Tags
Editor, Get Cyber Resilient

Dan is a 20 year veteran of the ICT industry working for global and local vendors in bringing new and innovative technologies to market in the ANZ region. During his career, Dan has been passionate about bringing a local voice and insights to global technology challenges. As the Editor of GetCyberResilient.com Dan casts a keen eye across the hot topics, trends and pulse of local security practitioners to curate stories from near and far that are most impactful in addressing our evolving risks.

Stay safe and secure with latest information and news on threats.
User Name
Daniel McDermott