We look at some surprising online fraud statistics. Between pirated games, customer support tools, SolarWinds group targeting customers, customer service systems being hacked, a malware supply chain fiasco, and a nasty Edge bug, Microsoft has a lot going on security-wise. Evan and Brad break down all the notable Microsoft security news surfacing recently on this episode of the UNSECURITY Podcast. Give episode 137 a watch/listen and send questions, comments, and feedback to email@example.com.
Protect Your Organization from Cybersecurity Threats
SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.
[00:00:22] Evan Francen: All right. Welcome listeners. Thanks for tuning in to this episode of the unsecurity podcast. This is episode 137. The date is June 29, 2021. Joining me is my good friend, my pal Brad Nigh, how are you Brad? Good. And it’s good to have you back man. You know, for the listeners, it’s uh 7 11, 7, 12 in the morning And we jump on usually Tuesday mornings at 6:45 to you know, start talking. So we’ve been spending almost last half an hour just talking about life stuff.
[00:01:00] Brad Nigh: Yeah. But well, I mean, I’ve been open, we’ve had a pretty stressful yeah, a couple of weeks and then we’re all going back even to last november when I started when I had the uh, well we actually can you think of what it was that your
[00:01:19] Evan Francen: balanced? Oh, that’s right. Yeah. Holy crap man. There’s so many things that I’ve kind of forgotten about, some of the things that’s
[00:01:27] Brad Nigh: just absurd,
[00:01:28] Evan Francen: right? Yeah. So listeners, uh, you know, if you’re the praying type, you know, some prayers for brad and his family because it’s a tough stretch man. But like you said, like we said earlier, it’s got to end sooner or later.
[00:01:42] Brad Nigh: I hope, I
[00:01:46] Evan Francen: mean the fact that you kept it together as well as you have, it’s been I think inspiring to me, you know, and uh we also talked about before jumping on, you know, just the helplessness. You know sometimes when you see anybody, you know, I have three or four friends who are struggling with different health issues and either them or members of their family and it it sucks because there’s really nothing you can do right off your good thoughts. Try to check in once in a while to see if you see how you’re doing to encourage.
[00:02:23] Brad Nigh: Yeah, I think, well, I think, you know, we talk about mental health within Yeah. Yeah. The workplace to and this is one of those things. Is that a good example where I mean, let’s be honest, what’s going on at home affects what happens at work, right? Like Um I’ll be totally honest, I haven’t been able to be 100% have I got my work done? Yeah. But am I you know, am I distracted because of everything else? I mean, how can you not be here? Human? Yeah,
[00:02:59] Evan Francen: man, for sure. You know, like lots of security people, I think, you know, we get very passionate about our work and sometimes it blurs the lines between what’s work and what’s home. Uh and when you’re, you know, you’ve got sicknesses and things to deal with and you know, life issues. Uh huh it starts to become pretty obvious what’s work and what’s, you know, what’s home, what’s life you know what I mean?
[00:03:27] Brad Nigh: Right. Yeah yeah. You know and having the support of the team and leadership and everything has been it just so helpful and so yeah we’ll get through it and keep on. But it’s very weird. It’s very different from from work where what we were talking about we were in control right now controlling things but I know what’s going on. I have a sense of like their stability even when things are chaotic. I know what’s going on. I can handle it. I can’t do anything hole and stuff and that’s what’s so tough. So very very different from what I’m used to.
[00:04:10] Evan Francen: Yeah well maybe that’s part of you know on the other side of this you know it seems like those life things we talked a little bit too about you know when I was diagnosed with cancer and just the other life issues man, I mean in hindsight you could I can always look back and and see the lessons and appreciate going through it when you’re going through it. It’s the worst thing you know? Yeah. Yes. Yeah I mean I said I have no like who was I talking he was talking to somebody last week and they were talking about regrets you know uh because I’ve left you know d d d I’m not blaming on E. D. D. I mean Maybe blending on something else and it’s 2021 so I ain’t taking any credit for myself can’t be me but uh you know I’ve done some crazy things over my lifetime you know? And uh yeah just being here still kind of just still kind of a blessing I guess.
[00:05:19] Brad Nigh: Yeah. Yeah. Fun. That’s our Yes. Oh the uh Stuart Smalley old saturday night live without franking.
[00:05:33] Evan Francen: Yeah. Big time. We’ve got some stories to cover today. I do appreciate you know Ryan filling in for the one week that uh and I appreciate that, I appreciate that you and I have that kind of relationship and you know you have actually set a good example for me and I’m priorities because it was the morning. I don’t know, maybe it’s the night before the episode 1 35 when you text me like yo not doing the show. I’m just not
[00:06:04] Brad Nigh: can’t it was one of those things where I was like I just can’t do it, I’m not here, I’m not functionally able to do it but you’re right. So but I appreciate that you know we do have that relationship. Can I feel like I can be honest with you about that and I don’t have to take it.
[00:06:26] Evan Francen: No no and I I want shit man. You know people think it that because you can only take so long and then I’ll send you hit it right? You hit the wall or well they do have those mental breakdowns where it’s just like well and then bad things happen, man.
[00:06:46] Brad Nigh: Yeah. I think, uh, it was helpful. Uh, anybody listening that Washington post had a really good article about burnout and using the whole look that up and you know, that, that came out after, uh, that I was like, oh yeah, because I always started burnout as work. Like I’m sick of this job. I’m tired of this, I’m done. And that’s not the case. I love what I do. Like even, you know, here’s what’s crazy. It’ll be five years next month and I still like love every day. And, but reading, it’s like, oh, prolonged exposure to, you know, what is, it looks extensive or excessive stress or something. And then all the kind of the symptoms. And I was like, yeah, okay. I know that that explains it so much. You know, so anybody listening look that up, it was actually really, really helpful because I guarantee you there’s a lot of people going through that, not realizing, you know, what’s going on, right?
[00:07:53] Evan Francen: Yeah. And people that want, you know, Yeah. The link I’ll do, will be posting the shout outs this week, probably this evening. So if you’re, Which would be Tuesday night, so they’ll be the 29th because my wife is out of town. So I got all kinds of time to do all kinds of stuff, but we’ll also put the links to the news articles we’re gonna talk about today. So, um, yeah. And maybe next week we’ll talk about burnout. Yeah, yeah. I think a lot of security people, I’ve talked to a number of, you know, uh, veterans in our industry who have been doing this for a long time and they’ve either thought burnout or they actually burned out.
[00:08:40] Brad Nigh: Right. Right. And, you know, it’s interesting because, like I said, I always thought of it as solely like a work thing where I it felt burned out at work. Like I just don’t, I don’t want to deal with this anymore. And it never even occurred to me that it would be just in general, Right? It was pretty eye opening.
[00:09:05] Evan Francen: Yeah, man. And I think, yeah. And then we’ll move on because I think, um, knowing you like, I do, you know, all the stuff that you’ve gone through at home Over the last, you know, 6, 9 months, including stuff not even in your home, but in your family. And you’ve got, you know, covid and I’m dealing with all that crap and oh my God, man. Yeah. Yes, Yeah. And who’s been watching you go through it? I get it.
[00:09:35] Brad Nigh: It’s been a long uh meal, 15, 16 months, but we’re getting out of it.
[00:09:41] Evan Francen: That’s right. Here we are, man, still Alive, New Day. So Microsoft has been in the news quite a bit the last, well, they’re always in the news because they’re Microsoft and they’re big and they’re the king and the Queen and the court and their Microsoft. So uh but there were some newsworthy things over the last, you know, week, that sort of stuck out for me, one of those, the malware um in Pirated games. Well that’s really not all that surprising because if you’re pirating, I mean if you’re using anything Pirated, you sort of expect you should expect some malware. But there was one story particularly that caught my attention and the Nobel um is still around, you know, that’s uh those are the same Attackers that that house. Yeah, so we’ve got a few uh, got three news articles, you know, kind of getting different angles on, you know that. And then Microsoft uh actually for news articles on that and then Microsoft, signing, signing a root kit.
[00:10:50] Brad Nigh: Yeah, yeah, that’s tough.
[00:10:54] Evan Francen: It’s not much you can do to protect yourself when Microsoft itself signs the driver. Uh Yeah, unless you’re sort of paying attention and you see, you know, the communications happening, you know, from your computer egress, you would never see those command and control. Uh, I p addresses come up. So I got two articles there. And then the last one I got around Microsoft is the Microsoft edge bug. Never been a big fan of Microsoft’s browser. So the fact that we stick edge on, you know, my pc Yeah, no less hacker steuer. Yes. Good.
[00:11:36] Brad Nigh: Did did you give one for linkedin 700 million linkedin
[00:11:40] Evan Francen: Users? I did see that one. Yeah. Yeah, I don’t know, man, you got to wonder if people are getting like breach um don’t just preach numb. Just like whatever. I don’t care, I didn’t steal it. Many have that victim sort of attitude. Uh then I’ve got three more things that we can talk about if we get there quick enough one. When we talk about this one. Actually first I want to talk about john mackey real quick because he was such an iconic figure for so many years in her industry. Um billion dollars lost by people over the age of 60 through online fraud in 2020 says the FBI last week. And then uh this one always caught my eye, it’s critical see so initiatives for the second half of 2021 because I always like to hear what What people think CSOS should be working on in the second half of 2021, I’m guessing most seasons probably half the second half, 40 already planned and probably had it planned. I
[00:12:48] Brad Nigh: e I like to say that my experience with our customers and working as a V. C. So right yeah. It unless something were to like pop up unexpectedly they already know what the focus is.
[00:13:08] Evan Francen: Yeah when yesterday I was like yesterday I was on a round table and uh it’s a bunch of cee IO’s and uh you know they were talking about you know their challenges and in the digital transformation and uh what else? You know the big buzz words and and I was on this round table, there’s a private round table, so there wasn’t like an audience and I was the only security guy there and I was like, do you think maybe you know because yeah, We use the same buzzwords, not really the same buzzwords, their new buzzwords, but for the same crap that we were doing, 10, 15 20 years ago. and we just kind of regurgitate the same thing over and over and over again digital transformation, You’ve got to sleep the business language. It’s like, do you think we just keep coming up with these new words and angles because we’re sucking our doubts?
[00:14:02] Brad Nigh: I mean, yeah, I don’t know, I mean maybe not suck from a you know, talent standpoint, but stuff from the communication standpoint, I could definitely see that
[00:14:20] Evan Francen: well in, you know, having the, you know, the perspective of a Ceo and a security guy. Yes, it is, you know, I don’t take that for granted because the what I don’t want on my management team is yes, men and yes women, you know, people just tell me yes, yes, Yes. And so I was thinking, you know, from other Ceos perspectives, you know, when the CFO says you can’t afford something, you can do something, you listen, it’s we can’t do it right, we don’t have the money, right? And so but a Ceo how often does the CIA and what happens, but I don’t think it happens often enough for the CIA doesn’t assert that same sort of uh authority and maybe you know with the Ceo we’re like no, we can’t adopt any more technology. We can’t even manage the stuff we have today.
[00:15:18] Brad Nigh: Right? Well because yeah, it comes across as I’m not doing, I can’t do my job at right? But CFO, because we can’t afford that. Well why not? Nobody? Nobody would question, you know, you don’t hear that? A good point.
[00:15:37] Evan Francen: Yeah. Yeah. So. Yeah. Alright, alright. New malware so Pirated. We’re going through this one real quick. New malware and Pirated games. Disables. Windows updates and defender. This is from hack Read. Yeah, crack A nash. Is the malware been around since 2018? So it’s not really all their much news but a vast it’s a I guess additional research actually. There was some additional research that was done uh And crack a nash actually is a word that it actually means. Something means mountain spirit and tech folklore. Mhm. There’s a trivia. Thank you for you.
[00:16:18] Brad Nigh: It’s interesting. Yeah. This was there the net filter driver. Right? Where?
[00:16:25] Evan Francen: No this one is this one is different, a different, that’s a
[00:16:29] Brad Nigh: Different one where they signed
[00:16:31] Evan Francen: It. Yeah, this one’s a $2 million. This one minds. Cryptocurrency?
[00:16:39] Brad Nigh: Oh yeah, I know the one that I was thinking of because we didn’t really talk about this ahead of time. But net filter root kit to chinese C. two E S and spoofs. Amos Geo locations to cheat system and play from anywhere.
[00:16:56] Evan Francen: Yeah, that one’s coming next. Yeah, Okay, we need to keep, you know, that’s what I’m telling you what, that’s why Microsoft caught my attention this week. I’m like, really? And then I would, I did the same thing you did. I’m like, okay, is this one the same as this one is a different one? Uh, yeah, this one minds just minds. Cryptocurrency. It’s and it’s been around for a while, but it’s in Pirated games, so the game has to be Pirated for this. Okay. The other one, it’s legitimate, like, like software, it’s not Pirated.
[00:17:33] Brad Nigh: Yeah, that’s what I was, that’s why I was thinking you were going with that one, wow.
[00:17:39] Evan Francen: Yeah. So crack and josh don’t use pirates offers the, you know, the end of the day, that’s the right thing to do is to pay for your software or somebody spent a lot of time and put it together.
[00:17:50] Brad Nigh: Yeah, I’m looking at it now, but I haven’t heard of that one. There’s, there’s so much going on. It’s crazy.
[00:17:59] Evan Francen: I know I’ve been talking to a lot of Csos, you know, at states and things and uh, actually was a theme yesterday too in the, in the, in the round table boys, it is overwhelming, right? See, so so, so, so often I don’t think people realize the position that they’re put in. It’s really an unwinnable position if you’ve defined win as you know what’s the most common thing, you know that most common but a very common thing is the ceo so just keep us out of the news. But I can’t, I mean that’s that’s the truth. I can’t keep you out of the news,
[00:18:33] Brad Nigh: you know? And I think it’s interesting because you know, we’re working with people. I’ve had customers go, hey, have you heard of this? I’m like, wait, how did I miss that? But you look at it and there’s just so much, you know, Firehose coming. It’s like, yeah, you can’t possibly stay on top of everything. You know, things are going to be, you’re gonna like this one. I had not heard of this. I was thinking you were talking about, you’re always like, oh
[00:19:07] Evan Francen: well that’s the thing that I think in in our industry too is, you know, being because you see it happen all the time where you know, somebody last, did you see this? And you say yes, what actually did him. Uh And you may have thought you did, but you didn’t. But I think what happened so often is we feel uncomfortable saying, we didn’t know like I was on a call last week with the C. C. So for New Jersey and he asked me, you know, have you ever heard of this thing? I was like no, never heard of that thing. He said no. So I went and checked it out and like okay yeah I probably should have heard of that thing but I had never heard of that thing. Yeah.
[00:19:47] Brad Nigh: Yeah. Uh one of mine asked that they had found a free open source software that will compare like neSA scans one against the other and show like and I’ve never heard of it. I was like oh this is actually really cool.
[00:20:03] Evan Francen: Yeah, that was me.
[00:20:05] Brad Nigh: Yeah. It’s fantastic though that you know, that’s I think that’s what makes as good as is that ability to say no, I haven’t heard of that and then go and learn about it, right? But there’s not. I think a lot of that comes from like maybe some Arians or something along those lines where people are like, you know, I can’t admit I don’t know something right?
[00:20:31] Evan Francen: You can’t. Especially as a consultant right? You’re you’re the expert and that’s one of the things I think on the other side to is you know when a ceo or you know somebody not in our industry asks you have you heard of this thing or heard of that thing? They say no. Sometimes they think, well I thought you were the expert. I’m like I am but there’s 30 billion different, you know, strike them out there.
[00:21:00] Brad Nigh: Oh my gosh, I’ll send you a one of our CSM was asking for some help in that I was we were on a call and there was they were just talking about all these different technology and, and you know, I understood it. And afterwards they’re like, we have a call. I have no idea what what, what just happened. And so I found this graphic that shows the in Passaic, you know, I. D landscape. And they’re like, whoa, I’m like, yeah, that’s the problem.
[00:21:33] Evan Francen: But it’s totally the problem to us. And it’s getting worse. You know? And I keep preaching, you know, especially the last few weeks, we’re adopting technology faster than our ability to secure it. Um, at some point there’s a critical mass where this is going to come crumbling down and it is going to hurt, it’s going to hurt a lot of people. Yeah, yeah, yeah. I mean, you just see it happening, right? Yeah. Look at look at CSOS today, you know, I was talking with the sea. So for from Hawaii vince on friday are, I mean, all of them, man, they put in this position, my heart has gone off to them since I started working with them more. I have so much more respect for what they do. Um, because I thought I’ll state employee. Yeah, Okay, tough, tough job.
[00:22:18] Brad Nigh: No, no.
[00:22:19] Evan Francen: Yeah. 9-5. Got to check out. I mean, these guys are put in an impossible position because they’re asked to do the impossible. They’re not empowered to do it anyway.
[00:22:31] Brad Nigh: Right. Right. And you know, I’ve worked with a bunch of uh, let’s see how to do this real quick. Uh Yeah, it’s crazy. It’s it’s same with K to 12 with, you know, higher ed uh you guys, you know, we’ve talked with them and it’s they’re not, yeah, it’s tough. You know, anything the way I look at it with, not when I get showing something that I hadn’t heard or some of these shares, especially from a consultant perspective, it’s like, oh, well, well, this is the benefit you’re getting, is that, you know, working with us, you think you’re the only one telling me something that I hadn’t seen? Well now I’ve known and what am I gonna do share it with others because it’s gonna make things better, right? So there is, you know, a benefit to the, to that and not being, you know, like, Oh yeah, I know about that. Yeah. Being open to to learning
[00:23:34] Evan Francen: totally man. And the and also, you know, I think to help with the burnout. Thanks. We talked about that already a little bit today too, is recognize what your what your job actually is, right? It’s not risk elimination. Your job isn’t to get isn’t, you’re not paid to know everything you’re paid to know, you know, certainly the fundamental, certainly the basics. Uh but man, things are gonna happen, right? If its risk management, which is, it can only be, it can’t be risked. Well, I guess it could be risky risky, ignorance, participate. I don’t know, whatever, you know, you just don’t care and you just don’t do the basics or there’s risk management or there’s risk elimination, we’ll risk elimination is not possible. Risk ignorance. Should you should get thrown in jail for that. Yeah. And then there’s you know, risk management, that’s our job. It’s don’t stress it.
[00:24:28] Brad Nigh: Yeah. Yeah. It’s always fun when working with somebody talking to someone when they’re, you know, considering working with this kind of this, you know, okay, what exactly is it easy? So what does that mean? And we get that a lot because well I mean honestly there’s a million different the company’s doing it, everyone is doing it differently. But to come in and say, look, here’s our approach, it is our job insecurity to alert the business to the risks, provide options and then implement what the business society, it’s not our it’s not our job to make that decision, it’s our job to present options, okay, you can do that, but consider these things okay? You’re good with it. Let’s implement this solution. And so many, you know, a lot of them are our I. T. People there. It’s the same with I. T. Right? I mean the from that perspective we’re custodians and they’re like you can see the light bulb go off and they’re like oh wait, you mean I shouldn’t be, they know you shouldn’t be determining what the backup schedule is. You shouldn’t be determining, you should be saying, what do you need from us and then implementing it from there and Yeah, it once. Well what do you realize that? And then even more when you find a company that buys in. Oh my gosh, it’s such a huge difference totally
[00:25:59] Evan Francen: man. Holy alright, so this crack and ash malware, Pirated games, lots of different countries for everything from Italy India spain, United States U. K. That’s where the victims are all getting well it’s you know, in a lot of times you don’t even recognize when you, when you’ve got, you know, crypto miner uh you know, on your system. It’s just a performance issue. Usually the scary thing about this one is it actually disables Windows updates and disables defender. So that gets a little scarier, right? Because those are things that we had in place protection. Well, Pirated versions of these games are, you know, uh known to be uh I think infected far cry five NBA two K 19 the sims for culture. Uh however that say that work at you, we have we happy few fallout for.
[00:26:59] Brad Nigh: What’s crazy is I’m looking at, I just pulled up steam like All out for $12 right now. I know like is it really worth hierarchies doing this when I, you know, I get people maybe don’t have a lot of money, but it’s not worth it.
[00:27:23] Evan Francen: Well if you don’t have a lot of money, maybe you should be playing games either,
[00:27:28] Brad Nigh: you know.
[00:27:28] Evan Francen: Yeah, you can’t afford to $12 to play the game, maybe you shouldn’t be playing the game, you should be working and you know, or something else. Yeah, there’s always different circumstances. The sims, four seasons, grand theft auto, €5 truck simulator to Jurassic world evolution and pro evolution. Soccer 2000 and 18 are all known Pirated versions anyway. Not not to pay for ones. Uh, the least the registry entries turn off automatic updates, debates. Uh, Windows defender malware. Some of the antivirus solutions that are disabled by the crack nausea includes scan, panda Norton ad aware, f secure Kaspersky defender and mcafee scanner only.
[00:28:20] Brad Nigh: Yeah. Not good. Not just not worth the risk.
[00:28:24] Evan Francen: No. And really, you should sort of expect this with any piece of Pirated software because he’s about pirate software. It’s compromised software, right? It’s trivial for an attacker to insert malware and get the program to do any kinds of any number of things. Well,
[00:28:41] Brad Nigh: right. Exactly. Especially people that maybe aren’t savvy records. Yeah, don’t worry about it. It’s not,
[00:28:54] Evan Francen: it’s not worth it. And even if I was savvy, you know, I would never ever run those types of things on anything but a sandbox. Mhm. You know, in a lab. I mean, why would I? Yeah. No. And I wouldn’t even if I confirmed on the lab system that, you know. Yeah. There’s nothing malicious here, I still wouldn’t put it on my, you know, my work normal computer. Yeah.
[00:29:23] Brad Nigh: I mean, even like when it’s totally legitimate, like capture the flag or those things that happen in a virtual environment because you don’t know what’s going to be dropped in there. I was doing, you know, one the other day uh and it’s like what software or what malware is, was the attacker deliver was looking into it? Oh yeah, I know they had um attack as part of the types of the flag, like, well, I’m glad, I mean sally and a sandbox, but you know, you just don’t know what’s going to happen.
[00:30:01] Evan Francen: No, that’s very true. You reduce your risk of going back to the risk versus risk elimination thing, even in a sandbox, Yes, it is possible to jump the sandbox, but I mean, fine, that’s oh, it’s rare and it’s, it’s a risk management thing, so if you wanted to really do it and then you can just do a dedicated machine even on its own network, you know, totally isolated physically and logically, but that’s a hell of a lot of work.
[00:30:30] Brad Nigh: Uh so yeah, I may have done that over the last two weeks is a mental health break is filled out exactly that, but you know,
[00:30:42] Evan Francen: that’s that’s how we call brother. So the next one is uh Nobel yeah, it’s all over the news, this is big news, uh sort of members, big news rebellion, hackers, access Microsoft customer support tools, so the Nobel liam is from the solar winds, the original solar winds attack, it’s a Russian attack group that goes by a whole bunch of other met, a whole bunch, a few other names goes by dark halo, UNC 2452 is the common name dark yellow, oh belly, um, silverfish, stellar article uh, two. The operations most known for obviously the fiery compromise in the solar winds supply chain attack toolset, malware, sunburst, teardrop, supernova web shell, comic Gail power shell tool and cobalt strike around known tools for this group. Uh, yeah, sophisticated stuff. It’s
[00:31:44] Brad Nigh: crazy. So they said in this one, it actually got, you know, Microsoft’s in own, uh, they said they could see a billion contact info, what services they paid for and some other stuff and then they turned around and use that as a part of this attack. And honestly, I mean, I think with these shows, regardless of the hour for Microsoft, whatever. Yeah, I mean you don’t think Microsoft has a ton of controls in place and it still happens. I mean, you cannot prevent this from happening if in this case, not a actually a nation state, but let’s be honest, it’s a nation state attacker when, when you have somebody at that level, they’re going to get in if they want, right? So what do you have in place to detect, what do you have in place to mitigate and limit what they can do, right?
[00:32:41] Evan Francen: And you’re still limited in your options. It’s one of the reasons, you know, I don’t like, you know, the fact that we are sort of forced to use Microsoft because you have really no alternative. And You know, you start putting all your eggs in one basket, right? If I’ve got everything in that. Sure. And I’m using office 365 and obviously my windows, you know, desktop and yeah, there’s, you know, it’s, it’s kind of dangerous, you know, so hey, maybe, I don’t know, but, you know, anything give me attached.
[00:33:14] Brad Nigh: Well, the problem is that, well, Microsoft and they’re really easy to install and run a computer. Great.
[00:33:21] Evan Francen: I
[00:33:23] Brad Nigh: like Lennox, it’s great. But it was a nightmare getting drivers working and fixing this stuff and if you’re not technically sally, it’s nobody’s gonna sit and try and monkey with this stuff and figure it out and do command line and all this stuff. And that’s the problem. We don’t have a easy alternative. Yes, there’s easy versions out there, but it’s still not, it’s not plug and play as it were with Microsoft.
[00:33:54] Evan Francen: Yeah. I think your best, you know, probably easiest plug and play, it might be, you know, Macintosh might be an Apple. Yeah. You know that ecosystem because it is fairly easy to use, my friends, my friends, it, yeah, they have completely gone that way.
[00:34:08] Brad Nigh: Yeah. You know, when you’re looking at it prices in the issue and it’s not cheap, right? Yeah. It’s tough. We’re gonna tough spot with that.
[00:34:19] Evan Francen: Yeah, for sure man. And, and it takes me, it sort of takes me up because you know, I mean, Microsoft tries to do everything for everybody and so you, you know, even in their own ecosystem, I have integration issues with um, you know, I’m in two different domains, right? Because I mean if our security and security studio in dealing with the authentication issues, you know, through one drive, it’s just, it’s the biggest pain in the ass. So we, oh, they can’t get their own stuff to talk to each other. You can’t even, you can’t even keep Excel from crashing on me, you know, two or three times a week. And you want me to put all my stuff. No, it’s just, it’s irritating but truly Microsoft there don’t lose track of the motivation because it makes, it makes everything else sort of makes sense. So the motivation for Microsoft is not to protect your data. The motivation for Microsoft is to make as much money as possible. Mm That’s that’s the reason they exist, right? You know, in that they’re going to say things like we take the security of your data seriously and obviously right, because if they didn’t you lose fascinating lose customers, right?
[00:35:40] Brad Nigh: It’s almost like they’ve gotten so big and so diverse. It isn’t one company anymore, it’s all these different companies and that’s when you start having these mrs, right? So
[00:35:53] Evan Francen: and expect more of them?
[00:35:55] Brad Nigh: Yes, I’ve got to slow down
[00:35:57] Evan Francen: nope nope. Uh So in this particular attack what was happening is you know the way the Attackers essentially we’re pivoting into other things. His passwords, phrase and group force attacks, passwords, phrasing group force attacks are really noisy. Uh Pretty easy to detect if you’re you know watching. Um But that’s how they were getting into these unauthorized accounts and essentially guessing passwords. Right? Another reason to have multifactor authentication as a default. Yeah. Um All the activity was targeted towards specific customers primarily I. T. Companies 57%. Now why would you think that they would go after I. T. Companies? Well I
[00:36:41] Brad Nigh: mean there no brainer because we’re who do you think it’s gonna be installed across the largest 8? You know either support wise or software wise.
[00:36:51] Evan Francen: Exactly you know people trust us you know we’re not an I. T. Company or a security company but you know if you’re an MSP. And M. S. S. P. You know you white list my stuff because you know I’m testing for you. I’m doing pen testing I’m doing whatever the hell of doing and I
[00:37:07] Brad Nigh: gotta say I’m not going to say who it is but we work with a MSP. And I remember talking to them you know when they first were considering it I really like their approach and they just signed up for uh they’re doing to pen tests one on themselves you know hey can you get in and then if you were to get into the corporate, could you get to customer and then they’re standing up a dummy customer account and managing it exactly like they would any other and saying, okay if you got in here, what could you do? Could you get back, you know, could you get to other people? And I mean how many do you think do that? This is the first that I’ve seen. It’s done that and it’s phenomenal. I love seeing
[00:37:55] Evan Francen: that. Yeah. No and that’s the right way to do it, right? I mean Now there’s an extra burden. I think two with 90 company or consulting company, it’s even another step removed from whose data it actually belongs to you belongs to you know, an individual somewhere who will suffer if that data is lost or stolen. If they, you know share that information with, you know say a hospital or a retailer or whatever. And then there you got the MSP, you know, and then you’ve got us, you know, I mean it’s just like these additional layers. But yeah, at the end of the day it’s you know, somebody suffers when this stuff goes wrong. So you do you sure take it seriously unless you like people suffering and then you’re a tyrant. And we should send you to Iran you can Uh right 57% of the company’s R. IT. Uh 20% government. Um and don’t think for a second that states aren’t targeted here Also it’s not just federal government, it’s also states and uh counties are also part of this. I’ve seen it myself and some of my own research that I haven’t shared with anybody but I do a lot of that stuff. I don’t share certain things. But yeah, Largely focused on US interests. So 45% followed by 10% in the UK smaller numbers for Germany and Canada and all 36 countries were targeted. So this is not a small evert. It shouldn’t be something that’s just brushed aside as like whatever it’s Microsoft. No, it’s Microsoft. And then And then and then right it’s the way Attackers have always worked from day one. You know, you identify that vulnerable to get a foothold to elevate your privileges that leak logs, plant the back door, pivot, pivot pivot until you hit something, right? You know that part that part is not anything new. So anyway, yeah, so there’s a bunch of news articles about that if you just google no belly. Um it’s N. O. B. E. L. I. Um uh and Microsoft together we’ll see all kinds of interesting
[00:40:12] Brad Nigh: bad times.
[00:40:14] Evan Francen: Mhm. And I would suggest you know for readers to read more than one article right? Having those different perspectives on you know news things is always good this believe it or not. News people have Morris also the one from bank info security. I like this one. It’s and the title is group behind solar winds attack targeted Microsoft customers. This is good because I like some of the information you know the bible administrations accused Russia’s foreign Intelligence service or spr of conducting the solar and supply chain compromise. Then there’s just other sort of that’s a different angle that you didn’t see any other articles about, you know, what does this mean geopolitically and mhm It’s interesting how this is all going to play out.
[00:41:04] Brad Nigh: Yeah.
[00:41:05] Evan Francen: Yeah, ceases involved but don’t expect that’s another thing that that’s kind of irritated me lately is you hear a lot of people saying, well the government’s doing this governments and that the truth is Number one The government can’t protect you. No this isn’t like a normal war or battle where we protect our shores, protect our skies. No, they’re already in our shores that are already in in this country. They can’t protect you. Yes. I take it upon yourself right.
[00:41:36] Brad Nigh: Yeah. I mean are they going to do something? Yeah, probably. But it doesn’t mean they were going to be able to stop Russia from targeting your company. It’s just not possible.
[00:41:50] Evan Francen: It’s 100% not possible. Exactly is in that same, you know, bake bank info security article they talk about C says involved cisa the cybersecurity and infrastructure Security agency part of the Department of Homeland Security. Yeah they’ll do what they can to help but they are in over their heads to right now because, you know, they have an executive order. Yeah, but they have to comply with that’s going to require about four or 500 at least I would think. And new employees and where are
[00:42:23] Brad Nigh: they going to find them?
[00:42:25] Evan Francen: You gotta come from somewhere, man. You don’t just like,
[00:42:28] Brad Nigh: yeah, it’s interesting to see how this plays out
[00:42:32] Evan Francen: big time man big time and I know that across the country at least And I haven’t followed all of them, but I know at least two former state CSOs have joined CISA as part of that, you know, state outreach thing that they’re doing okay. So that’s kind of weird because yeah, that must be a pre alluring position or something to be pulling, you know, well it’s position,
[00:43:06] Brad Nigh: honestly, if you think about it, there’s long term career rising, there’s some prestige at those upper levels to say, hey, I did this, it was at CISA and did these things, you know, did they stay for a couple of years and then go to public sector or they’re gonna, mm. Yeah, okay. It will be interesting to see how, like I said, it’s really gonna be interesting to see how these play out
[00:43:37] Evan Francen: it is. And you mentioned, you know, prestige too because I’ve been asked, you know, people, you know, want to aspire to be a c so and you know, I always ask why they, you know, they come up with some reason, but I’m not sure they truly thought it all out. You know and why they want to be a C. So uh and if its procedures, you know I get that but I don’t think it’s worth it sometimes. You know I mean if you can be consulted and you know now I have to be in the grind all the time. That’s I mean you’re still in the grind but it’s it’s not like in dog grind your in a bunch of grinds.
[00:44:09] Brad Nigh: You know it’s what I tell people that they asked, why do you know why you’re in consulting now you don’t have your own shop anymore. And that’s one of the big challenges is when you move over you don’t own it anymore. You I was like yeah it’s once you kind of process that it’s fantastic because that I get to come in and say hey here’s all the things you need to be doing, go do them. I don’t I’m not I can’t do those things for you. I can just tell you what needs to be done and you know it’s
[00:44:44] Evan Francen: want anything. Honestly some sometimes you feel so if you seem and I must say seem so smart too because like how did you know that? Well one of the things people don’t know about good consultants is we steal everybody’s ideas all the time. Oh that oh you know we see something over here like damn that’s really cool. I like that. Oh that’s really cool to it. And then you, you know, there’s so many different tools in your repertoire.
[00:45:17] Brad Nigh: Yeah, what I mean, if you do it correctly, that’s what makes us so valuable, you know, and that’s what a lot of people pay for is the fact that we do have that much exposure to everything else going on. They don’t see, you know, all these other things that we do.
[00:45:40] Evan Francen: Very true. Last thing about the Microsoft, solar wins nobel liam latest news thing is the attacks are highly targeted. Uh, so there is a purpose behind it. These aren’t automated attacks. They’re highly targeted, small number of affected customers. But it’s the spread man that I think people should be concerned about. The next thing about Microsoft because here we are, it’s Microsoft bleeping computer, that’s where this article comes from. Microsoft admits to signing a root kit malware in supply chain fiasco. So that doesn’t help matters when your job is to verify and validate that the software does what it says, it’s going to do and it doesn’t violate the rules. So you do that and then you sign it right with your certificate saying this is a true safe thing and an eight.
[00:46:38] Brad Nigh: Yeah. You know, and I’ll be honest on this one. I I’ll I do feel for them and that, you know, if you look at the sheer volume of drivers and stuff and I mean we’ve seen it where they how good these Attackers are hiding it? I’m not
[00:46:58] Evan Francen: absolving them. Yeah, I don’t feel for him at all because it’s like you keep taking on all this stuff. I mean you keep going after this new thing, a new thing, a new thing. And it’s like why doesn’t somebody else take care of this? You know?
[00:47:11] Brad Nigh: It’s well yeah, it’s yeah I’m not absolving by any means, but it’s like having seen how difficult this is. I do feel for I mean that these Attackers and some of the methods are like holy crap right now. And the fact that this isn’t more common even, you know, not just Microsoft, but you know, google and apple is pretty amazing
[00:47:41] Evan Francen: one. And the and the way things work to those, maybe it is more common. And this is the first one we’ve sort of found. Because I mean because it’s always that obvious stuff, it’s always like yeah. So why didn’t I check that? You know, I don’t know. So that the driver is called net filter. Uh It was observed communicating with chinese command in control i. P addresses. It’s a driver distributed with gaming environments. And not to be confused with what we talked about earlier. It this is uh this is legitimate signed mm software. So g data malware analyst Kirsten han first took notice of the events uh and then you know sort of hey this thing’s happening, you might want to do something about it. Uh what does that filter do? Uh because originally it was flagged uh they appeared to be a false positive but it’s not.
[00:48:42] Brad Nigh: Yeah it was What did it say? It basically connected to an I. P. Address in china multiple?
[00:48:51] Evan Francen: Yeah well if you look at the signature in the in the version that he shared, it was signed may 16 2021 so it’s not like this is old uh stuff either. There wasn’t a patch for it. Uh And since Windows, is there any code that runs in kernel mode has to be tested and signed before public release? Uh Well yeah, Canada’s solemn without thought. The Microsoft certificate so there is that much like trust Bird in to the signing process uh and then there’s a whole bunch of technical details, you know, it’s nice that they are shared IOC’s are shared in detail in a blog post from the believing computer news articles so you know, check your own environments for these things.
[00:49:48] Brad Nigh: Yeah what’s interesting is basically the whole point of this was geo locations to be that gave me. Uh huh. Let’s let’s be honest, that could be uh I mean proof of concept wise that’s that’s not ideal.
[00:50:07] Evan Francen: Right. Yeah it is true. It’s used to circumvent region based restrictions and games and snoop on players. Well that’s what’s being used for now. Right. Right. Yeah I think yeah interesting thank you china but we can trust them. Don’t worry about it. Moving on to last Microsoft thing I have is Microsoft edge bug. Uh Yeah, could a lot Attackers steal all. Uh So this has been hacker news is where this comes from. Microsoft edge bug. Could have left hackers steal your secrets for any site. This has been patched I believe. But it’s interesting news that if you don’t keep up with patches, which is a bad thing, she um using computers, if you don’t patch, just sam should be driving a car unless you change the oil just saying. Mhm. Uh What’s that?
[00:51:13] Brad Nigh: It’s really interesting now, yeah, like how it was exploited is nuts. Like you trigger the attack by adding a comment to a Youtube video written in a language other than english along with the cross site scripting payload like right, because it who thinks of
[00:51:40] Evan Francen: this, you know, you know how it happens most the time man, it’s stumbles on it. Right? Very sure your browsing the internet and it’s like, oh what the hell is that?
[00:51:52] Brad Nigh: I mean we’ve seen it. Right. Oh yeah, yeah, yeah,
[00:51:57] Evan Francen: I’ve definitely broken more things over the course of my career than picks things and it’s a broken things where you find these things, right. Yeah, crazy. And that’s what I think, you know, hackers uh a d d is a great, it’s a superpower we can do that, we can just break things and still be fine and move on to the next thing. Forget about that other thing like, oh what is that? You know? And then you go down that damn hole. That’s what happened right now with me at states now, it’s like okay where does this go? is your 80 then turns into like ultra focus,
[00:52:37] Brad Nigh: right? We have a rabbit hole.
[00:52:39] Evan Francen: Yeah, it’s nuts man. All right to to last news articles and then we’ll practicing up a whole bunch of Microsoft stuff. If you just like I said this show notes be posted. It’s Evan francine dot com. Easy to find the show notes that we posted tonight. If you want to uh review any of those uh those news articles we just talked about uh you know, stay abreast of these things. You know, you don’t try to learn everything but you know try to pay attention. I think one of the big things about, you know that makes good security people good is situational awareness. That’s situational. Like no everything. This situational awareness, understanding where you’re at what you’re doing, what’s around you. Um
[00:53:23] Brad Nigh: Well yeah no your technology, you know your software and pay attention to the cooler of those things. What do you have to be aware of it?
[00:53:33] Evan Francen: Exactly. Yeah. Uh One more or two more. Actually real quick. We’ll get through a hot for security. Power bi big defender. This uh this one comes from $1 billion lost to over sixties through online fraud in 2020 says FBI. I’m actually putting together a course class for women’s suffrage, fujitsu in Jacksonville. And it’s for a bunch of it’s for mostly people that want to transition from I. T. Into security, right? Ladies that they want to do that. So I’m putting a hack yourself course together where heck your own home network. You know? And what I’d like people to do is to hack your home home network and then go find mom dad, grandpa grandma, go back to their network to so you can find where their vulnerabilities are and help them Trying to teach a 60 year old to become a hacker is probably not going to happen. They’re going to find ways it’s a different generation. It’s not an intelligence thing. You know, he didn’t grow up with technology. It came so late in the game for them.
[00:54:58] Brad Nigh: Well you know you mentioned that uh We had one. Yeah. Well you know I’ll tell you later but I got put in touch with the women in cybersecurity at texas A and M uh they’re trying to put together a K. Through 12 program and understand more about it. So I’m gonna be working with them to help which I’m super excited about it. It kind of along those lines like let’s get this early and do it right and prevent this from happening for future generations
[00:55:34] Evan Francen: for sure. And the thing is about security security is security, right? It’s the concepts are the same at home as they are in the office and then the same in the offices they are in protecting the nation. Right? It’s start with an asset image. I can’t possibly protect the things. I don’t know. I have start with understanding when you’re the one responsible for your own security. It’s not my responsibility. It’s nobody else’s it’s yours. It’s not the I. S. P. S. Responsibility. It’s not the places you visit on the online, it’s your responsibility. You know what I mean? It’s starting with those basic things. So you know running we did it on the show once right? Running map on your network. See what you got running. Take inventory of it. Try to identify it, try to figure out who is communicating with just you know, I don’t know lots of stuff but there’s some good information in this article in particular. I thought you know what was interesting to me was the crime types. There’s really good data here. So confidence fraud, romance is the number one loss type at $281 million for over sixties which I
[00:56:42] Brad Nigh: would be willing to bed if you look at, you know, Well back in the day as it were. Uh that would not be any difference than you know partying older. That may be lonely for.
[00:56:56] Evan Francen: Absolutely. And and one thing I thought was interesting too is ransomware is like number what 28 5 I mean it’s way down there. Well is that five million. So The over 60s aren’t getting hit by ransomware. The over 60s were getting hit by, you know, romance scams, business email compromise, tech support scams, those types of things. Well, you know, it
[00:57:25] Brad Nigh: makes sense though, right?
[00:57:26] Evan Francen: Like no, your
[00:57:27] Brad Nigh: target, you know, your audience, right? You know, it sounds callous to say that, but that’s the reality right there. Why would they ransom, You know, a 70 year old computer who’s gonna just not know what to do and isn’t going to pay Bitcoin and try to figure that out as opposed to, you know, socially engineering them and getting money that it’s gonna be a lot easier. You know, it’s what Attackers do.
[00:57:56] Evan Francen: That’s, you know, it’s always it’s always the same. Right? It’s easier to go through you. It’s easier to go through your admin. It’s easier to go through your secretary than it is to go through your firewall. Mhm. Right. Why would I go through all the work of creating custom malware for attack on grandma and speed up the phone. Yes. 30 seconds vs, you know, I don’t know how many hours I would spend crafting another attack, but the all right, So there’s that and the last one before we close this sucker up, I was going to talk about the critical see, so initiatives, but I thought it was more, I was gonna make fun of it more than anything else. You
[00:58:38] Brad Nigh: and me both.
[00:58:39] Evan Francen: Yeah. So I’ll just let that go. Maybe next week, let’s let’s do that. Let’s talk about burnout. I think that’s a good thing and we’ll cover you know a few news articles. Uh The last one is you know, if you didn’t hear john McVie is dead, he uh you know, he allegedly took his own life, we could do a whole episode on that. I’m gonna say, I
[00:59:01] Brad Nigh: don’t know, knowing him, he’s going to turn up in like five years somewhere.
[00:59:06] Evan Francen: Well not just that, but if you remember back in the day he was because he was a pioneer in our industry regardless of the kind of person you think he is, he was a pioneer or industry in early in the earlier days and he had access to the highest echelons of the U. S. Government. And so you see the things that have happened, you know, I don’t mean I’m always skeptical when somebody turns up dead in a prison, when you have guards and cameras and things that are supposed to be making sure you don’t take your life. It’s just it doesn’t sit right with me. Mhm. I know he knows things. I mean come on he has to.
[00:59:45] Brad Nigh: Yeah. Yeah interesting. And you know that’s one of those things that will never I ever know that the truth or know all this stuff about,
[00:59:57] Evan Francen: right. So anyway we can speculate about that. But yeah you know, you know I wasn’t a big Mac phy fan because you know I just I’m not a big fan of kind of anybody like that, but it is sad, you know, when you see, you know what was in, you know tech, the tech giant, you know, who was part of the revolution really in yes, flexes handball. He was entertaining too.
[01:00:29] Brad Nigh: He was a very interesting
[01:00:31] Evan Francen: character. Yeah, totally. So goodbye to john Mcafee. Uh yeah, it sucks alright. Any shout out to speak sir.
[01:00:42] Brad Nigh: Uh, I’ll give you a shout out, thanks for the support over the last couple of weeks and just, you know, knowing it, you got, you got my back is it’s great uh, philosopher a shout out to the same thing. We’ll have the whole leadership team man. It’s just been amazing to see everybody being so supportive. It’s, it’s been really been helpful.
[01:01:04] Evan Francen: Oh, cool man. Well we do genuinely love you man. I mean some people just use those words, but you know, I’m hurt, you know? Yeah, it’s always funny.
[01:01:15] Brad Nigh: People always are like, you know, you get your company can’t really be, No, it is. Why didn’t you? It’s crazy. Everybody here in leadership has been in that position and is dedicated to not let that happen and they truly care about each other. It’s so awesome.
[01:01:35] Evan Francen: Yeah, it is cool man. It’s cool. Uh I don’t know who am I going to give a shout out? I’ll give a shout out to my dog. It’s weird, but Violet is especially when my wife is found, you know, she’s, she’s a lot of thomas week, well, it’s like my pal, she’s just been hanging out with me. She yells at me. I yell back at her. We’re just loving life.
[01:01:58] Brad Nigh: It’s funny how yeah, When Katie takes the kids out of town. Yeah, dogs are like, oh yeah, good.
[01:02:05] Evan Francen: Yeah. I told my, told marla said I was sleeping in the bed with me now and say, what she replacing me? I’m like, well, you’re not here. She’s
[01:02:16] Brad Nigh: a talk back as much weight. No, Right.
[01:02:19] Evan Francen: She’s, she’s easier to tie
[01:02:22] Brad Nigh: up. I get annoyed. I can just throw it in the backyard.
[01:02:28] Evan Francen: That’s true.
[01:02:30] Brad Nigh: Yeah, that would probably get you in trouble. We’ll have to have Brandon edit that part out. Our wives don’t hear
[01:02:34] Evan Francen: it, that’s fine. Uh, we’re, yeah, thanks for the conversation, man. It’s good to see you. It’s good to see that we can share some laughs together. Laughter is a good, a good medicine and we’ll continue to pull for each other, You know, uh, good things. Good things are ahead. There’s, there’s sunlight on the other side of this thing. Uh people listeners if you want to tell us something, going to sleep back or you have an opinion to share, which we, it won’t be those, but if you want to share them. Feel free firstname.lastname@example.org. If you’re the social type socialize with us on twitter. I’m @EvanFrancen Brad is @BradNigh. I know that’s not much of a social media user in general and I’ve been swamped. So if you social us there we might get to it. Uh yeah, there’s other social media stuff. It’s very easy to find out whether it be the security podcast or fr secure or security studio, any of that kind of stuff. Uh that’s it. We’ll talk to you again next week, enjoy be safe.