Evan and Brad break down two incidents that they recently worked on, and another one that’s on the way. They’ll also go into detail about a Breach civil lawsuit, the OSINT framework, a visit with Lockton, keynoting a manufacturing event and— as always— break down some current events/news topics sweeping the industry.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: Good morning. It’s monday. And you know what that means. It’s time for another podcast. Here we go. Today is monday, february 18th 2019 and this is episode 15 of the un security podcast. My name is Evan Francen and joining me as always, is Brad Nigh. Good morning Brad. What’s new this morning

[00:00:40] Brad Nigh: Uh, not much more snow this week. I know I’m so excited.

[00:00:46] Evan Francen: No, I’m tired of the snow. And we were just talking before the show started how it seems like I have this cold and I can’t seem to get over it. I don’t know what the deal is usually once a year, but this is the whole year. It seems

[00:00:58] Brad Nigh: like you have been fighting something as well. So we’ll blame the weather.

[00:01:02] Evan Francen: Yeah. So we had no special, we don’t have a special guest this week. Last week. We had, uh, mindfully yeah, that was really cool. We, uh, we had a lot of good feedback. I don’t know if you saw the stats on the number of listeners, but it was kind of through the roof last, last week.

[00:01:18] Brad Nigh: Yeah. I actually had my wife listened to it and was laughing at the beginning there with us trying to figure out the words and yeah, all that stuff. My kids actually thought was pretty funny too. So that’s that’s how you can tell us a good show. Okay. Non security people were laughing and their their my worst critics

[00:01:36] Evan Francen: was that that was that the show where we couldn’t pronounce, couldn’t pronounce.

[00:01:39] Brad Nigh: Uh, we’re going to do it, you know, uh what was the word? I don’t remember?

[00:01:44] Evan Francen: Yeah. All right, well, this

[00:01:45] Brad Nigh: is all kinds of stuff.

[00:01:46] Evan Francen: Yeah. And you know, as you know, we recorded these shows early monday morning, so it’s always a little bit weird sort of getting into the flow of things. Uh, you know, last week. And that’s kind of where we’re gonna go today is just talk about last week. Last week was a crazy week for me. And I assume that the same was for you? I didn’t see you much in the office last week, so I think you were probably all over the place. It was a busy week. So, let’s start with that. Let’s start with, you know, tell me about your week.

[00:02:15] Brad Nigh: Yeah. I had uh, wrapped up to incident, well, finishing up one, finishing up another 11 wrapped up. I’m just finishing up and it started a new incident.

[00:02:25] Evan Francen: So we had to incident responses last week

[00:02:27] Brad Nigh: too, wrapped up in one started to

[00:02:30] Evan Francen: Yeah, okay. And I had to yeah. So between the two of us, we had five. Yeah. Okay.

[00:02:37] Brad Nigh: Yeah, it was

[00:02:39] Evan Francen: were there interesting incidents,

[00:02:41] Brad Nigh: what I mean? There are incidents,

[00:02:45] Evan Francen: what can listeners learn from your you’re in some experience

[00:02:48] Brad Nigh: in this week logging logging log you will make your it’ll make your life so much easier.

[00:02:56] Evan Francen: Now can you tell us, So tell me about one of the incidents just uh what happened?

[00:03:02] Brad Nigh: one of them? There was a yeah an undocumented feature in the software package the company was using. And uh so what they thought were unique ideas were not necessarily unique. So they had some potentially on unintended disclosure across users that they thought had unique IEDs. So uh turns out you know with the best that we could figure out it was it was very limited in in terms of who was actually impacted but it was really difficult and that they didn’t have good logging in place. Right? It’s very siloed from a uh development and infrastructure in QA were very siloed and it wasn’t security from the start that’s really common. Yeah. Oh yeah

[00:03:52] Evan Francen: people, I mean I think 11 bit of advice is people should log as though they were compromised. Right? I mean what evidence would I have to conduct an investigation? We’re not logging enough information. If there isn’t any evidence there isn’t any evidence.

[00:04:10] Brad Nigh: Yeah. The other one we’re working on was they were alerted by their bank to fraudulent is never good. No so it was well into the seven figures and they were able to stop all but You know high six figures from going out, they lost several $100,000.

[00:04:31] Evan Francen: Yeah I heard about this one.

[00:04:32] Brad Nigh: Yeah. And then had some over a half million dollars. Oh yeah overhead rack. Uh Right. Great ransomware. Yeah. So luckily it was pretty minimal in terms of the damage we were able to recover from backup.

[00:04:49] Evan Francen: Okay. Remember that to you. Okay. We must have passed in the hallway last week because you were telling me about this and the attacker through unauthorized a ch transfers made off with like two point something, I mean millions and then the client was able to recoup a good portion.

[00:05:10] Brad Nigh: Right? The bank of Yeah, we did mention it very briefly. That’s right. Um Yeah, I think that the there was a spam phishing they clicked on it, user clicked on. It must have been very targeted because they were able to get the pin to authorise the transfer because they initiated the hacker initiated it. So

[00:05:33] Evan Francen: so then the attacker being the fine person that they are after took after they took off with the money, they decided to leave a gift and left riot ran somewhere and then shut the place

[00:05:46] Brad Nigh: down. They were down for at least a week

[00:05:51] Evan Francen: and then restore backup. So total losses are Probably close to $1 million dollars when you talk about lost business. The actual cash that’s gone from the bank account and the cost of restoring from backups.

[00:06:07] Brad Nigh: So there’s some we’re still we’re still going on that is where I should wrap up here the next day or two, but

[00:06:14] Evan Francen: Okay. Yeah. And I assume there’s gonna be plenty of recommendations for them. Okay. There always is. Yes, that’s one of the things, you know, one of the incident response is that I worked on a while back when it really wasn’t the actual incident response through blue cross. There was the blue cross, blue shield, the Mandiant who did the initial incident response and they’re like top notch, right. I mean, they did a fantastic job, but once they were done with their uh you know, investigation and things had wrapped up, uh we came in after that to fix things to make things better. Uh but there’s always so many recommendations and I think, yeah, maybe half of the companies actually take us up on recommendations. The others are just kind of sitting ducks waiting for the next time.

[00:07:08] Brad Nigh: Well, it happened to him once it won’t happen again.

[00:07:10] Evan Francen: Right. Right. Lightning never strikes to know. All right. So you had those those things, what else? What else happened last week?

[00:07:18] Brad Nigh: So, obviously had a couple of new employees started. We’re still growing like crazy. That’s always exciting to get new people on the team to the analysts on

[00:07:24] Evan Francen: board. I saw an email I think over the weekend, a couple of new people starting again this

[00:07:30] Brad Nigh: week, yep more. So, you know, it’s crazy.

[00:07:35] Evan Francen: So how big is your team now when you when you take into account.

[00:07:39] Brad Nigh: So all the analysts. Uh I mean, we’re about 20

[00:07:47] Evan Francen: Justin in consulting services. No, you’re talking consulting services and technical services, you know,

[00:07:54] Brad Nigh: that’s a good point. I don’t know. Gosh, it’s growing so fast. I know you’re making me put you on the spy for,

[00:08:01] Evan Francen: what are you responsible for bread?

[00:08:04] Brad Nigh: That’s a good question.

[00:08:07] Evan Francen: But we did have a, so we had some from out of town last week, some new employees just over 20 total. Okay. It was really cool to meet uh some of those, some of the new guys.

[00:08:18] Brad Nigh: Yeah, yeah, they were not happy to be coming up in like cold and snow and all that, but it was good. Uh the other thing I got to do which was fun as I went and did. So I c squared has the safe and secure online or I am cyber safe. Um so went and spoke to a mom’s group on like, hey, here’s how you keep your kids safe and you know it’s always fun to, to do those. I love talking about that and educating people but okay kid, a little bit of a kick out of knowing what’s coming and then watching the faces just like the color drain out of them when they realize, you know how little they actually understand and they kind of know that but it was always eye opening to the parents.

[00:09:09] Evan Francen: So who is the audience? The audience was mother’s

[00:09:12] Brad Nigh: Yeah, this was a mom’s group that my wife is a part of. So there’s about 20 people that showed up for that. So okay.

[00:09:20] Evan Francen: And the discussion was

[00:09:22] Brad Nigh: just about how to do safe passwords and social media and restrictions on devices, you know, just kind of best practices around being safe. But yeah, I see Square does a great has a great like presentation from a kind of high level talks about um you know, like one in 10 teenagers have actually met somebody in person that they met online. A stranger crazy just and you just watched Yeah, that’s the part where it’s like just watch the color, just go

[00:09:55] Evan Francen: and one This is one of the, I mean the book that I’m writing now is about information security for normal people. And one of the parts that I just finished writing was about safety about, you know, teenagers and because it’s not just about protecting your financial information and protecting your privacy, it’s also about what are your kids doing with these things? A suicide rate in teens has doubled since the advent of smartphones.

[00:10:24] Brad Nigh: I’m not a coincidence. My daughter just turned 13 on Friday the day off on Friday. So that’s probably didn’t see me too. I took that off and uh she’s, she was just on my case about instagram because her friends have had it As they turned some of them had it before 13, but they’re now that age and she’s like, She wanted it earlier this year and I said, Nope terms and services 13 and she’s been fantastic. That didn’t push. You didn’t. She’s like, Okay, now she turned 13 and I was like, Oh but it’s crazy that all our friends, just even at her birthday, we’re talking about stuff that was that privately on instagram that they were sharing and she felt like really left out and yeah, there’s a lot of peer pressure. Yeah.

[00:11:13] Evan Francen: Just then leads to another whole problem, right? Cyberbullying? Yeah.

[00:11:17] Brad Nigh: Yeah. So she got to go through an hour conversation and presentation with me about, Which is always always funny when you have to talk with your kids. But then talking about 16 and cyber bullying and you know, hey, be aware, you don’t know who these people are. Don’t accept invites from people you don’t actually know. And just their and their kids are really good. They’ve gone through a training a couple times and right. But I just

[00:11:48] Evan Francen: when their father, but their father, your kid’s father works in information security understands a lot of these things, Right? I mean, normal people who don’t have parents who are this aware. I mean they’re letting their Children take their phones, their ipads into bed with them at

[00:12:05] Brad Nigh: night. Uh,

[00:12:07] Evan Francen: they’re not monitoring the places that they’re going, they have no idea who they’re talking to

[00:12:11] Brad Nigh: write well. And it’s dangerous. Her friends names are there are there actual names and I’m like, you know, that’s like, you’re no one of the interesting things that came out of the moms talk was one of the moms has a couple of teenagers in high school and she said that the, She’s in the middle school and high school teacher or principal said that her daughter since she had been 13 when she got a device had been getting unsolicited pictures from boys. And when you look at the time stamp of the pictures, almost all of them are taken after midnight regardless of when they’re sent, but they’re taking these pictures. Yeah. What? Hey, who thinks it’s okay to do that? But be why are they allowed to have this night? Right. So

[00:13:03] Evan Francen: I think as a, I think a lot of parents just feel uh, sort of helpless or ignorant, they don’t know. Um, you know what the risks are. So these kids are and when you think about it, I mean you’re talking about, you know, where I live is a small town 20 miles west of Minneapolis, not far from where you live, It’s a safe place where I live, right? But on the other side of that router, you know, it’s not safe. It’s all kinds of crap going on on the internet and it’s war. You know, there’s a battle being fought and when I have my child in their bedroom, it doesn’t matter how safe my town is, they’re bringing the war the battle into their bedroom every night,

[00:13:53] Brad Nigh: yep, it’s scary.

[00:13:54] Evan Francen: So yeah, there’s a whole, there’s a chapter on this and, and skin I was accused this weekend of not being politically correct. Yeah, you laugh because I’m not, I mean, I just feel like you should just say what you want to say. You know, when I say things, I don’t normally mean to offend anybody, but there’ll be things in this book or I think people will be offended. You know, you need to get wake

[00:14:18] Brad Nigh: up. I think big problem. Yeah. That’s, there’s a difference between being like shocking, right? Just for shocking and telling the truth because people don’t always want to hear the truth.

[00:14:32] Evan Francen: We do get paid to tell people

[00:14:33] Brad Nigh: The truth. I use that one. That one of the things that we’ve, we are really good at is telling people their baby’s ugly. Yeah, I think you used that one before. I

[00:14:46] Evan Francen: tell you baby is ugly and still not get kicked out of the room. It’s a good day. All right, well my week. It was crazy last week I had to actually take notes and speaking of that, the show notes I post every friday usually get up, get him up there before, you know, friday before I leave for home for the weekend. Um, but we just started doing this the last couple of weeks. So I didn’t have chance last week to really visit with you and you know, get your notes in there. But I think as we get better at that. Well just look at that, that, yeah, So those things are posted every friday and Evan francine dot com if you want to go there. Uh, but it was a crazy week. I had, you know, as I look through kind of the things that I did last week, you just don’t realize it friday comes, you go home, you’re like, why am I so damn tired? And then you look back to the week, you go, okay, I get it right. You had to three incidents you had, you know, you’re talk, you’re also trying to manage people plus you do here at fr security, you do solutions architect ng, right? You think how that creates almost all of our proposals, which in some cases can be many, many, many proposals over the course of a week. Right?

[00:16:02] Brad Nigh: Our sales guys are too good then

[00:16:04] Evan Francen: ladies, they are good. Uh, january was a fantastic month this month. Looks like it’s going to be a fantastic month. Uh, but uh, so I, I just recap some of the things that you know that I did last week and I think not so much to just kind of brag about the things that you do, but more like what are the lessons that you can learn in a lot of these things. So had a couple of incidents last week, The first incident, uh, was an embezzlement case and annual and I want to be real careful not to get in trouble. You know, you don’t want to share things. Uh Yeah, this is a criminal case, you know, when you have an embezzlement case, that’s usually one of the first things I’ll ask is to the police know, because if you’re going to prosecute this criminally, if you’re going to press charges, then at some point law enforcement has to get involved, it doesn’t have to be right away necessarily, but at some point, so in this case law enforcement was already involved. Uh The law enforcement has issued a subpoena 30 days to get the evidence or the system to law enforcement. The good thing is the person who was suspected of embezzling money uh admitted it, right? So that lessons that helps, yeah, lessens the importance maybe of the evidence, but you still have to be really careful, right? Uh so you know, chain of custody form, uh you know, immediately log everything, track everything. Uh And really our involvement being that law enforcement is involved isn’t necessarily to conduct the investigation. They really wanted a forensic image of the drive uh you know, in case maybe they want to do a civil case or whatever. So um long story short they these are the things that I learned. Yes. Uh First off, when I you know, asked for the drive, walk them through the process, you know, to to send that to us uh safely and securely open the box and in it is a DVD

[00:18:21] Brad Nigh: drive, it’s

[00:18:24] Evan Francen: a drive, right? I’m like, oh, well, maybe there’s a DVD in it, I don’t know. No, it’s an empty DVD drive. It’s like son of a gun. So that didn’t work. Uh and that was actually the last the week before last this week. Uh So I said I need the hard drive if you want an image of it. So they another shipment open the box and ship the whole computer. It’s and it’s a desktop computer. It’s like, all right, they get it. So you open up the desktop, open up the computer and it’s an SSD. Right? So I understand why they had trouble getting the drive to me and maybe I should have asked that upfront. Maybe I should have asked more information is the model and all that stuff, but I didn’t uh lesson learned. Ah So the the equipment that I have allows me to do images of sata drives and drives. Right, let’s get your old school. I am old school. Well, that the last time I did, like honestly, the last time I did a forensic copy was probably when I was at U. S. Bank 10 years ago. It’s just a

[00:19:31] Brad Nigh: few years ago.

[00:19:32] Evan Francen: Yeah. So, but you know, it’s the processes, the procedures that are very very very important. It’s not necessarily the the technology, you know, that you have. Uh So I had to run to micro center to get a uh uh an SSD, two sata adapter. Right, Right. So I get that and then you know, there’s lots of flavors, not lots, but there’s multiple flavors of SSD. So I get everything hooked up and then I can’t see the drive and I’m like, why the hell can’t I see the drive? Well it’s envy me SSD not your mm two or river. So I don’t have an adapter. The adapter doesn’t work for that and I can’t find an adapter. So then you had to reroute figure out a whole another way of how am I going to get this image now? A forensic lab like Mark Landerman since awesome forensic guy very well known has a forensic lab. This would have been a no brainer.

[00:20:39] Brad Nigh: Yeah, they would have had all the

[00:20:40] Evan Francen: stuff you would have had. And I asked him a couple of weeks ago I was talking about something else. Yeah dr images like 300 bucks for him to do it. I’m like, well she’s okay. I shouldn’t be doing this then. So anyway, I got the, got the image, wrote it to a, an external hard drive uh, and shipped it. So we’re done. But that was a pain in the butt last week moral of the story. Uh, uh, if you have an expert in forensic imaging use them. Yeah, we’ll definitely do it. We can do it. And in an investigation sometimes we have no choice but to do it. But yeah, I think next time I would just send them to market and german and say, you know, Mark, you take care of this.

[00:21:30] Brad Nigh: This is what they do all the time.

[00:21:33] Evan Francen: They have the equipment, they have this set up. But I think a lot sometimes, you know, being a security guy, we think that we can do everything.

[00:21:41] Brad Nigh: No, technically

[00:21:42] Evan Francen: you

[00:21:44] Brad Nigh: do,

[00:21:45] Evan Francen: it just wasn’t the best. I had. The other incident was, you know, sort of an incident and if you go to the log, you can see some of the text. It’s kind of interesting. It was an attacker had spoofed an email, uh, so that it appeared it was coming from a company president, uh, and sent it to eight I think employees. Um, and in the email, you know, said, hey, call me, you know, I need something right away or text me, I need something right away. So the victim text this person who they think is the president. But in fact it’s the attacker and the attacker walks them through the process of, hey, I need you to get some google play gift cards for me. Uh, yeah, so sort of an incident. But I mean in this case there really wasn’t anything lost. But it is interesting and how Attackers well stop it and they won’t stop at anything to get what they want from you. Uh, and, and in that, in that blog post with the show notes, you can see the text that kind of went back and forth, interesting. Pretty interesting. It’s a hey blank, you know the name, I’m at a conference and can’t talk. I need you to do me a favor. Can you locate a local retail store victim responds? Because I think they’re talking to the president. Sure. What retailer? Uh, and local to who. Then the attacker says, we’ll look at a Walgreens best by safeway or any other store close to you. I need you to pick up some google play gift cards.

[00:23:18] Brad Nigh: Yeah.

[00:23:20] Evan Francen: And then the person responds, you know, the victim, it says that CBS has them and they’re in a store and there’s a store nearby, but I’m in the meetings all day and I can’t step out, ask someone to grab them. Uh huh. Then the attacker says, well, kindly do that and have the person text me on this number. And then, Yeah. Yeah. And it’s interesting too, if you notice in that second picture, the the victim says, hey, you know, later says, hey, I know it’s early. But can, can you call me and the attacker responds just text me please busy right

[00:23:57] Brad Nigh: now. Yeah, yeah, that would give it away. Yeah, for sure.

[00:24:04] Evan Francen: That was one incident. And then there’s a soon to be incident. I mean, I don’t know if you’ve ever done this bread, but uh, sometimes when you’re talking to somebody, you’re meeting a company or you’re just having a discussion and you just know there’s an incident here, It’s just going to you’re not convinced yet. But when you when you find it call me had one of those last week.

[00:24:26] Brad Nigh: Yeah. Yeah. Yeah. I think that’s the how it won’t happen to us, we’re fine. Right. We’ve been doing fine. Nothing to hit us yet that you know

[00:24:36] Evan Francen: of. Yeah, well, this one to make a long story short, I was I was at a meeting with a large company, global company uh and you know, I met met them a couple of times and it was there to talk about protection of executives, right? Giving executives training, figuring out because they have assets. They’re like little mini corporations. Right? So if an attacker goes after an executive, even personally, there’s a return on their investment for that. So we were talking kind of through that. And as we were talking, uh it was mentioned that uh they have this kind of public thing going on. It’s a lawsuit. I don’t want to go into too many details, but then you’ll know who it is. But I have his lawsuit going on. And there was something in the news about this lawsuit last week. So, you know, I had asked, well, since that news broke uh publicly, did you see an increase in attack traffic in the Network Admin Security guy says, Yeah, actually we did like explain it to me. I mean, what did you what did you see? He said, Well, we saw a lot more attack traffic uh towards our RTP systems and I’m like, you have RTP systems.

[00:25:56] Brad Nigh: Okay. Yes, I’m

[00:26:00] Evan Francen: not surprised. Not surprised. One that you have RTP systems and two. I’m not surprised that you’re being attacked at RTP systems because they’re just awesome targets. Yeah. And so I said, well, are those uh two questions then, how many RdP systems do you have? And he says uh I think bob 6-8, Oh my God, we don’t have an inventory of how many RTP systems we have. And then it was, the second question is, are they secured with Multifactor? Are they all just username and password? And he goes, well, I think they’re all just username and password. And I’m like, okay, that’s it’s getting worse,

[00:26:38] Brad Nigh: probably,

[00:26:38] Evan Francen: yeah, it’s getting worse. And then I said, well, explain to me, and so we’re just having this discussion, we came to talk about something else, but now you’ve really got my interest in this, right? And so it has to do with a foreign country? Okay, that’s and so I said, what did you see beyond that in terms of like source types? Did you see anything like in your DMC? And yeah, we did like, oh, what kind of traffic did you see there? What we saw like port scanning. I’m like, oh crap. That usually is an indication could be an indicator of uh you know, one of the already p systems was tipped and now the Attackers pivoting and looking for the next, you know, interesting target. But I’m not saying that yet. I’m just kind of taking, this is just a conversation, right? And then, uh, he said, you know, but we’re geo blocking now everything internal. I’m like, okay, uh, you can get past that, right? I mean, I can have a can just compromise a system in the United States and turn and take it there. So like, okay, that’s good to your blocking inbound. Uh, what about egress? You know, traffic going outbound? You know, what have you seen? There? He goes, well, you know, some interesting stuff. I go, what do you do? You know? So we go through what you’re blocking. And I said, do you see any outbound traffic headed for this country, uh, that we don’t want to talk to. And he goes, yeah, like, oh, crap. Okay. How many systems do you see this? You know? And he’s like five or six. What do you want to say, man? Tell

[00:28:14] Brad Nigh: me. Well, I mean immediately, why are they not blocking the egress traffic to that? Like, I mean, you know, you’re getting attacked, You’ve blocked it coming in, right? Why would you not do the same out? Okay, sorry.

[00:28:30] Evan Francen: So at this point? Or you can imagine my like, I’m sort of like, oh God, yeah. So I said, honestly, it looks to me like there might be something really bad here and I would stop. I would even stop this meeting right now and go find out, go investigate those five or six systems that are trying to communicate out, see what’s going on there. You know, you need more information. This is not looking

[00:28:56] Brad Nigh: good for you.

[00:28:58] Evan Francen: And I said, even if you want me to go, let’s go, me and you go figure this out. They just didn’t seem like they were all that interested. And I was like, okay, well, you know, so that’s the that’s the incident. That isn’t not officially declared an incident. But I

[00:29:16] Brad Nigh: think that was all indicators point to,

[00:29:21] Evan Francen: right, wow. And I was, it was weird. It was like I was in the twilight zone because I’m explaining my, okay, this is what we discovered just in our conversation. You’ve got this event, these events. Oops, sorry, these observations and these observations, Right? Do you see a pattern here, right there? Just like laws affair about it?

[00:29:43] Brad Nigh: Maybe. I don’t know. There’s like stuff that kind of all points to the same type of thing that, but you know, whatever, but they didn’t seem to like

[00:29:51] Evan Francen: get it. So, wow. So, I came out of that meeting and I was with one of our other people in that meeting and I looked at him and go, was it just me or

[00:30:02] Brad Nigh: that’s that’s not good.

[00:30:04] Evan Francen: He was like, yeah, it’s like the twilight zone. But anyway, I expect something soon. I did my best to try to explain to them. Look, I think you have an incident here. Yeah, absolutely. Actually have, you absolutely have a series of events that require some investigation to determine if you have an incident. But it looks to me like it’s probably,

[00:30:25] Brad Nigh: yeah, that would be uh, just putting on my like sys admin type pad. I just write

[00:30:33] Evan Francen: it makes you feel

[00:30:33] Brad Nigh: dirty like, oh dear, that’s not what you want to find.

[00:30:38] Evan Francen: So, you know, there’s that and I’m sort of already prepared for what will come from that. Uh huh. Another one breach lawsuit, ascent was so open source intelligence gathering in this case. It was a longtime client who is being sued for a breach that happened years ago. Large client. Um, it’s a civil suit and the the plaintiff, so it’s the plaintiff suing our client. And so the plaintiff has an expert witness and this expert witness has written some things about this breach. Okay. And so, uh, the client called last week, I think I was driving somewhere and they said, can you do us a favor and make sure what do you want? They said, can you find out everything you can find about this expert witness that the plaintiff as I’m like, sure what’s his name? You know? And so I told me the name and I never heard of the guy before. So I did a bunch of, uh, you know, intelligence gathering on this individual. So that because I think our client wants to know who they’re up against. What they’re going to make

[00:31:58] Brad Nigh: sense. Makes sense. So

[00:31:59] Evan Francen: I and I’m careful in a lot of these cases. You know you just do you have to be careful. I don’t think people think this way, but we do you have to be careful what you document, right? Because I’m not when I’m doing this open source intelligence gathering for our client, I’m not under attorney client privilege. Yeah. Right. So if I create a bunch of stuff and then send them an email with all this stuff that I found about this guy that’s discoverable. Yeah. Right. I mean I think I don’t think a lot of people think that I’m weird. So I gathered a bunch of evidence. Didn’t document everything uh called the client back and said this is what I know about this person. Um You know so that was sort of interesting. You don’t get you don’t get those calls every week.

[00:32:45] Brad Nigh: It’s kind of cool a little different.

[00:32:47] Evan Francen: It was especially the fact that it was out of the blue because I had already had a ton of stuff on my plate to do that day. But I kind of want to put those things aside so I can find out about this guy. So I did that. Got it done. Uh Tuesday had a good visit. So I’m still in my week. Dude. I told you I was. I know uh Tuesday we had a visit with locked in companies and locked in companies is a very large. I think maybe the eighth largest insurance company in the world gather huge. Uh down in Kansas city and it was just such a great conversation. So it was a day trip. It was fly down to Kansas city, have the two hour meeting, go to happy hour, do that thing that people do and then fly back. So it’s a super long day. But Those are great people down there. And so what we were trying to figure out is they want to provide add more value to their clients. They understand that the 10-11 question application for cyber insurance, it’s just that right, It’s you know the insurance market right now. It’s just it’s a money grab, get as much premium as you possibly can and worry about the risk

[00:33:55] Brad Nigh: later. But I think you’re starting to see, well I think look at how many incidents just we’ve had and how much is going to have to be paid out. The insurance companies are starting to go, oh wait a minute time out.

[00:34:07] Evan Francen: Right, well that last that one incident that we worked on together or maybe I think we were working out together but that was over a quarter million dollars just in response Visa will and so they filed an insurance claim and I don’t know where that, that’s at

[00:34:23] Brad Nigh: uh you got the bars. I know it got paid,

[00:34:26] Evan Francen: it did get paid as far as I know they paid it. Gosh. You know I would have thought because insurance companies don’t like to pay premiums. I don’t like to pay claims right there. Look for every sort of excuse which reminds me we have the Mandalas Lawsuit against Zurich. Yeah, 100

[00:34:44] Brad Nigh: million dollars. Yeah. I haven’t seen I haven’t seen any update on that one.

[00:34:49] Evan Francen: You haven’t either. But Zurich, Zurich denied the claim. It was a ransom.

[00:34:53] Brad Nigh: Yeah. Yeah. We talked about that there. It was an act of war, right? Yeah.

[00:34:59] Evan Francen: So I was talking to the lockdown guys you know in this conversation about that and one of the lockdown because these people no insurance. My God, I know security, these guys no insurance. So they were saying. Yeah. But one of the things that they didn’t really publicize about that lawsuit very well is that it was just like normal business insurance or whatever. It wasn’t cyber cyber had they had just normal business liability type. Whatever, interesting. Yeah. So they filed the claim under that and then model s but it’s still according to people that I’ve talked to, it still looks like uh Zurich is going to lose.

[00:35:38] Brad Nigh: I think that some language in there around. Yeah it’s something about I tear network or infrastructure or something. So right. Probably change their policy wording there on that

[00:35:50] Evan Francen: one. Right? Yeah. So that we came out of that locked in meeting on Tuesday I think with some understandings of what we can do to provide more value to their customers. I think we’re going to co brand some things which was very cool. Yeah. Uh huh. You know if that is done right and if it works right. I mean that’s a very large opportunity to help a lot of people. So I’m sort of excited about that.

[00:36:18] Brad Nigh: It’s a window all around helps the insurance companies know what they’re getting into, but also helps the companies that are being insured to like know what their security posture actually is.

[00:36:29] Evan Francen: Exactly. Well, yeah, I mean if you do a 10-11 question because it’s like the most popular one, I can’t remember the name of its cyber policy or something. There’s a company out there that that’s selling this policy. I’ll find a

[00:36:47] Brad Nigh: questionnaire or something.

[00:36:48] Evan Francen: Yeah. It’s become like this real popular, a lot of the insurance companies are using that to underwrite cyber insurance and it’s like 10-11 questions right now, one, you can’t properly assess risk in 10 or 11 questions for number one. Number two, what does that leave the customer with? Is there security program going to be any better? Right. No, it’s not. And so what’s going to happen is they’re going to have this false sense of security. I don’t need to do this or that or the other thing. I’ve got cyber insurance. Right. Well yes you have cyber insurance, but no, that’s not how you do this,

[00:37:25] Brad Nigh: right. The insurance companies don’t want to pay. They’re gonna look too right, understand what they can do to not pay.

[00:37:32] Evan Francen: Well, I think the biggest fear for insurance, the insurance industry is to have thousands of claims at the same time, right? I mean like when a hurricane hits that area and now you’ve got billions of dollars in insurance claims that all hit at the same time. Uh Yeah, so conceivably. I mean, the way we’re all interconnected in this world, you know that that’s that’s a possibility. Yeah, What else? Uh, so last week, I don’t know if you saw that, Did you see the cover of

[00:38:06] Brad Nigh: that? Okay,

[00:38:07] Evan Francen: I’m on the cover. I’m on the cover of a magazine. Dude. That’s crazy. Yeah. So Enterprise Minister picture.

[00:38:14] Brad Nigh: Yeah, I hate it that. So that’s so funny. Was so much the same on that.

[00:38:21] Evan Francen: So yeah, so one of our clients emailed me on friday said, hey Evan, I saw you on the cover of Enterprise Men sort of magazine. I was like, say what? I knew they were gonna do a story, but I know it was gonna be on the cover. That’s pretty awesome. And so he sent me this picture and I look at it. I’m like hate looking at myself, hate it. So it would have been nice if they would have used Photoshop

[00:38:46] Brad Nigh: black just blacked out the faces, put

[00:38:48] Evan Francen: me in a hoodie or something. Yeah, but the cool thing about the on the cover, it says, do you know your faces score, You should and that’s you know, that’s true. So it that part is really, really cool and I have a keynote uh to this group on Wednesday this week. Be cool. Yeah, a couple of blog post this week. I wrote about, I don’t know if you’ve ever if you like drama that first week in Cancun last year writing the book, Lot of drama in that one. Just yesterday Gunmen had broken into. There’s a lot of murderers in Cancun like 700 some. Yeah, Anyway, that was an interesting, so that’s that’s on Evan francine dot com. And then there was a second post. I started a series called You want to get into the security, you know, you want to get into information security or whatever. Uh The first series was just kind of the first post in that series, just talking about the opportunities, There’s tons of opportunities all across the board, technical, non technical audit, you know, whatever. Um that was the first post, the second post was what do I do to get some of that kind of thing, you know what I mean?

[00:40:05] Brad Nigh: Yeah, rugged in the get me in the door.

[00:40:08] Evan Francen: So the third post will be a getting your first job. So whatever that was last 30 to about it,

[00:40:16] Brad Nigh: you know, the small stuff.

[00:40:18] Evan Francen: Right? So that was, that was a busy week. I think the good thing is by the end of the week, I think. Mhm. You know, you’re tired, you feel like you made a difference somewhere. Uh So it was, it was a good week overall. Do you have a good week overall? Yeah, good. And then like I said, next, next in future podcasts, I’m sure you’ll have a lot more stuff to add because like I said, we’re getting into this goes back and forth. It does totally uh All right, and oh, and we had had a couple of good conversations to last week about maybe some future podcast guests, I think. Yeah, and you and I have talked about that too.

[00:41:04] Brad Nigh: Yeah, I think there’s some pretty cool thanks for coming up. Yeah,

[00:41:09] Evan Francen: Yeah. one talk with somebody and he’s probably listening, but just a really interesting guy. But you know, when I talk to him on the phone, who he seems to be is different than who I thought he was. Okay. So I’m excited for the future conversations now. This is a person I’ve never met before in person, so

[00:41:31] Brad Nigh: Mhm I mean, healthy dose of skepticism. Right?

[00:41:35] Evan Francen: So I’m taking my time on that. Uh Yeah, and so anything else to add for last week before we get into kind of some news? I don’t think so. Okay, so I want to remind listeners to that we do want your suggestions, your questions, cool things, thoughts, whatever we seriously do, we don’t get enough of that and we just love it. Uh We have grown to more than 250 ISH 200,000 or 200 250 listeners each week. Which is for me I’m pretty excited about that because we’ve only been doing this for 14 weeks.

[00:42:12] Brad Nigh: Yeah it’s just that’s nuts.

[00:42:14] Evan Francen: Yeah so I know that there are listeners out there listening give us your feedback. You know we’d love to hear it and you can do that at un security at proton mail dot com. Yes so I sent you the the stats kind of the curve yesterday. What

[00:42:34] Brad Nigh: do you think? I mean it’s still weird like it’s like you’ve seen yourself on that cover of the magazine. It’s just weird. Just start talking about what we do. People want to listen to us for an hour each week. I mean that’s that’s crazy to think about. Thank you.

[00:42:53] Evan Francen: Yeah and I never listen. I can’t listen

[00:42:56] Brad Nigh: to one of our podcast. I’ve listened to a couple. I listened to the start of the last one and see how it sounded. But man I can’t I hate listening to

[00:43:06] Evan Francen: myself. I can’t watch myself on tv you know either. All right so and also if you want to follow brad you can follow brad on twitter. It’s at brad and I it’s B. R. A. D. N. I. G. H. All one word and you can find me on my website Evan francine dot com or on twitter at Evan francine

[00:43:28] Brad Nigh: need to get. And instead of my

[00:43:31] Evan Francen: website so we can

[00:43:32] Brad Nigh: have it. That’s something that you can

[00:43:35] Evan Francen: cross post that. Yeah, like I could promote your stuff and

[00:43:38] Brad Nigh: I don’t really have anything out there. But yeah,

[00:43:40] Evan Francen: we’ll soon. You got the you got the domain.

[00:43:42] Brad Nigh: I do have the domain. Okay,

[00:43:45] Evan Francen: so brad and calm. Is that what it

[00:43:47] Brad Nigh: is? It is cool. There’s nothing there though.

[00:43:50] Evan Francen: Well, it’ll be really important though. Is the right the book together.

[00:43:53] Brad Nigh: Yeah. Yeah, there will be stuff there. But yeah,

[00:43:57] Evan Francen: so we have uh, we have the first book, the insecurity book. The next book in that series is the un security information security for normal people, which is when I’m writing right now and then we’ll have this third book which is really an operating system. It’s how people can in small to medium sized businesses. Do you know? Just follow this easy to follow system will not easy to understand. Maybe not easy to follow, but it’s like traction. Give him

[00:44:25] Brad Nigh: give him a playbook to work off of

[00:44:27] Evan Francen: and tools and templates. Yeah. All of us. So I’m excited to write that book with you. Alright, so news, let’s get to some news uh first bit of news that I have uh is comes to us from Ars Technica. And this is the title of the article is malware tech loses bid to suppress damning statements made after days of partying. Now that that title doesn’t tell you really the story all that much, but I don’t know you’ve heard of Marcus Hitchens, right? Or hutchins? Yeah, you know, he was the one who was really given credit for uh stopping the want to cry, right, Right. Um well he also had a kind of a dark past. Yeah, he used to play in the well used to, who knows really? I mean, I don’t know the guy personally, uh but he was arrested, you know after black hat slash def con def con last year. Uh I think at the airport by federal authorities for writing malware, the malware he had allegedly written was part of you know, other bad things like stealing banking credentials and what have you. So uh it’s an interesting story, I think what’s interesting is um you know, he’s he was jailed and then uh he admitted to a lot of things but then later claimed that he was drunk and then maybe hungover and so the judge at the end of the day said basically being hung over is not an excuse.

[00:46:23] Brad Nigh: Yeah, the one thing I thought that was interesting is is that the agents didn’t follow proper protocol, but the judge basically said, well that guy’s really smart, so it doesn’t matter.

[00:46:35] Evan Francen: Yeah, yeah, I mean, mhm Yeah, so yeah, because he wanted to get his statements because you know, he wasn’t read his Miranda rights or he was read the Miranda rights, but it was like following standard

[00:46:48] Brad Nigh: was like a half hour after he had already given up stuff and yeah,

[00:46:53] Evan Francen: so they were the FBI agents were rebuked for their failure to follow protocol, but ultimately they were they were excused by the judge and the statements stand. Uh But it’s an interesting story. There’s some good drama there. Um I yeah, I know that there in our community and the security community, there are many people who support Marcus in his battle. There’s others who, I mean it’s pretty polarizing. It’s one way or the other personally, I’m sort of in the middle. I don’t really care all that much. It’s other than the drama, it’s a good story stuff.

[00:47:34] Brad Nigh: Yeah. I mean,

[00:47:37] Evan Francen: I guess if you’re going to use

[00:47:39] Brad Nigh: the danger kind of gray hat go and play on both sides. Right.

[00:47:44] Evan Francen: Right. Which is which I really had no, I have no patience for that. It’s either you’re in or you’re out your honor, you’re off, you’re white or your black and not race because people take that there. I’m saying they’re white hat or your black hat. This gray hat thing is just you’re just confused. Yeah, who you are. But then it also is, you know what other people interpret, You know, you might be fully white hat, you know, and thinking that you’re doing good, but other people, their perception is some of the stuff you’re doing isn’t good therefore here a gray hat, yeah,

[00:48:23] Brad Nigh: that happens to, yeah, there’s a lot there, he’s claiming he was under 18 and when he did it and he’s been out of it since then, which, you know,

[00:48:33] Evan Francen: and he’s from a foreign country, right? It’s all kinds of, so he didn’t understand because like they don’t speak the same language in the UK. Maybe when they Miranda sized him, they, they didn’t use acids instead of these are they used. Yeah. So that was confusing. But it’s an amazing story. It’s a written by dan dan Gooden who is also a really good guy to follow on twitter because he writes a lot of good stuff about our industry and in that, you know, Article two is the full 32 page decision is linked to there. If you wanted to read that, I don’t know you ever read legal decisions.

[00:49:20] Brad Nigh: I have, they’re not always, some of them could be pretty and entertaining

[00:49:25] Evan Francen: because you wanted to or because you had to

[00:49:27] Brad Nigh: because I wanted to, some of the uh, oh gosh, I can’t think of who it was like Brenda and all that with uh, back and day with when they were doing other lawsuits. I read a couple of those because the judge writing those was pretty entertaining in his takedown.

[00:49:46] Evan Francen: Oh yeah, Well I’ve been forced to not really forced to, but yeah, I didn’t necessarily want to, but I had to, So the next article comes from help net security, which is also a really good resource. So if people are looking for places to find good security news, uh helping that security is a good place following dan Gooden at Ars Technica is a good place. Um and there’s actually the whole list I was mentioning in that second podcast or the second blog posts that I wrote last week, one of those things was a list of news sources. These are new sources that I typically follow. Uh So if you don’t have a list of new sources, you know, it’s yeah, It’s good to create one. Do you have a favorite?

[00:50:29] Brad Nigh: You know, I kind of hit the sofas blog, the

[00:50:35] Evan Francen: naked security. Security.

[00:50:36] Brad Nigh: I know because because it just is funny, I mean, it’s effective, right? Remember it. Krebs perhaps. Yeah. In Passaic magazine. Yeah, there’s protect, was it uh Techcrunch? I can’t think of the other one. Anyway, there’s

[00:51:00] Evan Francen: yeah, CSL magazine Security weekly, there’s I mean there’s

[00:51:05] Brad Nigh: there’s so many. Yeah,

[00:51:07] Evan Francen: but it’s kind of cool because it wasn’t and I think most of them are pretty accurate. I don’t see a lot of things that are reported that it seemed fake, you know, I don’t see them rebutted in other places. So that’s that’s nice. Alright. So anyway, this, the article, this article, the title of this article is most companies anticipate a critical breach in 2019. Csos need to prioritize threats. The reason why I chose this one. What’s

[00:51:38] Brad Nigh: that? Yes.

[00:51:39] Evan Francen: Yes. Yes. Yeah, that’s not the only reason why I should prioritize threats. Uh, but the first sentence in this article is what grabbed my attention immediately, 80% of it, business leaders anticipate a critical breach or successful cyber attack over the coming year. That’s that’s a lot. Now did you read further on? Because I have to admit I didn’t because now that I think about it um, do they expect a critical breach or successful cyber attack over the coming year on their own infrastructure or somebody else’s or just in general? Henry debt. Son of a gun because that really makes a big difference. Mm You know, if if I’m expecting myself and my own infrastructure to have a critical breach, but even then 80% is pretty high in words like critical a successful. Those are somewhat subjective terms or words, But 80% is. Again, that’s

[00:52:46] Brad Nigh: that’s yeah, surprising. It doesn’t actually say

[00:52:49] Evan Francen: So. Out of a 1000 I thi so and it’s a pretty good sample size. You know, typically don’t see surveys this large. Uh the survey was done by trend micro. Uh And there’s 1000 security professionals in the United States and of those four out of five expected a critical breach.

[00:53:11] Brad Nigh: What’s interesting is they said it’s gonna be done twice a year. That survey, Yeah, ongoing.

[00:53:18] Evan Francen: Were so data poor.

[00:53:20] Brad Nigh: Yes, I was trends and stuff like that. But I think it looks like it’s for for them choose companies are at elevated risk for cyber attack because critical data operations infrastructure and human capital are not well prioritized and protected respondents. Yeah.

[00:53:41] Evan Francen: So does 80% surprise you. One is surprisingly that the numbers that high in to it surprises me that that many 800 of the 1000 I. T. Security professionals admitted. Oh

[00:53:54] Brad Nigh: I guess it depends on what do they consider the attack if it’s a like a DDOS attack or something that maybe isn’t not a breach but is data services

[00:54:04] Evan Francen: a critical breach man? Yeah or

[00:54:09] Brad Nigh: success or successful cyberattack. So is fishing considered a successful cyber attack? I would say yes. So you get a user to click and provide credentials.

[00:54:21] Evan Francen: We should go and read this study. I think I didn’t read the actual study itself.

[00:54:26] Brad Nigh: You have to find it. I don’t think it’s linked in there is it? No, I

[00:54:29] Evan Francen: didn’t see it but it’s it’s according to the cyber risk index. So it’s a sorry, a trend micro survey. So maybe we’ll do a little research on that and find that out. But 80% still surprised me even if it’s 80% of whatever that’s pretty conclusive. I think it’s evidence to that. You know, maybe the industry is broken. Yeah just maybe

[00:54:58] Brad Nigh: or maybe they’re finally coming around and admitting it which

[00:55:01] Evan Francen: means that we can confront the issues and be less broken. Right, yep that’s a good thing. I like being less broken. We’re all broken by the way. All right. What else do we have? We have the next bit of news is scammers are filling. This was feeling filing, this one comes to us from motherboard the advice dot com and this, the title of this one is scammers are filing fake trademarks to steal high value instagram accounts. And this one I found interesting because man, these, these, these Attackers and scammers are so creative. So they’re going out to the federal government filing a trademark using that trademark then and going to instagram to take over the account saying, hey, somebody else took over my account. Look, I’ve got the trademark here, blah blah blah. Okay. And then they process and you get access to the account until things get sorted out later on.

[00:56:02] Brad Nigh: What’s crazy to me is that that instagram accounts are worth Read the Hassle and the filing fees of a couple $100 and going through that. It’s

[00:56:14] Evan Francen: in the patient’s, it takes a while to get something. We’ve trademarked numerous things here and it’s not an overnight thing. No, I don’t know how you protect yourself from it. Maybe file your own trademark? Yeah, I guess which means that you’re going to have to, if you have a brand that you want to protect on instagram. You’re important enough on instagram, go, go file a trademark.

[00:56:37] Brad Nigh: I mean that’s one of the things we look for in the assessment is, you know, what’s out there. And we found it a bunch of times primarily around facebook where it’s like a, your, your twitter and linked in and all these others are branded and cohesive and consistent. But what’s going on with your facebook presence? We don’t have one. No, no, you do. Yes, you do.

[00:57:01] Evan Francen: You

[00:57:02] Brad Nigh: know about right? It’s a community group and you have one star.

[00:57:06] Evan Francen: So scammers are creating, they’re even going to going to the extent of creating a fake company. So creating a fake company because if you’ve never filed a trademark before, you have to demonstrate to the patent office, the U. S. P. T. O. U. S. Patent and trademark office, um, that you’re using it. That’s, you know, uh, so you have to usually show website shows, logos, maybe even show reports, some kind of documentation, the letterhead or something that’s actually using this. So it’s not like you just say, hey, I want this and then that the government says, okay, it’s yours. Now you have to show them that you’re actually using it. And then, you know, you have to go through all that work, get the trademark and then go to instagram convince instagram that you’re actually that this user name that’s being used is actually yours and you have a legal right to it and then you have to go through that process and then you get the account.

[00:58:03] Brad Nigh: Yeah,

[00:58:04] Evan Francen: that’s no nuts. Yeah. What, how many times this has actually happened? Oh, enough times to, to get in the news, I suppose instagram allows users to report handles that a person or company believes infringes on their trademark. For example, this is hypothetical if the creator of at Disney handle on instagram was not actually associated with Disney, the company may want to obtain our appeal to obtain ownership of the user name. So that’s, that’s how it’s any instagram accounts that you want. How were white hat? Forget it. I’m good. It’s true. Do you have news instagram,

[00:58:50] Brad Nigh: nope. Don’t have facebook either.

[00:58:52] Evan Francen: I don’t use instagram either. I use facebook I was a facebook user like pretty uh uh, regular facebook user until that last election cycle, the presidential election cycle. Everything got an

[00:59:09] Brad Nigh: echo chamber, right? And they’re getting in trouble for some of that

[00:59:13] Evan Francen: stuff. People attacking each other like friends of mine. Yeah. One friend is a democrat. The other friend is a republican and they’re like on facebook, right, pick up the damn phone, go have coffee. I

[00:59:25] Brad Nigh: mean, it goes back to what we were talking about earlier with my daughter getting on when you’re behind a screen like you do and say things you would never do or say in person, right? It gives you this false sense of bravado or whatever. And it just, it seems like it brings out the worst in a lot of people.

[00:59:45] Evan Francen: Yeah, the fake persona. Yeah.

[00:59:49] Brad Nigh: Yeah. Anyway.

[00:59:51] Evan Francen: Yeah. Now I’ve started off on my soapbox. No, no, I started getting, but you have a good point. I mean I’ve gotten back into facebook a little bit more because there’s a lot of things happening in my family and that’s a place where you know, we share stories and share, you know, pictures like this weekend, my daughter was in a show choir event and it was really cool. So I, you know, being the dad, I am, I’m taking pictures, videos and I’m that guy or if you sat behind me, you’re like, seriously dude. So I did all this and then uh, and then I went home and I posted three pictures of my daughter and the show choir thing and just publicly stated how proud I was of her the very first like on that was her. That’s cool. Yeah, so it’s like when I use it for that, it makes me because who doesn’t want their parents to publicly state how proudly and so I know that that just made her so I mean there’s the good and the bad, so I’ve started using, have tried to figure out how to use it for the good, yeah. Change all the settings and everything to try to keep all the riffraff away, have

[01:01:01] Brad Nigh: to create one just to follow my kids. My wife has the account. So

[01:01:06] Evan Francen: yeah, but you’re not much of a social media guy in general, not even your twitter, you don’t,

[01:01:11] Brad Nigh: I don’t, I read a lot. Yeah, I read that bank. That’s primarily what I’ve used it for. It’s just like it’s a great news aggregator. If you follow the right people. And

[01:01:23] Evan Francen: yeah, I got in trouble yesterday uh, on twitter a little bit, um, I follow, you know, I don’t know some people and one of the people person, one of the people I follow is like 61,062,000 followers. And I don’t know if I was just in a mood but retweeted one of their tweets and I was like, I don’t know why I didn’t say nice things. It wasn’t questioning things, right? It was, I don’t think it was meaning I never intended it to be that way. That’s the thing on social media to can you tell my intent? I don’t

[01:02:00] Brad Nigh: write the sarcasm doesn’t translate

[01:02:02] Evan Francen: Well, right, retweeted. And and and then that person who has 61,000 followers, I have like 600, right? Uh, took exception to what I had written. You know, and uh, And so I replied to it and then they’re 61,000 followers. Like, you know, just bombarding me. I’m like, whoa, all right, let me set the record straight. But if I hadn’t been watching like, let’s say I just posted that tweet and then went to bed. I woke up the next morning with like 50,000 comments of some crap about how I’m such a jerk and whoa Yeah, you gotta be careful

[01:02:47] Brad Nigh: with it and it’s only what, you know, imagine the people that say something that with millions of followers and having to deal with that. It’s Yeah.

[01:02:56] Evan Francen: So yeah, social media is an interesting, interesting thing, the last news story I have and then we can get out of here and get onto our week because I don’t know about you, but I got plenty of work to do.

[01:03:09] Brad Nigh: Mhm.

[01:03:10] Evan Francen: So this one comes from the register, which is another one of those news sources that I really, I like because I love their the way they were snarky. Oh yeah, that’s fun. Especially for some of us have politically correct like me.

[01:03:24] Brad Nigh: See, I think, you know, that’s why the Sofas one, they’re both they’re both based out of the UK, right? So they’ve got that little bit of that.

[01:03:31] Evan Francen: Yeah, they really don’t care if they offended by what we just said. So in this 1, 620 million accounts stolen from 16 hacked websites now for sale on the dark web. So the seller boasts um lots of big dumps just happening on, on the dark web over the last few weeks. uh this is just another one of those uh there was another one over the weekend. Um 127 million or some big number becoming sort of desensitized to these things. You know, we don’t know the age of these accounts, we don’t know, you know specifically what’s in it all dub smash armor games 500 PX, which is I think a photo editing thing. Place white pages share this. So on lots of different accounts,

[01:04:23] Brad Nigh: The one thing I noticed on this, a lot of them were hashed with Sha one right, that’s a great that had to look and make sure I wasn’t like wait a minute. That’s that’s not

[01:04:36] Evan Francen: Right. At least it’s not empty. five true. Mhm. There’s probably still, I mean there’s gotta be some out there still hashing

[01:04:44] Brad Nigh: With Shaw 5 12

[01:04:47] Evan Francen: but it’s been a long time. It’s been a while since I’ve seen Uh huh. In any one of these breaches. It’s been a while uh where passengers are starting clear text in the database. We used to see that a lot more often at least now a lot of developers and admins or

[01:05:04] Brad Nigh: at least they’re doing something

[01:05:06] Evan Francen: right. Things a little more, a little more difficult. But 600 what’s

[01:05:11] Brad Nigh: that does hashed.

[01:05:13] Evan Francen: Yeah. Does. Mhm Yeah, this is done.

[01:05:17] Brad Nigh: Oh, come

[01:05:18] Evan Francen: on, come on. But they’re selling the 617 million accounts for $20,000 or less than $20,000. So there’s just so thinking about these things. I got to wonder, you know, we and I wrote about this a little bit last week and linkedin actually um I wonder how well we actually know Attackers motivations on things. I think we assume a lot of things that we assume what an attacker is motivated by like take for instance, uh, manufacturing, I’ll be talking to a bunch of manufacturers on Wednesday. One of the common things that here is we don’t have anything that the Attackers would want. It’s like, are you sure about that? Because that would assume that you know what the Attackers

[01:06:04] Brad Nigh: want. I’m, my immediate thought is really because I guess that there’s some probably competitors and overseas that I want your

[01:06:16] Evan Francen: Yeah, yeah. You don’t think china wants europe. Well that’s, and then, uh, and so you do some research and you find out that the number two according to cybersecurity ventures or whatever, The number two most attacked, uh, industry is manufacturing. So the Attackers don’t have anything that you want. And why is that the case?

[01:06:40] Brad Nigh: Because you have the mindset that

[01:06:43] Evan Francen: right. It’s also low hanging fruit. Plus, you know, if I know if I take your manufacturing facility offline that you’re probably gonna panic and pay my ransom, you know, because you’re losing potentially hundreds of thousands, millions of dollars an hour. So my, my request, my request for $120,000 isn’t gonna, it’s not too bad. It’s not gonna faze you when you take that into account. But anyway, so I find that These records used to sell for a lot more and maybe it’s just the volume, maybe it’s 670, maybe it’s the age of the accounts, there’s all kinds of things that might play a role in, that used to be credit cards like when the target breach happened. I think those whatever they signed for, It’s like 30-35 bucks right? I think record.

[01:07:32] Brad Nigh: Well now what you’re seeing is that it’s the insurance health care that’s got the big value because I think your priority there’s so many out there for the other stuff it’s just

[01:07:45] Evan Francen: but these things are super good for credential stuffing. Yeah. Right because we know that people have a tendency to use the same username and password. So this is still really good information to get access to potentially that healthcare information. Yeah But 20 grand for 617. I wouldn’t even know what to do with that many accounts and that’s a lot of accounts. Ah yeah, not expensive at all. Which which I guess and I assume the attacker is selling multiple copies is not just okay. The first one that comes up with 20 grand grand 20 grand a pop. So this will get into the hands of sort of multiple people. And the people that are buying these law enforcement does by these because they want to get out ahead of some of the stuff and they use it for their own research. But most of the people that are buying this plan on using it for bad purposes. I would assume you would think so. So if you I don’t know get in the habit of regularly changing passwords. If you have the opportunity to use multifactor authentication. Always choose it and understand that multifactor authentication is not this over bullet, nope. It just makes it a little more difficult. Reminds me a couple of weeks I’ll be out at our psA uh with uh roger grimes who wrote that. I’m super excited. That would be cool. It’s got an email from him this morning. Just I’m pumped to just meet the guy and you know, face to face. We’ve talked online numerous times, but all right. So change your passwords. Turn on multi factor authentication. If you’re using a service that does have information that you’re really concerned about and they don’t offer multifactor authentication go somewhere else That does. There’s

[01:09:29] Brad Nigh: a lot of alternatives.

[01:09:30] Evan Francen: There’s just no excuse. There’s no reason to protect any information that you find valuable with just a username and password. Yeah, it’s not worth it. Get away from it. Change habits. All right. So there was my soap box a little bit, I’m tired of multi I’m tired of single factor authentication hanging out on the internet. It just drives me crazy. And if you make an rdp like the one I was telling you about earlier that just makes me even crazier. Uh huh. All right. Mike Crofton adobe last week did release a whole slew of patches, 70 some odd patches, patch your systems, that’s just another hygiene thing that we should all be doing regularly you see in our industry how some experts try to slice and dice. Like you only have to apply these patches over these other patches. Just apply them

[01:10:20] Brad Nigh: all. I mean, if you’re gonna stop. Yeah, you gotta patch window, Just just knock it all out.

[01:10:25] Evan Francen: Just patch it. Right. Mhm. So yeah, vulnerability management of pain in the ass. Especially if you don’t have asset management held down those two go hand in hand. Uh Anything else? No? Okay, so we’re coming up towards the end of the podcast. Uh so that that just about wraps it up for episode 15. Bad has no parting words. Or do you? You could use multi factor. Use multifactor. There spreads wisdom. Use multifactor. Next week we’re planning on something special. I haven’t talked to brad about it yet, but I want to see how he thinks. Uh so do tune in for the next week. I think it will be fun. And as always, I’ll remind you again, send your questions suggestions to us at unsecurity@protonmail.com. And that’s it. See you next week.

[

Open Source Intelligence – The OSINT Framework

About

Work with Us

Resources

Contact