Powered by the CrowdStrike Security Cloud and world class AI, the CrowdStrike Falcon platform leverages real time indicators of attack, threat intelligence, insights on evolving adversary tradecraft, and enriched telemetry from across the Intraprise to deliver hyper accurate detections, automated protection, and remediation.

All this, and elite threat hunting and prioritized awareness of vulnerabilities. CrowdStrike. Unified platform, one agent, complete protection.

. And now, this episode of Unhack the News.

Christian Rodriguez is with me.

Hey Christian. How's it going?

[00:01:26] Drex DeFord: I'm good. You're at CrowdStrike. I'm positive that you've been promoted since the last time I've talked to you. What's your job title now?

[00:01:35] Drex DeFord: It's like, I don't know, I just show up and people introduce me and then I just roll with it.

[00:01:50] Drex DeFord: love it. I love it. And you've got your own podcast.

[00:01:59] Drex DeFord: It's really [00:02:00] one of my favorite things, and it's because you and Adam. almost like when I watch the podcast, you are doing your best to, in a very subtle way, try to figure out how to aggravate Adam A.

Little bit. And it's especially around things. We're gonna talk about one of these today. Voice phishing. Yes. So I notice that he has a thing about vishing as a word.

But yeah that's an interesting topic. It's coming up it every. Event that I've been to, every conversation I've had has kind of, circled around this topic, right, of a

[00:02:48] Cristian Rodriguez: Cool.

[00:03:03] Cristian Rodriguez: , It's funny, we actually just recorded an episode this week on this topic, specifically scattered spider.

But more importantly kind of the evolution of how attackers went from this very aggressive. Slew of campaigns that were very much focused on like malware and like exploits. And I think the exploits are still very much relevant, but malware use as an entry point, as an initial access vector, if you will, has been significantly reduced.

And the identities have been kind of, just this ocean, if you will availability. Right. Right. That these attackers are kind of fishing for. I just got

So more credit monitoring for me.

I mean, again, this is very against the grain, [00:04:00] but I think at some point based upon all of the breaches and all of our personal information being out there, I think at one point it won't even matter as a consumer, right? I think what's gonna happen is you're gonna, there's gonna be a major shift in the responsibility, being brought into the banks, right. Whoever's basically authorizing the opening of credit or authorizing certain transactions. I think it will, I think we'll get to the point where banks and financial institutions and credit, companies are going to have multi-layer authentication and approval processes built into the way that you buy and the way that you transact online, to the point where

if your information was stolen the act of creating new credit is gonna be very difficult. Right. So I think long term, that's where we're gonna go. Where, I don't wanna say you shouldn't care personal information is out there, but at some point, I think the grand scheme of things it's probably out there.

Like all of our information is out there in some capacity. Right. So, I mean, I don't know where it's gonna go, but I think that's what's gonna have to happen right. At some point.

[00:04:59] Cristian Rodriguez: [00:05:00] Yeah. For those not familiar with it. Right. So, imagine someone calling up your help desk under the guise of an employee under duress, and they're asking you to reset passwords and your traditional help desk analyst is trying to help as their title implies and they're they want to close out that.

ticket as quickly as possible. So they're gonna try to walk through, some basic questions to verify your identity, right? Like who's your supervisor and your department and like your phone number. And these are very antiquated business practices, right? Where putting that employee or that person on the other line through.

A series of harder questions or validations is something that I think most organizations need to improve on. So for example, getting that person on video, right? Or asking that person to show some authentication in the form of IDs or passports, like on the camera.

[00:05:44] Cristian Rodriguez: yeah, exactly.

Exactly. Like get on camera. Right. And I know we can talk about AI and deep fake, but I think there's other ways to make sure that the person is who they say they are and then maybe even adding like a third party, like a tertiary. Validation, process like a coworker or like a supervisor, right?

Which they brag about in their various forums and comms, their success it's proliferating through other E-crime groups that are scratching their head saying, oh, I don't have to try that hard. I can just pick up the phone and dial for dollars, if you will. Right. There's a lot of copycat in

Then the next group and the next group, they're like yeah, we can do that.

And they're calling in.

This same stuff happened to them. You talk about that in the Global threat report, but it's in the news all over the place. It is. Tell me more about that story.

They have been embedding agents in, Western enterprises for a few years now. Where they have these agents go through a variety of job applications. They go through interview processes and they actually get hired by companies like software companies, very big reputable names that hire these folks Yeah.

One category of, someone just developing. So a North Korean, like literally just doing

[00:08:11] Cristian Rodriguez: They're doing their work and then their salaries are going into the weapons program, right. For example. Yeah. Right. And there's other groups that are embedding malware and they're looking for sensitive data, right.

Based upon what their access ultimately entails. And there are over 300 organizations that we've identified that had this issue. And I was at an event a couple months ago on stage with a ciso and he mentioned, he's like, Hey, we were impacted by this. We had an actual agent in our DevOps team that was attributed to.

This North Korean actor in this nexus and, it's kind of wild right? To see that it's proliferated for quite some time and there's a lot of money that went into. The weapons program, right. And yeah. By Mr. Kim Jong-Un. So it's definitely not slowing down.

Even asking that person to come in in person right. To maybe grab their laptop in there. Just some of the excuses are, oh, I'm visiting a family member. Or, if someone's out sick or someone's in the hospital, I can't make it. Can you ship my laptop to somewhere else? And it's effective and it's worked in the past.

[00:09:35] Cristian Rodriguez: Sure, yeah. And they're

And so that sense of urgency's all part of it.

Let's get this role filled quickly. Let's, they wanna move on to the next one, right?

[00:10:04] Cristian Rodriguez: Yeah,

[00:10:05] Cristian Rodriguez: interesting now that I'm saying this out loud. There's an interesting correlation between the help desk objective and the hiring manager's objective, right.

To say like, Hey, I just want to get this through, the process and onto the next thing. Yeah. Right. And I think there's an urgency issue that I think we need to address in the grand scheme of like security enablement for HR and help desk to say, listen, these are things you need to be cognizant of.

On both sides of

[00:10:31] Cristian Rodriguez: Yeah. The,

[00:10:41] Cristian Rodriguez: Yeah.

[00:10:52] Cristian Rodriguez: I know. I just thought about that and I'm like, oh, that's interesting. There's, they're both a plan urgency, so you can put

Yeah, I'll

[00:11:01] Drex DeFord: I'll do that. Totally. I wanna ask you too, one of the stories or one of the things we talk about regularly, but I just think it just, we can't talk enough about it. Yeah. There was a story in the nightly from Australia and it was about, conti and all of the messages that got leaked, but more and more insight on how bad guys really operate, like startup companies who have a lot of money.

Yeah. I mean, they just, they have CEOs and CFOs and I mean, you see this kind of stuff all the time. How do they look and how do they operate?

And they're building counterintelligence tools. And with some of the leaks that took place not long ago with a couple of those organizations. The chat logs were [00:12:00] leaked. You saw them communicating sentiment around like salary issues, right. Not getting paid enough or, not having equity in a stake of these smaller defense contractors.

Yeah. Which I thought was interesting. Right. They're building these, offensive tools, if you will, and they are trying to make money. Right. So that's on the nation state side. On the ECRM side, you have this ecosystem of, I don't wanna call it like a pyramid, but you think of, groups that are designing ransomware and they're selling the ransomware as a service versus groups that are more focused on selling identities.

Right? And then there are like these lower tier groups that don't necessarily have the technical aptitude to build these, tools from scratch, but they'll subscribe to these services because it's a lot easier to just, use what's out there and use, what is being innovated on.

Right. So, if you subscribe to service subcontract, sub subcontractors, somebody who's actually

[00:12:52] Cristian Rodriguez: exactly. Correct. And your goal once you spend the money is to just find your targets. Right. And then, hopefully infiltrate them.

We've seen groups that. We'll find victims and just spam them, right? Sign 'em up for all these newsletters or things that would interest them, but they're just getting spam and their inbox is being flooded and then they're calling up that victim under the guise of someone from the help desk. So that's kind of the inverse of what we mentioned earlier, right?

Saying, Hey, are you getting a bunch of spam? And that person is saying, yes, I am. Like, can you fix this? And go, yeah, you know what I can do? You mind just downloading this remote management tool? Lemme get on your system and start to fix things and rectify it. Oh, and that is ultimate. Their path into that system, and then they wreak their havoc and jump credentials and move laterally.

And so, it's interesting again that a lot of these adversaries have reverted to like the Kevin Mitnick style of an intrusion, right? By targeting the human side of the house in a much more personal way. And it's been very successful for them.

[00:14:13] Cristian Rodriguez: Oh yeah. Okay. And it makes it

Absolutely. Yeah, totally. No, man, my machine is totally messed up and yeah. I would love your help.

[00:14:27] Drex DeFord: the right phone number from the help desk. Yeah.

[00:14:37] Drex DeFord: They're almost like magicians in some ways.

[00:14:42] Drex DeFord: and don't feel

Right? And [00:15:00] then onto the next one.

[00:15:07] Cristian Rodriguez: yeah. Absolutely. Yeah.

There's a ransomware gang that's using an AI chat bot to initiate their deals. Have you guys heard of this and seen it and how much of it, is out there, or should we read about it?

I think, yeah, so I, I think it's just part of what we've seen with technical operations being kind of augmented with. Right. And that's where, a lot of these groups are, they're getting into the let's, there's targeted campaigns where there'll be a very, big focus, very aggressive, targeting of high worth individuals, if you will, within an organization.

If you're on a forum think of the way that Intel collection is done. If you're on a forum and you're monitoring adversaries and the way that they communicate, right? And that same communication style. Is used in actual negotiations, right? You can, there's other, there's so much that goes into this.

I'm really simplifying this now, Uhhuh, but I can say, Hey, that's this person. We've been tracking them Uhhuh, they may be part of this campaign. Language, you name it. Right? And we have linguists that will analyze this type of activity. Yeah. But when you start to implement a chat bot that just starts communicating on your behalf, right?

And it

[00:17:04] Cristian Rodriguez: Yeah, at some point it, it does. Right now there's plenty of ways to, go beyond analysis of like, what is the bot? Where is this being spun up? Where it being host? I mean, there's so many other things that you can do, but you know, the days of the negotiations.

Where there's like a message, for example, that just pops up and says, call this number right. And make a payment, and you're talking to someone. I think that's, you will see that probably fade away as AI starts to take the role of that persona, if you will.

[00:17:37] Cristian Rodriguez: You got it. Thanks so much.

Sign up at thisweekhealth. com slash news. I'm your host, Rex DeFord. Thanks for spending some time with me today. And that's it for Unhack the News.

As always, stay a little paranoid, and I'll see you around campus.