A

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them@meter.com CST We've got an interview for you this week, following up on an interesting story about a malware that was authored by an AI. It certainly wasn't the first malware that's been written using AI, but it was a little different. Now, just to refresh your memory, here's the story I did. It's only a couple of minutes long. Voidlink appears to be one of the first clearly documented cases of advanced malware authored almost entirely by artificial intelligence. Check Point says voidlink represents a break from earlier example of AI assisted malware, which were usually tied to inexperienced threat actors or simple rewrites of existing open source tools. In contrast, they say Void Lake shows evidence of structured engineering, including documented development, sprints and coding guidelines, suggesting deliberate, disciplined design rather than simple experimentation. What makes this discovery unusual is how early it happened. Researchers believe they caught voidlink largely by chance after a compiled test version was uploaded to VirusTotal very early in development. One recovered artifact, timestamped December 4, roughly a week after the project appears to have begun, shows the framework already functional, with more than 88,000 lines of code. That early submission gave the defenders a rare look inside the project that likely would have been far harder to analyze once it was fully operational. Check Point notes that while the project was presented as a 30 week engineering effort, the available evidence suggests it was built much faster, highlighting how AI can dramatically compress development timelines for even complex malware. And despite the listings of various teams in the documents, it's quite likely, according to Checkpoint, that this was actually done with AI and perhaps a single individual. So the concern isn't just speed, it's also originality and technical innovation. This wasn't a remix of known tools, it was a custom framework produced at scale. This doesn't mean that AI written malware is suddenly everywhere, but voidlink shows what happens when capable developers use AI as a force multiplier, shrinking the time between concept and deployment and leaving defenders with far less warning than they might be used to. We put a link to the Checkpoint paper in our show notes. Check technewsday.com or CA under Podcasts and we've reached out to Checkpoint to see if we can get an interview for our weekend show. And thanks to a very responsive PR person at Check Point, I was able to get an Interview with the researcher who found the malware and the head of the team, because as you'll find out, this is pretty much a team effort. It not only gives you some deeper insight into the story, but I think it might give you an idea of how some of this type of research is done. My guests are Pedro Dremmel, who heads the cybercrime research team at Checkpoint, and Sven Raat, who is a security researcher based in Vienna. Sven is on Pedro's team and did the initial research. I reached them on Friday morning, my time, which is late afternoon for them on Friday. Thanks for sticking around, guys. And we'll jump into the discussion.

B

My name is Pedro Dremiel, and I'm a team leader at the best research team at Check Point. We call ourselves the Cybercrime research Team, which Sven is part of. And we basically track emerging threats. We try to find new, potentially unknown threats that we can learn. For that we can better provide protections to our customers and also through our research community via our blog, and also at our security conferences.

A

Great. And Sven, what's your role at Check Point?

C

Sure. Yeah, I'm a security researcher at Check Point. I joined just a few months ago, before I've been working on offensive security. So I've seen. I've written malware, I've used malware, and I'm on the other side. I'm hunting malware. And I don't emulate threat actors anymore. I hunt for them, basically.

A

I can't let you get away with that. You used malware, now you're hunting malware. Tell me more about that.

C

Yeah, so before doing the security research or threat research at Checkpoint, I was doing pen testing and red teaming. So essentially, yeah, emulating the bad guys. And we, of course, rewrote a lot of malware because we have to simulate what the threat actors do. So I know both sides of the spectrum.

A

It's an interesting thing. I have other friends who are researchers and they say the same thing. And one of them was talking about, you can. And she's not going to, but you can almost get sucked into the mentality because you have to start to think like they do to do research. Is that a fair comment?

C

I would say so, yeah. It definitely helps to know how the other side looks like.

A

Pedro, somebody told me you were with BlackBerry at one point. You've had a fairly long career.

B

Exactly, Yeah, I was. I even was part of the BlackBerry security team when they used it to sell cell phones. Initially, I was a malware analyst at the BlackBerry Security Research Team. So basically, Analyzing potentially malware uploaded to the BlackBerry store when it was introduced to BlackBerry 10. Not sure if you remember like earlier around 2012.

A

I remember thoroughly. I did a lot of work with BlackBerry myself.

B

Yeah, it was, we had some, it was an amazing team we had out there. It was really good. And later I also rejoined when BlackBerry acquired Silence, which was a, an AV engine sort of thing. But that was, the research was different. It's pretty similar to the research we currently conduct here, which is more understanding the landscape. So in a nutshell, but initially, yeah, my first time was as a malware analyst, so pretty much we evaluated apps submitted to the BlackBerry Store, trying to find signs of malicious activities, any sort of malware or any app that was behaving in a way that was unintended for privacy reasons, for example, leaking your phone number, your contacts and stuff like that. So it's a bit of mix of looking for signs of malicious activity and also privacy related concerns on the BlackBerry store.

A

Got to bring you back and talk about apps at one point, but let's talk about Void Link right now. But before we, we get it, dive into Void Link. And I do want to do that. I can you share with our audience what your job is like, what you know, what you do in this research area.

C

It's very creative and I don't think there's a definite answer to that because every researcher has their own style. So essentially the goal of my role is to find interesting campaigns, interesting malwares, interesting stories, so to speak, in the cybercrime ecosystem and then analyze them easily with like in the technical analysis intuit and then wrap it up in an article that is potentially interesting for the community to read. This of course has the byproduct of improving our products, right? Because Check Point also does detection products and so on. But mainly it's about finding new interesting campaigns and new malwares. And how to do that is completely undefined. So everybody can do what they want, so to speak. The classic way would be to use something like VirusTotal, right? Which is like a crowdsourced repository of a feed of malware which, where everybody can submit malware and you can, you can filter these samples and you can look for interesting samples depending on some capabilities of the binary or whatever and then hope to find something interesting. But you can also, for example, look for ways that threat actors could distribute malware, right? Because recently we looked at the YouTube Ghost Network, which was a network of compromised YouTube accounts, and these YouTube accounts uploaded videos with lures to fake installers for Software, for example, a cracked Photoshop version, free download Photoshop and so on. And this would be another approach to find a malware campaign, uncover the actors behind it, uncover the malware behind it, and so on. But yeah, the possibilities are really endless. And that's what's so fun about this job.

A

Yeah, we covered that. And I'll go back to my reminder to anybody, to our security audiences, you have to reinforce the people that they don't find their software on YouTube. They can research it there, but for God's sakes, don't download it.

C

You can read our article then what's expected?

B

And I can second opinion on this because every research we have, it's ultimately to their most interest area they have a passion for and that's why they usually find the most interesting stuff. So we of course try to use similar systems and similar tools and everything. But at the end of the day, the researcher passion and the way they think about a given specific topic is what ultimately matters to finding these new stories, these new tools.

A

And the reason I wanted to say that is, and I've had a long history, I know the people at Checkpoint very well and so I'm not. But our audience is the most suspicious about vendors. They always are, they always will be, that's just the way it's going to be. But the research areas are largely independent in my understanding and produce the research, yes to improve the product, but also to inform the public. And so I think want to enter it with that piece now, if it happens to be that makes your product better, good for everybody. And the reason I've prepped this so much is because it is a pretty bold claim to say that the era of advanced AI generated malware has begun. That title got me. And then I started to dig in and went, these guys might be right. And I've been following this for quite some time. Can you tell me what voidlink is first of all? And then we'll jump from there.

C

Yeah, sure. So voidlink is a Linux malware. So maybe I can tell the story how I found it because it's also funny. So essentially I was doing what I said earlier. I was looking on virustotal through various hunting routes, looking for suspicious binaries. And my goal that I set myself was to find some interesting Linux malware because most malware is based on Windows. Linux has a little bit less of a share in the malware ecosystem, but that doesn't mean that there's no interesting Linux malware. So I set up for the quest to basically find something Interesting. And then I had a rule which was looking for like rootkit components and there were a few samples coming in each day I was looking at them and mostly it's just like open source malware compiled and uploaded to void virus total. So it was not interesting. But this one binary stood out, which was the voidlink binary. And there were a few things that were special about it. So the first thing was it was written in a very unorthodox programming language, which is Zig. It's like a rather new systems programming language. This was the first thing that popped out to me because it was very unusual. And then I decided to analyze it further and it had the really big feature set, like it had loads of different modules, it had the plugin system, it had a development API for plugins, it was very modular, it was very well engineered. And also it had this cloud and container focus that you very rarely see. So it had like modules for enumerating different cloud providers, for moving naturally in container ecosystems. And in addition to that it had multiple rootkits, like not one rootkit, but multiple rootkits integrated into it. And it had a focus on EDR detection and EDR evasion. And now that might not be special if you're talking on Windows malware, but on Linux, the EDR ecosystem is not as sophisticated as it is on Windows and it's not as prevalent to find EDRs on Linux systems, especially container systems. So this was also very special. Like this malware was engineered specifically to evade security products on Linux. All these components together were like very special. And you can say there's nothing really groundbreaking, like there's not a new technique in this whole framework, but it's just very well engineered and it has lots of features and that's what stood out.

B

And the part of the cloud as well was something that stood out right then where it's not very common even on the Windows side. Especially because then you would target potentially software developers that use their development environment on a daily basis, which could lead to potentially more interesting attacks. So the victims was also more widespread and we didn't really know which victim could be at our first analysis, right?

C

Yeah, exactly.

A

If you found it, there's evidence that people are trying to use it. Is that fair?

C

It's not really clear because oftentimes you find malware developers uploading binaries to VirusTotal, because VirusTotal also shows this statistic how many engines detected the malware. So it's a classic way you're writing a malware, you're uploading it to VirusTotal. It has five detections out of, I don't know, 40 engines. And then you as a developer, okay, I have to refine this because I want zero detections or the product that I want to attack doesn't detect it according to the scanner. So it's fine. So it doesn't mean it was found in the wild. It could at well be, yeah, that the developer himself or herself uploaded it.

A

So you found a piece that developers were working on and they're testing it out to see. Using VirusTotal to test it out.

C

Likely you don't know, Right? It could be somebody found it on the Internet, somebody was infected. Could also be possible. You don't know. But at the same time, it doesn't mean somebody was infected. Venison virus, total. It could be coming from anywhere.

A

So how did you know it was. You've, and we've said this before, it was sophisticated. It had a number of modules, had a lot of functions that it could do. It had a, a real architecture to it, and I can't. I will post a link to the, to your paper and I do urge people to go and read it because you've got a really, you've got a really good display of its architecture. It's pretty sophisticated. How did you know it was AI generated?

C

Yeah, this is where the funny part of the story comes in. So I found this malware. It had a string, like a piece of text in it which said void link implant core version 3.0. So this was suggesting to me, okay, version 3.0. This is a sophisticated framework, is a big framework. It's already in the third iteration and I've never heard about it before. I'm onto something big. I was analyzing it, I was writing down my notes for the technical analysis. And at the same time also, because in the malware, usually you have baked in the IP of the command and control server, right? The server it connects back to. So I was also looking at the server and you could pull the new versions from it, basically. So I pulled up new versions and it had even more features than yesterday. And I analyzed this and I could barely keep up because the next day they implemented even more features. So I was baffled, like how fast they can actually develop this thing. And then I gave the IP to our threat intelligence team and I said, hey, can you please monitor this because I am going on Christmas vacation now. And I was two weeks on Christmas vacation. I was like, man, I hope no one publishes about this before we do. It's really Interesting. I couldn't wait to get back to work. And then I got back to work and basically our Threat intelligence team was like, hey, Sven, glad you're back. Because we have access to the panel, so the command and control panel that the actors would use, we have the source code, we have 37 plugins downloaded, and we have the documentation for the framework. Because the threat actor or the developer of Void Link, they did a very big mistake, which was for a small window in time, they had their server open unauthenticated, so you could access the webpanel where you would administer Void Link. And they also had a misconfiguration in their server, which is called an open directory, which essentially just means you could list all the files on that server and download them. And in there was the source code, there was the documentation, the plugins, and basically everything. And from this documentation, to come back to your original question, we could infer that it was, yeah, in fact completely written by AI.

A

And part of what I was reading through your paper, you said that it had all of these different teams and all of these different stages and stages of development that basically had done this work in next to no time at all. So it became obvious that it was AI developed. And do you have an idea of how many developers they have working on it?

C

We're pretty much sure that it's one developer. And that's the crazy thing. Initially we were like, we read the documentation where it says there's three teams working on this and it's like in sprints, like sprint, one implement this and that, week 10 implement this and that feature. So this is all very thoroughly documented. So we fell into the trap and we thought, oh, this is like a team of developers. But then we realized the timeline in this documentation doesn't match the actual development pace at all because I pulled the binaries and they were moving much quicker than it was implied in this documentation. So something weird was going on. And then essentially we found out that this documentation was just the documentation that the developer gave to an AI agent. And this AI agent is then simulating these teams. So basically running through the documentation and implementing the framework by itself according to the specifications. This is known as spec driven development. It's a software development methodology and it's basically how modern software development works. But yeah, looking at the timestamps, we then realized this whole thing has been written in six days by one person.

A

So what you're saying is one of the things, and as a former development guy myself, one of the things you're saying Is your suspicion was raised because they actually adequately documented it?

C

Basically. Basically.

A

But I've spent a lot of time trying to get people to document their work and these guys seem to have done a pretty good job at it.

B

Yeah, the thing is that Gwen left for vacation and was going through the all the analysis and everything. We had one idea where, oh, maybe they could be creating a new competitor for other malware frameworks as a commercial product. They could be potentially be associated with nation state as well, given how advanced it was and how maybe a big group was creating this. And then when we found it was AI created and likely a single author, I was like, okay, that fooled us because we thought could be something fully advanced by a big group and at the end of the day it was very likely just single individual creating it. I would say that AI fooled us as researchers as well in our initial thoughts before we had access to the remaining of the source code and everything.

A

So just to recap, they found this. It's interesting the thank heaven the developer is sloppy on their own server and leaves it open so that you can get this, because otherwise you may not have seen this type of window. And that was the thing that most amazed me was to say we don't know how much of this is going on in the real world, but we've seen this in real life now.

C

Exactly. And that's a very good point, Jim, because just to stress it again, this is not the first malware that was fully AI created. We see fully AI written malware scripts all the time, like PowerShell scripts. You can see all the hallmarks of LLM generated stuff. You see all the documentation, like the comments in the PowerShell scripts with emojis and everything. No threat actor would do that. But because it's generated by ChatGPT or whatever, you can spot it almost immediately. What's new about Voidlink is that we're not talking about the PowerShell script or a simple loader or dropper or whatever. We're talking about the whole framework with like multiple components, plugins and so on. And it's fully written end to end by AI. But also this is likely, and this is the point we also make in the article. This is likely not the first time a malware was written like this, but it's the first time, at least to our knowledge, that we could actually see the development artifacts and we could basically prove that it is written this way. And you don't know what other sophisticated malware was fully written by AI because it's just the state of Software development. But what's special about this research is that we actually have insights into all these and proofs for all these documents, processes, dev development processes.

A

Is there any way to tell what tools they were using? I mean, there should have been. There should have been guardrails that kept them from being able to do something this sophisticated.

C

So we have evidence that they use the tray AI, which is like an ide, so a development environment similar to VS Code or Google Antigravity or Cursor. So it's just an idea with agent support. I think it's by bytedance. So it makes sense that somebody from China uses this software. We don't know which model exactly they used. But you're right, usually the models, they have guardrails to not help people in malware development. But we found a document which basically could potentially or was likely used as a jailbreak for these models. So what they did was they have this document which they also feed to the agent, and they basically brainwashed the agent to think that this is not malware but a legitimate framework. I don't have it perfectly in mind right now, but it basically says this is not malware, this is a legit remote administration tool, it is compliant to all legal implications, whatever, and so on. So it's basically whitewashing the language so that the agent afterwards or the model afterwards accepts that this is not malware development, but legitimate software development.

A

So if it's doing this, and the reason I bring this up is because if we say we really are at a point where we might see a wave of malware developed, sophisticated malware developed by AI, this case, they're jailbreaking. I've heard from other researchers that you can find AIs that are pretty sophisticated in development that have no guardrails at all that many of them work with.

C

That's true, but usually you have to run these locally. And if you want to have a good model, this replay requires a lot of computation power, a lot of GPU memory, which not everybody has. I think we know this was written on a MacBook which has good chips for AI. But to have a real state of the art coding model, you would need a dedicated GPU cluster. So it's easier or it's not easier, but it costs less money to jailbreak an externally hosted model than to run your own state of the art model.

A

Absolutely. But ByteDance is open source as well, right? You could run it, couldn't you?

C

I guess you could, but as I said, not everybody has 20 GPUs in the cluster at home.

A

So lying around I couldn't Eight MacBook minis stacked together, you'd be surprised.

C

But I also don't have eight MacBook minis but yet.

A

But the reason why I'm trying to get this is because we're trying to assess the sort of threat that we're working with. In understanding this, we note that we're now seeing a more sophisticated form of malware that can be created. And I've done research, interviews with people too. They've gone from, from really a, a zero day to a threat in 15, 20 minutes. Being able to get something simple together. But this is a sophisticated piece of software. How well would this work in your opinion?

C

How well would it work to write something like that?

A

If yeah would do. How big a threat is this? If they actually successfully pulled this off?

C

I think it ups the ante. It means, it lowers the barrier. It means custom malware can be developed quicker. So this could also mean that signature based detections are going to be pretty much useless soon. Right? Because signature based detections, they signature basically or they write signatures on the code base. But if the threat actor just has to tell the model, hey, rewrite this in another programming language or whatever, all these detections become useless. And if the cost of that refactoring is near zero, then yeah, as I said, signature based detections become more and more useless, which would mean defenders would have to switch to more behavioral detections. I think this is an implication and the other implication is that it's easier to develop malware. But this is only partly true because this, the author of voidlink is not somebody who's not knowledgeable in all this because to do the spec driven development, you have to be really good at actually writing out these specs. You have to know system engineering, you have to know malware, you have to know Linux, you have to know all these things. It just, you don't have to code it manually anymore, but you still have to design it and write the specifications. So it doesn't mean just everybody can go there and say hey chatgpt, write me a Linux Commander Control framework. Because yeah, that's not going to work.

A

Can I challenge you on that? Because if we're talking about developer with a friend of mine who's another developer and he was, we were testing out Opus4.5 and he shrugged at me and said of course I did the specs with ChatGPT. Yeah, and you can pretty he now it wasn't malware, but he had, he was doing a pretty sophisticated Linux application And he wrote, he just, he used ChatGPT to write all the specs.

C

Yeah, the specs and void link are also LLM generated. That's clear from the language, it's in Chinese. But it has also all the hallmarks. It has these grandiose statements and so on. So this actor also wrote the specs with the assistance of an LLM. But I would still argue you cannot just say chatgpt, write me specs for Linux command and Control framework. You still need to know, hey, I want this feature, I want that feature.

B

Validation as well has specific validation requirements to check if every stage is working fine and all that because I would say in terms of when we started looking for potential threads, uses within AI usage are created by AI, we knew that at some point anything major would come from major threat actors. Because all we've seen before, like Sven mentioned, were like those scripts or even functions created by AI which were very random functions, like something very simple that anybody could write. But this was a way more advanced than we've seen before. And the same way that we still believe when AI will become much higher thread to security is coming from experience and threat actors. This proves a little bit this case because it needed some sort of experienced developer, not a very junior one would be able to write such code, I think proves a little bit what we thought before. Those AI threads would be more dangerous coming from most experienced actors or developers, not from the script kids, if we can call it them this way.

A

But still being able to use and modify and we talked about signature based detection being more or less overwhelmed by the ability to make changes. And apparently they're pretty good at, they may be crappy at maintaining their servers, pretty good at knowing they should test their stuff against signature based detection. But if you can modify your software fairly rapidly, doesn't that give you an advantage as a hacker to be able to constantly be coming up with new generation, new variations?

C

I think it goes both ways, definitely. So AI is just a false accelerator, right? The bad guys get quicker and get better, but it also works the other way, right? The good guys, they get better. This goes in many areas of the blue teaming side or the defender side. There's AI detections which obviously benefit from advancements in AI, but there's also our security researchers regarding the reverse engineering. We as reverse engineers, when we analyze malware, we definitely leverage AI. So for a framework like Void Link, me using AI to, to analyze it and to have, have it interpret the decompilation or whatever, it speeds up my process as well. And this goes in for every role. It just. The pace of everything just gets faster. But I don't think any site really has the bigger advantage. Maybe slightly, but it's not a big step, I would say. Pedro, I don't know if you agree with me on that one.

B

No, I totally agree with you. I think it just demonstrates like the. If we compare it to the Software Engineer award as well, if you hear from senior developers, the AI just make their job much faster, better in a certain way. The same will be for the trajectory, the same will be for defenders, but I guess we are the same pace.

C

Wow.

A

So what does this mean in terms of. I know what it means in terms of research, but in terms of the people who are out in the field working on this right now, what should they be knowing about this and how it's going to have an impact on them?

C

That's actually not an easy question. I guess everybody was more or less aware that the AI malware development age is already here. This is essentially just the proof that it is, which was something that we haven't had before. What you can take away from voidlink specifically I would say is that it shows that Linux is also a threat just to move away from AI for once. Because as I said, traditionally most malware focuses on Windows. But with the age of the cloud, a lot of interesting services for every company, all the interesting data lies in the cloud. And this is different from the classic active directory. Two domain controllers, one file server enterprise that we have, it's all distributed, it's in cloud systems, it's on Linux servers, it's not necessarily even on the same network, it's in VPNs and in different cloud clusters and so on. So attackers obviously have to modify their toolkits and adapt to the Linux age or I don't want to say Linux age as the cloud and container age. So I would say that's definitely a takeaway. Just don't try to keep your focus only on Windows. Also look at your cloud system, which.

A

Is easy because there's a lot happening there. But this week in particular, this is the second one for me this week came up with a story from you're looking at Voidlink. Then we did another story about an 11 year old bug in Linux this week that could give root access. So it's. We might and we're proud of Linux and how well as an open source development it's kept to be fairly secure. But I think it's something that we really need to be. Look, taking another look at Saying, are we a little too confident? Is that fair?

C

Too confident on maybe Every system has their vulnerabilities. I think a big part is not. That's why you have to assume breach mindset. Right. You can assume everything gets compromised. Every actor can compromise anything if they have enough resources. So the way you should look at security is not can I be compromised? But will I be comp. When I will be compromised, how will I see it, how will I react? I would say there's no. You cannot be confident in the security of any system, but you have to be confident in your way to. In your visibility into it and in your capabilities to react and defend. That's the also the offensive security Pentesta Red team are speaking out of.

A

I always assume that there's two types of people, those who have been hacked already and those who haven't found how they got hacked. So it, it's happening all the time. The question is how severe is it, how long do they stay and how much of a problem do they cause you? And I think that's a pretty fair. What are you guys working on next?

C

Oh, sorry, sorry to mention just one last thing because I wanted to mention this as well. So we've been talking about how AI makes it so easy for developers to create malware. But the funny thing is AI is also very bad at operational security. So if you look at VO link, every build ship with debug symbols. So essentially you put the binary in a decompiler and you saw all the function names, all the information, usually you strip that away so it's not easily reverse engineered. But the AI thinking because it was brainwashed, that this is legitimate software, it doesn't do any of that. It doesn't strip away debug symbols. Or if you were talking to the HTTP server or void link, it answered with I'm the void link C2 server, which is also very bad operational security. And then there's the open directory because yeah, the threat actor just open. Opens a random web server. There's other things which AI is not good in or the things that people still do manually. Yeah, it. It doesn't necessarily make the people smarter just because their tools get smarter. That's what I want to say.

A

But we have to count on the fact that they're going to learn too.

C

Maybe, let's see. Hopefully not too much.

A

I'm hoping. I would rather have stupid hackers, believe me, but I don't really count on that. Particularly if they're nation states or some of the groups that are Pretty sophisticated.

C

I know AI makes lazy, so maybe they're even aware, but they don't care because I know when I'm coding and I'm like, ah, come on, I don't want to go there and do this manually. So it's.

A

Yeah, I totally agree with you. What are you guys working on next? What's up? What's. What do you think is interesting that you're going to be pursuing? I'm not telling you to give away your next paper, but what are the areas you're most looking at?

C

I believe.

B

We believe that voidlink puts us in perspective that, all right, threat actors use AI to rapidly develop their software and they are advanced, they are capable and everything. What I'm looking to see now is when are we going to see AI being used by threat actors to really make their operation quicker. So, for example, in a case of a compromise, how they can use AI to speed the time between compromise to lateral movement and restaurant deployment, for example. So the AI generated malware. We've seen that, we've seen simple examples. And this, of course, the real example with voidlink. But what about using AI to adapt within the code, for instance, or after compromise is made to quickly assess which victims is interesting or which victim is not? I believe that's what we, we should be looking for next in the horizon.

C

Yeah, that's going to be interesting. And I'm also following up on. I'm not going to say too much because I don't want to give it away, but I'm also following up on voidlink and focusing on container ecosystems right now and different dangers that are inherited in those ecosystems. But I'm not going to say more. Maybe it's going to be fruitful, then you're going to read an article, but maybe not. You never know with the research before.

A

Or you'll come back and talk to us.

C

Yeah, maybe.

A

No, I think the container piece is an interesting piece and something that I can't say I know a lot about the security of. I just know that it is an area that probably may not get as much attention as it needs, and I believe so. Yeah. Cool. And the, the also the idea of lateral movement, if they get faster, that's a problem. I still don't. I still wanted to talk about networks and I'm going to do a. Try and do a show on networks and how people can stop lateral movement because I hear so much that people find ways to move around and I'm always mystified by that. How can they stay that long? How can they have the time to find the lateral movements and nobody spots them now that's already something. But if they get faster and better at it, that's even worse.

B

Yeah.

C

Good stuff.

A

Thank you, gentlemen. I appreciated this. This was great. Is there anything else you want to. That I've missed that you want to tell the audience or that you want to. You think you want to share with it?

B

Not from my side. I guess we covered well what we have found out. I just wanted to acknowledge the rest of other teams within Checkpoint Research, the Threat intelligence team and other research team and other people as well. If I say names will likely be forgetting someone. Maybe not worth it. It's a team effort and Sven is the main research of this. But it was a pretty much a team effort analyzing everything we found, debating on the conclusions on the findings, all that. It's pretty much a big team effort.

C

Yeah, it was great teamwork. Yeah. I don't have anything to add. Thanks, Jim, for having us. It was very fun.

B

Yeah.

A

And I'll post a link to this and I urge people to go and read it. It's very accessible and I do. I compliment you on that. It's a very readable document and it'll at least bring you up to date and fill in anything that we missed. Thanks a lot, guys. Appreciate it.

B

Thank you. Good one.

C

Yeah. Thank you very much. Have a good one.

A

And that's our show. There's a link to the research report in the show notes. I wasn't just being polite. I've read a lot of reports and this was well written and it will fill you in on the story. If you want to dive a little deeper and see some of the research processes and diagrams as well, you can find the link@technewsday ca or dot com. Take your pick. Look under podcasts and if you're watching this on YouTube, there's a link right under the video in the show notes. Love to hear what you think. Use the contact us form on the site when you're there or leave a comment under the video or as a number of you do, hunt me down on LinkedIn. I'm always pleased to talk to you. And if you find stories or things where you'd like to see us do a deeper dive, let me know. I'm pleased to reach out and thanks to people like Anna at Check Point who put this together so quickly, we can do a little deeper dive into the topic. I'd also like to thank Meter for their support. We're totally supported by your donations and sponsors. Who will only ask for a mention and no editorial control at all. All we offer them is a description of what they do, and in this case, let me go ahead with that. Meter delivers a full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter Designs deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments, and run support. It's a single integrated solution that scales from branch offices, warehouses and large campuses all the way to data centers. Book a demo@meter.com CST that's M E T E R.com CST and that way they'll know you found them through our show. I'm your host, Jim Love. Thanks for listening and have a great weekend.