Grappling with a ransomware attack. - CyberWire Daily

Summary7 min read

CyberWire Daily: Episode Summary – Grappling with a Ransomware Attack

Release Date: November 27, 2024

Introduction

In the latest episode of CyberWire Daily, host Dave Bittner, alongside co-host Gianna Whitfer and guest Damon Fleury from SpyCloud, delves into the multifaceted world of cybersecurity threats, focusing particularly on a significant ransomware attack and the evolving tactics of cybercriminals during the holiday season. This comprehensive summary captures the key discussions, insights, and conclusions drawn from the episode.

1. Ransomware Attack on Blue Yonder and Its Impact on Starbucks

The episode opens with a detailed analysis of a ransomware attack targeting Blue Yonder, a supply chain management software provider. This breach has disrupted Starbucks' operations, forcing the coffee giant to revert to manual processes for employee payments during the critical holiday shopping period, also known as Cyber Week.

Key Points:

Attack Vector: Cybercriminals infiltrated Blue Yonder's private cloud environment at the hypervisor level, deleting the directory (Dr.) and backup storage before encrypting data across five data centers.
Impact: Starbucks is currently operating manually, waiting for systems to be restored, with no confirmed timeline due to the ongoing peak shopping season.
Response: Blue Yonder is collaborating with external cybersecurity firms to restore systems, ensuring steady progress despite the lack of a definitive restoration schedule.

Notable Quote: Security researcher Kevin Beaumont, known as Gossie the Dog, shared on Mastodon at [00:47] that the attackers "got into Blue Yonder's private cloud environment at hypervisor level, deleted the Dr. And backup storage, and then encrypted all five data centers."

2. Surge in AI-Powered Phishing and Scams During Holiday Season

As Cyber Week approaches, there's a noticeable uptick in sophisticated phishing schemes and online scams, many leveraging artificial intelligence to deceive consumers.

Key Points:

AI-Driven Phishing: Attackers utilize generative AI models like ChatGPT to craft highly convincing phishing emails and clone legitimate websites to steal sensitive information.
Holiday-Themed Scams: A 110% increase in fake online stores has been reported by NETCRAFT between August and October 2024, with scammers using platforms like Shopee to create authentic-looking storefronts targeting U.S. shoppers.
Consumer Protection: Experts advise verifying website URLs, using secure payment methods, and being cautious of deals that seem too good to be true to mitigate these threats.

Notable Quote: Dave Bittner emphasizes caution, stating, "Be vigilant and use proactive security practices as you navigate the heightened cyber risks during this peak shopping period" [02:32].

3. New Malware Delivery Technique Exploiting Godot Engine

Researchers at Check Point have uncovered a novel malware delivery method that leverages the open-source Godot Engine, commonly used in game development.

Key Points:

Technique: Threat actors exploit GDScript, Godot's scripting language, to execute malicious code, download malware, and deploy it stealthily across various operating systems, including Windows, macOS, Linux, Android, and iOS.
Scale of Attack: The Godloader malware loader has successfully infected over 17,000 machines since June 29th, 2024.
Evasion Tactics: The malware remains undetected by most antivirus engines on VirusTotal, utilizing anti-sandbox and anti-VM techniques to bypass security measures.

Notable Commentary: A wry remark notes, "Turns out Godot did arrive just as Malware Beckett will be facepalming right about now. Godot was supposed to bring salvation, not ransomware" [11:24].

4. T-Mobile's Router Breach and the Salt Typhoon Campaign

T-Mobile recently identified unauthorized activities within their network routers, part of a broader cyber espionage campaign known as Salt Typhoon, attributed to Chinese state-sponsored actors.

Key Points:

Exploitation of Cisco Routers: Attackers exploited vulnerabilities in Cisco Systems routers to access sensitive communication records, including call logs and unencrypted texts of high-profile targets.
Impact on T-Mobile: While unauthorized access was detected, T-Mobile asserts that their systems and customer data remain largely unaffected.

Notable Observation: The breach underscores the persistent threat of state-sponsored cyber espionage and the critical importance of securing network infrastructure [04:10].

5. TikTok’s Age Restrictions on Beauty Filters

In response to growing concerns about mental health impacts on teenagers, TikTok is implementing new age restrictions for certain beauty filters.

Key Points:

Restricted Filters: Filters that significantly alter appearance, such as skin smoothing or face slimming, are now restricted for users under 18.
Educational Measures: TikTok will provide expanded filter descriptions to clarify the nature of changes and offer resources in 13 European countries to connect users with local mental health helplines.
Compliance and Safety: The move aligns with Australia’s advancing bill to ban social media use for children under 16 without age verification, imposing hefty fines on non-compliant companies.

Notable Quote: TikTok emphasized, "We're committed to user safety and are enhancing our detection of underage accounts using advanced machine learning technologies" [06:50].

6. CISA Launches the CISA Learning Platform

The Cybersecurity and Infrastructure Security Agency (CISA) has introduced CISA Learning, a modernized training platform aimed at enhancing cybersecurity education for both internal staff and external partners.

Key Points:

Platform Features: Replaces the former Virtual Training Environment (FedVTE) with a unified system offering courses on cloud security, ethical hacking, risk management, and malware analysis.
Target Audience: Designed to serve the broader federal workforce, including veterans and other stakeholders, facilitating national cybersecurity capability enhancements.

Notable Insight: CISA Learning represents a significant step in standardizing and expanding cybersecurity training across various sectors, reflecting CISA’s dedication to national security [07:30].

7. Operation Serengeti: Interpol and Afropol Crack Down on African Cybercriminals

In a landmark operation, Interpol and Afropol orchestrated Operation Serengeti, resulting in the arrest of 1,006 suspects across 19 African countries between September and October 2024.

Key Points:

Targeted Crimes: The operation focused on ransomware, business email compromise, and online scams, recovering losses exceeding $190 million and identifying over 35,000 victims.
Notable Cases: Included dismantling a $6 million Ponzi scheme in Senegal and apprehending individuals in Kenya linked to an $8.6 million banking fraud.
International Collaboration: Highlights the effectiveness of global cooperation in combating sophisticated cybercrimes.

Notable Commentary: "This initiative underscores the growing sophistication of cyber threats and highlights the importance of international collaboration in combating cybercrime" [08:15].

8. Industry Voices: Damon Fleury on Holistic Digital Identity in Cyber Defense

In the Industry Voices segment, Damon Fleury, SpyCloud's Chief Product Officer, discusses the importance of understanding the holistic digital identity of individuals to bolster cyber defenses.

Key Discussions:

Holistic Identity: Fleury emphasizes the need for organizations to look beyond internal identity data, incorporating information from various external sources that criminals might exploit.
Data Integration: By accessing comprehensive data, companies can better predict and prevent misuse of identities, reducing the risk of unauthorized access.
Privacy Concerns: Fleury addresses the balance between leveraging extensive identity data and maintaining user privacy, advocating for selective data usage that protects enterprises without infringing on individual privacy.

Notable Quotes: Fleury states, "It's really important that enterprises start to think about going beyond a single identity within their own company and think about the holistic identity and how all of that information can be used against that company" [14:07].

Dave Bittner adds, "It's a really awareness thing here where you can go to your employees and say, hey, we've got to. There's an old password from a few years ago that is out there floating around and let's take care of this together" [22:05].

9. Fun Fact Friday: Cybercriminals' Early Holiday Schemes

In the Fun Fact Friday segment, Liz Stokes reveals how cybercriminals begin plotting their holiday scams much earlier than consumers anticipate.

Key Points:

Early Preparation: Cybercriminals start preparing for Black Friday scams as early as January, searching the dark web for relevant terms and planning their tactics.
Search Trends: Searches for Black Friday-related terms remain low until August, after which they double in September as scammers gear up for the holiday rush.
Consumer Awareness: Emphasizes the importance for consumers to remain vigilant throughout the year, not just during the holiday season.

Notable Quote: Liz Stokes warns, "Believe it or not, cybercriminals start prepping for Black Friday scams as early as January... So this year, remember, while you're shopping, they've been plotting for months" [27:19].

Conclusion

This episode of CyberWire Daily provides an in-depth exploration of current cybersecurity threats, highlighting the evolving nature of cyberattacks and the critical measures organizations must adopt to safeguard their operations. From sophisticated ransomware attacks affecting global brands like Starbucks to the strategic preparations of cybercriminals during peak shopping seasons, the insights shared by industry experts underscore the necessity of proactive and comprehensive cybersecurity strategies.

For those seeking to enhance their understanding of digital identity protection, the Industry Voices interview with Damon Fleury offers valuable perspectives on integrating holistic identity data into cyber defense mechanisms. Additionally, the Fun Fact Friday segment serves as a timely reminder of the persistent and early-bird tactics employed by cybercriminals.

Stay informed and prepared by tuning into CyberWire Daily for the latest developments and expert analyses in the ever-changing landscape of cybersecurity.

Loading summary

Transcript32 lines

[00:02]
Gianna Whitfer
You're listening to the CyberWire network powered by N2K. Gianna Whitfer here, co host of the Breaking through in Cybersecurity marketing podcast on N2K CyberWire Network. Here to interrupt your Thanksgiving break with just one little ad. We are hosting Cyber Marketing Con, a conference for marketers and go to market in the business side of cybersecurity this December 8th through 11th in the beautiful city of Philadelphia, Pennsylvania and also virtually get your ticket at cybermarketingconference.com or through our main website cybersecuritymarketingsociety.com.
[00:48]
Dave Bittner
Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff. Launch, run and protect your business. To make it Official today@legalzoom.com you can use promo code CYBER10 to get 10% off any LegalZoom business information product, excluding subscriptions and renewals that expires at the end of this year. Get everything you need from setup to success@legalzoom.com and use promo code CYBERTEN. That's legalzoom.com and promo code CYBER10. Legalzoom provides access to independent attorneys and self service tools. Legalzoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ Legal Services llc.
[02:32]
Gianna Whitfer
Lou Yonder continues to grapple with ransom attack AI powered scams surged this shopping season. Gaming engine exploited to deliver malware Chinese hackers ride the router wave TikTok's beauty filter ban Redefining Cybersecurity education for the future on our Industry Voices segment, Dave Bittner sits down with Damon Fleury, SpyCloud's chief product officer, to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. And when do cyber criminals start their holiday scheming? Today is November 27, 2024. I'm Maria Varmazas host of the T Minus Space Daily Podcast in for Dave Pitner and this is your Cyberwire Intel Briefing. Quick programming note for you all. Our team is taking the next two days off to stuff ourselves silly with turkey, cranberry sauce and pumpkin pie and then recover and eat more of the same as leftovers and maybe do a little bit of shopping. We will be back in your inboxes and on your favorite podcast apps on Monday, December 2nd. Cheers. Following up on a story that we've been monitoring as we noted yesterday, Starbucks is amongst the companies disrupted by a ransomware attack on supply chain management software provider Blue Yonder. The coffee chain is using manual processes for employee payments. Security researcher Kevin Beaumont, AKA Gossie the Dog, said in a post on Mastodon that the attackers, quote, got into Blue Yonder's private cloud environment at hypervisor level, deleted the Dr. And backup storage, and then encrypted all five data centers. The company has not confirmed these details. Blue Yonder, for its part, says it's continuing to work around the clock together with our external cybersecurity firms to safely restore systems resulting in steady progress. But the company does not, quote, have a timeline for restoration as we are in the midst of peak holiday shopping time, also known as Cyber Week, cybercriminals are intensifying their efforts to exploit online consumers through advanced tactics. Fortinet's FortiGuard Labs reports a surge in AI driven phishing schemes where attackers use generative AI models like ChatGPT to craft convincing emails and clone legitimate websites aiming to steal sensitive information. Additionally, there's an increase in holiday themed domains mimicking trusted retailers wearing shoppers with fraudulent offers. NETCRAFT highlights a 110% rise in fake online stores between August and October 2024, with many employing large language models or LLMs to generate authentic looking product descriptions. These fake stores often use platforms like Shopee to create convincing storefronts targeting U.S. shoppers with counterfeit or non existent products. To mitigate these threats, consumers should verify website URLs, use secure payment methods and avoid deals that just seem too good to be true. Be vigilant and use proactive security practices as you navigate the heightened cyber risks during this peak shopping period. Buyer Beware Researchers at check point have published a report on a new malware delivery technique exploiting the open source game engine Godot Engine. The researchers explain Godot Engine provides an execution environment for GDScript, enabling game developers to create gameplay, logic, control scenes and interact with game objects. GDScript includes most modern language features including object support and multithreading. Threat actors take advantage of Godot engine and gdscript, which uses this new technique to execute malicious code, download malware and deploy it while remaining undetected. As GDScript is a fully functional language, it offers threat actors many functionalities from Anti sandbox and anti VM to executing remote payloads. Threat actors maliciously craft GDScript code and then load it with a loader utilizing the Godot engine. The threat actor behind the Godloader malware loader has used this technique to infect more than 17,000 machines since June 29th of this year. The technique is currently undetected by almost all antivirus engines in VirusTotal and can be used to target Windows, macOS, Linux, Android and iOS. Turns out Godot did arrive just as Malware Beckett will be facepalming right about now. Godot was supposed to bring salvation, not ransomware. T Mobile engineers recently detected unauthorized activity on their network routers, identifying hackers executing commands within the system. This breach is part of a broader cyber espionage campaign dubbed Salt Typhoon, attributed to Chinese state sponsored actors. The attackers exploited vulnerabilities in Cisco Systems routers, enabling them to access sensitive communication records, including call logs and unencrypted text of high profile targets. T Mobile has stated that their systems and customer data do not appear to have been significantly impacted. TikTok is implementing age restrictions on certain beauty filters to address mental health concerns among teenage users. Filters that significantly alter appearance, such as those that smooth skin or slim faces, will be restricted for users under 18. The company will also expand filter descriptions to clarify the changes that they make. However, filters that are clearly humorous, like adding animal ears, are excluded from these restrictions. This move responds to findings by Internet Matters, which highlighted the negative impact of beauty filters on teens who often feel pressured to conform to unrealistic beauty standards. Additionally, TikTok will roll out new resources on 13 European countries to connect users reporting harmful content with local helplines. TikTok emphasized its commitment to user safety and announced efforts to improve detection of underage accounts using advanced machine learning technologies. And going hand in hand with that news, Australia is advancing a bill to ban children under 16 from using social media platforms requiring age verification and imposing hefty fines on companies for non compliance. Amidst mixed reactions from parents, tech companies and youth advocates, the Cybersecurity and Infrastructure Security Agency, or cisa, has launched CISA Learning, a modernized training platform designed to enhance cybersecurity education for both its internal staff and external partners. This platform replaces the previous federal Virtual Training Environment or FedVTE, offering a unified system that provides courses on topics such as cloud security, ethical hacking, risk management, and malware analysis. CISA Learning aims to serve as a comprehensive resource for the broader federal workforce, veterans and other stakeholders, reflecting CISA's commitment to sharing its expertise and resources to strengthen national cybersecurity capabilities. In a significant crackdown on Cybercrime, Interpol and Afropol's Operation Serengeti led to the arrest of 1006 suspects across 19 African countries between September and October 2024. The operation targeted various cyber offenses, including ransomware, business email compromise and online scams, uncovering losses exceeding $190 million and identifying over 35,000 victims. Notable cases include the dismantling of a $6 million Ponzi scheme in Senegal and the apprehension of individuals in Kenya linked to an $8.6 million banking fraud. This initiative underscores the growing sophistication of cyber threats and highlights the importance of international collaboration in combating cybercrime. Coming up on our industry voices segment, SpyCloud's chief product officer Damon Fleury joins Dave Buettner to discuss defending what criminals know about you and the role of holistic digital identity in cyber defense. We'll be right back.
[10:48]
Dave Bittner
And now a word from our sponsor, KnowBefore. It's all connected and we're not talking conspiracy theories when it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBe4, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBefore's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco. 35. Vendor integrations and counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBe4 for sponsoring our show. Imagine this. Your primary identity provider goes down. Whether it's a cloud outage, network issue or even a cyber attack, suddenly your business grinds to a halt. But what if it didn't have to meet Identity Continuity from Strata the game changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on prem system faces a hiccup, Identity Continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption. Powered by the Mavericks Identity Orchestration platform, Identity Continuity uses smart health checks to monitor your IDPs availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers, just continuous secure access to your critical applications every single time. Protect your business from the high costs of IDP outages. With Identity Continuity from Strata, Downtime is a thing of the past. Visit Strata IO Cyberwire to learn how Strata's Identity Continuity can provide seamless enhanced capabilities to your existing ID identity fabric and receive a free set of AirPods Pro.
[13:54]
Gianna Whitfer
Today on our Industry Voices segment, we are joined by SpyCloud's Chief Product Officer Damon Fleury, who sits down with Dave to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense.
[14:08]
Damon Fleury
So many folks are becoming more and more concerned with the idea of securing the identity. We see a lot of new products, we see a lot of, lot of movement within enterprises to secure identities. But for most companies, what that means is find everything you can within your own infrastructure about the identities within that ecosystem, and then take steps to protect them. And the problem that we all have is that that's just not enough information. I mean, what you know about a person, from logging into your own systems, to your email system, to your vpn, that is useful and you absolutely need to protect against anomalous behavior, against misuse. But you don't know all the other things that have impacted that identity which bring more risk to your business. And so we believe it's really important that you understand much more broadly what has happened to the users, how their information has been stolen, both when they work for your company and potentially in their personal life, if that data could be used against you or even in some of their past work lives. And all of that information together can form the holistic identity. And that in the end all that, that wealth of data is the data that the bad guys will use against your company when they figure out that that individual works for you. And so it's really important that that enterprises start to think about going beyond a single identity within their own company and think about the holistic identity and how all of that information can be used against that company.
[15:43]
Dave Bittner
Well, can we dig into the details of both sides of that coin then? I mean, can we start with what are the known knowns, if you will, the things that most organizations know about someone who's working with them or working for them. What sort of things are easy to unpack there?
[16:02]
Damon Fleury
Yeah, so those, the known knowns would really be associated to their login behavior within the organization and sometimes extend as far as their access patterns or, you know, their security hygiene. We do have a lot of efforts out there with varying levels of success that try to measure whether somebody's good at avoiding phish emails, for example, or have they passed their compliance training. And so those sets of things make up those. Those types of things make up the kind of known known as you're referring to it. Those are the things you can know about them in their work life within the company that they are currently working for that you are trying to protect.
[16:44]
Dave Bittner
All right, well, then let's extend it to beyond that. What are the types of things that we want to explore?
[16:50]
Damon Fleury
So going beyond that are, you know, what are the full set of passwords that this employee has used throughout their professional life and their Internet life that could also be used to access your organization? What are the things that this employee might do outside of their work life? For example, do they access illicit sites or known criminal sites? Has this employee repeatedly fallen prey to malware infections or to fishes? And these types of things, the bad guys know. I mean, the bad guys collect all this data and trade it amongst themselves constantly. And this is information that you may not be able to understand if you're only looking within the scope of your own infrastructure.
[17:33]
Dave Bittner
Well, how do we go about collecting that sort of relevant information?
[17:38]
Damon Fleury
Yeah, so that type of data, I mean, it's all about working with organizations that have access to the same data that the criminals do. And so, you know, if some organizations, some larger enterprises, they will have their own groups that interact with the darknet, interact with those criminals to see what information is being traded. But it is really hard to go beyond just searching for your own company and to understand more about which aspects of other additional details of that individual's identity could be used against you. But that's what it takes at the end of the day to understand the full holistic identity. And so the, you know, to us, the important thing here is that you gain access to this data in a way that your systems can operationalize it and react to it. And so really, the best way is to work with a team of experts that are gathering this data all the time and then using it to help protect your business.
[18:32]
Dave Bittner
What about privacy here? I mean, you know, I can imagine an employee who maybe they're visiting a dating site or something like that, you know, things in their personal life that they would like to keep personal. How do you walk that line?
[18:46]
Damon Fleury
Yeah, that is definitely an important point to discuss. And you know, the, the, probably the key point here to remember is that that data, if it's being traded amongst criminal actors, has lost its element of key privacy. You know, the darknet elements of the darknet, criminals are using it. They have that information themselves and they're going to use it against the business. That said, our companies, our enterprises still have privacy requirements where they're not interested in understanding those types of details about employees. They don't. They want to protect that privacy. Even though something has happened and that individual has lost control of that data. That's not something you necessarily want to expose the enterprise to. So, you know, it's the job of companies like SpyCloud is to pull out only the relevant data points that are really important and present them in such a way that they can be used within infrastructure without exposing that company to any of those privacy challenging details. And so it's using the right filters, it's selecting only the data that's important to protect the enterprise and then putting safeguards in place. Even though that data has lost a lot of its element of privacy, we still want to control it as much as we can going forward.
[20:00]
Dave Bittner
That's a really interesting point, how engaging with a third party can kind of insulate you from both the responsibility, but perhaps the liability of coming across information that you were not interested in. But I suppose it makes a little more clinical as well. It's, there's a, there's a little buffer zone there.
[20:22]
Damon Fleury
Yeah, yeah, I think that's a, that's a great way to think about this at the end of the day is that, you know, there are organizations that are set up well with the right legal structures and the right processes and procedures, which, you know, can certainly be, you know, a challenging aspect of the business and can take the right steps to make sure that we're offering as much as we can around those privacy.
[20:43]
Dave Bittner
Safeguards for the folks who are successfully integrating this sort of thing. Can you contrast for me what it's like before and after some of the benefits that they get for going down this path?
[20:58]
Damon Fleury
I mean, I think the simplest way to characterize this is less compromises into their enterprise when A when a bad actor is trying to get into your enterprise and they've selected a member of your IT team that may have administrative credentials or a member of your leadership team and they've decided to try to access the email or the VPN or look for any entry point, they then go and gather all the access details, session cookies, social engineering data, passwords that they might use to try to gain access to those types of accounts. And so the deeper, as we provide this data in an automated fashion to our customers, they have the ability to block those things or to make sure those passwords are not in use or those session cookies are not currently active so that they will fail when they try to use this information against the enterprise.
[21:50]
Dave Bittner
Yeah, that's interesting. I mean, it's really an awareness thing here where you can go to your employees and say, hey, we've got to. There's an old password from a few years ago that is out there floating around and let's take care of this together.
[22:06]
Damon Fleury
Well, I think you can take it one step further and make it protective in nature in that there are tools available that you can take those passwords and then you can fuzz them to find the root of the password and then you can test it against your identity provider like your active directory installation, and then you can automatically force the reset if you find a match. And so in our test and in our customer deployments, as we look at the holistic identity, we see so many additional matches where we see customers, employees. I'm sorry, we see the enterprises employees using passwords they used in their past lives and they thought, I haven't used this one in 20 years. And then they change a few digits. Well, this is exactly the kind of thing that the bad actor is going to do against you. We can see all of those passwords from their, their past life or their personal life that was connected to them and we can make sure that that's not being used. And it's a simple password reset function to make sure that there isn't a known password that we've been able to discover that could be used by a bad actor in a variant form that could be used to enterprise access their enterprise.
[23:10]
Dave Bittner
How do you ensure when someone is adding this sort of thing to their procedures that we're not introducing undue friction?
[23:20]
Damon Fleury
Yeah, I mean, there certainly is a little bit of friction that is added to the, to the end user and that they are forced to do a password reset or they may be required to log in again. You can certainly introduce controls about how Often you allow this to happen, but because we are limiting it specifically to the passwords we can connect to the end user, we find the friction to be quite limited. It's unusual that, that a lot of end users will actually see a direct match that they have to go reset. But when you find one, you're really glad you reset it. There are other ways to approach this that check against an entire list of billions of passwords on the darknet. That is where I think you see a lot of friction. And so with this targeted approach to focus on the holistic identity, this really limits the friction to use cases that we know exist out there.
[24:17]
Dave Bittner
So what are your recommendations for people who want to get started down this path? What's the best way to get started here?
[24:24]
Damon Fleury
I mean, the best way to get started is to find a provider that can find this kind of information and connect it to the holistic digital identity and then look for ways to integrate that into your identity provider to protect your enterprise. And then you'll need to take the steps to integrate that into your your identity solution.
[24:45]
Dave Bittner
I suspect this is a pretty eye openening exercise for a lot of people out there.
[24:51]
Damon Fleury
It absolutely is. And it's often, you know, it's often our job to help people kind of understand how could this have happened. And you know, most, we find that most individuals, it's getting to the point where people understand it better, but a lot of individuals just don't understand the scale of data that has been stolen from literally tens of thousands of third parties out there. Or, you know, we ingest tens of millions of malware infections that have stolen all the data off of your computer. Or tens of millions of fishes that are occurring every month where they're stealing this data from information. When you believe you're logging into a legitimate site, the scale of this is so large that it connects everyone who's ever logged into the Internet and that works in the bad guy's favor. And so this gives you a way to try to understand that and turn the tables on that conversation.
[25:43]
Gianna Whitfer
We hope you enjoyed our latest Industry Voices segment featuring Damon Fleury and Dave Bittner, diving into how criminals exploit what they know about you. And exploring the vital role of holistic digital identity in strengthening cyber defenses.
[26:13]
Dave Bittner
The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why Cloudflare created the first ever Connectivity Cloud Visit cloudflare.com to protect your business everywhere you do business.
[26:51]
Gianna Whitfer
Our very own Liz Stokes wraps up today's show with a fan favorite segment, Fun Fact Friday. Every Friday, Liz dives into fascinating and fun tidbits about cybersecurity and space that are sure to inform and entertain. This week, we're getting a little jump on the holiday season as Liz uncovers how cybercriminals start plotting their holiday schemes a little earlier than you might think.
[27:20]
Liz Stokes
Welcome to a very special Fun Fact Friday. I'm your host, Liz Stokes here at N2K CyberWire. This week, as the US celebrates Thanksgiving, I want to take a moment and wish everyone a peaceful and joyful holiday season. Now, as we're all gearing up for the holiday hustle, let's talk about the real early birds of Black Friday. Spoiler alert. They're not after the deals, they're after your data. Believe it or not, cybercriminals start prepping for Black Friday scams as early as January. That's right, while you're just recovering from the holiday shopping, they're on the dark web searching for terms like Black Friday. By August, searches are at their lowest. But then in September, bam. Those search numbers double as scammers get ready to pounce. So this year, remember, while you're shopping, they've been plotting for months. See you soon.
[28:14]
Gianna Whitfer
If you enjoyed this week's Fun Fact, there's plenty more where that came from. Head over to our YouTube page to explore Liz's library of entertaining and insightful videos. Don't miss out. Check it out. And that's the Cyberwire to links for all of today's stories. Check out our daily briefing@the cyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpy is our publisher, and I'm Maria Varmazas in for Dave Buettner. Thanks for listening. We'll see you next.
[30:14]
Dave Bittner
And now a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com cyberwire for 35% off the NordPass business yearly plan. Don't miss out on that.