Scammers celebrate with a bang. - CyberWire Daily

Summary9 min read

CyberWire Daily: Episode Summary – "Scammers Celebrate with a Bang"

Release Date: March 24, 2025
Host: Dave Bittner | Produced by N2K Networks

1. Scammers in Cambodia Celebrate Massive Online Frauds

The episode opens with a deep dive into the rampant online fraud orchestrated by Cambodian scammers. Celebrating their illicit successes with fireworks, these fraudsters engage in romance scams and operate fake cryptocurrency platforms, siphoning victims' life savings. According to a report by The New York Times, these scams are integral to a sprawling money laundering network handling billions of dollars.

Key Points:

Huon Group's Central Role: At the heart of this network is the Huon Group, a Cambodian financial conglomerate that seamlessly blends legitimate businesses with illicit activities.
Sophisticated Operations: Huon's affiliates run Telegram-based marketplaces connecting scammers with money launderers, managing at least $26.8 billion in cryptocurrency transactions.
Exploitation of Victims: The operation employs matchmakers and money mules, with some workers being trafficked victims coerced into participation.

Notable Quote:
Dave Bittner [00:55]: "These scams fuel a massive, fast-moving money laundering network involving billions of dollars."

2. Expansion of Data Sharing Under New Executive Order Raises Privacy Concerns

A recent executive order from President Trump has expanded data sharing between federal and state agencies, sparking significant concern among privacy advocates. The order mandates the removal of restrictions on sharing unclassified data and grants access to data from all state programs receiving federal funds, even if stored by third parties.

Key Points:

Department of Government Efficiency Doge (Doge): The order is seen as a move to normalize the controversial practices of Doge, which has faced accusations of overreach and multiple lawsuits for unauthorized data sharing.
Privacy Implications: Critics argue that the EO could lead to a centralized federal surveillance system, undermining legal safeguards like system of records notices.
Lack of Transparency: The White House has yet to comment on the executive order, leaving ambiguity around its long-term implications.

Notable Quote:
Dave Bittner [03:10]: "Experts argue the EO could weaponize personal data and erode civil liberties under the guise of efficiency and fraud prevention."

3. NYU Website Breach Exposes Millions of Applicant Data

NYU experienced a significant data breach on Saturday morning, compromising the personal information of over 3 million applicants dating back to 1989. The breach included sensitive details such as names, test scores, intended majors, and financial aid information.

Key Points:

Method of Attack: Hackers hijacked the NYU website for at least two hours, displaying misleading information about racial disparities in admissions.
Connection to Previous Breaches: The group responsible is linked to a 2023 breach at the University of Minnesota, which exposed 7 million Social Security numbers.
Response and Recovery: NYU restored the site by noon and reported the incident to law enforcement authorities.

Notable Quote:
Dave Bittner [05:25]: "The site, hijacked for at least two hours, displayed charts claiming racial disparities in NYU admissions, alleging lower average scores for black and Hispanic students compared to white and Asian applicants."

4. Malware in Steam: Valve Removes 'Sniper Phantom' Game Demo

Valve has taken decisive action by removing the game demo "Sniper Phantom's Resolution" from its Steam platform following user reports of information-stealing malware embedded within the installer.

Key Points:

Nature of the Malware: The malicious installer redirected users to an external GitHub repository, containing tools for privilege escalation, cookie theft, and persistence via startup scripts.
Developer Response: Both the game's GitHub repository and official website were taken down to prevent further infections.
Advisory to Users: Valve urges users who installed the game to scan their systems for potential malware, highlighting the ongoing risks of similar incidents.

Notable Quote:
Dave Bittner [07:20]: "Users who installed the game are urged to scan their systems."

5. Cloak Ransomware Group Targets Virginia Attorney General’s Office

The Cloak ransomware group has claimed responsibility for a cyber attack that significantly disrupted the Virginia Attorney General's office, forcing a temporary shift back to paper filings and disabling critical internal services.

Key Points:

Attack Details: Nearly all systems at the office were incapacitated, including VPN and the official website, compelling employees to revert to manual processes.
Ransom Demands: On March 20, Cloak published alleged stolen data on its leak site, indicating a failed extortion attempt.
Operational Insights: Active since 2022, Cloak employs the Ark cryptor ransomware and primarily targets small to midsize businesses, marking this as their first confirmed U.S. attack in the year.

Notable Quote:
Dave Bittner [09:35]: "Employees were forced to revert to paper filings as internal services VPN and the website went offline."

6. 23andMe Files for Chapter 11 Amid Data Breaches and Lawsuits

Genetic testing giant 23andMe has filed for Chapter 11 bankruptcy following severe data breaches and ensuing legal challenges. The company maintains genetic profiles of over 15 million users but faced a major breach in 2023 exposing personal information from nearly 7 million accounts.

Key Points:

Targeted Breach: The 2023 breach predominantly affected Jewish and Chinese customers, exacerbating trust issues.
Legal Repercussions: A class action lawsuit accused 23andMe of failing to notify affected users promptly, leading to declining sales and mounting financial losses.
Corporate Response: Despite filing for bankruptcy, 23andMe claims to maintain current data protections throughout its sale process.

Notable Quote:
Dave Bittner [11:15]: "As trust eroded, sales declined, contributing to mounting losses."

7. Medusa Ransomware's New Tactics to Disable Security Tools

Medusa Ransomware has been identified utilizing a malicious driver to disable security measures on infected systems. Known as "Abyss" by Elastic Security Labs, this driver masquerades as a legitimate CrowdStrike driver and is signed with a revoked certificate from a Chinese company.

Key Points:

Method of Operation: The driver manipulates processes, files, and system operations, often spoofing system time to bypass signature checks.
Historical Usage: Samples of Abyss have been traced from August 2024 through February 2025, primarily leveraging stolen certificates.
Impact on Systems: By disabling security defenses, Medusa facilitates more effective ransomware deployments.

Notable Quote:
Dave Bittner [13:00]: "The driver can manipulate processes, files, and system operations to disable defenses."

8. Clearview AI Settles Class Action Privacy Lawsuit

Clearview AI has agreed to a $50 million settlement to resolve a class action lawsuit over alleged privacy violations. Approved by a federal judge, the settlement grants plaintiffs and their lawyers a stake in the company's future value instead of a direct financial payout.

Key Points:

Nature of the Lawsuit: Plaintiffs accused Clearview AI of scraping billions of facial images from the web without consent, infringing Illinois's Biometric Privacy Act.
Company's Stance: Clearview AI denies any wrongdoing, maintaining that its data practices are within legal boundaries.
Criticism of Settlement: Critics, including 22 state attorneys general, argue that the settlement insufficiently addresses future misuse of biometric data, highlighting the conflicted nature of plaintiffs' benefits being tied to the company's success.

Notable Quote:
Dave Bittner [14:25]: "There's no small irony here attaching the plaintiff's benefits to the success of Clearview."

9. Retroactive Look: The Evolution and Importance of the CVE Program

Cynthia Brumfield of CyberScoop provides an insightful retrospective on the Common Vulnerabilities and Exposures (CVE) program, underscoring its pivotal role in global cybersecurity.

Key Points:

Establishment and Growth: Launched in 1999 by MITRE researchers, the CVE program has become a fundamental tool for consistent tracking and sharing of vulnerability data, now encompassing over 270,000 records across more than 40 countries.
Challenges Faced: Issues such as data quality disputes, potential vendor concealment of vulnerabilities, and funding shortages, especially under the Trump administration's DOGE initiative, have tested the program's resilience.
Sustaining Success: The program's federated structure, robust dispute resolution mechanisms, and community oversight have been critical in maintaining its transparency and effectiveness.
Future Outlook: Despite imperfections, the CVE system remains essential, with cybersecurity leaders affirming its indispensable role in defending against digital threats.

Notable Quote:
Dave Bittner [15:50]: "It's a long-standing public-private partnership that continues to evolve, and a future without it would leave defenders far less equipped to handle digital threats."

10. Industry Voices: Joe Ryan on Empowering Analysts in Resource-Constrained Environments

In the episode's "Industry Voices" segment, Joe Ryan, Head of Customer Enablement at Maltego Technologies, shares strategies to assist analysts operating in environments with limited resources. His discussion emphasizes overcoming training gaps and effectively utilizing investigative tools.

Key Points:

Diverse Analyst Roles: Ryan distinguishes between cybersecurity-focused analysts dealing with network infrastructure and investigative analysts probing specific individuals or organizations.
Resource Constraints: He highlights the disparity between private industry analysts with ample tools and government agency analysts who may rely more on open-source intelligence due to limited resources.
Tool Utilization and Integration: Ryan advocates for continuous dialogue between tool providers and end-users to ensure the tools align with analysts' workflows and integrate seamlessly with existing technologies.
Change Management: Successful organizations invest in training and encourage analysts to allocate time for upskilling, recognizing the long-term benefits over short-term productivity drops.

Notable Quotes:
Joe Ryan [14:30]: "Oftentimes that kind of shapes the tasks that they're given and even the tools that they are provided and the working environment in which they're kind of in as well."
Joe Ryan [16:34]: "I think that sometimes the individual analyst or the individual investigator really does have a lot of say in what they can do and what they need."
Joe Ryan [18:43]: "It's super complicated and only the best of the best know how to use. Doesn't really matter if you can find some other tool that's faster, that's more lightweight, then use that tool."

Insights Shared:

Adaptability in Tool Selection: Analysts should focus on tools that meet their specific needs, whether they are heavyweight solutions like Adobe's suite or lightweight alternatives like Canva.
Encouraging Upskilling: Organizations should prioritize training and provide resources to help analysts integrate new tools into their workflows effectively.
Vendor Collaboration: Tool providers must recognize that their products are part of a larger toolkit and facilitate integration with other tools to enhance user experience.

Notable Quote:
Joe Ryan [24:12]: "It's not that a tool or a solution is going to replace you. It's that there might be a person who was willing to adopt these new technologies more openly than you are."

11. Additional Cybersecurity Tools and Innovations

The episode concludes with brief mentions of emerging cybersecurity tools:

Ox Security: Highlights its application in AppSec programs to prioritize real threats and reduce noise from false positives.
Cloudflare's AI Labyrinth: Introduces a novel tool designed to confuse malicious AI crawlers by redirecting them into a maze of AI-generated, irrelevant web pages, effectively acting as a high-tech honeypot to identify and fingerprint bad actors.

12. Conclusion

Dave Bittner wraps up the episode by encouraging listeners to engage with the content, provide feedback, and stay informed through daily briefings. Acknowledgments are given to the production team, and listeners are reminded to participate in surveys and share reviews to help improve the podcast.

Notable Ending Quote:
Dave Bittner [33:10]: "It's a long-standing public-private partnership that continues to evolve, and a future without it would leave defenders far less equipped to handle digital threats."

Final Thoughts:

This episode of CyberWire Daily provides a comprehensive overview of significant cybersecurity incidents, legislative changes impacting data privacy, and advancements in cybersecurity tools. The in-depth analysis, coupled with expert insights from Joe Ryan, offers valuable perspectives for professionals seeking to navigate the complex landscape of cybersecurity threats and defenses.

Loading summary

Transcript25 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. And now a brief message from our sponsor, DropZone AI. Is your SoC drowning in alerts with legitimate threats sitting in queues for hours or even days? The latest SANS SOC survey report reveals alert fatigue and limited automation are SOC Team's greatest barriers. Drop Zone AI, recognized by Gartner as a cool vendor, directly addresses these challenges through autonomous recursive reasoning investigations, quickly eliminating false positives, enriching context and enabling analysts to prioritize real incidents faster. Take control of your alerts and investigations with Dropzone AI Money laundering runs rampant in Cambodia Privacy advocates question a new data sharing EO from the White House. An NYU website hack exposes the data of millions. A game demo gets pulled from Steam after users report info stealing malware. The Cloak ransomware group claims a cyber attack on the Virginia Attorney General's office. 23andMe files for chapter 11 Medusa ransomware is using a malicious driver to disable security tools. Clearview AI settles a class action lawsuit over privacy violations A look back at the CVE program On today's Industry Voices segment, we're joined by Joe Ryan, head of Customer enablement at Maltego Technologies, who's highlighting how to help analysts in resource constrained environments overcome training gaps and use investigative tools more effectively and luring AI bots into the digital labyrinth. It's Monday, March 24th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Happy Monday and thank you for joining us here. It is great as always to have you with us. Scammers in Cambodia celebrate their biggest online frauds with fireworks. Often after stealing victims life savings through romance scams or fake crypto platforms. According to the New York Times, these scams fuel a massive, fast moving money laundering network involving billions of dollars. Authorities like the FBI and Interpol have tried to intervene, but the system is resilient and global. At the center is Huon Group, a Cambodian financial conglomerate with legitimate businesses and illicit arms. One Huon affiliate runs a telegram based marketplace linking scammers with money launderers, a hub responsible for at least $26.8 billion in crypto transactions. Another affiliate who own international pay operates like a professional bank, managing funds and coordinating with scammers. The operation uses matchmakers, money mules and sophisticated infrastructure. Some workers are trafficked victims forced into scams. The proceeds fund luxury lifestyles and further criminal services from fake investment sites to stolen personal data. And yes, part of the take pays for fireworks. To celebrate another payday, a new executive order from President Trump expands data sharing between federal and state agencies, sparking concerns from privacy advocates. The order requires federal agencies to eliminate rules that limit the sharing of unclassified data and mandates access to data from all state programs receiving federal funds, even when stored with third parties. Experts warn the move is designed to normalize the controversial practices of the Department of Government Efficiency Doge, which has been accused of overreach and violating privacy laws. Critics fear the order enables a centralized federal surveillance system and bypasses legal safeguards like the system of records notices. Doge has faced lawsuits for unauthorized data sharing, including a recent court order halting its access to Social Security data. Experts warn the move is designed to normalize the controversial practices of the Department of Government Efficiency Doge, which has been accused of overreach and violating privacy laws. Critics fear the order enables a centralized federal surveillance system and bypasses legal safeguards like system of records notices. Doge has faced lawsuits for unauthorized data sharing, including a recent court order halting its access to Social Security data. Experts argue the EO could weaponize personal data and erode civil liberties under the guise of efficiency and fraud prevention. The White House has not commented. A hacker breached NYU's website Saturday morning, exposing personal data from over 3 million applicants dating back to 1989. The leak included names, test scores, intended majors, zip codes, financial aid information and details on family members. The site, hijacked for at least two hours, displayed charts claiming racial disparities in NYU admissions, alleging lower average scores for black and Hispanic students compared to white and Asian applicants despite The Supreme Court's 2023 ban on affirmative action. Four downloadable files revealed common application data, including rejected applicants and sibling information. NYU restored the site by noon and reported the breach to law enforcement. The group behind the hack is tied to a 2023 University of Minnesota breach involving 7 million Social Security numbers. NYU, which opposed the affirmative action ruling, had seen a decline in minority admissions following the decision. Valve has removed the game Sniper Phantom's resolution from Steam after users reported it contained info stealing malware. Though billed as a demo, the installer directed players to download from an external GitHub repository. Reddit users found the file included tools for privilege escalation, cookie theft and persistence via startup scripts. The developers GitHub and website were taken down and Valve acted following reports. Users who installed the game are urged to scan their systems. This follows a similar Steam malware case last month. The ransomware group Cloak has claimed responsibility for a cyber attack that disrupted nearly all systems at the Virginia attorney general's office in February employees were forced to revert to paper filings as internal services VPN and the website went offline. On March 20, Cloak posted alleged stolen AGO data on its leak site, indicating a failed extortion. Active since 2022. Cloak uses Ark cryptor ransomware and often targets small to mid sized businesses, with this being its first confirmed US attack this year. Genetic testing company 23andMe filed for Chapter 11 bankruptcy amid growing concerns over its handling of sensitive customer data. The company, which holds genetic profiles of over 15 million users, suffered a major breach in 2023 that exposed personal information from nearly 7 million accounts, mainly targeting Jewish and Chinese customers. A class action lawsuit followed, accusing 23andMe of failing to notify affected users. As trust eroded, sales declined, contributing to mounting losses. The company says it will maintain current data protections during its sale process. Medusa Ransomware is using a malicious driver to disable security tools on infected systems, according to Elastic Security Labs. Masquerading as a legitimate crowdstrike driver, it's signed with a revoked certificate from a Chinese company and protected by VMprotect Elastic, which calls it Abyss. Worker found samples dating from August 2024 through February of this year, mainly using stolen certificates. The driver, previously used in other malware campaigns, can manipulate processes, files and system operations to disable defenses, often by spoofing system time to bypass signature checks. Clearview AI has settled a class action lawsuit over privacy violations for an estimated $50 million. Approved by a federal judge, the deal gives plaintiffs and their lawyers a stake in the company's future value rather than a direct payout. The lawsuit accused Clearview of scraping billions of facial images from the Web without consent, violating Illinois's Biometric Privacy Act. Clearview denies wrongdoing critics, including 22 state attorneys general, argue the settlement doesn't do enough to prevent future misuse of biometric data. There's no small irony here attaching the plaintiff's benefits to the success of Clearview. A thoughtful piece by Cynthia Brumfield for CyberScoop looks at the CVE, the Common Vulnerabilities and Exposures program. Launched in 1999 by MITRE researchers, it's become a cornerstone in global cybersecurity, enabling consistent tracking and sharing of vulnerability data. Now in its fifth iteration, it includes over 413 reporting organizations across more than 40 countries and had over 270,000 records by 2024. Despite challenges like disputes over data quality, concerns about vendors potentially hiding vulnerabilities and funding issues at nist, the system remains resilient. Experts argue its Federated structure, dispute resolution mechanisms and community oversight help maintain transparency. The rise in CVEs, while sometimes criticized, reflects better visibility and reporting, not necessarily increased risk. Recent funding shortfalls under the Trump administration's DOGE initiative tested the system's durability, but Mitre and others stepped up. Despite imperfections, cybersecurity leaders agree the CVE system remains essential. It's a long standing public private partnership that continues to evolve, and a future without it would leave defenders far less equipped to handle digital threats. Coming up after the break, my conversation with Joe Ryan, head of Customer Enablement at Multi Tigo Technologies. We're talking about how to help analysts in resource constrained environments overcome training gaps and luring AI bots into the digital labyrinth. Stay with us. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off.
[13:22]
Joe Ryan
Foreign.
[13:28]
Dave Bittner
Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com Joe Ryan is head of Customer Enablement at Maltego Technologies. And in today's sponsored Industry Voices segment we discuss helping analysts in resource constrained environments overcome training gaps and use investigative tools more effectively.
[14:30]
Joe Ryan
Really depends on exactly what type of analyst you are and what sort of investigation that you're working. You know, from the professional world where I am, we tend to serve two distinct types of analysts. We have our more cybersecurity focused analysts that might be dealing a little bit more on a network infrastructure level or dealing a little bit more with cyber threat intelligence and then we have on the other side, more of our kind of investigative analysts who might be dealing with the, you know, real world aspect of it in terms of actually looking into specific individuals or organizations. And oftentimes that kind of shapes the tasks that they're given and even the tools that they are provided and the working environment in which they're kind of in as well. So I think a lot of it kind of boils down to exactly the job. But then what we really start to see is the sort of resource constraints kind of play out across that. Because if you're working in private industry, often you might find yourself a little bit more resourced. You might have a few more tools at your disposal, whether that's software or access to particular data. But then oftentimes we find that maybe government agencies, for instance, some of those, if they're not on a federal level or something, may not be quite as well resourced. And so they're, they're given a little bit less to work with and have to either rely a little bit more on perhaps open source intelligence or just being a bit more resourceful and flexible in how they conduct those investigations.
[16:26]
Interviewer
Well, help me understand here, Joe. I mean, to what degree does a typical analyst have influence over the types.
[16:35]
Dave Bittner
Of tools that they are able to work with?
[16:38]
Joe Ryan
Yeah, so this is a great question, and I come from a background working in law enforcement and government agencies, and I can tell you in my experience, it does depend on the agency and it does depend on the organization as a whole. I've seen investigators, particularly for instance, if they're working in something like digital forensics, who say, look, I just cannot do my job unless I have tool X or something equivalent. And if you can't provide me with tool X, then you really can't expect me to be able to fulfill the responsibilities of this role. And so I think sometimes the individual analyst or the individual investigator really does have a lot of say in what they, what they can do and what they need. But then you also have pattern environments when you're working in much larger organizations where you're probably just given a set of tools to work with and you really just have to make do with that set of tools. But I would encourage all organizations to always talk to those end users, talk to the people who are doing those investigations, because they're the ones that are hands on with those tools day in and day out. And if they find that they're not able to do their job as well as they might be able to with other tools, especially with the rate that technology is evolving right now, then you might find that the outcomes for the entire organization are just not where they could be. If those boots on the ground might have a little bit more voice in that conversation.
[18:26]
Interviewer
Well, in your experience, are there any common mismatches here between what the analyst thinks are the most effective tools for them versus what, let's just call them the powers that be, decide that they're going to fund.
[18:43]
Joe Ryan
So in general, I don't see much of a mismatch in terms of which products are needed and which products are given. What I tend to see a mismatch in is actually the more of the change management and the implementation side of things. So oftentimes organizations do try to do what's best for their outcomes and what's best for their investigators or their analysts by providing them with perhaps what they think is a better tool, a newer tool, a faster tool. But then maybe they do that without even talking to the individuals. And those individuals are not solely reliant on one tool. Oftentimes they're using multiple tools and they've become very proficient at using those tools together. They have certain workflows that they do on a regular basis, they have certain integrations set up, maybe they have automations set up, maybe they have resources in place for sharing particular data from one tool to another. And when that is disrupted to introduce a new tool into maybe their tech stack, if you will, then that can cause a lot of problems. So it's not always just do you have the best, shiniest tool for the job. It's also how does that tool really fit into the everyday work that you're doing? Both the workflows that you've established, but then also how does it play with all of the other pieces of technology and solutions that you already have implemented within your day to day work?
[20:31]
Interviewer
What are the common elements here for folks who are having success? Obviously nobody has unlimited resources, so you have to dial it in.
[20:41]
Dave Bittner
The folks who are effective in doing.
[20:43]
Interviewer
That, are there common elements to their approaches?
[20:47]
Joe Ryan
I think so. I think that one of the big things that people now this can kind of come from two directions. So you, you have the organizational side, right? You have the side of the, the organization that is actually acquiring new pieces of technology and solutions. And then you have the side of the vendors. And so I think from the side of the vendors you really need to understand that you're not the only tool in the toolkit of the end user of your product. Oftentimes they are using 2, 5, maybe 10 other tools in combination with your product, no matter how robust it might be. And so you really need to think about that as you work to enable those users to use your product. You would never want to not give them solutions for how to then integrate your tool with another tool. And so actually building your enablement material and your enablement contents with that in mind is incredibly important. And from an organizational side, I think again, this kind of goes back to that, that change management aspect and really investing time and resources, which I know for a lot of organizations is one of those things that they're not always so happy to do, but investing time and resources into, really intentionally incorporated, incorporating these solutions into everyday workflows. So whether that means we've just acquired a solution, so we want to invest in training for that solution, we want to take a week and have someone come in and train our entire team on how to use that solution, or we want to be very encouraging of our analysts to take time out of their busy schedules to actually upskill themselves on these tools. So when we say, hey, I have a new tool that I'm implementing, maybe also kind of saying, hey, I expect your day to day productivity to drop a little bit right now, because I do expect you to spend a couple hours a week really familiarizing yourself with this tool, going through whatever online training is provided, joining a couple of webinars, taking some courses, even if it's just watching some YouTube videos, encouraging that and not just expecting that to sort of happen organically, because I think that's what we, we think will happen. And nine times out of 10 people will completely ignore that focused solely on getting their work done. And oftentimes that leads them to not even adopting the new tool if they can help it, because they would rather just do the work the way they've been doing it and stay productive than take time to learn this new tool, which might make them more productive in the long run, but it's going to take time away from their work right now.
[24:10]
Dave Bittner
Yeah, that's a really powerful insight.
[24:12]
Interviewer
I mean, both from the point of view of kind of meeting people where they are, you know, meeting them in the middle, that human element. But also I think there's a lot, there's a tendency, especially for folks who've been at this for a while, to kind of even use new tools in old ways. You know, this is the way I'm accustomed to using it, but by giving them the freedom and encouraging them to.
[24:36]
Dave Bittner
Take the time to learn things, it seems to me like in the long.
[24:39]
Interviewer
Run that's going to be a positive outcome for all parties.
[24:43]
Joe Ryan
Absolutely. I mean, upskilling is one of those things that again, is difficult even, even as a person who struggles with it daily, knowing that it would be good for me to kind of put aside work for an hour and take some time to, to upskill myself on something that I know might make me more proficient in the future. I struggle with that as a professional all the time. But it is something that I always encourage when I'm dealing, particularly with users of our platform, always encouraging them, take the course, watch the video, join the webinar, ask your questions. Because what we find is that when we actually get on the call with people, maybe they're struggling or maybe their organization has set up some kind of training. We finally get on the call with them and we get hands on with them inside the tool. And then they start to have those light bulb moments. That's when they start to make those connections and say, wow, this process that I have been doing manually, that might have taken me a couple of hours, I'm now able to do in a few minutes with this product I've never used before. And so, you know, they maybe just can't fathom, they maybe just can't understand how this new tool could speed things up and they just aren't quite willing to let themselves learn that. And that's not anything against these individuals. Right. Because that's just the nature, like you said, it's just I want to just kind of keep doing the thing that I've been doing. Maybe I'm using that old tool to solve a new problem, but I encourage people give those new tools a chance. And maybe this is a bit of a parallel, but we see that conversation happening a lot right now as it comes into AI and using these large language models. What they say is that AI will not replace you. A person who isn't afraid to use AI might be the thing that replaces you. And I say that that's kind of the same thing here for these tools. Right. It's not that a tool or a solution is going to replace you. It's that there might be a person who was willing to adopt these new technologies more openly than you are, and that person might be able to then do the work faster, better, with better results than you would be if you don't take that time to really open up and learn from those new solutions.
[27:27]
Interviewer
And it's always so gratifying when you're working with someone and you see that light bulb go on.
[27:32]
Dave Bittner
Right.
[27:32]
Interviewer
You know, to make the connection.
[27:35]
Dave Bittner
Yeah.
[27:36]
Interviewer
So Joe, when we look at the spectrum of tools that are available, I think there's a wide range, you know, between things that are kind of one click and easy to use on the one hand, but on the other side, things that require a bit more depth, training and understanding. How do you bridge the gap between those two?
[27:56]
Joe Ryan
Yeah, this is a big question right now because we find that pretty much both of these solutions in all kinds of industries have a place in the market. One of my kind of go to examples is around the design industry and we talk about a tool like the Adobe suite of products. And so you've got, for instance, Adobe Photoshop and Lightroom and all of these different tools that are out there. And if you've ever used any of these tools, you open them up for the first time and there's, you know, kind of 50 buttons across the left and the right and the top and you just have this big blank canvas to work with and you really don't even know where to start with a tool like that. But if you want to be a person that works in that industry, you just have to learn it. And then on the other hand, you have these very lightweight tools. You have a tool that might be a browser based tool like Canva, again kind of in that industry that's very sort of drag and drop, very user friendly. And what's great is that you can accomplish a lot with these simple tools. Depending on the level of work that you're doing, you're probably never going to reach that super, super high level of expertise. You're probably never going to reach being the very, very top of the game, depending on the work that you're doing. If you're using these sort of lower barrier to entry products. But if you're fine with that, and I feel like for analysts, oftentimes that's okay when you're looking at a product that might still give you all of the data that you're looking for or allow you to analyze that data in a, in a quick way. It doesn't really matter if you're using the sort of, you know, big name that's been around in the industry for 10 or 20 years and everyone just kind of quote unquote believes that this is what you have to use to be successful in this field. And that's because it's super complicated and only the best of the best know how to use. Doesn't really matter if you can find some other tool that's faster, that's more lightweight, then use that tool. And so for me, I would say it's about focusing on doing exactly what it is that you need to do. And if you find that you're able to accomplish your goals specific to your role with these more lightweight tools, then do it. I mean, there's, there's nothing stopping you and there's no reason that you shouldn't do it. And if you find that those results are only coming from these tools that kind of take a long time to fully understand, then yeah, really invest the time in those. Encourage your organization to invest the time in those. Look for the training that's out there. Because, you know, kind of going back to this example, you can find dozens and probably hundreds of courses online for how to use Adobe products. Because everyone knows how powerful they are and everyone knows how challenging they can be to use. So the resources are always out there. It's just a little bit up to the individual of how they choose to invest their time in learning this.
[31:24]
Dave Bittner
That's Joe Ryan, Head of Customer Enablement at Maltego technologies. Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production, costing 10 times more to fix. Ox Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application security benchmark from AUX Security. And finally, Cloudflare just introduced a delightfully devious new tool, AI Labyrinth. Think of it as a digital hedge maze, only instead of confusing minotaurs, it's designed to baffle AI crawlers that ignore ignore no crawl signs. When these rude bots try to scrape your site, Cloudflare lures them into a labyrinth of AI generated web pages filled with convincingly real but utterly useless content. While the bot burns CPU cycles, navigating a maze of facts about soil types or lunar geology, your real content stays untouched. This strategy not only wastes the bot's time, but acts as a high tech honeypot. No human would click four links deep into nonsense. So if someone does, bingo, it's a bot. The maze helps Cloudflare identify and fingerprint bad actors without alerting them they've been duped. It's opt in and even available on free plans. So yes, Cloudflare is fighting fire with fire, or more accurately, AI with more AI. And that's the cyber wire for links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks Podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I Dave Bittner, thanks for listening. We'll see you back here tomorrow. Foreign Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Delete Me. I have to say, Delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.