U.S. braces for Iranian cyber intrusions. - CyberWire Daily

Summary7 min read

CyberWire Daily Summary: U.S. Braces for Iranian Cyber Intrusions

Podcast Information:

Title: CyberWire Daily
Host: Dave Buettner, N2K Networks
Episode: U.S. Braces for Iranian Cyber Intrusions
Release Date: June 30, 2025

1. Introduction

In the June 30, 2025 episode of CyberWire Daily, host Dave Buettner delves into the escalating cyber threats emanating from Iranian state-sponsored actors. The episode also covers a spectrum of other significant cybersecurity developments, featuring an insightful interview with Debbie Gordon, co-founder of Cloudrange, who discusses the critical role of the human element in cyber readiness.

2. Key Cybersecurity Developments

a. Iranian Cyber Threats Intensify

At [00:02], Debbie Gordon introduces the episode, setting the stage for an in-depth analysis of current cybersecurity challenges. By [00:15], Dave Buettner highlights a pivotal warning issued by CISA, the FBI, NSA, and the Department of Defense Cyber Crime Center. The joint fact sheet underscores the growing menace of Iranian state-sponsored or affiliated cyber actors targeting U.S. organizations.

Notable Quote:

"There's no current evidence of a coordinated Iranian cyber campaign targeting the U.S., but we are observing increasing activity that is expected to escalate amid current geopolitical tensions." — Dave Buettner [02:30]

These actors are exploiting vulnerabilities such as unpatched software, known security flaws, and weak or default passwords on internet-connected devices. The agencies are urging critical infrastructure operators to implement immediate precautions, including:

Disconnecting operational technology from the public internet
Enforcing strong, unique passwords
Applying all software patches promptly
Utilizing phishing-resistant multi-factor authentication

These measures aim to fortify defenses and minimize exposure to both opportunistic and targeted Iranian cyber operations.

b. Scattered Spider Targets Aviation and Transportation

The Scattered Spider hacking group has shifted its focus to the aviation and transportation sectors, affecting major airlines like Hawaiian Airlines and WestJet. Although WestJet did not confirm the group's involvement, cybersecurity firms like Google's Mandiant Consulting and Palo Alto Networks link the recent incidents to Scattered Spider based on similarities to their past operations.

Notable Quote:

"Scattered Spider is known for combining social engineering with exploiting known security vulnerabilities." — Dave Buettner [05:10]

Despite law enforcement efforts and arrests last fall, the group continues its activities, prompting airlines to bolster their cybersecurity measures urgently.

c. Workforce Cuts at the U.S. State Department

Significant workforce reductions and organizational restructuring at the U.S. State Department have raised alarms about potential weakening of cyber diplomacy. Secretary of State Marco Rubio's plan to cut up to 2,000 employees and restructure the Bureau of Cyberspace and Digital Policy faces criticism for possibly undermining the bureau's mission.

Notable Quote:

"Breaking up the bureau's cybersecurity and economic portfolios will undermine efficiency and direct leadership reporting." — Dave Buettner [07:45]

Critics argue that these changes could diminish the department's ability to coordinate with allies and other agencies like Cyber Command, especially amidst rising cyber threats from nations like Iran and China.

d. Canada Bans Chinese CCTV Vendor Hikvision

Canada has recently banned the Chinese security camera vendor Hikvision from operating within the country and supplying products to federal institutions due to national security concerns. This move follows similar actions taken by other countries, including the U.S., U.K., Australia, India, and parts of Europe.

Notable Quote:

"Hikvision faces global scrutiny for alleged human rights abuses and security risks." — Dave Buettner [10:25]

The ban is part of a broader effort to ensure that federal agencies are not exposed to potential espionage or surveillance through Hikvision products.

e. Rise in Cybercriminals Abusing Large Language Models (LLMs)

Cisco Talos has reported an alarming increase in cybercriminals utilizing large language models (LLMs) to enhance their attacks. Criminals are leveraging both uncensored models like Onion GPT and custom-built LLMs such as Fraud GPT to generate sophisticated phishing emails, hacking tools, and malware.

Notable Quote:

"LLMs are becoming a force multiplier for cybercrime, making attacks more efficient rather than inventing new cyber weapons." — Dave Buettner [12:15]

These advancements allow attackers to automate and scale their operations, posing a significant threat to organizations worldwide.

f. Poseidon Stealer Rebrands as Odyssey Stealer

The Poseidon Stealer malware, targeting macOS systems, has been rebranded as Odyssey Stealer. This malware spreads through click fraud campaigns on spoofed financial news sites and fake Apple App Store pages, tricking users into executing malicious Apple scripts.

Notable Quote:

"Odyssey steals device passwords, keychain credentials, and cryptocurrency wallet information." — Dave Buettner [14:40]

Experts recommend blocking script execution through application whitelisting and downloading apps only from verified sources to mitigate this threat.

g. Bluetooth Chip Vulnerabilities in Airoha Devices

Researchers from German security firm ERNW have uncovered multiple vulnerabilities in Airoha Bluetooth chips, commonly used in headphones and earbuds from brands like Sony and Marshall. These flaws allow attackers to read or write RAM and flash storage without authentication, potentially hijacking devices or extracting sensitive data.

Notable Quote:

"These attacks are likely to target high-value individuals such as journalists or diplomats." — Dave Buettner [16:05]

While Airoha has addressed the vulnerabilities in their latest SDK, no vendors have yet released firmware updates, leaving numerous devices at risk.

h. FDA Issues New Guidance on Medical Device Cybersecurity

The FDA has released updated guidance on medical device cybersecurity, expanding its authority under the Food, Drug, and Cosmetic Act. The new guidelines mandate that any internet-connected medical device must include cybersecurity details in premarket submissions, encompassing elements like software bills of materials, vulnerability management plans, and assurance of cybersecurity.

Notable Quote:

"Cybersecurity is now an integral part of safety and effectiveness determinations for medical devices." — Dave Buettner [18:30]

Experts emphasize that manufacturers must prioritize security in both design and documentation to comply with the new regulations and mitigate post-market risks.

3. Guest Interview: Debbie Gordon on Cyber Readiness and the Human Element

[12:46] The episode features an interview with Debbie Gordon, co-founder of Cloudrange, where she explores the essential role of people in cybersecurity readiness.

a. The Importance of the Human Element

Debbie emphasizes that while technology and automation are critical, human oversight remains indispensable. She states:

"There is so much focus on AI and automation, but you still need people to oversee the work that gets automated." — Debbie Gordon [14:10]

Cybersecurity practitioners, particularly those in Security Operations Centers (SOCs), are the last line of defense. Their ability to think critically and manage emerging threats is crucial in maintaining robust security postures.

b. Proactive and Preemptive Cybersecurity Strategies

Organizations that adopt proactive and preemptive approaches to cybersecurity are faring better against threats. Debbie notes that strategic training, continuous upskilling, and security awareness among general users are key factors driving success.

"The ones that are being more successful are saying, 'We're going to be proactive. We're going to get our people trained in a constant way.'" — Debbie Gordon [16:50]

c. Cloudrange's Virtual Cyber Range

Cloudrange offers a virtual cyber range platform—Cloud Range—which simulates an enterprise environment for security teams to practice defending against realistic cyber attacks without the risk of real-world consequences.

Debbie explains:

"Think of it as a sandbox or a flight simulator. You're not going to crash a real plane, but you can practice doing really dangerous things." — Debbie Gordon [21:30]

This platform allows organizations to conduct regular simulations, enhancing their ability to detect and respond to threats effectively.

Integration and Cadence:

"Our customers incorporate this into their security program by executing different simulations at least once a month." — Debbie Gordon [23:46]

Regular engagement with the cyber range helps teams build confidence and maintain a high level of preparedness against evolving threats.

4. Cautionary Tale: IT Worker Launches Cyber Attack as Revenge

The episode concludes with a cautionary story about Mohamed Umar Taj, a British IT worker who, after being suspended in July 2022, launched a cyber attack against his employer. Taj altered login credentials and sabotaged daily operations, resulting in at least £200,000 in losses for a firm with clients in the UK, Germany, and Bahrain.

Notable Quote:

"Don't anger your IT guy or at least revoke his admin privileges before HR breaks the bad." — Dave Buettner [29:40]

Taj pleaded guilty and was sentenced to just over seven months in jail. This incident underscores the importance of stringent access controls and monitoring within organizations to prevent insider threats.

5. Conclusion

The June 30, 2025 episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity landscape, highlighting the increasing threats from Iranian actors, the evolving tactics of cybercriminals, and the critical role of human elements in maintaining cyber readiness. Through expert insights and real-world examples, the podcast underscores the necessity of proactive strategies and continuous vigilance in safeguarding against sophisticated cyber threats.

For further details on today's stories and access to the daily briefing, listeners are encouraged to visit thecyberwire.com.

Note: Advertisements, sponsor messages, and non-content sections have been excluded to maintain focus on the core topics discussed in the episode.

Loading summary

Transcript20 lines

[00:02]
Debbie Gordon
You're listening to the CyberWire network powered by N2K.
[00:13]
Dave Buettner
Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. CISO warns organizations of pot cyber threats from Iranian state sponsored actors Scattered Spider targets aviation and transportation Workforce cuts at the State Department raise concerns about weakened cyber diplomacy. Canada bans Chinese security camera vendor hikvision over national security concerns. Cisco Talos reports a rise in cybercriminals abusing large language models, macOS malware, poseidon stealer rebrands Researchers discover multiple vulnerabilities in Bluetooth chips used in headphones and earbuds. The FDA issues guidance on medical device cybersecurity. Our guest is Debbie Gordon, co founder of Cloudrange. Looking beyond the why Cyber Readiness Starts with people and an IT worker's revenge plan backfires it's Monday, June 30, 2025. I'm Dave Buettner and this is your CyberWire Intel Brief. Thanks for joining us here today. It's great to have you with us. Cisa, along with the FBI, NSA and Department of Defense Cyber Crime center, has issued a fact sheet warning organizations about potential cyber threats from Iranian state sponsored or affiliated actors. While there's no current evidence of a coordinated Iranian cyber campaign targeting the U.S. officials note increasing activity from Iranian hackers and hacktivists in recent months. Expected to escalate amid current geopolitical tensions. These actors often exploit unpatched software, known vulnerabilities and weak or default passwords on Internet connected devices. The agencies urge critical infrastructure operators to take immediate precautions and including disconnecting operational technology from public Internet access, enforcing strong unique passwords, applying all software patches and using phishing resistant multi factor authentication. These steps aim to strengthen defenses and reduce exposure to opportunistic or targeted Iranian cyber operations. The Scattered Spider hacking gang is now targeting the aviation and transportation sectors, cybersecurity firms warned this mostly Western English speaking group has attacked grocery suppliers, retailers and insurance companies in the US and UK. Hawaiian Airlines recently reported a cybersecurity incident affecting its IT systems, while Canadian airline WestJet faced similar issues last week. Though WestJet didn't confirm scattered Spiders involvement, sources suggest they were behind it. Google's Mandiant Consulting and Palo Alto Networks warned that the group's attacks resemble past operations and urged airlines to harden systems immediately. Scattered Spider is known for combining social engineering with exploiting known security vulnerabilities. Despite arrests last fall, U.S. law enforcement has struggled to curb their activities. Planned workforce cuts and a reorganization at the U.S. state Department are raising concerns about weakened cyber diplomacy. Secretary of State Marco Rubio aims to cut up to 2,000 employees and restructure the Bureau of Cyberspace and Digital Policy. This comes despite a federal court injunction blocking broad layoffs across agencies. Staff were told to update resumes by June 13, but and managers reviewed personnel files in preparation. Critics warn the cuts could fracture the Cyber bureau's mission, reducing its ability to coordinate with allies and agencies like Cyber Command, especially as cyber threats rise from adversaries such as Iran and China. Analysts say breaking up the bureau's cybersecurity and economic portfolios will undermine efficiency and direct leadership reporting. House Democrats argue this threatens US International cyber policy coordination. Even if layoffs are blocked, Rubio may proceed with reorganization under a separate directive, leaving the bureau's future uncertain. Canada has banned Chinese CCTV vendor hikvision from operating in the country and selling to federal institutions due to national security concerns. Industry Minister Melanie Joly ordered hikvision Canada to cease operations following a security review under the Investment Canada Act. The government is investigating to ensure no federal agencies still use hikvision products. While the ban does not cover private businesses or individuals, Canadians are urged to reconsider purchases. Hikvision faces global scrutiny for alleged human rights abuses and security risks, and including bans or removals in the us, uk, Australia, India and Europe. In the us, hikvision was banned from government contracts and placed on the entity list for its role in surveillance of Uyghurs in Xinyang, accusations the company denies. This Canadian ban follows Quebec's 2023 prohibition on Hikvision products in government settings. Cisco Talos reports a rise in cybercriminals abusing large language models to enhance attacks. Criminals use three main uncensored models like Onion GPT and White Rabbit Neo that generate phishing emails or hacking tools. Custom built LLMs such as Wormgpt, Darkgpt and Fraud GPT advertised on the Dark Web to create malware and phishing content, and jailbreaking legitimate LLMs like ChatGPT through prompt injection techniques to bypass safety guardrails. Criminals use LLMs for programming ransomware, creating phishing pages, verifying stolen credit cards and scanning for vulnerabilities. Some distribute backdoored models on platforms like Hugging Face to infect users. Cisco warns that LLMs are becoming a force multiplier for cybercrime, making attacks more efficient rather than inventing new cyber weapons. Interestingly, Talos found some dark web sellers like Fraud GPT's alleged developer scamming buyers with non existent malicious AI products. Cipherma reports that Poseidon Stealer, a macOS targeting malware as a service, has been rebranded as Odyssey Stealer. Odyssey spreads via click fix campaigns on spoofed finance crypto news and fake Apple App Store sites. Users are tricked into running a base 64 command in terminal, which executes malicious Apple script to steal device passwords and keychain credentials. Odysee targets cryptocurrency wallets like Electrum, Coinomi and Exodus, as well as browsers including Safari, Chrome and Firefox. It harvests passwords, payment info, session cookies and autofill data. It also steals files from desktop and documents folders, archiving them into a zip file for exfiltration. The Control Panel, mostly hosted in Russia, offers features like cookie based session hijacking and guest demos for buyers. Cipherma advises blocking script execution using app whitelisting and only downloading apps from official or verified sources to mitigate this growing macOS threat. Researchers at German security firm ERNW have discovered multiple vulnerabilities in Airoha Bluetooth chips used in headphones and earbuds from brands like Sony, Marshall and Beyerdynamic. The flaws stem from a custom protocol in Aroha's SDK that allows attackers to read or write RAM and flash storage without authentication. Exploitation is possible over both Bluetooth Low Energy and Bluetooth Classic. Even without pairing attackers within Bluetooth range. Could hijack headphones, eavesdrop on audio, read media data, extract phone numbers, or rewrite firmware for full code execution, enabling wormable exploits. These attacks are likely to target high value individuals such as journalists or diplomats. Aroha has fixed the vulnerability in its latest SDK, but Ernw warns no vendors have released firmware updates yet, leaving many devices exposed. The FDA has issued new final guidance on medical device CyberSecurity, replacing its 2023 version. The updated document reflects expanded authority under Section 524 of the Food, Drug and Cosmetic act, requiring that any Internet connected cyber device include cybersecurity details in premarket submissions. The guidance mandates elements like software, bills of materials, vulnerability management plans, and demonstration of reasonable assurance of cybersecurity. Experts note this merges previous guidance with statutory updates into one cohesive document, clarifying that cybersecurity is integral to safety and effectiveness determinations. It explicitly covers debug ports, wireless modules and access controls. Widening regulatory scope While the FDA aims to enhance device security amid rising healthcare cyber threats, experts warn that recent budget cuts and staffing losses could slow reviews. Researchers emphasize that manufacturers must prioritize security in design and documentation to avoid delays and reduce post market risks, as nearly all modern devices now qualify as cyber devices. Coming up after the break, my conversation with Debbie Gordon, co founder of Cloudrange. We're looking beyond the stack why cyber readiness starts with people and an IT worker's revenge plan backfires. Stay with us. And now a word from our sponsor, Cloudrange. At Cloudrange, they believe cybersecurity readiness starts with people, not just technology. That's why their proactive simulation based training helps security teams build confidence and skill from day one by turning potential into performance. They empower SOC and incident response teams to respond quickly, smartly and in sync with evolving threats. Learn how Cloudrange is helping organizations stay ahead of cyber risks@www.cloudrange.com.
[12:47]
Debbie Gordon
Foreign.
[12:52]
Dave Buettner
And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic Identity Threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire Debbie Gordon is co founder of Cloudrange, and in today's sponsored Industry Voices segment, we look beyond the stack. Why Cyber Readiness Starts with People so.
[13:59]
Debbie Gordon
The Human Element it's funny, when I think about the last 10 years, the human element. Ten years ago wasn't a thing. You had security leaders who thought that technology could solve all problems or compliance could solve all problems. But it wasn't until maybe seven or eight years ago that it became trendy for good reason to focus on people in cybersecurity because they are in fact the weakest link in the chain. They are the last line of defense. And I'm not just talking about the users in an organization who you don't want clicking on a phishing email. I'm talking about the cybersecurity practitioners in a security operations center who are incident responders. Also, those people are the ones who are the last line of Defense, and they are the most important piece of the security stack. And so to answer your question, there is so much focus on AI and automation, but like with any innovation, it just raises people up to do different work, but you still need those people to be overseeing the work that got automated by the innovation. Same thing with, you know, whether it's the wheel or the Internet, it all requires people still overseeing it. And I think that every day we're seeing an exponential increase in the use of AI, and that requires an exponential increase in people who know how to decipher the accuracy of AI, how to think critically and how to manage it, how to tell it, what to do and how to do it. People are so important and just people say, oh, you're going to not need humans anymore. That's absolutely not true.
[15:59]
Dave Buettner
And from your perspective, the organizations that are being effective here, who are seeing success, are there common elements to the way that they approach this?
[16:10]
Debbie Gordon
Yes. So organizations who are taking a proactive and preemptive approach to cybersecurity are being a lot more successful. So many security leaders, probably everyone listening, feels like they're playing whack a mole constantly. They're just trying to stay ahead. There's new technologies, things are moving quickly, the attack surface is growing. Things are just getting more complex. They can't necessarily stay ahead of what they need to know in terms of the tactics that the bad guys are using and the technologies they need to consider on how to defend against them. There's so much out there. So it's imperative. The ones that are being proactive and preemptive, they have to make a really an intentional decision that they're going to be strategic about their approach. And so the ones that are being more successful are saying, okay, we're going to be proactive. We're going to get our people trained in a constant way. You can't just wait for things to happen to see if people know what they're doing. And so by having an intentional methodology around training, upskilling, and even security awareness to the general users, that is where organizations are being most successful. Where we see organizations flailing in the market is when they're just trying to be reactive and they can't keep up. But when you have a plan and you execute on that plan, things are a heck of a lot easier.
[17:51]
Dave Buettner
How do you approach that person who feels as though they're flailing? Like, you know, we have barely enough bandwidth to keep our heads above water, to mix metaphors, like, what does the transition look like from that mode to One where you feel like you have your arms around this.
[18:13]
Debbie Gordon
That's a great question. And if you think about anything that you felt, and it's not specific to cybersecurity, just any human, any, anything in human nature where a person feels overwhelmed, right. They usually don't have a plan. They don't. They, you know, you talk about eating one bite of the elephant at a time. That's how you eat an elephant. You have to eat it one bite at a time. They don't know what that bite is. And so with cloud range, when we talk to customers and prospective customers, CISOs come to us because they know that we have something that's not a, you know, just another band aid. It's not just a tool in their stack. It's actually something that they can integrate into their program proactively and sleep better at night. And we see that all day long. Because when you know that your team is proactively preparing and you can see on a report what ttps that they've defended against, what threat vectors that they've successfully depended against or defended against, when you know that you could go tell your board tomorrow that, you know, you, you have successfully defended against XYZ attack in a simulation and this is not going to happen to us. That's comfort. And people want to feel comfort. And as much as we're in the technology world, security leaders are humans and they want to feel safe. They want to, and I don't mean safe from a cybersecurity perspective, I mean safe like that their job is being done and they feel safe knowing that their team is ready when something happens. And so we use simulation for that. And they honestly sleep better at night.
[20:06]
Dave Buettner
I think it's a really interesting insight that you, if what I hear you saying is that you kind of ignore that emotional element, that human element at your own peril, that you can't pretend like that isn't a part of all of our day to day lives.
[20:23]
Debbie Gordon
It absolutely is. You know, purpose drives us all. You know, if you think about Maslow's hierarchy, we all want to have a purpose. We all need to eat and have shelter and be protected. But at the end of the day, we need to serve a purpose. And when people are flailing, they don't know if they're serving a purpose. That's the thing. They very well may be, but they need evidence of that. And so I love when we can sit down with a CISO or a CIO at one of our customers and show them how much they have actually reduced risk in their company. And they can see how they've done it. They can see that their team has improved on their time to detect and time to respond on a list of different attack scenarios. And they can see a very tangible benefit and that makes them feel comfortable, confident and safe.
[21:20]
Dave Buettner
For folks who aren't familiar with attack simulation, this notion of virtual cyber range, attack simulation, how do you describe it?
[21:30]
Debbie Gordon
So first off, this cloud range was the first virtual cyber range platform and a cyber range. Can people think of a cyber range as different things? Sometimes people think of a cyber range as a place you go and do an incident response exercise, or in the military, a cyber range. I'm using air quotes is an, actually an event. It's not even necessarily the technology, it's an event. But what cloud range developed is a virtual cyber range, which is a cloud based representation of an actual enterprise environment, a multi segment environment. Think of it as a, you know, a sandbox or a safe place. Think about a flight simulator. Safe place. You're not going to crash a real plane, but you can practice doing really dangerous things. So we developed this environment and our customers are able to go into that environment, looks and feels like their own. And there's industry leading tools in there, different Sims and Firewalls and EDRs, and that's the environment itself that's not useful without content. Content is what, that's the attack. So we have a team that, that is designing, scripting and releasing attacks so that our customers can be proactive and preemptive by defending against those attacked attacks in a safe environment. In this cyber range, there's live traffic, both good and bad traffic. They don't know when a SOC team logs into the range. They don't know what they're looking for. Because just like in real life, the bad guys don't call you and say, hey, we're about to attack you. You don't know what you're looking for. And this gives organizations the ability to be proactive on an ongoing basis. And rather than just having to learn on the job, which can be extremely dangerous and risky and very inefficient, help.
[23:37]
Dave Buettner
Me understand how something like this gets integrated into an organization. I mean, is this a, what's the cadence of actually interacting with something like this?
[23:47]
Debbie Gordon
So in terms of integrating it into an organization, I'll divide this into two parts. There's no technical integration because it actually sits completely segregated from an organization's network. So we're not touching anything, we can blow up malware, we can do whatever we want. And reset it within a matter of minutes. So it's very safe in terms of integrating it into the business itself. That's where it takes a really great leader to say, we're going to be strategic about this and we're going to put a proactive plan in place. So our customers, a lot of Fortune 500 customers, financial services, manufacturing, energy, insurance, and healthcare, they are incorporating this into their security program in the sense that at least once a month, they have. They have, they. They have access to the range anytime they want, but they plan and execute on going through a different simulation at least once a month. You can do more than that, you can do less than that. It's like going to the gym. The more you go, the better. 5 days or 3 days is better. Is not as. Is 3 days better than 1, 5 days is better than 3, but all of it's better than none. And so it's not about. We want to give them the exposure, and the more they do, the better, because again, then they can be confident and have the metrics to show that they have successfully detected and responded to these attacks, and it's going to make them safe. What's really important here is that the attacks that we develop are done so as a result of the threat intelligence that we get. So we have a whole library of attacks. They don't go out of style. The bad guys are still using them, however, when we hear about new intelligence. So, for example, when Volt Typhoon happened, we were able to recreate that and roll it out to our customers. Same with Salt Typhoon and then various flavors of ransomware. So we put those out there, and our customers are always looking forward to what's next. They know that that could happen to them and that they'll be ready for it as soon as they go through it. The other piece is that, you know, there's both OT and it, and, you know, most people think about it in terms of cybersecurity, but we're hearing more and more about OT and operational technology, industrial control systems, critical infrastructure. That's something we've also built. And we have virtualized OT environments for our OT customers. So they're using OT and it's. And those attacks are even a bit different because those are ones that may come from the IT side over to the OT side or vice versa. And those types of companies, they have their own struggles because sometimes they don't even have agreement internally on whose job cybersecurity is. And that's for a whole other podcast.
[26:54]
Dave Buettner
I mean, it seems to me like, there's an opportunity here, you know, using air quotes to fail or to succeed, but to do either within this safe space where you can see how you would do in the real world, but there are not the consequences that you would get in the real world.
[27:18]
Debbie Gordon
Exactly. That's why this is being adopted so readily by organizations. You know, eight years ago, a virtual cyber range didn't exist. So when we, when we built this, it was something that the market didn't necessarily ask for right away because it didn't exist. But now that the market knows it's there, you can't not have it. Imagine, you know, when the flight simulator was. Was invented. You know, do you think that flight schools just said, yeah, I don't think we need that. Let's just put them in the airplane. They can't not have it. And, you know, same thing with the iPhone. Before the iPhone was invented, people didn't say, hey, I wish I could have some device where I could email people and take pictures and track my diet and my heart rate and my sleep. No, they didn't ask for it because it had never existed. So now it's getting asked for.
[28:10]
Dave Buettner
What are your recommendations for someone who thinks, like, they may want to head down this path? What's the best way to get started and to see how this would work with their own organization?
[28:22]
Debbie Gordon
So for somebody who wants to go down this path, first off, that's obviously the right thing to do. They're being proactive, and we're hearing a lot about proactive and preemptive security, and this is a fundamental part of it. So at cloud range, we work with customers to put a program together. We have what we call missions. We have customers go through an actual simulation with their security team, and they actually get to see how it's done, and they get to watch them in action. And I'll tell you when I see them. And I haven't done it in a while, but in the early days, I had the luxury of observing some of the exercises and the missions that our customers went through. And it was amazing seeing the security analysts blossom when they were going through a simulation, because all of a sudden you see their confidence go up because people are afraid to do things in a real environment. They might mess up, but when they know it's safe and they do something and they see that it was right, they're. They're automatically boosted and they're going to be a lot more productive when they go back to their seat. So we encourage, you know, all of anyone who wants to do this. First off, it's, it's, it's a, it really is a strategic initiative by organizations. We don't really think about this as just a training program plan because training is sometimes once and done. This is ongoing because everything changes every day in cybersecurity. So it's ongoing. We have 95% year over year customer retention because they're never finished. There's always more things to defend against. So we show you what those are. We give you, you know, an opportunity to get on the range and have your team go through it and you get actual results and it's a great way to start.
[30:11]
Dave Buettner
That's Debbie Gordon, co founder of Cloud Range. And now a word from our sponsor, Cloudrange. At Cloudrange, they believe cybersecurity readiness starts with people, not just technology. That's why their proactive, simulation based training helps security teams build confidence and skill from day one by turning potential into performance. They empower SOC and incident response teams to respond quickly, smartly and in sync with evolving threats. Learn how Cloudrange is helping organizations stay ahead of cyber risks@www.cloudrange.com. and finally, in a cautionary tale for managers everywhere, a British IT worker decided suspension wasn't enough drama for the week. Mohamed Umar Taj, clearly displeased with his July 2022 suspension, swiftly launched a cyber attack against his employer, altering login credentials and sabotaging daily operations. The firm, with clients in the UK, Germany and Bahrain, reported at least 200,000 pounds in losses, plus the general inconvenience of having their systems turned into Taj's personal revenge sandbox. Police found he even kept recordings of his exploits, presumably for his villain highlight reel. Taj pleaded guilty and was sentenced to just over seven months in jail. West Yorkshire police noted his antics rippled far beyond the uk. The moral to the story? Well, don't anger your IT guy or at least revoke his admin privileges before HR breaks the bad. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There's a link in the show notes. Please do check it out. N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Hey, everybody. Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites. And they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.