Who’s logging in? [OMITB]

A

You're listening to the Cyberwire Network, powered by N2K.

B

Welcome back to Only Malware in the Building, the show where.

C

Where we talk about cyber.

D

Did your voice just go up?

E

What?

D

What?

C

It.

B

What is happening?

C

Why do we sound like animated chipmunks? This is incredible. What did we press? No, don't fix it. Don't touch anything. I'm touching everything. Stop it. You might make it worse.

F

See? I told you. Oh, wow, Keith. You sound hilarious right now.

E

We sound like we narrate movie trailers. Now,

F

in a world where malware takes over, three hosts lose all control.

C

Okay, wait. What button did we hit? I didn't touch anything.

F

I definitely hit a button. I just don't know which one.

C

Great. Love that.

B

For us.

F

Okay, this is not helping.

D

There's.

C

There's. There's too many buttons. Why are none of them labeled?

F

Who set this up? We did.

B

Wait,

E

I think I fixed it.

B

Hello?

D

Oh, thank God.

E

Okay, nobody move.

B

New rule. We label everything.

D

Yeah. Cause I'm old. Big labels, bright colors.

E

Like, do not touch this one ever.

B

Or this one turns you into a chipmunk.

D

Honestly, that one gets a star.

E

No, no, no, no, no, no. No stars, no favorites. That's how all this happened in the first place.

B

We are absolutely going to hit that again.

D

100%.

E

You guys are hopeless.

B

Hello, and welcome to Only Malware in the Building. I'm Selena Larson, and today I'm very excited to talk about something that has been on the top of my mind for a while. Identity. Keith.

A

Dave.

B

Who are you?

E

Oh, man.

D

I can neither confirm nor deny who I am.

E

Yeah, that's right. The old G Man. Mr. Undercover. Mr. Secret Agent Man. Is he really Keith Milarsky? We'll never know. No one will ever know.

G

He could be a double agent.

E

Me, on the other hand, who knows? You know what I ask myself pretty much every day? Who the heck are you? What are you doing here? And why are you this way? So it's a bold question to ask, Selena, and I'm not sure we want to go down that path.

B

I think we should, in part because multiple cybersecurity companies have recently released threat reports looking over the last year or so of threats data. And all of them had one thing in common. That threat actors are increasingly targeting identity. Now, every time I think about this, I think about that scene in Zoolander where he's, like, staring in the mirror and is like, who am I? And I feel like this is actually what threat actors are asking themselves as they are compromising and trying to take over Everybody's personal identity. So a couple of highlights that I wanted to talk about before we sort of dive into everything. So the thing that sort of kicked me off on this look into identity and the landscape overall is back in February, Sophos published Nowhere man, the 2026 Active Adversary Report. And they have this fantastic visual, this graph that says identity related root causes as percentage of cases have increased every year since 2022, and 2022 was the last year root that non identity related root causes. So things like malware or, you know, exploits, things like that were more commonly observed than identity related root causes. So I thought that was pretty interesting. And then of course, we have a couple of other reports that came out recently, including Spy Cloud. They found that from their 2026 identity exposure report, non human identities are now a core attack. Surface Spy Cloud saw a 23% increase in its recaptured identity data lake, which now totals over 65 billion distinct identity records. And then finally, I wanted to highlight Red Canary's detection threat detection report, which they publish every year. And it's really great. If you haven't read it, I definitely recommend it. They say identity based threats now account for more than half of our total confirmed threats, following an 850% increase in identity threat detections year over year. What do you guys think about this? This is crazy, right?

D

Oh, it is nuts. And like you just mentioned, you know, credentials. I know at Q and L we collect compromised credentials too. And I was just looking today, like how many compromised credentials we have. It's like 414 billion, you know, and that's just not like, you know, just like combo lists and malware logs and cookies. And so there's just so much of the compromise credentials that are out there and we're just seeing the threat actors, you know, hey, instead of having to hack in using an exploit, hey, why don't we just kind of log in as that person? So, you know, I just saw in the news in the last week, I think maybe it wasn't even one of these reports where they were saying identity's new perimeter. And then we just had the striker intrusion with the Iranians that was basically. And we can dive into that too, but just using a compromised identity. So this is, this is definitely the new trend.

E

So let me ask you both this. I'm curious, to what degree do we

G

think that the shift towards identity has come? Because the other ways to get in

E

that used to be easier aren't as

G

easy as they used to be.

E

In other words, was there a time when Identity was harder than malware. Right. But now we've got everything buttoned down

G

pretty well against malware.

E

So the path of least resistance has shifted to identity. Does that make any sense?

B

Yes, I think that's correct. And we've seen overall a shift in the threat landscape. And I thought it was pretty interesting to note specifically in Sophos report where the 2022 was sort of the last, the last time that identity was less than other initial access or types of attacks. And I don't think that that's necessarily a coincidence because especially if we think about emails initial access, which is where I live in my data at Proofpoint. There was a big shift in 2022-2023 where macro enabled attachments from large botnets, high volume threat actors didn't work anymore. So it used to be like, you know, one click to enable macros could get you quite a bit of access within an organization's environment. And that's not to say that was the only access that we saw, but it was something that was pretty common and was pretty easy because people would believe that they had to enable macros in order to access documents. So it was a pretty reliable attack that ended up getting closed because Microsoft locked that down. Macros were defaulted to not be able to be downloaded from the Internet. So it was blocked that attack path. So I think that we see this sort of trend right away from this sort of easy low hanging fruit to identity. But then I also think that as we're even more interconnected, things like our identity can get us so much more within the enterprise. Right. So we have everything moving to the cloud, we have our access that can get us sensitive corporate information access to a lot of different things that we have to use in our data all the time. And so it's a very like interesting exploit, an avenue for threat actors. Whereas like malware can lead to ransomware which was like encrypted data and having huge ransomware. Now if you can steal data or steal an identity, you can make smaller amounts of money off of that type of information.

F

Yeah.

D

And I think you know, the identity part two, like Dave, what you were just saying, EDR has gotten so good now that if I could steal your session, I'm you. And you know, one of the things that we're seeing out there is, you know, a lot of perpetual tokens, you know, cookies that aren't expiring when the threat actors get that they can go in there. There's no token binding to, you know, where you're binding that token. To that device. So it could be transferred by the threat actors to then be you. And then with the info stealers that are out there, I think in one of the reports that you mentioned, Selena, I can't remember which one it was, but they were just saying that the average device has, that gets popped with one of these info stealers out there, has 87 different stolen credentials on it. So if you get on one of these hosts with an infosteeller, you're getting the corporate accounts, the personal accounts, the saved browser sessions, VPN keys, cloud admin tools, API keys. So you're really getting a lot. So I think the threat actors on the underground, they're seeing, look, this is kind of an easy way to get on because a lot of these info stealers are kind of low weight malware. But the return on this is just enormous.

B

I think it also kind of coincides, and I'm curious, Keith and Dave, your take on this is it sort of coincides with the ransomware going from big game hunting and encryption to more like data theft and extortion. So that became a little bit more of a viable business model where you saw the rise of identity being more interesting there because of the types of data that criminals can get their hands on or resell or the different types of access that's available. Whereas it used to be like all the money was made in big game hunting ransomware with like full encryption, and now it's like, well, data theft and extortion is a lot more of like that business model. Do you think that that at all had a role in the sort of focus on identity?

D

I think so. But I also just think that, you know, we've been focused for all these different years on, you know, making sure that we're patching CVEs, that we're making sure that we have good malware protection, and we've been focused on that aspect for so long that we just kind of haven't focused on identity like, like we have those others. As with every action, there's a reaction. So with the good guys doing that and making that harder, the bad guys are just going to, are pivoting to different areas that are a little bit easier to get in.

E

I wonder too, like, how does this align or track with the push towards multi factor authentication and even pass keys? Because I feel like people have gotten the message that username password is not enough. And yet this continues to be a place where the bad guys are having success. So is this happening in spite of the adoption of multifactor or is this just that even with multi factor, like Keith said, they're able to steal tokens and that's the ball game?

B

I mean, I think it's a little bit of both. Right, so you have organizations that still aren't adopting multi factor authentication and things like generic password spraying, brute force can be fairly effective. But then you have MFA enabled attacks that are. Even if organizations have multi factor authentication, they're still able to get those cookies. They're still able to become that individual. And I think that we see a lot of different phishing kits popping up as well from different various threat actors that are multi factor authentication, phishing. And that's basically phishing is multi factor authentication these days and in our data. So I thought this was a really interesting statistic that we published recently, is that 9, 49% of organizations experienced account takeover attempts based off of our cloud threat data, and 67% experienced a successful account takeover. And of those account takeovers, 59% of those accounts had MFA enabled. So the majority of accounts did have MFA. But the kits are becoming a lot better. Threat actors are becoming a lot more creative with how they're conducting their phishing. Social engineering is becoming a lot more convincing as well. You know, we talked about that a little bit on our podcast. And so I think now mfa, yeah, maybe MFA is everywhere, but so are MFA stealing credentials, credential kits. And so now it's like, all right, it's time to do the next level, right? And a token, a physical token, a physical key to prevent some of that.

E

Well, that was gonna be my next question because I remember, oh, it was probably a couple years ago now. I think it was research from Google where they basically said on their own internal tests and experiments and so on and so forth that if you had a hardware key, basically that was the thing that was like 99.9% effective at preventing account takeover. And again, this was a couple years ago, so I wonder, do either of you have any updated information on that? Is that still true? Is that still pretty robust in its level of protection comparatively?

B

Well, now I think you need to draw blood and have your DNA logged in order to access the laptop. But yeah, no, I mean, that's still the best. I mean, that's just the reality of where we are now. Is that, yes, a physical key? Because threat actors are becoming so much more creative. And I think too, with social engineering, their proofpoint has actually published research on how you can sort of social engineer around the physical key required, basically saying, oh, this doesn't work. You have to do, you know, an MFA option that's like a code or something. So. So there are ways to kind of trick it. Not necessarily bypassing a physical key, but basically using social engineering to get somebody to use a less secure method of logging in.

D

And that's what we're seeing with the Scattered Spider guys. You know, they're. They're following that up with. With a phone call to it know they're saying, hey, I'm having trouble logging in, or my MFA is not working. Can I reset it? And just like what you were saying, Selena, if it was a token. Hey, my token's not working. Hey, could I set up. I can give you a phone right now, and we could set up a new mfa. And that's what we're seeing with the, you know, the Scattered Spider group to kind of get around that, you know, the. The recent Typhoon. I want to. I always want to say typhoon, but it's Tycoon 2fa.

F

Yes.

D

I'm so into salt. Typhoo Typhoon. So that was kind of screwed me up. So, yeah. So Tycoon 2fa, you know, so that's, you know, one of the fishing kits like you were just talking about, Selena. And I'm guessing we're gonna kind of dive into that since you guys played a real big part in that takedown. But, you know, but they're.

E

They're.

D

They're fishing and bypassing and doing a man in the middle attack to defeat that mfa. So. And. And that fishing kit is just sold for, you know, $120 on telegram. So it's a low entry to kind of a sophisticated attack.

B

Well, the Tycoon case was really interesting. So Tycoon was the biggest MFA credential phishing threat in our data, and I believe in other people's data as well. Right. Microsoft published some great research on it as well, was seeing millions and millions of emails attributed to the Tycoon phishing as a service platform. And it was around for quite a while, quite a few years. It was very popular with phishing credential phishing threat actors. It was easy to use also, so it was well maintained. The person behind Tycoon was, you know, offered support, was regularly updating it, providing tools for people to be able to just, you know, buy a kit and start fishing. And I think that the focus on taking down phishing is really exciting to me because we've talked about previously on this podcast, targeting malware disruptions, things like Operation Endgame, going after Lumasteela or Peekabot or some of the big botnets that are responsible for a lot of ransomware. But I feel like credential phishing and phish kits get a little less love from both law enforcement, but also sort of the general security research community. And I think that that's partly because they're just not as like, cool or technical. I have air quotes, you can't see them. But, but, but I think, you know, credential phishing is like, oh, that's just phishing. You know, like, I want to look at the botnets, I want to look at the wipers, I want to look at fun malware. But credential phishing using multi factor authentication phish kits can lead to things like follow on malware deployment. If you're able to get into a corporation, take over someone's identity, you can either steal data, you can commit fraud, you can find details, or you as a threat actor can sell that information on to a much more sophisticated threat actor that can then drop interesting malware pivot within an environment, potentially drop ransomware. It's an opening that can provide you with a lot of different opportunities. We'll be right back.

G

And now a word from our sponsor. Threat Locker, the powerful zero trust enterprise solution that stops ransomware in its tracks. ThreatLocker Protect is the core Threat Locker product focused on endpoint security, designed to prevent unauthorized software from running, control how applications interact, and manage access to storage devices. Its building blocks are allow listing, ring fencing, and network control. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the system resources they truly need to function. Network control locks down access by port, source, IP or dynamically with ACLs that automatically update as IP addresses change. Shut out cybercriminals with world class endpoint protection from ThreatLocker. And we thank ThreatLocker for sponsoring only malware in the building.

E

So if this is the reality that this is how folks are getting in, does that mean we need a pivot on the inside? Inside the castle moat, in other words, is, you know, everybody's talking about zero trust and micro segmentation and all those sorts of things. Is that no longer optional? Is that a necessity given that we're seeing so much success of getting in with people's credentials?

D

Yeah, I mean, really, at the end of the day, you know, right now we have to obviously have that least privilege and all that, because if somebody's logging in as me, it looks to the defenders that it's, it's me and the threat actor could utilize all of my privileges to pivot throughout the network. And nothing's really going to flag unless I start, you know, trying to deploy mimikats or something like that, you know, so, but, you know, if you're just kind of just pivoting through there, it's just going to look like a regular user session without necessarily bad behavior. So again, some of the things that we've talked about here all the time with, you know, segmentation and least privilege, you know, all go into play here.

B

Conditional access policies are also super important. So basically you can create a sort of allow list approach. So these are the accepted use cases for this user. So it's different, you know, users, operating systems, IP ranges, name locations, things like that, to make it so that you have the picture of the person who should be logging in, who should be using this identity. And if it deviates from this set identity, then it would flag. Like, this is suspicious. This is something that I should be investigating, I guess too.

E

Like privilege sprawl is something you got to keep an eye out for as well, where over time somebody needs access to something and even when they don't need it anymore, it tends to stick because who's checking up after the fact?

D

The number of privilege accounts in corporate America right now is just absolutely insane. You know, when I was at EY and we were doing Attack and Pennsylvania, one of the first things our guys would do is just get on to SharePoint and just start searching SharePoint for privileged accounts. And 99 out of 100 times we would find one and, you know, within two hours then we would have domain access. So there are absolutely too many privileged accounts out there and just really poor secrets management for sure.

B

Well, I did actually want to touch back on Tycoon because I did want to make sure that we gave the flowers to all the people who deserved it, and also encourage people to think about credential fishing as as much of a priority as information stealers, as malware, as ransomware, things like that. So also I wanted to shout out Red Canary again, because I was at the SANS Conference at the end of January and there was a woman from Red Canary who was talking about prioritization of the different threats. And they actually had identity and like credential phishing as a higher priority than malware in her framework that they have. And I thought that that was so interesting. I think it sort of signals this shift within our community, like within cybersecurity. That's like, okay, we, we, we know that identity is becoming the new playing field. This is what threat actors are prioritizing more than anything. And we have all of these case studies that are coming out, like saying, look how much identity is sort of taking over the landscape. You have companies that are saying, yes, we're prioritizing it this way. And now I think we have the tools that are available to us. It's just a matter of sort of implementing them. And one of the tools I think in the toolbox that is very exciting that we have talked about on this podcast before is of course law enforcement disruptions or legal types of disruptions. And the Tycoon disruption was a perfect example of this. So it was a coordinated effort between public and private partners. Proofpoint of course, played a role, But Microsoft, Europol, Cloudflare, Coinbase, E Centire, Health, ISAC, Intel 471, Shadow Server, Spy Cloud. There was a group of organizations that really sort of came together to say, look, this is a huge threat in our data. We are seeing this impacting our customers, impacting us, impacting the number of credentials that we're seeing on the dark web. What can we do about it? And so there was this coordinated effort between public and private with law enforcement from Europol in different countries, and this private sector with Microsoft and Health ISAC with a lawsuit against the creator, Basically this multi pronged approach to do this takedown. And it's not necessarily like wiping it off the board forever. And it's not to say that MFA phishing doesn't exist anymore, but it signals to the bad guys like, hey, we are taking this seriously now. Like we like, like phishing isn't just fishing. Like fishing is up there with the threat, the most important threats to us. But I think it also signals to organizations like, hey, credential phishing is not, quote, just credential phishing. It's something that you need to take very, very seriously because it can have these very significant impacts. And you know, I'm kind of curious, do you see that narrative shifting or do I just sort of live in like a little bubble where I think people focus more on like malware, ransomware. And credential phishing is more of a second thought.

D

I mean, I think as like an, an agent, when I was at the FBI, you know, in cyber division, you kind of almost had like this badge when you were like doing exploits or you doing something that, you know, you're doing cool, cool things like that, you know, at least there was that perception of that. You know, while phishing or spam cases aren't aren't as sexy, you know, so, so I think everybody likes to do, gee whiz things and that's why, you know, they like the look at the zero days and things like that. But what I loved about this takedown is of really just industry and law enforcement listening to the pain points that industry seeing out there. And I think that that's, that's the true public private alliance of, you know, an industry focus group coming together saying, look, this is a problem out there, it's bad. You know, there's billions of credentials going around. You know, this, this fishing kit, it's sophisticated and we, we need to impact this. And then for law enforcement to come together and go, yep, we agree. Now what intelligence could you provide us, what, you know, what intel could we get from you to help make our case? And then, you know, working to get that across the finish line and use not only law enforcement techniques and powers with search warrants and things like that, but civil seizure orders like, you know, what Microsoft was doing as well. So really that is just such a great case of doing it the right way, in my opinion.

E

Keith, from your experience in law enforcement and the times when you had a view into some of the backroom conversations that the adversaries were having, how much did someone else being taken down affect them? Like how much were you able to mess with their heads or did they feel impervious to it? Or does a takedown make everybody else a little nervous?

D

Oh, it makes them paranoid. I mean, that makes them paranoid like crazy. Well, in today's world, the news site cycle is what, a couple weeks though? So for two weeks they, they just go utterly paranoid because they're wondering whether the hammer is going to drop on them, who's getting flipped. And a lot of times they don't realize, you know, well, these cases take weeks and months. So. So even though there's a takedown, we may know about you, but we're not going to rescue, maybe, you know, arrest you in the next seven to 10 days, maybe we'll get you in two months when you travel to Thailand or something like that. So. But there is a lot of paranoia that goes through and talking about this person is a rat or this person's a fed, and so there's a lot of distrust that goes down when these takedowns happen.

E

It's interesting to me because I, I feel as though it emphasizes that there is utility in talking about these takedowns and spreading the word about them. You know, like it's something I try to be fairly Deliberate about on picking the coverage that we do over on the Cyberwire, because I feel as though these takedowns, first of all, it's a win. It's good news.

D

Right.

E

Instead of the bad news you're hearing every day. But also, I want people who are either out there actively doing bad things or maybe just considering it to hear that you're not free and clear. People are actively out there looking for you. And as you say, the hammer might come down.

D

Absolutely. And you know, just like looking at this, if I was putting my FBI hat back on and just seeing this takedown, seeing these reports that just came out about identity, some of the things that I'd be going after right now is how to make that impact on that identity space, is I'd be targeting the identity access brokers. You know, they're out there on the forums, they're selling access to certain companies. And that's where I'd be using my intelligence out there to run sources, get communications against these guys. And then, you know, that would be my next big takedown of going to Europol. And, you know, once we get these guys identified, and then now, now Maybe we arrest 10 of these identity access brokers, because then that's a major disruption in that space. If you can't buy that data, then they have to pivot to somewhere else.

E

Whole thing of cutting off the head of the snake.

B

Yeah, absolutely. And because we think about it from the perspective of researchers or even within an organization, you only see the end result of an entire ecosystem of brokering, of tool providers, of money lending, money sourcing. There's just a lot of, of moving parts within an industry. And there's kind of like core services that enable a lot of this stuff. So what you're saying, identity brokers is a perfect example, like identity and initial access brokers, they're the ones that are sort of facilitating a lot of other crime. They're the ones that are unlocking and opening the doors for people to go in and out. But they're kind of like the bouncers are standing there saying, yes, you can come in, you can come in. They're kind of controlling all of that. And I think that kind of finding those individuals or those people, people on the flip side of it, like, if we're thinking like identity access, but another great example would be sort of like traffic distributors. So they're also kind of saying, like, yes, you can go here, you can go here. I'm allowing you to pass through, through this way, you know, or, you know, they're they're kind of like the crossing guards of web activity and. And like cyber criminal threats that are using their. Their traffic and they're. They're allowing all of this badness to sort of be moved through. And if you kind of chop off the people that are sort of providing that access, it makes it a lot harder for threat actors that are using those platforms or relying on those individuals because. To do their crimes, because they have to kind of facilitate that themselves.

C

Right.

D

I love the comparison to a bouncer. I think that that's. That's gonna be. That's gonna be the next operation name, Operation Bouncer, you know, for when we go after identity access brokers. Right, yeah, great analogy.

E

How much is it true, Keith, that, you know, it makes more sense from law enforcement's point of view to go after the kingpins rather than the, you know, the street dealers?

D

Right, yeah, absolutely. I mean, at the end of the day, you want to cut off the head, right? And because, you know, if the head's cut off, then the body dies, or at least it's impacted, you know, with these organizations. So, you know, but then that's like. The funny thing is, on the underground, you know, once that attention's there, then the guys are like, ah, I think I just want to lay in the background, but. But hopefully it's too late by then.

E

Can I invoke the. That which must not be named, which is crypto. Like, it seems to me like it is the. It's the fuel, the ability to sling money around independently of all of the fiat systems of all the nations of the world. Without that, this would be a lot harder.

B

Yeah, 100%. I gave a talk at a sleuthcon a couple of years ago, and it was sort of like talking about the timeline of cybercrime in, you know, 2013, 2014, whenever Bitcoin was invented, I had, in parentheses, huge mistake. It's like, right, because, I mean, yeah, you have all of this. This money just moving around, but the thing is, too, is, like, it's traceable. And so if you're. If. And that's, I think, what criminals are, you know, learning or might not be aware of and will learn the hard way, is that, you know, they can. That activity can be observed on chain. And if you're working and collaborating with, you know, good platforms who do know your customer, who are, you know, tracking and monitoring that, it can be very, very fruitful. And being able to sort of follow the money, so to speak, is hugely important in a lot of these resources. But yeah, unfortunately there are less ethical platforms for pretend money that are out there and certainly enable, if not underwrite, a lot of what's going on.

E

Where do you suppose we're headed here? I mean, you know, every now and then you hear somebody say we need to just totally rethink identity. We need to get rid of usernames and passwords and come up with some what's next. That to me seems unrealistic at this point. But at the same time, we can't go on like this forever. Or can we?

D

In the near term, we just have to take some basic precautions. You know, we, we need to make sure that, that our tokens expire, that we don't have indefinite sessions that are out there, that the threat actors could just, you know, hijack that cookie, paste it into their browser and, you know, become you. So, I mean, I think we need to do that. You know, there's other, some things that, that Microsoft has pushed out to really kind of have token protection in Microsoft 365 that will kind of prevent the replaying of stolen sessions and then, you know, looking at token binding as well. Because I think, you know, we talk a lot about the passwords and all that, but I just, I think that the token stealing is really just the, you know, the secret sauce out there and you know, because everybody's talking about passwords and a lot of MFA does work, but it's not going to prevent against the token stealing.

B

Yeah. And I think moving towards fido. Right. The more physical key token authentication. I know that there's also some push into. I made a joke about blood earlier, but you already have face identification, fingerprint identification, which opens up a whole can of privacy and potential what happens if that data gets leaked? Scenarios, of course. But I do think that fundamentally there's no escaping the fact that our identities are tied to who we are and we will continue using services, we will continue using computers requiring them for our work. And it's not that, you know, identity is, is ever going to go away. And it makes sense why threat actors are targeting identity because it is something that every single organization has and is fundamental to their business, because people are fundamental to their business. And it's going to be a matter of how do we implement the principles of least privilege, enable proper conditional access policies where we can provide physical tokens and make sure that we're monitoring and observing that attack path and understanding and baselining the activity within an environment so we can observe deviations from known behavior when someone's identity is potentially compromised. But I think more than anything it's the awareness piece for organizations to be like this is something that is very high priority for us, that we should be paying attention to and even within the researcher community, understanding that look like identity isn't like just something that you can sort of shrug off or whatever. But these are critical pieces to the cybercriminal, to the hacking ecosystem and we should be paying a lot of attention to it to see how these threat actors work together, what some of these worst case scenario compromises can be and how can we sort of collaborate to both take them down, but also help to work to make sure organizations are protected as well as they can be to what the reality of the threat landscape is right now. We will be right back after this quick break. Well, I don't know if we have fully figured out who we are on this episode. We did not have any philosophical moments of recognition.

D

Next time, next time, who am I?

B

Why are we the way we are? Is still the question that we will never be able to answer. But this was a lot of fun. I have honestly identity is just been something that I've thought about for so long and I'm so glad that we were able to come together and talk about it. Hear from Keith about the Dark Web, what stuff that you're seeing and stuff like that. And Dave, thank you so much for chatting to us, bringing that perspective from like what you're hearing from CISOs and what you're seeing in the landscape as well. So this is a really fun conversation. And yeah, if any listeners have any stories of identity, how has identity impacted you or your organization? Feel free to hit us up on LinkedIn, reply to our videos we'd love to hear and thank you so much. And until next time, we'll see you then.

A

And that's only Malware in the building. Brought to you by N2K CyberWire. In a digital world where malware lurks in the shadows, we bring you the stories and strategies to stay one step ahead of the game. As your trusty digital sleuths, we're unraveling the mysteries of cybersecurity, always keeping the bad guys one step, step behind. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you ahead in the ever evolving world of cybersecurity.

B

If you like the show, please share

A

a rating and review in your favorite podcast app. This episode was produced by Liz Stokes, mixing and sound design by Trey Hester with original music by Elliot Peltzman, our executive producer is Jennifer Iban. Peter Kilby is our producer publisher.

G

Thank you. To ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. For sponsoring only malware in the building, visit threatlocker. Com.