Summary

Summary of Risky Business #779 – DOGE Staffer Linked to The Comm

Risky Business Episode #779, released on February 12, 2025, is hosted by Patrick Gray alongside Adam Boileau. The episode delves into the latest happenings in the information security landscape, providing insightful analyses of recent news, discussions on advanced threat reports, and an engaging interview with Edward Wu from DropZone AI. Below is a detailed summary capturing all key points, discussions, insights, and conclusions from the episode.

1. Corrections and Clarifications

Timestamp: 00:00 – 02:34

Patrick Gray begins the episode by addressing corrections from the previous week. He clarifies a misconception about malware performing Optical Character Recognition (OCR) on photo reels to extract Bitcoin seed phrases. Initially, he believed the process was highly complex, but feedback revealed that the limited dictionary used for these phrases makes the attack notably easier.

Patrick Gray: "So my bad on that."

He also touches on a discussion with an Australian journalist regarding the sanctions imposed on Terragram, expressing skepticism about the true motives behind these actions.

2. Doge News: Linking a Staffer to The Comm

Timestamp: 02:34 – 05:21

The hosts dive into the central topic: Brian Krebs' detailed report linking a Doge staffer to The Comm. Adam Boileau emphasizes the severity of the situation, highlighting how individuals from The Comm, including those from NeuroLink (Musk’s AI startup), are infiltrating US government roles.

Adam Boileau: "It's just bad all around... it's just a mess." ([03:00])

Patrick Gray adds to the concern by noting the presence of extremist content tied to these individuals, specifically Nazi affiliations, which tarnishes Elon Musk's reputation despite his non-involvement with such ideologies.

Patrick Gray: "He's just misunderstood." ([03:47])

They debate whether the sanctions against Terragram are genuine security measures or political maneuvers by the government, leaving the true intent unclear.

3. Malware Exploit in Trimble City Works Software

Timestamp: 07:04 – 08:08

Patrick Gray and Adam discuss a recent cybersecurity issue reported by John Greig over at The Record. A bug in Trimble City Works, software used by municipalities to manage critical infrastructure, is being exploited by attackers.

Patrick Gray: "They are exploiting this bug and that's not good." ([07:04])

Adam speculates the vulnerability might be a .NET deserialization bug, allowing remote code execution (RCE), potentially granting attackers significant control over affected systems.

4. DeepSEQ App Security Concerns

Timestamp: 08:00 – 11:24

The conversation shifts to a report from Dan Gooden at Ars about DeepSEQ, an iOS app sending unencrypted data to ByteDance-controlled servers. Patrick Gray criticizes the focus on transit security rather than the more significant issue of data destination security.

Patrick Gray: "People are kind of losing the forest for the trees..." ([08:46])

Adam Boileau concurs, highlighting that the real threat lies in using Chinese AI applications where data could be misused at the destination regardless of encryption during transit.

Adam Boileau: "You can't use a Chinese AI app if you don't trust China." ([09:34])

They conclude that the concern extends beyond technical vulnerabilities to broader geopolitical implications.

5. Paragon Spyware and Italy’s Scandal

Timestamp: 11:24 – 16:11

The hosts examine the misuse of Paragon spyware in Italy, leading to the country being blacklisted by the company for violating its terms of service. This action likely stems from Paragon's acquisition by a US private equity firm and increased scrutiny following actions against NSO Group.

Patrick Gray: "It's turning into a bit of a political scandal in Italy as well..." ([14:33])

Adam Boileau discusses the ethical dilemmas spyware companies face when selling to governments, especially when misuse leads to human rights abuses.

6. Apple’s Security Patch and iOS Exploits

Timestamp: 16:11 – 17:56

Patrick Gray and Adam address Apple's recent security patch that fixed a sophisticated flaw allowing attackers to bypass USB authentication on iOS devices. This vulnerability posed significant risks, akin to the exploits used by companies like Cellebrite.

Adam Boileau: "Companies like Cellebrite won’t have coverage for modern iOS for a period of time at least." ([17:46])

They note the increasing difficulty for exploit developers to keep up with Apple's stringent security measures, leading to potential delays in exploit availability.

7. US Sanctions on Russian Hosting and Thailand’s Crackdown on Scam Hubs

Timestamp: 17:56 – 22:00

The discussion moves to US sanctions targeting a Russian-based bulletproof hosting company, emphasizing the positive impact of such actions on cybersecurity. They then highlight Thailand's aggressive measures to dismantle scam hubs by cutting power, fuel, and internet access to these operations.

Patrick Gray: "It looks like that's what's happening now." ([18:53])

Adam Boileau appreciates Thailand's decisive actions but raises concerns about potential collateral damage affecting nearby communities.

8. Tigran Gambaran’s Detention in Nigeria

Timestamp: 22:00 – 26:21

A compelling story is shared about Tigran Gambaran, a former Binance employee detained in Nigeria. Accused of mismanaging the economy, Gambaran faced a potential 20-year sentence. The hosts explore the broader implications for cybersecurity professionals caught in geopolitical conflicts.

Adam Boileau: "How badly it can go." ([25:26])

They underscore the risks associated with operating in volatile regions and the importance of understanding local legal landscapes.

9. Cyber CX's DFIR Threat Report Analysis

Timestamp: 26:21 – 43:25

A significant portion of the episode is dedicated to analyzing the latest DFIR (Digital Forensics and Incident Response) report from Cyber CX, a leading Australian cybersecurity consultancy. Key findings and discussions include:

a. MFA Effectiveness

Key Finding: Non-phishing resistant MFA offers minimal protection against business email compromise.
- Patrick Gray: "If you're not using some sort of WebAuthn... it's rubbish." ([28:01])

b. Conditional Access Policies

Key Finding: Attackers can bypass geo-restrictions using VPNs, rendering such policies ineffective.
- Patrick Gray: "Because those kinds of controls are not effective against an attacker that's motivated..." ([28:26])

c. Dwell Time in Espionage Incidents

Key Finding: Espionage-related breaches remain undetected for an average of 400 days.
- Adam Boileau: "In some cases, three years of dwell time." ([29:28])

d. EDR Misconfigurations

Key Finding: Despite increased EDR (Endpoint Detection and Response) adoption, misconfigurations often hinder their effectiveness.
- Patrick Gray: "Without the monitoring piece and good monitoring, it doesn't really get you as far as people realize." ([30:42])

The hosts emphasize the importance of proper EDR configuration and continuous monitoring to enhance security postures.

10. Sponsorship and Interview with Edward Wu from DropZone AI

Timestamp: 43:25 – 58:01

The episode features a sponsorship segment highlighting DropZone AI, an innovative tool designed to automate Tier One SOC (Security Operations Center) analyst tasks using AI. Patrick Gray interviews Edward Wu, one of the co-founders, discussing the concept of "model coachability."

a. Model Coachability

Edward explains how DropZone AI allows users to influence the AI's behavior to align with organizational policies and practices.

Edward Wu: "We added capabilities that allows the users of our AI SOC analyst to influence the activity, the technique and the behavior of our AI system." ([46:00])

Patrick shares his experience setting up security tools for a new team member, highlighting practical applications of DropZone AI in enhancing security operations without increasing budgets or headcounts.

Patrick Gray: "It's shifting that whole protection left, right, which is you can't even execute it. You're not relying on a tool to detect something after it's gone. You know, you're stopping it from happening in the first place." ([31:59])

Edward further elaborates on how DropZone AI integrates with existing SIEM systems to autonomously handle alert investigations, allowing human analysts to focus on higher-value tasks.

11. Conclusion

Timestamp: 58:01 – End

Patrick Gray wraps up the episode by summarizing the key insights from the Cyber CX report and reiterating the importance of advanced tools like DropZone AI in modern cybersecurity operations. He thanks Adam Boileau and Edward Wu for their contributions and encourages listeners to stay tuned for future episodes.

Patrick Gray: "That was Adam Boileau... Congratulations to Cyber CX on their comprehensive threat report." ([43:25])

Notable Quotes

Adam Boileau: "It's just a mess." ([03:00])
Patrick Gray: "He's just misunderstood." ([03:47])
Patrick Gray: "If you're not using some sort of WebAuthn... it's rubbish." ([28:01])
Adam Boileau: "It's getting harder now." ([17:46])
Edward Wu: "We transform an AI agent from somebody who is very kind of smart but quite stubborn to somebody who is smart but can actually listen to additional instructions." ([46:00])

Key Takeaways

Security Practices: Emphasizes the critical need for phishing-resistant MFA and proper EDR configurations to mitigate advanced threats.
Geopolitical Impacts: Highlights how international sanctions and governmental actions significantly influence cybersecurity landscapes.
AI in Security: Showcases the rising importance of AI-driven tools like DropZone AI in automating routine security tasks, allowing professionals to focus on more strategic initiatives.
Threat Persistence: Underlines the alarming dwell times in espionage-related incidents, signaling the need for enhanced detection and response mechanisms.

Final Thoughts

Episode #779 of Risky Business offers a comprehensive overview of current cybersecurity challenges and advancements. From dissecting intricate threat reports to exploring the integration of AI in security operations, Patrick Gray and Adam Boileau provide valuable insights for information security professionals. The episode underscores the evolving nature of cyber threats and the essential role of innovative solutions in combating them.

Listen to the full episode here.

Summary

Summary of Risky Business #779 – DOGE Staffer Linked to The Comm

1. Corrections and Clarifications

Timestamp: 00:00 – 02:34

Patrick Gray: "So my bad on that."

He also touches on a discussion with an Australian journalist regarding the sanctions imposed on Terragram, expressing skepticism about the true motives behind these actions.

2. Doge News: Linking a Staffer to The Comm

Timestamp: 02:34 – 05:21

Adam Boileau: "It's just bad all around... it's just a mess." ([03:00])

Patrick Gray: "He's just misunderstood." ([03:47])

They debate whether the sanctions against Terragram are genuine security measures or political maneuvers by the government, leaving the true intent unclear.

3. Malware Exploit in Trimble City Works Software

Timestamp: 07:04 – 08:08

Patrick Gray: "They are exploiting this bug and that's not good." ([07:04])

Adam speculates the vulnerability might be a .NET deserialization bug, allowing remote code execution (RCE), potentially granting attackers significant control over affected systems.

4. DeepSEQ App Security Concerns

Timestamp: 08:00 – 11:24

Patrick Gray: "People are kind of losing the forest for the trees..." ([08:46])

Adam Boileau concurs, highlighting that the real threat lies in using Chinese AI applications where data could be misused at the destination regardless of encryption during transit.

Adam Boileau: "You can't use a Chinese AI app if you don't trust China." ([09:34])

They conclude that the concern extends beyond technical vulnerabilities to broader geopolitical implications.

5. Paragon Spyware and Italy’s Scandal

Timestamp: 11:24 – 16:11

Patrick Gray: "It's turning into a bit of a political scandal in Italy as well..." ([14:33])

Adam Boileau discusses the ethical dilemmas spyware companies face when selling to governments, especially when misuse leads to human rights abuses.

6. Apple’s Security Patch and iOS Exploits

Timestamp: 16:11 – 17:56

Adam Boileau: "Companies like Cellebrite won’t have coverage for modern iOS for a period of time at least." ([17:46])

They note the increasing difficulty for exploit developers to keep up with Apple's stringent security measures, leading to potential delays in exploit availability.

7. US Sanctions on Russian Hosting and Thailand’s Crackdown on Scam Hubs

Timestamp: 17:56 – 22:00

Patrick Gray: "It looks like that's what's happening now." ([18:53])

Adam Boileau appreciates Thailand's decisive actions but raises concerns about potential collateral damage affecting nearby communities.

8. Tigran Gambaran’s Detention in Nigeria

Timestamp: 22:00 – 26:21

Adam Boileau: "How badly it can go." ([25:26])

They underscore the risks associated with operating in volatile regions and the importance of understanding local legal landscapes.

9. Cyber CX's DFIR Threat Report Analysis

Timestamp: 26:21 – 43:25

a. MFA Effectiveness

Key Finding: Non-phishing resistant MFA offers minimal protection against business email compromise.
- Patrick Gray: "If you're not using some sort of WebAuthn... it's rubbish." ([28:01])

b. Conditional Access Policies

Key Finding: Attackers can bypass geo-restrictions using VPNs, rendering such policies ineffective.
- Patrick Gray: "Because those kinds of controls are not effective against an attacker that's motivated..." ([28:26])

c. Dwell Time in Espionage Incidents

Key Finding: Espionage-related breaches remain undetected for an average of 400 days.
- Adam Boileau: "In some cases, three years of dwell time." ([29:28])

d. EDR Misconfigurations

Key Finding: Despite increased EDR (Endpoint Detection and Response) adoption, misconfigurations often hinder their effectiveness.
- Patrick Gray: "Without the monitoring piece and good monitoring, it doesn't really get you as far as people realize." ([30:42])

The hosts emphasize the importance of proper EDR configuration and continuous monitoring to enhance security postures.

10. Sponsorship and Interview with Edward Wu from DropZone AI

Timestamp: 43:25 – 58:01

a. Model Coachability

Edward explains how DropZone AI allows users to influence the AI's behavior to align with organizational policies and practices.

Edward Wu: "We added capabilities that allows the users of our AI SOC analyst to influence the activity, the technique and the behavior of our AI system." ([46:00])

Patrick Gray: "It's shifting that whole protection left, right, which is you can't even execute it. You're not relying on a tool to detect something after it's gone. You know, you're stopping it from happening in the first place." ([31:59])

Edward further elaborates on how DropZone AI integrates with existing SIEM systems to autonomously handle alert investigations, allowing human analysts to focus on higher-value tasks.

11. Conclusion

Timestamp: 58:01 – End

Patrick Gray: "That was Adam Boileau... Congratulations to Cyber CX on their comprehensive threat report." ([43:25])

Notable Quotes

Adam Boileau: "It's just a mess." ([03:00])
Patrick Gray: "He's just misunderstood." ([03:47])
Patrick Gray: "If you're not using some sort of WebAuthn... it's rubbish." ([28:01])
Adam Boileau: "It's getting harder now." ([17:46])
Edward Wu: "We transform an AI agent from somebody who is very kind of smart but quite stubborn to somebody who is smart but can actually listen to additional instructions." ([46:00])

Key Takeaways

Security Practices: Emphasizes the critical need for phishing-resistant MFA and proper EDR configurations to mitigate advanced threats.
Geopolitical Impacts: Highlights how international sanctions and governmental actions significantly influence cybersecurity landscapes.
AI in Security: Showcases the rising importance of AI-driven tools like DropZone AI in automating routine security tasks, allowing professionals to focus on more strategic initiatives.
Threat Persistence: Underlines the alarming dwell times in espionage-related incidents, signaling the need for enhanced detection and response mechanisms.

Final Thoughts

Listen to the full episode here.

Risky Business #779 -- DOGE staffer linked to The Com

Powered by Wave AI

Summary

1. Corrections and Clarifications

2. Doge News: Linking a Staffer to The Comm

3. Malware Exploit in Trimble City Works Software

4. DeepSEQ App Security Concerns

5. Paragon Spyware and Italy’s Scandal

6. Apple’s Security Patch and iOS Exploits

7. US Sanctions on Russian Hosting and Thailand’s Crackdown on Scam Hubs

8. Tigran Gambaran’s Detention in Nigeria

9. Cyber CX's DFIR Threat Report Analysis

a. MFA Effectiveness

b. Conditional Access Policies

c. Dwell Time in Espionage Incidents

d. EDR Misconfigurations

10. Sponsorship and Interview with Edward Wu from DropZone AI

a. Model Coachability

11. Conclusion

Notable Quotes

Key Takeaways

Final Thoughts

Summary

1. Corrections and Clarifications

2. Doge News: Linking a Staffer to The Comm

3. Malware Exploit in Trimble City Works Software

4. DeepSEQ App Security Concerns

5. Paragon Spyware and Italy’s Scandal

6. Apple’s Security Patch and iOS Exploits

7. US Sanctions on Russian Hosting and Thailand’s Crackdown on Scam Hubs

8. Tigran Gambaran’s Detention in Nigeria

9. Cyber CX's DFIR Threat Report Analysis

a. MFA Effectiveness

b. Conditional Access Policies

c. Dwell Time in Espionage Incidents

d. EDR Misconfigurations

10. Sponsorship and Interview with Edward Wu from DropZone AI

a. Model Coachability

11. Conclusion

Notable Quotes

Key Takeaways

Final Thoughts