1
00:00:00,000 --> 00:00:09,920
So who would you be in the crime heist group thinking like the brains or the hacker, like

2
00:00:09,920 --> 00:00:13,240
the guy in the chair, you know, the driver?

3
00:00:13,240 --> 00:00:18,040
Who do you think you would be?

4
00:00:18,040 --> 00:00:20,880
I'd be the buzzkill pointing out why it's not going to work.

5
00:00:20,880 --> 00:00:23,880
Is that a time?

6
00:00:23,880 --> 00:00:25,560
So you were like we could all get caught, right?

7
00:00:25,560 --> 00:00:27,920
So you realize it's going to happen.

8
00:00:27,920 --> 00:00:32,080
So you're the planner, you're the contingency planner.

9
00:00:32,080 --> 00:00:39,600
Yeah, it would be terrible at the con artist because I don't lie well ever.

10
00:00:39,600 --> 00:00:43,800
Not even trying to.

11
00:00:43,800 --> 00:00:51,160
I was trying to think of anyone of clever being clever and maybe it's the mastermind

12
00:00:51,160 --> 00:00:55,720
or brains but like the con artist.

13
00:00:55,720 --> 00:01:02,840
I was like, I think I think Anna would be great at being the brains because she loves

14
00:01:02,840 --> 00:01:07,360
trivia so she knows all this just random info.

15
00:01:07,360 --> 00:01:10,160
So I think that would be great for her.

16
00:01:10,160 --> 00:01:12,800
I think I'd probably be the hacker or the driver.

17
00:01:12,800 --> 00:01:20,240
You know, the obviously cyber security here love that hacking, you know, computer side

18
00:01:20,240 --> 00:01:22,520
of things but I also love cars.

19
00:01:22,520 --> 00:01:29,920
And then also what's the movie, the Italian job where they got the loaded up mini coopers.

20
00:01:29,920 --> 00:01:33,000
That one was always a phenomenal movie to me as a kid.

21
00:01:33,000 --> 00:01:37,840
So loved that part of it.

22
00:01:37,840 --> 00:01:41,320
What about you Tara?

23
00:01:41,320 --> 00:01:47,000
My gosh, I kind of wanted to do like all of them but I was just thinking like I would

24
00:01:47,000 --> 00:01:51,840
like to be the planner like I would have our plan and then task be like, all right now

25
00:01:51,840 --> 00:01:56,000
you guys are going to go here and do this and once you've completed that I need you

26
00:01:56,000 --> 00:01:57,760
to like go to the next step.

27
00:01:57,760 --> 00:02:02,280
So I would just make sure that there's the execution following like we're going to get

28
00:02:02,280 --> 00:02:04,320
this and we're going to make it happen.

29
00:02:04,320 --> 00:02:09,080
So between you and Matthew, we're going to actually make a successful heist somewhere.

30
00:02:09,080 --> 00:02:10,080
Yes.

31
00:02:10,080 --> 00:02:12,280
Challenge accepted.

32
00:02:12,280 --> 00:02:16,040
I'm going to add another one which I don't think is on our list of archetypes but I'm

33
00:02:16,040 --> 00:02:21,320
also the one who referenced so many other heists as it happening that we all think there's

34
00:02:21,320 --> 00:02:24,080
twists coming.

35
00:02:24,080 --> 00:02:27,480
Like some random person is walking down the stairs and we're just like, isn't that your

36
00:02:27,480 --> 00:02:31,320
partner like in Ocean's Eleven and they're like, no that's a stranger.

37
00:02:31,320 --> 00:02:32,320
Stop.

38
00:02:32,320 --> 00:02:33,320
Stop.

39
00:02:33,320 --> 00:02:34,320
Oh man.

40
00:02:34,320 --> 00:02:35,320
Oh my God, yes.

41
00:02:35,320 --> 00:02:36,320
That's great.

42
00:02:36,320 --> 00:02:37,320
How about you Ariel?

43
00:02:37,320 --> 00:02:44,520
Just the wrench of the work.

44
00:02:44,520 --> 00:02:49,920
I think out of our list that just leaves the muscle.

45
00:02:49,920 --> 00:02:51,480
I wasn't going to comment.

46
00:02:51,480 --> 00:02:52,480
That's why I am.

47
00:02:52,480 --> 00:02:53,480
Oh yeah.

48
00:02:53,480 --> 00:02:58,000
It's a good thing this is an audio podcast for most people because yeah, there's no muscle

49
00:02:58,000 --> 00:03:00,000
here to be a wowed by.

50
00:03:00,000 --> 00:03:04,480
I like the smallest one out of all.

51
00:03:04,480 --> 00:03:09,640
Yes, you're petite.

52
00:03:09,640 --> 00:03:10,640
But I got us.

53
00:03:10,640 --> 00:03:11,640
I got us covered.

54
00:03:11,640 --> 00:03:13,440
Don't worry about it.

55
00:03:13,440 --> 00:03:14,440
Our group will succeed.

56
00:03:14,440 --> 00:03:20,200
The mom looked down to like steer people into submission so I think that could be where

57
00:03:20,200 --> 00:03:21,200
something.

58
00:03:21,200 --> 00:03:23,600
I love it.

59
00:03:23,600 --> 00:03:28,960
We got all of our bases covered and then Matthew who's following us around throwing

60
00:03:28,960 --> 00:03:30,440
wrenches in the work.

61
00:03:30,440 --> 00:03:31,440
Yeah.

62
00:03:31,440 --> 00:03:33,200
Bucket of cold water on everything.

63
00:03:33,200 --> 00:03:34,440
Here's why that won't work.

64
00:03:34,440 --> 00:03:37,120
Also reference to thing no one else has seen.

65
00:03:37,120 --> 00:03:38,120
Perfect.

66
00:03:38,120 --> 00:03:39,120
I love it.

67
00:03:39,120 --> 00:03:40,120
That's great.

68
00:03:40,120 --> 00:03:41,120
That's great.

69
00:03:41,120 --> 00:03:44,800
I mean, no heist is complete.

70
00:03:44,800 --> 00:03:50,120
We've got Nate our hacker, which is fitting because today we're talking about cybercrime.

71
00:03:50,120 --> 00:03:56,560
Tara and I are joined by Nate our director of cybersecurity and our quality assurance

72
00:03:56,560 --> 00:04:02,360
analyst and GRC specialist and Matthew R. V. C. So.

73
00:04:02,360 --> 00:04:06,600
And just to kind of open it up, I don't know if we want to start with when we're talking

74
00:04:06,600 --> 00:04:13,320
about cybercrime, what are we talking about, maybe some terms just to kind of level set

75
00:04:13,320 --> 00:04:17,560
for our audience on what we're talking about.

76
00:04:17,560 --> 00:04:19,400
Definitely.

77
00:04:19,400 --> 00:04:23,120
We've done a couple of podcasts now on certain things like this.

78
00:04:23,120 --> 00:04:26,080
If you haven't, definitely go back and listen to them.

79
00:04:26,080 --> 00:04:31,680
So we've done a podcast on the IC three report from this year.

80
00:04:31,680 --> 00:04:36,960
We've done a couple others as well, including the Verizon yearly report and there's kind

81
00:04:36,960 --> 00:04:38,600
of break down what those crimes are.

82
00:04:38,600 --> 00:04:41,120
We go into a lot of detail of what those numbers are.

83
00:04:41,120 --> 00:04:46,120
But in short, cybercrime relates to anything or any type of crime that impacts a business

84
00:04:46,120 --> 00:04:53,840
or individual that is done using computers or telecommunications of any kind.

85
00:04:53,840 --> 00:04:57,920
That is a very broad scope and it does mean things move into and out of cybercrime.

86
00:04:57,920 --> 00:05:03,680
It's a big problem at the moment with defining what is and isn't a cybercrime.

87
00:05:03,680 --> 00:05:05,680
But that's because there's a lot of scope to it.

88
00:05:05,680 --> 00:05:08,680
There's a lot of things where people can get pulled into something that previously wasn't.

89
00:05:08,680 --> 00:05:14,280
Suddenly it is now it's a different, you know, organization that gets involved.

90
00:05:14,280 --> 00:05:20,240
The majority of it comes down to ransomware on the business side.

91
00:05:20,240 --> 00:05:21,880
Scams very big one as well.

92
00:05:21,880 --> 00:05:24,920
People just trying to get money rather than getting anything else.

93
00:05:24,920 --> 00:05:30,840
The gamut of real crimes, but just computers are involved.

94
00:05:30,840 --> 00:05:36,760
Yeah, there's, we could probably break it down a couple different ways, right?

95
00:05:36,760 --> 00:05:41,120
And this is where some of the nuances will come in about, you know, what's the full scope

96
00:05:41,120 --> 00:05:43,120
that you want to really focus on.

97
00:05:43,120 --> 00:05:44,440
We could go deep either way.

98
00:05:44,440 --> 00:05:49,040
But in terms of the business side of things, you know, Matthew had mentioned, you know,

99
00:05:49,040 --> 00:05:54,640
the ransomware is the, you know, some of the social engineering, which is essentially

100
00:05:54,640 --> 00:06:00,880
trying to exploit human behavior in order to gain access to systems, information, something

101
00:06:00,880 --> 00:06:02,040
along those lines, right?

102
00:06:02,040 --> 00:06:09,280
That could be phishing emails, calling in and having someone illicitly provide that info,

103
00:06:09,280 --> 00:06:10,960
you know, vocally there.

104
00:06:10,960 --> 00:06:16,800
Otherwise, there is data theft, right?

105
00:06:16,800 --> 00:06:21,280
So insider threats, that could be something where you have a disgruntled employee who

106
00:06:21,280 --> 00:06:24,640
is intentionally taking data.

107
00:06:24,640 --> 00:06:28,680
So that's just a very, very high level of the business side.

108
00:06:28,680 --> 00:06:34,480
You could even take that to just personal cyber, or, you know, in general cybercrime.

109
00:06:34,480 --> 00:06:35,680
There's a whole bunch of stuff out there.

110
00:06:35,680 --> 00:06:38,160
We can go deep into this in a little bit.

111
00:06:38,160 --> 00:06:47,080
But really, there is always some type of motivating factor behind the intent to commit this type

112
00:06:47,080 --> 00:06:48,080
of cybercrime.

113
00:06:48,080 --> 00:06:53,800
I guess I can maybe I quick mention just a few of them, and then maybe we go deeper.

114
00:06:53,800 --> 00:06:57,720
I'd like to mention one thing quickly, just kind of building on from that.

115
00:06:57,720 --> 00:07:00,840
There's one other thing that we talk about when we're differentiating, and that's internal

116
00:07:00,840 --> 00:07:02,880
versus external crime.

117
00:07:02,880 --> 00:07:08,440
So external crime is when the initiator is external to the organization.

118
00:07:08,440 --> 00:07:13,240
This is really a business side of things, but someone who's not a part of the organization.

119
00:07:13,240 --> 00:07:18,760
Internal is when it's someone who actively works for the organization, and generally,

120
00:07:18,760 --> 00:07:22,960
if we're talking about internal, we're talking about someone who is acting maliciously.

121
00:07:22,960 --> 00:07:29,240
So someone falling for a phishing scam is not an internal crime because they aren't meaning

122
00:07:29,240 --> 00:07:30,240
to.

123
00:07:30,240 --> 00:07:32,520
They were tricked by an external actor.

124
00:07:32,520 --> 00:07:33,680
There's a little confusion around that.

125
00:07:33,680 --> 00:07:36,480
So I'd just like to clarify that first.

126
00:07:36,480 --> 00:07:40,960
Internal when we mention it is someone who is actively choosing to cause harm to an organization

127
00:07:40,960 --> 00:07:41,960
internally.

128
00:07:41,960 --> 00:07:44,800
That may have the appropriate access.

129
00:07:44,800 --> 00:07:47,680
It applies to say your family environment as well.

130
00:07:47,680 --> 00:07:48,680
Exactly.

131
00:07:48,680 --> 00:07:49,680
Yeah.

132
00:07:49,680 --> 00:07:56,320
The quick breakdown, and this is mentioned in the IEEC report, is that that's about four

133
00:07:56,320 --> 00:07:58,200
out of five threats.

134
00:07:58,200 --> 00:08:03,120
And this is across all industries for business are external.

135
00:08:03,120 --> 00:08:08,280
We're looking at averaging out across all businesses about 80%, right?

136
00:08:08,280 --> 00:08:11,000
Are external actors rather than internal?

137
00:08:11,000 --> 00:08:14,520
So external is far more common.

138
00:08:14,520 --> 00:08:17,520
Just want to mention that again, because I know insider threat can be a little scarier

139
00:08:17,520 --> 00:08:18,720
sometimes.

140
00:08:18,720 --> 00:08:23,200
But basically four out of five are external from that business perspective.

141
00:08:23,200 --> 00:08:25,560
Sorry, back to you, Nate.

142
00:08:25,560 --> 00:08:26,560
Yeah.

143
00:08:26,560 --> 00:08:29,080
No, you're good.

144
00:08:29,080 --> 00:08:36,320
Before we go deep into some of the actual cybercrime and the activities there, one of the things

145
00:08:36,320 --> 00:08:39,040
I just wanted to mention is, why does it even happen?

146
00:08:39,040 --> 00:08:43,200
And I started touching on this a little bit is there's different reasons why someone may

147
00:08:43,200 --> 00:08:46,400
be motivated to do this.

148
00:08:46,400 --> 00:08:51,120
Financial motivation is by far the number one.

149
00:08:51,120 --> 00:08:55,040
If you go take a look at the Verizon report that recently came out, it accounts for about

150
00:08:55,040 --> 00:08:59,840
94% of all data breaches.

151
00:08:59,840 --> 00:09:02,960
Is there some type of financial motivation to it?

152
00:09:02,960 --> 00:09:08,920
Whether or not it's trying to process wire transfers, ransomware, stuff like that.

153
00:09:08,920 --> 00:09:15,240
Extortion, so maybe there's a threat actor group called Carecurt.

154
00:09:15,240 --> 00:09:17,240
They typically don't even ransom files.

155
00:09:17,240 --> 00:09:22,400
They just take them and say, I have your files, give me X amount of money, and then I will

156
00:09:22,400 --> 00:09:23,400
just delete them.

157
00:09:23,400 --> 00:09:29,840
They don't cause actual impact to the organization other than everything you have to deal with

158
00:09:29,840 --> 00:09:32,440
due to data loss.

159
00:09:32,440 --> 00:09:34,120
Another one is just grudges.

160
00:09:34,120 --> 00:09:37,560
So this could be, again, disgruntled employee.

161
00:09:37,560 --> 00:09:43,560
Maybe someone worked there, got fired, now they're upset, that kind of stuff.

162
00:09:43,560 --> 00:09:45,920
Espionage is another big one.

163
00:09:45,920 --> 00:09:55,680
It's not as common, but it does especially happen at the government or the critical infrastructure

164
00:09:55,680 --> 00:10:00,800
side of things, your oil, your gas, your electricity, people trying to gain additional

165
00:10:00,800 --> 00:10:09,400
info to use for later exploitation or just information gathering for other nation states.

166
00:10:09,400 --> 00:10:13,680
So those are state sponsored from other nations there.

167
00:10:13,680 --> 00:10:17,640
That aligns with corporate espionage too.

168
00:10:17,640 --> 00:10:26,480
We're stealing from a corporation on their intellectual property to exploit and sell

169
00:10:26,480 --> 00:10:29,280
when it's not yours in the first place.

170
00:10:29,280 --> 00:10:34,080
But for the monetary gain or notoriety gain.

171
00:10:34,080 --> 00:10:37,160
This is kind of a pivot, but the corporate espionage side of things is definitely one

172
00:10:37,160 --> 00:10:42,160
of the things that got me interested in cybersecurity in the first place.

173
00:10:42,160 --> 00:10:45,840
Just people knowing that you're releasing a product and then being able to release their

174
00:10:45,840 --> 00:10:49,840
product first so that they get the buzz from it.

175
00:10:49,840 --> 00:10:55,840
There's so much that goes into what these crimes are and what their purpose is.

176
00:10:55,840 --> 00:11:04,160
But cyber crime doesn't mean crime that results or requires a digital ending.

177
00:11:04,160 --> 00:11:08,200
You're not getting money from the computers that you're stealing or something.

178
00:11:08,200 --> 00:11:14,840
It's about what the process is and what's used to commit the crime.

179
00:11:14,840 --> 00:11:18,800
Three last ones and I'll make it really quick, I promise, is convenience.

180
00:11:18,800 --> 00:11:22,280
You just happen to come across a company that's doing something very insecure.

181
00:11:22,280 --> 00:11:24,280
Let's just say it's remote desktop.

182
00:11:24,280 --> 00:11:25,280
That's wide open.

183
00:11:25,280 --> 00:11:27,280
You can't just go to the company to connect to computers.

184
00:11:27,280 --> 00:11:31,960
Oh, I don't happen to just log in just because it's there.

185
00:11:31,960 --> 00:11:33,280
And then go commit crime.

186
00:11:33,280 --> 00:11:34,280
You can't just do that.

187
00:11:34,280 --> 00:11:37,360
That's a felony right there.

188
00:11:37,360 --> 00:11:42,920
Ideology, so this is where we see things like, I'm just going to go pick on WikiLeaks,

189
00:11:42,920 --> 00:11:44,840
for example, right?

190
00:11:44,840 --> 00:11:48,960
There's the ideology that the government is misbehaving.

191
00:11:48,960 --> 00:11:50,280
They want to expose that.

192
00:11:50,280 --> 00:11:53,320
So there's some type of motivation there.

193
00:11:53,320 --> 00:11:55,840
And then sometimes it's just for fun, right?

194
00:11:55,840 --> 00:11:58,840
There's no other intent other than they're just curious.

195
00:11:58,840 --> 00:12:05,120
So one of the ones that come to mind right off the bat is there's a great report out

196
00:12:05,120 --> 00:12:10,680
there about some students who wanted to re-crawl their entire district.

197
00:12:10,680 --> 00:12:12,360
And so all they did was they-

198
00:12:12,360 --> 00:12:13,360
I heard about that.

199
00:12:13,360 --> 00:12:14,360
Yeah.

200
00:12:14,360 --> 00:12:15,360
Minneapolis right now.

201
00:12:15,360 --> 00:12:16,360
Yeah.

202
00:12:16,360 --> 00:12:17,360
It's in the news.

203
00:12:17,360 --> 00:12:18,360
Yeah.

204
00:12:18,360 --> 00:12:22,960
That and this one came out a couple of years ago, I believe now, where these kids got into

205
00:12:22,960 --> 00:12:32,600
the chime system, all the projectors, the video player for the school announcements.

206
00:12:32,600 --> 00:12:34,320
And then they just thought it would be funny.

207
00:12:34,320 --> 00:12:35,520
So they just did that.

208
00:12:35,520 --> 00:12:40,680
And then while they did that, they also wrote up a full pen test report and they came clean

209
00:12:40,680 --> 00:12:42,960
and provided it to the district.

210
00:12:42,960 --> 00:12:47,920
And they weren't punished because they did such a good job documenting their work.

211
00:12:47,920 --> 00:12:52,480
So if you're a school administrator, that's a little disheartening there that you're

212
00:12:52,480 --> 00:12:57,680
students are actually very, very skilled at computers.

213
00:12:57,680 --> 00:13:01,680
And oftentimes students have some of the most time in the world.

214
00:13:01,680 --> 00:13:02,680
Right.

215
00:13:02,680 --> 00:13:05,760
And instead of playing with friends, let me just go hacking.

216
00:13:05,760 --> 00:13:06,760
Hack things, right?

217
00:13:06,760 --> 00:13:09,800
We just saw that with things like Uber, right?

218
00:13:09,800 --> 00:13:15,360
I believe that one was a 14 or 17 year old, but it's still some type of minor, right?

219
00:13:15,360 --> 00:13:16,360
So there's-

220
00:13:16,360 --> 00:13:21,080
Firstly, definitely not recommending kids do that.

221
00:13:21,080 --> 00:13:23,440
They should have voted for it.

222
00:13:23,440 --> 00:13:28,000
Just because that is a crime, it's dangerous to be doing that.

223
00:13:28,000 --> 00:13:32,720
I would agree with your point though about time.

224
00:13:32,720 --> 00:13:37,360
Many of you may have heard about the Lazarus Group.

225
00:13:37,360 --> 00:13:41,240
To my knowledge, and I haven't heard anything recently, there have not been official charges

226
00:13:41,240 --> 00:13:43,280
placed or anyone committed for that.

227
00:13:43,280 --> 00:13:50,160
But the people who were arrested for it were teenagers in the UK.

228
00:13:50,160 --> 00:13:55,440
The person who was apparently the ringleader was 16, right?

229
00:13:55,440 --> 00:14:03,400
This is not someone who, A, maybe fully aware of how bad what they were doing was, right?

230
00:14:03,400 --> 00:14:07,360
But at the same time, they're not doing it for the same type of gains or for the same

231
00:14:07,360 --> 00:14:09,280
reasons that most people are.

232
00:14:09,280 --> 00:14:14,600
Maybe it started out of a boredom or I can't believe this worked type scenario.

233
00:14:14,600 --> 00:14:19,400
We see that a lot when it comes to people finding flaws in environments.

234
00:14:19,400 --> 00:14:24,680
There are a bunch of tools, no I'm not going to name them, that allow you to scan boards

235
00:14:24,680 --> 00:14:27,480
on systems just on the internet.

236
00:14:27,480 --> 00:14:30,040
You can do it pretty much very easily.

237
00:14:30,040 --> 00:14:33,280
And so if you know what you're doing and you have some skills set in that or maybe you're

238
00:14:33,280 --> 00:14:38,320
bored and have a lot of time, finding flaws in systems is possible.

239
00:14:38,320 --> 00:14:43,560
This is why we do vulnerability scanning and external vulnerability testing because that

240
00:14:43,560 --> 00:14:48,560
way we find it before someone else does.

241
00:14:48,560 --> 00:14:51,360
The number one reason is capital gain.

242
00:14:51,360 --> 00:14:52,640
It is money.

243
00:14:52,640 --> 00:14:58,560
And that depending on the industry ranges from 70 to 95, sometimes even 100% of the reason

244
00:14:58,560 --> 00:15:02,040
that these crimes are committed.

245
00:15:02,040 --> 00:15:06,680
But the reason for that is that that is a good motivator.

246
00:15:06,680 --> 00:15:10,280
So when we're talking about what you're seeing and why you're seeing it, most of the time

247
00:15:10,280 --> 00:15:13,480
monetary gain is the reason it's being done.

248
00:15:13,480 --> 00:15:18,240
Whether that's a secondary or tertiary gain rather than the primary gain is secondary in

249
00:15:18,240 --> 00:15:20,880
the case of like espionage, for instance.

250
00:15:20,880 --> 00:15:24,800
But people are looking to get money.

251
00:15:24,800 --> 00:15:32,480
And the amount of money is where things start getting really fun because the organizations

252
00:15:32,480 --> 00:15:39,760
that go for incredibly large scores, considering our highest conversation earlier, are different

253
00:15:39,760 --> 00:15:42,000
to the people who are going for the small numbers.

254
00:15:42,000 --> 00:15:45,960
And that main difference is generally, are they going for individuals or are they going

255
00:15:45,960 --> 00:15:48,360
for businesses?

256
00:15:48,360 --> 00:15:55,720
Couple years ago, I say that was probably pushing five now, many, many iCloud accounts

257
00:15:55,720 --> 00:16:00,240
were hacked and the devices were locked.

258
00:16:00,240 --> 00:16:04,680
From what I remember of this, the cost to get those devices unlocked was only a couple

259
00:16:04,680 --> 00:16:10,720
hundred dollars, definitely less than the cost of a new device at the time.

260
00:16:10,720 --> 00:16:17,480
So they weren't taking tens of thousands of dollars from or hundreds of thousands of

261
00:16:17,480 --> 00:16:21,800
dollars from a couple of businesses, they were getting two or three hundred dollars

262
00:16:21,800 --> 00:16:26,240
from 10,000 people.

263
00:16:26,240 --> 00:16:29,840
And that's kind of, I think, one of the biggest differences we see between the internal and

264
00:16:29,840 --> 00:16:32,440
external attackers here.

265
00:16:32,440 --> 00:16:37,520
It's across the board, there's a real shotgun analogy of we're just trying to hit as much

266
00:16:37,520 --> 00:16:42,440
space as we can and see what sticks and who's going to run back and give us money, which

267
00:16:42,440 --> 00:16:46,920
is why we always recommend not paying a ransom right out the gate, speak to your insurance,

268
00:16:46,920 --> 00:16:51,120
speak to whoever you need to, find out why, if you're being directly targeted, if you

269
00:16:51,120 --> 00:16:55,040
are just the result of someone else being targeted.

270
00:16:55,040 --> 00:16:59,280
There's so much to what's going on and there's so much benefit that these organizations get

271
00:16:59,280 --> 00:17:05,640
from trying to impact as many people as possible, rather than trying to get incredibly large

272
00:17:05,640 --> 00:17:09,600
amounts from one group of people.

273
00:17:09,600 --> 00:17:14,520
I guess two quick thoughts here.

274
00:17:14,520 --> 00:17:19,960
If you have no idea who the Lazarus Group is that Matthew talked about, there's a book

275
00:17:19,960 --> 00:17:26,320
and a podcast called The Lazarus Heist, go read about it, it's phenomenal.

276
00:17:26,320 --> 00:17:29,920
It's one of the core reasons why the United States had to redesign their hundred dollar

277
00:17:29,920 --> 00:17:30,920
bill.

278
00:17:30,920 --> 00:17:33,160
I'll just leave it at that.

279
00:17:33,160 --> 00:17:39,280
Otherwise, in terms of Matthew's comments here about rather than maybe want to lump

280
00:17:39,280 --> 00:17:45,360
some that they're trying to gain, threat actors, they know that and they're trying to adopt

281
00:17:45,360 --> 00:17:52,200
their tactics to elicit different ways of gathering money.

282
00:17:52,200 --> 00:17:58,920
Actually right here on my other screen, I'm looking at a website that is dedicated to

283
00:17:58,920 --> 00:18:06,040
ransomware and this threat group, they will take that data, they'll post it online and

284
00:18:06,040 --> 00:18:10,080
then there's three different ways that they gather revenue.

285
00:18:10,080 --> 00:18:15,360
They will oftentimes with ransomware, they will have a timer saying if you don't pay

286
00:18:15,360 --> 00:18:19,080
within a certain amount of time, we will leak your data.

287
00:18:19,080 --> 00:18:24,200
They have a payment method saying you can extend the timer for another 24 hours for

288
00:18:24,200 --> 00:18:29,640
X amount of money, it might be $10,000, $20,000, something like that.

289
00:18:29,640 --> 00:18:34,400
There's another way that says delete all my data and get rid of it.

290
00:18:34,400 --> 00:18:41,680
This would be like a, for the company that got compromised, you can pay X amount of money.

291
00:18:41,680 --> 00:18:44,800
The one I was just looking at was $5 million.

292
00:18:44,800 --> 00:18:52,640
The other one was same price, $5 million, but anyone can download that data before the

293
00:18:52,640 --> 00:18:54,760
timer is released.

294
00:18:54,760 --> 00:18:59,760
So there's three different avenues that they're trying to take from the same cyber crime,

295
00:18:59,760 --> 00:19:05,960
which just again is showing that these tactics are evolving and oftentimes with ransomware,

296
00:19:05,960 --> 00:19:09,840
I'm not going to go too much deeper, I promise.

297
00:19:09,840 --> 00:19:17,280
To put additional pressure on you, they will actually call your company saying I know that

298
00:19:17,280 --> 00:19:20,880
you got compromised, I am from that threat group.

299
00:19:20,880 --> 00:19:26,160
Call someone to go take a look at the website and start negotiating with us.

300
00:19:26,160 --> 00:19:32,680
And then we've even seen it before where they start calling your customers and trying to

301
00:19:32,680 --> 00:19:37,360
have your customers pressure you to pay that.

302
00:19:37,360 --> 00:19:43,240
So the tactics are changing rapidly on the cyber crime side of things.

303
00:19:43,240 --> 00:19:44,320
I'll stop there.

304
00:19:44,320 --> 00:19:45,320
I can keep going.

305
00:19:45,320 --> 00:19:54,800
I love ransomware, not supporting it or endorsing it, but it's just a very interesting process.

306
00:19:54,800 --> 00:19:56,160
I think it's absolutely fascinating.

307
00:19:56,160 --> 00:19:58,280
I want to make a quick fix there.

308
00:19:58,280 --> 00:19:59,360
I did say Lazarus.

309
00:19:59,360 --> 00:20:08,520
I meant to say Lapsis Group, L-A-P-S-U-S. Lazarus is an absolutely amazing situation that occurred

310
00:20:08,520 --> 00:20:14,320
and definitely those books, the book and podcast are fascinating, which is why I misspoke.

311
00:20:14,320 --> 00:20:16,560
This is the group I was thinking about.

312
00:20:16,560 --> 00:20:23,040
I just want to clarify that because it would get confusing with what I said before for Lazarus.

313
00:20:23,040 --> 00:20:24,960
That did not make sense.

314
00:20:24,960 --> 00:20:30,040
Secondly, one of the things that always blows me away with the ransomware side of things

315
00:20:30,040 --> 00:20:35,200
you were talking about, Nate, is just how good the support of some of those websites

316
00:20:35,200 --> 00:20:36,200
are.

317
00:20:36,200 --> 00:20:41,520
Firstly, the websites look more professional than your average website does in general.

318
00:20:41,520 --> 00:20:47,480
On top of that, they have incredible support teams on hand that they're paying large sums

319
00:20:47,480 --> 00:20:53,480
of money to guide you in how to pay their ransom, how to buy Bitcoin quickly and easily

320
00:20:53,480 --> 00:20:55,760
so that you can send it straight to them.

321
00:20:55,760 --> 00:21:03,680
It is horrifying how well they've corporatized that side of things.

322
00:21:03,680 --> 00:21:08,280
You also mentioned the threat of it, calling people up, threatening them, calling their

323
00:21:08,280 --> 00:21:14,240
customers.

324
00:21:14,240 --> 00:21:17,920
These are things that we see done elsewhere, but when they're put here and you're also

325
00:21:17,920 --> 00:21:24,200
feeling that pinch of your data being gone or missing or just inaccessible, that's a

326
00:21:24,200 --> 00:21:25,200
lot.

327
00:21:25,200 --> 00:21:26,800
It does work.

328
00:21:26,800 --> 00:21:32,520
That's the next thing I wanted to talk about with this, which is the biggest – what was

329
00:21:32,520 --> 00:21:33,520
that?

330
00:21:33,520 --> 00:21:34,520
Sorry.

331
00:21:34,520 --> 00:21:37,560
I was just going to say my favorite because with these ransomware negotiations is when

332
00:21:37,560 --> 00:21:42,640
you join the chat and it says, hi, how can I help you today?

333
00:21:42,640 --> 00:21:44,480
You know how you can help me.

334
00:21:44,480 --> 00:21:47,880
High quality customer service.

335
00:21:47,880 --> 00:21:51,840
This call is being recorded.

336
00:21:51,840 --> 00:21:57,760
I'll say one thing and then I'll let Matthew keep going, but these are oftentimes full

337
00:21:57,760 --> 00:22:01,040
organizations.

338
00:22:01,040 --> 00:22:03,760
Just like you have your own business, they have their own business.

339
00:22:03,760 --> 00:22:04,760
They've got sales.

340
00:22:04,760 --> 00:22:05,760
They've got support.

341
00:22:05,760 --> 00:22:06,760
They've got engineers.

342
00:22:06,760 --> 00:22:13,560
They've got leaders of that group managing the different teams.

343
00:22:13,560 --> 00:22:15,920
That's my little blip there, but Matthew, sorry.

344
00:22:15,920 --> 00:22:16,920
No, no.

345
00:22:16,920 --> 00:22:19,520
I'll not jump into that too much.

346
00:22:19,520 --> 00:22:23,320
There was a ransomware group that came up about a year or two ago.

347
00:22:23,320 --> 00:22:28,120
They were only around for six months and they made something like $38 million.

348
00:22:28,120 --> 00:22:30,320
Of course, they have a whole team.

349
00:22:30,320 --> 00:22:32,960
It makes sense if they're going to make that much money.

350
00:22:32,960 --> 00:22:36,480
Then they disband and move on.

351
00:22:36,480 --> 00:22:48,440
To go back to what I was saying, the most effective way that these criminals work is

352
00:22:48,440 --> 00:22:51,200
by making you feel fear.

353
00:22:51,200 --> 00:22:59,080
When they make you feel fear, they make you feel a sense of time criticality.

354
00:22:59,080 --> 00:23:04,680
If you've ever received any of those emails requesting that you buy something to do, gift

355
00:23:04,680 --> 00:23:08,600
cards or anything like that, you know that when they're doing that, they're saying, we

356
00:23:08,600 --> 00:23:10,360
need this or we'll lose a customer.

357
00:23:10,360 --> 00:23:12,200
We need this or we'll lose XYZ.

358
00:23:12,200 --> 00:23:16,920
I need you to pay this right now or something bad will happen.

359
00:23:16,920 --> 00:23:21,840
We've seen some truly horrific ones come around more recently.

360
00:23:21,840 --> 00:23:24,720
We may get into those later.

361
00:23:24,720 --> 00:23:29,400
The general point is they're going to try and say you have to take an action that you

362
00:23:29,400 --> 00:23:33,960
don't think you need to take or that you should take without speaking to anyone else so that

363
00:23:33,960 --> 00:23:39,240
we can be sure we fix this problem that you haven't yet confirmed exists.

364
00:23:39,240 --> 00:23:43,840
ransomware is a bit different, obviously, because you can probably see your data disappearing

365
00:23:43,840 --> 00:23:46,880
or getting crypto locked right in front of you.

366
00:23:46,880 --> 00:23:51,480
But generally when it's a phishing or a scam or anything like that, don't try to confirm

367
00:23:51,480 --> 00:23:55,440
this, just pay us.

368
00:23:55,440 --> 00:24:00,920
That is to me at least a surefire sign that what's going on is not legitimate.

369
00:24:00,920 --> 00:24:05,880
If you start feeling that fear happening, if you start freaking out like that, hey,

370
00:24:05,880 --> 00:24:09,880
I know taking a step back or getting off the phone is pretty hard.

371
00:24:09,880 --> 00:24:14,080
Generally most things are not that critical, right?

372
00:24:14,080 --> 00:24:16,520
Business deals, they tend to take a little bit of time to go through.

373
00:24:16,520 --> 00:24:21,320
They don't tend to get signed in a full afternoon for ridiculous amounts of money, especially

374
00:24:21,320 --> 00:24:24,440
not with gift cards.

375
00:24:24,440 --> 00:24:27,000
There's a lot of things that go into those types of it.

376
00:24:27,000 --> 00:24:34,240
But when it comes down to what you can expect if you're the target, whether that's intentionally

377
00:24:34,240 --> 00:24:39,560
or otherwise, is that there is going to be that there is a sense of urgency, of time

378
00:24:39,560 --> 00:24:45,080
criticality, and that you, the person they're speaking to, are the only one who can fix it.

379
00:24:45,080 --> 00:24:48,400
If that feels out of place, if you're feeling, oh, that's not quite right.

380
00:24:48,400 --> 00:24:50,080
I'm feeling really out of my depth.

381
00:24:50,080 --> 00:24:52,600
This is not something that I should have to handle.

382
00:24:52,600 --> 00:24:53,600
There's a good chance it's not.

383
00:24:53,600 --> 00:25:01,280
There's a good chance you can take a step back because personally, I would prefer getting

384
00:25:01,280 --> 00:25:08,520
reprimanded for not having done something like that than the opposite of it.

385
00:25:08,520 --> 00:25:11,800
Hey, I'm sorry, I don't really feel comfortable doing that right now is a much better thing

386
00:25:11,800 --> 00:25:18,440
to have to say than, I'm sorry, I sent $10,000 in gift cards to someone.

387
00:25:18,440 --> 00:25:23,120
So I think that's something I just wanted to recommend is looking out for.

388
00:25:23,120 --> 00:25:29,560
Maybe the whole conversation before that about ransomware doesn't really tie in, but it's

389
00:25:29,560 --> 00:25:32,760
just something that came up with what you were saying, because they do push it and it's

390
00:25:32,760 --> 00:25:36,560
very true in the ransomware side of things because they want that money quickly.

391
00:25:36,560 --> 00:25:41,200
They want to resolve the issue because then they can move on to handling it or committing

392
00:25:41,200 --> 00:25:44,080
the same crime again.

393
00:25:44,080 --> 00:25:45,080
That's the business side of things.

394
00:25:45,080 --> 00:25:49,800
On the personal side of things, just be on the lookout for it.

395
00:25:49,800 --> 00:26:00,400
Yeah, I guess I'll see if marketing has any questions, but I would love to just give a

396
00:26:00,400 --> 00:26:06,120
little bit of depth into just certain types of attacks.

397
00:26:06,120 --> 00:26:12,000
Maybe not even to the corporate level, but then talk about some of the steps or the roles

398
00:26:12,000 --> 00:26:16,240
that happen in these various ones and sometimes how they're chained together.

399
00:26:16,240 --> 00:26:21,920
But yeah, Terri, I don't know if you had any questions before we try and dump it in something

400
00:26:21,920 --> 00:26:22,920
like that.

401
00:26:22,920 --> 00:26:34,360
That is one key element to keep in mind that it's typically not just one kind.

402
00:26:34,360 --> 00:26:47,480
It is several married or mixed into fishing can then be a virus, then it's really hard

403
00:26:47,480 --> 00:26:53,200
sometimes to differentiate and then try to figure out the point of both attacking control

404
00:26:53,200 --> 00:26:56,400
to remediate.

405
00:26:56,400 --> 00:27:01,760
It's hard to separate the different elements because the reaction is going to be different

406
00:27:01,760 --> 00:27:02,760
as well.

407
00:27:02,760 --> 00:27:03,760
Exactly.

408
00:27:03,760 --> 00:27:09,920
And just before you jump into that, Nate, just to build on that.

409
00:27:09,920 --> 00:27:13,400
The forensic side of things of what happens after these attacks when people are trying

410
00:27:13,400 --> 00:27:20,440
to figure out how it all started is one of the most intense things you can think of because

411
00:27:20,440 --> 00:27:25,620
it requires that the person doing that work knows every step of your system, every piece

412
00:27:25,620 --> 00:27:27,560
of hardware.

413
00:27:27,560 --> 00:27:31,840
If you fall for one of these crimes and it does end up getting to that point, the entire

414
00:27:31,840 --> 00:27:36,360
system gets ripped apart because the people need to figure out exactly where it occurred,

415
00:27:36,360 --> 00:27:41,160
how deep into the network someone got, things like that.

416
00:27:41,160 --> 00:27:44,280
The reason for that is, like Ann said, it builds.

417
00:27:44,280 --> 00:27:48,240
You fall for a phishing scam, you then download a file and it gets on your network.

418
00:27:48,240 --> 00:27:52,960
Suddenly it's on six computers and the server and it's extricating data elsewhere to another

419
00:27:52,960 --> 00:27:55,080
network.

420
00:27:55,080 --> 00:28:01,360
What started as just a phishing attack became a full blown ransomware event with a full

421
00:28:01,360 --> 00:28:04,640
forensic team coming in afterwards.

422
00:28:04,640 --> 00:28:08,680
So yeah, there's so much going on and it is tied together.

423
00:28:08,680 --> 00:28:11,920
It is just you very rarely just fall for one thing.

424
00:28:11,920 --> 00:28:15,000
You end up falling for multiple things that results in it.

425
00:28:15,000 --> 00:28:18,880
So if you're feeling uncomfortable with it at any point in the process, stopping there

426
00:28:18,880 --> 00:28:22,080
is a good thing because it often means if they're jumping onto another one, they're

427
00:28:22,080 --> 00:28:25,600
either trying to get deeper into the network or something can place has stopped that first

428
00:28:25,600 --> 00:28:30,240
one from working, which is a great way to know that if they're trying to pivot midway

429
00:28:30,240 --> 00:28:32,920
through, you can also stop.

430
00:28:32,920 --> 00:28:37,080
Maybe make things less bad than they were before or could have been.

431
00:28:37,080 --> 00:28:42,560
So to blend the two of your guys' conversations together there, one example that comes to

432
00:28:42,560 --> 00:28:46,160
mind is a phishing email, right?

433
00:28:46,160 --> 00:28:50,160
Someone falls for a phishing email and this is going to be a legitimate case that CIT

434
00:28:50,160 --> 00:28:52,480
has helped assist with as well.

435
00:28:52,480 --> 00:29:02,120
So a user had clicked on a phishing email unbeknowningly granted access to their mailbox

436
00:29:02,120 --> 00:29:05,240
then and that could be a whole different threat actor.

437
00:29:05,240 --> 00:29:07,360
So they they sent off an email.

438
00:29:07,360 --> 00:29:10,560
Their entire job is just to gain access to accounts.

439
00:29:10,560 --> 00:29:11,560
That's it.

440
00:29:11,560 --> 00:29:15,840
Then from there, they can potentially sell that access and then someone else can come

441
00:29:15,840 --> 00:29:20,760
in and maybe that team is focused more on lawyer transfers.

442
00:29:20,760 --> 00:29:24,960
And so what they can do there is that team will just sit there and monitor your emails

443
00:29:24,960 --> 00:29:31,600
for a given period of time, waiting for the perfect opportunity for a wire transfer.

444
00:29:31,600 --> 00:29:38,800
So Matthew had mentioned I need the gift cards in a different case that CIT has assisted with.

445
00:29:38,800 --> 00:29:46,400
It was the CEO was flying back from China for business and while they were flying, the

446
00:29:46,400 --> 00:29:50,480
threat actor knew that because they had the flight details, emailed the accountant saying,

447
00:29:50,480 --> 00:29:53,240
I had a great time here in China.

448
00:29:53,240 --> 00:29:55,320
I'm looking to do a business deal.

449
00:29:55,320 --> 00:29:58,440
Please immediately transfer.

450
00:29:58,440 --> 00:30:03,200
It was $283,000 to be able to secure this deal.

451
00:30:03,200 --> 00:30:06,800
They process that went over to another country.

452
00:30:06,800 --> 00:30:12,800
By the time that the CEO got back, they said, can you send another one?

453
00:30:12,800 --> 00:30:18,160
And that's that's where the accountant said, OK, by the way, I processed the first one.

454
00:30:18,160 --> 00:30:20,120
Do you want me to do the second one now?

455
00:30:20,120 --> 00:30:23,440
Because I have no idea what you're talking about.

456
00:30:23,440 --> 00:30:27,360
So again, a multi-chained attack that started off with phishing.

457
00:30:27,360 --> 00:30:31,880
Someone monitored emails for a while, led to a wire transfer.

458
00:30:31,880 --> 00:30:33,320
And that's actually pretty common.

459
00:30:33,320 --> 00:30:34,320
We've done that.

460
00:30:34,320 --> 00:30:35,320
We've seen that multiple times.

461
00:30:35,320 --> 00:30:40,960
But yeah, otherwise, there's so many different other ways that this can happen.

462
00:30:40,960 --> 00:30:46,520
So I've seen different groups working together.

463
00:30:46,520 --> 00:30:52,640
So some will set up the servers just to deliver ads, and then they'll rent that out.

464
00:30:52,640 --> 00:30:58,600
And then there's people creating malicious ads, and they'll use that service to pair

465
00:30:58,600 --> 00:31:04,120
that all together and make a malicious advertisement system.

466
00:31:04,120 --> 00:31:08,040
We've seen things like we haven't talked about SIM swapping.

467
00:31:08,040 --> 00:31:15,080
That's a SIM swapping is basically just where you convince the cell phone provider to change

468
00:31:15,080 --> 00:31:19,160
the SIM card from one phone to the other, because that's often where multi-factor is

469
00:31:19,160 --> 00:31:22,440
tied to for text messages.

470
00:31:22,440 --> 00:31:26,920
Oftentimes there's someone who is holding the phone, someone who is trying to convince

471
00:31:26,920 --> 00:31:35,280
the retail employee to sidestep processes, someone who is trying to gather the multi-factor

472
00:31:35,280 --> 00:31:36,680
code at the same time.

473
00:31:36,680 --> 00:31:41,400
They work as a team to try and accomplish that.

474
00:31:41,400 --> 00:31:46,720
Two other ones that I'll maybe quick mention is there are teams that are dedicated to just

475
00:31:46,720 --> 00:31:52,360
gaining access to networks and then stopping and then selling that access to others.

476
00:31:52,360 --> 00:31:56,720
So for example, we've seen it where someone will break into a network and then they'll

477
00:31:56,720 --> 00:32:00,400
sell that access for $600 or something like that.

478
00:32:00,400 --> 00:32:02,440
From there, they're done.

479
00:32:02,440 --> 00:32:04,080
That's their specialty.

480
00:32:04,080 --> 00:32:10,280
Someone else who maybe specializes in ransomware, and there's groups out there that you can

481
00:32:10,280 --> 00:32:13,920
buy their ransomware services.

482
00:32:13,920 --> 00:32:16,240
And so you essentially don't have to be a coder.

483
00:32:16,240 --> 00:32:19,960
You just say, I want to buy this for X amount of money.

484
00:32:19,960 --> 00:32:24,560
You run that in the software, the people that developed it get a portion of that money,

485
00:32:24,560 --> 00:32:28,640
and then you get to keep the other portion because you did the crime.

486
00:32:28,640 --> 00:32:30,600
It's wild out there.

487
00:32:30,600 --> 00:32:31,920
You can hire hitmen.

488
00:32:31,920 --> 00:32:33,440
I don't recommend that.

489
00:32:33,440 --> 00:32:39,520
Also, I guarantee that 90% of those sites that if you ever go trying to look for it are FBI

490
00:32:39,520 --> 00:32:43,120
just trying to get you.

491
00:32:43,120 --> 00:32:44,240
We see all that.

492
00:32:44,240 --> 00:32:45,480
We see that all the time.

493
00:32:45,480 --> 00:32:49,320
But it's a full underground business.

494
00:32:49,320 --> 00:32:50,680
We'll just leave it at that.

495
00:32:50,680 --> 00:32:54,520
I think you make a good point that's often overlooked when we talk about this.

496
00:32:54,520 --> 00:32:59,880
People think of the people committing these crimes as the hackers, as the people who have

497
00:32:59,880 --> 00:33:03,720
spent so much time learning how all this works that they know how to do it.

498
00:33:03,720 --> 00:33:05,840
And to be blunt, it's not really that anymore.

499
00:33:05,840 --> 00:33:10,840
It's a lot of people who just have enough money to buy a version that is currently known

500
00:33:10,840 --> 00:33:15,120
to work, and then they send it to people.

501
00:33:15,120 --> 00:33:21,080
Because if a known company who's done this multiple times can make $36 million or $38

502
00:33:21,080 --> 00:33:27,920
million in six months, someone can just make a million or $2 million doing it on their own

503
00:33:27,920 --> 00:33:30,960
with a little bit of scripting work.

504
00:33:30,960 --> 00:33:39,200
With my compliance mind reeling, there is also the element of possible deniability and

505
00:33:39,200 --> 00:33:42,160
separating the individual crimes.

506
00:33:42,160 --> 00:33:51,440
So if someone were to be convicted or brought, have charges brought against them, the idea

507
00:33:51,440 --> 00:33:59,800
of stealing one access or a group of access is not as terrible as gaining access, stealing

508
00:33:59,800 --> 00:34:03,000
information, selling information.

509
00:34:03,000 --> 00:34:08,440
It's all the different steps aggregated that would be the true and the monetary gain, of

510
00:34:08,440 --> 00:34:17,800
course, or the separation of the monetary gain to stay under the radar of what's important

511
00:34:17,800 --> 00:34:19,520
to say the FBI.

512
00:34:19,520 --> 00:34:24,240
We're always going to keep it at a $4,000 steal.

513
00:34:24,240 --> 00:34:29,960
But again, like you were mentioning earlier, a thousand times, then we're at millions of

514
00:34:29,960 --> 00:34:37,800
dollars, but it still was under the radar of the controls set by different agencies and

515
00:34:37,800 --> 00:34:38,800
crime bureaus.

516
00:34:38,800 --> 00:34:39,800
Yeah, exactly.

517
00:34:39,800 --> 00:34:46,560
I want to mention, we've talked about a lot of what is done.

518
00:34:46,560 --> 00:34:50,520
I think we've mentioned a lot of things that haven't really shown any consequences, and

519
00:34:50,520 --> 00:34:53,120
I just want to mention a couple of those quickly.

520
00:34:53,120 --> 00:34:58,680
People going in and buying data, people going in and buying access, there are sites where

521
00:34:58,680 --> 00:34:59,760
that can be done.

522
00:34:59,760 --> 00:35:01,440
Nate mentioned that.

523
00:35:01,440 --> 00:35:07,000
One of the big ones that got shut down recently was breached.vc.

524
00:35:07,000 --> 00:35:12,200
Not only do they get shut down, they were raided by the FBI.

525
00:35:12,200 --> 00:35:20,160
The owner and creator of that forum is currently under arrest, or is as of our last update

526
00:35:20,160 --> 00:35:22,000
on the matter.

527
00:35:22,000 --> 00:35:27,120
And all the information from that site was given to the FBI.

528
00:35:27,120 --> 00:35:30,720
Those people who use that site, those people who signed up just to look at it, they're

529
00:35:30,720 --> 00:35:33,440
on a list now.

530
00:35:33,440 --> 00:35:39,880
There is something like just being curious about this in specific ways is going to have

531
00:35:39,880 --> 00:35:42,000
that.

532
00:35:42,000 --> 00:35:48,200
We sign up and get certifications and specifically work with the good guys because that shows

533
00:35:48,200 --> 00:35:52,400
that we're doing this for research and because that's what we're doing it for.

534
00:35:52,400 --> 00:35:55,000
We need to know where this is happening.

535
00:35:55,000 --> 00:36:01,560
But this is something that is actively charged, actively reviewed, and investigated heavily.

536
00:36:01,560 --> 00:36:08,360
And there are limits to what that money basis is before they get incredibly involved, but

537
00:36:08,360 --> 00:36:13,120
they're tracking all of it just because they haven't found enough reason to focus on one

538
00:36:13,120 --> 00:36:15,400
individual over a giant group yet.

539
00:36:15,400 --> 00:36:19,440
It doesn't mean that the time won't come when they do, and if you're making these types

540
00:36:19,440 --> 00:36:26,000
of mistakes, which you are, because it's all trackable, you're going to be caught.

541
00:36:26,000 --> 00:36:29,720
It's just a matter of time for how long.

542
00:36:29,720 --> 00:36:33,800
And we see this with the Silk Road guys who thought they were getting away with so much

543
00:36:33,800 --> 00:36:36,440
for so long.

544
00:36:36,440 --> 00:36:40,640
Fun fact, he actually tackled in a library.

545
00:36:40,640 --> 00:36:46,440
He was on his laptop and they swooped in and tackled him, and his laptop is now in a museum

546
00:36:46,440 --> 00:36:47,840
if you're interested.

547
00:36:47,840 --> 00:36:53,880
But the one thing I'll kind of put my closing thoughts, because I think we did a lot of

548
00:36:53,880 --> 00:36:58,760
great work telling how fun or interesting this cybercrime could be.

549
00:36:58,760 --> 00:37:02,360
Interesting is different than fun, though.

550
00:37:02,360 --> 00:37:06,720
I did say, hey, there is a motive of being just having fun.

551
00:37:06,720 --> 00:37:13,600
But I guess the one thing that I maybe summarized for my closing thoughts, and it's kind of

552
00:37:13,600 --> 00:37:18,640
writing on Matthew as well here, is these are old statistics, so please don't hold me

553
00:37:18,640 --> 00:37:19,640
to it.

554
00:37:19,640 --> 00:37:27,000
But the last time I looked into this, it was about 5% of all cybercrime has a conviction.

555
00:37:27,000 --> 00:37:34,360
But if the FBI or some other type of investigative agency gets you in their sights, it's over

556
00:37:34,360 --> 00:37:37,160
a 95% conviction rate.

557
00:37:37,160 --> 00:37:44,480
So we also often hear stories of people who did get caught, and it's usually one IP slip

558
00:37:44,480 --> 00:37:45,880
up at some point.

559
00:37:45,880 --> 00:37:51,480
And then that was the main way that they were able to track and start putting that to a

560
00:37:51,480 --> 00:37:54,080
particular individual.

561
00:37:54,080 --> 00:38:00,320
And so the risks, if you're going to commit cybercrime, which we don't recommend, you

562
00:38:00,320 --> 00:38:05,400
can make a lot of money, but you always run the risk of saying, when is my time to get

563
00:38:05,400 --> 00:38:07,000
caught?

564
00:38:07,000 --> 00:38:13,040
And oftentimes it's not even that you may be slipped up, but there's a bigger picture

565
00:38:13,040 --> 00:38:16,360
that starts developing.

566
00:38:16,360 --> 00:38:18,360
There's a podcast out there.

567
00:38:18,360 --> 00:38:22,040
I'm not going to go into the gritty details here, but there's a website.

568
00:38:22,040 --> 00:38:30,160
It was a fairly small site, but it was sharing questionable content that's highly illegal.

569
00:38:30,160 --> 00:38:39,040
And they found one individual's Bitcoin address, found that individual, got them convicted,

570
00:38:39,040 --> 00:38:44,160
and then that turned into a couple hundred arrests because one person slipped up.

571
00:38:44,160 --> 00:38:48,840
So even if you do everything perfect, yeah, even if you try and do everything perfect,

572
00:38:48,840 --> 00:38:57,120
again, the FBI and the other agencies have the resources and the time to hunt you down,

573
00:38:57,120 --> 00:39:04,120
potentially, and make sure you are convicted and brought to justice.

574
00:39:04,120 --> 00:39:07,680
Yeah, so that was a very light closure there.

575
00:39:07,680 --> 00:39:11,680
Yes, but I really like it.

576
00:39:11,680 --> 00:39:18,960
I've always said, if I ever don't show up to work one day, it's because I'm either in

577
00:39:18,960 --> 00:39:24,160
jail making very good side money or I got hit by a bus.

578
00:39:24,160 --> 00:39:29,320
So I'm still here at work, which means I'm not a cyber criminal and I am not hit by a

579
00:39:29,320 --> 00:39:34,720
bus because I fear the felonies and the time of being convicted.

580
00:39:34,720 --> 00:39:36,720
Oh, man.

581
00:39:36,720 --> 00:39:37,720
Wow.

582
00:39:37,720 --> 00:39:41,400
Well, we are very happy you are here and not hit by a bus.

583
00:39:41,400 --> 00:39:42,400
We've got some good people.

584
00:39:42,400 --> 00:39:43,400
Well, committing crimes.

585
00:39:43,400 --> 00:39:44,400
Yeah, or committing crimes.

586
00:39:44,400 --> 00:39:46,400
Yes, we've got good people on our side.

587
00:39:46,400 --> 00:39:48,400
FBI is going to be all over this podcast now.

588
00:39:48,400 --> 00:39:49,400
I know.

589
00:39:49,400 --> 00:39:50,400
Oh, my gosh.

590
00:39:50,400 --> 00:39:59,040
Well, to end, I'd like to end a little bit on a high note, just as everybody's worried.

591
00:39:59,040 --> 00:40:03,920
Some of the things, if you had to pick just one thing, because we will have a podcast

592
00:40:03,920 --> 00:40:09,520
in the future about best practices and what you can do, but what would be some advice

593
00:40:09,520 --> 00:40:12,680
that you would give a person or a business?

594
00:40:12,680 --> 00:40:17,200
I think Matthew, I'm going to take his about just trusting your gut.

595
00:40:17,200 --> 00:40:24,200
I think it was a huge thing if it doesn't feel right, stop, back up, talk to somebody.

596
00:40:24,200 --> 00:40:31,600
But if there is anything you had to share about how to help or prevent or best practice.

597
00:40:31,600 --> 00:40:33,680
Have a full incident response plan.

598
00:40:33,680 --> 00:40:36,440
Have full internet security policy.

599
00:40:36,440 --> 00:40:42,120
Basically have a GRC analyst, as I've said in every.

600
00:40:42,120 --> 00:40:48,080
I've said this during every other podcast about this, but every time I've talked to

601
00:40:48,080 --> 00:40:52,160
someone who has said, oh, we nearly fell for one of those scams, but didn't.

602
00:40:52,160 --> 00:40:56,560
It was because they had rules or policies in place that were like, we always get double

603
00:40:56,560 --> 00:40:58,680
confirmation before we send money.

604
00:40:58,680 --> 00:41:02,520
So someone came to us and said, someone asked us to send all this money and the other person

605
00:41:02,520 --> 00:41:06,560
went, wait, because they didn't have the time crunch the first person did.

606
00:41:06,560 --> 00:41:09,720
They could see the reality of what was going on.

607
00:41:09,720 --> 00:41:14,840
Policies and procedure will save you more times than any specific tool.

608
00:41:14,840 --> 00:41:20,160
Policies and procedures and tools will save you even more.

609
00:41:20,160 --> 00:41:22,000
I'd say start with the basics.

610
00:41:22,000 --> 00:41:23,000
That is.

611
00:41:23,000 --> 00:41:26,760
John Casper, man is running an MFA.

612
00:41:26,760 --> 00:41:28,320
I've mentioned this on other podcasts.

613
00:41:28,320 --> 00:41:32,560
I have sunglasses that are engraved with MFA everything.

614
00:41:32,560 --> 00:41:35,840
And it is because it is so critical.

615
00:41:35,840 --> 00:41:42,120
Really what we have conversations with customers about is you can implement some of these basic

616
00:41:42,120 --> 00:41:48,160
security tools, multi-factor endpoint detection response, and you could pay for those for

617
00:41:48,160 --> 00:41:53,680
10 years at the cost of one cyber incident, right?

618
00:41:53,680 --> 00:41:58,680
And they will absolutely help you far more than that 10 years there.

619
00:41:58,680 --> 00:42:04,440
And so it's just blocking and tackling the basics that if you are joining this for the

620
00:42:04,440 --> 00:42:09,720
first time, please just implement multi-factor wherever possible, especially your VPNs,

621
00:42:09,720 --> 00:42:11,280
your email accounts.

622
00:42:11,280 --> 00:42:17,800
Those two alone will help out a lot.

623
00:42:17,800 --> 00:42:24,360
And the impact to your end users will definitely be significantly less than the impact to your

624
00:42:24,360 --> 00:42:30,120
users and your mental health if you ever have to go through a major security incident.

625
00:42:30,120 --> 00:42:35,280
I'm going to quick touch it down a little bit on the high part is we've had business

626
00:42:35,280 --> 00:42:40,360
leaders crying on the other end and we have to play the empathy to help them through that

627
00:42:40,360 --> 00:42:41,360
situation.

628
00:42:41,360 --> 00:42:46,280
I don't have business leaders crying to me when they're talking about implementing multi-factor.

629
00:42:46,280 --> 00:42:48,400
That's more of just a slight annoyance.

630
00:42:48,400 --> 00:42:51,680
So again, start with the basics.

631
00:42:51,680 --> 00:42:54,680
Yeah, for sure.

632
00:42:54,680 --> 00:42:56,120
All those things.

633
00:42:56,120 --> 00:42:57,680
We've got podcasts on all of them.

634
00:42:57,680 --> 00:43:00,480
We'll put some links in the description.

635
00:43:00,480 --> 00:43:04,120
Thank you, Nate, Anne, and Matthew for joining us today.

636
00:43:04,120 --> 00:43:11,360
If you have any questions, if you need any help, please reach out to us at info at cit-net.com

637
00:43:11,360 --> 00:43:17,200
or head out to our website cit-net.com slash podcast and we'll be back next week with an

638
00:43:17,200 --> 00:43:29,040
all new episode.