The Hacker Mind

Bots are actionable scripts that can slow your day to day business, be enlisted in denial of service attacks, or even keep you from getting those tickets Taylor Swift you desperately want. Antoine Vastel from DataDome explains how it's an arms race: the better we get at detecting them, the more the bots evolve to evade detection. Transcript here.

You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info. Speaking at SecTor 2023, Deral Heiland from Rapid 7 said he found that he was able to buy infusion pumps on the secondary market with the network credentials for the original Health Care Delivery Organization in tact. In theory he could join that network as that device and potentially pivot to other parts of the HDO. No good since there are 100s of thousands of these devices in use today. Transcript here.

With the recent Clop attack on customers of MoveIt, ransomware is now old news. Attackers are skipping the encryption and simply extorting the exfiltrated data, according to Thomas “Mannie” Wilken, from the Accenture Cyber Threat Intelligence Dark Web Reconnaissance Team. He should know; he spends his days on the Dark Web seeing the rise of new infostealers, deep fakes, and even the rise of OT technologies as potential targets in the near future. Transcript here.

Imagine a data dump of files similar to the Snowden Leaks in 2013, only this it’s not from the NSA but from NT Vulkan, a Russian contractor. And it’s a framework for targeting critical IT infrastructures. In a talk at DEF CON 31, Joe Slowick from Huntress, shares what a Russian whistleblower released in the form of emails and documents, and how we can tie some of that back information to some of the Sandworm campaigns and recent attacks against Ukraine. Transcript here.

Rather than use backdoor exploits, attackers are stealing credentials going through the front door. How are they gaining credentials. Sometimes it’s from the tools we trust. Paul Geste and Thomas Chauchefoin discuss their DEF CON 31 presentation Visual Studio Code is why I have (Workspace) Trust issues as well as the larger question of how much we should trust tools that we depend on daily. Transcript here.

What if an GPC project OAUTH access token wasn’t deleted? This could expose databases to bad actors. Tal Skverer from Astrix discusses his DEF CON 31 presentation GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps. Transcript here.

How do you conduct an incident response for an entire country? When it’s 27 different life-critical government ministries each with up to 850 individual devices -- that’s uncharted territory. Esteban Jimenez of ATTI Cyber talks about his experience with the reconstruction of the cybersecurity system following Conti, how the country handled a second ransomware attack from the Hive ransomware group, and we'll discuss what yet remains to be done to secure Costa Rica -- and other Latin American countries from future attacks. Transcript here.

What is is like to hack an entire country, to take it’s government services offline, to deny a government an ability to function? Costa Rica knows. Esteban Jimenez of ATTI Cyber has been helping Costa Rica improve its cybersecurity posture for more than 16 years, and he has been helping them recently recover from a crippling ransomware attack in April 2022 that hit 28 ministries of the government. Central and Latin America appear to be a new playground for bad actors testing new malware. But Central and Latin America are learning how to fight back. Transcript here.

Speaking at Black Hat 2023, Kelly Shortridge is bringing cybersecurity out of the dark ages by infusing security by design to create secure patterns and practices. It’s a subject of her new book on Security Chaos Computing, and it’s a topic that’s long overdue to be discussed in the field. Transcript.

Are we doing enough to secure our health delivery organizations? Given the rise of ransomware attacks, one could day we are not. Karl Sigler from Trustwave SpiderLabs, talks about a new report that his team has written that is focused on the threat landscape for medical devices and the healthcare industry in general. Transcript here.

Internet domains are brittle. One could hack into a military, a foreign government, or even global commercial web services domain using flaws in the underlying architecture. Fredrik Nordberg Almroth, co-founder of Detectify, talks about how he did just that -- hack .mil, hack the top level domain of the Democratic Republic of Congo, and even Gmail or Wordpress -- just by looking for basic misconfigurations. Transcript.

Phishing is everywhere. Who among us has not seen phish in their inbox? Aviv Grafi, from Votiro, gets into the weeds about how malicious documents are formed and how they might (despite good secure posture) still end up in your inbox or browser. He’s created a rather novel method to strip out the good content from the bad without affecting your overall productivity. And maybe, just maybe, stop phishing as a viable attack vector.

Could the nudges and prompts like those from our Fitbits and Apple watches be effective in enforcing good security behavior as well? Oz Alashe, CEO and founder of CybSafe, brings his experience in the UK Intelligence Community to the commercial world along with some solid science around what motivates us to make changes in our lives. It’s not just one-off phishing examples, it’s also about providing positive feedback, even gamification, to make things stick in future insider trust programs. Transcript here.

Say you’re an organization that’s been hit with ransomware. At what point do you need to bring in a ransomware negotiator? Should you pay, should you not? Mark Lance, the VP of DFIR and Threat Intelligence for GuidePoint Security, provides The Hacker Mind with stories of ransomware cases he’s handled and best practices for how to handle such an event.

Small to Medium Business are increasingly the target of APTs and ransomware. Often they lack the visibility of a SOC. Or even basic low level threat analysis. Chris Gray of Deepwatch talks about the view from the inside of a virtual SOC, the ability to see threats against a large number of SMB organizations, and the changes to cyber insurance we’re seeing as a result.

More and more criminals are identified through open source intelligence (OSINT). Sometimes a negative Yelp review can reveal their true identity. Daniel Clemens, CEO of ShadowDragon, talks about his more than two decades of digital investigations, from the origins of the Code Red worm to the mass shooter in Las Vegas, with a fair number of pedophiles and human traffickers identified as well. Find out what Daniel looks for and how he does digital forensics using social media and other open source resources.

It’s time to evolve beyond the UNIX operating system. OSes today are basically ineffective database managers, so why not build an OS that’s a database manager? Michael Coden, Associate Director, Cybersecurity, MIT Sloan, along with Michael Stonebreaker will present this novel concept at RSAC 2023. You can learn more at dbos-project.github.io

Incident response in the cloud. How is it different, and why do we need to pay more attention to it today, before something major happens tomorrow. James Campbell, CEO of Cado Security, shares his experience with traditional incident response, and how the cloud, with its elastic structure, able to spin up and spin down instances, is changing incident response.

We’ve seen drug marketplaces and extremists use the Dark Web. Will generative AI tools like ChatGPT make things crazier by lowering the barrier to entry? Delilah Schwartz, from Cybersixgill, brings her extensive background with online extremism to The Hacker Mind to talk about how she’s seeing a lot of chatter in the dark web.about AI online. She discusses what is and what is not likely to happen next.

Booth babes and rampant sexism were more of a problem in infosec in the past. That is, until Chenxi Wang spoke up. And she’s not done changing the industry. She’s an amazing person who has done an incredible number of things in a short amount of time -- a PhD in Computer Engineering, inventor of a process still used by the DoD today, a successful teaching career at CMU, a role as security analyst at Forrester, and then a role at Intel McAfee. Today she runs a 100% woman owned VC.