Talk With a Friendly Human
Attila: You do have a lot of tabs on it.
Matt: I do have a lot of tabs all the time, every day.
You're listening to the Cyber Secured Podcast, helping you become safer in every way.
Now your hosts, Matt and Attila.
Attila: Hi guys, Attila here.
Matt: This is Matt.
Attila: And we are going to talk about cybersecurity.
Matt: Welcome to our first episode.
Attila: We're going to edit that out because we don't want people listening in to think that we haven't done this before.
Attila: We've actually done a lot, a lot, a lot of webinars and interviews.
Attila: But we thought that if we actually did a podcast, people might listen a little bit more to what we have to say to keep them safe.
Attila: That's our goal is to keep the community safe from all the new cybersecurity threats because they're always evolving and there's always something new to talk about.
Attila: And if you can listen to this podcast while you're cleaning the house or doing dishes or mowing the lawn, whatever you like to do on a Saturday morning, then that's great for us.
Attila: So yeah, awesome.
Attila: But we try to keep these short because I don't know about you, but I have a pretty short attention span.
Attila: Don't you have a pretty short attention span, Matt?
Matt: I do.
Matt: From moment to moment, I'm usually jumping between a dozen different tabs of things in my windows.
Attila: You do have a lot of tabs.
Matt: I do have a lot of tabs all the time, every day.
Attila: Yeah.
Attila: I think Matt and I are kind of opposite in this way.
Attila: I'm kind of a weirdo.
Attila: When I'm done working on something, I close my browser.
Matt: I do that once a month.
Attila: Yes.
Attila: At most.
Attila: Or at least, no.
Attila: But yeah, we like to start with a story.
Attila: And we like to talk about the kind of firsthand experiences we come across or things we hear in the news.
Attila: And we did have a recent thing that happened, and we wanted to talk about it because there's some good learning lessons that we can have.
Attila: And it also ties into our Riskara behavioral risk assessment.
Attila: So when we created a wonderful assessment tool for businesses to look at their employees' habits and find out, what is their level of awareness to cyber security issues?
Attila: What is their behaviors that have arisen from those habits, from that awareness?
Attila: And then what are the habits that have formed from those behaviors?
Attila: And then overall, what is the organization's level of resilience to security threats?
Attila: Because it all really does come down to employee behavior.
Attila: The best tech in the world we are discovering has holes.
Attila: And, yes, Matt is agreeing.
Attila: You don't see him, but you can hear him.
Attila: You can hear his neck creaking with agreement.
Attila: It is just one of those tough things that as defenders, as network defenders, we have to deal with all the time, is that we think we have a network completely secured, and then the manufacturer will release a patch for a zero day.
Attila: And we have to scramble to make sure to apply all those patches before the bad guys get in.
Attila: Because I bet you money that as soon as that announcement is made, the bad guys are also taking advantage of that announcement because the exploit has been published.
Matt: Well, and on top of that, a lot of the things we see and hear about are situational issues that will happen with someone with a vulnerability that exists in the light.
Matt: It was a really simple thing.
Matt: They Googled how to set up my Amazon Echo, and the very first thing that popped up on Google, they clicked on, took them to a website that had help.
Matt: And before they knew it, they were downloading something that the support person asked them to download, and then suddenly they're in their bank account siphoning money out of their bank account.
Matt: Why would that happen?
Matt: Well, Google allows anybody to put ads up, and it was malicious bad guys that put ads up, and because they willingly let the support person into their computer, they're at fault.
Attila: Yeah, it's, what's that called?
Attila: Ad poisoning?
Matt: Yeah.
Attila: Yeah, so it's, and that's no, that's not slowing down at all.
Matt: No, that's ramping up quite a bit, because that's a real weak point, and because people don't know, they're not aware, it's part of what we're trying to spread as is awareness.
Matt: It just keeps happening and growing.
Attila: Well, and that's the whole point behind Riskara 360, is to find out where you're at.
Attila: And you got to start with the front line people, your employees, all the way up to management.
Attila: Like, where are you standing on these things?
Attila: So, to that effort to make our jobs easier, because we're lazy, we look at these Riskara questions, and we say, hey, where did this Riskara question come from?
Attila: Because we developed it after much pain and suffering.
Attila: And we wanted to take one of those questions and share, what is the root cause of this question?
Attila: Like, where does it come from?
Attila: So, the question that I have here, we'd like to look at, here we go.
Attila: Ah, yes.
Attila: So, this is the question.
Attila: I feel safe using my work computer to take care of personal things, such as checking social media, personal email and shopping.
Attila: Now, do you feel comfortable in your workplace shopping and doing social media?
Attila: And if you answer yes to that question, eh, you should not be doing that at workplace.
Attila: But there's a reason for that and there's a story.
Attila: So, let's kind of review back to that story.
Attila: It was a local company and they had a personal computer that was being used for payroll.
Attila: And Matt, why don't you say what happened to their payroll because of this?
Matt: So, we got a phone call from the HR company that they work through.
Matt: The HR company handles their payroll.
Matt: And as it turned out, the HR manager, per the logs, had increased her pay rate from whatever it was to I would say like $1,000 per hour or something.
Matt: Wow.
Matt: And there was maybe three people in the company that this happened to.
Matt: It was her and two others.
Matt: And it was very, very unusual.
Matt: Obviously, kind of pointed at her being someone that is trying to get an extra payday.
Matt: And so we started digging into it.
Matt: And I don't know why this wasn't disclosed to us, but it actually turned out that it was her that blew the whistle.
Matt: So obviously, it wasn't her that raised the pay amounts.
Matt: So we started digging into it.
Matt: And lo and behold, after some investigating of the IPs that were coming back from the logins, there's like two of them involved.
Matt: All the security was set up properly.
Matt: We could see that the initial access that was malicious was from her home.
Matt: And then after that, it was in Seattle.
Matt: But the only one IP happened in Seattle.
Matt: The rest came from her home.
Attila: To be clear, she's in Hawaii, not in Seattle.
Matt: Yeah.
Attila: So it's obvious.
Attila: Something was up.
Matt: Yeah.
Matt: So we were able to obtain the laptop and do some forensics.
Matt: And right away, we saw that there was an app, the system on her laptop that was stealing the two-of-a tokens, the credentials, and actually using her laptop as a proxy.
Matt: Proxy meaning being able to use that as a connection point, so that the bad actor's connection wasn't showing up in a place like Seattle.
Matt: That is typically what will set off security alarms, is when there is an IP location that's being used that's unusual.
Matt: The location being Seattle, I think, was an accident.
Matt: I think the bad actor may have, whoopsies, I forgot to turn on the VPN proxy connection, and they did their thing or whatever.
Matt: But yeah, it was very obvious that it came from her system.
Matt: And I'm pretty sure, like I said earlier, she was shopping or looking for help for something, downloaded something and installed it, and that's all it took.
Matt: They're in her system, they're looking around, oh, she's a payroll person.
Matt: And she works for X and Y, Z company.
Matt: Let's see what we can do.
Matt: And based off of the information we gathered and what we looked at, this is a smaller company.
Matt: I'm pretty sure this wasn't a major exploit that they're trying to go after.
Matt: I think they're actually trying to test out what they could do, because they only did three people and they didn't get away with the money.
Matt: The money was returned.
Matt: But it was obvious that they were kind of testing out the capabilities and then they got caught.
Matt: But mostly because the payroll manager whose pay got increased.
Attila: She caught herself.
Matt: Yeah, she caught herself.
Matt: So yeah, that's a good example of why you don't want to do that.
Matt: You're exposing too much when you're at home to your business, and you just don't want to really cross that bridge.
Attila: And we're seeing like all kinds of browser extensions.
Attila: That's like the new attack vector too.
Matt: And if she had the same security stack that's offered by a cybersecurity company on her system, a lot of the stuff would have gotten caught, but none of that existed on her home system.
Attila: And what we're seeing is it's even harder to catch a lot of that stuff, especially when you get into browser extensions or ad poisoning, right?
Attila: Because some of these websites, like the one that I noticed for this latest Amazon Prime phishing scam, these guys registered over a thousand domains that are similar to amazon.com.
Attila: And those domains, because they've been around for a while, they have some decent reputation, right?
Attila: Like they're not, they weren't registered just yesterday.
Attila: Like they've been around like six months to a year, and they launch a site.
Attila: It's buried deep within the site, or they'll take a legitimate like WordPress site that's been compromised and they'll make that a phishing page and a landing page.
Attila: And they're, good luck trying to catch that, right?
Attila: Even through some pretty sophisticated software.
Attila: So this is why the behavior is so important.
Attila: It's the awareness.
Attila: It's the, just, you know, skepticism, I guess is the best way.
Attila: I mean, I don't know.
Attila: Well, and I'm so skeptical over the years.
Matt: And doing work from home, you know, that's become kind of a standard operating procedure in the last few years because of COVID.
Matt: There's nothing inherently wrong with that.
Matt: But you want to have some guardrails.
Matt: You want to have some safeguards.
Matt: There's new procedures in place.
Matt: Things that we know about that we practice and we support.
Matt: But a lot of companies, you know, they don't really think twice about it sometimes.
Matt: And so they just, you know, let their users do what they want from home.
Matt: But if you're going to do that, if you're going to allow that, then there should be some kind of system in place to help safeguard the business and the operations.
Attila: Well, well, I guess what's the happy ending behind this one?
Matt: A happy ending was no money was actually stolen.
Matt: I guess it's kind of neutral because the payroll manager didn't get a pay increase.
Matt: But yeah, happy for them that they were able to identify that something was going on and were able to assist in identifying how it was done.
Attila: Well, so, and you know, and the best, the way that we know that things aren't working is that this keeps happening over and over again.
Attila: Like we've seen so many personal devices be used in the work context.
Attila: And especially when COVID came, like everyone ran home and that's when it really took off.
Matt: Well, and our tools nowadays are so sophisticated.
Matt: We're able to actually really lock things down and keep the bad guys out by just putting so many hurdles in front of them.
Matt: So a lot of times they're resorting to really simple methods to fool people into giving up their information or access to their bank account.
Matt: And it's really people that are the last, you know, unpatchable vulnerability.
Attila: Unpatchable.
Attila: That's a good way of putting it.
Attila: But can we, well, maybe that's what we're trying to do.
Matt: We're trying to...
Matt: Yeah, we're trying to do an audio patch.
Attila: Audio patch.
Attila: We'll call it like Patch Tuesday.
Attila: No, Patch Saturdays.
Attila: No one wants to listen to this stuff during the week.
Attila: It's only after hours.
Attila: Well, you know, we just wanted to make these short podcasts, share some stories and share some more info.
Attila: You know, we'll be releasing these regularly and, you know, keep an eye out for us.
Attila: We're also going to have this on YouTube.
Attila: So eventually, we'll get a little bit more sophisticated.
Attila: But for now, however you got this podcast, keep tuning in at that place, and we'll let you know when the next one arrives.
Attila: And yeah, thanks.
Attila: And if you do have any questions, you can always reach out to us.
Attila: Website is cypac.com.
Attila: Awesome.
Attila: Well, thanks Matt.
Matt: Thank you.
Attila: And thank you for listening.
Matt: Stay safe out there.
Attila: Stay safe.