Collective Intelligence

The Electronic Frontier Foundation has been an advocate for encrypting not only web-based connections between clients and webservers, but for encrypting all internet traffic. Dr. Jeremy Gillula, tech projects director for the EFF, joins Mike Mimoso for a discussion about the technologies and directions required to ensure that encryption of internet traffic is the default moving forward. In this podcast, you'll hear about how industry collaboration led to the development and growth of Let's Encrypt, a CA distributing free SSL certificates, as well as how mainstream awareness of surveillance post-Snowden is driving adoption of encryption technology. Finally, Jeremy and Mike discuss how email, server, and DNS encryption are the next hills to climb in this effort to secure all internet traffic. 

Snort creator Marty Roesch is leaving Cisco Feb. 1 for a new adventure, parting ways for the time being with the one of the true success stories in the information security industry. Snort, the ubiquitous open source intrusion detection and prevention system, is a mainstay in many homegrown and commercial security products. It was commercialized in 2001 when Roesch founded Sourcefire, which was acquired in 2013 by Cisco. In this conversation with Flashpoint Editorial Director Mike Mimoso, Roesch talks about the early days of Snort when it was a nights-and-weekends passion project for him. Roesch explains how his faith in the product and community supporting it guided him past early skeptics who doubted it could be commercialized. Sourcefire was ultimately acquired for $2.7 billion in 2013, and Snort's open-source roots remain a crucial part of the the software's legacy as it has been integrated into many mission-critical products at Cisco. 

Flashpoint Director of Research Vitali Kremez explains the links discovered between malware used to attack Chile interbank network Redbanc and North Korea's Lazarus Group. The state-sponsored attack took place in December and was recently disclosed. The attackers used social engineering to lure a Redbanc employee into installing the malware, which allowed the APT group to examine the user's access to burrow deeper into the network. 

Flashpoint Director of Security Research Allison Nixon discusses the recent takedown of 15 domains associated with DDoS-for-hire booter and stresser services. The takedown opened an important new legal avenue for law enforcement to take action against these harmful services, which in the past hid behind the notion that they were not responsible for the actions of those who bought them. 

Michael Tiffany and Ryan Castellucci of White Ops discuss the recent takedown by law enforcement of the 3ve ad-fraud operation. 3ve was a sophisticated and expansive operation responsible for tens of millions of dollars in losses due to fraudulent ads. Michael and Ryan talk about specifics tactics used by the fraudster, the collaboration required to take down the operation, and what lessons the online ad industry can take from this. 

Flashpoint Director of Research Vitali Kremez discusses the activities, capabilities, and victim targeting associated with the Magecart cybercrime group. Flashpoint and Risk IQ partnered on a research paper called "Inside Magecart" that exposes the inner workings of the seven groups that make up this criminal collective. In this podcast, Vitali talks about the group's use of digital skimmers to steal payment card data, how the data is monetized on the Deep & Dark Web, and why it's important that security researchers collaborate on such initiatives. 

Software security expert Gary McGraw discusses the recently released Building Security In Maturity Model report. BSIMM 9 includes contributors from 120 enterprises worldwide, and is used a measurement tool to evaluate software security practices and identify trends in the practice. Gary also comments on the current state of supply chain security, how companies should be working with vendors on the transparency of software security provided by third parties. 

Flashpoint senior malware analyst Ronnie Tokazowski and Editorial Director Mike Mimoso discuss Ronnie being honored with the JD Falk Award for his work in getting the BEC List off the ground. The BEC List is a 530-member working group dedicated to stopping business email compromise attacks; to date, information from this group shared with law enforcement has led to more than 100 arrests and stopped millions in fraudulent wire transfers. 

In this episode of the Collective Intelligence Podcast, Harvard fellow and IBM Resilient CTO Bruce Schneier talks about his new book "Click Here to Kill Everybody." The book covers the risks around connecting everything to the internet and why regulation and learning from previous technological revolutions may be the only solution to a worsening problem. 

In this episode of the Collective Intelligence podcast, Ken Modeste, the director of cybersecurity and connected technologies at UL, explains how his organization is doing its part to explain these risks and establish cybersecurity standards for connected devices in order to ensure public safety.

In this episode of the Collective Intelligence Podcast, Matt Wixey of PwC talks about some research he’s done on what he calls ROSE, or Remote Online Social Engineering. The twist on ROSE is that it’s a long-term social engineering attack, almost a variant of catfishing, with the ultimate goal for an advanced attacker to compromise a targeted network. 

Billy Rios of WhiteScope LLC talks about medical device security, focusing on vulnerabilities in Medtronic implantable cardiac devices. At Black Hat, Rios and Jonathan Butts delivered a talk on vulnerabilities in pacemakers and insulin pumps. They also described how dealing with the manufacturer has been a challenge in remediating these vulnerabilities. 

MacOS security researcher Patrick Wardle talks about some recent MacOS firewall research he did into and discloses some of the architectural issues and resulting limitations present in both the native firewall and commercial products.  

In this episode of the Collective Intelligence podcast recorded at Black Hat, Chad Seaman, senior engineer on the security intelligence response team at Akamai, explains the importance of collaboration and sharing of threat intelligence, even among companies that compete for the same customers.

In this episode of the Collective Intelligence podcast, New York Times senior director of information security Runa Sandvik explains the importance of championing relationships with the Times’ newsroom and how important it is for her team to enable reporters and editors to do their job securely, protecting not only their sources, but in some cases, their physical safety as well.

Flashpoint Editorial Director Mike Mimoso talks to Flashpoint Senior Malware Analyst Ronnie Tokazowski about the first-year anniversary of the AlphaBay takedown. AlphaBay was the largest illicit market operating on the Deep & Dark Web (DDW) and it was shuttered on July 20, 2017 by Dutch law enforcement. Ronnie and Mike discuss the days leading up to the takedown and the impact since on the underground economy. 

Flashpoint Editorial Director Mike Mimoso talks to Director of Intelligence Asia-Pacific Jon Condra about the 2018 mid-year update to the Flashpoint Business Risk Intelligence Decision report. The report is a snapshot of the first six months of the year, covering trends and risk to business related to cybersecurity, the cybercrime criminal underground, geopolitics and disruptive threat actors. It helps security and risk professionals strategize and prioritize for the remainder of 2018.   

Flashpoint Editorial Director Mike Mimoso talks to Craig Williams, Director Talos Outreach for Cisco Talos, about the VPNFilter attacks. This state-sponsored attack infected more than 500,000 routers and network-attached storage devices in 54 countries, largely setting the stage for future targeted attacks primarily in Ukraine. The FBI, along with Cisco Talos' disclosure, put a significant dent in the VPNFilter operation by seizing a command-and-control domain associated with the attack. But infected devices are not out of the woods, and need to be updated, or at a minimum, rebooted. 

Flashpoint Editorial Director Mike Mimoso talks to director of research Vitali Kremez about the recent leak of the TreasureHunter point-of-sale malware and builder source code, as well as the MaxiDed bulletproof hosting provider takedown.  Both events figure to have some impact on cybercrime activity.  The TreasureHunter is somewhat unique because rarely is source code for the malware payload and configuration leaked alongside its builder. This could simplify matters somewhat for criminals on the underground who wish to build variants of TreasureHunter. Flashpoint worked in collaboration with Cisco Talos on this disclosure and Talos provided updated Snort rules and ClamAV signatures to the public.  The MaxiDed takedown puts a huge dent in the underground cybercrime infrastructure hosting world. Known for hosting numerous nefarious groups' infrastructure, including Carbanak and others, MaxiDed is an example of the need for continued international cooperation among law enforcement and private sector researchers

Flashpoint Editorial Director Mike Mimoso talks to Akamai CSO Andy Ellis about the company's zero-trust implementation, which treats every application, user and device as an external entity. This has been a multiyear process for Akamai, one of the world's largest content distribution networks. Andy and Mike talk about how Akamai moved its security controls away from traditional perimeter-based protection and how Akamai can see a day soon when its users will no longer need passwords to access corporate resources.