Cybersecurity: Amplified And Intensified

Episode 8 - Operating differently.

May 05, 2021 Shiva Maharaj/Eric Taylor
Cybersecurity: Amplified And Intensified
Episode 8 - Operating differently.
Chapters
Cybersecurity: Amplified And Intensified
Episode 8 - Operating differently.
May 05, 2021
Shiva Maharaj/Eric Taylor

Compliance based legislation and Solarwinds data restoration is just too slow. Incident response, Babuk ransomware group targets the FBI, CISA and the United States, another supply chain breach this time with Passwordstate,  Vendors' thirst for customer data will hold back progress with zero knowledge architecture.  Microsoft 365 should be backed up and all backups are not created equally. And yes, self attestation is worthless.

Eric Taylor
Twitter: barricadecyber
Youtube: barricade cyber solutions - YouTube
www.barricadecyber.com

Shiva Maharaj
Twitter: kontinuummsp
www.kontinuum.com 

Articles mentioned:

  1. Ransomware gang Babuk claims DC's Metropolitan Police was last caper – then goes dark | SC Media (scmagazine.com)
  2. Illinois Attorney General computer system breached early Saturday morning | State and Regional News | qctimes.com
  3. Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update | TechCrunch
  4. A ransomware gang made $260,000 in 5 days using the 7zip utility (bleepingcomputer.com)

BARRICADE CYBER
Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
IT support that's actually supportive.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Show Notes Transcript

Compliance based legislation and Solarwinds data restoration is just too slow. Incident response, Babuk ransomware group targets the FBI, CISA and the United States, another supply chain breach this time with Passwordstate,  Vendors' thirst for customer data will hold back progress with zero knowledge architecture.  Microsoft 365 should be backed up and all backups are not created equally. And yes, self attestation is worthless.

Eric Taylor
Twitter: barricadecyber
Youtube: barricade cyber solutions - YouTube
www.barricadecyber.com

Shiva Maharaj
Twitter: kontinuummsp
www.kontinuum.com 

Articles mentioned:

  1. Ransomware gang Babuk claims DC's Metropolitan Police was last caper – then goes dark | SC Media (scmagazine.com)
  2. Illinois Attorney General computer system breached early Saturday morning | State and Regional News | qctimes.com
  3. Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update | TechCrunch
  4. A ransomware gang made $260,000 in 5 days using the 7zip utility (bleepingcomputer.com)

BARRICADE CYBER
Ransomware Remediation Services, Incident Response and Penetration Testing.

KONTINUUM
IT support that's actually supportive.

FASTMAIL
Your data is for you, no one else. That includes your email, calendars, contacts, notes, and files!

Shiva Maharaj:

This is the cybersecurity amplified and intensified podcast. So what's on the docket for today?

Eric Taylor:

Shiva? It's been a long, long week. And there's so much to talk about. But so I mean, we'll, we'll try to touch on a couple things to kind of see where we go from. But I think on top of our list, we got really, you know, we want to talk about Babuk ransomware. We want to talk about DC cybersecurity, what we've learned so far about that, and what may be going on around that. If we have time, we can go into cute locker, and we can get into Darkseid and what they're doing with the stock market and see what else is out there about zero trust that we can touch about today.

Shiva Maharaj:

Sounds good. I will also wanted to discuss passwordstate and their supply chain breach, because what's a podcast these days without some cyber security supply chain failures?

Eric Taylor:

Well, take it away, start talking about some passwordstate.

Shiva Maharaj:

This so was a two weeks ago, passwordstate announced that their code was basically hijacked and turned into a rat, which gave the malicious actors the ability to go into on premise password state databases and pull out all of their passwords, where it got worse, well, and they have 29,000 companies that using them supposedly, where it gets worse is that the bad actors, once they were found out, they killed their command and control servers, and started sending phishing emails to customers to re install a further compromised copy of the software, even though password said issued a patch, what are your thoughts on that?

Eric Taylor:

So they sent a an email to registered users to do a re install? Was that correct?

Shiva Maharaj:

After a password state updated the code the software to remove any malicious actors to get back into the systems, the bad guys sent out the phishing emails, impersonating password state saying, Hey, here's our newest update, you need to install this to be safe when it's really just another version of the

Eric Taylor:

rat. You know that always? There's so many different ways that we can go into that. Because at that moment, who do you trust, you know, if you've got a company who's been compromised, and their update policy, or their update supply chain, is prompting you to update to potentially load even more rat or malware or monitoring or whatever it is, that's just spreading more malicious content inside of your network? And, you know, I mean, I know we keep harping about it, but this is solar winds just in a different channel, right? So it's just so, so so bad. I mean, we see IOC is around this stuff all the time, it's, you really got to know who to trust. And unfortunately, you know, this is really hindsight. 2020 Yeah, we should have known bla bla bla, but a lot of cybersecurity and you know, it msps whatever you go in thinking you can trust certain vendors, and then you get this type of shenanigans. And who do you trust, who know why, and you put, so when you're looking at password management, you're looking at documentation, you're looking at all these things.

Shiva Maharaj:

I think when you're looking at any piece of software or hardware these days, you need to look past the marketing fluff, the buzzwords and the jargon, you need to get a call with their seaso. And if their seaso doesn't have time for you, you shouldn't have any time for them.

Eric Taylor:

This is true, though. And when I say the CEO, folks, we're talking about the CFO, itself, chief information security officer. So if they can't have real security conversations with you and answer your questions, or at least I mean, we get a little lucky with some of the languages that we pull, we can get right to see social a lot of companies and have these conversations, but you've got to get out of the sales cycle united, you got to have these higher level conversations. It's more than, you know, hey, I have these MIDI devices, what's my price type playing? Or I have these many users? What's my price

Shiva Maharaj:

issue I see in our channel is that you got a lot of these liberal arts sales people trying to sell tech, you ask them technical question, oh, I'll get back to you on that. You never get an answer. But you get an email saying, Hey, are you ready to buy yet? Dude, come on, you owe me answers to my questions. And you can even provide that to me.

Eric Taylor:

Exactly. You know, we've had several demos with products and I would literally call up the company within a couple of hours because I

Shiva Maharaj:

found an exploit or I found this or I found that just to test what what they've done. And you did that on a demo with me and a platform. And this guy was selling CMM sequel clients and his product wasn't far from it. Yeah, I remember that. Yeah. I mean,

Eric Taylor:

yeah, when you start having this like, so a timeout sales guy, what, what do you think about this? And what do you think about that? I mean,

Shiva Maharaj:

you know, that goes back to my thought that a lot of these applications were built to secure your data, right? A lot of these applications were just built to get your money. And that's, that's the reality of the situation of application to boat in general.

Eric Taylor:

Exactly. You know, and it's, you know, we talked about it before, I'm not sure if it was actually on this show on our show or not, but, you know, definitely privately where it just seems like a lot of companies are doing the whole pump and dump, you know, they're building up a platform, whether it's hodgepodge and put together and, you know, like a flying gas can with enough fluff to make you feel like things are good. But it's really not, it's just don't know who to trust anymore. You know, and I've really been burned. You know, I'm a little jaded, I'm definitely not trying to get in a position where I start calling out vendors, even though I may want to hear before the end of this episode.

Shiva Maharaj:

I'm calling them out. I don't care,

Eric Taylor:

you know, so Okay, well, you know, we're

Shiva Maharaj:

not scholarly by anyone so we can give our opinion. You know, freedom of speech is still even a thing.

Eric Taylor:

Now, well, we're not on those other platforms. So

Shiva Maharaj:

we're self publishing means we can say what we want. Hmm. But what about zero trust? You know, I know you and I have an affinity for it and trying to see trying to get with vendors that actually do it. But there's no accountability for vendors who claim zero trust and worse there's no recourse against these vendors for failing to provide what they said they did.

Eric Taylor:

And here's one of the biggest problems How do you prove they have a zero trust or zero knowledge?

Shiva Maharaj:

Wait false or never pop them and put your info on their onion page?

Eric Taylor:

Yeah, exactly. Exactly. I mean, so we were actually I just recently you may need to make a correction because I think we said this on one of the last previous episodes that you know, I thought Darkside was Mia,

Shiva Maharaj:

everyone did you know Elisa was a krypter in January and I think they gave it maybe bitdefender one of these guys and now they are back double extortion ransom they are looking to short stocks they are you know that they're doing multi threading I mean these guys that are on a rampage

Eric Taylor:

Yeah, so what they were originally doing even when I was on their Darkseid league page I have here they had little pins right here. So they had a bunch of these guys you know pinned at the very top it was back in February. So if I scroll down here a little bit these guys right here were all part of you know we had swift real estate partners we have pain and fears that was part of their all these companies were pinned to the top for some reason Darkseid on their page was showing these guys as a higher priority for whatever reason I'm not sure why but you know they were definitely keeping these things pinned and underneath of him they were actually having a new releases like just last week they did small brands Inc. and Carolina Eastern where a lot of these manufacturing companies are getting you know, pot you know, we actually had a a Jew cases last week that came in from dark side. And on the top of their negotiation page where you find out how much Bitcoin you got to pay in our thing. They straight out do not like go where anymore.

Shiva Maharaj:

Wonder why. So

Eric Taylor:

I wondered why too. I've always heard of Cove where I've always heard of their existence in their reputation industry. And

Shiva Maharaj:

well, we owe a managed services provider that's pretty large out there. And by large, they've got over 25,000 endpoints under management. And one of their directors said they use covr all the time when their clients get popped, which I don't know what's scarier fact that their clients are always getting popped or I don't know. But anyway, sorry.

Eric Taylor:

So from my understanding Cove, where is a bunch of former FBI, former FBI guys and gals, and they literally will string Darkseid out as far as they can go until they can confirm that decryption has been made or not a delay. recovery has been made or whatever and they don't need that negotiation anymore. And you know, the day it's like, oh, well whatever be done. But in the truce art of ransomware remediation. I don't know how they got the find out. It was COVID, where, unless they were publicly saying, Hey, we're Cove where and FSU or because Darkseid does have the ability, where you can actually go in here to the press center, and actually register as a remain reading me remediation company. And you can supposedly get discounts or whatever. But you can better register as one of those type

Shiva Maharaj:

of companies and they're accelerating the recovery as well, really, they could be right up until the DOJ gets a hard on for that.

Eric Taylor:

So it's really, really interesting, you know, what Darkseid is doing? To the point that they are quite literally starting to use short stocks, they are getting to be able to say, Okay, well, we're gonna start doing this, we're gonna start doing that. And hey, insurance brokers before you, before we release it, just let you know, this is kind of what's going on this who are getting ready to drop,

Shiva Maharaj:

that's going to be the SEC is gonna have a lot of, it's gonna have a hard time halting trading and reeling back money that was made.

Eric Taylor:

And what's going to know there is going to be a real bad situation to deal with

Shiva Maharaj:

how active is Darkseid is this

Eric Taylor:

very active, very active.

Shiva Maharaj:

So what's going on in your neck of the woods with cue locker.

Eric Taylor:

So this is a ransomware that really came out of left field that really took a lot of people by surprise, a bunch of cue nap devices that were subject to vulnerabilities scout brute force, and then fully encrypted. So they use a program called seven zip, to go through find all the files in Jim put a password on them and hold it for about anywhere between 500 to $1,000 worth of Bitcoin. And the looks like these guys and gals went through an entire weekend. And at last count that I heard compromised over 7000 nazz devices. Wow.

Shiva Maharaj:

I saw for that they did about $260,000 in five or six days, about a whole

Eric Taylor:

lot about haul it all makes you kind of wonder why we're on this side of the fence sometimes. I joke in LA but it's interesting to see. See how subjective people really are and how fast a threat actor can really move?

Shiva Maharaj:

Well, if you consider what's on a NAS, it's usually people's music that they downloaded illegally anyway. And they need to keep because they don't want to go through the hassle again, and pictures. I can't imagine personal NASS devices having much of anything else on it.

Eric Taylor:

And most of it is for external storage for whatever, whatever, whether it's a Plex server, some multimedia function, or whatever. I mean, I don't even know if NAS does a really good for Yeah, pictures and home videos. I mean, whether you have a OneDrive or a G, I use a GL account. Yeah, Apple cloud. Yeah, they've got,

Shiva Maharaj:

oh, it's on all my devices and go to town share it easily with family. I don't know about you, but I've been on the iPhone for a long time and I see green bubbles for tax semesters. I'm like, I don't want to text you anymore. But I thought the snobbery.

Eric Taylor:

The snobbery? Yes.

Shiva Maharaj:

So did you take a look at the Babuk ransomware group and the washington dc police department as well as the Houston Rockets getting breached?

Eric Taylor:

No, actually, I haven't to be honest with you. It's been on my radar that I want to get caught up on but what do you know so far?

Shiva Maharaj:

So far, the Washington DC police department had about 250 gigabytes of data exfiltrated by Babuk. And as of about a week and a half ago, they were given three days to get in touch to arrange for payments, or the ransomware group was going to send the data to the gangs, which included confidential informants, undercover agents, and basically blowing up every single undercover operation they had going on. What's worse is that in their statement and their letter, it's a book made a direct shot against the FBI, CISA and the United States, which really leads me to believe this isn't about the money. This isn't about anything other than an attack on the hearts and minds of America to shake our faith in government and to shake our faith in law enforcement's ability to protect us. What are your thoughts?

Eric Taylor:

Well, yeah, it just really goes back to when this really goes to. Back to me thinking about the whole, the Ashley Madison debacle that happened several years ago. Some of the other match calm and some of the other ones that this is it. They use the cover of ransomware. But this is pure out fuckin extortion, no way about no two ways about it, right? I mean, it's either you pay, or we are not only just going to do your name and shame on our site, we're going to start reaching out to people and letting people know what the hell went on and really expose you.

Shiva Maharaj:

I think it goes deeper than that. I think this is about breaking our resolve as a nation, because a lot of these attackers are given safe haven and other protections by nation state APTs. So by getting into our police departments, they're showing us nothing is safe. You know, kinetic warfare was interesting, because you had to be face to face or you had to be able to be targeted by an aircraft, a missile launch system or something. These guys can literally be sitting in our neighbor's house launching attacks. You know, geoblocking doesn't work anymore. We saw that as evidence as it was with solar winds. You know, these guys are, dare I say these ransomware operators are more familiar with our compliance standards than those charged with enforcing them? What type of failure Do you think CJIS had here? And to be fair, I'm not saying let me rephrase that. I don't think CJIS failed. I think the implementation of CJIS controls by that department failed. And I'll give you one guess why?

Eric Taylor:

MFA or maybe not segmented networks?

Shiva Maharaj:

All of the above? I would assume, but more. So I think that is the problem you run into when you deal with self attestation. For compliances, this is true, I'm willing to bet they don't have the I'm willing to bet. The DC police department does not have the level of auditing and logging enabled, as prescribed by CJI

Eric Taylor:

When's the last time you actually heard of a true CJIS audit?

Shiva Maharaj:

I know a couple guys that do them. And they laugh because they enjoy the fact they collect the money for just a self attestation. And their excuses. Well, we do everything we can do. Local PD doesn't want to spend the money, so we can't do anything.

Eric Taylor:

But arent they supposed to be getting cut off from federal resources, when they don't do compliance properly,

Shiva Maharaj:

they are supposed to have their systems cut off from sieges. So no access to NCIC and other such things like that. But who's enforcing this? Are you going to let me ask you a question, what politician? Or what agency is going to knowingly cut off a local police department from being able to run background checks on people they stop in a traffic stop? That could potentially save a cop's life?

Eric Taylor:

I will not going to comment for that because I can go over political.

Shiva Maharaj:

I'm trying to keep political, you know, out of it. But in the sense like, are you going to put a one person in danger? By cutting off their access? Forget that theyre a cop forget everything that's going on in the newspapers? Are you going to risk that person going to harm's way?

Eric Taylor:

No, but no, why is this not more like the food restaurant industry to degree with deac, where you get a foodist spider comes inside of your building. They write you up on a couple of violations and they give you a certain amount of time to comply FDIC, I don't, I don't have any FDIC clients myself. But I know some security folks that are in that space. And from the stories that I've heard, they have the same thing. They have a compliancy window, you have to meet a certain you've got to resolve these things, or you're cut off.

Shiva Maharaj:

That's because of the fines involved. I don't think that you can have any fines in the CJIS world. I think you have the ability to get cut off and you go you fix it. They turn it back on, you probably get slapped on the wrist or spanked, but there's no real accountability. And there's no recourse from I think FBI is the one that oversees CJIS, if I'm not mistaken.

Eric Taylor:

I'm pretty sure.

Shiva Maharaj:

I it's abysmal. The state of CJIS secured system or seizures control systems, I think and the Florida public defender's were breached by ransomware earlier this month, and the Illinois Attorney General, their office was breached by ransomware this month. And there you go. It's right there. And there were data dumps. Are these CJIS failures? I don't know because they're public defenders, but I'm sure they have access to court systems and court systems are probably or should probably be under sieges. I would say I don't know.

Eric Taylor:

I think there's departments of the court system they're supposed to be under CJIS. Yes. I don't think the entire court system is under sieges.

Shiva Maharaj:

But I'm pretty sure the Illinois Attorney General systems would be CJIS related.

Eric Taylor:

Yeah.

Shiva Maharaj:

With what they prosecute but going deeper into Babuk. It's that direct shot that they made against the FBI CISA. And America. To me that just screams APT funding?

Eric Taylor:

Absolutely. Yeah, it's when are we going to get to a point in our country where people are going to actually start to start taking security? Seriously? I mean, if you think about your back in the good old days, right, our grandpa's are around, you know,

Shiva Maharaj:

are we talking about Pappy here? Near Pat.

Eric Taylor:

You can unlock your door or leave your door unlocked. Why'd you go do your errands in town? Right? You know, that whole we live in a country type of mindset. And, you know, people are blocks where they are just to keep honest people honest. But now it's more of a I think it's more of a complacency where it's the whole three monkeys mentality where See No Evil, Hear No Evil, speak no evil. When it comes to their own little world, they, unless it rocks them, they don't give a shit. And that's scary.

Shiva Maharaj:

I also think they don't give a shit. Because they've been desensitized. Every week, you have two or three major breaches. And people are saying, Okay, if the government can get popped with solar winds, who am I, if call secure, can get the government popped? Again? Who am I? If code code can get popped for code signing? Who am I? If password state can get popped by a supply chain and leak everyone's password again?

Eric Taylor:

Who am I? So Mimi cats, you know, I mean, we can go

Shiva Maharaj:

maybe cats has been blowing up since they destroyed email. But I'm just waiting for emotet part two, or some version of it to come about,

Eric Taylor:

oh, you just put that out in the universe? Thank you.

Shiva Maharaj:

It's what it's gonna be, you know, people are gonna say, No, no, no, they move faster than we do. And they move 1000 times faster than our legislation. So I don't see the point to saying we've always done it this way. Let's keep doing it that way. Because that's not going to be good for anyone. Well, there's

Eric Taylor:

a definition of insanity.

Shiva Maharaj:

There's a lot of insanity out there, man. tremendous amounts of insanity.

Eric Taylor:

Yep. just crazy. It really, really is about where we are, you know, it does. You know, I know we be I don't want it to be all doom and gloom and everything like that. And you know, ransomware this ransomware that, but I just, I really worry about people. And I really worry about the businesses. Yeah, you take the cybersecurity things that have been going on Plus, you know, just the whole political garbage around COVID. We know whether you're there or you're out of the office, you know, and people are employed, people are unemployed. And, you know, the whole the way the world is so upside down. No, everybody is so divided. Now, more than anything else, I think it's really easy to really drive a wedge into companies using the tactics like this, you know, you're well, you're

Shiva Maharaj:

you're on the incident response side. I mean, that's where you've transitioned to that's where you spend most of your time. What's the uptick in your business? Like, without getting into specifics? Of course, but yeah. Are you busy? Are you not busy?

Eric Taylor:

I'm turning away work. I have to refer work out right now. Exactly. That busy?

Shiva Maharaj:

And are you busier now than you were 12 months ago?

Eric Taylor:

Yes. No, I would not turn away work. 12 months ago, I would be able to make it work in our time schedule, and move heaven and earth. But I just don't mean just to get this podcast put together. We had to balance the schedules around a little bit, right. So things are, these are crazy.

Shiva Maharaj:

Things are crazy, because there's so many companies and so many providers out there that play off each other's synergy to not do the right thing in terms of setting up a good security baseline.

Eric Taylor:

Yeah, you've I mean, even in the IT MSP space, you know, we make comments about it all the time about the whole piece of tech and all that stuff. But how many people are in these Facebook groups? Like, Hey, I'm just starting out what should my stack be? What should I be doing? Really? No. How about go work for a company for a couple of years and see what they're doing.

Shiva Maharaj:

But they don't have to because they can go buy a laptop, go to solar winds connectwise data, any number of vendors and say hey, here's my $50 sell me something. And now they're an MSP itsp TSP whatever acronym we're using these days, and they're an IT provider.

Eric Taylor:

Sad, really, really sad.

Shiva Maharaj:

You know, you have companies out there who have no concept of what needs to be done. For incident response? I mean, you know this better than most, how many msps? Have you seen completely butcher the IR? By rebooting VMs, not copying, not cloning. What's in memory makes your job near impossible.

Eric Taylor:

If there hasn't been pre proper logging set up beforehand, and devices have been rebooted, there's no memory frame. If you set up logging and auditing after the fact, you're okay, with not only snake oil are you talking about here? That only works in Microsoft 365.

Shiva Maharaj:

But how many people actually have auditing in your IR? How many people have auditing turned on on their 365 tenancy,

Eric Taylor:

even in 365? Less than 10%?

Shiva Maharaj:

And how many of those people are backing up their 365 tenants?

Eric Taylor:

Almost none.

Shiva Maharaj:

That's my biggest concern. Everyone thinks Microsoft is backing it up. Okay, I'm sure they are. There's redundancies built in? What happens if 365 shits the bed? and can't come back up? Where are your emails? Where are your contracts? Where's everything you saved? In that Microsoft Azure 365? environment?

Eric Taylor:

You know, exactly. And, you know, we've had this conversation, where I like to scare some of our, you know, inner circle folks, you know, whether you are with labtech, or now connectwise, sorry, old lab tech guy, but, you know, if you're here with ninja or synchro, or data or whatever, what happens if their data center blows up? I mean, granted, they're down, you can limp along, and you'll be okay for a couple hours. But what happens if you're down for 12 to 24 hours, but about your password management,

Shiva Maharaj:

you go on to Reddit, you certain bitch and complain, but that doesn't get your work done? No, but that's what the MSP will do, naturally.

Eric Taylor:

But you know, that there's got to be a local repository, you've got to be able to a way to be able to pivot and do what you got to do, you know, and that, you know, I know, I went a little squirrely for a little bit and just took the conversation complete left hand turn, it's like, do you know, to kind of circle backs, like, you got to have those, you got to have that login, you got to have that redundancy. If something happens, you know, what's going on? What is your What is your, you know, incident response. And we're not just talking about cybersecurity, I mean, expanded out more. But what if I went over there and cut the cable lines coming into your building is going to take Comcast Cox, whoever your cable provider is to come up and repair it a day or two, you have failover backup? What if I come over there and pull out, throw your main breaker on your building? And just shut your business down?

Shiva Maharaj:

Well, let's take that another step further, of all the IR you do? How many companies actually have backups that you can rely on to bring them back?

Eric Taylor:

Some of them have some form of backup? Now, my definition account my definition of reliable is going to be different than others. You know, a reliable backup means that I can get any and all pieces of my data in under 24 hours, maybe 48. But the I'm gonna throw a little shade here. We've got one that's going on right now in California that they use solar winds backup for their exchange. Timeout, don't say anything bad about exchange, we won't go there.

Shiva Maharaj:

But is it solar winds? Or is it enable backup at this myth? solar

Eric Taylor:

myth, solar winds backup? Well, I guess it's now enabled, but

Shiva Maharaj:

okay, for

Eric Taylor:

just their exchange database. They have just under a terabyte of data, two data stores, and roughly 300 employees. It's a wild guess how long it's gonna take to download that data?

Shiva Maharaj:

Three days, four days, two and a half fucking weeks. Where's I'm sorry. And it's stored at the solar wind slash enable data centers? Huh? Is it on prem exchange? Okay, so you don't have a limitation of the 365 restore?

Eric Taylor:

Oh, wow. And if the Enable be happy to put it on an external drive for you, and ship it to you, for a low low cost of 13 $100 plus shipping?

Shiva Maharaj:

Oh, plus shipping

Eric Taylor:

plus shipping? You don't even get the courtesy of overnight,

Shiva Maharaj:

are they going to encrypt it? Or they're just leaving it on encrypted? I don't know. And solar winds at its best. But that goes into another conversation that we should touch on RPO and RTO. You know what time frame is solar winds enable or whatever their inclination is. What are they selling to people? Because you and I have no msps love buying on price? No, they're getting these dirt cheap quotes for what? a two week restoration time.

Eric Taylor:

Exactly. Yeah, there's, when I had this conversation with them, I flat out asked him, I said, Okay, you've got this much data. When's the last time you try to do a disaster recovery? Never really, you know, you've had this solution in place for how long? About two years? Okay. This is your own fault.

Shiva Maharaj:

I take it that never tested the date, the backups are there.

Eric Taylor:

Nope. So we don't even know if it's good. They're still downloading

Shiva Maharaj:

data. And this is, okay. So they can do a restore, that's corrupted. And never boots, or an exchange, mailbox restore, that doesn't

Eric Taylor:

work. So you may be talking to me around Wednesday, and I make become bored, because I'm just over here just going.

Shiva Maharaj:

So what's the alternative here? What do you do in a case like this? Do you just get up and running with your preferred solutions that you've tested that you've vetted and, you know, reliable within these parameters?

Eric Taylor:

Yeah, that's exactly what we're gonna have to have the conversation about later today or tomorrow, it's like, Look, you're going to have to go to the solutions. You've been out of email for two weeks now, roughly, because they were down for about a week before they got in touch with us through a third party. And, you know, we started going in last week with another incident response team that does a lot of the containment and stuff like that, and they got to get something out of you can just keep having your clients email you to your personal Gmail accounts.

Shiva Maharaj:

Well, have they considered setting up a new server to get incoming mail, some kind of email security gateway that will give them that, you know, business continuity Email Setup?

Eric Taylor:

You if they had any more physical boxes? They would do it?

Shiva Maharaj:

You know, who's got a physical box in a virtual manner? Google and Microsoft? I mean, you could I mean, not you, but they can literally have something spun up within a couple hours to at least continue mail flow and communication.

Eric Taylor:

Yep, do something.

Shiva Maharaj:

Now, here's an interesting question for you. Can you restore that on premise exchange data with solar winds to Microsoft 365?

Eric Taylor:

Not with their current setup now? Interesting, because it was file system backup, there was not VM or cloud or system state or anything.

Shiva Maharaj:

So it's a bare metal?

Eric Taylor:

Nothing bare metal. It's, I want this folder, this folder, this folder, this folder, this folder, file system backup, Oh, wow.

Shiva Maharaj:

I really want you to write a book about this kind of shit. So it would be fantastic and entertaining.

Eric Taylor:

I don't know if I could do a book or not to be more of these videos.

Shiva Maharaj:

It has. I think it would have to be a fictionalized ish type of book for legal purposes.

Eric Taylor:

Oh, absolutely. Now, what is even this one, I'm teetering on attorney client privilege. I just felt like, I should be saying that.

Shiva Maharaj:

What? Well, you're not giving anything identifiable about this band of idiots. What was their it? department like internal outsourced?

Eric Taylor:

all internal. To the best of my knowledge. I think they may have had an external, helping them out with doing some things. Okay. But it wasn't like a code management situation. I think it was just on all a cart. Hey, come and help us do this. Hey, come in and help us do that type of thing.

Shiva Maharaj:

How big is the internal team? It's under 10. Okay, and over 50 over 100

Eric Taylor:

user over 100 Yeah, definitely. Okay.

Shiva Maharaj:

So they're big enough to have used actual solutions and not some janky hodgepodge of bullshit that they probably did. Yes. Okay. So what's the next steps for them? Are you going to just rip and replace it and say, listen, assholes do what my wife

Eric Taylor:

once our partner gets done with assessing the containment side of things, okay, then they just because of the nature of the claim that how big they are and how overstretch we definitely wanted to use an outside vendor that we are comfortable with to help us do the containment side even though we can do it. But like I said, they got a little bit more resources and they're a little bit of a heavy hitter. But once they once we get the handle from the containment and their recommendations, which I'm pretty sure I already know what's going to come back with just remark experience. But then yeah, it's going to be nuke pave redo.

Shiva Maharaj:

Gotcha. So is this where you go in with a whole new cybersecurity posture for them? What's that going to look like? You know, not not vendor wise, but feature wise

Eric Taylor:

It's good to be with these particular folks, I, I will definitely be doing anything compliant with the NIST, NIST 800, maybe dot 53 or 50, or whatever. I mean, they don't need the full cmmc. But you know, definitely, you know, disaster recovery that's been tested every six months that they got proper to fa, they got proper firewalls that when you're licensed with IDs and IPS, you're actually have them turned on,

Shiva Maharaj:

which is somebody licensed does not automatically turn it on

Eric Taylor:

that you think. But no, that's my boss bought the frickin license.

Shiva Maharaj:

I bought the gas for the car, I didn't know you had to

Eric Taylor:

put it into not gonna start the damn thing. What the hell's wrong with this? That actually reminds me of a joke, I got a little squirrel on, I seen a video where a dude had a generator in the back of his car, they would put gas in the generator to charge up the Tesla car. You were driving. It was just like,

Shiva Maharaj:

man, yeah, long enough, you get to see everything. So what are your thoughts on cybersecurity actually being flexible?

Eric Taylor:

It does need to be flexible, right? There is a line where productivity and security have to meet, right? I can't, I can't go into a construction company. You know, those who know me, I did electrical on AutoCAD stuff for many, many years. But when the AutoCAD I was getting ready to do electrical engineering, but I was a Sparky for many, many years. But you can't go into any trades company and start dictating that everybody has MFA. You can't dictate that everybody's got biometric,

Shiva Maharaj:

I would like to differ. I walk into my plumbers, my electricians, my contractors. And they get the same type of security as my hedge funds. And they say thank you, because that's what I'm selling. Now,

Eric Taylor:

those are rare contractors.

Shiva Maharaj:

These are, these are guys who do big business and understand the value of it, and the role it plays and having them make more money.

Eric Taylor:

There is a big key right there. That's the other flip side of the coin. You know, you go to a general contractor, that's a custom home builder may do 20 homes a year, just because he's custom home doing in a risky part of town. And to have a lifestyle business, that's all you need to do. Yeah, you're not gonna impose all those things on the type of individual.

Shiva Maharaj:

You know, that's where, so for me, that's where managed services and time and material really come into play my business, when I go to someone, I try to offer them the managed services side, because it's profitable for me, and it's good for them. And if they can't see that value, I will not discount my rates or play, you know, let's make a deal. I'll tell them flat out, I'll sell you what you want. And I'll charge you I'll do TNM for everything else, because I can't put them on a managed plan if it's not going to be my way. But this brings me to an interesting thought exercise I'd like to do with you maybe one day, why don't we build our own compliancy I need beer. We can do that. We I think there are services that allow you to deliver beer across state lines. Or I'll call someone local to you and say, Hey, you know, take it for Eric

Eric Taylor:

does right here.

Shiva Maharaj:

I don't know if they allow it to be put into IVs. But you know, we can figure it out. Okay, expanse, but what I want to do is I want to build a compliancy that is an amalgamation of this shit show and dumpster fire that is HIPAA, sieges, NIST 801 71 cmmc. But I want to make different levels. So if you are, if you need, depending on what you need is what level you would be. And then we can map those compliances to the other ones or the controls. So it's not that we're actually reinventing the wheel. I think we're just reorganizing it

Eric Taylor:

to match our Pacific our particular client base. Yeah, well, I think that we're really gonna go with into the cmmc different levels. Level One and two. Yeah, I mean, that's the look that's below even a pizza tech.

Shiva Maharaj:

Do you do you really think anyone in the defense industrial base should be a level one or level two? No. God now, not with the threats that we're seeing right now. I mean, you posted something over the weekend at our pipe, private slack that just triggered me. And that was the the inflation that we see coming. It's the next years at least is going to be interesting to see. Man I think we're already starting to see the reason precautions we were seeing. I don't know about you, but it's hard to get laptops, it's hard to get desktops. vendors are putting limits on how many we can order in a three month or one month span. So what happens if a large client comes up on a hardware refresh cycle? Are we supposed to order five at a time for the next 10 years?

Eric Taylor:

I think I honestly think so we're going to have to start carrying stock

Shiva Maharaj:

that I got into this business, I don't have to carry stock.

Eric Taylor:

I mean, you got CPU mining, for Mineiro, you've got GPU mining, everybody is trying to get including myself just to be transparent. Yeah, trying to get that last bit of aetherium mining that you can get. Now, there's the one of the torrent sites, I can't remember who was the Pirate Bay or one of them. But they're coming out with a cryptocurrency miner for hard drives, or they have one of the two. And that's getting to start to come out. So whatever. I mean, just without your freaking computer and start mining, doing whatever you want to do. I've seen video cards create a high demand in the marketplace for computers,

Shiva Maharaj:

because people are just buying it for the cards, cannibalizing. And now you're putting it back onto the eBay or whatever the sales processes. So that's going to last for at least next couple of years, I think. So what else?

Eric Taylor:

I think that's it for the day. I mean, we got a lot talked about I know we got a lot in the pipe to talk about potentially later this week. And I think it'd be some good conversations coming up here. Sam, you want to

Shiva Maharaj:

take us up?

Eric Taylor:

Sounds good. Go for it. Well, thanks again, everybody for tuning in for another podcast. hope you did enjoy it. Please, please, please. If you like it, please share it with somebody that you know you love that you're concerned about their security. Please LIKE subscribe, tune in every week as we are trying to build awareness and hopefully make you laugh a little bit with our banter. Until next time, enjoy your week.

Shiva Maharaj:

Thank you. Thanks again for joining us for the cybersecurity amplified and intensified podcast.