Cybersecurity: Amplified And Intensified

Escalate, Exfiltrate & Encrypt - Round 10

October 08, 2021 Shiva Maharaj/Eric Taylor/Steve Taylor
Cybersecurity: Amplified And Intensified
Escalate, Exfiltrate & Encrypt - Round 10
Show Notes Transcript

Steve Taylor runs an MSP while podcasting at The RocketMSP Podcast with new episodes being released weekly. The RocketMSP podcast interviews great guests from around the industry while having some fun along the way! You can also find Steve in the RocketMSP peer community, coaching MSP business owners through changes to operate a more successful company.
https://www.rocketmsp.io 

These will be quick. We dive into questions and articles submitted from listeners and/or evolving incidents.

  1. https://www.cyberscoop.com/fin12-mandiant-hospitals-300-million/
  2. https://therecord.media/nsa-chief-predicts-u-s-will-face-ransomware-every-single-day-for-years-to-come
  3. https://www.nextgov.com/cybersecurity/2021/10/national-cyber-adviser-lays-out-goals-upcoming-30-nation-meeting-ransomware/185867/
  4. https://thehackernews.com/2021/10/us-justice-dept-launches-civil-cyber.html

Eric Taylor
https://www.linkedin.com/in/ransomware/
https://twitter.com/barricadecyber
https://www.barricadecyber.com

Shiva Maharaj
https://www.linkedin.com/in/shivamaharaj
https://twitter.com/kontinuummsp
https://www.kontinuum.com/

Eric Taylor:

Here we go. mofos

Shiva Maharaj:

Good morning Welcome to another episode of escalate exfiltrate and encrypt with Eric Taylor myself Shiva Maharaj. Today we have Steve Taylor. No relation to the Eric Taylor SOC. Steve Scott. Oh, man.

Steve Taylor:

Oh, I'm just coming back from hiatus myself. How's everything going on around

Shiva Maharaj:

hiatus the the passport to get there and the vaccine? And no,

Steve Taylor:

no, we're not gonna we're not gonna have to talk about that, thankfully.

Shiva Maharaj:

Okay. Just Say No, Steve has a podcast, rocket MSSP podcast and he's got some interesting vendors that come on there. And we've known Steve for quite a while so we figured hey, piss and vinegar show. Let's bring it on.

Steve Taylor:

Let's do this.

Eric Taylor:

So as your as your podcast been taken over by malicious people recently?

Steve Taylor:

Not that I'm aware of.

Eric Taylor:

Well, good thing you said. Here we go. I'm just kidding. I haven't done anything recently.

Steve Taylor:

That's good.

Shiva Maharaj:

What are we kicking it off with today, Eric?

Eric Taylor:

Oh, man, let's just talk about ransomware. Cuz I mean, we always talk about ransomware. It seems like right, though. I liked the name. Yeah. Finn 12 strikes hospitals moving quickly against a big targets. So these guys clearly are saying, EFF you. We don't care. We are not taking the stance of other cyber or other ransomware groups. And we're going to target whoever the hell we want to as long as we're getting paid. It's pretty much the point of this whole by other groups, everything and other cubicles. Yeah, yeah, you know, we've had that discussion before that ransomware all the ransomware actors are in one big building, they just changed your cubicle. Look, pod location. So yeah, it's no, this really goes into the face of Biden, you know, wage trying to do with these 30 nations and everything like that. So

Shiva Maharaj:

it did you see there was a article that came out recently, I think it might be the last article on your toolbar on your web bar up there, that is a representative from New York represented from Virginia are looking to identify what critical infrastructure is, and also get them to the front of line for resources.

Eric Taylor:

Yeah, this really rubs me the wrong way. You brought this up post or pre show where they're like, hey, let's identify what in the world is critical infrastructure, then CMMC? already do that sort of know, if you fall under CMMC? Or

Shiva Maharaj:

CMMC? is for the drB? I think that's critical. I would I would Well, yeah, that's one off right. I would say pipelines, waters,

Steve Taylor:

and but isn't CMMC more or less saying, here's what you an American company should be looking at to protect. Whereas this, this top 16 is being shared with Putin and saying, these things aren't tolerated hands off, don't do this kind of stuff, where CMMC is telling you how to protect these Steadicam. 16 critical.

Shiva Maharaj:

Now CMMC is meant for the defense industrial base. So if you're going to be doing business with the D o t, you should probably fall into levels one through five depending on where you are in the supply chain. So it's more controls, hopefully, that would lead to security. But we know better than that. That's not going to happen. But I'm happy you brought up those 16 piece of infrastructure. We had john wetzel on here a couple months ago from recorded future. And he mentioned that Russia once came to us and said, Hey, you know, let's carve out these types of infrastructure to not attack Should we go into cyber warfare. And we rejected that notion, because back then we thought, you know, we just be handicapping ourselves. So I'd like to know if there's any overlap on that 16 and the one that came about from the Russians many years ago,

Eric Taylor:

I just want to say, one important thing I keeps re re entering this thing. But yeah, what are you going to trust hackers and other malicious criminals to actually hold up their end of the deal site? I'm going to come we're going to come in and Rob all of y'all, but we're not going to shoot you.

Steve Taylor:

Yeah, I was. I was just gonna say this is this is the equivalent to, you know, the the school bully, saying, I'm only going to take your lunch money on Wednesdays.

Shiva Maharaj:

So the Wednesday will be the safest day, potentially. Well,

Steve Taylor:

I mean, the school bully took my lunch money on Monday through Friday, and sometimes Saturday, too. So I mean, I don't know about you guys, but I didn't really hold much value to what that's all that's all he would say. That's

Shiva Maharaj:

why you should just punch them in the nose, which is what we should probably be doing. Metaphorically. cybercom. We absolutely should

Steve Taylor:

and, and here's where here's where it gets tough, because it's, it is really difficult for us, I think, as a nation to know. All right, so let's say Finn 12 to speak Russian. So they're probably in Russia, or they just are near Russia. So they're, they're fluent in it, right? That doesn't mean that they are working for the government in Russia or that or that Putin has His hands in that, right? We don't know, who'd rides

Eric Taylor:

in bear back on a horse without a shirt, he knows everything. All right, all right, driving women wild across the globe, clearly.

Steve Taylor:

So fun But seriously, like, we can't assume that Putin is is necessarily like involved with this or that or that it's a government or state sponsored attack.

Eric Taylor:

I would say, Putin may not know about a lot of directs things directly, but I would clearly say that they are clearly taking a stance of, you know, we know what's going on, but we're really not getting involved here.

Shiva Maharaj:

Well, from their, from their standpoint, if this is happening, and it's not affecting them adversely, why would they get involved to say stop this?

Eric Taylor:

Exactly.

Steve Taylor:

But isn't it affecting them? I mean, aren't aren't we coming back and you know, hitting them with fines or just making things harder for Russia as what what can as the US but as as a global effort, are we coming back and saying, you know, maybe we're going to move on? We're gonna tax you guys extra for anything that you're exporting. Okay,

Eric Taylor:

so we're gonna have a three way shit show. Here we go. Let's see. Are we? Are we taxing Russia? Yeah, no, we just open up the fucking pipeline for them.

Shiva Maharaj:

Well, the last line. The last time we tried sanctioning Russia, we sanction one of their oligarchs and his aluminum Empire. What happened to us price of aluminum skyrocketed. Yeah, it hurt us. Over the summer, we sanctioned a Chinese solar panel manufacturer, what happened reduced supply, increased prices, we found ourself, Russia is not the USSR, it was back in the 80s and 90s. They have their oligarchs, they have invested heavily into natural resources around the world and they are a part of the global economy that we cannot ostracize them anymore. Whereas What are we putting into the global economy other than the credit worthiness, credit worthiness of our dollar? Well, I

Eric Taylor:

know we have young girls working their ass on Tick tock, I failed to see what's wrong with that, but that's what that's what we contribute. To be fair, I

Shiva Maharaj:

think we have people from all over the world shaking our heads on Tick Tock

Steve Taylor:

Okay, so America is very much a consumer driven nation these days. And everything's as a service these days, you know, you got everything from doordash to whatever else where we literally, our entire nation has become lazy if you're going to look at it like that. And we just expect everyone else to do everything for us. So what can America do to protect itself from from all of these foreign attacks, should we as a nation consider I don't know blocking all of the internet from you know, Russia and

Shiva Maharaj:

China that's that's not going to work because they just spit up an Azure or AWS instance and they're geo located within the United States as we saw with solar ones

Steve Taylor:

Okay, so and here's where you know i i watched the movie hackers but I never really understood hacking hack the planet right so

Unknown:

once I eat a car video now let's let's say we

Steve Taylor:

as as America, okay, I'm not gonna kind of worry about the rest of the world. Let's say we cut off all all access from Russia. So how do they spend something up in AWS? If they can't get to it?

Eric Taylor:

Microsoft doesn't care they'll spin it up where they want to they got us this data we need to geolocate all of our stuff for redundancy and Microsoft and Amazon like okay, makes sense.

Shiva Maharaj:

Okay, they go to Ukraine, they go to England they go to France they come here I mean, I think it's very my open to think that they they operate only from Russia. I don't think geoblocking is I think geo blocking is like MFA it should just be done but by no means is that the end all be all of security.

Eric Taylor:

geo blocking would definitely slow the quote unquote script kiddies and the folks who just doesn't know what's going on down but we'll start

Steve Taylor:

with it. When is slow down the people that are you know, purchasing that ransomware as a service

Shiva Maharaj:

type stuff they'll find their way then yeah, it's all i guess

Steve Taylor:

i guess you know, you said script kiddies I think of the people that are just, yeah, I'm gonna, I'm gonna run some ransomware as a service, see what kind of money I can make. They probably aren't as adept at, you know, figuring out all of this stuff as somebody more like Finn 12 or it seems like these guys actually know what the hell they're doing.

Eric Taylor:

I mean, that's yet to be seen but you know, I auntie and some of the other ransomware groups that do the ransomware as a service arise. They have an entire playbook that we've you know, unless our sound like Dave Sobel but we had a video about that. They they lay out exactly how to exfiltrate How to Get lateral movement inside a network things of that nature,

Shiva Maharaj:

well, as well as not even exfiltrating. They're just going straight for the encryption and relying on you to pay them because it's faster to decrypt than it is to restore

Eric Taylor:

you a lie in there, though some of those too, even though some of the decryptors are very aware of very poorly made, they still work faster than these cloud restoration products. It's I think

Shiva Maharaj:

they throttle the restoration to make people understand how important it is to pay it's all part of the business plan and their slps and ttps. But what I think is really interesting here is I think it was this week or maybe last week, General Mattis on heads cybercom, I believe and head of the NSA said we're going to be facing ransomware attacks every single day. When asked what what does he think the outlook for the next five years is going to be? And he also said he pivoted his mind from saying the FBI has to handle this as a criminal enterprise and this is now nation state infrastructure attached attacks that NSA should probably be defending against. And my biggest issue with security has always been broken into two fundamental issues the it practitioner and the person selling him or her the tools because it's RC yet something say No, go ahead. Fernanda. I want to blame for lack of better words, the software providers because they will sell a product to anyone they don't care. They're not training them. They're not making sure these people go through the best practices, how to set these things up.

Steve Taylor:

It's like another room up,

Shiva Maharaj:

take a Wi Fi go to town on it.

Steve Taylor:

So you know that all of this it just really pisses me off I'm not gonna lie like the fact that other people think it's okay to just do this to each other like I think that's my biggest frustration like I don't even care about you know, the lines of the nations and all that just like why can't we as people treat each other better?

Shiva Maharaj:

Because everything is zero sum for you to win Someone has to lose Yeah, that doesn't sound right though. But it's not I think that you have to get past what is right and wrong understand what is and then you can strive to go for what is right or wrong.

Eric Taylor:

So Steve, we're gonna take this a little personally because and I don't mean this to be as a dig to you or anything like that because also kind of the same boat but we don't live in a Jesus Christ world where everybody abides by the Bible and for those who don't know me as beaver both yoke Baptists and all this other stuff so you know, you can't expect everybody to live by the 10 commandments. They are going to you know, if you just put up a sign no hacking year it doesn't stop it we seen that case in point of gun free zones, they're still shootings in fucking gun free zones, just because criminals are gonna do what criminals do

Steve Taylor:

so so I would send you guys in the chat here. Yep, try this one weird trick Russian hackers hate and I gotta say like that, that title makes me cringe but I think this is a short sighted article I just want to preface that okay. So this is basically saying you know, the companies out there like dark side are evil etc If you say that your copy of Windows is installed in one of the Eastern Bloc countries or in Russia then they basically have a hard coded to not attack you but wouldn't it be safe to say that there are you know, red teams blue teams whatever here in America or Canada or wherever else where you know if you say you're you're installed in Russia now those other things are going to go and attack you

Eric Taylor:

was the I want to bring up this thing for those who are actually you know, watching this on YouTube but I'll read this out for the people on the podcast Darkseid clearly states Our goal is to make money and not create problems for society.

Steve Taylor:

But how we how no that's that's not true because they're literally creating problems for society by just by doing this sir screwing up inflation of dollars they're screwing up insurance costs. They're causing pro let's

Shiva Maharaj:

not let's not let's not give insurance a free pass here considering cyber insurance was nothing more than a money grab from them from the from day one, because insurance is not going to sell a product unless they're gonna come net positive on it. Or net for breakeven where they can make their money on the arbitrage of the overnight interest for the policies.

Eric Taylor:

Be let's just be clear, the federal government's doing a fantastic fucking job screwing up the insurance companies as it is already. Let's just lay that one in the center in affordable health care my ass.

Shiva Maharaj:

That's

Steve Taylor:

formal for some All right, so totally different podcast

Shiva Maharaj:

for that. Yeah,

Eric Taylor:

that's why I didn't go any further than that. I just let that pull up that political doorstep. Alright, anyway,

Steve Taylor:

so I guess I guess my point is what I what I bring up this, you know, it's a krebsonsecurity article, try this one weird trick Russian hackers hate. That just seems so short sighted because all you're doing is opening yourself up to hackers that are attacking Russians.

Shiva Maharaj:

That's only China. But anyway, how long? The one thing I will say about all these ransomware groups is they're smart, they adapt and overcome very quickly, far quicker than we do here. And if I'm sure Krebs is on their radar, if they saw this article within a week, I could almost, I would almost bet my life to say they adapted their ttps to compensate for this.

Steve Taylor:

Oh, and this article is from May, so I'm sure everything's changed

Shiva Maharaj:

now. Exactly. Yeah, there's what we like on this side of the grunge meridian are band aids. If we really wanted to talk about security, you would make the software vendors here review each other without getting politically charged here. When a medical research papers put out its review reviewed by their peers, you have the opportunity to shred it to shit, put it up on a pedestal, do whatever you want. But there are real reviews into that. But software hides behind copyright laws and proprietary bullshit because we don't want to give our secret sauce out to anyone. And you have vendors out there with 35 year old code and dependencies tied to GitHub repositories with SolarWinds 123 as the credential? Well,

Steve Taylor:

I would hope that the major vendors, at least in the MSP space, have learned something from because they had winds and Kaseya.

Shiva Maharaj:

I don't blame solar winds, not to cut you off solar winds with a very elegant hack with lots of patients planning. And it didn't affect their MSP platform. Supposedly it was just a Ryan because that's where that's the product that's in many governments institutions. Right. But that's a different kind of hack. Because SEO was negligence, in my opinion, fact that they just did not notify their on premise partners of a vulnerability that was responsible to disclose to them.

Steve Taylor:

I thought they did. No,

Shiva Maharaj:

no, no, not not until after everyone got popped on July 2, they mitigated their SAS platform with a laugh

Steve Taylor:

Kaseya my my understanding is, as soon as they realized what was about to go down, they only had like an hour left. They notified partners But

Shiva Maharaj:

no, they notified partners when they saw shit getting pumped. Yeah, well, when they were told by their partners, they were getting popped. I know that incident started at around 910 o'clock in the morning and Kaseya did not put out that notice till about two or 230 Eastern Daylight Time.

Eric Taylor:

Yeah, the first day. They didn't even say what was going on. They just advise everybody to shut down servers, which was a woman in that sense, but they they didn't come out until days later and probably by the direction of the FBI, say you know, a Foot Guards, but you know,

Shiva Maharaj:

I hope they call them more than fuck tards. Honestly, dude, I

Eric Taylor:

wish I really hope they sanction them somehow

Shiva Maharaj:

no nothing Why? According to my SEO rep if ESA is used by the Air Force, so God help us all if that's the case, but the use by the space Force No, no, no, no, no, no,

Eric Taylor:

no to the moon. Anyway, yeah. So ransomware to get back on topic a little bit I don't remember if it was dark side or Conti or evil or whichever one it was, but they specifically target companies in the US they do full in map scans of US territory IP subnets they do this on purpose because us has the most capital to actually spend on ransomware recoveries. Why don't you see a lot of the information coming out about South Africa? Because they're broke as shit?

Shiva Maharaj:

No, not because they're not because they're broke as shit. Think about it. Who owns most of the mines? Or the rights the most of the mines in South Africa? Well, now China and Russia now so why are you going to shit in your backyard? Because they don't own all of it yet? Yeah, but still, they don't want to muddy their waters or make their waters of tea shitty,

Eric Taylor:

maybe so but even before China really got their hands in there. I mean, Steve, are

Shiva Maharaj:

you still doing it? Are you more on the website thing?

Steve Taylor:

I'm more on the podcast side.

Shiva Maharaj:

Okay, so do you still do any it?

Steve Taylor:

I have a couple of clients I take care of

Shiva Maharaj:

what is your now let me let me phrase rephrase the question. Sorry. Are you just doing standard help desk or are you doing MSP which is what I consider Help Desk plus security?

Steve Taylor:

I'm doing standard help desk for some clients. Okay. I have gotten them in touch with the appropriate vendors for actually the appropriate vendors are some like MSSP is like

Shiva Maharaj:

you can name and shit and you can name a little shaman or I don't

Eric Taylor:

I can tell you it's not them barricade cyber calm this that's good enough.

Shiva Maharaj:

That's kind of that's kind of fucked up, dude.

Steve Taylor:

Thanks. Not has not been barricade cyber, they can't afford you.

Eric Taylor:

How do you know what they can afford? And how do you know what my rates are? why cuz

Steve Taylor:

I don't even know what you do besides, you know, hack people's subdomains.

Shiva Maharaj:

That's not really that's not hacking. That's just enlightening people on their bad habits. Now the reason I, the reason I asked the question that way is I think somewhere in the last couple years, people msps and everyone else are forgot that an MSP is not a security practitioner. No, we're not fundamentally a an MSP is a helpdesk company. They do basic maintenance, they install patches and updates. And when little Suzy can't print, they'll go try to fix that after going to read it slack or some other crowdsource place to find out what they actually have to do. Because Google is too hard.

Eric Taylor:

Well, let's just take for those who don't know, what does MSP stand for managed solutions provider it's a bundled var they're taking a bunch of products putting into a solution say here Mr. customer gets by this crap from us.

Shiva Maharaj:

Yeah, wrong. It's a it's a business model. It's nothing more than that. Right? It's it's billing a on a smooth income curve as opposed to having high and low months, which is what they would kind of call break fix maybe but it's all the same thing.

Eric Taylor:

It's break fix with some with some software slap on a little bit of time your MSP.

Steve Taylor:

So just so you guys know, just because I like to speak about things that are are more like facts. The UK and Australia on the top three mining companies in South Africa, the only man who owns the UK,

Shiva Maharaj:

who owns the companies in the UK? I don't

Steve Taylor:

I don't think I understand that question. Companies

Shiva Maharaj:

registered in the UK. On the most minds in Africa, you're saying right,

Steve Taylor:

okay, so like the first one is Anglo American PLC. Okay, old company. So this one is headquartered in London gathered, the founders last name is Oppenheimer. So,

Shiva Maharaj:

right, then they own the beers and everything else. Okay. They do as I said, old company.

Steve Taylor:

Yep. The next one is bhp. Okay.

Shiva Maharaj:

Are any of these companies public? Well, I, you know,

Steve Taylor:

so bhp is Southern nysc is bhp. And that one's headquartered in Melbourne. And

Shiva Maharaj:

hey, did you remember Steve over the summer, China pulled off the greatest grift known to mankind? No. And to quote Dave, so we did a video on this with john witzel. They did a joint venture with the company that owned all the IP for arm chips, which is the foundation for all of our chips we use, correct?

Steve Taylor:

We granted while arm is a pretty important thing. Yeah, okay. And even Apple silicon

Shiva Maharaj:

and probably like their their baseline patents and IP is what powers the world. China, a Chinese investor, a Chinese led firm convinced them to give them 51% in a new joint venture that control the IP for arm, okay, and once that was completed, Chinese companies that fuck you took the IP spun it out into another company that they control. And now our IP is controlled by the CCP. So if they wanted to, they could put a royalty tax on every single chip and completely destabilized and fuck everybody else. And what are we going to say we're not going to pay after we accuse them of breaking IP laws for how many decades? Okay,

Steve Taylor:

that's a problem.

Shiva Maharaj:

I think so. hasn't got much play out there. Well, Joe Rogan brought it up again this weekend. with Mike Baker, former CIA dude, black

Steve Taylor:

precursor smart guy, like when he's a guest on Joe Rogan.

Shiva Maharaj:

But we spoke about it before that episode, who Dave sold it.

Steve Taylor:

Alright, so so let's, and I know that you only have so much more time left.

Shiva Maharaj:

Yeah, gotta hops it. Alright, so

Steve Taylor:

I only have one last question. If If everyone is trying to attack everyone, how do we how do we stop? All the madness? hit hard. But is that really the answer?

Shiva Maharaj:

Yeah. Okay. diplomacy is gonna get you so far. But China doesn't care. They are stronger than they've ever been.

Steve Taylor:

Should we be worried about China? Should have been worried about China? Who should we be more worried about Russia or China?

Shiva Maharaj:

I wouldn't say either. I would say we should be worried about everybody.

Steve Taylor:

And should we be worried about a collaboration between the two? I think they're already collaborating. So at what point do I just hide under my desk and cry?

Eric Taylor:

Now?

Shiva Maharaj:

last year?

Steve Taylor:

Okay. Well do

Shiva Maharaj:

any closing thoughts? Let's take a look of the Steven type type.

Steve Taylor:

I mean, this feels like some kind of dystopian, like book we've all read, you know, like,

Shiva Maharaj:

yeah, have to come from somewhere, right? It's just history repeating itself. It's our turn.

Steve Taylor:

I don't like it.

Shiva Maharaj:

I don't you don't have to

Eric Taylor:

move. In a Canada, yeah, because that's a fuckin solution. Are they?

Shiva Maharaj:

Are they Latin Americans in it?

Eric Taylor:

I live in Morocco. leazes is a good time, the good this time of year,

Steve Taylor:

as soon as I figure out where Morocco is, I'm moving there, Africa. Okay,

Eric Taylor:

so you have the Chinese silk road infrastructure there for you. Oh yeah.

Shiva Maharaj:

Silk Roads everywhere. Digital Silk Road is everywhere. So Steve, you want to tell people how to get in touch with you and what you do.

Steve Taylor:

The best way to get in touch with me is by going to rocket mssp.io. I primarily run a podcast for msps and IT professionals and I just I just love having fun conversations. Maybe a little more fun than this because that's what made me sad. I have to have to go drink now.

Shiva Maharaj:

Drink water.

Steve Taylor:

No, fire alarm. I'm gonna go have tequila. Because there's there's nothing else I can I sure as hell I'm not having vodka. After this conversation, why not?

Shiva Maharaj:

It's Russia. You're just getting ready to deal with the Russians.

Eric Taylor:

You're drinking vodka. You may start speaking Russian. I don't I don't know, man. But I don't know that's a science experiment for you. Good. start drinking a bunch of vodka and come back to us in a week and tell us if you're speaking Russian yet.

Shiva Maharaj:

Oh, come speak to us. And we'll see if you're talking if you're speaking Russian.

Eric Taylor:

We'll do Conrad. We'll do see it's already started it he hasn't even drank any

Steve Taylor:

tea No.

Eric Taylor:

Hi ladies. Gentlemen, thanks so much for joining in for another episode. Thanks to Steve Taylor with rocket MSSP for joining us on this delightful podcast please if you know of anybody who could enjoy and benefit from our podcast please share it with somebody subscribe to amplified and intensified comm or to the YouTube channel at YouTube dot barricade cyber comm if you have something you want us to talk about, or just want to talk crap to us info at amplified and intensified calm and until next time, take care