Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs

Hey everyone and welcome to another episode of Risky Business. My name's Patrick Gray. This week's show is brought to you by Permisso and they make a really interesting sort of identity security product, I guess. It monitors identity actions or account actions and can tell you when some weird stuff is going on. And we're joined by Permisso's Ian Arle a little bit later on to talk through how they detect shiny hunters activity actually and what sort of things stand out as red flags in logs that are going to give you an idea that something's up you know this is useful stuff to know even if you're not using their platform so do stick around for that interview adam boileau is away at the moment he's overseas hope you're having a good time adam if you're listening so this week we are joined by a very special guest co-host he is an international man of mystery who is currently working as a postgraduate researcher at King's College London on the topic of cyber war. He is the Grok. The Grok, welcome to Risky Business. Good to be here. All right. And as always, these days, James Wilson joins us as well. James, how's it going? It's good, man. Good to be here. All right. So we're going to kick things off with a discussion of this Vercel incident. Actually, before we talk about the Vercel incident, James, can I get you to give us a give listeners who are not necessarily familiar with Vercel just a quick recap on what they do. Because honestly, and I know this, like I'm telling on myself here, but I kind of had to look up exactly. I knew that they had the Next.js connection, but I wasn't actually sure what their online cloud service is. And I figure if I didn't know, there's probably plenty of people listening who don't as well. Yeah, it's quite a sprawling landscape. So yes, their origin story, I guess, is producing and building Next.js, which is one of the most popular JavaScript TypeScript-based web app frameworks these days that does everything from front end right through to back end, etc. But suffice to say, they didn't stop there. They're now a hosting provider. You don't have to host Nextchair stuff with them. It can do all manner of things. And they've gotten heavily into, of course, all the things AI, and they're actually one of the leading AISDKs that people use to build their apps at the moment. So they're a big deal. Yeah, yeah. And they got owned and it looks like, you know, we would say, you know, in cases where people get owned really badly on the show, we would say they got owned quite a lot. It doesn't look quite like that's what's happened here, although they have had an incident which has impacted some customers. I guess the mechanics of the attack are probably the more interesting things here than the impact of it. Can you just walk us through how this happened? Yeah, the chain of events here begins with an info stealer was made its way onto an employee at context.ai, which is something completely unrelated to Vercel. That info stealer, I think it was on their personal laptop, actually, this context.ai employee. The logs out of that, it basically exfiltrated, as these things do, a bunch of credentials out of the browser. and the attacker went through those and found that okay they were able to get access to things like the Vercel tenant that Context.ai uses to host the product, the super-based database they use, their auth kit implementation. So suffice to say everything you need to very much own all things Context.ai. What it seems they've done then is with that access to the super-based database they've gone through and found that's where all of these OAuth tokens that are stored because Context AI is one of these things that you add to your Google workspace, for example, so that it's your AI assistant that goes rifling through all of your mail and drive and all these wonderful things, which of course, for it to rifle through, you've got to give it access to all those things. So the attacker's gone and found, okay, I've got Superbase. Superbase seems to be chock full of OAuth tokens. What's interesting out of these OAuth tokens finds that one of them belongs to a Vercel employee. And what it appears is from there, they've then gotten themselves quite permissive API access to the Google workspace that an internal Vercel employee was using, and then they're off to the races from there. Yeah, and it looks like the precise way that they've moved laterally and whatever and managed to obtain a bunch of secrets from Vercel customers is not clear. But you can tell from Vercel's communications that they do actually have, they have actually thought about, because they do like this hosted front-end thing, right? Like that's really where their hosting started. They've actually put some thought into how to protect customer secrets in their interface, simple protections, where you can mark stuff as sensitive, and that is basically a write-only permission for secrets which only get pooped out the other side via the build environment when you're actually deploying apps, right? So what it appears has happened here is a bunch of first-cell customers had environment variables and didn't mark them sensitive, and that's how these attackers were able to access their console somehow and just read them out. yes that that as you said there is still a lot of dots we've got to try to connect on that one but i think it's safe to assume that with a very uh you know broad spectrum access to that google workspace there's a lot of things that would have been possible and you're right um versell i think not only did they do a good job of spelling out what the incident actually did they were very quick also to say um not just the usual advice of hey rotate your credentials and tokens of course you've got to do that but i actually appreciate that they called out a couple the things they did around um i think secrets are now sensitive by default which is a very good thing it probably should have always been that way but good on them for making that change um and just a couple of other things that like they they really owned this and said look we could have done better here's the things that we're doing better and they are legitimate things that i think will from this point onwards help to prevent the uh the exposure that an event like this can cause yeah look the incident comms on this from versell have been absolutely top rate like absolutely superb it feels like they've updated when they've had information i remember at some point james you were like well i haven't had an email from them yeah um you know despite the fact that we knew that they'd emailed some people and then they did email you and they said look at you know it doesn't look like you were impacted they've called in mandiant i'm guessing mandiant's been advising them on this as well so yeah looks looks pretty good um there was a you know apparently like shiny hunters were responsible and then some shiny hunters people are saying no it wasn't us and And then there's like forums, you know, forum posts popping up where people are saying we're going to sell data taken from Vercel. But then it's like not really sure if it's just like stuff out of one, you know, Gmail inbox or whether it's like serious data or whatever. So as to who did this, we don't quite know, do we? Yeah, we don't know. But I think what we can take a lot of comfort from is that whatever this data is, it doesn't seem to be the kind of thing, even if it falls into whoever's hands, might be silly enough to purchase it. could lead to some sort of broad spectrum supply chain attack or a large scale attack on customers of Vercel. I largely feel like this is done and dusted and there's been some good lessons learned along the way. And I guess we just got to wait to see now, but I don't feel like there is a huge looming danger from whatever that data is. Not another shoe to drop right on this one. I think a point of discussion around this is that this Vercel staffer had given really permissive authorizations to Context AI to basically own that account, which is what you have to do if you want to extract any sort of value from these AI assistants. You need to give them permissive access to your account. But Matt Johansson, Matt Jay on Twitter, has pointed out that based on things Context has said, it looks like Vercel wasn't even a paying customer of Context. And that seems a bit weird that a Vercel staffer would be allowed to connect their account to Context AI in such a way. and you wonder if maybe their environment was a little bit too permissive or do you think that that's a cheap shot? From working in a lot of corporates with Google Workspaces and knowing how these things get set up, I find it very unusual this claim that Context AI says, well, Vercel wasn't even a paying customer, yet they had this very permissive access. An enterprise would be very uncomfortable even saying to someone, yes, I'll permit you to use that free tier account in an enterprise because they're going to want contract. They're going to want terms. They're going to want to know what's the liability. Yeah, right, because when something like this happens, they want to go and look at that agreement and say, right, where's the liability pay up? And in a free tier where you've just clicked on the EULA and not read it, you don't get any of that. So I don't think this is a – Vercel was okay with this. I think this was a – it was too easy to do something that shouldn't have been allowed. Yeah, okay. I think that's a fair point. Grok, you want to jump in here, please? Yeah, so I've got a couple of things. One is I think that it's interesting that this shows how modern cybersecurity is a lot less about exploits and a lot more about OAuth tokens and what you've connected to what else, right? Like it's all at this very, very high layer and it's got very little to do with dropping Oday. but the other thing is that like shadow it used to be the person who brought in like a wi-fi router and put it under their desk and now it's someone who like connects your entire network to some random flyby just to some third party application that might have all sorts of additional access look it is the case right that um that's how stuff's done these days and and indeed i think it is even in the sponsor interview this week or it could have been another one uh recently where it's like you know attackers aren't even touching the endpoint anymore they don't need to i mean in this case there was an attacker touching an endpoint because they did use an info stealer but you don't even need that anymore i guess is the point yeah but i think gruck's point's a good one right we've gone from they break in to they log in to now you logged in for them not bad i like it all right now look speaking of vulnerabilities though and i wanted to get your take on this one grark um mozilla has apparently found 271 bugs in firefox by using mythos uh no idea what the token cost is there i'm guessing it was substantial um you know are you on board with predictions of a bit of a bug apocalypse because i do think that's the way this is gonna head um you know but yeah what's what's your feeling here i'm of two minds about it on the one hand like 271 is that's a big number that is a lot of bugs but i'm also like i'm not sure does that mean that there are now overall 271 fewer bugs in mozilla like or does it mean that infinity minus 271 is still infinity right like has it meaningfully changed things and i don't think we know yet i think that's going to be the like that's going to be the question particularly because now generating code is so much easier as well so in a way adding bugs is going to go a lot faster well yeah and there's there's this thing too right where like you look at a company like fortinet right where their software is super buggy and super bad and you think there's already stuff they could be doing to fix this and they're not so do we think they're going to spend money throwing a whole bunch of tokens at this problem when they're not putting people on this problem to begin with? Like, why would they throw the money from tokens into it? But like, I wanted to bring James in here because you did an interview with Brad Arkin that you published last week. Now, Brad, of course, was for a time the CISO for Adobe, right? Which meant that he was responsible for Flash and Adobe Reader and stuff. And these products were bottomless pits of vulnerabilities. And he thinks the discourse around mythos is a bit dumb because you ain't going to improve the quality of software by just burning tokens to shake out bugs. Quite to Grok's point where he's like, infinity minus 271 is still infinity. I mean, it's really, Grok's just basically saying what Brad told you last week. Yeah, look, I think there's some key words there, right? You know, does it improve the quality? Potentially, but quality doesn't equal safety and prevention from exploit. And Brad's crystal clear point to me was, look, we could have, in time, enumerated all the bugs, fixed all the bugs in Flash and in Redo, but it wouldn't have done us any good. What we had to do was look at the commonality and say, what do these vulnerabilities tell us about higher order concepts in our code base that we can go and do very targeted fixes around? You know, like, do you fix 100 bugs and potentially introduce who knows how many regressions and leave however many bugs still there? Or do you say, let's just wrap that up in a sandbox? that sandbox and the arbiter between the sandbox is a smaller code attack surface, bang, that is then a material difference in your attack surface. So I'm with Gruk here. It's an impressive stat. It's great to see Mythos being used, but this does not equate that the software is now any way further towards being inexploitable or less exploitable. You don't get there from just 271 bugs being fixed. One of the things I remember that Flash used to do when they were, you know, back when we were on that treadmill all those years ago, they used to kill the techniques that were used in the exploits. So they realized that it was just going to be impossible to, you know, fix all the, like, the various different types of confusion. And so they started killing the techniques that got used to cause, say, like a type confusion. like that had one specific technique that was exploited so they killed that technique which meant that it didn't matter if they left the actual type confusions in there you couldn't turn that into an exploit and i don't know if ai is going to get you to that understanding or if it's just going to enumerate all of the different type confusions that you have yeah because those are two different things and one of them like meaningfully moves you forward and the other doesn't right yeah well it's funny right it's just so funny bringing this up because it's been long enough now that i you know i'd feel comfortable saying you know some of the things that brad told me back then which is like i mean they were trying to kill flash right they wanted to kill flash no one in security at adobe wanted flash to be a thing and then some product group would always like bring it back reanimate its corpse to some project make it a dependency and they'd be like oh my god here we go again but you know when they finally killed it the corks came you know the corks were popping. But that was, you know, I think that was a really interesting case study. You know, when we look at the impact that stuff like, you know, frontier models might have on bug discovery and is that actually going to fix everything? I think what we are saying is probably not. No. And moving on to this next story, a NIST is now going to, this is like insane, right? So NIST has obviously fallen behind on doing vulnerability triage and enrichment. Like this has been a story for over a year now At various points they talked about oh we got a new contractor helping and you know we get right on it And now they just like eh we not really going to bother but there got to be some you know there got to be some really strict criteria before we bother enriching something otherwise we just going to take the vendor's word for it basically and one of the criteria is that the bug might it has to be on the kev list on the sisa kev list and then our very next story is sisa cyber putting out an alert about the Axios compromise, you know, about the Axios supply chain attack. So like with CISA suffering so badly at the moment, you know, as I've referred to it constantly on the show, we have entered CISA's century of humiliation. You know, you just sort of think, what is NIST doing? Like you're relying on a government agency that has now become quite dysfunctional, not due to its own fault, but because it's being targeted by the White House for being, I don't know, woke, radical left or something. And I just think, you know, where does this end? And your point, Grak, when we were talking about this before we got recording is you reckon this might be NIST kind of getting ahead of the frontier model bugpocalypse and just saying, yeah, we're going to just preemptively wave the white flag here. I think it's the smart move. I mean, if you are NIST and you see Mozilla coming out and saying, hi, we've got exactly one product and there were 271 security issues that we killed this month, as NIST you go, that's not happening. Like, we cannot. Like, that's just not a thing that we can do. So, yeah, like the smart move is to just go, yeah, if you're not on the list, you're not getting in. Yeah. James, you and I were chatting as well about whether or not you think AI could make a dent in solving this. And the answer there is like, at least with current models, probably not. Like, you know, the work is not, I don't know that it's quite repeatable enough that you could get an AI agent to work out like a CVSS score reliably, you know? That's not a 3.0, that's a 10.0. Ah, you're absolutely right. That's on me. There's that and then there's like, okay, when does the madness end? if the AI is finding the bugs and the AI is probably writing a vulnerability disclosure and then the AI is determining whether your AI discovered bug and AI written vulnerability disclosure is accurate, just stop at some point that there's enough AI in the loop at that point. I really don't think it's going to, even if you prompted it well, it's not going to help. Give all the money to open AI. Skip the whole security theater with finding the bugs and enriching them. Just give all the money, you know, AI, run your tokens, do your thing. just reminded me of how like in the earlier days of chat gpt people were writing bullet points and then asking chat gpt to generate an email which they would send to someone who would then put it into chat gpt and say can you give me a bullet point summary of this email um oh god the horror the horror um we've got a story here from alexander martin over at the record talking about how a ransomware attack against a british pathology provider or pathology lab The fallout is still being felt more than 18 months later. The fallout is still affecting British healthcare operations. James, walk us through this one, mate. What's the go here? How badly have things been affected? Yeah, look, it's a troubling story. So in June 2024, Synovus was essentially the provider that was attacked here. Now, Synovus is essentially a pathology blood testing service, But the knock-on effects that had to the entire healthcare system was incredible and still being felt because, you know, if the blood test couldn't be done in time and there was a backlog of that, then you can't determine which blood supplies you need for which transfusions. And if you're not doing the transfusions, then you can't manage your blood supply stocks and your logistics around it. And so it's an interesting article because it points out that, yes, 18 months later, this poor organization is still struggling with systems that are not fully recovered. They still have a massive backlog of attacks. And even just one single provider of diagnostics and pathology can have such a massive ripple effect throughout the healthcare system. Yeah, I mean, these are the sort of stories that make me, you know, have always made me treat the ransomware issue as a national security issue. And in fact, this morning we were having a look at Catalan's newsletter and associated Risky Bulletin podcast script. And, yeah, a former FBI official was testifying before a House Homeland Security Committee in the United States saying, hey, we think you should make, you know, that these ransomware operations should be designated as terrorist groups or terrorist operations. I think in that case to unlock more prosecutorial and surveillance tools against them. But, you know, I think finally people have realized a few things, which is it is worth exercising state power against these kinds of groups, not just law enforcement power. like I'm in real state power, and that it's not an acceptable thing. It's not something we can ignore anymore. Grok, any thoughts there? Yeah, no, I'm all for it. I think that the ransomware groups, they're permitted to exist because they provide actual value to Russia as a tool of state power. They don't exist simply because Russia allows corruption and whatever. I think that they literally give Russia additional tools of state power. And if nothing else, they give them a bargaining chip at one point to be like, look, we will shut down the ransomware gangs if you give us these concessions. I agree with you on the bargaining chip thing. I think the state power argument's a little bit softer, to be honest. Okay, it's one I'm willing to make, but I admit that it's very much a, you know, assume a ransomware group of radius R traveling at constant velocity, right? It's like, to me, it makes a lot of sense to view it as this gives the state the ability to do rating operations, which delegitimize the political protections and so on of adversaries, right? That makes sense to me, but it's very, it's very unlikely that it makes sense to the Russians. They don't think about it like that, right? Because they're not as sophisticated as I am and don't really understand everything. So are you saying that it's an exercise of state power that they don't realize is an exercise? Exactly, right. They fail to appreciate what they have. That's what's going on. But anyway, it means that using state power against it is absolutely the right move. Yeah, I mean, I think that they, you know, my argument is a little bit different. My argument is that they're failing to do anything about it, which means that they've sort of broken the compact of, you know, behavior of responsible states and that's when you get you know the people in basements at fort mead involved basically um anyway moving on now we're going to swap out gruck because we're worried he's going to go off on a tangent so we're going to bring in gruck 4.7 uh who is an llm now we were going to get real gruck to talk about this one but he can be a little bit verbose right so we've we've distilled him into a model so we can properly scope the response we're going to get for this one. So here goes. Grok, I want you to act as an expert in cybersecurity who is providing tightly scoped commentary on a cybersecurity podcast. The audience for the podcast is people who are knowledgeable about offensive and defensive cybersecurity and work in both the intelligence community and private sector. I have provided you with a link to an article from The record titled, In Defeat for Trump, House Extends Electronic Spying Program for Just 10 Days. Please read this article and get ready to provide us with expert commentary about it. Before you generate any output, we have some rules. Keep your comments directly relevant to what is written in the article. Do not invoke Bismarck, the general, or the ship. the grain trade's impact on warfare through the ages is not relevant to this discussion. Please refrain from connecting an analysis of the economic model of the Ming dynasty to this discussion on 702 reauthorization. Now we have established the rules. Tell me, what do you think of the latest trouble the US government is having in reauthorizing the 702 intelligence collection process? What do you think about this latest trouble that the US government is having reauthorizing 702? Grok 4.7, take it away. It's interesting that you would bring up Bismarck because... The FBI have brought this on themselves, right? So the 702 program is a very important piece of the national security apparatus. It allows them to look at communications between foreigners and people located inside the US. And that is very useful because if you want to attack the US, it helps to be inside the US. Well, but it also allows them to actually monitor the communications of two parties located outside the United States when they're using US infrastructure like Facebook. I mean, that was the original intent of 702. And I think, yeah, where you're going with the FBI brought them onto itself. It's like incidental collection is a thing where sometimes you wind up accidentally grabbing some data on US persons. And the FBI was authorized to look at that data, you know, because, hey, it could be useful in stopping terrorism. And then in 2023, they just did some ludicrous number of queries where it looked like maybe they had been accidentally automatically querying the 702 data set every time they plugged someone's name into it. And everyone freaked out. And here we are a couple of years later. Yeah. And, you know, it's the fact that they're having difficulty getting this reauthorized is because they've failed to make the case for why they need it. And then afterwards, they went ahead and they abused it, or they appeared to abuse it. And I think that, you know, like, if, if people don't know why you need a thing, but they know that you abuse something, they're not going to want to give it to you. Right? It's so yeah, this is entirely on them. you know yeah i mean i think it's interesting that the pushback is coming from the republicans who are look it's really weird i feel like i'm having a stroke anytime i try to talk about american politics because because you know the republicans you would normally associate with being hawkish right uh but then they've they've you've got a republican president who ran on an anti-war platform who promptly starts a war uh in the middle east and you know you had bush starting the war but then you know the whole rhetoric in the u.s is about warmongering dems and it's just As I say, I feel like I'm having a stroke. I mean, are you surprised to see the pushback against this coming from the right, I guess? Because this, you know, 702 was a Bush thing, right? Like it was the Republican Party who gave the United States 702. So does that part of this surprise you? You know, nothing surprises me anymore this year. Like in a rational world, if this was 2022, 2023, and I was seeing like the right is coming out against law and order, that would make absolutely no sense. But I guess law and order is woke these days. It makes no sense, honestly. Like, I don't know what's going on. I'm with you on that one. Ultimately, do you think 702 is going to get reauthorized in some form? Like, I feel like the, you know, Congress is going to do a powwow. They'll give some concessions and whatever, maybe make the FBI, you know, more oversight on the FBI or make them get warrants or something. But ultimately, 702 is going to get reauthorized. It has to be, right? It has to, yeah. I mean, if for nothing else, I think if they got rid of it, there'd probably be a huge drop in GDP just because they'd have to fire all those agents who are, you know, maintaining the infrastructure that it runs on. Right. Like there's just there's so much involved that getting rid of it overnight is impossible. That's it. So it's the tail wagging the dog. It's big, big 702. You cannot cannot get on the wrong side of big 702. All right. Well, we'll see how that shakes out. Now, James, let's bring you back in here because we've got a story here from Jonathan Grieg over at The Record looking at a crypto infrastructure company that apparently got hacked by the North Koreans. And it's a big one. Like it's not quite up there with the $1.3 billion that we had last year. But this is a $290 million theft. You said to me already this was very interesting and started explaining it to me. And I'm like, uh-uh, wait till we're recording. I want to get a fresh reaction. Tell us about it. Yeah, super interesting, because normally it's like, you know, a crypto exchange had a bug in a contract or a bug in something, and it's like a self-contained attack, right? The thing that gets attacked is the thing where the funds disappear from. That's not the case here. Yes, $290 million was taken from this Kelp DAO, but the way that it happened was actually by a compromise in something else entirely. And it's this thing called Layer Zero. Now, when I step through this to understand it, there is this thing called RSETH, which is basically a token or a type of thing that you can issue that says, I've really got Ether and I've stored it in this place and they've issued this RSETH. And then people can actually go to other institutions in the crypto marketplace and say, look, I've got all this ETH. What will you give me as leverage because of this? and they can earn yields and all this other sort of stuff. But the role Layer Zero provided is it is basically the service that validates these transactions around this ETH staked coin. And I think what the attackers determined here is that if a crypto exchange out there or a DAO out there is solely relying on Layer Zero alone to trust the validation of those exchanges, then they don't have to hack them. they just go and make sure that they can essentially get layer zero to produce falsified records about how much ether someone actually has and then they can go to that uh that dow and say well look i've got all this ether look at layer zero that'll verify it and then the dow goes yeah great that's a huge stake what would you like to do with it and they've just then said well i'd like to withdraw all these funds based on the fact that i've got a fake a fake bank statement saying hey look you know i've got i've got two billion dollars surely you can you know let me drive away in this new Porsche. You know, my check's not going to bounce, you know. And then they phone the number on it and your girlfriend picks up and goes, yeah, this is the bank. What do you want? So, I mean, that's a lot of cash. Like, who are the bag holders here? Who lost the money in the end? Is it actually like this? Like, I don't understand this stuff nearly well enough, James. Yeah, look, I couldn't get a clear read on that either because it is, you know, it's crypto and it's pseudonymous and it's all these wallets. And so, but suffice to say, These were, you know, there were big wallets involved here. If you're playing in this ecosystem, it's because you're a large holder of crypto and you specifically using these leverage services to make even greater use of your crypto This is not just a Maram Par oh yeah I got a little bit of crypto back when it was cool No there like complex derivatives and stuff Like I saw some humor around this one you know, with pictures of like screen caps from the big short and stuff of like, now what we do is we've got this staking protocol and then we learn it and, you know, it's just, it gets real complex real quick. I think the only people who understand this are in North Korea, making a lot of money out of the fact that everyone else is trying to look like they understand it and just giving money to them, right? Like it's... Yeah, I mean, I think that there's a reasonable case to be made that the North Koreans understand this stuff very well. I think you might be right there, buddy. Now look, staying on the topic of crypto, we've got this exchange called Grinx. Now these guys are frequently doing business with... They're frequently... They're an exchange based in Kyrgyzstan, but they're frequently doing business with like Russian ransomware actors and whatever. so they've got owned and like what 13 million dollars got pinched um other people put the value at 15 million dollars and they're shutting down basically like they're they're cooked they're done and they've come out and they've said oh this was unfriendly states like westerners you know sort of pointing the finger at five eyes but you know look tom our colleague tom uran uh who hosts the weekly between two nerds podcast with you gruck if you want to if listeners out there are really enjoying Grok's vibe. You can listen to him every week in Between Two Nerds, which is published to the Risky Bulletin podcast feed here on the, it's part of the Risky Business Extended Universe. But yes, it looks like, yeah, Tom said no, it doesn't really feel like a Western operation. James, your take was the same. And, you know, there's even some analysis here from Elliptic saying, yeah, it doesn't look like it. It looks like more like a crime operation. Grok, you had some feelings in your waters about this one as well? So, yeah, so like when I started reading it and the first thing I saw was, you know, like this was a hostile, like this was a hostile state that has attacked us because we are, you know, helping Russian financial sovereignty. And I immediately thought, oh, it's the Australians. This is great. Like they're going after, you know, the infrastructure that ransomware relies on. And as I kept reading, I was just like, this doesn't feel right. Like this is like this is not like it should be the Australians. This is what they should be doing. but this is absolutely not them. We do like a bit of a slash and burn operation. Like ASB likes to torch, you know, bulletproof hosting providers and stuff. It's pretty tasty, pretty tasty. Yeah, so, I mean, what I would expect is if it's the Australians, they would have sent all the money to burn, like they would have burned all of the crypto at addresses, you know, like Screw Ransomware or something like that. Would have just gotten 15 billion or whatever it was. Just to make them cry, I know, it's so great. Right, yeah. Yeah. But that's not what they did, they pitched it. The money vanished, it got pinched, and then it got laundered through a fairly complex sequence of transactions. And that screams, let's just say, hacktivist who doesn't like the Russians. Yes. Could be anyone. Is there a country anywhere where people don't like Russians? It will remain a mystery. All right, let's move on to the next thing here. We've got a piece here from TechCrunch from Lorenzo, actually doing a bit of a roundup on these Defender bugs. They've been kicking around. Like people who, if you glued to InfoSec social media like I am, you would have seen there was some sort of disclosure drama. Someone calling themselves Chaotic Eclipse wound up blogging about these bugs and saying, oh, you know, MSRC wasn't being nice to me. So here you go and dropped, like they OD'ed them basically. And now people are actually out there using the bugs. We love to see it. Feels a little bit like the late 90s. James, what do we know here about these bugs and the exploitation of said bugs? Yeah, three bugs, all very Windows Defender-centric, but interestingly doing three very different things. So one goes after the updater mechanism. It's able to essentially hijack the point in time when Defender thinks it's got a legitimate update and goes and applies it. And because, of course, Defender is operating as a very highly privileged operation, that's a real nice way to put binaries where you want them to be. So I'm guessing that's like a local Privesque, that one. Yeah, yeah, yeah. These are all Privesque of some different flavor. Oh, sorry, the third one's not. But the second one certainly is. And again, Defender, but looking at the way that it essentially quarantines files, there's some sketchy logic around what it does. And the exploit here is if you just can get the file into the right position, right as Defender goes to quarantine it and look into it, then it happens to sort of write the file back into place. without the quarantine in there. And so you just get there at the right time and your file ends up in the right spot at the final step. But then the nice one is that if those are not to your flavor, luckily he's got a third one, which just crashes Windows Defender and then you can do whatever you want on the system anyway. It's pretty funny, right? Because like everyone thinks of CrowdStrike as being the 800 pound gorilla in EDR. And it's not, it's Microsoft. I mean, Defender's in store base and like the amount of money Microsoft make out of this stuff, It makes CrowdStrike look like a ma and pa shop, you know? Yeah. Just crazy. Real quick, we've got a report here from Axios that says that NSA is using Mythos despite the fact that the, you know, White House has declared them radical left-wing terrorists or whatever it is. So that's kind of an interesting data point. You know, don't know what that's all about, but I'm sure we'll be hearing plenty about it. I think I saw some comments from Trump too, where he was saying that anthropic are radical left, but like we'll get along because they're smart and we'll find something. And, you know, just the usual sort of thing. Like, I really wish he wasn't so funny, you know? Like, what else have we got here? Oh, now here's one for you, Grok. So we spoke about the original research into this proof point. The proof point threat research team have been doing some really fun research into this hacking campaign where people get into like shipping companies and whatever, and basically manipulate the system so that they can send their own truck drivers or hired truck drivers to pick up containers and like deliver them to like their warehouses or whatever. This is like freight hijacking, but like new school techniques in freight hijacking. They, the Proofpoint team, they took a punt on something, which is they grabbed some of the malware from the organization that's doing this and they detonated it inside like a deception environment, right? Like a simulated environment that wasn't even set up to look like a transport organization. And they collected so much good telemetry. And I'm like, I'm embarrassed for these attackers for not realizing that they were in basically like a honeypot environment. Was that your takeaway here too, Grok? Yeah, I mean, I think one of the things that sort of clued them in is just the sheer amount of credentials and everything. like everything they touched was gold, right? Like they were like, oh, I wonder if there's a login to Gmail. Oh, there's 20. Oh, I wonder if they've got access to like a shipping manifest. Oh, there's 2,000 of them. It's like, you know, those posters for people who work in intelligence, which is like if she's a 10 and you're a 6, you know what I mean? If it's too good to be true. If she's a 10 and you're a 2, it's... If you pop Shell and it's just this good, like, yeah, it's probably not. But yeah, I mean, it looks like they were going after like, in this case, they were looking for financial access into like banking, accounting, tax software, money transfer services, transport related entities, fuel cards, whatever. Like they seem like this group just does omni fraud in anything transportation. That's exactly what I was thinking is that this very much feels like the mob in a way. And like, you know, if you've got your like BEC guys, they learn how to do one sort of scam, you know, like maybe it's a tax refund. whatever and they hammer that until something else comes along but these guys are just omnivorous right like they get in and they're like let's find the credit cards let's find the uh the the cards that they use for uh fueling up their trucks let's find whether we can get cargo manifests and pick up some good stuff instead it's like it's very much like let's make money and we're using cyber to do that as opposed to like let's use cyber and make some money well and i'm going to let you very quickly go off on a tangent about the ira because we know how much we love talking about the ira we negotiated this and we negotiated this this is an allowed tangent so what's fascinating is historically one of the main sources of revenue for the ira was hijacking trucks uh there's actually a famous photo of all these ira terrorists in adidas jackets which came from an adidas truck that got hijacked. It was used to track them because the only people who had Adidas jackets were people with connections to the IRA. But similarly, it used to be a huge thing for the New Jersey mob. They used to get tons of money from hijacking trucks. And it looks like now that the trucks have all sort of, they've digitized and they're cyber enabled, I guess the mob has become cyber hackers to get back into, you know, throwback to the 1970s. Yeah, or this is just the new form of organized crime and it's not a bunch of like Sopranos lookalikes, you know, actually pulling the strings on this. It's people who look more like the three of us, right? I'm just thinking that, you know, like there's a whole bunch of old guys, you know, we're going to get the team back together. We're going to do one more heist. That's it. Just one more, one more score. All right, so we've got a few more to talk about, and then we're going to wrap it up for the day. This story is absolutely insane for people who've been really monitoring the situation when it comes to the Strait of Hormuz being closed. There was this crazy situation the other day where an Indian boat was trying to go past the blockade, and the Iranians were shooting at it, and the captain is on the radio saying, what are you doing? We're on your list. You gave us approval to go. It turns out it looks like that may have been one of the boats that reportedly fell for a crypto scam and paid a whole bunch of like USDT, like crypto coins, stable coins to who they thought was the IRGC so that they could sail their boat out of the Strait of Hormuz. But it looks like the money may have gone to scammers. And that's how not only did they lose the money, but then they were getting shot at by the IRGC. Like what a world. Yeah, look, this is absolutely crazy. Maybe it's those New Jersey guys who are, you know, they're stealing freight. They're scamming the Strait of Hormuz. they're uh they're all over this one it's wild though like i wish i had thought of that this is like the perfect crime oh we've got a law and order story here james and you noticed something interesting in this one a couple of guys in new jersey have been given really long prison sentences for running the north korean laptop farms what's crazy though is it seems like one of the people was like the mastermind and then the other one was kind of like pretty junior in the scheme and they both got basically the same jail sentence which is a bit crazy yeah that's what surprised me i mean one one got eight years one got nine years but there's a big difference uh seemingly in their involvement um you know one guy was doing the uh the trips to china that just happened to be really close to the north korea border and went to school with someone who was north korean and like obviously has all the wherewithal and connections to set this up and to be running the operation um and the second guy was uh it seems to be just one of these poor folks that gets stuck running the farms and there was bound to be more than just him running those farms but And yes, both got the same penalties, which is harsh. But also in the article, it says that between them, they were paid $600,000 by North Korea between them over this three or four year period, which is just like juice ain't worth squeeze. Yeah, I don't think that half of it was going to the guy who was, you know, changing the batteries and making sure everything was plugged in. No, no. So $600,000 between the two of them, probably most of it went one way. I think you're bang on there. um real quick i wanted to talk about like a week or two ago we spoke about sissa adding a bug in the true conf video conferencing client to the kev list which is like i'd never heard of true conf um and you know that that seemed a bit weird and we've got uh vlad stiron uh vlad stiron sorry uh probably murdering his name anyway from uh from ukraine a running hacker uh on um uh on the socials he heard us talk about that and he had to do a double take because it turns out TrueConf is Russian. So he's wondering why on earth CISA is asking, you know, is asking government agencies to immediately, like ordering government agencies to get this stuff out of their network. It sort of implies that it is in their network. And what is it doing there? That seems very strange. And then it gets weirder from there because it turns out like in this piece, there was some sort of campaign targeting targets in Southeast Asia, I think. and then we had a newsletter piece this morning uh james you and i were working on that when catalan filed it and it looked like a ukrainian apt crew is going after true conf server bugs so it looks like you know we're just like oh gee that's weird true conf what's that and it's it's it's apparently being hacked by everyone and it's russian and it's like that's a little bit of funny context there um look i'm going to speed up through these because we are running out of time Last couple of things to talk about here Blue Sky and Mastodon both got DDoSed The joke, of course, going around is that dozens of users were impacted But that's not fair I mean, I'm a Blue Sky user It's a pretty active social media network, Mastodon Plenty of stuff happening there But yeah, this is going to happen when it's not some, you know Megacorp social media network This is going to happen But don't worry, because Eric Geller over at Cybersecurity Dive he reports that the US and nearly two dozen other countries have struck back against DDoS for higher platforms and they've taken down 50 websites associated with Buddha services now sure I think that's a good thing to do but I'm not really expecting that it's going to make that much difference Grak what do you think there bud I'm just going to go back to what I said earlier infinity minus 50 is still infinity yeah that was very like I think I think the reason to do this is for the deterrent effect, not because you really think it's going to make that much of a difference. I think it's more a case that if you don't occasionally arrest these people, all of a sudden you have infinity times two. Let's just go with that. You have double infinity. Yeah, really infinity. And then finally, we've got a piece from the Russian media, which is talking about how it's basically Russian propaganda aimed at Russians saying, man if you run a VPN app on your phone it can explode Which gives you the idea of like because we talked about how they have you know canned mobile internet in St Petersburg and Moscow And, you know, there's like serious content restrictions happening. So obviously VPNs are proliferating and they're trying to combat that with this sort of ludicrous propaganda. But you do get the sense that perhaps the reason the internet crackdown is coming is because they're preparing for immobilization because they're running out of people in their war against Ukraine. Is that the feeling you get, Grok? Yeah, absolutely. They've been trialing different attempts. So they've shut down Telegram. They've shut down a bunch of other messengers. They're interfering with things that are not based in, like things that are not sovereign internet for Russia. It seems very much like they are ramping up for a shutdown of some sort. Yeah. And that's, yeah, like that has to be for some reason. Well, guys, that's actually it for the week's news. Grok, thank you so much for joining us, mate It's a pleasure to have you on You've done one of these before But it's been years since you've come on And joined as a co-host on the main show Again, anyone who wants to hear more Grok, if you just can't get enough Grok You can go find him on the Between Two Nerds podcast Which is published into the Risky Bulletin RSS feed But yeah, that is it Grok, thank you very much And James, thank you also, mate What have you got coming up this week? You've got, oh, that's right We're interviewing Nicholas Carlini From Anthropic on Friday We're hoping to publish it that day. So if you can't get enough James, you go and subscribe to Risky Business Features. But yes, thanks to you both. And I'll catch you both soon. Thanks for having me. Cool. Thanks, Pat. Great to meet you, Grok. That was the Grok and James Wilson there with a chat about the week's security news. Big thanks to both of them for that. It is time for this week's sponsor interview now. And Permiso is this week's sponsor. It was founded by a bunch of like ex-FireEye Mandiant people who basically, yeah, I guess, you know, just had the good idea of building a product and a platform that looks at identity and account activities and can from that detect various, you know, types of malicious activity. And, you know, that's turned out to be a really good idea because as we were just talking about in the news, this is how a lot of attacks happen these days. is just funny stuff to do with identities, account resets, things like that. So Ian Arle is with Permiso and joined me to talk really about how they're tackling, I guess, some of the tradecraft used by groups like Shiny Hunters, which are very sort of identity-centric in the way that they attack things. Here's Ian Arle. It's really interesting, right? Because modern threat actors in general, when you're looking for bad things from a modern threat actor, it's not go find the bad IP anymore or go find the bad file hash anymore. There's no like easy tells. It's like, how do they do things just a little bit differently than your normal user does? So when they're registering MFA, man, if I see somebody go from Android to Apple, that's weird. People don't do ecosystem changes. Or if somebody has an iPhone 17, the next device they register is a 12. Doesn't make sense, right? So even some little things like that stand out. But the real crux of it is you have to find combinations of these signals across the various places you're looking. So not just the IDP. Well, once they get through the IDP, what do they do next? They're landing in 365 and searching or hitting co-pilot to go find some documents on how your VPN works, right? So now a weird MFA event and a search for VPN documents. Ooh, more interesting. That's the way we kind of think about the world and with modern threat actors like these guys, but also the North Koreans, the pesky North Koreans, as you like to refer to them. You've been listening to the show. Yep, excellent. Yep, yep. Yeah, the pesky North Koreans, ABT-29, right? They all operate the same. Get some valid creds, land in your SaaS platforms, learn as much about your environment as possible for carrying out their mission, whatever that mission happens to be. Yeah, I mean, when we talk to Adam Bailo, who's had a very long career as a pen tester, my co-host, of course, Adam, he talks about like the first thing he does on target is go looking for the docs, right? So he can figure out what the network looks like. I mean, it feels like, yeah, using a platform like yours to spot that sort of activity makes a lot of sense. But I'd also think like what I'm hearing from you is like if you don't have a platform like that, maybe loading up those sort of documents with canaries is going to be quite fruitful. Oh, for sure, right? They're going to look for the same things. In fact, I should share them with you at some time. I keep a long list of the search terms I've ever seen shiny hunters, scatter spider, various groups use. And I love search terms for detection because search terms show intention. I know what a bad guy wants when I see what they're searching. And sometimes it's almost like they're reading off an SOP. You can see like, oh, they searched for password, then AVD, then VDO, then VDI. Oh, they really want to get to Azure Virtual Desktop. Great. Now I know what to go look for on that side of the house. But yeah, so if you know what they're looking for, you can implant some things in there with a canary for sure. but at the very least, make sure you're logging those things and looking at them. You can tell a bad search. Nobody searches for AKIA unless they're looking for long-lived access keys. And that's a really easy tell there. Yeah, it's interesting though, because what you're telling me though about those two things, like someone changing from Apple to Android. Recently, my mate Dave changed from iOS to Android, thus ruining a very long-lived iOS group chat. Thanks a lot, Dave, for going to Android and doing that. That was very disappointing for the rest of us. So it does happen. It does happen. But I guess what you're saying is like, okay, that is a marker. Like that's a flag, you know, that becomes immensely more valuable when you see, okay, so someone's switching to Android, maybe not a big deal. Someone switches to Android, then they're conducting searches for internal docs. that's when your confidence can go up astronomically once you start chaining these things together right for sure and then to to pull in like a little bit of the yuba stuff right like and then they use copilot does this user ever use copilot um they're coming from a residential proxy do they ever come from a residential proxy like you can you can start tying in some of your anomaly stuff which is normally way too noisy on its own but you start tying anomaly with some impactful events, some known TTPs, you start finding some really interesting things. Copilot has been a huge boon for our threat actors lately. It's a way of getting around all these search term detections that I've been looking for is now they just go and copilot and ask, find all the VPN documentation instead. Does it faster? Does it better? Yeah, they just ask, they ask copilot, But like, just what could you tell me about XYZ, right? Exactly. And then Copilot, you're not getting invocation login out of Copilot by default. You have to do a lot of extra things to enable the level of logging you need to know what that actual search term was. Now you got to start guessing. So now when I see Copilot, when it has an event, a Copilot interaction event, it shows you what file it touches to answer your questions. So now I have to start taking some guesses like, oh, the file name has VPN in it. The file name has password or login in it. Right. Maybe that's indicative. Have you thought about kicking out your own copilot query, which is tell me about what's in this file name? Exactly. Yes. More so give me the contents to like help me understand the contents. Because that's always the hardest part from a log perspective is, man, I could I could take a good guess at what that file name might be. but I don't know unless I can get some DLP markers or look at the content itself. Yeah. What are the most fruitful log sources? Because as I say, you're taking in a bunch of very quite different logging, right? From the IDP, from SAS, from your own environment, from 365 or whatever. I guess, what are the most fruitful combos there? Because you always hear about people, oh yeah, it's a long tail of different stuff that you can ingest, but usually there's a couple of things where you're just like, no, you absolutely have to use this and this. And that gets you like, you know, it's like the rocks in the jar, you know, you start by putting the rocks in the jar and then the pebbles and then the sand, you know what I mean? To fill up the jar. What are the rocks that go in the, in the, in the jar for this sort of detection? Exactly. Yeah. So I would say, you know, where do we see the attackers most? That's the places you want the logs from. So your, whatever your federation source is, right. Whatever IDP you have, Okta, Entra, whatever, better make sure you're getting great logging from there. And then you're going to go right to your SaaS platforms of interest. So what are ones getting hit all the time? Your Google Workspace 365, those types of suites of product for sure. But then Salesforce, we know a lot of Salesforce stuff going on. Salesforce logging is kind of atrocious if we're being real, but they're necessary. You need to look at them. uh, snowflake logging. You need to see what people are doing there. Um, right. The places where people go, you need to make sure you have logging, um, endpoint logging, uh, oddly in a lot of these cases ends up being almost useless though, because in most of these scenarios, they're not sitting on one of your endpoints, right. They're sitting on their own. Um, so it becomes a weird, a weird case where, you know, me coming from the Mandian background, I'm like, I really want some, some good endpoint investigations again. And I just don't see as many as I would, I would hope. Well, it's kind of becoming irrelevant. I was literally having that conversation with a friend of mine, like yesterday, about how like, well, you know, endpoint security has been the bread and butter, like money wise for InfoSec for so long. But it's like, let that rowboat sink, because we're getting a new yacht, you know, like it's all very much changing. But I also wanted to ask you, you know, we're talking about AI just a moment ago. One of the tricky things at the moment where a lot of vendors like yourself are having to retool or just, you know, refocus a little is you got to work out when a user is using an AI agent with their own credentials to perform a certain task, right? Because knowing what a user is doing versus what one of their helper agents is doing is becoming more and more important. You actually have, you know, the way you're chipping away at this is actually kind of interesting because you're doing stuff like looking at user agent strings and whatever, which I mean, I think for now is going to be perfectly fine. Later down the line, when people are using agents maliciously, they're going to start faking user agent strings. And we're in a whole different kind of weird detection and evasion war. But currently, that's kind of how you're doing it, right? It's like certain behaviors and agent strings and whatnot. Yeah, right. I guess maybe it's the detection background in us, right? But when a lot of our clients want us to help them measure adoption of AI. And how do I do that? Well, I kind of look at the same data set and I look for markers of AI. Well, if somebody's using Copilot, there's a log event for that. If somebody is summarizing a chat in Slack, there's a log event when that's occurring. When somebody installs OpenClaw on their system, there's some file artifacts that are made. When someone connects OpenClaw into Teams or Slack, well, it uses a particular user agent when it goes in. So there's just so, I think you just have to be flexible about the ways that you can look like detection, right? Sometimes I need request parameters. Sometimes I need a user agent to do the type of detection I need. I need to be able to look at all those log sources, pull out what those markers are as signals, and then start labeling the identities that are doing them. We'd use badges as our terminology there. So I badge people as you're an AI user or you're an AI agent or you're an AI builder based off of these things that you're doing, not just your configuration, but what you actually do. Has there been much customer demand for actually trying to untangle all that? Oh, for sure. And it's weird. It starts off traditionally like, hey, first we just want to know who is even doing anything AI related. It starts very nebulous like that. And then immediately after we're able to answer that question, the client's next one is like, well, so what? Now what do I do? So now we apply our normal exposures type of framework for it. Well, here's some AI identities that also have access to sensitive data. Do you care about that? If you do, great. Let's go reduce the risk on those. Or here's some overprivileged identities that are doing something in AI. But ultimately, we always get to kind of like, now is anybody abusing it? Who's doing shadow AI usage? Well, shadow AI, when I have the IDP logs, right, where I can say like, oh, I can see who federates into ChatGPT or not. But I also have their endpoint logs. So I can see who's using ChatGPT and I didn't see a federation event. Okay, that's a shadow AI user, right? That's somebody who's using their personal account. They're not going through the prescribed path. Man, I know that this is a big one because when I talk to Island, the browser maker, that's what they want to talk about. We find shadow AI. When I talk to Push, they talk about that as well. We find shadow AI. Now here you are, Ian R from Permisso, talking about how you find shadow AI. So I'm going to infer from this that this is something that there is market demand for and everybody wants. But look, we're going to wrap it up there. We've run out of time. Ian, Arl, thank you so much for joining us on Risky Biz to, yeah, I guess throw out some ideas there for how people can think about doing detections on groups like Shiny Hunters. And also, I guess, how they might think about building some detections as well for when a user is in fact not a user, but is in fact a little lobster claw. Pleasure to chat to you, my friend. Cheers. All right. Thank you so much. That was Ian Arle there from Permisso. Big thanks to them for that. And that is it for this week's show. I do hope you enjoyed it. I'll be back soon with more security news and analysis. But until then, I've been Patrick Gray. Thanks for listening. you