Transcription

Speaker 1 (00:03):

Hello, thank you for joining us. This is Chris Kimball at Wolf guard it and, uh, Lance at you and I computers. And today we're going to talk about the latest thing in the news, uh, besides, uh, crypto he, uh, colonial pipeline hack that that just happened. And so we just wanted to just have a quick, uh, kind of fireside chat style about this turn, to answer a few questions about what's going on, uh, what happened, how they got hacked, some of the news that we're reading and talk to you guys about, you know, how you guys can protect yourselves from this. So, yeah, Lance, thanks. Uh, for joining, um, you have any opening comments or anything on this,

Speaker 2 (00:48):

Uh, you know, it's, it's interesting to see this unfold. Um, it, it's not, you know, for us, you and I, you, you and me, it's not surprising, you know, we kind of see this stuff all the time. And so, uh, but it's interesting to see, uh, how the, uh, the ransomware, uh, threat actors, you know, the bad guys, how they kind of evolve their practice, right. Because they just get better. Um, and, uh, they're doing things more like a business all the time, and it's interesting to see that. Um, and then how these companies react to that.

Speaker 1 (01:22):

Yeah. It's interesting that you say that, uh, acting more like a business, and I totally agree on that. Um, you know, the, the main hacker group that's supposedly behind us is his dark side and the way that they see this as a money-making business model and, um, called ransomware as a service, and basically they have hackers that will sign up with them and share profits with them because they are creating dark sites creating like the, the ransomware. Um, what would you call it, Lance? Like, uh, package tied. Yes. Right. Yeah. Yeah. And they charge people to use their package to deliver a ransomware, um, you know, to, uh, to different businesses. And then yeah. They share in the profits together. Yeah. So, I

Speaker 2 (02:07):

Mean, it's exactly like real business it's, I mean, it's, that's how real business works. Right. And, and it's, it's interesting to see them taking it that seriously, you know, just a handful of years ago, it wasn't anything like that, you know, and it, it was, it was also much easier to defend against and now, and they are, they're in it to win, you know, they're in it to, uh, you know, attack, you, get your stuff, extort you for it. And you know, now I, I'm reading more and more and seeing unfortunately more and more aware, they expect you to have the backups, you know? So because more companies do, you know, after it kind of got a little more high profile, people were actually paying attention. It's like, okay, we weren't backing up before we have to now, well, they expect you to have that now. So they still want to get paid. So now they're saying, well, if you don't pay us, we're going to go release it everywhere because you can't stop them from doing that. Uh, so the name of the game is starting to change to what are you going to do to keep them out, to begin with?

Speaker 1 (03:05):

Yeah. There was also another thing recently in the news. I can't remember the details, but I think it was like a police department or something that, that got hit and they refused to pay the ransomware. They wanted, I think it was like 4 million, or I dunno, something like that. And they said, we'd pay you a hundred thousand. Won't pay you more. So they said, fine, we'll just release all the, your information that we captured to the public. And they're like slowly re releasing it out in stages. So it's yeah. And you know, no one is, is a hundred percent safe, but there's a lot of just standard best practice. And I know there's a lot of different talk into how this hack happened. I think you read one article, it talked about one thing, um, possibility. And the one that I read said it could have been related to a local exchange server. That's had a, a known vulnerability, uh, for people to take advantage of since I think it was like, what early last year. Uh, and they were saying that was never patched on this exchange server, if that was the actual cause or not, you know, they're still testing, but, uh, what was the one that you read?

Speaker 2 (04:16):

Yeah, I I've been reading, uh, some people saying they're close to the situation, which of course until the official findings are out, you know, no one knows for sure. Right. But, uh, they were saying that I came to the billing system, um, which, uh, in line of large corporation where you're going to have, um, things like, like this, where you have fuel and you have infrastructure controlling that that infrastructure is usually fairly brigaded because it's very specialized that it doesn't talk to other other systems in a traditional kind of a network way. Um, and it's very sensitive to things not being just right, right. And it has lots of moving parts, lots of things going on, but the billing system is going to be more generally like, like your average network. Right. And, and so more connected to the internet, more, have an average users on it and do an average user things.

Speaker 2 (05:08):

Uh, and therefore, unfortunately, highly more susceptible to having an attack like this, be perpetrated if all the right pieces aren't in place. Um, I probably, uh, believe that, I mean, who knows. Right. But I think that's going to be highly more likely to be the vector, uh, something like that, because there's, I mean, there's just so many ways that you can get infected nowadays if you don't have the right pieces in place. And the sad thing from my point of view is it's relatively easy to keep most of the stuff at bay, but if you don't have the pieces in place, it's almost impossible to keep it at bay. Yeah. And what

Speaker 1 (05:48):

I, what I see a whole lot, you know, um, when we start doing it for a new company and doing the onboarding and discovering everything is how often you go in and you find that accompany, uh, their previous, it, they just had a firewall and antivirus, you know, and that's just two of the layers that, you know, like, uh, uh, you know, a house, if you want to be, uh, very secure, you know, you have a fence around your perimeter and they hop over the fence. What else do you have? You know, are they only going to go through the front door? No, you know, there's back doors, garage, windows, and the same with security. Um, and not that you're always going to stay safe, but it's, it's pretty easy to provide, you know, standard security, best practice, cover your layers. And at least be so much more secure than just having two security items, firewall and antivirus. You know, it just doesn't come in here enough of the entry points.

Speaker 2 (06:53):

Yeah. It's something that, that I keep noticing is since so many of the attacks now are automated. Um, if you make it hard enough for the bad guys to come after you, they're going to focus their attention elsewhere. You know, that the automated stuff's going to come by, it's going to see if you're sleeping on the job. It's going to see if you've got, you know, remote desktop, open to the world, you know, just the, the real, real, basic stuff. And when it sees that you don't ha when it sees that you have got the right pieces in place and you don't have these holes well, it's, you know, it's not going to report back. Oh yeah. You know, this person's company they're wide open, ready to go hit the go button and we got through it, right. It's going to take a much more targeted attack. Not that that won't happen, but the likelihood when you're not showing all these vulnerabilities of being been subjected to a targeted attack is so much lower because believe me, they want the low hanging fruit. They want to go after the companies that are going to pay. And that have, you know, that, that are easy Pickens, you know, it's, it's, it's, there's like business, right. You know, they're going to go after the targets that are, that are easiest

Speaker 1 (08:05):

With the biggest payoffs. Right.

Speaker 2 (08:06):

And you can make yourself not an easy target, uh, if you've got the right stuff in place. Yeah.

Speaker 1 (08:12):

Yeah. And I think, you know, I talk with some people and they say, oh, well, I'm just a, nobody, no, one's going to be coming after me. That's not how they look. They do all their like scans or, you know, just throw out these tools, see what picks up and then they'll maybe check it out further. So if you cover your bases, not that again, you'll never get hacked, but just greatly decreases your chances. Yeah. I have other looking at who they're hitting, they're just looking for what they can easily get in. You had a

Speaker 2 (08:43):

Talk on this just on Monday. I'm going to have another one coming up here in a couple of weeks, um, where I basically talked about the same thing. It's like, it's not like it was several years ago where you kind of, kind of had to be targeted or you just had to have users that would just click on everything, you know, in order to actually have something bad happen. And even then it was easy to recover from. Um, now it's, it's just not the same anymore. So yeah. I

Speaker 1 (09:09):

Can't remember the exact exact percentage. Um, but a statistic I recently read, was it somewhere around like 90 to 95% of the method that ransomware comes in through his email attachments or email messages. Yep. And so just another example of, uh, you know, these other different security measures you're got to have.

Speaker 3 (09:30):

Absolutely.

Speaker 1 (09:33):

Um, so I guess kind of things that take take from this is all a security best practice, make sure your, your it company is, is actually patching your systems and keeping up with that, um, make sure that they had, well, you know, security best practice in place. Um, and always have those backup cups.

Speaker 3 (09:52):

I mean, absolutely.

Speaker 2 (09:54):

If, if you've got a current it company, you need to ask them, you know, how are we protecting, you know, our, our desktops, our servers, if you have them, how are we protecting our email? How are we educating our users to make sure that, that something like this isn't going to happen to us. And, and if your it company that you have right now, if they don't have an answer that sounds good to you or something that's like, yeah, let's, let's get that going. Then you need to be shopping. You need to be looking because at the end of the day, if you run a business, it's your business, it's your business, you know, your, it can protect you to a certain degree, but the buck stops with you. And if you don't have, um, the right stuff in place, but you're not also looking to get the right stuff in place. Well, you know, it's not the it companies, you know, data, that's going to get compromised. It's yours. Yeah.

Speaker 1 (10:44):

And you can, you know, ask for reports. Um, you know, there's one thing you can do if you really don't know, you know, it is not your area at all. Ask them for a report, you know, come give me a cybersecurity report. Tell me, uh, my different layers, you know, are you covering on email and firewall virus? And I mean, you should have at least what about like five or six

Speaker 2 (11:06):

At a minimum? Yeah. You know, because email itself has kind of like three layers all by itself, you know, just for the basic checks, you know? Um,

Speaker 1 (11:16):

And not thinking about HIPAA and, you know

Speaker 2 (11:18):

Yeah. That that's, you know, way huge way huge. Or if, if you've got compliance that you have to adhere to, it's a, it's a whole different ball game and chances are you probably already have a lot of that in place because you have to, in order to hit yes. On those check boxes. Right. Um, but if you're not, then maybe you don't know the things you need to have in place, and that's where you need to be asking the questions.

Speaker 3 (11:40):

Yeah. Sounds good.

Speaker 1 (11:42):

All right. Well, thanks again, Lance. I know you've been on like this before and always appreciate you coming on and sharing your knowledge.

Speaker 3 (11:49):

Thank you. All right. Take care. Everybody be safe.