CyberWire Daily - Pass the intel, please. [Only Malware in the Building]
Episode Date: November 28, 2025Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interestin...g threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore what makes information sharing actually work. From public-private partnerships to actionable intelligence, our guests discuss how organizations can prioritize, process, and operationalize shared cyber threat data to stay ahead of emerging risks. Plus, catch Dave, Selena, and Keith on their road trip adventure in our video on YouTube — full of laughs, unexpected detours, and plenty of sleuthing! Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
AI agents are now reading sensitive data, executing actions, and making decisions across our environments.
But are we managing their access safely? Join Dave Bittner and Barack Shalef from Oasis Security on Wednesday, December 3rd, at 1-Py,
Eastern for a live discussion on agentic access management and how to secure non-human identities
without slowing innovation. Can't make it live? Register now to get on-demand access after the event.
Visit events.thecyberwire.com. That's events with an s.thecyberwire.com to save your spot.
What's your 2 a.m. security worry? Is it, do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual works, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralized,
your data and simplifies your security at scale.
And it fits right into your workflows,
using AI to streamline evidence collection,
flag risks, and keep your program audit ready all the time.
With Vanta, you get everything you need to move faster,
scale confidently, and finally, get back to sleep.
Get started at Vanta.com slash cyber.
That's V-A-N-T-A-com slash cyber.
At Desjardin, we speak business.
We speak equipment modernization.
We're fluent in data, digitization, and expansion into foreign markets.
And we can talk all day about streamlining manufacturing processes.
Because at Desjardin business, we speak the same language you do.
Business.
So join the more than 400,000 Canadian entrepreneurs who already count on us.
And contact Desjardin today.
We'd love to talk, business.
Follow signs for I-95 South.
You realize we're late again, right?
Selina's going to kill us.
I told you I had to do a dip check.
You can't show up to the Fisci Awards without the proper dip representation.
You brought like half the grocery store.
Keith, preparation is key.
Nobody likes a dry chip.
Dude, can I, can I, can I have a chip?
Absolutely not.
Turn left onto Diagon Alley.
Your destination will be on your left.
You two are unbelievable.
I told you to leave early.
Now we're going to be late and we're nominated.
We did leave early.
Then Dave decided to run a full audit on condiments.
Quality assurance is everyone's responsibility.
If we went tonight and I can't give my acceptance speech, I'm blaming you two.
Dave, check to see if they're covering the words pre-show on the radio.
Hey, this is pretty catchy.
I mean, it is, but it's not what we're looking for. Keep scrolling.
Three of the zero days are actively being exploited.
Well, hello there, and welcome back to American Top 40.
It doesn't sound like it's on yet.
Dave, can I please have a chip?
No, stop asking me.
I had a temp job out of college.
I don't think they're covering the red carpet yet.
Maybe we'll make it after all.
Dave, the clock literally says we're 20 minutes late.
But in cybersecurity time, that's basically on schedule.
Exactly.
Besides, we've got great tunes, solid company, and six dips in the
the back seat. What could go wrong?
You know, when I agreed to
come tonight, I didn't think we'd be driving
your antique mobile, Dave.
Antique! I will have
you know this is vintage. Classic.
Timeless!
Timeless? Like a typewriter
in an office full of laptops.
Hey, this typewriter has gotten us through
a lot of traffic safely.
Hopefully that's true for tonight, too.
Dave, if you're going to be eating while
driving, at least you could give me
one chip. No.
These are ratioed, one chip per dip swirl.
System integrity.
Dave, both hands on the wheel.
Relax, it's a controlled dip environment.
You're actually gate keeping the dip?
Yes, chain of custody.
Just one.
Keith, let go of the chip.
Then give me one.
You two are going to make us late and headline the traffic report.
You owe me guac.
Worth it.
All right, no more fighting you two.
Let's just ride the rest of the way in silence.
Next year, I'm taking an Uber.
Hello, everyone, and welcome to only malware in the building.
Today with my co-host, Dave and Keith,
we are going to be diving into information sharing and public-private partnerships.
It is November. We're giving thanks.
We're thinking about the ways that we are thankful for our different partnerships
and different information that we're able to share back and forth with the wonderful,
wonderful cybersecurity community.
So why don't we go ahead and kick us off?
And part of the reason why we're inspired to do this episode is because, Keith, I just
recently saw you.
This is very exciting.
Yeah, it was amazing.
So we're halfway around the world.
We're at Europol in the Netherlands, and all of a sudden we're at a conference, and I'm looking across the room, and I'm like, hey, there's Selena.
Exactly. Hey, there's Keith. And I had no idea that you were going to be there. It's one of these lovely little kismet moments that are happening all the time at conferences.
And one of the topics that you were talking about and speaking about at the conference was how public-private partnerships work and how they can actually contribute to doing things like takedowns or,
impacting operations or sharing with the private sector to be more resilient and secure.
Yeah, and everybody's always talking about sharing public-private alliances, sharing threat
information. And so, you know, when we were getting together, Dave, we were like,
we should talk about this on some of the obstacles, good ways to be able to share information,
some of the concerns that people have, and really kind of the right way to do it.
Because if you don't do it right, it's just kind of worthless. So Celina and I, we got
together. We're like, hey, this sounds like a good topic. And I'm sure, Dave, you probably
have a lot of people that come on Cyberwire that talk about public private alliances and sharing
information as well. We do. I'm curious, though, like, my take is that public-private partnerships
are kind of like karaoke. Everybody's enthusiastic until it's their turn.
I will have you know I am enthusiastic even when it is my turn for karaoke.
Yeah. Well, truth be told me.
Me too. In fact, they have a hard time pulling the mic away from me.
I know. We got to vaudeville you, Kainoff.
It seems like everybody wants everyone else to go first when it comes to information sharing.
Is that an accurate assessment?
Yeah, I think so. And then, you know, sometimes the government is they're a little too broad
on what does information sharing actually look like, you know, nobody wants, you know, when somebody
comes in goes, hey, we're the government, we're here to help, give us all your information.
of people like, well, wait a second, backtrack a little bit. How are we going to do this properly?
So we thought we can kind of cover maybe some of the genesis of how this started and where things are
going and kind of how, if you want to get involved in information sharing, maybe how you could
start with your company or just you as a researcher. Yeah. Can we start with some of the history here?
I mean, Keith, your time back with the FBI, were you with the agency at the outset of some of these
programs?
From an FBI perspective, one of the main information sharing places that they set up was called
the National Cyber Forensic and Training Alliance, in my hometown of Pittsburgh, of course.
My boss at the time named Dan Larkin, he was kind of a visionary, and he was the national
white collar crime and cyber supervisor at the Pittsburgh field office.
And he was looking at Pittsburgh at the time and said, well, you know, we have some good banks like PNC and Mellon Bank.
We had the cert.
At that time, that was the cert, the main cert in the United States there at Carnegie Mellon.
You had great universities at the University of Pittsburgh, Carnegie Mellon, Penn State.
And then down the road, you had the Internet Crime Complaint Center, which was recently.
receiving all these fraud complaints.
And so he was saying, well, how could we kind of bring all those things together and kind of
tackle this emerging thing, you know, of cybercrime?
So what he was able to do was set up a nonprofit, which became the NCFTA, and kind of had
to be like this neutral space.
So it wasn't owned by the government.
It wasn't owned by any company or any academic institution.
And then this way, you can kind of come together and share cyber threat intelligence.
What was the response to that?
Did people embrace it or was there a certain degree of skepticism?
Well, naturally, there's always skepticism from sharing with the government and, you know,
what are the controls?
Because most companies are thinking, well, I don't want to, I can't disclose my customer
information or the PII.
or I don't want to talk about a intrusion that we had and be on the front page of the New York Times,
you know, saying, hey, we have bad security control.
So there is a lot of animosity or concern really at the beginning of doing that
and to make sure that you kind of do it right.
And Selena, you want to kind of like talk about like some of the concerns, you know,
that you would have them sharing things with it with the government as well.
Yeah.
So I think when it comes to information sharing, there are a few ways.
that you can think about it from both an independent contributor and threat researcher perspective
as well as like a company and private company perspective. And I think, you know, a lot of times
people are definitely concerned with sharing information because they don't want any PII to
be leaked and they don't necessarily want to get involved in a case or something like that
where it kind of gets big. And then also too, people kind of just want to deal with it themselves,
right? Like we just, we want to, we want to keep this in house. We
want to, we don't really want to talk about it. We don't want anyone know in our business, right?
Like, no one wants to be a center of gossip, whether it's about a cyber attack or, you know,
how many dips you ate at a party, Dave.
Hey now.
So, so that's part of it. And also, too, I think that the question of, of what is actionable and how is
this information being used? I think historically, there hasn't necessarily been a broad understanding
of, okay, what, what is happening with this information and what's going on with it?
what is happening with this information? If I give it to you, what is it doing? But what I think
has been really cool over the last few years is there has been a lot more visible public-private
partnership and collaboration. And one of the things that I like point to is Operation Endgame,
for example, where there was a lot of private sector companies like security companies who
collaborated with international law enforcement to do some very major takedowns of some of the
most prominent botnets and loaders that would lead to ransomware.
That would not have happened without everyone coming together and sharing their information.
In the private sector, every company has unique visibility.
No one is looking at all of the same information.
And that goes the same thing for the private sector, right?
The U.S. government sees a lot of different things than what the private sector does.
At ProofPoint, we see tons of initial access.
That's where we live and breathe and email.
And my team in particular is email specific.
And so, you know, we're seeing initial access.
And then we go dark.
so we don't have any, you know, post-exploitation visibility.
And that's why it's important for us to collaborate with other threat restrictors, for
example, and other companies.
I'm like, for example, we've collaborated with the Defer Report where they see the full
attack chain and they can say like, okay, you guys saw this initial access piece.
Here's what we saw as, you know, follow on compromises and here's what it led to.
And I think that, you know, oftentimes when we think about information sharing, we think
about it behind closed doors.
But one of the most important and useful ways of information sharing is making stuff
public and saying, you know, here's my research on this. Here's all this information. I'm,
you know, putting it up on GitHub or I'm putting it up in a blog. And I'm sharing this information
to the broader community. So it can be like, okay, I can take action on this regardless of whether
I am in law enforcement or if I'm a private sector person or if I'm just an independent researcher
that wants to learn more about this particular threat.
Yeah, I think it's really important. Like you had mentioned Operation NG.
game that you really focus on something specific that you want to share on because it's not like,
hey, we want all your data.
Nobody has the time to go through all the data anyways.
But if you know that, you know, that this particular piece of malware is going to affect
a number of people, then you can pull those teams together and share that specific information.
You know, like so if somebody has that initial access, maybe somebody knows how to reverse
engineer the malware and come up with a solution.
to bring it down.
I got to share one of my favorite stories since you had talked about with Operation Endgame.
When we did the core flood takedown, which we brought a whole bunch of people to do that,
it was so funny.
We were practicing on how we were going to do this takedown and eliminate it.
And we were going to send a stop command from one of the C2s that we took over.
We were testing it, testing it and testing it.
And we had to make sure there weren't going to be blue screens of death all around.
So we had to go to the attorney general and present our solution.
And he's like, okay, well, sounds really good.
But just remember, guys, if you break it, you bought it.
And that was the last thing.
Did he signed off on board to be able to do it?
So I'll never forget that.
Oh, wow.
If you break it, you bought it.
So what are the practical implications of this?
If I am an organization, let's start with the private sector.
I'm in a private organization.
And I recognize as, let's say, a security professional within that organization that this is worthwhile.
How do I make that case to the powers it be, to my board, to my boss, that us putting time and effort into this sort of collaboration is going to pay dividends for us as an organization?
Yeah.
So I think first is if you were going to be messaging.
your board or trying to get the lawyers on board, you need to talk about why it's a problem
to your company and why being part of the greater good will actually help impact and actually
make your company safer. Everybody only has so many cycles in the day. And now you're telling me
you want to spend extra cycles now working overtime to kind of help the government or help this
team. So what does it really mean to the company? Why is it a problem? And also, if you're part of
the takedown, you know, you may get your name on, you know, the takedown press release that you
helped. So that could be good publicity on that your company is part of the greater good of policing
the internet out there. So I think that's kind of where I would start first. And then you can start
talking about what types of information that you could share. And I think the government looks at it,
you know, from a standpoint is share whatever makes you comfortable. And then, you know,
let's build that relationship, that trust, and then share more whenever you feel more comfortable.
But really just kind of start out sharing what you can as part of this project and lend your
expertise and let's see if we can't make a collective win.
Well, I think so, too.
There's other options, right?
Like, I think a lot of times we think about information sharing as, oh, I'm going to share with the government.
There's also, for example, like nonprofits, like the Cyber Threat Alliance is like a collective
for information sharing can be very beneficial, right?
because they're like, you're sharing, and then you're also getting information back before it gets
public, often in many cases. And so you can, you know, be prepared. And so you can add that additional
layer of preparation within your own product and services or, you know, from a researcher
perspective, like, this is what I have to be focusing on or like, no, that's coming up. From more
of like a public-private partnership, there's also ways to do like notifications. If it, you know,
if it's like really open and collaborative, be like, oh, have you seen this? Or like, it's a way to
kind of say, like, is this unique to me and my organization, or is this a broader problem
that's affecting all of the industry? And it can help kind of be a way for collective defense
where we have a better understanding, certainly all of the ISACs, information sharing,
ISACs that are set up for different industries. That is a very, very useful way for organizations
to get involved in information sharing and getting to know their peers within the industry.
As a researcher, and from that perspective, one of the best things about information sharing is it helps me get to know other people within the community and what they sort of specialize in.
And like, what do you know about that could potentially help with my research or with community defense?
And how can we share this information?
How can I operationalize it within my organization or with you?
Or, you know, we stumble across something.
And it's like, hey, do you know anyone that might be able to help me with this or that might be.
find this very beneficial, even when things are made public, there can be a big lack of awareness.
So even having that avenue for saying, hey, I just want to make sure that everyone is aware
of this as a way to communicate and have like a central repository of information, an example
of like from like a tactical intelligence perspective, like mitre attack. Having an existing
framework where intelligence is shared really condensed down into actionable pieces that all
of the community can access with mitre attack. It's like, we see this technique. We're adding it to our
database. We have defenses that are available. And it's really like a one-stop shop for you to be like,
okay, I see this happening. I need to know how to take next steps and next actions. I'm going to
consult this database or I'm going to consult this group that I'm in as a way to get more
information about this and how to protect myself.
You're right on key on that, what you were just saying, because as an FBI agent,
what I wanted is I want an industry to tell me what I should be working on.
You know, there are so many different things that you could be working on out there,
and you only have so many cases that you could work.
So if you're telling me that, you know, that this botnet or this ransomware group is the
worst of the worst and that's where I should be focusing on, that really helps me with my
targeting and then to be able to leverage the expertise from the industry working groups
because everybody has that different layers of visibility that could help me to focus on
where I need to do search warrants or where I need to send legal process or just to really
understand the threat and I get victim notification out. So really as an agent, the industry is really
the eyes and ears of where I want to focus.
From Fishing to Ransomware, cyber threats are constant, but with Nordlayer, your defense can be too.
Nordlayer brings together secure access and advanced threat protection in a single, seamless platform.
It helps your team spot suspicious activity.
before it becomes a problem by blocking malicious links and scanning downloads in real time,
preventing malware from reaching your network.
It's quick to deploy, easy to scale, and built on zero-trust principles,
so only the right people get access to the right resources.
Get 28% off on a yearly plan at Nordlayer.com slash Cyberwire Daily with code Cyberwire-28.
That's Nordlayer.com slash Cyberwire Daily, code Cyberwire-Daily, code Cyberwire Daily,
code Cyberwire dash 28.
That's valid through December 10th, 2025.
Most environments trust far more than they should, and attackers know it.
Threat Locker solves that by enforcing default deny at the point of execution.
With Threat Locker Allow listing, you stop unknown executables cold.
With ring fencing, you control how trusted.
applications behave. And with Threat Locker, DAC, defense against configurations, you get real
assurance that your environment is free of misconfigurations and clear visibility into whether
you meet compliance standards. Threat Locker is the simplest way to enforce zero-trust principles
without the operational pain. It's powerful protection that gives CISO's real visibility,
real control, and real peace of mind. Threat Locker makes zero-trust attainable, even for small
security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue,
stop ransomware at the source, and regain control over their environments.
Schedule your demo at Threatlocker.com slash N2K today.
How much of this goes on behind the scenes, the back channels, the, you know,
the group chats on Signal, how important are those in this whole effort?
Oh, it goes on all the time.
And it's all built on trust, you know, so it's really building these personal relationships
and understand who does what in what company.
You know, there's like when we were at Europol, it was like a high school reunion.
You know, we're just going through and it's just like, hey, I haven't seen you.
ages. We haven't caught up in real life in a long time. It's such a small community,
even though you think of all the security researchers are out there, there's thousands of
them. But everybody knows everybody. So it was just really good to get together. And you hear
what people working on. And you may say, well, hey, I may have something that can help you out.
And so it's just like this build on personal relationships. Well, and I think, too, it can be a
catalyst for a furthering and understanding of cybersecurity in general.
And Dave, I don't know if you hear this from guests on your podcast, but I think a lot of times
people in our industry are a little bit frustrated with the sort of lack of understanding
of cybersecurity issues from law enforcement or policy or like decision makers or even
within companies, right?
Like, is that something that you hear a lot where it's still kind of this like little
bit of a black box where there's a, there's a gap between the people that are doing the work
and knowledgeable about things
as then the people that are making the decisions
whether it's policy or
business decision making
and I think that that's where information sharing
can really help close that gap.
Yeah, for sure.
I tend to refer
to it as a translation layer.
You know, like between
the folks who are talking tech
and the folks who are talking business risk.
And there has to be
somebody who speaks both of those languages
which is like the old joke
about the U.K. and the U.S.
that is two nations separated by a common
language. And I feel like
somehow... I'm experiencing that right now
over in London, Dave.
Quite. Quite.
Right. Belt or braces.
So there's
those kinds of things.
I'm curious
how much
of a responsibility we think
the government has to enable
these things because
you know, as we're
recording this, we are still in the midst of a government shutdown, and as part of that,
the SISA 2025 legislation, which provided coverage for protection for organizations who are
sharing from liability is in limbo right now. It's technically expired, and I think a lot of
organizations are still in good faith sharing, hoping that it will be reinstated retroactively.
but I think it points to the fact that organizations need these reinsurances from the government
that they can share without risk of repercussions.
Yeah, that's important because when I was at the FBI,
I thought everybody shared with the government willingly.
And then I went to EY and it was just like every time, you know,
we were doing an incident response or whatever, it was like, nope, nope, we're not giving this.
We're not calling the FBI.
We're not calling the Secret Service.
You know, so those...
Keith, put down that phone.
Yeah.
So it is, you know, those protections in place are just vital because without them, probably 90% of legal counsel is going to say, no, hey, yeah, we want to do the greater good, but at the same time we have to protect our company.
We need to make sure that we're not liable for anything.
You know, once those protections are in place, we'll continue to do it.
but it's really essential that that gets taken care of.
Well, and I think right now we're in a time of a lot of success of public-private partnerships
and seeing some of the wins, I think, has been really great,
especially when it comes to cybercrime.
So I think historically, you know, there's been a lot of focus on espionage and nation-state activity
and spying and that sort of thing from a collective defense perspective.
But I think right now, over the last couple of years, it's been,
really heartening, I think, to see the information sharing and the collective defense and
collaboration from a cybercrime perspective. And it's led to some really big wins, you know,
even if it's sort of like a temporary disruption, and if you look at, for example, like the Luma
Steeler take down recently with Microsoft and law enforcement collaborating on that, it did have a really
big impact. It was, you know, it was a little bit limited and, you know, Luma Steeler kind
of bounced back a little bit. But even those cases can have significant impact on
the operators themselves, the ecosystem, selling distrust, you know, having these questions
in the threat actors' minds of like, is this really worth it to me? Having to impose costs,
like literal financial costs, as well as the time cost and the reputation cost can be massive.
So right now, public-private partnership is essential in combating everything from cybercrime
to, you know, this sort of nation-state activity. And threat actors are not slowing down. They're not
going anywhere. And it's really important for organizations to feel confident in sharing that,
you know, critical threat intelligence because really collective defense from both the national
security perspective, but as well as like a business risk and resilience perspective is really,
really a cornerstone of that is in, you know, information sharing and making sure that everyone
is aware of these threats. Yeah. And it's important, you know, that nobody has complete visibility.
So you have to share the information in order to get the complete picture.
I know you had mentioned, you know, that there are a number of information sharing on the cyber crime side.
But there is one called a National Defense Cyber Alliance down in Huntsville that is really put together for those national security attacks as well.
So it's not as widely known as maybe some of the other like ISACs and the NCFTA and others bit.
It is kind of sprouting and growing as well.
Selina, I'm curious, you know, you and your colleagues at ProofPoint publish a lot of research.
How much do you find that that sparks conversations with other folks in the industry?
When you publish something, do you get a bunch of responses from that and say, hey, you know, I saw what you published and we think we might have something related here?
Oh, all the time. It happens all the time. It's great. And that's why I like publishing stuff because, you know, we want more information.
So publishing information begets more information. It's fantastic. It doesn't happen like with literally everything we published, but almost everything we publish, I have to say. And in a lot of cases, you know, we'll reach out to our information sharing partners ahead of time. Be like, do you guys have any visibility into this? What are you seeing? How are you responding to this? So recently earlier this year, my colleague and I published some details on remote monitoring and management abuse as being delivered.
delivered as a first stage payload. So we see, of course, a lot of the first stage email threats
being, you know, RMMs being dropped that way, which was very unique. But we're like,
okay, but what happens next? And then also are these RMMs that are being delivered as a first
stage payload? Are they different than the ones that are being used post-compromise? So once a threat
actor actually has access to an environment, are they using the same tools or different tools to move
laterally? We reached out to our partners at the Diva report at Red Canary, you know, other
folks in the industry to be like, hey, like, what are you seeing? And how is that tying into
the RMM narrative and the conversation? And so we ended up, you know, publishing some details
and Red Canary has some fantastic information about RMMs that they also have published and
made available. And then certainly, you know, with deeper report, they do deep dives into the
attack chains and say, okay, you know, looking at this. And a lot of times when a company will
publish information about a particular attack chain that's happened post-compromise, we can go back
to our data and be like, oh, we saw this activity.
Like, this is related to this threat actor from, you know, this August 20, 25 campaign.
So we know now that this RMM is dropping this particular malware because of information that
was shared from the community.
And so it's really important to not only, you know, be open to collaboration, but also, you know,
if you can, share what you can with people.
And what I have found is that fellow researchers are so open.
It's really great because I think, you know, most of us are in this industry.
because we care and because we want to do good and we want to have, you know, a safe world
and contribute to collective defense, whether that's, you know, we work for the government or
whether that's we work for a business or whether that's, we run our own security consultancy,
right? Like I think a lot of us are driven by that community idea of, you know, we want to
protect each other. And so I think that that really shows how beneficial it can be when people
do push stuff out there and be open with sharing back.
Keith, what about moderation?
I mean, like, did you ever run into folks who were kind of oversharing
and you had to ask them to dial it back?
You know, like, I'd stop calling me.
No, no, I don't think that ever have everything in moderation, though, Dave.
Just remember that's the key of life, everything in moderation.
Except for dips, except for dips.
But no, no, I think, you know, again, just,
you know, share, share what you can.
And I mean, I guess sometimes, you know, you got a little too much.
And I would say back to somebody, I got enough right now.
Just, you know, I'm good with what you got, you know, what you gave me, but I'm good right now.
But I don't think that happens too frequently.
You know, if you're sharing, especially when you're like as part of like, like the NCFTA or the CDA or, you know, those ISAC, if you're sharing that information, changes are, you know, like, let's say you're a financial institution.
and you're sharing thread information that you're seeing,
chances are another financial institution
is going to get hit in a month from now.
So that could help them with their defense.
You know, because maybe like if you're like a, you know,
a big top five bank, you're going to see the tax first.
And then the smaller credit unions are going to see those in, you know,
eight to ten months.
So if you're sharing that information,
you're really helping the greater good, you know, down the line as well.
Where do you suppose we're headed here?
What's the future look like when it comes to information?
sharing? The one thing that I just want to say is, you know, we've been doing this a long time.
You know, over 20 years we've been sharing information. And my one pet peeve, Dave, is that I go to a
lot of conferences and new people that have come that have just been around for one year or two years,
they go, hey, we need to do information sharing. We need to, but it's like, we've been doing this 20
years. We're not reinventing the wheel. So I am hoping that in the future, in these next couple
years that people will be talking about it, that this is just part of how we do business on the
internet and how we do business as the white hats and the greater good. And this isn't something
new that we need to talk about all the time because it's just being like air. You're just
breathing and you're doing it naturally. So that is my hope. I hope we get there. Well, I think
right now is a very interesting time for information sharing. Dave, as you mentioned. So my hope is
that people continue to realize the value of this and whether or not there are roadblocks
in place from existing means of information sharing or whether we continue as we have been.
Either way, I mean, I think to Keith's point, just making it part of how we do business.
And also, I think, too, having a better understanding and seeing the outcomes.
Because I think oftentimes people are a little bit hesitant to be like, oh, well, what are we doing,
sharing information and not understanding some of the outcomes that can be very, very beneficial.
And so I think not just sharing information, but sharing what happens and how you have used it
and how you took action on it and how it protected your organization can actually provide a lot
more benefit and can, you know, make people more engaged with it because, you know, I actually
always joke when I go to a conference or when I'm listening to a podcast or whatever.
It's like if someone says public-private partnerships, I'm like, drink, like, bingo, you know, like, it's like, okay, keyword, buzzword.
Because oftentimes it's like, okay, well, so what?
Like, it's, it's a public-private partnership is like, it exists, but if it's not leading to actionable information and actionable information sharing and you're not seeing the results of it, it can seem like this buzzword or this like, okay, yeah, sure, whatever.
Like, we're just going to fill a panel to talk about it.
at a conference.
So I think when it comes to like the future of information sharing,
sharing the outcomes.
And I think, you know, some of the big cybercrime takedowns that have happened that,
you know, have all those logos and have all those names of the people that have been
evolved is huge because you're like, okay, this is the reality.
This is what happens with the information that we share.
The communication is the key because people want to know that what they're sharing is actually
being put to good use and it's useful because then that will build that trust and say,
hey, I want to do more, you know, I want to do this more.
Nobody wants to just share information to a black hole.
Just like, hey, it's just going in there.
And I don't know whether my data is good or not or what I'm providing is going to the greater good.
So I think communication and messaging that is really key going forward as well.
The greater good.
The greater good.
Every time I just have to say it like that.
Actionable intelligence is much better than all of the decorative.
intelligence that's lying around, right?
Absolutely.
Yes.
You don't want to just have intelligence that you can hang in your office or on your mantelpiece.
Caring is sharing.
Are we going to talk about decorative intelligence for Christmas then on our next podcast?
Oh, there you go.
Yeah.
Deck the holes with threat intelligence.
Yeah.
Falal la la la.
Well, this has been a lot of fun.
This is one of the things that I am very passionate about.
Keith, I know you are as well.
And Dave, you are basically an information sharing group yourself as the podcast host of Cyberwire.
Yeah, I mean, you do.
intelligence distribution and communication that are very, very vital as well.
So, you know, that's actually one part of information sharing is communicating out to a massive
audience and hoping, you know, people, people take action on it.
So yeah, so thank you everybody for tuning in as always.
And we hope you enjoyed this episode of Only Malware in the Building.
And we will see you next time.
Thank you.