Not Your Father’s Data Center - Cyber Security: Protecting the Family Jewels
Episode Date: September 28, 2021On this episode of Not Your Father’s Data Center, a Compass Datacenters Podcast, Host Raymond Hawkins talked with Amit Serper, Vice President of Security Research for North America of Guard...icore, the segmentation company disrupting the legacy firewall market, whose software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. While most teenagers were busy worrying about the school dance or making a sports team, Serper was preoccupied with selling security and internet services out of his childhood bedroom. In the early 2000s, cable internet had been rolling out in Israel, and he lucked out as part of the beta test. The company installed an uncapped cable connection in his house, so he had high-speed internet. Eventually, the cable company slowed down his connection; however, he hacked the system and returned it to its faster speed. This is also around the time he started to do things on a computer besides gaming. He had three computers in his bedroom and built three servers with multiple operating systems. He then began selling web hosting packages that ran on the servers. The name of his first business? Evil Cheese. “I had this service running for two or three years,” Serper said. “At one point, my parents started getting weird calls from the cable company telling them ‘there’s very high upload usage and asking if there’s anything that the cable company should know about.’” His parents didn’t have any idea what was going on, and Serper played dumb. Eventually, the cable company slowed his speed, and he had to close shop, but his passion for computers launched his career. Starting at this ripe age and around the dot com boom, Serper became a hacker and reverse engineer. He joined the Israeli Intelligence Community at 18, where he worked on vulnerability research and exploit development to designing architectures of uniquely complicated, highly reliable, one-of-a-kind communication systems.
Transcript
Discussion (0)
Welcome again to another edition of Not Your Father's Data Center.
I'm your host, Raymond Hawkins with Compass Data Centers in Dallas, Texas.
We are recording today on Thursday, September 9th, as our world continues to struggle with
the global pandemic. And today we are joined by Vice President of Security Research for North America,
Amit Serper, and he is with Guardacorps.
Amit, how are you today?
Hi, I'm doing very well. Thanks for having me.
Well, Amit, if you'll hang on with us, we're going to do our trivia questions.
Unfortunately, you are not eligible for the massive prizes for knowing the right answers,
but we're going to run through a couple of quick security-related trivia questions for those who listen to our podcast.
We always love hearing from you.
You can email us at answers at compassdatacenters.com.
It's datacenters with an S, answers.
Or you can email me at rhawkins at compassdatacenters.com.
So as always, we give prizes to the first five right
answers, $100 Amazon gift cards. We have three questions this week in honor of cybersecurity.
Question one, what is the estimated cost of cybercrime globally last year? We got four
options. You can say A, a trillion dollars, B, two trillion, C, three trillion, or D,
four trillion. Amit, I know, is dying to answer, but he doesn't get to.
Second question, what is the average payment for ransomware attacks? A, $100,000, B, $84,000, C,
$150,000, or D, $200,000? 2.75 million, B, 4.27 million, C, 3.86 million,
or D, 3.48 million.
All of those are interesting numbers.
All of those are expensive.
Amit, if you are willing, we'd love to start out with your very interesting background,
especially we'd love to hear about a young man selling security services and internet
services out of his bedroom in his teenage years when most of the rest of us were thinking about how do we make the local sports club or how do we line up a date for the dance.
You were running the internet.
So start there if you're willing and tell us.
Okay.
Well, I wasn't expecting that one.
Yeah.
Wow.
So, yeah, what you just talked about happened when I was 15. You
probably could tell that my name is weird is because I am while I do live in the US now.
I'm originally Israeli. I'm from Israel. I grew up and lived there, you know, 30 years of my life. When I was 15, cable internet had been starting to roll out in Israel.
And I was actually lucky enough to be on the beta test. So that means that the cable company
would come to your house. That was 2001, by the way. Cable company would come to your house, install what was then the first
really, really fast broadband connection based on
the cable infrastructure. Until then, we were all using
either old analog 56K
dial-up modem or ADSL. So when they
started rolling out the cable internet,
I was a beta tester,
and they've actually installed
an uncapped cable connection in my house.
So I had what back then was a very, very fast,
I think it was a five or a seven megabit symmetric connection.
Now, was that a mistake that you got an uncapped line or was that part of the beta test program?
That was part of the beta test.
Afterwards, the more it came close to being fully approved and to be marketed and sold,
they actually capped that, but I found a way to hack the modem and disable the cap.
But that's a different story.
That'll be our next episode.
And at that time, I was a wee 15-year-old lad.
That's when I started getting into doing stuff with computers
that aren't necessarily just you know
gaming on them so I had three computers in my teenage bedroom that I managed to get like
all sorts of parts from like friends and their old computers and just like I had parts laying
around and I built three servers one One was running FreeBSD.
One was running, I think, Debian Linux.
And the third one was running Windows 2000.
Which began your love affair with the Microsoft operating system, I'm assuming.
Oh, yeah.
That's when I started using Windows. And I sold web hosting packages that ran on these three computers that were made out of spare parts and were running in my teenage bedroom.
Unbelievable.
All right.
There was a cool name for that first web hosting business.
You got to tell me the why behind the name.
So it was Evil Cheese.
The domain was evilcheese.net.
Unfortunately, I don't own this domain anymore.
I, I didn't have a name back then and I couldn't figure out one.
So there was a website, which I can't remember which website it was, but it was, uh, a rock
band name generator.
So I, I'm also a musician. So I also play a bunch of instruments in bands and rock bands.
And back at the time, I was a drummer in my first ever band that I played in because I was 15.
And we were looking for a name. So I went on this website and I started generating random names. And
one of those names was Evil Cheese. So I just got the domain
evilcheese.net. And that was the name of the company that I had back then.
All right. So not a lactose intolerance reference, but a
rock band name generated website. So good. I got it. Okay.
Yeah. I became lactose intolerant years later.
So it actually lines up. Yeah, it might have been a predictor of things to come, evil cheese.
Very good. Well, awesome. So 15 years old, you're literally selling web services out of your home.
Talk about learning the basics of the internet. I love the reference that you hacked the modem. I mean, you're learning at the very basic levels at the early stages of what goes on in the Internet.
You know, this is right as the dot-com explosion is about to happen and all the world is about to start to realize that, wait, I could buy things by clicking a button.
So you were at the very beginning stages of that.
So you're literally in high school running your own web services business.
Tell us where it went from there. So actually, I had this service running for
I think two or three years. And at one point, and as I said earlier, at a certain point while
I was running this service, I actually started getting all or my parents rather started to get
all sorts of weird phone calls from the cable company telling them that there's very high upload usage.
And if there's anything that, you know, the cable company should know about.
And my parents being like, you know, back then they were in like their late 50s or early 60s.
They obviously had no idea what was wrong.
And they just let me talk to talk to the
people on the phone. I played dumb. And eventually, they upgraded the system in a way that my speed
hack didn't work anymore. And I had to close shop. So I think Evil Cheese lasted for either two or
three years. I honestly don't remember. By the time I had to close my service, I had about 30 customers, 25 customers, something like that.
And I basically told all of them, like, starting this day, the service will be unavailable.
I'm closing shop.
And that's pretty much how it ended.
So, Amit, before we transition into a little bit more official roles that you took after Evil Cheese, did any of the Evil Cheese band t-shirts survive? Because we would love to be able to raffle one of those off to our listeners if there's any Evil Cheese band memorabilia.
No, never had.
Okay. All right. All right. All right. All right. That would make a heck of a band shirt, though.
Yeah. Evil Cheese Tour 2001 or something like that. All right. So you shut down your web hosting business.
And like most young Israelis, you end up in the military for a short stint.
So take us from there.
Yeah.
So in Israel, once you turn 18, basically when you graduate high school, you have to go through three years of mandatory military service.
If you're a guy, I think that it's different for women, but I honestly don't remember.
When you are around the age of 17, 17 and a half, you have all sorts of various units in the military or other places in the Israeli security apparatus they're basically starting to look
at the data of
the new
soldiers to be
so to speak. So when you're 17
you're being invited to the
military for some interviews and some
tests to basically assess your
intelligence and all sorts of things.
And according to the data provided by these tests, you are then asked to come to all sorts
of interviews for the actual units that you might be serving in for that period of three
years. So I went to that interview, which was a very weird experience for me. And other than
interviews, there's also some physical tests to see if you're fit to combat. And as you can
probably see, I am definitely not combat material. So after a few months after these interviews, I started getting
phone calls from all sorts of military units inviting me for more assessments and interviews.
And I ended up getting invited into an interview with a unit that was outside of the army. So basically, to do my military service at a place that is not the military,
but was a part of the Israeli security apparatus.
I ended up actually going there, doing my mandatory military service
at one of Israel's intelligence services.
And I actually ended up staying there for nine years,
so a few years after my mandatory service.
So I served there.
Obviously, I can't really talk about what I did,
but you can imagine what it was.
Yeah, we would rather you not have to kill me or Alex, our technician.
So let's leave that part out.
Not combat tutorial.
Wouldn't be able to kill anyone.
Ended up staying there
for nine years,
doing all sorts of security research
related projects, both
offensive security research and defensive,
so meaning both finding
vulnerabilities and exploiting them and hacking into
places and building systems that can defend us from similar things. That chapter of my life is over, and I left the government and joined an early stage security startup, which I was employee number 14.
Today, they're over 1,000.
All right.
So started in high school on a beta test uncapped line in your bedroom and ended up working for the Israeli Defense Forces in cybersecurity.
That's quite a journey.
And then on into private, into the commercial world.
So I got a ton of questions to meet.
We can go all over the board here.
For those of us who security isn't our job, we think about, hey, I don't want anyone to have my passcodes.
I don't want anyone to hack my phone.
We think about security in relatively simple terms, I think.
But we see in the news, I think the ones that get the most attention are ransomware attacks or denial of service.
Can you talk through a little bit for us, what are the biggest concerns?
Why, as both a consumer and as a us, what are the biggest concerns?
Why as both a consumer and as a business, what are the biggest concerns?
And then why this is continually changing?
I think both of those would be fascinating.
How should we think about it as a business?
How should we think about it as a consumer?
And why is it always changing?
Yeah.
So this is actually a really good question, especially when we talk about the subject of ransomware that's been all over the news pretty much for a few years straight now, but the whole thing gotten way worse
now and like the past year of the pandemic. Pretty sure that the two are related, by the way.
And the way that you phrase this question is actually a very good way to look at it,
because there is the side of the business and there is the side of the consumer, you, as
you know, is the regular person. And ransomware affects all of us.
So if we go
back a few years to when ransomware started to become a thing that we
hear about, ransomware attacks started
by basically blackmailing ordinary people.
Like someone would get an email, you would get an email that you would think that is from a
reputable source, and you would open the attachment and the attachment would have
the malware that will encrypt your machine and will tell you, hey, if you want to decrypt all of your data, send us this amount of
Bitcoin to this address. And maybe, you know, again, no one is promising you that. Maybe you
will get the decryption key and you would be able to restore all of your data. So for the first few
years of ransomware, this is what we knew,, random people all across the world. Many times it was
elderly people or people who weren't necessarily knowing their way around computers. They would
get hit. And I don't really know if it yielded any profits to the attackers, because they were
just attacking random people. And some of those people would pay.
Some of those people would not.
So it's not like it was like this steady source of income to these attackers.
And then in 2017, two really big events happened in which I was actually involved in the remediation of one of them.
So the first big event was WannaCry.
WannaCry was a huge ransomware attack that was conducted, allegedly, by the Russians, by the Russian state.
Allegedly, according to all of the publications that are available to us.
And this attack actually used a bunch of exploits and tools that leaked from,
I think it was the CIA back then, just a few weeks before.
So there was some kind of a data leak at the CIA and a bunch of their cyber tools leaked.
And the people behind the WannaCry attack basically took these capabilities
provided by these exploits and tools
and packaged them into WannaCry.
And what WannaCry was,
it was a piece of malware
that was able to spread around the network.
So if, for example, you're sitting in your office
and there are 200 machines in your office and you would open that malicious payload that contains the WannaCry ransomware, WannaCry will run on your machine, encrypt your machine, but it will also propagate all around your network and encrypt those machines and so on and so forth. This is what we call a worm. So WannaCry was a huge ransomware worm that ran amok the entire world. It caused a lot of
destruction. The British NHS, the national health services that they have there, were crippled
almost completely by that. So doctors couldn't use their computers to look at health charts and
everybody had to go back to pen and paper.
All sorts of companies, universities, schools, municipalities, governments, whatever, all around the world got shut down.
But until a British researcher named Marcus Hutchins, also nicknamed MalwareTechOnline, actually reverse-engine engineered the sample of WannaCry.
And he found that when WannaCry runs, it actually tries to connect to this address on the internet,
to this domain name that at that time was not registered.
So Marcus Hutchins actually went and registered that domain name and what he and
basically the entire world discovered the moment that he registered the domain all of the instances
of wanna cry that we're now executing we're trying to hit that domain to get to it now after it was
registered they did get to this domain and that domain was actually a kill switch that was built in the malware.
And that caused the malware to basically stop in its tracks and it stopped.
And that helped significantly to remediate that problem that WannaCry caused. So about two months after that happened, there was another very, very big ransomware attack called this time NotPetya.
NotPetya was actually very interesting because it originally started from a Ukrainian accounting software company, basically a company in Ukraine that makes an accounting company.
Sort of like, if I have to compare it to what we know here in the U.S., I would say it's something like Quicken or QuickBooks, basically something that helps you to file your taxes and do all sorts of these things in Ukraine. And the way that it works in Ukraine
is that every business,
that every business either within Ukraine
or outside of it
that conducts business in the country of Ukraine
has to use this program
in order to do something with the taxes over there.
So the attackers behind NotPetya
did what's called a supply chain attack.
They hacked into the company that makes
this accounting
software. The name of the program is MEDOC.
The name
of the company is Intellect
Systems, if I recall correctly.
They hacked into
that company
and basically added
their own piece of code
in the software that downloads the NotPetya
malware and runs it wherever the attacker wants. So basically, whoever used the Emidoc software
also had the NotPetya malware basically waiting to run on command by the attackers.
The attackers had then executed this attack, and this was, I think even up to date,
was the most devastating ransomware attack.
So, shipping company MaC, completely stopped working.
Computers all across Ukraine stopped working, including ATMs.
People couldn't get money, couldn't swipe credit cards,
couldn't go to the ATM, couldn't go to school, schools, universities.
I think in some cases, power plants.
It was an absolute disaster. It took MERS months to recover from that. It affected
worldwide supply chain of goods, meaning actual containers were stuck at ports and trucks could
not get into ports because of that, because all the computers were down. At that point, while NotPetya started to go wild, I was actually on vacation in Israel visiting my family.
And I was sitting in the living room at my parents' house watching TV with my dad as they were talking about this cyber attack. And my dad was saying, my dad was asking me a question about
it because my dad is not that, he's not an expert in technology, let's say. And he started asking me
questions. And I said, you know what, I don't know. And he said, do you think that this attack
could be stopped? Can someone stop it? Or is it just going to run a mock until it basically
runs out of computers to infect? And I said, honestly, I don't know. But I have my computer
here with all of my tools from work. And maybe if I could get my hands on a sample of that malware,
maybe I could analyze it. So I actually managed to get a sample of this malware,
and I was in this chat group with a bunch of other people
who were trying to understand what they can do about it,
and while they were focusing all of their efforts
on the encryption part of the malware,
basically trying to find some kind of weakness in the encryption
or see if the decryption key is embedded somewhere
or if you can do something to decrypt the files.
I was actually looking at something simpler than that.
I wanted to see if I could find some sort of a kill switch
like Marcus Hutchins found just a few months beforehand.
And actually within not long,
within, I would say,
probably half an hour, 45 minutes,
I found some logic
that the developers of the malware left in the code
that basically says,
when the malware starts to run,
it checks for a certain file on your computer.
It checks if it exists. If that file exists, the malware will not run. It will not encrypt the machine,
and it will just stop working, and that's it. The interesting part in what I found was that it was
not a kill switch, because what Marcus found, what Marcus Hutchins found, once he registered that domain,
all of the not-Petya samples out there in the wild just stopped working.
With what I found, it was more like, I call it a vaccine,
which is, you know, funny.
We all talk about vaccines now in 2021,
but that was 2017 when the only global pandemic that we had
was a ransomware pandemic.
And basically what I found is that if you will manually create that file in a certain
way on your machine, if you end up getting infected by NotPetya, if it some way manages
to get into your machine, because it was also a worm, just like WannaCry, where it
spreads from machine to machine, encrypts it and a worm, just like WannaCry, where it spreads from machine to
machine, encrypts it, and spreads onwards, very much like, you know, COVID, if we do the comparison.
So if you will create that file in a certain way, you would basically be immune from infection
to this piece of ransomware. So once I found that, sitting at my parents' house with my laptop on my knees,
I started putting that online, and I put it on my Twitter account,
and it just became, no pun intended, it became viral and gave me my 15 minutes of fame.
So that was very exciting.
So back to our discussion about ransomware.
When we look at ransomware...
One more question before we get off of NotPetya.
So that stopped future infections.
How did you guys fix the machines that had been infected?
It did not.
Once the machines were infected, it was a done deal.
And also,
the point of NotPetya, NotPetya actually, I reverse engineer its code and many others have as well. And there was actually no code within NotPetya to decrypt whatever was encrypted.
So it was a one-way process. The whole point of NotPetya was to cause destruction.
Was just to destroy, it was never revenue yeah i mean there was you did have this your machine is encrypted screen with a bitcoin wallet address and some people actually paid
thinking they would get the decryption key back but they they didn't hurt from the they didn't
hear back from the attackers obviously because the whole goal of this thing was to create destruction.
There was no way to unwind it.
Yeah.
Once your machine was infected, that was a done deal.
But if you used the trick that I found back there, you would be, quote-unquote, immune from sustaining any damage.
Fascinating stuff.
All right, I stopped you.
You were transitioning back to the original question about commerce, commercial interests,
business interests, and individuals.
Sorry, I stopped you.
Right.
So now when we are at this age of ransomware attackers attacking companies and not private
people, citizens, so to say,
it's a very different
ballgame. It's a completely different ballgame
because if
my machine was attacked or if your
machine was attacked,
our data was encrypted.
Tough luck. We don't have access to our
documents or to our
kids' pictures or whatever,
but that would be it pretty much.
The fact that my machine is encrypted doesn't really affect yours.
But with the way that ransomware attacks have been going on since then,
especially with WannaCry and NotPetya sort of starting this whole trend of attacking
large scale companies and such
we are now in a more serious problem
where ransomware attacks are not
necessarily just to get the ransom to decrypt
the files but they're also now what's called a double
extortion attack meaning or a threat actor rather I don't like to use the word to decrypt the files, but they're also now what's called a double extortion attack,
meaning, or a threat actor rather,
I don't like to use the word hacker,
but a threat actor would use,
would, you know,
break into your environment and encrypt your,
and leak a whole bunch of information
from your organization.
And only after that information was leaked,
they will then encrypt your data and
basically now they're telling you if you want to decrypt the data you need to pay us this amount
of money but also if you don't want us to leak all of that data out to put it on the internet
for everyone you have to pay us more money so you're now being extorted twice hence the name
a double extortion attack so now when all of these organizations are being breached, they are holding everyone's data hostage.
So, you know, tomorrow my bank, for example, could be breached.
And if you and I are in the same bank, then you and I are both affected by something that we have zero control
of. Because this is not us opening emails or double-clicking an attachment that we should not.
This is someone in the bank security not doing their job correctly, which causes us, the customers,
to suffer. So this is the transition that the ransomware market, so to say, sort of went
through from targeting just, you know, regular people to targeting huge organizations. And when
you look in all of these forums that these threat actors converse in, mostly on what's called the dark web, you would see that they are doing their prep work.
They are looking to buy access into companies that have large revenue. And, you know, they would
look at it. And if someone is able to sell them access to this company, you know, sometimes it
could be an inside person that works for the organization and is just wanting to make a quick buck and sells access to the organization.
Or it could be a different group of attackers that their sole job is to gain that foothold and then sell it onwards to people who would put ransomware on it.
So the people behind the ransomware attack are actually doing their research on these companies.
What is their revenue?
Who are their customers?
What kind of market they're in?
Are they a bank?
Are they an insurance company?
And so on and so forth.
And they will then get into these organizations, encrypt the data,
exfiltrate a lot of stuff outside, and they will do that.
And now we hear about those things literally every week,
sometimes multiple times a week.
So ransomware is now more of a danger than it was before
merely because there is nothing that we can do about it.
We can do nothing about how our bank or insurance company
or whatever other organization that has our data and gets attacked secure their organizations. We
have no control over it. So this is why it's really, really bad. So Amit, as I look at what
makes the news, I see attacks on, as you're describing, against really big companies,
but I also see attacks, and this is going to sound funny, against small cities. And I read
a lot about such and such city wrote an $84,000 payment to get their system back. Is the target
of these cyber criminals, I'm not sure if that's even the right term. I know
you said you didn't like using the word hacker, but are they really, I can see why a big financial
institution with that data would be in a great target because of the huge expense and the huge
loss of confidence in that financial institution. But I read stories about little, I mean, that's
just the best example I can give. Why would they attack a small city? Is it because
they're easy targets? I honestly think, I mean, that's a good question. I can give my take on it.
I have no idea if it's correct or not. This is just my guess. But I would say that a lot of these
attackers are coming from countries outside the U.S., Russia or the former Eastern Bloc over there in Eastern Europe. they would pay because, you know, America wants their kids to go to school and American school
districts have money because this is how America is being perceived outside of it.
I know that, you know, in my previous work, so now I work at Guardicor, but before
that company, I said I joined early is a company called Cyber Reason and back
when I worked there I was doing a lot
of incident response engagements
with these exact
victims
school districts and small towns
and so on
and they would say we have no money
to pay these like ridiculous
ransoms
we can't afford it so we did We have no money to pay these ridiculous ransoms.
We can't afford it.
So we did see, and again, I don't know what the data is now because it's not the kind of stuff I work on anymore.
But back when I was in cyber region, we did see a big spike in school districts and towns being attacked. And then after they had issues or trouble with getting the funds to pay to the attackers,
it sort of like died down and the attackers focused more on entities that actually have revenue,
hospitals, large corporations, and so on.
So I'm going to ask a dumb, you know, I lead sales and marketing,
so we're not the smartest group in the business.
So I'm going to ask a dumb sales guy question.
I don't understand, as we see these attackers,
aren't there digital footprints, for lack of a better term?
Isn't there a way to figure out who this is? How does that person hide on the other
end of the world? Is it just because they're in a place that we physically can't get to them? Can
you determine who they are or can they legitimately hide? Meaning digitally hide is what I'm asking.
Yeah. So I think it's a little bit of both. I mean, first of all, if you know what you're doing,
if you really know what you're doing, if you're experienced, if you have the right tools and resources, hiding on the Internet, especially when doing something like that, is not a difficult thing to do.
It's by no means, I mean, again, if someone like the United States or someone or some sort of a cyber superpower, if you will, would want to know who are these people,
I assume that in some way or form they could do it, be it by cyber means or by other intelligence means.
I mean, this is what intelligence agencies do.
But if we go back for a second, on the hiding yourself on the internet again if you
know what you're doing if you're doing it correctly because it's it is an art form it's
not something that's difficult to do it's not something difficult to hide yourself in a way
that makes it very very difficult to find you on top top of that, you have these people working in countries that
don't really have a very good relationship with the U.S. right now. For example, Russia.
There are tons of videos on the internet of these ransomware criminals driving their fancy cars all across Russia, doing donuts on public roads,
and basically not really caring about other people's or the laws in that country.
It's also, it's been known that in Russia, for example, it's been known that usually the
authorities won't really go after you unless you are targeting Russia or Russians.
So when these cyber criminals are focusing their efforts on Western countries and they don't target Russians, it's sort of like, you know, nobody really sees you. So that is really the problem that we're experiencing,
especially with brazen groups such as Areval and these groups that recently breached into the
colonial pipeline in the U.S. and so on. So, Amit, I'm going to ask you, we've talked a little bit
about how you and I, as just regular Joe consumers, we can be exposed because we have no control over what our bank does and what they do with our data.
Somebody hacks into my laptop, right? They get my few work papers and they get my kids' pictures,
right? So that's a small problem. We've talked about it from a commercial perspective or even
a small government, a school district or something like that. As I think about cyber risks on a larger scale,
I live in Texas. This past winter, we had what we call snowmageddon, eight days below freezing,
which is unheard of here, and everything shut down. Now, that was weather related.
But when I think about a cyber crime, isn't it possible to, you mentioned a pipeline,
aren't there things where you could have large scale?
I mean, I think about in our business, so in the data center business, so much of the global
internet traffic runs through Ashburn. Are there vulnerabilities from cyber crime to cripple the
internet, cripple digital parts of the economy, cripple parts of our systems that are now wholly
dependent on
technology. And where I'm going with that, Amit, is a totally different kind of warfare, right?
Not warfare where we shot at each other, but warfare where we shut down the food supply chain,
warfare where we shut down the ability to travel planes and trains and things of that nature.
Can you talk to me about that large-scale risk in the cybercrime world?
Yeah, absolutely.
If you would have asked me that question even five, six years ago,
I would have said, hey, no, we're not there.
It's FUD, fear, uncertainty, and doubt.
It's something that's being blown out of proportion or being propelled in the news just, you know, to cause stress.
But we have actually been living this reality that you have just talked about.
This is the reality in the past few years.
So, you know, you mentioned electricity. A few years ago, I think it was
2015 or 14, Russia breached Ukraine's power grid and shut it down. And in the dead of winter,
and people were at home in Ukraine in temperatures that are similar to what you described. And
I am from massachusetts
right outside of boston so here in new england it's just called winter uh so uh and power plants
in in uh ukraine were shut down through cybernetic means and there are videos if you'll go on youtube
you'll be able to find the videos that the controllers inside the control room took with their phones of the mouse cursor moving by itself and going and shutting switches one by one.
You could see that.
That happened. And a few other people from American company Dragos, I think, they have had a whole research about that. They did the incident response to that particular incident, and they have revealed a lot of the details in a talk in Black Hat a few years ago, there is a book by Andy Greenberg, a really good journalist from
Wire that's called Sandworm, that actually talks about NotPetya. I was actually interviewed
to that book. I discussed whatever it is I just talked to you about, NotPetya. And in that book,
they do go into very great details about what happened by that.
Sandworm is the name of the threat actor, the Russian threat actor that did all of that.
So they're actually going into the details of this attack on Ukraine's power grid.
If you're talking about messing with the Internet or everything that has to do with our digital life
so to speak, that happened also
also by Russia
I think that was either in
I think it was in Estonia
in 2008 but I'm
not sure
Estonia is a very
digital country, a lot of the things there
are being done through the web, you can even vote
cast your ballot for the election a very digital country. A lot of the things there are being done through the web. You can even vote,
cast your ballot for the election online.
You don't even need to leave your house.
They're a very, very digital nation,
if one can use such term.
In one of their skirmishes,
I'm not sure it was Estonia and Russia.
It was either Georgia or Estonia or both.
But that happened there as well. The Internet and the Internet infrastructure in that country was month or two ago, all of the trains stopped working,
and people at the train station, when they were looking at the signs, the signs said that if you have any issues with the train, please call this phone number. That phone number was actually the
phone number of Khamenei, who is the ruler of Iran, the supreme ruler of Iran,
that number was put there by the attackers.
That was sort of like the number in his office.
So we have been living this reality for a few years now.
Some of us know it more.
Some of us know it less.
But this is life now.
Well, Lamit, thank you for catching us up on the world of cybercrime.
Can you give us just a minute as we wind down here? Can you tell us a little bit about what
GuardiCorps does and what you do there as your role of VP of security research? We'd be interested
in hearing where you guys fit in this saving us all from cybercriminal world. Yeah, definitely.
So GuardiCorps actually does something really cool and refreshing, which is actually one of the main reasons why I hopefully what will replace the legacy network security
equipment that we know as firewalls. So firewalls in most cases are just like a box that sits in
your network and has everything connected to it and this box basically tells network packets whether to go on to their destination or just drop dead in their place.
Our product is actually a software-based solution. It's an agent that you deploy
on all your machines in your organization, and you can create all sorts of policies that allow
traffic to go through or not. You can actually set policies to the application level
and not to an IP address level
as you would do in a legacy firewall.
So no more boxes, no more cables
that have to be routed through this box
and then through the rest of the network.
It also gives you amazing visibility
to see what's running on your machine,
what piece of software talks to which server. In case of a ransomware attack, for example,
this is a great case. In case of a ransomware attack, when computers are starting to get
encrypted one by one, within the click of a button, you can basically shut everything down,
disconnect all of your network or compartmentalize parts of your network and
basically manage the risk and mitigate it very, very, very quickly. And at GuardaCore, I work at
part of the organization that's called GuardaCore Labs. I work with an amazing, amazing team of
brilliant security researchers. And basically what we do is, in our team,
is we hack into stuff, we find security vulnerabilities,
we do the most cutting-edge security research,
and we write a report about it, and we publish it for free
in order to raise awareness and help other companies
know about risks that they have.
For example, a brilliant researcher that I'm proud to be working with on my team, Ophir Arpaz,
she's Israeli, as you can tell by the name.
She and another Israeli researcher called Pele Gadar,
they both found a critical vulnerability in Microsoft Azure, in the engine that runs Azure,
which actually allowed an attacker
to crash an entire cluster of Microsoft Azure servers
with one packet.
They have disclosed it to Microsoft a couple of months ago
and actually spoke about it in Black Hat in Vegas last month.
So this is the stuff we do,
and we're very, very excited about it.
Very cool stuff. Very, very cool. So if I could just put it in sales guy terms,
it sounds like you guys allow the network, I think you called it micro segmentation.
Hey, we've located some nasty thing inside our network, some malware piece,
and we can disconnect and almost draw a cyber fence around
it and keep it from proliferating and then address the problem inside that micro segmentation.
Yes, but you can also do that proactively. For example, if you have an organization with
many divisions, you could say, okay, so the people in marketing can only talk to themselves and their
servers and their resources. And the people from, I don't know, sales can't reach that part of the network.
So if someone from sales gets ransomware, then the ransomware can't propagate from the salesperson's machine to the marketing person's machine.
This is just a very basic analogy, but yes.
Right. You talked about the shipping company.
If you were able to catch it in one department, you might still be able to deliver containers while you're still
sorting out some other part of the business. I got it. Exactly. I highly recommend the book
Sandworm by Andy Greenberg because it really tells the story in an amazing way and it helps
to understand these risks. Excellent. Sandworm by Andy Greenberg. We always love book recommendations.
Amit, we appreciate you and your team being on the front lines of that.
And thank you for joining us on Not Your Father's Data Center.
It's been great having you.
We really, really appreciate it.
Thank you so much for having me.
Amit, thank you.