Risky Business - Risky Business #822 -- France will ditch American tech over security risks
Episode Date: January 28, 2026In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity ...software China’s Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polish power grid wiper was Russia’s GRU Sandworm crew US cyber institutions CISA and NIST are struggling Voice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year. Show notes France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | Euronews Suite Numérique plan - Google Search China hacked Downing Street phones for years Cyberattack Targeting Poland’s Energy Grid Used a Wiper Trump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS News Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media Lawmakers probe CISA leader over staffing decisions | CyberScoop Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive Real-Time phishing kits target Okta, Microsoft, Google Phishing kits adapt to the script of callers On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's Blog GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars Technica Bypassing Windows Administrator Protection - Project Zero Task Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOps Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission WhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp Blog Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED Key findings from the 2026 Sublime Email Threat Research Report
Transcript
Discussion (0)
Hi everyone and welcome to another edition of Risky Business. My name's Patrick Gray.
We've got a great show this week. Adam will be along in just a moment to chat about the week's security news.
We've got all sorts of stuff to talk about this week. We've got, you know, big picture countries hacking countries.
We've got, you know, a bunch of bugs to talk about and some really interesting security research.
So, yeah, we'll get into that in just a moment. And then in this week's sponsor interview, we'll be hearing from Brian Baskin, who is a threat research lead over at Sublime Security, which makes us.
a modern email security platform.
They've put out a bit of a threat report, I guess you'd call it,
with some interesting trends and whatnot in it.
A few interesting things there.
I think the most interesting thing for me is that Gen AI being used to do impersonation attacks.
Although the email is just booming.
It went from something like 4% of attacks last year to something like 20%.
That was the percentage of these types of attacks where Gen AI featured heavily.
You know, then there's the other stuff that's,
a bit same same like QR code fishing is booming and whatnot.
But yes, Brian Baskin joins us for that sponsor interview
after this week's news segment, which starts now.
And Adam, not so much a technical news story,
but a very interesting one nonetheless.
It looks like, you know, we often talk about
how the Chinese government is trying to get away
from using too much American technology.
It looks like this is a mentality that is spreading to Europe now
with France.
ditching a whole bunch of video conferencing tools like Zoom and Teams,
and they're replacing it with a local alternative called Vizio,
and this is going to happen by 27, apparently.
Yeah, I mean, it's definitely an ambitious plan,
and we have seen, like, this kind of move towards digital sovereignty.
It's a thing that's been kicking around in Europe for the last few years.
It's a thing that's been of concern to them.
And we've seen, you know, a few efforts over the,
even the last 20 years, I guess, of, you know,
trying to use open office or open source office packages and stuff.
I think Germany tried that at one point in the 2000s.
But this idea that digital sovereignty is a thing that Europe needs,
has been bubbling along for a while.
But obviously the current unpleasantness with the US has really kind of pushed that through
the fore and make it a concrete step.
In this case, the French government saying we're going to rip out at least the video
conferencing parts of teams in Zoom and replace them with something else.
and that in the context of a bigger picture of eventually they're going to want to replace the entire of, you know, the office productivity suite that is the backbone of most, you know, kind of businesses and office people.
And starting with the government is a great way to bootstrap that.
Yeah, I mean, I find this very interesting because, you know, it was really easy, like 10 years ago when someone said, hey, we're going to do this.
It was really easy to say, no, you're not.
You know, it's just not going to work.
But if you look at the key components of this French plan, it starts looking a little bit realistic, we'd say.
So this is all part of the suite numeric plan or digital suite plan, which the French government is rolling out.
I think the Germans have got something similar on the boil.
But they've got stuff like T-Chap, which is a secure messaging service based on Matrix.
That's going to be their sort of chat thing.
They've got a – they're looking at using grist, which is.
a really interesting spreadsheet alternative. It's sort of like a cross between a database app and a
spreadsheet app and it's self-hosted. So, you know, you sort of think given the amount of money
they're going to be able to save, given the efficiencies in, you know, software engineering that we can
now capture with AI, it might actually be achievable in a way that it hasn't been previously.
What do you think about that? Like, how realistic do you think this is, Adam?
It's a complicated task, right? I mean, you think about the scale of something like,
Microsoft Teams or Google's document editing and collaboration suite.
Like that's a lot of work.
But as you say, like we are getting better,
building applications,
the tools for doing that at scale,
you know,
are getting better.
There's a bunch of experience.
I mean,
you know,
if you had said 10 years ago,
I forget when Google launched,
you know,
what became G Suite and then Google apps or whatever else,
like if you had said there,
that Google was going to build a Microsoft office
compared to back when office was a thick client app on desktop
and it was going to be web-based,
but we probably would have said that's going to be a lot of work, right?
There's a lot of document compatibility issues.
Like, you know, there is a lot involved with that and Google did it.
And yes, Google has scat.
Well, did they?
I mean, you know, like, I don't know that, I don't know that like Sheets is a,
is a viable alternative to Excel.
I mean, this is a conversation we've had on the show a few times.
Like, that Excel basically runs the world.
And that's the thing that I'll be interested to see if, you know,
how that plays out with this French plan.
Also be very interested to see what the, what the relative security posture of all of this
is versus the Microsoft suite, you know, in a couple of years from now, because I can't,
you know, it's, okay, sure, it's modern, but is it going to be as well tested as the Microsoft
stuff? And you have to say, probably not. No, I mean, Microsoft has spent a long time on office.
And a lot of the problems with office are legacy things, right? There's the baggage that they've
inherited from that very long back with the compatibility world. And maybe there is something
to be said for, you know, a cleaner break. But it's just like, this has.
has to work in reality.
They have to be able to interrupt with other people.
They have to be able to share documents.
Like, it's a lot of work.
But a lot of open source components do exist
and they may be able to bodge something together
that is actually legitimately usable.
And, you know, they may be willing to accept rough edges
and imperfect solutions in the name of, you know,
European sovereignty and the mess.
You know, the real loser here is that the US is going to throw away
it's, you know, kind of being the world's software supplier.
is a thing that is quite good for them
and throwing that away
in the name of like Greenland or something
doesn't seem like a smart move
but any smart moves don't matter anymore
we're post truth post smart post thinking
you know who even knows anymore what we're doing
yeah I mean I think though there is a perception
in the United States that their software market is quite safe
I think that is partially true
but that's why I'm really curious to see how this works
out. Anyway, we've talked about it enough. Let's move on to the next story. And a big scandal in the
United Kingdom, Adam, as the Telegraph is reporting that the Salt Typhoon crew has apparently hacked a
bunch of, well, has been listening to phones of, you know, of people who are in Downing Street.
So senior government sort of policy advisors, perhaps, you know, aids to Boris Johnson and
Rishi Sunak and maybe even the prime ministers themselves. I don't think we should be terribly
surprised by this. If I'm honest, I mean, the Americans,
tend to be more forthcoming about this sort of stuff.
So it's no surprise that it's taken longer for this news to break in the UK.
I mean, I'm sure they did the same here, and it just hasn't been talked about by our government,
probably in New Zealand as well.
But, I mean, it's good to see this getting talked about.
You know, you wonder how much valuable intelligence they could get by doing this,
given that the really sensitive conversations don't happen over cell phones.
I mean, well, they shouldn't happen over cell phones.
I think that's the important bit here, right?
It feels like legitimate intelligence gathering as to what intelligence they get.
You know, we don't know.
Clearly it was worth doing because, you know, they repeated the pattern, you know,
across all of the five eyes it appears.
And it's, you know, it's just not great, right, to have the phone calls and text messages
and other clear tech stuff from the middle of the phone network, you know, being snooped on
by your adversaries.
No one particularly wants that.
And, yeah, hopefully, you know, this is what classification systems are meant.
to help prevent against.
And so let's hope it worked well enough,
but they didn't get anything of value.
Yeah, we keep hearing about how the Chinese
are going to build this massive embassy compound
in London right near a bunch of sensitive cables.
You've seen that story pop up here in there, right?
I feel like that whole issue is a bit overhyped,
you know, because are you really going to be passing anything
sensitive in the clear through those cables?
And what?
Are the Chinese going to, like, dig a hole in the floor
and like tunnel towards the cave?
I don't get it.
Yeah, I mean, that seems a little bit
kind of simplistic.
I mean, there's probably cables everywhere
in every city that are interesting
and most of the work is done
through, you know, cyber means
rather than necessarily like,
as you said, digging under the road
to get to the fiber
and then surreptitiously tapping it and so on.
And, you know, maybe there's some value to it.
But, yeah, I imagine they have bigger problems
than the location of the embassy and, you know, cabling.
Yeah, yeah.
Now, look, staying with state
on state action and this story is kicked around I guess uh maybe a week and a half two weeks uh but
some power plants and other energy producers in Poland apparently got whacked with a wiper attack
that they were able to repel and it looks like that's been traced back to the sandworm you know
gr u crew operating out of russia this is uh pretty serious stuff yeah yeah it is when the sandworm
crew you know have precedent like they were involved in the attacks on ukraine's energy
infrastructure and a bunch of other kind of things against industrial environments.
In this case, I think ESET, which is a Slovakian-based antivirus slash cyber firm,
looked at the malware and some of the other artifacts, and they have pointed the finger
back towards sandworm.
I don't know that we have any reason to kind of doubt that.
Like it kind of makes sense.
But yeah, having someone else's military intelligence up in your power system with destructive
malware does not feel good. And, you know, but in the context of all of the other kind of
aggressions towards Poland from Russia, yeah, I mean, it just doesn't give me the good
feeling. So great that the polls managed to, you know, detect this, repel it, figure out what,
you know, was going on before they pulled the trigger. And it may have been that they weren't
actually planning to pull the trigger. It may have been pre-positioning or whatever else.
But regardless, it still does not feel good. Oh, but come on, Adam, when would a military action
targeting Poland ever escalate into something serious.
I mean, you know, come on, man.
It's too soon for that joke.
It's only been 100 years.
Oh, dear.
Now, speaking of war, whoa, whoa, whoa, whoa, what is it good for?
We've got a piece here out of the United States.
This is great, man.
So this is just such a Trump.
Like, say what you want about Donald Trump.
The guy's funny.
Sometimes he intends to be.
Sometimes he doesn't intend to be.
This is definitely falling into the latter category.
where he's given an interview to the New York Post and talked about a device that he's not allowed to talk about it.
Because he actually says, and this is what I love.
He says, oh, I'm not allowed to talk about this thing.
And then he talks about it, right?
So he says that there was a device they used when invading Venezuela that he calls the discombobulator.
And he says, I'm not allowed to talk about it.
But he said the weapon made Venezuelan equipment, quote unquote, not work.
They never got their rockets off.
They had Russian and Chinese rockets.
And they never got one off.
We came in.
They pressed buttons.
Nothing worked.
They were all set for us.
So that's the discombobulator.
Is this an unknown cyber weapon?
Is this some new EW capability?
I guess we don't know.
But I love that it's called the discombobulator
because the words deny, degrade and discombobulate
actually appear on the front page of risky.
That is a running gag in seriously risky biz and between two nerds.
I mean, it's such a crazy world that there might actually be.
you know, some kind of, you know, energy weapon or cyber technique or whatever else that is actually
the Discompopulator that does actually do the things he's describing.
Or maybe they invented a thing just to kind of like gloss over a whole bunch of technical stuff.
Like, just tell Trump, we've got a box, we pushed a button, it's called the Disconpopulator.
I don't know, whatever, just make up a good name.
Just tell him we have a magic box.
Tell him we have a magic box.
And then, you know, that way we don't have to explain all the nitty-gritty details and trade-offs
and all of the complicated stuff.
Just tell him we've got one of those.
and then he goes out and talks about it like it's an actual thing.
And you know what?
Both of those are equally probable.
And that's the thing that's just mad about the world that we are in.
Like they might actually just be able to roll up to, you know, air defense systems.
Press Bhutan, nothing works anymore.
Like, raising on Michael built and sold it to them, you know?
That's kind of what an EA18 growler does, right?
So that's why I'm like, what, you need something more?
Like, what is this discombobulator?
Anyway.
Yeah.
So, anyway, we, you know, we don't know.
and the world is nuts and it's a great name and I hope that somehow some, you know,
I hope that there is some, you know, etymological lineage from our front page into Donald Trump
saying discombobulator.
That would be funny.
It would be funny if, you know, it turns, I mean, I guess if you're working on a device
called the discombobulator, if it has like a cyber dimension, the odds that you're a Tom
Uren content consumer are probably non-trivial, so you never know.
That could be crazy.
The discombobulator.
Got to love it.
Now, staying with cyber attacks with physical effects.
A story from Risky-Dubiz, from us, from Catalan Kimpanu,
looks at reports out of Russia that a cyber attack has targeted the,
like some sort of car alarm company,
and this has resulted in the cars being immobilized
or having alarms going off and being unable to turn them off and whatnot.
Yeah, so this company is called Delta,
and they make a smart alarm system.
Yeah, so this thing is,
does appear to be relatively widely used in Russia.
I couldn't find any, like, concrete numbers
of how many customers.
I did see some state where that said this company,
so they do managed home alarms as well as like managed car alarms
and then like corporate fleet management systems and so on.
I did find one number,
which was that they had like 6,000 crews available
for responding to, you know, problems or cars that have broken down or whatever else.
So like, you know, it feels like a relatively scaled operation.
They appear to, like their internet website stuff,
to stop working their phone systems were down.
We don't really know more than that,
but people are reporting that the car immobilizing parts
of their vehicle systems are immobilizing people's cars
and they can't turn off their alarms.
And if, you know, I was talking with our producer,
Ambly earlier about having to drive down the road
with, you know, a car alarm that's on,
it's not a great experience, you know,
even if you can still drive the car,
driving down the road with the alarm going,
not a great life experience.
So, yeah, it's, details are,
a little bit sketchy, but either way, something bad happened and, you know, if this turned
out to be, hey, Ukrainian hackavits and did it, then that would be entirely, you know, believable
for everybody involved. I remember being in a similar situation, actually, once, many, many
years ago with a good friend of ours, actually, driving down the streets in his dad's old
Toyota troop carrier four-wheel drive, and the horn, the horn button was malfunctioning such that
vibrations would set it off.
So you'd be driving along and it would just be going,
beep, beep, beep, beep, beep, beep, beep, beep, beep, beep, beep.
And everyone thought that, you know, we were honking at them.
And it was like, yeah, that was, like, it almost got,
it got borderline dangerous.
Let's put it that way.
That was a fun day.
All right.
So we got a couple of stories here about goings-on in the US government.
And Sisa in particular.
So you've got this acting head of Sissar, Madugott-Makala,
and he's been grilled in front of some sort of, you know, the Homeland Security Committee.
And it just, I get a funny vibe off this guy at him.
I'm going to be honest, like, he's, he apparently failed some sort of polygraph that staff
organized for him because he kept trying to get access to highly classified information
that was shared with Sisa by another agency that it seemed a bit strange that he wanted
that access.
So they arranged a polygraph for him.
Then it turned out, you know, higher up said, well, that's an illegitimate request for a polygraph because random staff members can't just demand them.
And all of the staff involved in that got stood down.
He apparently failed this polygraph as well.
He's also tried to oust the chief information officer of CISA.
This is all while the staffing has been cut by something like 30%.
I mean, it's just you read these stories together.
and it just feels like things that Sessa have gone pretty loopy.
Yeah, I mean, Sissar has been struggling,
there's so many things that it has been struggling with this new administration.
And yeah, reading this story really does not feel you with confidence about them being able to claw the way back,
them being turned into like, okay, there are a thousand staff down,
maybe they can still turn it into an organization that gets what needs to be done,
you know, very important work that needs to be done, done.
but it does not fill you with confidence at all.
And yeah, I think you're right.
I also get like the vibes do not feel good with this guy, which yish.
Yeah, and we got another story from Politico too,
which looks at how this same guy, the acting chief,
apparently uploaded a bunch of sensitive files to a public version of chat GPT,
which sent off a whole bunch of alarms and, you know,
triggered investigations and whatnot.
Nothing classified but for official use-only documents.
Now, more interesting than the story,
itself, I think, is that someone leaked this to the press in the first place, which means,
you know, you just get the vibe. No one likes him. Yeah. Yeah, that certainly, that certainly sounds
like it to me. And, you know, I wouldn't be surprised. There's got to be so many people inside
so that, you know, regardless of who the leader is, even though it was someone great, are going
to be pretty upset with the mess that it's been over the last, you know, year or so. And combine that
with a guy that's, you know, maybe not particularly likable or maybe, you know, kind of goes about the job
in a way that people don't enjoy.
Yeah, you can totally see leaks happening.
He does not spark joy, apparently.
That's a good way of putting it.
Now, staying with the United States government,
and I love this headline.
NIST is rethinking its role
in analysing software vulnerabilities,
is the headline.
And then you read the story,
and it really feels like they're waving
the white flag on trying to catch up
on like NVD enrichment, right?
That's really what this story is about.
They're just like, no, it's too hard.
we don't need to do that.
We're just going to try to enrich important ones,
which are the ones on the Kev list.
And I'm thinking, that's probably like,
okay, sure, there's got to be a bunch of bugs that don't need to be enriched, right,
in the NIST database.
That's in the NVD.
That's fine.
I accept that.
But only enriching ones that are on like Sisa Kev feels like,
what's even the point of that?
You know, I was reading this and I just think, I mean, wow, NVD,
NVD seems like it's cooked.
Like when I read this, what do you think?
Yeah, that's a reasonable conclusion, I think.
I mean, you know, my favorite thing in this story is where they talk about how they're not going to use the word backlog anymore because it's misleading because it indicates that they're going to have to correct it.
So we're going to think of another word.
It's not backlog because that's not bad.
Oh, man, that's some that's some 1994 stuff right there.
Yeah.
Yeah, no, I agree with your take, right?
It feels like they are kind of cooked.
And, you know, the, there is, there needs to be, I think, some middle ground between,
we have to enrich absolutely everything because there is a lot of junk in the vulnerability database
and not everything needs the same amount of rigor.
The cairve lift is way too small and kind of too late, right?
Because, I mean, the point of naming vulnerabilities is to help you communicate, you know,
about patching and about, you know, the quality and severity and so on.
waiting until it's on the curve is kind of a bit, you know, after the fact you want to encourage
people to have good information and to do good quality of patching work.
And that's, you know, you know, a bit, a bit too late for that.
When something just pops up being exploited, you want to be able to go to NVD and find out
what it is, you know, not the other way around.
Like, it seems like the horse before the cart, right?
Yeah, yeah, it does.
One of the things they have floated to deal with the problems they've got is pushing the kind
enrichment obligation back down on to the CNAs, the authorities that can issue CVEE numbers.
And that sounds like a good idea in principle, except that, you know, signing up to be a CNA
is a no-cost, just fill-in-a-form kind of thing. And the organizations that are CNAs are probably
equally poorly equipped to, you know, other than the fact that I guess they have local scope.
Generally, if you're a CNA, you are a CNA for your own particular products or things that are relevant to your industry or vertical or country or whatever it is.
So there may be some motivation, but, you know, nobody is incentivized to also do this work on behalf of NIST for free, right?
The same thing.
Well, I think a shorter way of saying that is somebody still has to pay for the work.
Yes.
And, you know, also, like NIST would then have to specify exactly what data they want, like the quality of the grid.
And you end up with a much more variable quality of data
if you're letting a whole bunch of organizations fill it in
rather than the NIST kind of controlling that.
And these organizations are not necessarily beholden to NIST
and the US government's needs as well.
So like it's just, I don't think that is the solution
that they want it to be either.
And the net conclusion is they are probably cooked.
Yes, they are both cooked and chopped, as the kids would say.
And look, we're going to move on
to more bread and butter security topics in just a moment, but we do have a quick update.
Eric Geller over at Cybersecurity Dive has sort of confirmed what we reported last week,
which is that all US government agencies that we're going to participate in RSC have now
pulled out because Jen Easterly has been appointed the head of RSC, and that makes
Trump world unhappy, right?
So that was correct reporting by us last week.
Okay, this one's interesting.
So Matt Capco has the ride-up for CyberScoop, and I've linked through to Octa's blog post on this as well.
But there's a whole wave of shiny hunters vishing attacks happening at the moment.
So like, you know, voice social engineering, getting people to authenticate and whatnot.
So it looks like they're in the middle of a campaign.
What's interesting here, though, is the fish kits that they're using are really cool, actually.
Like, they are very cool.
What they enable the operator to do is when they're on the phone with the victim,
the first thing they get is the cred pair by putting that, you know, putting a prompt screen in front of the victim, right?
So they get them to browse to that screen, get the cred pair.
And I suppose the innovation here is the operator takes the cred pair, puts it into the thing that they're fishing against.
And then after they've done the cred pair, they see what MFA tech is being used, whether it's like a push or a code or whatever.
So then they can on the fly adjust the next step that the victim sees so that it matches their actual MFA method, which is very slick.
I mean, of course, this does not work for fishing resistant MFA, like, you know, Uber keys or whatever or even pass keys.
But, you know, shockingly low deployment still of those.
So they're getting a lot of traction.
So I think it's just, you know, one more data point to suggest that non-fishing resistant MFA.
is just next to useless.
Yeah, I mean, like the innovation here is building a toolkit and framework
to allow human in the loop driven real-time multifactor or fishing, right,
where you don't have to guess so much you can kind of use the human element
and lend credibility to your, the social engineering aspects
by controlling what the person and the victim is seeing on their computer at the same time
and, like, tying that, you know, the computer part and the voice social engineering part
together in real-time slick interface, you know, some scripts for making that all work nicely.
Like that's honestly kind of good work, right?
It's the not glamorous, no bugs, you know, no exciting hacking, but it's legitimately good
work.
So, yeah, and you're right.
The solution, of course, is fishing was just an orth, and this is another nail in the coffin
because, like, they're just getting so good at this kind of, you know, social engineering
techniques, you know, when they've got this technology to make it super slick and smooth.
They sure are.
And there was a real jump scare in this story too.
I don't know if you hit that power as well,
but it's Brett Winiford,
vice president at Octah Threat Intelligence.
Brett, of course,
was the founder of the Seriously Risky Business newsletter,
which these days is written by Tom Your Honor.
So, yes, he was our one-time colleague.
Shout out to you, Brett.
Now, we've got some really interesting stuff here from Sean Heerlin.
You put this one into the run sheet this week,
and it is fascinating.
So, Sean has done an experiment where he built agents on top of
Opus 4.5 and GPT 5.2 gave it vulnerability information and asked it to build exploits,
and this is a vulnerability in the Quickjs JavaScript interpreter,
gave it details about the vulnerability, asked it to prepare exploits for the vulnerability
and gave it a whole bunch of constraints and it was able to do it quite well.
So from this experiment, Sean has, I guess, form some opinions on
what the industrialisation of offensive security research
or offensive security development, I guess, would be more accurate.
What that's going to look like.
This is very, very interesting stuff.
But you've been into it in way more detail than I have.
So talk to us about it.
Yeah, so Sean Heelan is a guy that's been involved in exploit dev for a long time.
And as a guy that thinks about it in a really well-structured way, I guess.
and the particular thing he was looking at here, I guess, is, you know, we've seen a lot of work on finding vulnerabilities with LLMs and AI systems.
This is more focused on exploit development, like turning those raw vulnerabilities into things that you can use and gluing together, you know, the necessary plumbing to build a thing that can take.
Here's a bug.
Here's the real world environment in which that bug is going to be used, build an exploit.
And then in this kind of experiment that he built, he built the phrase.
where he could say like turn on specific exploit mitigation control.
So like they've all got ASLR and DEP, no exact stacks,
but he would turn on things like position independent relocation
or he would turn on sandboxing and various features
and kind of talk it through,
let the LLMs kind of build a way to bypass these exploit mitigations.
And that in itself is super interesting.
Like the came out with some like not quite novel techniques,
but kind of novel arrangements, I guess,
of kind of primitives that already existed.
but to me the thing that I really enjoyed was he built the framework and then he released it.
It's on GitHub.
You can go and see how does he chain the bugs together?
What properties did this system need to have to work well?
How much money was he spending?
What did the prompts look like?
You can see all of those gubbins.
And I love it when people release all of the details so that I can see them.
And he's got some kind of challenges for, you know, Anthropic and Open AI,
that kind of the frontier labs about kind of what, you know, how,
they should think about building, you know, improving their tools, because we talked about,
like, Dave A Tell's work at Open AI about some of the work they were doing, which is tends to
be more defensively focused, because that's an easier thing to go get budget for, I guess,
but them also pushing the state of the art in offensive work. So I think if you play in this
space, this is a blog is an absolute must read. The code is worth looking at. And some of the
conclusions he makes about like the scalability of this, like how well it does with the budget that he was
And he was spending in the order of, you know, like 10, 20, 30, a couple hundred bucks
worth of compute here.
Like, there's not millions of dollars worth of compute.
And I just think, like, it's seeing a concrete implementation of a system like this
by an expert is just super useful, you know, reading and good to understand.
You were a believer yet?
Like, I like what he did here.
You know, it's not violent discovery, but turning bugs into practical exploitation.
and the way that he thinks around how you would use this in the real world
versus in a lab environment,
I thought that was really interesting too,
because that's an insight that someone who does this for real,
brings to the table.
So, yeah, like, am I a believer?
I don't know, yeah.
I'm still out.
But, like, this is, I really love this work.
Like, I super enjoyed reading it, and, you know, I'm very grateful for it.
So I think you're a believer, and you just don't want to admit it.
That's where I think you are.
Because it's just spicy auto-corrected, bar humbug and...
I mean, the thing is, it can be both too much hype,
but also legitimately good at some things, you know?
Yeah.
Well, I mean, when I look at, you know, where we are a few years later, right?
I think the general productivity gains are pretty rubbish.
Yeah.
But in specific domains, like software development,
what AI is doing now is like way beyond where I thought it would be.
Like, it is incredible what it's doing.
And I suppose it makes sense that a language model would be good with computer languages, right?
And to bridge the gap between human languages and machine languages,
it makes total sense in retrospect.
But, yeah, when you start thinking about getting it to do just more human work,
it doesn't, no.
Yeah, I was reading the other day there's a blog and a series of work done by Steve Yegg,
who's a software developer, has been working on like,
scaling LLMs and making them do software development stuff.
And one of the bits he was talking about was how it varies between LLMs,
it varies between programming languages is how good LLMs are at constructing them.
So the difference between, say, writing JavaScript versus writing Go versus writing Python
and the suitability of those languages, which were designed for humans,
but are actually turned out better or worse for LLM.
So, you know, it's just, we are moving at such a pace.
It's crazy times.
and I feel like it's too soon to say I'm in or I'm out yet,
but it's wild at the very least.
Yeah, it is.
And I think on the business side as well,
like you look at what's happening in terms of the data centers
that Oracle has committed to building for OpenAI,
and then you look at like how much debt is involved,
both from Oracle's side and Open AI's commitments,
financial commitments are absolutely insane.
And you look at their market share not doing so well
against things like Gemini and whatever.
And you think, okay, this stuff is,
is really cool, but at what point does it blow up and become rationed and like there's so much.
Yeah.
I don't know.
It's exciting.
It's a wild time, man.
It's a wild time.
Exactly.
Exactly.
It's exciting and like, you know, could it all blow up any moment?
And it could.
Right.
And could, you know, the advances also just be amazing.
Also, yes.
So it is really, I think, you know, for someone who's covered technology, you know, my basically my entire adult life.
You know, it's really interesting to see something just so genuinely new.
It's nice to have something interesting to talk about, you know?
100%.
100%.
But look, it's not all, you know, sunshine and puppies,
because we've got a story here from Ars Technica where the maintainers of curl
have had to scrap bug bounties for their mental health.
Because people keep submitting AI-generated, like, hallucinated bugs.
And it's just got to be such a problem that they're like,
that's it, we're crushing the bounty program.
Personally, I don't think that is the solution to this problem.
I think, oddly enough, the solution is going to involve AI on the receiving end to QA, a lot of these submissions,
or even, you know, palming that off to a company that can do the triage for you,
like a bug crowd or a hackaroni, to do that work for you.
I don't think, I personally don't think ditching things like bug bounties is going to get us into a better place.
but I certainly understand the frustration of the team here.
What's your take here?
I mean, so I guess, like Badger, the guy that maintains Curl, Daniel Stenberg,
like he's been very vocal about what it's been like being on the receiving end of AI slop.
And, you know, the Curl project in particular, I think, is one that I've called out as having a, like,
you know, significantly above average maturity about how they think about security,
how they report on it.
Like the quality of their security documentation is outsource.
standing. And so Badger has always really cared about this stuff and I can see him just getting
super frustrated and table flipping. And like, I think they already use Haka-1 to triage their
bug bounty program. And I think one of the reports that pushed them over the edge had been through,
you know, came through Haka-1 and, you know, I read it and like, it makes no sense. Like the person
who submitted that didn't even try to think about what they were doing. And so I can totally feel
for him and you know I think in the end the reason that I was talking to him is you know for mental health
right and doesn't solve the problem how to deal with you know bug bounty programs and bug reports
in the modern world and I think you're right that a level of triage on the front end to save the
sanity of the maintainers is probably a good plan but for his sanity I yeah I can totally see why
removing the financial incentive to throw slop at him makes him feel good and is the right
twist for him. So like I'm I support him and you know I'm sure the curl project will continue to get
decent bug reports via other means. Yeah. Yeah. Well, I mean, we live in hope right. But let's hope
that's not the trend where everyone just says that's hit. Bug Bounty's in the bin because that was such a,
you know, that was such a hard fought, you know, innovation, right? That was such a hard fought thing to get
to get happening that it would be a shame that the, you know, and we've been through it with like
bug bounty people. Like I get.
them for God's sakes for risky.biz
where someone in a
country where they might speak a lot of English
but have low wages, there's a lot of people
looking for bugs and they'll say, oh,
we don't like the headers
on your website. It's a
vulnerability. Give me 500 bucks. And it's like
no. So I don't know. We've been through this
before with bad submissions. I get
that there's a volume problem now, but yeah, let's
hope that we don't have bug bounties going out
the window. All right. So we've got
a new Project Zero blog post here from James
Forshore called bypassing Windows Administrator Protection and when James Forshore publishes a
Project Zero blog post, we're going to talk about it. Adam, tell us all about this one.
So this is research he has been doing into administrative protection, which is the replacement
or the kind of modern incarnation of Windows user account control, the kind of a process
for elevating a privileged account up to a proper administrator account. So the thing that says,
you know, do you want to allow this installer to make changes to your system?
That's the UAC prompt.
Well, the UAC, uh, much maligned during the Windows Vista.
Uh, I would say years, but Vista was only around for a short time.
Windows Vista weeks.
Yes, exactly.
And like, UAC was bolted into Vista with good intentions, but not the world's best design.
It was never a really robust control.
And we've seen, you know, there are so many mechanisms for bypassing UAC.
They're all well documented now and widely used.
And it ended up being a control.
I will say one thing, though.
I remember from that time talking to people at Microsoft,
and they admitted that UAC wasn't that valuable a feature in the end,
but they said that they learned an awful lot.
They captured so much telemetry on what people would allow
and what they would deny, and it really helped them to develop subsequent versions of Windows.
But anyway, continue.
Yeah, I mean, I think, yeah, there is utility to these systems,
but it was not the security control of apps.
It needed to be.
Anyway, they, in Windows 11,
in upcoming releases of Windows 11,
they are going to replace that with this new mechanism
called Administrator Protection,
and James Forshaw basically couldn't help himself
and started rummaging around.
And he had some thoughts from previous UAC bypasses
or behaviours that were weird but not security relevant
in the UAC world that he went back
and kind of reconsidered in the context of the design of administrative protection.
Anyway, he's written up some of this journey.
I think there's more blog posts in the series coming.
the feature is currently not like Microsoft's still developing it so it's not in its final form
it's not currently released but yeah if you are the sort of person that needs to bypass
USC and its equivalent in the future this is probably mandatory reading if you're interested in the
gubbins of how this mechanism works you know because you're in you know you're a pen test or a red
team that needs to care like I think this is worth reading you know for everybody else you know
whose job is just keeping Windows desktops alive,
you can probably sit on this one and leave it for six months
while Microsoft sorts out what they're doing
and then you'll see what it looks like in the final state.
But yeah, as you say, when James Forshaw writes a blog post,
it is definitely, you know, worth a read
and probably worth a mention on the show.
Well, and the best time to do this sort of research
is before features are locked, right?
So that's good.
Hopefully some, you know, some forward movement on that one.
Staying with Microsoft and Spectroops have done some research here
into Microsoft MDT,
which has caused them to just retire MDT.
So first of all, Adam, what is MDT and what is Spectropps's research here?
And why did Microsoft decide to kill the entire feature as opposed to fix it?
Yeah, so the Microsoft deployment toolkit is like Windows 2003 kind of is an error thing
for doing automated deployments of Windows. Essentially it lets you orchestrate, plug a machine
into the network, PXE boots, so DHSP's and PXE boots off. The network mounts a very limited
windows into a RAMDisc and then installs itself with your relevant settings on the actual
hardware. So it's automated deployment that you would use in corporate environments
to roll out a whole bunch of machines. And this is not the kind of popular mechanism, I guess,
for doing this these days, but Spectroops were looking into it.
And like any system that has to bootstrap,
like the process of authenticating whilst your bootstrapping
authentication and accounts and credentials and so on is always a little bit fiddly.
And, you know, Spectroops pulled some threads on that.
The thing that really, and whilst, you know,
there have been ways for like stealing credentials used and abusing the accounts used,
the thing that put the nail in the coffin here is they found some bugs
in the network service that receive status updates from clients whilst they're deploying.
So you start, you know, 20,000 machines installing and you want to get progress updates.
There was an API that those will call back to.
It turns out that API is entirely unawthed.
And then SpectorOps found some like XML parsing bugs where they could cause the service
to connect back out.
And at that point, they catch the incoming credentials.
They can relay it back and all of a sudden now they've got privileged to guns.
And that was the real nail in the coffin where Microsoft were like, you know, we could fix this particular cred relaying bug.
Or we could just use this as an excuse to junk this whole product.
And I don't know what like.
It's the modern.
Is there some kind of in tune equivalent of this that has long since replaced it?
And Microsoft decided like, it's just not worth it.
Let's kill this thing.
So, yeah, good job.
I guess they get to put a little kill marker on the cider of their inspector ops plane or whatever it is when they've killed the Microsoft product.
you know a little Windows logo or something.
So yeah, good job.
Good job, PectorOps.
Always.
And we've got a Kubernetes bug here that looks pretty nasty.
Yes.
So this is a flaw in Kubernetes that if you don't run Kubernetes,
you can tune out mentally for 30 seconds while I talk about this.
So Kubernetes is a system for orchestrating, you know,
kind of container workloads in big farms of virtualized machines.
And essentially there is an authentication mechanism
that applies across the whole Kubernetes cluster,
and this orth system kind of hasn't really kept up
with the reality of their implementation.
And the result of all of this is a relatively low-ish privilege to count,
often use on monitoring the status of Kubernetes clusters,
can be leveraged into full code exec on systems running Kubernetes components.
And the floor kind of comes down to a mismatch between the design of their authentication system,
maps HTTP verbs like getting post onto kind of logical primitives of like that means we're
reading, this means we're writing, and then the reality is there are actually web sockets
where you can put more privileged commands over the top and setting up a web socket was kind of
considered not a particularly privileged operation and the normally this would be they released a patch
and that would be that. In this particular case, the Kubernetes project has said, you know what,
this is kind of working like we intended. What we intended is wrong and we're going to fix that
and the release that's going to kind of replace the authentication system
with a more fine-grained one is due, you know, middle of this year.
And so Kubernetes has said, we're just going to leave this until we've fixed it properly
by replacing the whole Earth system.
And in the meantime, tough.
So it doesn't feel great if you're a Kubernetes user.
No, but I mean, you're kind of used to it, right?
Because it's like...
I mean, Kubernetes is just so complicated.
And, like, it could be worse, of course.
But yeah, it's, you know, maybe an interim fix could also have been a thing they've done.
And maybe they will.
Who knows, they might change their mind with a little bit of publicity.
But yeah, their result is if you're a big Kubernetes shop,
then go have a look and see if there are some controls you can put in place to mitigate this
or change how you use this particular kind of monitoring level privileged accounts.
Yeah, I mean, but in this case, you would need to access an API
that is only accessible, I guess, to containers that are being managed by,
Kubernetes, right? So you would need to pop shell on one of those containers first to get access to
the attack surface here. Is that about right? Yeah, yeah, you'd need to be nearby, I guess,
like, and whatever that means in your context, you're on a machine or as an admin or on a like
monitoring system nearby or something like it's not. Even some people probably put this on the
internet, who knows? I mean, people do all sorts of crazy stuff. But yeah, you need to be nearby for whatever
that means in the context of your deployment. But I mean, it's usually when we're talking about
Kubernetes security, it's usually the case that it's like, oh, okay, someone popped one of the,
you know, one of the containers and now they get to escalate and own everything.
Like that usually is what we wind up talking about.
Just real quick, WhatsApp is releasing a feature called strict account settings,
which looks to be something akin to Apple's iOS lockdown mode,
but for WhatsApp, so it'll stop you from being able to accept multimedia files and PDFs
and whatever from people who are not your contacts and whatnot.
So that's just an interesting sign of the times.
a lot of
you know crap flying around
on social media at the moment
about how WhatsApp is broken
and like Elon Musk is pushing that
because he wants people using XDMs
and Pavel Dirov always talking about that
so he can funnel people into using telegram
so that the Russian state can surveil them
which seems to be his thing
and apparently I saw one tweet
from a very low quality account
saying that there's a lawsuit against WhatsApp
because you know people can
you know
US authorities can apparently
get into the conversations. I have no idea if that's a credible lawsuit or whatever.
But it does tie in with this next story, which is that Microsoft gave the FBI a set of Bitlocker
encryption keys to unlock suspect's laptops, according to reports. Now, this is Lorenzo's written this one up for TechCrunch.
And I've seen people retweeting this and talking about it like being this big deal. But like when you
set up BitLocker, you have the option of storing like a backup key with Microsoft, right?
So you don't have to do that.
Like, as best I remember, you can just say, no, I'm going to take my chances.
I don't need a backup key stored with Seattle.
That's fine.
So, of course, if there's a decryption key sitting there and someone is, you know,
under investigation for a very serious crime and there is a warrant involved, of course,
Microsoft's going to give that up.
It just amazes me how often stuff like this gets passed around as news.
It just really does.
And it's been 20 years of me being surprised at how often stuff like this is
around his news. Yeah, no, and I'm totally with you on that. Like, this seemed like expected outcomes.
You gave your key to somebody else. Those people are subject or warrant. You should expect
they're going to hand over your key, much like, you know, you would expect the contents of your
email or your drive or whatever other cloud services you used unless there's some particular
reason why you might not. And like things like iCloud, advanced data protection,
whatever else, which claims a layer on end-to-end controls and assuming you take those at face
value, then maybe, you know, you have some expectation. But, yeah, it
aligning your threat model and understanding of the world to the reality of what you've done,
by choosing to store your key material with Microsoft.
Yeah, I mean, that doesn't seem surprising to me,
but at the same time, thinking carefully and rationally about your threat models
and sort of realistically about them is, I guess, an expert kind of thing, right?
It's not the thing that everyday people have to do.
And so you can totally see why it makes for easy sharing.
but yeah, I wasn't surprised, I guess.
It sort of reminds me of like 20 years ago when people were outraged
that the cops could intercept like instant messengers.
Yes.
You know what I mean?
It's like, what do you?
Of course they can.
You know?
Like, it's, it's, anyway.
Yeah.
And finally, Adam, we're not going to really talk about this one too much because it's
very, very long, but Andy Greenberg has a terrific feature up at Wired.
It's a, it's a subscriber article.
You and I are both subscribers.
We don't mind paying Wired.
It's actually a pretty affordable publication to subscribe to,
and they, you know, they publish a lot of stuff that's just like fun to read.
And this is a perfect example of that.
So yeah, Andy's written up this incredible story.
He was approached by a source inside one of these scam compounds in Myanmar.
And this guy like fed him information for months upon months and tried to leak as much stuff to damage this place as he possibly could.
And Andy's just spun it into a terrific yarn.
Yeah, it's a really great.
great story, like a very human story about, you know, one particular guy from India who ends up
in the scam compounds working there and his journey of, you know, finding himself there and then,
you know, not really wanting to cooperate, having to do some scamming in the process of,
um, of being, you know, kind of captured there. And then, yeah, video calling Andy Greenberg
whilst he's walking around the compound. And it's a such a great story. It has so many
interesting angles.
Like,
there's the technical aspects of the,
like the scamming that they're doing.
There's the aspects of the story of this one guy.
There's,
Andy's kind of hand-wringing and how he feels about,
you know,
this guy could be released from the scam compound if you could earn
enough money to pay his,
you know,
his,
you know, bribe or whatever it is you pay to release yourself.
Well, basically indentured servants.
Yeah, exactly, right, to buy your freedom.
And he's like, and he's thinking, well,
I mean, you know,
it's not that much money in the context.
of, you know, an American and a big company like Connaynast and Wired,
but on the other hand, he can't pay a source for stories, he can't give this guy money,
and then he starts thinking, wait, maybe I'm being scammed?
What if, like, this tugging I feel on my heartstrings is, in fact, me being scammed?
And it's just, yeah, it's a hell of a ride of a story, and, as you say, quite long,
but if you want a lunchtime read, I like very strong recommend.
It's a great yarn, and yeah, stick with it to the end.
It's worth it.
Yeah, I mean, this is the sort of thing.
As you know, Adam, I took the big step in my life yesterday of ordering a large hammock.
And this is the sort of thing that you would read in the hammock.
So when I was reading it, I was like, damn, it's a shame that my hammock isn't here yet.
Well, problems.
Well, mate, that is it for this week's news.
Thank you so much for joining me to talk all about it.
Great stuff as always.
And we'll chat again next week.
Thanks for us, Pat. I will see you then.
That was Adam Boileau there with a check of the week's security news.
Now we're going to hear from Brian Baskin, who is the head of threat research, I guess, over at Sublime Security.
Sublime Security is a modern email security platform.
Now, there is still so many organizations out there running ancient stuff, either as like their own MTA, you know, sitting at their gateway, right?
or are they using like older cloud-based services?
You know, Sublime really is the modern hotness.
So if you're looking to upgrade or update your mail security,
I highly recommend Sublime security.
So Sublime put out a threat report,
which actually made for some very interesting reading.
I think the thing that I found most interesting in it
is the use of AI, Gen AI, in impersonation attacks,
is just absolutely booming, right?
So when chat GPT first dropped
and everybody was like,
oh my God, you know,
AI is going to come and do all of the hacking
and we're all doomed, we're all ruined.
And then it sort of didn't happen.
I think that's made people sort of pendulum swing a little bit too much, right?
And that's really what this interview is about,
is early on,
AI was very much overhyped in its applications
in terms of, like, offensive security.
And now maybe people are underestimating it a little bit,
2025 was really the year that this stuff started happening and probably even the second half
of last year. So here is Brian Baskin. I started off by asking him if people are sort of
not worried enough, I guess, about where all this AI stuff is with regard to offense. And here's
what he had to say. Yes, when people were saying years ago that AI is going to be the death of
all defenders and we'll never be able to stay on top of this, I think there was some truth to that.
It just took much longer than anticipated to get to this point. It took,
long enough for tooling, for policies, especially for the APT side, of how they actually enable it and implement AI to get to this point where now we're seeing it more commonly.
So yeah, we've definitely seen that notable rise in this last year and definitely, you know, consider that scene that larger in next year.
So what's the workflow for an attacker using AI in different scenarios as far as you can see it as sublime security doing?
stuff with email. Yeah, so there's, you know, any way that in the attack chain, you can apply AI to it, right?
So from the email side of things, we are definitely seeing an effort of reconnaissance beforehand.
We are definitely seeing these impersonations come in. We typically know that, yes,
fishing's going to pretend to be docketing. They're going to pretend to be these major services.
They're also going to pretend to be executives within your company. We're moving beyond your CEO asking
you to buy gift cards from the store into a finance officer asking you directly about another
employer, directly about a project. So it's able to get at least a little bit more insight
of saying who is part of this company, who do we think works with each other, and what type
of press releases has this company put out, what type of major announcements have they done?
And let's make a campaign around that that's actually realistic.
I mean, you were saying before we got recording that some of these guys,
like using AI to tell it to go to LinkedIn and build an org chart, you know, so that they can
study it. Oh, absolutely. I mean, if you're, if you're looking to target an IT employee,
you don't go after the CEO, you go off to the CTO with the CISO. Well, you go after, I mean,
it used to be you'd go after the domain admin, right? And like, Red Teamers would do that
recon manually, but like now it's going automatic. Right. And you don't know exactly who is
having that authority, right? You don't know who inside the company, I think some companies
are getting smarter about not advertising on their LinkedIn profiles that I have domain admin access.
But you can at least say, okay, this major corporation has multiple business branches up.
It has multiple business units.
So let's try to figure out exactly which one we're targeting for whatever intellectual property we're trying to steal or who has the most money we can steal from.
Not just this big, massive global conglomerate overall, but what business unit can I try to get myself into and to persuade myself into?
And absolutely linked it. Yeah, I mean, you can just shoot it a company.
It will troll through. It will find the org chart. It will find, we'll actually build the org chart.
It will find the titles. It'll find the names, the individuals, the officers.
And try to find this very specific person that you want to target.
And so it's great. It's great for actually building out the campaign that way.
Yeah. Now, one thing that I noticed like reading through your report, right, is that just, you know, cold emailing as an executive and saying, hey, can you
you know, do a trade, can you send $100,000 over here?
Like that seems to have gone out the window.
And these days it's very much about dropping in on an existing thread, right?
The thread might be about something completely different,
but hijacking it, you know, gives people an air of legitimacy,
which tends to see them get more successful.
I mean, this seems like from the numbers that you've put in your report,
seems like a really big trend.
Oh, yeah, definitely big trend.
And there's the impersonation we've seen over the years, right?
There's been the actual compromised inboxes being leveraged for this.
I did answer response for many years.
I've seen actual emails being compromised and the actors using that inbox to then just start jumping into existing threads.
Now we're actually starting to see this trend of brand new threads being generated on the fly with context, with the actual key personnel involved.
But it's all AI generated.
It's all just made up.
And that's the actual first email is a pretend content.
out to the individual saying, don't worry, we already have approvals, everything's in place,
just click yes and send us money.
Don't reach out to anyone.
And so, yeah, it goes beyond that, just say, hey, give me money to give me money and
everyone's side of the corporations already approved on this.
Everyone is in the no on this.
Just do it.
Yeah, yeah.
So when we look at the numbers, right, we are seeing this, you know, big boom in
Gen. I. In particular, being used to do impersonation. Now, obviously, you want to be using a
decent mail security platform to try to detect when something's funny with someone who's participating
in one of these threads. But I mean, eventually we're going to have to have like a bit of a
multi-layered defense just around impersonation, right? Like, you know, as I mentioned to you before we got
recording, I've spent my head in this a little bit because I'm trying to do some work with some founders
who are looking at this issue of, you know, impersonation
and trying to build some anti-impersonation tech.
It's a wicked problem,
and I sort of feel like we're massively underprepared for it,
and this year it's going to really hurt.
What are your feelings on that, right?
As someone who's observing these threads,
you've got a front row seat,
seeing how people are doing these.
I sort of feel like, I don't feel like we're prepared.
Let's put it that way.
So, yeah, on the social level,
you are targeting a CEO, you're targeting a CTO,
you're targeting someone who probably has a very public persona and a profile.
They've got no mannerisms, right?
They don't use punctuation.
They don't capitalize their letters.
So a smart attacker is able to use AI to then generate context around that,
knowing what their mannerisms are and build an entire email based around that.
Whereas, you know, in social level, you have defenders who are looking at this email coming
in from the CEO, and everything is spelled perfectly, everything is punctuated nicely,
and they can tell easily, this does not read white.
is not the same emails I get from this person on a regular basis.
That's the hard problem to figure out, right?
Because that's a lot of social training inside your organization of what are you expecting
to see in content from this person versus what you're actually seeing inside this email.
And on the technical layer as well, you know, you're seeing the AI being generated for the impersonation.
You're seeing AI being, say, to impersonate actual products being implemented, new features coming out,
new product announcements, looking at press releases that just came out on.
on a Friday, and now the next Monday there are fishing attacks related to that very specific
incident, saying, in response to this new product, here are new features that we need your
additional input on. Click here and please give us your feedback. Click here to now log in and test
it out as an employee. I mean, just being able to make everything context aware by essentially
throwing like, you know, scripted AI at it is pretty amazing. You know, I mean, I guess a prompt is the
new script, right? I mean, where it gets interesting for me is, I don't know if you saw that video
that's been kicking around the last month or so on social media of some guy who is real-time
deep faking the cast of Stranger Things on a video. So you see a video of him, you know,
moving his head around and whatever, and then it just cycles through all of the different cast
members of Stranger Things. And it's just like, it is so good. You would absolutely not know
that that was AI. So I think for a long time, we've relied on, you know, voice.
and video as the last points of human verification.
You could get someone on a FaceTime call and say,
hey, you know, is this you?
Now, look, there's still going to be a bit of engineering work
involved in faking a FaceTime call in particular
because, you know, Apple closed to hardware, blah, blah, blah, blah, blah.
However, we could pretty easily see that this is,
you know, that these last indicators,
these last proofs are about to go out the window,
I mean, what do we do at that point?
I mean, deep fakes has been this red flag for years, right?
Everyone's been saying that's going to be the next big social attack and we've been hearing it.
It has been true, but it's been, like you say, a very slow uptake because there is a processing time involved with that.
You can't just do it on the fly.
It's happened, though.
It's happened like with audio deepfakes.
We have seen audio deepfakes doing high value fishing, right?
My point is now it's going to go to video and now we're like, okay, well, what do we do next?
You can do it on the fly instantly.
Absolutely. This is a whole new camping. This is a whole new territory of, you know, you don't have the ability to nitpick an image to try to find traces of AI in it. You're not able to look for these little things to stand out. You have to be able to identify it on the fly in a large scale video recording. Extremely difficult, right? So now you're looking beyond the face. You're looking beyond the voice and you, again, back to those mannerisms, is this how someone would react in that situation? Is this how they speak?
is this the right tone they use and the right phrasing?
It is back to context.
Someone can mimic a voice, they mimic a face, but can they mimic a personality?
Well, I mean, you were just talking about how they're using AI to get that context.
Right.
But I guess context collected from an inbox is different to context about mannerisms or whatever.
But if you've got enough video footage of a chief executive speaking on panels and whatever,
like, I don't know, I think you can kind of get there with the mannerisms, with the context, with whatever.
But look, all of this is to say that,
you know, for the time being, we've got to use the best tools that we have available
across every domain, including email.
One of the things that I found interesting in your report was just looking at the lengths
that these attackers are going to to try to evade detection by email security platforms.
I mean, how much of an arms race is this?
Like, are they actually able to consistently come up with ways to bypass detection on platforms
like sublime and then you have to add in the detection?
or is it too hard to evade?
What's the state of that arms race, I guess, is what I'm asking?
It is very complicated, and there is definitely, to a point, a whack-a-mole situation.
There are ways you can do very large-scale detections and try to figure out,
is there a suspicious or malicious activity on any type of file hosting out there?
You can get lots of false positives, but there is a capability of doing that,
but we're definitely starting seeing more legitimate-looking attacks
using these smaller unknown sites.
We're starting to see people use Canva
and start seeing that on the more regular basis
of graphical design generation,
using how I'd help that?
But now adversaries know
they can actually use that
to create credential fishing pages.
And Canva being a generally smaller site
is a known good site.
It is trusted,
but also not something
that a lot of generations
have seen in email security
across their multiple security products.
We're starting to see the same
for a lot of products, PICTO chart, air table, smart sheep. These are various services that are
popping up on a regular basis. These are a lot of startups who are just coming out of the woodwork,
and they're doing these exact same things. Attackers are finding them before legitimate people are.
Yeah, so the evasion game is like how to abuse a legitimate service in a way that, you know,
you can't just block that legitimate service from your customers.
You can't just block it because it has to be expected at some point. It's a known
service, you can't just stop this whole entire business contact that you might be receiving
through that. And it's not just the actual file being hosted, but those are actually emails being
sent through these services. So you may have a young startup company using another young startup
company to send emails. You can't just outright block those. So it makes it very difficult,
it increases just this entire attack landscape of services that can be used and leveraged for this.
and half the ones that we're seeing
are things I've never heard of six months ago.
Yeah, it's funny, man,
because this morning when I was reading through this threat report,
I went into Slack and I said that my head hurt
because the line between, you know,
the technical line between what is malicious
and what is, you know, legit now is so blurry.
And it hurt my head.
But Brian Baskin, that's all we've got time for.
I will drop a link into this week's show notes
so people can read that threat report themselves.
But thank you very much for walking us through it.
Hi, thank you, Patrick.
That was Brian Baskin there from Sublime Security.
Big thanks to him for that.
And big thanks to Sublime Security for being a risky business sponsor.
And that is it for this week's show.
I do hope you enjoyed it.
I'll be back next week with more security news and analysis.
But until then, I've been Patrick Gray.
Thanks for listening.