Welcome to today's PTG podcast, where we talk about the latest breaking cyber news. And. I was just reading where it says that, it looks like Russia. Is laying the groundwork for cyber attacks on us infrastructure.
yup.
So I know yesterday we were talking, I was like, oh, I wonder if they're going to hit small companies but really, again, looking at colonial pipeline, they could hit just about anything
I don't know if you saw this, but there was already. Some evidence of scans. Against, I think the top five energy companies in the United States.
No, I didn't see that.
Yep. The FBI reported that they literally have proof that they scan the systems for software vulnerabilities, which again is why we so strongly suggest using the right tool. Because even when vulnerabilities are found in software there's tools that can help to prevent, exploit even in the presence of vulnerability. Cause some of these software tools are very intelligent.
Yup.
It's really astonishing. while we do know that right now, there's not a silver bullet, although we may be getting close to it. There's so many advancements happening in quantum computing last night, I was up just literally dropped to the floor.
Some of these advancements are just groundbreaking, but while we don't have a silver bullet right now, It's really shocking to see that such critical places as our power grids and it's things like that, that our nation relies so heavily upon not using the best tools available. That is really shocking, the best tools available right now. We know what they are and they're not using them.
I feel like a lot of it is relationships versus common sense almost. So it's if they have existing relationships with vendors, even if it's not the right choice we've worked with some people too that were maybe a little behind the times. It seems like a lot of things that are government related are really behind
You started tracking all the red tape and all that. And then you don't have the swift ability to act the mobility and the agility that's required to stay aligned with the cutting edge and keep yourself protected, you start to fall behind
I think it's similar to medical too, where a lot of those systems are they have big control systems and they're probably using outdated. Sadly, probably Microsoft's windows operating systems that are outdated. Gosh, they're probably still using windows XP in certain situations. you'd be surprised the statistics of people still using ancient operating systems like that. And I think the big picture here is that you just can't connect those things to the internet, give them free reign.
When there are so many security holes there. And that's why like BJ was saying what the XDR, that's a nice layer. Not going to protect against everything, but at least it's more effective solution at detecting exploitation of some of these weaknesses and visibility. And then, certain situations, you might not be able to patch a scatter system for example, but. At least you have that sock.
And first of all, you have the technology and then you have a sock, a 24 7 security operation center US-based background checks, cybersecurity engineers watching over everything, 24 7, at least you ha if you have that type of. in place. That's going to significantly reduce the odds of a breach. It's not going to protect against everything or all situations, but like I saw yesterday, there was Microsoft reported a huge OAuth breach It's called OAuth.
Oh, Off. And basically, have you ever logged into a website and it says. Instead of creating an account log in with Google or Facebook or something like that,
yes,
yeah. So that's what OAuth. is. That middleware that allows you to skip the account creation process. by granting access to one of the things, your username password for one of the other platforms, and then authorizing it by API.
Okay.
So that was breached. And that was confirmed yesterday. this is a perfect example of something like XDR, this would be out of scope, right? So that's on a cloud hosted, probably a big provider like micro. You and I are not going to have access to their security, right?
explain that for a second though, please, Craig, because that's becoming very prevalent on the way. I've you see that with a lot of sites now where you can log in with Google or Facebook or apple even. And so whose technology is that? And is it centralized? What is the vulnerability.
no, I think it's an open source middleware. layer that typically uses what's called API technology to link two systems together. And it basically more rapidly allows for user creation and onboarding. of you creating A unique username and password, you would reuse your Facebook login or your Gmail login, for
But is that technology owned by the same place and reused by all these different apps that use it? Or is it different? Although places it's used or.
No, I think it is centralized. I'd have to research it to know for sure, but I'm pretty sure that it's a centralized layer. almost like a Microsoft that. out with it. It might be open source though. I'd have to research it. All I know is that it's a middleware kind of software that allows the user to bypass the unique credential creation on the site. By leveraging. I never used to like it, to be honest with you.
I've really not used that function before, because I always thought if they get breached, then. You know that's a problem. And then here we are, they got breached yesterday.
Wow. I've been seeing an uptick in the presence of that API. I used to see it once in a while. And now I see it on almost every platform I use almost every platform offers me to log in that way.
I've thought about that. I'm like, Do you and then You can change You want this to use Facebook or whatever. And I'm like, yeah. Then I'm like how does this work? I've never actually looked into it.
I use it all the time personally. Cause I've been seeing it so much lately and it's so convenient, because gosh, that account creation step is such a hassle it's just so tiresome to do it over and over again. But here we go with the convenience versus security thing, we'll have to do some research and see who's technology. Is it, and is it one piece of technology that's being used over and over again by lots of different platforms?
Yeah. again, I'd have to research it to know for sure. I don't know if the breach was associated with just the OAuth layer itself or was it. O auth with Microsoft or OAuth with Google. I don't know if all of the systems were breached. I just know that. Prior to yesterday. I knew there were some vulnerabilities and risks there. But then I saw the news yesterday that there was a breach. So, let me see here. Lapsis L a P S U S dollar sign. Lapses hacking group.
Breached Microsoft and an authentication from Okta. Is called Okta. So it looks like that's one single company. it must be centralized one centralized company.
So also big news yesterday was the Greek public postal system was hit with ransomware and their services were offline. So literally people were not getting mail, I guess their public postal service was offering.
Yeah, I saw that. I'm going to share my screen here and I'll show you. Can you see that?
Yes.
So this is right on okta.com website. This is their statement. They're looking to do a thorough investigation. About the hacker group. So it says that a small percentage of customers, approximately 2.5% have been impacted. And their data may have been viewed or acted upon. So they have a breach. It looks like their initial investigation says it's 2.5%, they'll have to do their forensics to figure out if it was really more than that or not.
we know just from how breaches work, that what the initial picture looks like is not always accurate
what's strange though, It's they go over here and say, Octa service has not been breached. fully operational. So it's confusing. So was it preached or not?
So it sounds like they're saying that a small portion of customers got breached, but not their technology somehow.
Yeah, I don't know I have to study this some more. I think what they're saying is Only 2.5% of their customers were affected. but what's weird is they don't use the word breach there and then they say here, That it wasn't breached down here. So it's confusing. we'll have to just wait and see what the final. Report says. but other websites were saying that it was breached. So I don't know. It's early to tell
Yeah
I'm taking away from this, and I could be wrong of course, but it sounds to me almost like they were breached, but they don't necessarily know the extent of the breach, because it says that they're looking into the claims that. the hacker group breach them. So to me, it sounds like. they. don't know yet. They can probably say this with honesty, but it seems like it might be a little misleading and maybe I'm being a little bit cynical, But that's kinda what it sounds like to me.
So if you pull up another website, like here, CNN. It says Octa concedes, hundreds of clients could be affected by breach. And then it says here on wall street journal, this was an hour ago. Okta says hundreds
Yeah.
customers may have been caught in a hack. Or in hack.
Yeah, it says Octa has over 15,000 customers. So I'm guessing that's a lot of the platforms that we see that technology on. it seems very clear that they're scrambling to clarify what's going on. So there's not really a clear answer right now.
okay. So if you think about it, they have hundreds of customers. How many. Credentials did all those hundreds of customers have. It's almost like they're trying to minimize the so if one of those is or or whatever, that It could be millions.
That's a good point. Cause there are mentioning 15,000 customers so a lateral movement on a system like that when you have 50,000. Platforms that have millions of customers, the lateral movements that we know are so common in, breaches now. I'm no mathematician, but that sounds exponential to me. Microsoft confirmed that the lapses extortion focused hacking crew has gained limited access to it.
Systems as authentication services provider, Octa revealed that nearly 2.5% of its customers have potentially been breached. And it sounds like Microsoft was one of them. Hacky crew has gained limited access to its systems.
That's huge.
Yeah.
That's so interesting because not all things just seem to go in tandem because when I was talking, when we first started today about the jaw dropping advancements in quantum computing lately, they sent around the weaker. Microsoft has partnered with ion Q, they're really leading things in the contract computing space with their trapped ion technology.
that's, what's going on Microsoft Azure, but also Microsoft has released groundbreaking breakthrough that their team has made in regards to topological cubits. And that's really significant. And so it's interesting that now Microsoft their systems have at least partially been breached, like how interesting, how it goes in tandem.
Isn't it also interesting that these big providers like Microsoft and obviously they're in the cross hairs of the hackers. Cause there's the bigger payday, isn't it also interesting how people over to these platforms for, cloud services, right? So a lot of customers, small, medium and large enterprise have moved to the cloud and moved their information and their data to the cloud. And then now there's all these breaches that are happening.
it'd be interesting to learn and understand if there's going to be a push backwards, to bring things back in house for businesses, on premise, opposed to cloud. And, I always recommend that use encryption, even when using a cloud service, because at least if you encrypt your data in the cloud and hackers breach defenses of Microsoft, for example, then at least again, it's a layered approach, right? So at least they would hit a encrypted payload. it's just interesting that.
We're in this kind of dynamic where lots of companies for past decade or so have moved to the cloud because grass is greener in the cloud. Utility cost it's cheaper. I don't have to buy expensive servers anymore. And then now I think you're going to see. I've already saw some data on this, where companies are actually bringing the stuff back in house now, and they're not doing cloud anymore.
That's so interesting. And here's this guys, this was buried in an article, way down deep. I find so many interesting things buried, right? Craig taught us with the settings the other day, the interesting tidbits are always buried. So I found an article last night. I have to mention that to you guys. But listen to this, it's buried in this article. This. From CloudFlare is saying this of particular concern is that the breach hadn't been reported for the last two months. So this is not new.
This is only being talked about now it happened two months ago. So they've had two months of dwell time. Now this lap lapses and of particular concern to me reading this is that it says Microsoft described lots of us as a group following pure extortion and destruction model without deploying ransomware payloads. So this sounds more an attack. Seeking to destroy. They're not asking for ransoms, they're just trying to destroy.
So when that happens, then when we start being state actors and things of that nature, but listen to this, I read an article last night and the headlines were totally misleading. The headlines of the article said that hackers and especially foreign threat hackers are now focusing on and the financial system and the AIS and the financial system. But when you dig into the article and start reading it, there's actually a term for it.
Now it's called machine learning security, because I guess some of the AI machine learning, models that especially are used in the financial sector, those models are very bold. 'cause this is a evolving field. And so the machine learning models are vulnerable to cyber attack. And so I guess some of the state actors are actively looking to exploit the machine learning models used in the financial sector. And here's the tidbit that was hidden at the bottom.
The real concern here is that they're worried that they can't. Exploit vulnerabilities in these financial machine learning models and cause them to believe certain things to be true and cause it to affect pricing on the stock markets. the algorithms that decide the pricing models.
I think kind of sheds more light on is the need for code review of the coding layer of the machine learning in this case. There needs to be annual or quarterly code review. The language that's chosen Python, for example, is popular at AI and ML. But the point is that. you're not vetting and testing the code, how do you know what's really in there? It's what I've said for a long time. Like when you buy products off the shelf, you don't know if there's hidden back doors
And there are techniques that they use, those heavy DVOs techniques and we know, that they became very good at social media profiles, mass amounts of fake profiles. That's the concern with the financial machine learning models that they can produce these high level. Inaccurate profiles and information and they can cause the actual machine learning algorithms models to make decisions contrary to what the financial system wants them to make based on their coding.
But they're making these decisions based on the high level of inaccurate information they're being fed by the hacking teams. And so literally we're talking about. A possible upheaval of a financial system, because if the stock markets were to be affected by these machine learning models, what is the ramifications of that? Wow. We're talking about groundbreaking potential here. This is a possible upheaval of a whole system possibly. That is huge.
That's definitely crazy to think about for sure.
Could you imagine if some hackers changed the price to Microsoft or Google stock to a dollar, even if it was just for an hour and then if people bought it at that price, now they have supporting evidence that they paid a dollar for it or whatever. you fix that?
Yeah, right? The algorithm, didn't go down. It just made a decision.
I think it was six months ago where it was a glitch in the crypto system. I think it was on Coinbase And it said that I was a, truly an error or something.
Yesterday, my baby, it started playing this game on his fire tablet. He's two years old. He's going to be three. And this is the one that calls himself.com dragon. He was playing this game called subway surfer. And you guys probably heard of it. I'm not a gamer, but it's a very popular game and you have to buy tokens with actual cash, you buy tokens. Some glitch happened in his tablet and he has 10 trillion tokens. My daughter She's beside herself.
She's Oh, my God. And she won't give his tablet back. Cause she's bought everything. Get some goods has awarded my baby 10 trillion tokens on this game. And she's a big gainer and she's that's impossible. I've never seen that before. He's got everything you can possibly have in this game now.
You better check and make sure that he didn't accidentally find a way to buy all
my bank account, it would have been denied. Now I'm just hoping the same blitz happens to my crypto wallet. Sorry.
Or maybe the AI will get into the stock market. Everything will go down and we'll be all be trillionaires.
Yeah. I posted an article to you guys in the chat this morning about some big crypto analysts are predicting that. That crypto Bitcoin and altcoins is going to go parabolic in April. When you really look at all this, they're worried about the financial models being manipulated, and then you have a possible crypto bull run come in. Cause we've been expecting it everybody thought it was coming last summer and definitely by the winter, it didn't come.
Maybe there was, who knows what was going on behind the scenes. But it seems like now there's a lot of chatter about it. And then you have the inflation, you have all this stuff, even Tesla raised their prices on their satellite internet recently space X, because of inflation and we've seen evidence of this happening with cash.
And then now you have talked with the bull run with crypto and you have risk of financial models, making decisions based off whatever data they're being fed by bad actors. Are we on the verge of a perfect storm here? Oh my gosh. If I can find it quick enough, I'll read to you what Microsoft didn't post this very publicly, but they sure did put it on their research blog about this advancement, right? Okay. Here it is about their topological cubits.
This is a major breakthrough and they say on their books. From Microsoft and we believe ultimately it will power a fully scalable quantum machine in the future, which will in turn, enable us to realize the full promise of quantum to solve the most complex and pressing challenges. Our society faces.
This is major it's very interesting, but it sounds like they might need the help of their quantum machine to deal with their possible has happened with the AP, because I guess there's no time like the present for the machine to rise up and help.
And Craig, I told BJ when we talked a little bit this morning and I told her. That if Bitcoin or crypto did take off and I do become a millionaire, I'll stay working for you.
Oh, thanks.
If we can do podcasts every day, we can keep doing this every day. And my boyfriend can just go build a boat somewhere. Life would be great.
Last year, Craig and I spent a lot of time researching altcoins and I, to this day firmly believe that some of the decisions that were made were very smart. And even though they haven't been fruitful yet, I don't think that changes the fact that they were very smart decisions because of. Power and research and digging deep into things yields good results.
There was an article popped up this morning and it says that basically, and maybe this has something to do with people talking about crypto going parabolic next month, but there was this quiet article saying that internet computers. is possibly the final layer to web three because it takes the reliance off of web two tech away because this internet, computer blockchain, it ties all the web three blockchains together and makes them interoperable. And that's the internet computer.
And we know that there's the CYA coin that, has the decentralized storage and it's actually running the most transactions of any blockchain per day. And. I find that internet technology on it. And when you factor that with internet computer, that all the blockchains together, you can see yesterday, we were talking about the current tech. If you were to picture it as one, entity was a patched, a monster walking around on crutches.
But then you look at what I just described there and you see something different. More like a quantum machine, possibly. So maybe it's all, at the same hour. We have a possible crypto bull run because we have that final layer with the internet company. Which is, currently down 98%, just so everyone knows FYI, we don't give financial advice, but it is down 98%
I just want to ask, do you have any advice that we can give our listeners as to what to do to protect against this OAuth right now?
Yeah. what I would do is I would log in to any websites that you're using. And change it, you can change it so that you can your password and, maybe create an account or set up a different email. That's secondary that's one way to mitigate the risk. So it's not affecting you. there's so much more investigation that has to happen to see, it could be too late, meaning you could be one of the 2.5%,
have to be one of the 2.5% cause Microsoft was, and who's not connected to Microsoft. That's where the numbers get tricky. Because Microsoft was part of the 2.5%, but everyone's part of Microsoft.
I guess too, though if that is the case, if their data is already stolen, that sucks, but maybe it's a good time to go. And like you said, update passwords. Change, the email addresses, things like that, because if they steal your credentials, you're reusing the same password and login information. They can get into whatever they want.
again, a perfect time to look at the right tools. XDR cause like you pointed out Craig, it doesn't have a protection for something like this, but what it does have is the ability to change its code. Every. And be coded to look for certain things. so once we know what this breach is doing, that algorithm will be coded to look for those things. Again, the XDR is the right way to go for this kind of.
Yeah. This is why I don't usually use something like That because let's give you an example. Let's say I go to a website I don't create an account, maybe I use Gmail and I click on okay. Use Gmail and skip the account creation process because it's faster and easier. The reason why I've never done it is if they have a breach, they have my Gmail username and password. So I have multi-factor set up on all my properties.
So even if they got the username password, they're going to get stopped by that layer. But it's still though, like you're trusting. It goes about much do you trust each of the vendors that, you're doing business with, or if you're not even doing business and you just use their service, you still have to give them a certain amount of trust. And quite frankly, with the world that we live in now and the threat.
I think we should move to more of a zero trust or a trustless, methodology where create an account on your own. Go through the extra hoops and layers, use a unique and password. Apple has recently took it a step further. they even create what's called burner emails. so, you can actually never disclose your email address create fake emails that are associated with yours. Okay. You can, as a consumer, be more stingy about the information that you give out and that'll better protect you too.
Thank you for that.
yeah. Let's wrap up here for today. And then we can continue on tomorrow.
Sounds good. Do you guys have a great day?
you too.