Wendi Whitmore, Chief Intelligence Security Officer, Palo Alto Networks, examines the cybersecurity landscape and how artificial intelligence and geopolitics are impacting global businesses. Wendi also weighs in on the revelation that hackers bribed overseas support agents for Coinbase to steal customer data for use in social engineering attacks.
Coinbase's recent stock rally was briefly dented by news of thee hack, which is expected to cost the company $400 million and prompt a US regulatory investigation.
See omnystudio.com/listener for privacy information.
Episode Transcript
Bloomberg Audio Studios, Podcasts, radio news. This is Bloomberg Business
Week with Carol Masser and Tim Steneveek on Bloomberg Radio.
Speaker 2 (00:13):
Hey, you mentioned Emily Graffeo some of the stuff happening
when it comes to hacks coinbase specifically, I'm gonna read
some headlines here, Okay, Sequoia Capital Partners data hacked and
Coinbase breach. Coinbase hack highlights how greed can overwhelm cyber defenses,
coinbased customer data stolen. Just a sample of headlines from
(00:36):
Bloomberg News and from the Wall Street Journal. This garnering
our attention on a day such as today and kind
of perfect to have Wendy Whitmore back with us. She's
chief intelligence officer of the one hundred and twenty eight
billion dollar market cap Palabelto network. She joins us from
Santa Clara, California. Wendy, good to have you back with us.
The Coinbase hack, I think, really highlights how our information
(00:59):
is at rich even if we think as consumers, as
users of these products and services, it's safe. I mean
when you talk about the type of data that's at
risk here, I mean we're talking images of drivers' licenses,
being available to hackers as a result of accessing the network.
Talk to us a little bit about what we know
regarding this hack and what it highlights about the vulnerabilities
(01:22):
out there.
Speaker 3 (01:24):
Yeah, hey, thanks Tim, great to be back here today
with you. So, I think what you highlighted is really
just the fundamental problem we see here, which is how
challenging it is for organizations to defend against every possible
type of attack. The really interesting part of this case
is that these attackers have demanded twenty million dollars in
ransom payment, and coinbases really turn the table on them
(01:47):
in something that we haven't seen yet, which is a
very public disruption of the attacker. And they said, you
know what we're going to do. We're going to invest
twenty million dollars into a fund that goes after finding
out who the attackers are that are responsible for this
attack and bringing them to justice. And I think, you know,
as the largest cybersecurity company in the world, we at
Palo Alto Networks, we don't ever want to see any
(02:08):
client be paying a ransom, But we have not seen
organizations previously take this kind of tactic, and I think
what they're doing to disrupt the incentive structure and to
make it a little more challenging. And I think attackers
in the future asking the question of a wait, I
don't know if I want that twenty million dollar international fund,
which is going to mean people who you know, I
(02:30):
may be in my network, but maybe willing to kind
of turn me over to international law enforcement. I think
they're going to start asking questions, and disruption in this
cycle is really critical.
Speaker 2 (02:41):
Yeah, I mean, I the sense that I have is
that our information is not safe. I mean, I don't
know how many times a day I get text messages.
I probably get half a dozen text messages from these
so called pig butchers. I oftentimes I don't even pick
up my phone if I don't recognize the number. I mean, honestly,
the world we live in when it comes to this stuff,
(03:02):
it's pretty annoying. Like this is a very annoying place
to be as a consumer right now. Is it going
to get any better? Or is this just the reality
that we live with?
Speaker 3 (03:11):
Yeah, it's a great question. I don't think you're alone
in that sentiment whatsoever. It is challenging, right So, we
are actually blocking thirty one billion attacks per day across
our customer base, and up to nine million of those
every single day are new attacks where their novel we
haven't seen that same type of vector. So that gives
(03:31):
you an idea of what companies throughout the world are
up against. And then certainly you highlighted some examples that you,
as an individual consumer are feeling. So your question though,
was you know, hey, is it getting any better?
Speaker 2 (03:43):
It's not getting any better for me, will it?
Speaker 3 (03:48):
I think it can get better, and I think that
we're seeing AI actually be a massive tool for the
side of the defenders because, as I highlighted, we're up
against such a major scale problem, these attacks are going
to be more sophisticated. Real time defense is absolutely critical.
So what you're going to start seeing tim certainly at
the company level, all of the technologies we're able to
(04:10):
use are actually making us able to scale against that better.
But you're going to see that get into your consumer
technologies as well, where they're going to start doing more
effective blocking and you're going to receive less text match
messages moving forward that are scams in nature.
Speaker 4 (04:24):
When you talk about AI, you know, something that comes
to mind is just how scammers can use AI to
say impersonate so impersonate a parent, a family member, a
loved one and try and hack you that way. How
concerned are you that the advancement of this technology like
(04:45):
we're not going to be able to keep the defenses
up strong enough to kind of combat the growth of
cyber criminals using AI.
Speaker 3 (04:54):
Well, I think there's two parts of it to really
hit effectively to answer your question. First is on the
tech side that has to continue to get better. But two,
we have to continue to increase awareness at the public
level and then make sure that people are making smart
decisions about how they use technology. So when we look
at it at a wider spread level in organizations, we
(05:15):
see what you're talking about. Just last week, we were
investigating a case where we were working for a firm
who was a victim of ransomware, and we were negotiating
with the attackers to try to get additional information from them,
and it became very clear almost instantly that we weren't
talking to a person on the other end, but we
were actually talking to a chatbot that they had enabled
(05:36):
to do the negotiations for them. We certainly will continue
to see more of that. Another example that we saw
just in the last couple weeks of investigating a case
for a major organization, the attackers, once they got inside
the environment they actually used, they went straight to that
company's internal large language model and started interacting with it
(05:58):
to try to get more sinse me asking them questions
about where the domain controllers were, what were their names,
and finding out information that was actually helpful for them
in the course of an attack. So that means that
in order to really be successful here, organizations have to
fight AI attacks with AI on the defense, and that
has to be in real time.
Speaker 2 (06:18):
And then what do we do as consumers? I mean,
I know a guy who was getting calls like that
looked like it was from his bank. It literally said
his bank's name on the phone, and he was so
close to actually giving up the information when he realized
that it wasn't actually his bank. Like, what are we
supposed to do as consumers?
Speaker 3 (06:35):
Well, I think we've got to approach every conversation unfortunately
with skepticism, do that same with every message. But for
your bank, for example, most banks will say, hey, we're
not going to reach out to you and ask you
for personal information. Everywhere you can use multi factor authentication,
it not only sometimes adds a little bit of time
for you to get in, but it's going to make
(06:56):
it a lot harder for an attacker to try to
log in as you and essentially try to steal money
or move money or maybe infact a social media account
if they have to go through a number of additional
steps to get there as well.
Speaker 2 (07:11):
All right, well leave it on a positive note. Make
sure to have two factor authentication, art time unique passwords too,
is something that we hear over and over again when
it comes to sort of safe security hygiene. Wendy always
appreciate you joining us. Wendy Whitmore, chief intelligence officer of
the one hundred and twenty eight billion dollar market cap
Palo Alto Networks, joining us from Santa Clara, California,
Hosts And Creators
Tim Stenovec
Carol Massar
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Amy Robach & T.J. Holmes present: Aubrey O’Day, Covering the Diddy Trial
Introducing… Aubrey O’Day Diddy’s former protege, television personality, platinum selling music artist, Danity Kane alum Aubrey O’Day joins veteran journalists Amy Robach and TJ Holmes to provide a unique perspective on the trial that has captivated the attention of the nation. Join them throughout the trial as they discuss, debate, and dissect every detail, every aspect of the proceedings. Aubrey will offer her opinions and expertise, as only she is qualified to do given her first-hand knowledge. From her days on Making the Band, as she emerged as the breakout star, the truth of the situation would be the opposite of the glitz and glamour. Listen throughout every minute of the trial, for this exclusive coverage. Amy Robach and TJ Holmes present Aubrey O’Day, Covering the Diddy Trial, an iHeartRadio podcast.
Good Hang with Amy Poehler
Come hang with Amy Poehler. Each week on her podcast, she'll welcome celebrities and fun people to her studio. They'll share stories about their careers, mutual friends, shared enthusiasms, and most importantly, what's been making them laugh. This podcast is not about trying to make you better or giving advice. Amy just wants to have a good time.