February 28, 2025 • 23 mins
Today's episode dives into the intersection of AI behavior and digital security concerns. We discuss a startling incident involving a malfunctioning AI robot and explore a new ransomware threat known as Ghost.
• Overview of an AI robot incident that raised ethical concerns
• Examination of Asimov's Laws of Robotics and their relevance
• Introduction to Ghost ransomware and its impact on multiple industries
• Discussion on backup security strategies and resilience against ransomware
• Insights into the evolving tactics of ransomware attacks, including Ghost's methods
• Encouragement for businesses to prioritize future-proofing their data security
We encourage listeners to reach out with questions or further discussion on data backups and data security measures.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 2 (00:19):
We are live.
Speaker 1 (00:20):
Here's your daily weather report from Tampa and St
Pete.
Speaker 2 (00:23):
Sunny outside, a cool 76 degrees, with a
southwesterly wind coming in offthe sea Sunshine coming through
your windows and we're feelinggood on the highways here.
Speaker 1 (00:32):
Traffic is a little light out there.
Keep your heads up and yourcoffees full.
This is Privacy, please.
Ladies and gentlemen, we gotsome pretty hot topics, gabe.
I'm going to go ahead and sharemy screen for this one to start
us off.
Let's see how we think aboutthis.
So I'm pretty sure a lot ofpeople saw this, but it's pretty
crazy.
So there's a video in Chinathat an AI robot allegedly
(00:56):
attacks the crowd at a festival.
Everybody's saying so it begins.
So let's go ahead and just showthe video real quick.
In my opinion, gabe, so itbegins.
Let's go ahead and just showthe video real quick.
In my opinion, gabe.
In my opinion, as we talkedoffline, I think, a human in the
crowd said something to therobot and the robot got offended
(01:18):
and then they had to hold himback.
That's what I see in this video.
Speaker 2 (01:23):
Let's watch the video .
Let's have a look.
That's what I see in this video.
Let's watch the video.
Speaker 1 (01:29):
Let's have a look.
Come at me, bro.
First of all, he doesn't evenhave a head.
Where's his head?
There's no head.
What are your first thoughts?
Speaker 2 (01:35):
on this game.
My first thoughts is if he hada head, you'd probably hear him
say bite my shiny metal ass.
That's my first thought.
My second thought is whoevercreated that robot obviously
never read asimov's I robot.
There are three very, very,very simple rules, very simple
rules in the handbook ofrobotics, 56 edition, 2058 ad.
(01:57):
They are a robot may not injurea human being or, through
inaction, allow a human being tobecome, come to harm.
That's rule number one.
It's right there in the rules.
Rule number two a robot mustdestroy the order must obey.
Must obey the orders given byhuman beings, except where such
orders would conflict with thefirst law.
(02:18):
See the laws even work inharmony.
Rule number three the third andfinal law a robot must protect
its own existence as long assuch protection does not
conflict with the first orsecond law.
Pretty straightforward thisrobot does not seem to have much
regards for the law.
It's an interesting video.
I don't know what to take awayfrom it.
(02:40):
I'm just glad it's not one ofthose Boston Scientific jammies,
you know.
Speaker 1 (02:45):
Yeah, seriously.
Speaker 2 (02:51):
Somewhere here in the US accidentally shoving someone
.
I don't know what thedifference is really, other than
distance in that sentiment Ijust expressed, like at least
it's way over there, not wayover here.
Speaker 1 (03:03):
Yeah, agreed, I mean.
(03:24):
So it seems like it was a.
Speaker 2 (03:25):
They're claiming it as a robot, an ai robot, and I I
glitched today I saw sorry,forget, identify once, once,
once you start wiring in more,and not some, but more
electronic prosthetics, so tospeak.
Right, yeah, what they'recalled, but all augmented bodies
, yeah, why?
Why can't I use that excuse?
(03:46):
I mean you, I mean there's lotsof good reasons why I actually
can't use that excuse well, um.
Speaker 1 (03:53):
So in in all seriousness, though, what it's
not like, it's not surprising.
You know, we've seen the movies, and what it makes me think of
is, uh, terminator makes methink of iRobot.
Like you said, I don't reallyunderstand why we're making
these kind of robots, like.
What was the purpose of thatrobot at that?
Like, are they supposed to besecurity?
Is it just like?
(04:14):
Was it a presentation?
Were they showing something?
I haven't really looked into itthat much, but hard to tell.
Speaker 2 (04:21):
There's a lot of real world application to those
types of humanoid-style robots,especially when it comes to
repetitive tasks that involvelifting heavy objects, that
certainly seems like the thingthat is much, much better suited
for those kinds of robots thanhumans.
Speaker 1 (04:38):
Yeah, like warehouse workers.
Speaker 2 (04:40):
Yeah, and I know there's a problem there in the
context of well, what happens tothose people?
Do they lose their jobs?
That's a different conversationfor a different podcast.
Quite frankly, I'm not evengoing to touch it right, it just
is.
I will acknowledge that that isa question to be answered, not
by me and not now.
Yeah, fair, and so there'sdefinitely a lot of legitimate
(05:02):
use for these types of robots.
But your question is the mostvalid one, like what's it doing
out there?
Right, what's the robot doingout there?
I think the answer is.
Qa is what it was.
Speaker 1 (05:13):
Yeah, like let's just throw them out there in a crowd
pool, they would take it intothe quality assurance.
Speaker 2 (05:16):
run to see how it would do and apparently it
glitched, yeah or got offendedwho knows yeah, or got offended
who knows yeah, who knows whoknew software could glitch.
Speaker 1 (05:26):
Let's just not give them knives or guns, thanks, no
weapons.
Speaker 2 (05:30):
I think those ships have sailed yeah.
Speaker 1 (05:35):
I mean, you know, I think we should treat it as if
it's a wild animal, Like thinkabout playing with a cat and how
they can just flip on you andjust bite you because they're.
Speaker 2 (05:47):
That's why I don't keep big cats in my house.
House cats are the limit to age.
But it's a good analogy, thoughit's different than when you
play with a little rock and sockand robot, but now you've got a
life-size.
Yes.
Speaker 1 (06:00):
Exactly.
We should probably keep thembehind.
If, if anything, let's justcreate a robot.
Speaker 2 (06:07):
Cameron wants to round them all up and put them
in work camp well, I mean robots.
Replay this episode of privacy,please.
100 years from now, we won't behere.
Your great-great-grandchildrenare safe now.
I hope so too.
Speaker 1 (06:22):
Don't know, leave a message behind for them that the
robots might come looking forthem, because cam said no
judgment to the robots if you'rehearing this 100 years later,
but we should test it out inlike a you know, not quite a
work camp.
Speaker 2 (06:38):
Just, you still can't leave and there's still bars
and boundaries.
We're going to keep you here.
Speaker 1 (06:44):
Right, right.
I mean, that's an idea rightthere.
Speaker 2 (06:48):
You could just power them off at night.
But then you get into like thatwhole severance territory of
like yeah, what about?
Speaker 1 (06:54):
Do you remember?
This reminds me, do youremember that movie Passengers
now?
Speaker 2 (07:00):
I'm not sure I've heard of it.
Speaker 1 (07:01):
Tell me it's the one with Chris Pratt, and I know who
that guy is.
And uh, lawrence, the girl from.
Uh, the girl from um the thatone series the book the Hunger
Games that girl.
Speaker 2 (07:18):
Basically it's about like.
Speaker 1 (07:20):
it's about like the girl from that one series, the
book the Hunger Games, that girl.
Basically it's about amalfunction in a sleeping pod on
a spacecraft traveling to adistant colony planet wakes one
passenger 90 years early.
Speaker 2 (07:34):
So they're basically stuck on this thing between just
them two and robots.
Speaker 1 (07:39):
That's interesting.
Yeah, yeah, it's pretty cool itwas.
It was a.
It was an okay movie, um, butthere was a quote in the movie
that I was trying to find that Ireally liked let me see if I
can find it, because the thebartender in the movie was a
robot and he said something tochris pratt's character.
That was let me see.
Yeah, he said, um, he saidsomething to Chris Pratt's
character.
That was, let me see, he said.
He said a friend once said youcan't get so hung up on where
(08:00):
you'd rather be that you forgetto make the most of where you
are.
We get lost along the way, butwe find each other and we made a
life, a beautiful life,together.
Speaker 2 (08:10):
I don't know that that first quote was not certain
how we got from robotspummeling humans to this quote,
but I love it.
Yeah, it got a little random.
Speaker 1 (08:18):
I like it.
It was just a little squirrelmoment for me.
I like it, squirrel.
Speaker 2 (08:20):
I'm here for it.
Speaker 1 (08:21):
But if anything, that was an insightful quote.
You brought it back to thepeace and love train.
I'm here for it.
Right, okay, yeah, which is?
I thought that was fascinatingabout the AI robot I'm sure a
lot of people have seen it andeverybody's freaking out about
it.
Speaker 2 (08:38):
We got two good quotes today.
We got that quote and we gotbite my shiny metal ass from
Bender.
Speaker 1 (08:44):
You can't go wrong, it's a quotable day and I'll
tell you what Futurama was.
That was more of my favoritethan the the simpsons be honest
tough call, they're both good.
They're both good, yeah I can't, I can't choose, I can't choose
.
But bender is a really greatcharacter.
He's my, he's my spirit robotyeah, he's fantastic, so shout
(09:05):
out to bender shout out, um, andif you know futurama wants to
sponsor this show, that'd begreat yeah, or sue us because we
played an entire episodewithout your.
Sue us.
Yeah, that works too, don't saythat.
Or don't, allegedly, allegedly,allegedly Don't do that,
anyways, because we don't havethe show.
Everything's all left in,unless you know it's rare, but
(09:28):
anyways, let's talk aboutanother topic.
Gabe, you had brought this upon your socials, so people can't
at you there on this one.
Speaker 2 (09:37):
Yeah, we'll allow it, the judges will.
You can at me.
You can at me in the socials,where I posted this in
particular yeah, it was somelike a ghost ransomware attack,
something revolt like resolved,I think the real news here is
that right that the fbi issued ajoint announcement about a
ransomware group, and what'snews there is that there are a
(09:59):
lot of ransomware attacks everyday.
I think I've seen the numbersright, you know around 1.7
million attacks a day.
For the FBI to issue a criticaladvisory notice about a
ransomware group you knowsuggests that there is something
certainly uniquely worth payingattention to, because all the
other ransomware groups haven'tmagically disappeared and
ransomware hasn't magically goneanywhere.
But this group known as Ghostis carrying out a series of
(10:23):
ransomware attacks, asignificant number of them
targeting multiple industriesand across more than 70
countries, which is also notunique, but it is different than
a lot of ransomware patterns.
A lot of ransomware patternsare fairly concentrated For what
it's worth.
A lot of them are fairlyconcentrated, like at the US,
but others are regionallyconcentrated, right like they're
(10:44):
intentionally targeting folks,you know, maybe in the Middle
East or Europe.
Another quote for you.
Yeah, yeah, hit me, quote me.
I ain't afraid of no ghosts.
Oh, this is good, this is good,I ain't afraid of no ghosts
bite my shiny metal ass, that'sright that's right no, it's bite
(11:08):
my shiny metal ass.
I ain't afraid of no ghosts.
There it is, there it is.
That's the quote, that's it.
Speaker 1 (11:13):
That's a, this is, this is.
This is the theme of theepisode.
We'll see how many more quoteswe can get out of this content.
Speaker 2 (11:19):
Yes, yes.
Speaker 1 (11:20):
So what does this mean, Gabe?
What is this ghost ransomware?
Speaker 2 (11:23):
Well, one of the other things that's different
about this ransomware inparticular and it's not unique,
but it's different than many ofthe others is it is leveraging a
primarily non-phishing styleattack.
What does it mean by that?
So yeah, it's not phishing itsway into organizations.
Ultimately, any ransomware hasto get inside the boundaries of
(11:43):
your business, right, whateverset boundaries might look like,
and phishing is, for certain,one of the number one entry
points for that kind of activity.
But this one, it's a goodreminder that there are know
there are lots of differenttactics that Ransomware uses.
There's no shortage of tacticsthat Ransomware uses, and it's
not always going to come inthrough the front door, so to
speak, like these guys, likeGhost.
It's going to come in through,you know, the side door.
(12:06):
Don't leave it unlocked.
Don't leave it unlocked, don'tleave it unlocked.
I think one of the other veryinteresting things about this
group, the Ghost group, that'sworth noting is they're using
Cobalt Strike, which iscompletely freely available.
You know, it's open sourcesoftware.
You can get paid versions ofthis too, but it's an adversary
(12:29):
simulator, right.
It simulates what a red teamdoes inside of an organization,
does inside of an organization,and so it's using these readily
available tools off the shelf tocomplete its mission, which,
for me, is kind of two ways tolook at this.
The first is that should makeit easier for organizations to
identify, certainly, but it alsois like, yeah, this should have
made it.
Our networks, to some degree,shouldn't allow these types of
(12:51):
toolings to exist on systems inthe first place.
But I'm not going to pretendthat's easy for everyone to do.
The last thing I think that'snoticeable about the FBI's
announcement is that they callfor organizations to ensure they
have backups and securedbackups, a topic that is
obviously near and dear to me,and what I take away from this
is the FBI has always suggestedthat you have backups as part of
(13:15):
your plan, and the reason forthat is because and what looks
like to be the case in thisscenario is these adversaries
are pretty aggressive and fairlypersistent, and my read into
that is yeah, you can expectthat they will get in if you
have these issues, and you canexpect that you're going to have
a better chance of recoverythan stopping it and cleaning up
(13:39):
.
I mean, it's a stark reminderto everyone what needs to be
done about our businesscontinuity, planning our
disaster recovery capabilities.
We have to be resilient toransomware.
Simply trying to stop it isn'tgoing to win the day.
(14:00):
It doesn't really stop there,though.
I mean we talked about thisbefore, but one of the things
that ransomware tends to dotoday is goes after those very
backups, because the ransomwaregroups know that you are going
to go to those backups torestore your business.
So Ghost also does those things.
It exploits lack of isolationin between where backups are and
(14:22):
where operating networks are.
It destroys those on-networkbackups.
It moves laterally to cloudnetworks where they are
integrated.
It disables shadow copy of data.
It intentionally goes out ofits way to hamper your recovery
capabilities.
That is by design.
It makes it more difficult foryou to recover by design, and
(14:46):
that's more reasons why havingthe backups is just half of the
resiliency solution, whateverpercentage you want to put on it
.
But the other side of the havethe backups is the protect the
backups right.
Speaker 1 (14:59):
So is it like have a backup of a backup.
Speaker 2 (15:01):
Well, that's the strategy that is employed today.
I mean it's called the 3-2-1strategy.
I mean it's called the 3-2-1strategy, 3-2-1-1-1, once you
start including immutable copies, right?
So the strategy as it isoutlined requires you to have
three copies of your data on atleast two types of media, at
least one of them off-site andimmutable.
(15:22):
And so, yeah, the answer toyour question is have a backup
of some of your backups and abackup of those backups and then
secure them.
That's the only way you can doit.
That does become a problem,though.
That gets expensive, it's like.
So now I got to make threecopies of the same thing,
especially if I have a lot of it.
The answer is yes.
The answer is there's alsopeople that will help you take
care of those things, lowerthose costs.
(15:43):
There is Shout out.
Speaker 1 (15:44):
Back up those that Myota, okay, okay, so let me
take it back.
So, ghosts, are they the onlyones out there doing this unique
approach?
Not at all.
Speaker 2 (15:57):
That's the thing it's not unique so much that it's a
bit different amongst themajority of groups operating the
usual tactics that we see.
Operating the usual tacticsthat we see.
We see far more phishingattacks as the primary vector
when, in the case of Ghosts,what we see is a series of CVEs
(16:18):
being exploited, that they'releveraging vulnerabilities in
Fortinet, the 40OS appliances,servers that are running Adobe,
coldfusion, microsoft SharePoint, microsoft Exchange.
This is commonly referred to asthe proxy shell attack chain.
Speaker 1 (16:36):
All right, so tell me if I'm on the right track here.
So, basically, they focus orthey don't focus on data
exfiltration, but they do demandpayment for decrypting data.
Speaker 2 (16:48):
Yeah, what does that?
Speaker 1 (16:49):
mean At a high level.
Speaker 2 (16:52):
So the FBI has not observed a lot of activity going
back to any known Cobaltservers or any activity out of
the breached entities that havebeen looked at.
It doesn't look like there's alot of data being exfiltrated.
This group doesn't seem to besuper interested in the.
We're going to take your dataand sell your data, so that's
the other side of ransomwareright.
(17:14):
Yeah, that's more of the doubleransomware, so to speak.
Encrypt your data and force youto pay for it, then go sell it
again, or tell you to pay mesome more or I will sell it.
And then they sell it anyway.
Because what are you going totrust?
Are you going to trust aransomware group to hold their
word Like come on guys.
Speaker 1 (17:29):
So it looks like they use a couple different tactics
to make it very challenging todefend against, compared to just
using one way in.
Yes, is that the assumption?
So they exploit lack ofisolation, they destroy
on-network backups, cloudnetwork vulnerability, disabling
shadow copies, and I mean, doesthat sound right?
Is that on?
(17:50):
Yeah, that's all.
What are shadow copies?
Are those?
Speaker 2 (17:53):
They are copies of data that's kept inside of an
operating system.
For a copy of an application,data that's kept Like local
recoveries yeah, it's a localrecovery.
Okay okay, okay, that's the bestway to put it I'm kind of
stumbling on my words here but,like Active Directory, for
example, keeps a volume shadowcopy of its database that is
(18:13):
locked and that can't beaccessed during runtime.
But if something fails you canrecover from that volume shadow
copy.
But there's also attacks, usingtools like Mimikatz, that will
make it very easy that allowsyou to steal that volume shadow
copy.
Very easy, that allows you tosteal that volume shadow copy.
And in the case of theattackers, they like to disable
(18:36):
and destroy those volume shadowcopies because you can just use
them through Right.
Speaker 1 (18:38):
So I'm a little confused.
I mean, it sounds like they goafter the backups, but the FBI
is advising to prioritize backupsecurity.
Oh, I see I read it wrong.
So prioritize backup securityyes, not just the backups.
Speaker 2 (18:50):
That's the thing.
If I told you, hey, I encryptedyour data, you might think to
yourself next, huh, I wonder howhe protects my encryption keys.
It's the same thing.
Like you backed up the data,well, how do you protect the
backup data, right?
Like you made it immutable, howdo you protect the immutability
capability?
You put a big steel door on thefront of your house, well, how
do you protect the door?
(19:10):
Right?
Like you know, okay, is it?
Speaker 1 (19:13):
yeah, it's fascinating though it's, it's
interesting though, but why?
Why this all?
Maybe maybe I don't know if youcovered this, but why is this
all of a sudden coming up?
I guess?
Is it just because ghost is new?
Nobody's ever heard of them.
Speaker 2 (19:28):
I I don't know the the answer, that one as to why
the fbi is putting this out now.
My, my guess is just awidespread impact of it seems to
be moving fast and hard and andhitting 70 countries is a lot
right like it's super active,that's very active, that is very
, very, very active.
Speaker 1 (19:48):
So more of like an awareness campaign kind of thing
.
Speaker 2 (19:50):
Yeah, for sure.
Yeah, and it's exploiting CVEsthat go all the way back to
2009,.
Right?
So that's another problem,right?
These are issues that hellwe've known about for a long
time.
What's up with that?
Speaker 1 (20:04):
So that makes sense.
Yeah, let's let them know nowyou know, 20 years later, almost
20 years later, yeah, and takeany takeaways before dropping
off on this.
Speaker 2 (20:15):
I mean we certainly should.
Because it's a quotable kind ofday, we should share a couple
of quotes from some of the otherfolks around the industry.
So you know Juliet Hudson, theCTO at Cyberverse, you know
she's quoted as stating Ghost isa dangerous nation state actor
which organizations must makeeffort to protect against.
So if this is a nation-stateactor hitting that many nations,
(20:38):
just like 70 differentcountries all over the place, it
suggests that there's really noboundaries to what activity
they're willing to get into.
Speaker 1 (20:47):
Okay, Well, lots of stuff going on AI, robots,
ransomware, attacks, which arealways going on but that's a
pretty interesting story, though, in itself.
I mean it's nice to see someonebringing awareness to it, but I
guess it's never too late, thebest time was yesterday.
Speaker 2 (21:06):
The second best time is today.
Speaker 1 (21:08):
Yeah, Well, if anybody has any questions more
on, you know, data backups anddata backup security and
anything like that, or anyonethat knows more on these topics
that want to come on the show orjust uh chat with us, hit us up
.
Yeah, yeah, um, that'll be allfor this week and, uh, we'll see
you guys next week.
We are live.
Speaker 1 (00:20):
Here's your daily weather report from Tampa and St
Pete.
Speaker 2 (00:23):
Sunny outside, a cool 76 degrees, with a
southwesterly wind coming in offthe sea Sunshine coming through
your windows and we're feelinggood on the highways here.
Speaker 1 (00:32):
Traffic is a little light out there.
Keep your heads up and yourcoffees full.
This is Privacy, please.
Ladies and gentlemen, we gotsome pretty hot topics, gabe.
I'm going to go ahead and sharemy screen for this one to start
us off.
Let's see how we think aboutthis.
So I'm pretty sure a lot ofpeople saw this, but it's pretty
crazy.
So there's a video in Chinathat an AI robot allegedly
(00:56):
attacks the crowd at a festival.
Everybody's saying so it begins.
So let's go ahead and just showthe video real quick.
In my opinion, gabe, so itbegins.
Let's go ahead and just showthe video real quick.
In my opinion, gabe.
In my opinion, as we talkedoffline, I think, a human in the
crowd said something to therobot and the robot got offended
(01:18):
and then they had to hold himback.
That's what I see in this video.
Speaker 2 (01:23):
Let's watch the video .
Let's have a look.
That's what I see in this video.
Let's watch the video.
Speaker 1 (01:29):
Let's have a look.
Come at me, bro.
First of all, he doesn't evenhave a head.
Where's his head?
There's no head.
What are your first thoughts?
Speaker 2 (01:35):
on this game.
My first thoughts is if he hada head, you'd probably hear him
say bite my shiny metal ass.
That's my first thought.
My second thought is whoevercreated that robot obviously
never read asimov's I robot.
There are three very, very,very simple rules, very simple
rules in the handbook ofrobotics, 56 edition, 2058 ad.
(01:57):
They are a robot may not injurea human being or, through
inaction, allow a human being tobecome, come to harm.
That's rule number one.
It's right there in the rules.
Rule number two a robot mustdestroy the order must obey.
Must obey the orders given byhuman beings, except where such
orders would conflict with thefirst law.
(02:18):
See the laws even work inharmony.
Rule number three the third andfinal law a robot must protect
its own existence as long assuch protection does not
conflict with the first orsecond law.
Pretty straightforward thisrobot does not seem to have much
regards for the law.
It's an interesting video.
I don't know what to take awayfrom it.
(02:40):
I'm just glad it's not one ofthose Boston Scientific jammies,
you know.
Speaker 1 (02:45):
Yeah, seriously.
Speaker 2 (02:51):
Somewhere here in the US accidentally shoving someone
.
I don't know what thedifference is really, other than
distance in that sentiment Ijust expressed, like at least
it's way over there, not wayover here.
Speaker 1 (03:03):
Yeah, agreed, I mean.
(03:24):
So it seems like it was a.
Speaker 2 (03:25):
They're claiming it as a robot, an ai robot, and I I
glitched today I saw sorry,forget, identify once, once,
once you start wiring in more,and not some, but more
electronic prosthetics, so tospeak.
Right, yeah, what they'recalled, but all augmented bodies
, yeah, why?
Why can't I use that excuse?
(03:46):
I mean you, I mean there's lotsof good reasons why I actually
can't use that excuse well, um.
Speaker 1 (03:53):
So in in all seriousness, though, what it's
not like, it's not surprising.
You know, we've seen the movies, and what it makes me think of
is, uh, terminator makes methink of iRobot.
Like you said, I don't reallyunderstand why we're making
these kind of robots, like.
What was the purpose of thatrobot at that?
Like, are they supposed to besecurity?
Is it just like?
(04:14):
Was it a presentation?
Were they showing something?
I haven't really looked into itthat much, but hard to tell.
Speaker 2 (04:21):
There's a lot of real world application to those
types of humanoid-style robots,especially when it comes to
repetitive tasks that involvelifting heavy objects, that
certainly seems like the thingthat is much, much better suited
for those kinds of robots thanhumans.
Speaker 1 (04:38):
Yeah, like warehouse workers.
Speaker 2 (04:40):
Yeah, and I know there's a problem there in the
context of well, what happens tothose people?
Do they lose their jobs?
That's a different conversationfor a different podcast.
Quite frankly, I'm not evengoing to touch it right, it just
is.
I will acknowledge that that isa question to be answered, not
by me and not now.
Yeah, fair, and so there'sdefinitely a lot of legitimate
(05:02):
use for these types of robots.
But your question is the mostvalid one, like what's it doing
out there?
Right, what's the robot doingout there?
I think the answer is.
Qa is what it was.
Speaker 1 (05:13):
Yeah, like let's just throw them out there in a crowd
pool, they would take it intothe quality assurance.
Speaker 2 (05:16):
run to see how it would do and apparently it
glitched, yeah or got offendedwho knows yeah, or got offended
who knows yeah, who knows whoknew software could glitch.
Speaker 1 (05:26):
Let's just not give them knives or guns, thanks, no
weapons.
Speaker 2 (05:30):
I think those ships have sailed yeah.
Speaker 1 (05:35):
I mean, you know, I think we should treat it as if
it's a wild animal, Like thinkabout playing with a cat and how
they can just flip on you andjust bite you because they're.
Speaker 2 (05:47):
That's why I don't keep big cats in my house.
House cats are the limit to age.
But it's a good analogy, thoughit's different than when you
play with a little rock and sockand robot, but now you've got a
life-size.
Yes.
Speaker 1 (06:00):
Exactly.
We should probably keep thembehind.
If, if anything, let's justcreate a robot.
Speaker 2 (06:07):
Cameron wants to round them all up and put them
in work camp well, I mean robots.
Replay this episode of privacy,please.
100 years from now, we won't behere.
Your great-great-grandchildrenare safe now.
I hope so too.
Speaker 1 (06:22):
Don't know, leave a message behind for them that the
robots might come looking forthem, because cam said no
judgment to the robots if you'rehearing this 100 years later,
but we should test it out inlike a you know, not quite a
work camp.
Speaker 2 (06:38):
Just, you still can't leave and there's still bars
and boundaries.
We're going to keep you here.
Speaker 1 (06:44):
Right, right.
I mean, that's an idea rightthere.
Speaker 2 (06:48):
You could just power them off at night.
But then you get into like thatwhole severance territory of
like yeah, what about?
Speaker 1 (06:54):
Do you remember?
This reminds me, do youremember that movie Passengers
now?
Speaker 2 (07:00):
I'm not sure I've heard of it.
Speaker 1 (07:01):
Tell me it's the one with Chris Pratt, and I know who
that guy is.
And uh, lawrence, the girl from.
Uh, the girl from um the thatone series the book the Hunger
Games that girl.
Speaker 2 (07:18):
Basically it's about like.
Speaker 1 (07:20):
it's about like the girl from that one series, the
book the Hunger Games, that girl.
Basically it's about amalfunction in a sleeping pod on
a spacecraft traveling to adistant colony planet wakes one
passenger 90 years early.
Speaker 2 (07:34):
So they're basically stuck on this thing between just
them two and robots.
Speaker 1 (07:39):
That's interesting.
Yeah, yeah, it's pretty cool itwas.
It was a.
It was an okay movie, um, butthere was a quote in the movie
that I was trying to find that Ireally liked let me see if I
can find it, because the thebartender in the movie was a
robot and he said something tochris pratt's character.
That was let me see.
Yeah, he said, um, he saidsomething to Chris Pratt's
character.
That was, let me see, he said.
He said a friend once said youcan't get so hung up on where
(08:00):
you'd rather be that you forgetto make the most of where you
are.
We get lost along the way, butwe find each other and we made a
life, a beautiful life,together.
Speaker 2 (08:10):
I don't know that that first quote was not certain
how we got from robotspummeling humans to this quote,
but I love it.
Yeah, it got a little random.
Speaker 1 (08:18):
I like it.
It was just a little squirrelmoment for me.
I like it, squirrel.
Speaker 2 (08:20):
I'm here for it.
Speaker 1 (08:21):
But if anything, that was an insightful quote.
You brought it back to thepeace and love train.
I'm here for it.
Right, okay, yeah, which is?
I thought that was fascinatingabout the AI robot I'm sure a
lot of people have seen it andeverybody's freaking out about
it.
Speaker 2 (08:38):
We got two good quotes today.
We got that quote and we gotbite my shiny metal ass from
Bender.
Speaker 1 (08:44):
You can't go wrong, it's a quotable day and I'll
tell you what Futurama was.
That was more of my favoritethan the the simpsons be honest
tough call, they're both good.
They're both good, yeah I can't, I can't choose, I can't choose
.
But bender is a really greatcharacter.
He's my, he's my spirit robotyeah, he's fantastic, so shout
(09:05):
out to bender shout out, um, andif you know futurama wants to
sponsor this show, that'd begreat yeah, or sue us because we
played an entire episodewithout your.
Sue us.
Yeah, that works too, don't saythat.
Or don't, allegedly, allegedly,allegedly Don't do that,
anyways, because we don't havethe show.
Everything's all left in,unless you know it's rare, but
(09:28):
anyways, let's talk aboutanother topic.
Gabe, you had brought this upon your socials, so people can't
at you there on this one.
Speaker 2 (09:37):
Yeah, we'll allow it, the judges will.
You can at me.
You can at me in the socials,where I posted this in
particular yeah, it was somelike a ghost ransomware attack,
something revolt like resolved,I think the real news here is
that right that the fbi issued ajoint announcement about a
ransomware group, and what'snews there is that there are a
(09:59):
lot of ransomware attacks everyday.
I think I've seen the numbersright, you know around 1.7
million attacks a day.
For the FBI to issue a criticaladvisory notice about a
ransomware group you knowsuggests that there is something
certainly uniquely worth payingattention to, because all the
other ransomware groups haven'tmagically disappeared and
ransomware hasn't magically goneanywhere.
But this group known as Ghostis carrying out a series of
(10:23):
ransomware attacks, asignificant number of them
targeting multiple industriesand across more than 70
countries, which is also notunique, but it is different than
a lot of ransomware patterns.
A lot of ransomware patternsare fairly concentrated For what
it's worth.
A lot of them are fairlyconcentrated, like at the US,
but others are regionallyconcentrated, right like they're
(10:44):
intentionally targeting folks,you know, maybe in the Middle
East or Europe.
Another quote for you.
Yeah, yeah, hit me, quote me.
I ain't afraid of no ghosts.
Oh, this is good, this is good,I ain't afraid of no ghosts
bite my shiny metal ass, that'sright that's right no, it's bite
(11:08):
my shiny metal ass.
I ain't afraid of no ghosts.
There it is, there it is.
That's the quote, that's it.
Speaker 1 (11:13):
That's a, this is, this is.
This is the theme of theepisode.
We'll see how many more quoteswe can get out of this content.
Speaker 2 (11:19):
Yes, yes.
Speaker 1 (11:20):
So what does this mean, Gabe?
What is this ghost ransomware?
Speaker 2 (11:23):
Well, one of the other things that's different
about this ransomware inparticular and it's not unique,
but it's different than many ofthe others is it is leveraging a
primarily non-phishing styleattack.
What does it mean by that?
So yeah, it's not phishing itsway into organizations.
Ultimately, any ransomware hasto get inside the boundaries of
(11:43):
your business, right, whateverset boundaries might look like,
and phishing is, for certain,one of the number one entry
points for that kind of activity.
But this one, it's a goodreminder that there are know
there are lots of differenttactics that Ransomware uses.
There's no shortage of tacticsthat Ransomware uses, and it's
not always going to come inthrough the front door, so to
speak, like these guys, likeGhost.
It's going to come in through,you know, the side door.
(12:06):
Don't leave it unlocked.
Don't leave it unlocked, don'tleave it unlocked.
I think one of the other veryinteresting things about this
group, the Ghost group, that'sworth noting is they're using
Cobalt Strike, which iscompletely freely available.
You know, it's open sourcesoftware.
You can get paid versions ofthis too, but it's an adversary
(12:29):
simulator, right.
It simulates what a red teamdoes inside of an organization,
does inside of an organization,and so it's using these readily
available tools off the shelf tocomplete its mission, which,
for me, is kind of two ways tolook at this.
The first is that should makeit easier for organizations to
identify, certainly, but it alsois like, yeah, this should have
made it.
Our networks, to some degree,shouldn't allow these types of
(12:51):
toolings to exist on systems inthe first place.
But I'm not going to pretendthat's easy for everyone to do.
The last thing I think that'snoticeable about the FBI's
announcement is that they callfor organizations to ensure they
have backups and securedbackups, a topic that is
obviously near and dear to me,and what I take away from this
is the FBI has always suggestedthat you have backups as part of
(13:15):
your plan, and the reason forthat is because and what looks
like to be the case in thisscenario is these adversaries
are pretty aggressive and fairlypersistent, and my read into
that is yeah, you can expectthat they will get in if you
have these issues, and you canexpect that you're going to have
a better chance of recoverythan stopping it and cleaning up
(13:39):
.
I mean, it's a stark reminderto everyone what needs to be
done about our businesscontinuity, planning our
disaster recovery capabilities.
We have to be resilient toransomware.
Simply trying to stop it isn'tgoing to win the day.
(14:00):
It doesn't really stop there,though.
I mean we talked about thisbefore, but one of the things
that ransomware tends to dotoday is goes after those very
backups, because the ransomwaregroups know that you are going
to go to those backups torestore your business.
So Ghost also does those things.
It exploits lack of isolationin between where backups are and
(14:22):
where operating networks are.
It destroys those on-networkbackups.
It moves laterally to cloudnetworks where they are
integrated.
It disables shadow copy of data.
It intentionally goes out ofits way to hamper your recovery
capabilities.
That is by design.
It makes it more difficult foryou to recover by design, and
(14:46):
that's more reasons why havingthe backups is just half of the
resiliency solution, whateverpercentage you want to put on it
.
But the other side of the havethe backups is the protect the
backups right.
Speaker 1 (14:59):
So is it like have a backup of a backup.
Speaker 2 (15:01):
Well, that's the strategy that is employed today.
I mean it's called the 3-2-1strategy.
I mean it's called the 3-2-1strategy, 3-2-1-1-1, once you
start including immutable copies, right?
So the strategy as it isoutlined requires you to have
three copies of your data on atleast two types of media, at
least one of them off-site andimmutable.
(15:22):
And so, yeah, the answer toyour question is have a backup
of some of your backups and abackup of those backups and then
secure them.
That's the only way you can doit.
That does become a problem,though.
That gets expensive, it's like.
So now I got to make threecopies of the same thing,
especially if I have a lot of it.
The answer is yes.
The answer is there's alsopeople that will help you take
care of those things, lowerthose costs.
(15:43):
There is Shout out.
Speaker 1 (15:44):
Back up those that Myota, okay, okay, so let me
take it back.
So, ghosts, are they the onlyones out there doing this unique
approach?
Not at all.
Speaker 2 (15:57):
That's the thing it's not unique so much that it's a
bit different amongst themajority of groups operating the
usual tactics that we see.
Operating the usual tacticsthat we see.
We see far more phishingattacks as the primary vector
when, in the case of Ghosts,what we see is a series of CVEs
(16:18):
being exploited, that they'releveraging vulnerabilities in
Fortinet, the 40OS appliances,servers that are running Adobe,
coldfusion, microsoft SharePoint, microsoft Exchange.
This is commonly referred to asthe proxy shell attack chain.
Speaker 1 (16:36):
All right, so tell me if I'm on the right track here.
So, basically, they focus orthey don't focus on data
exfiltration, but they do demandpayment for decrypting data.
Speaker 2 (16:48):
Yeah, what does that?
Speaker 1 (16:49):
mean At a high level.
Speaker 2 (16:52):
So the FBI has not observed a lot of activity going
back to any known Cobaltservers or any activity out of
the breached entities that havebeen looked at.
It doesn't look like there's alot of data being exfiltrated.
This group doesn't seem to besuper interested in the.
We're going to take your dataand sell your data, so that's
the other side of ransomwareright.
(17:14):
Yeah, that's more of the doubleransomware, so to speak.
Encrypt your data and force youto pay for it, then go sell it
again, or tell you to pay mesome more or I will sell it.
And then they sell it anyway.
Because what are you going totrust?
Are you going to trust aransomware group to hold their
word Like come on guys.
Speaker 1 (17:29):
So it looks like they use a couple different tactics
to make it very challenging todefend against, compared to just
using one way in.
Yes, is that the assumption?
So they exploit lack ofisolation, they destroy
on-network backups, cloudnetwork vulnerability, disabling
shadow copies, and I mean, doesthat sound right?
Is that on?
(17:50):
Yeah, that's all.
What are shadow copies?
Are those?
Speaker 2 (17:53):
They are copies of data that's kept inside of an
operating system.
For a copy of an application,data that's kept Like local
recoveries yeah, it's a localrecovery.
Okay okay, okay, that's the bestway to put it I'm kind of
stumbling on my words here but,like Active Directory, for
example, keeps a volume shadowcopy of its database that is
(18:13):
locked and that can't beaccessed during runtime.
But if something fails you canrecover from that volume shadow
copy.
But there's also attacks, usingtools like Mimikatz, that will
make it very easy that allowsyou to steal that volume shadow
copy.
Very easy, that allows you tosteal that volume shadow copy.
And in the case of theattackers, they like to disable
(18:36):
and destroy those volume shadowcopies because you can just use
them through Right.
Speaker 1 (18:38):
So I'm a little confused.
I mean, it sounds like they goafter the backups, but the FBI
is advising to prioritize backupsecurity.
Oh, I see I read it wrong.
So prioritize backup securityyes, not just the backups.
Speaker 2 (18:50):
That's the thing.
If I told you, hey, I encryptedyour data, you might think to
yourself next, huh, I wonder howhe protects my encryption keys.
It's the same thing.
Like you backed up the data,well, how do you protect the
backup data, right?
Like you made it immutable, howdo you protect the immutability
capability?
You put a big steel door on thefront of your house, well, how
do you protect the door?
(19:10):
Right?
Like you know, okay, is it?
Speaker 1 (19:13):
yeah, it's fascinating though it's, it's
interesting though, but why?
Why this all?
Maybe maybe I don't know if youcovered this, but why is this
all of a sudden coming up?
I guess?
Is it just because ghost is new?
Nobody's ever heard of them.
Speaker 2 (19:28):
I I don't know the the answer, that one as to why
the fbi is putting this out now.
My, my guess is just awidespread impact of it seems to
be moving fast and hard and andhitting 70 countries is a lot
right like it's super active,that's very active, that is very
, very, very active.
Speaker 1 (19:48):
So more of like an awareness campaign kind of thing
.
Speaker 2 (19:50):
Yeah, for sure.
Yeah, and it's exploiting CVEsthat go all the way back to
2009,.
Right?
So that's another problem,right?
These are issues that hellwe've known about for a long
time.
What's up with that?
Speaker 1 (20:04):
So that makes sense.
Yeah, let's let them know nowyou know, 20 years later, almost
20 years later, yeah, and takeany takeaways before dropping
off on this.
Speaker 2 (20:15):
I mean we certainly should.
Because it's a quotable kind ofday, we should share a couple
of quotes from some of the otherfolks around the industry.
So you know Juliet Hudson, theCTO at Cyberverse, you know
she's quoted as stating Ghost isa dangerous nation state actor
which organizations must makeeffort to protect against.
So if this is a nation-stateactor hitting that many nations,
(20:38):
just like 70 differentcountries all over the place, it
suggests that there's really noboundaries to what activity
they're willing to get into.
Speaker 1 (20:47):
Okay, Well, lots of stuff going on AI, robots,
ransomware, attacks, which arealways going on but that's a
pretty interesting story, though, in itself.
I mean it's nice to see someonebringing awareness to it, but I
guess it's never too late, thebest time was yesterday.
Speaker 2 (21:06):
The second best time is today.
Speaker 1 (21:08):
Yeah, Well, if anybody has any questions more
on, you know, data backups anddata backup security and
anything like that, or anyonethat knows more on these topics
that want to come on the show orjust uh chat with us, hit us up
.
Yeah, yeah, um, that'll be allfor this week and, uh, we'll see
you guys next week.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com