January 12, 2025 • 30 mins
Discover the fascinating world of cybersecurity with our special guest, Glenn Maiden, Director of Threat Intelligence at FortiGuard Labs, ANZ. From his beginnings in the mid-90s with the Department of Defence to his pivotal roles at the Australian Signals Directorate and the Australian Tax Office, Glenn offers a wealth of knowledge and insights as he discusses the evolution from traditional information security to modern cyber intelligence. He also sheds light on how his team at FortiGuard Labs collaborates on a global scale to protect customers from emerging threats.
Today's digital landscape is riddled with complex cyber threats, and we unravel this intricate web with an engaging discussion on hyper-connectivity and its vulnerabilities. The conversation exposes the sophisticated tactics of cybercriminals, from nation-state actors to organised crime, and explores how anonymity and jurisdictional complexities provide them with strategic advantages. Yet, amidst this challenging terrain, there is optimism as advancements in cybersecurity measures are bolstering resilience, particularly in regions like Australia, where substantial investments are being made to combat emerging threats.
As we navigate the volatile global environment, the conversation shifts towards protecting critical infrastructure and the proactive measures being championed by government initiatives like Australia's SOCI Act. We consider the alarming prospect of cyber-attacks as a precursor to conflict and discuss strategies to mitigate such risks, including the integration of AI and the importance of multi-factor authentication and smart access controls. The episode rounds out with an exploration of the convergence of cyber threats and misinformation, highlighting the role of cyber gangs and nation-state activities in election interference and the increasing threat of cyber-enabled misinformation, especially among the younger, more connected generations. Tune in for a compelling discussion that offers valuable insights into the future of digital safety.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Michael van Rooyen (00:00):
Today's discussion was so interesting we
needed to record it over twoparts.
Today I have the pleasure inhaving an interview with Glenn
Maiden, who is the Director ofThreat Intelligence at
FortiGuard Labs, ANZ.
We're going to be talking aboutall things threat intelligence,
all things around cybersecurity, what Fortinet's seeing
, as well as talking aboutGlenn's personal journey around
(00:20):
the space, which is quite afascinating one.
Glenn, welcome to the podcast.
Thank you very much, michael.
It's fantastic to be here.
Yeah, great.
Look, before we get started,just to set the scene, I've had
a look at your career and I'vehad a chat in the past and
you've got quite a good careeracross many defense areas and
vendors.
So, for people who arelistening, do you mind just
spending a couple of minutesabout your history, your
background and what led you tobe the Director of Threat
(00:44):
Intelligence at Forty Guard forANZ?
Yeah, I was very very lucky,Michael.
Glenn Maiden (00:47):
So I started out in the mid-90s with the
Department of Defence as a techco basically, and that was sort
of building networks, playingaround with routers, testing
equipment that would eventuallyend up on the Army's network In
about the year 2000, I moved towhat was then called the Defence
Signals Directorate, which isour signals intelligence
organisation.
They're now called theAustralian Signals Directorate
(01:09):
and back then the informationsecurity component that was a
branch within that directoratewas called Q Branch and now that
is known as the AustralianCyber Security Centre.
So things have sort of grownvery, very large since my time
20, 25 years ago.
But I spent sort of about adecade there and then I went for
promotion into the DefenceImagery and Geospatial
Organisation and I had mycoolest job title I've ever had
(01:32):
in my life and it was called theDirector of Geospatial
Exploitation.
So I spent about four yearsthere and that was fantastic
because I learnt all aboutrunning an intelligence
production directorate.
So it was everything from datacollection, data processing,
data exploitation, reporting andanalysis.
So it was end to end running anintelligence organisation with
(01:52):
reports that ended all the wayup to no less than the prime
minister's desk.
So very, very exciting andfantastic, but the geospatial
intelligence was not where mytrue love lied.
So I went then across to theAustralian tax office for about
four years and I was the ITsecurity advisor for the ATO
Right, and that was a greatcultural shift because you know
I was so used to that sort ofnational security environment.
(02:14):
Yes, going across to the ATOwhere they've got highly
protected systems, they've gotprotected mainframes and data
warehouses and stuff like that,they've got some obviously one
of the biggest databases of PIIin the country, probably in the
Southern Hemisphere, and thenthose need to connect out to
people's home computers, sopeople running e-tax and tax
(02:34):
agents processing.
So it was very, very excitingand challenging to look at sort
of the different ways where wehave to protect information and
move information fromunclassified all the way up to
the wholly protected and beingable to maintain integrity
across all those environments.
And it was about 2015,.
I left the government and sincethen I've been working in the
vendor side.
So I did a quick stint withLockheed Martin when I first got
(02:56):
out and I was responsible forbuilding the security operations
center for a defense projectcalled centralized processing.
So that was a billion dollarproject at the time, one of the
biggest projects in the world.
And then I was responsible forrecruiting all the members of
the security operations centre,training them up, getting
everyone comfortable with thetools, building the use cases
(03:17):
and building all the people andprocess side of things Very,
very challenging, obviously.
And then from there, yeah, I'vebeen working with cyber
security vendors since then someof the leading vendors and now
at Fortinet for five years as ofabout now.
Michael van Rooyen (03:30):
Wow, wow.
It's certainly an interestingjourney, you know, when you
think about where you starteddefense and then into
information security, beforepeople called it cyber right,
yes.
It was information security,security and really that
customer-facing learning andunderstanding the challenges on
that side, being able to reallylead to really being one of the
lead vendors around cyber andthreat intelligence, et cetera,
(03:52):
et cetera.
So, under your new role thatyou're at today, under 40 Guard
Labs for ANZ, what are yourprimary responsibilities for
those who don't understand what40 Guard Labs is, and maybe you
can run through a bit of thatand what are the critical goals
of your team?
Glenn Maiden (04:05):
Yeah, sure, michael, I'll take you on a
quick segue.
You'll probably find that I'lldo that a little bit I like to
meander a little bit, but cyberis an interesting term.
So, as you say, guys like usthat have been around for a long
time there was a bit ofcontroversy when they started
calling information securitycyber.
But I've been thinking aboutthis the last couple of weeks
with that Israeli Mazar attackon Hezbollah where they blew up
pages, which is definitely notan IT system.
(04:27):
Cyber is normally meant toencompass computers and networks
, so that was sort of thedefinition of cyber.
But now I think that thedefinition is probably not quite
right when you think that,while that was not a traditional
cyber attack as you'd probablydefine it, because obviously
without attacking over radionetworks and attacking on
non-digital systems, it wasstill a cyber-enabled attack,
(04:50):
which I know we'll talk aboutlater on in this podcast.
So yeah, I think, as we becomemore and more converged.
I think that some of theseterms are probably almost worn
out in the brave new world.
Michael van Rooyen (05:00):
They are.
They are.
So for those again who arethinking about threat
intelligence, because that'sreally a source of understanding
what's going on globally, wheremost attacks are coming from.
So you and your team are reallyingesting a lot of that threat
intelligence from a global pointof view, working with lots of
customers, working with lots ofother vendors to kind of
collaborate on that data toreally give your customers
(05:21):
downstream effectively the bestintelligence to protect
themselves, give your customersdownstream effectively the best
intelligence to protectthemselves.
And your team then spends timecurating that data, looking at
data.
Maybe you can touch on what theteam really does.
Glenn Maiden (05:31):
Yeah, yeah, thanks .
Thanks, michael, I'll get backto your question.
So FortiGuard Labs is basicallythe nerve center for all the
Fortinet products.
So most people know us for theFortiGate, the firewall.
It's an industry leader and infact out of every firewall sold
globally, one out of two isgoing to be a FortiGate and then
the other two is everybody else.
So we are absolutely in everycorner, in every industry
(05:54):
vertical in the planet.
So obviously we need to keepthose firewalls update as the
threats change.
So all the telemetry comes backto me in FortiGuard Labs and my
team.
That's where we go through andwe'll exploit it, we'll rack and
stack it.
We've got several hundredhumans that do about three
quarters of a million hoursevery year of human research,
(06:14):
and I know we'll talk about AI.
Michael van Rooyen (06:16):
It would be remiss of us not to, we have to.
Glenn Maiden (06:19):
We have to, yes, but yeah.
So we've been training our AIsystems and ML systems since
before.
It was actually cool.
So we've got multi-billion nodeAI systems that have been
trained for over 10 years.
And if you think that,telemetry, so all that metadata
coming back from those firewallssaying, well, what's good,
what's not, do we even know?
We've been training onpetabytes and petabytes of data
(06:40):
for all that time.
For all that time.
So now our system is quitemature and able to go with with
incredible accuracy, be able tounderstand if a behavior or a
signature is malicious or not.
So, where we're a bit differentthan other threat intelligence
organizations, we all read thedata the Verizim data breach
report and reports like that,which are fantastic, but a lot
(07:00):
of the threat intelligence thatwe get is based on post incident
reporting and where people rackand stack it together.
So we're able to be a littlebit before the breach in near
real time.
So we go through a process whatwe see at that network and
operating system layer andinstead of just putting it
directly into a report forsomeone to read at a later date,
we push that back into theFortinet fabric and also to
(07:23):
partners like yourself at Oro.
So, assuming you're not patientzero in almost near real time,
you're actually protected fromthese threats as they evolve.
So it is very, very different.
But to get to your point aboutcollaboration, obviously we'll
ingest information from all ofour systems, processes, devices
across the network.
But we're big on partnering.
So we've got teams that gothrough and they sit in dark web
(07:45):
forums and telegram channels,so all that goes in to get an
understanding of the bad guys.
Wow.
But we also partner.
So we've been working closelywith Interpol for about sort of
seven, eight years.
We've been working closely withNATO for a long time In fact, my
boss is going to the NATOconference very, very, very soon
and the World Economic Forum,and this has actually been one
that I've been directly involvedin myself.
(08:06):
So we've got a project programthat we've been working with as
a founding partner of the WorldEconomic Forum Center for
Cybersecurity, trying to map outthe cyber criminal ecosystem.
So yeah, where that'sinteresting is, you know we
normally talk about IOCs, whichis a bad IP or a bad DNS address
, but what we're trying to do isfind out who are the humans and
(08:29):
the systems that they use andthe accounts that they hold that
sit behind these bad guys, thecontis and the trick bots and
the dark sides and the revils,so trying to actually understand
the real people behind thecyber criminal ecosystem and the
dark net that we hear so muchabout and that's a really
interesting couple of points.
Michael van Rooyen (08:46):
then tying back to your point around the
pager and two-way radio attack,and I guess let's circle back to
that.
So thanks for covering off whatthe labs teams does and people
don't probably see that right,it's a huge team working behind
the scenes to make surecustomers are protected, sharing
threat intelligence toeffectively protect the world in
some way, right.
But then if I think about yourpoint around this recent
(09:09):
physical attack which could beconsidered, you know it is a
technology attack ultimately,and the time you've spent doing
the space, you know landscapehas changed and continues to
change all the time.
What are some of the mostsignificant changes then you've
seen from a cyber threat pointof view over the years and kind
of how they're impactingbusinesses and countries?
Today You're talking aboutWorld Economic Forum.
(09:30):
That would never been a topicbefore, right?
I mean, the cyber is soimportant today, fundamentally.
Glenn Maiden (09:35):
Well, I think I mean you've probably cracked it
right there.
I mean in terms of the bad guys, I mean the volume's still
there.
But I guess the key point thatI think that really is pertinent
to the answer there iseverything now is connected
together.
So again, we'll talk about OTand connecting OT to IP-based
(10:00):
networks.
But everything that we use,everything that we do, is
connected to one big borg of asystem, and in the old days,
again, we'll talk aboutelections later on big borg of a
system and in the old days,again we'll talk about elections
later on.
So you imagine, if I wanted tointerfere with an election in
the old days, I might go andbomb an election booth or I
might steal a big bag of paperballots.
(10:20):
Now I might want to hack intoan election.
So everything from getting ascript to ordering a car or even
turning on your tap in themorning, everything is cyber
enabled.
So you know the bad guys in theearly days, where they were
just trying to breach oursystems and you know,
(10:43):
essentially, steal data.
They realised a few years agothat well, availability is
something that we can attack aswell and that's something that's
really, really going to makecustomers scream and pay us some
money.
So I think, from my perspective,the bad guys have always been
the same.
They're going to be a nationstate that's hostile to us the
Iran's, the North Korea's.
It's going to be anissue-motivated group, and you
think of the famous anonymousguys there.
It might be an insider threatand that insider might be doing
(11:07):
it for financial reasons orother reasons, or they might
just screw up, yes, but most ofit is going to be these serious
organised crime groups that haveprobably migrated and evolved
since the old days of theItalian mafia and now they're
all going all the way across toNigeria and these big scam farms
that are now popping up on theborder of Cambodia and Thailand,
(11:28):
sort of up in that part of theworld.
This is just such a lucrativeindustry for the bad guys and
unfortunately we're riding thatcrosshairs?
Michael van Rooyen (11:34):
Yeah, unfortunately.
Yeah, because there's.
You know, many of the Westerncountries, australia etc.
Have got you know a fair bit ofwealth realistically, so that's
a soft target.
I had a chat to one of thepartners at Grand Nickel and we
were talking about the sametopic and he was made the the
comment around um, be hard beinga drug dealer today.
Right, because you know, youknow there's a whole process
(11:55):
there and people involved, etc.
Where now you can sit, as youjust said, any, any in any
border.
As long as you're connected tothis connectivity, you can
really get away with a lot moreand be really anonymous.
Right, it's, it's.
Glenn Maiden (12:04):
It's fascinating from from a business point of
view, even how that, how they'redoing that well, it's so
advantageous because I can gothrough and route my attack
through sort of a whole bunch ofjurisdictions and then I can be
sort of sitting in North Korea,or I can be sitting in Moscow,
or I can be sitting in Beijing.
I can attack you and me heresitting in Brisbane today.
You can imagine just how hardthat would be to track us back.
(12:26):
So you know the likelihood ofthe police being able to get us
in somewhere where there isn'tan ability to come and move us
back to Australia to be charged.
Michael van Rooyen (12:34):
It's absolutely beautiful, yeah, and
do you think, with thiscontinuous hyper connectivity,
that that is just going tocontinue to be harder, or do you
think we're getting better atmitigating?
Of course there's things likelabs that are helping mitigate
known problems, but do you thinkthis cat and mouse game is
always going to be a system thatwe close in that gap, or is it
widening from what you see andyour counterparts you speak to?
Glenn Maiden (12:55):
I think we're definitely getting better and I
know with working with groupslike Oro, so I think we've got
some really really goodtechnical solutions now to
defend our networks we mentionedbefore.
It's so ubiquitous.
I mean three, four, five yearsago, if you talk to a board
member, cyber would haveprobably been the last on their
list of problems, but now ifthey have a significant breach
(13:16):
they can actually be charged andmaybe go to jail or lose their
house now.
So that's certainly somethingthat's really, really important
to them.
So they're quite happy toinvest and take cybersecurity as
one of the key business risksto their business.
Being able to go through and dosome really robust defence,
especially proactive defence,before you have that big problem
(13:37):
.
I think we're getting.
I mean, probably the statisticsdon't always paint that as a
good picture, but certainlywe're getting more resilient
than what we were a few yearsago.
There's absolutely that'sobviously a sweeping statement
and there's gaps and there'ssome industries that are more
mature than others, butcertainly in Australia we're
better than what we were.
I think.
Michael van Rooyen (13:55):
Yeah, and do you feel as well that our
government is really starting topush a few more things?
In the US they talked abouthaving to have a kind of cyber
person size on the board.
Today it's kind of mandated ata certain company level from
what I read and understand.
But you know, I knowAustralia's obviously adopted
(14:16):
the SOCI Act for criticalinfrastructure.
Do you think our government'sdoing enough now to really start
pushing forward that we helpclose that gap?
Glenn Maiden (14:21):
I think the government is doing some really,
really good work.
So, if you think obviously youmentioned SOCI.
There's been updates to thePrivacy Act.
We've got the Cyber Strategy,where Home Affairs wants us to
be the most cyber secure nationin the world by 2030.
Really really good stuff there.
The Privacy Act, the fines goneup to about $20 million I think
it was $2 million or maybe it's$50 million now.
(14:42):
Either way, significantlyhigher than what it was before.
If you don't do due diligencearound protecting personally
identifiable information, pii.
So, yes, certainly the dialshave been screwed up there.
I think that my biggest concernin terms of gaps is that, as the
world is now becoming a very,very unstable and probably the
(15:04):
most dangerous world that we'veseen in decades, probably since
World War II when there is thefirst sign of conflict, the
first weapon to be fired will bea cyber weapon, and I think we
need to have a much greatersense of urgency in protecting
our critical infrastructure.
As I said before, it's easy forus to expect to go out and turn
(15:28):
on the tap in the morning andget fresh water and get in our
car and drive to work.
So if I was a bad guy and therewas some conflict, it would be
very easy for me to target awater processing plant or a
water pump or disable thecountry's fuel supplies and,
from a knock-on effect,obviously it would not take very
, very long to cause significantdisruptions for our economy.
(15:50):
So I think we really need totake much more of a sense of
urgency in looking at that macrolevel threat and just how some
of these threats could berealised by a hostile nation.
Again, instead of having tocome and send a rocket across
the north of the country and hitDarwin or whatever, why not
launch an attack from sittingback in the northern hemisphere?
(16:12):
It's going to be just aseffective, just as devastating.
Yeah, true, true.
And actually probably morewidespread, because a piece of
arsenal will damage an area asopposed to a much more
widespread issue, right, yeah,yeah, and hopefully we've got
enough resilience and enoughsegmentation in some of our
systems where it won't bewidespread.
But we have seen sort of somewhat were relatively simple
(16:32):
attacks.
You know the colonial pipelinethat we saw over in the US
caused reasonably significantdamage.
We had a recent issue where theports or one of the shipping
systems went down here inAustralia, so we had boats
floating across our coast unableto dock and unload their
containers for a day or two, soit doesn't take very long.
Michael van Rooyen (16:52):
Knowing that you're spending so much time
with your team looking at threatanalysis, what are kind of the
cyber threats facingorganizations in 2025?
And what should be thepriorities or what should teams
think about prioritizing forthose, if you can give us any
insights?
I know things can changeovernight, but what are you
seeing today from your lens?
Glenn Maiden (17:12):
So from my perspective, I mean I can talk
about the increasingsophistication of threats.
So we've got now AI, we've gotsome very, very smart actors
that are looking for bugs inhardware.
They're looking for breaks insystems.
So there's always going to bethat, there's always going to be
a vulnerability somewhere.
But I like to look at it fromthe other side, and this is from
(17:33):
your side in Auro.
This is the defender side.
So if I'm trying to defend asystem, how can I make the
impact of any one breach get asclose to minimal or zero as
possible, and that is somethingthat we can do.
So, whether that's usingmulti-factor authentication, so
if someone does manage toexploit one of your attack
(17:54):
surface or one of your perimeterdevices, if someone does manage
to get access to that, how canwe segment that off?
Or how can we make sure thatall those user accounts that
they will then pop out of thatbox, how can we make sure that
they're useless or harder toexploit?
To get further into the system?
Smart role-based access toexploit, to get further into the
system.
Smart role-based access, andnot just for people but for
(18:18):
machines as well.
That helps really, really goodsecurity operations, like I know
you do at Oro making sure thatwe know what our assets are, how
they could be exploited,getting logs and telemetry off
those devices, centralising them, normalizing them and then
getting those into use casesthat will then sit in front of a
really really smart analyst'sscreen.
So when something that isn'tnormal comes up, we've minimized
(18:41):
what we call false positives,so it's not just something
that's going to waste someone'stime a red alert but we know
with a reasonable amount ofconfidence that that alert
that's just popped up on myscreen is something that I've
got to take a look at and fromthere I can go through and
isolate and clean up and thenbring back into service as quick
as possible.
And if you think about it inthat way from a defender's
(19:01):
perspective, it doesn't matterif I shouldn't say it doesn't
matter, it matters less that abad guy has got a zero day that
they're using against you,because you know they're only
going to get to a certain amountof, they're only going to get a
certain, a certain distancebefore we find them and we stop
them?
Michael van Rooyen (19:16):
yes, correct , you talked about the kind of
nation states, uh, things thatare happening and, from a global
perspective, as we sit heretoday catching in brisbane,
we're just coming off the backof the the us elections, you
know, and they're obviously theresults are a little bit in the
spotlight, you know.
You could argue which way itwent, but it's happened and
there was a lot of discussionleading up to it and post the
(19:38):
last election in the US, plusother elections globally, that
for people who followed alongwith the, you know,
disinformation, misinformationit always kind of dominates the
conversation.
Now that we've so cyberconnected and influencing and
all these sorts of things, canyou talk a little bit about some
of the cyber enabled threatsthat relate to these issues and
how they may detract from whatshould be a normal process and
(20:02):
how the world's changed just inelections alone?
Glenn Maiden (20:04):
Yeah, so this is a fascinating one, michael.
So, if we think about thatconvergence of threat, and just
before we get into themisinformation, I'm always
fascinated about some of theseglobal cyber gangs.
So how do you go from a gangthat's operating out of Nigeria
or over in Eastern Europe allthe way to attacking my mum
(20:27):
that's sitting on her iPhone upat Burley Heads here as part of
a scam?
So it's well enough to have theinfrastructure sitting behind
it.
It's well enough to maybe havean exploit, and maybe I want to
just do some crypto mining offher phone, or maybe I do want to
scam her out of her lifesavings.
There has to be somewhere thatall that infrastructure converts
(20:49):
into a localised attack.
So mum knows that she gets amessage saying oh, this is
Australia Post or this is theAustralian Tax Office.
So how do these bad guys on theother side of the world craft a
social engineering attack thatis so realistic that it can get
past my mum?
So I think that there's thisconvergence and this is where we
get into the election.
I think that there's thisconvergence and this is where we
(21:09):
get into the election.
The same bad guys and nationstate guys are using the same
malicious ecosystem that thecriminals are using and more and
more we see.
Sometimes they'll call themmercenaries, but we're seeing
that convergence of nation stateactors and cyber criminals
using the same infrastructure,in some cases working together,
in some cases for trying toinfluence an election, or people
, in some cases trying to stealmoney.
(21:31):
So just to get a few terms outthere, they call it MDM now.
So there's a new term thatthey're starting to come out
with, which is calledmisinformation, disinformation
and malinformation.
Now, misinformation isbasically where I would say
something and I just get itwrong.
So I might say I'm doing apodcast with Michael in Sydney
today.
It was an honest mistake, butanyway, someone gets hold of
(21:54):
that and they said oh, glenn'sin Sydney today, why did he not
turn up to this meeting inSydney when I'm actually up in
Queensland?
So that's misinformation.
Disinformation is wheresomeone's a little bit more
deliberate in what they're doing.
So if you imagine I was a badguy, I might get a FortiGate and
I might say, oh, fortinet saysthat it can do five terabits
(22:16):
worth of throughput when this isactually only two terabits.
So I just make somethingcompletely up, send that out,
and then I could use thatagainst me.
So there's sort of those twodifferent ways that we can use
to influence Malinflammation.
Isinformation is a bit of acontroversial term, but that's
where you use, I guess,legitimate information with
malicious context.
(22:36):
So if you think, probablyrevenge porn is a good example
of that.
So a photo is taken in theprivacy of someone's home that
then gets leaked to people thatweren't originally accessed or
authorized to have thatinformation and that's used
against the victimMalinformation the reason why
that's sort of a bitcontroversial.
It could actually be somethingthat's true.
So if you think of our goodfriend Donald Trump and Stormy
(22:56):
Daniels, that may or may not betrue, but if it was true that
would be really really juicy touse against him if I was one of
his enemies.
So, basically, forever hostilenations have wanted to go
through and interfere withdemocracy.
So, back in the day, it might beRussia funding some Marxist
groups at a university orsomething like that.
(23:17):
There might be some otherpolitical parties that they'll
funnel some money into to tryand influence, but now in these
cyber-enabled days, it opens upa whole world of possibilities
for these guys.
So if you go back to sort of2016, the Russians had about 500
Russians activated and tryingto disrupt the American
elections and American society.
(23:38):
And if you think of those 500,that would have actually been
quite rare back then.
So you need Russian people thatspeak really, really good
English.
They understand and they'respeaking with American accents.
They understand the subcultures.
They understand sort andthey're speaking with American
accents.
They understand the subcultures.
They understand sort of some ofthe societal norms.
They understand the politicalsystem.
They know how elections work.
So apparently these guys goingback to that election back then,
(23:58):
they pumped out about 80,000posts and pieces of propaganda
just to influence us.
So that was 500.
And obviously that was thescale they could get.
But if you think now in the ageof AI, you could probably have
just a handful of people thatcould do much, much more than
that by generating some of thesemalicious posts.
(24:19):
And just you mentioned theelection that we just saw
yesterday.
Going back on the 4th ofSeptember, there was a group
called Tenant Media that wascharged over in the US and they
were a right-wing group, butthey were taking money from
Russia to go out and spreadmisinformation to all their fans
, all the people that they wereinfluencing, and they were
saying, oh, go in and intimidatevoters, go in and steal votes,
(24:41):
go in and destroy ballotcollection areas.
So this is a real threat andit's happening every day and
luckily I can't think off thetop of my head any really
catastrophic things that havehappened down here in Australia,
but it's only a matter of time.
Michael van Rooyen (24:55):
It is true, and I think you do touch on a
very good point there if I thinkabout influencing media.
So if we go right back, youknow a newspaper, then
television, you know this kindof thing's been happening for a
while where people want to kindof make things come to fruition.
The challenge we've got now isagain we're so cyber enabled or
(25:15):
so connected.
I should say no doubt thatsocial media has played such a
big role in that becauseeveryone's connected on that and
I think about the newgeneration coming through.
So you have baby boomers, allthat were probably still paper
based reading, all that, andthey were influenced in some way
, but probably not ascatastrophic.
If we go all the way down tothe people who can vote now,
where they're justhyper-connected and everything's
on a screen, probably theability to influence the outcome
is completely different, right,if you think about how wide
(25:37):
that gap is.
Glenn Maiden (25:39):
Yeah, it's funny.
I sometimes think, and theytalk about these digital natives
, and I've got three kids a17-year-old daughter, a
15-year-old son and a12-year-old daughter a
15-year-old son and a12-year-old daughter.
They're all digital natives.
And my son is an absolute.
He loves technology.
He's built his own PC fromparts.
He programs in Python.
Technology is just his absolutepassion.
(25:59):
But I think I don't know when wetalk about digital natives.
Going back to our day, we builtsystems from the ground up.
We'd build a rack and then we'dput a router in it and we'd put
a switch in it and we'd put afirewall in it and then we'd put
a server in it and we'd plug itall in and load the
applications on the top of thatinfrastructure and then push
that out.
We'd know what IP address ithad, we knew exactly where that
(26:23):
server was and what was runningand what it was doing and if
something happened you'd walkinto the server room and turn it
off, yeah, yeah.
So I just wonder, especiallywith sort of some of these
digital natives these days,whether they've become a little
bit a part of the attack service, because they're so good at
using these applications andexploiting these applications,
but not necessarily knowing howthey work.
And then, if you think, in mostcases or many cases these days,
(26:44):
these applications are poweredby service from the cloud.
Do we actually even know whereour data is or where it's
getting processed.
So I think it's very, verydifferent in 2025 than what it
was even probably pre-COVID.
Michael van Rooyen (26:58):
Yeah, yeah.
And if I think about againthose attacks, the influencing
election and state-basedactivities to influence a
country, and election's alwaysthe peak period you also touched
on earlier around campaigns youknow christmas is coming then
they're very crafty about howthey do their, their threats etc
.
But if I think about electionsparticularly and we've heard
(27:18):
over the last three or fourelections globally that they've
been influenced and there's beensome proof in it and maybe not
some proof in it you knowthere's a bit of a debate, but
do you think this has affectedthe public's trust in in the
editorial and the electoralprocess?
But do you think this hasaffected the public's trust in
the electoral process or do youthink it's kind of they just get
on with it?
What's your view on that?
Glenn Maiden (27:34):
I think, michael, that's 100%.
The public's trust has beenaffected and in some ways, that
is actually the intent of someof these disruptions.
So I don't necessarily need tohave my candidate win.
But what happens if like we sawsort of last time what happens
if I can erode the public'strust so much in elections that
I can use that then against myenemy country?
(27:56):
And I just read a reportrecently about our handling of
COVID and you could argue withhow good a job we did versus how
bad and a few mistakes with2020 hindsight.
But the frightening part ofthat particular report was there
was an erosion, a significanterosion of public trust in
authorities, people like thehealth system.
(28:16):
So when the next pandemic comesalong, maybe people won't be
quite as compliant in some ofthese.
So it becomes very, very, very,very different situation and
quite dangerous very, veryquickly.
Michael van Rooyen (28:27):
Do you think there's some strategies that
governments, organisations orindividuals can use to protect
themselves against the spread ofmisinformation, and maybe ways
to really validate and identifycredible sources, considering
we're talking a lot about AI,you know, deep fakes, all these
sorts of things or it's justgoing to get harder and harder,
I think?
Glenn Maiden (28:44):
it is going to get harder and harder, I think,
especially with the rise of AIand deep f facts, it's going to
be very, very hard to work outwhat's real and what's not.
And you know, I don't know if Ican answer you, michael, where
this goes.
I mean, you know, if it was acyber attack, you know a buffer
overflow or some sort of exploitagainst a service, I'd say,
well, we need to put a firewallin front of it and block that
port or monitor that port orsomething.
(29:06):
But when it comes toinfluencing humans, I don't know
.
Maybe we get an AI, some sortof an AI system to defend
against it.
But it's definitely a risk.
And even if you look at wherethe attackers are going, so it's
so, so common now for attackersto not even use necessarily use
malware, but certainly more andmore they're using credentials
(29:27):
that they've either stolen ordumped from the victim or
they've just bought from aninitial access broker and you
guys at Oro in the SOC.
It's one thing to see to noticesomeone doing a port scan
inside a network.
That's unusual.
That's something really, reallyunusual.
I've got to go and investigatethat.
But it's another thing to seeMichael move from server A to
server B.
Well, that might actually beyou just going through and
(29:50):
accessing a file share, but itcould be someone using your
account.
That's a lot harder, as the SOCanalyst, to know.
Well, is this legitimate or isthis anomalous?
Michael van Rooyen (29:58):
I hope you enjoyed part one of my
discussion with Glenn Maiden,Director of Threat Intelligence
at FortiGuard Labs ANZ.
Tune in next week for part two.
Today's discussion was so interesting we
needed to record it over twoparts.
Today I have the pleasure inhaving an interview with Glenn
Maiden, who is the Director ofThreat Intelligence at
FortiGuard Labs, ANZ.
We're going to be talking aboutall things threat intelligence,
all things around cybersecurity, what Fortinet's seeing
, as well as talking aboutGlenn's personal journey around
(00:20):
the space, which is quite afascinating one.
Glenn, welcome to the podcast.
Thank you very much, michael.
It's fantastic to be here.
Yeah, great.
Look, before we get started,just to set the scene, I've had
a look at your career and I'vehad a chat in the past and
you've got quite a good careeracross many defense areas and
vendors.
So, for people who arelistening, do you mind just
spending a couple of minutesabout your history, your
background and what led you tobe the Director of Threat
(00:44):
Intelligence at Forty Guard forANZ?
Yeah, I was very very lucky,Michael.
Glenn Maiden (00:47):
So I started out in the mid-90s with the
Department of Defence as a techco basically, and that was sort
of building networks, playingaround with routers, testing
equipment that would eventuallyend up on the Army's network In
about the year 2000, I moved towhat was then called the Defence
Signals Directorate, which isour signals intelligence
organisation.
They're now called theAustralian Signals Directorate
(01:09):
and back then the informationsecurity component that was a
branch within that directoratewas called Q Branch and now that
is known as the AustralianCyber Security Centre.
So things have sort of grownvery, very large since my time
20, 25 years ago.
But I spent sort of about adecade there and then I went for
promotion into the DefenceImagery and Geospatial
Organisation and I had mycoolest job title I've ever had
(01:32):
in my life and it was called theDirector of Geospatial
Exploitation.
So I spent about four yearsthere and that was fantastic
because I learnt all aboutrunning an intelligence
production directorate.
So it was everything from datacollection, data processing,
data exploitation, reporting andanalysis.
So it was end to end running anintelligence organisation with
(01:52):
reports that ended all the wayup to no less than the prime
minister's desk.
So very, very exciting andfantastic, but the geospatial
intelligence was not where mytrue love lied.
So I went then across to theAustralian tax office for about
four years and I was the ITsecurity advisor for the ATO
Right, and that was a greatcultural shift because you know
I was so used to that sort ofnational security environment.
(02:14):
Yes, going across to the ATOwhere they've got highly
protected systems, they've gotprotected mainframes and data
warehouses and stuff like that,they've got some obviously one
of the biggest databases of PIIin the country, probably in the
Southern Hemisphere, and thenthose need to connect out to
people's home computers, sopeople running e-tax and tax
(02:34):
agents processing.
So it was very, very excitingand challenging to look at sort
of the different ways where wehave to protect information and
move information fromunclassified all the way up to
the wholly protected and beingable to maintain integrity
across all those environments.
And it was about 2015,.
I left the government and sincethen I've been working in the
vendor side.
So I did a quick stint withLockheed Martin when I first got
(02:56):
out and I was responsible forbuilding the security operations
center for a defense projectcalled centralized processing.
So that was a billion dollarproject at the time, one of the
biggest projects in the world.
And then I was responsible forrecruiting all the members of
the security operations centre,training them up, getting
everyone comfortable with thetools, building the use cases
(03:17):
and building all the people andprocess side of things Very,
very challenging, obviously.
And then from there, yeah, I'vebeen working with cyber
security vendors since then someof the leading vendors and now
at Fortinet for five years as ofabout now.
Michael van Rooyen (03:30):
Wow, wow.
It's certainly an interestingjourney, you know, when you
think about where you starteddefense and then into
information security, beforepeople called it cyber right,
yes.
It was information security,security and really that
customer-facing learning andunderstanding the challenges on
that side, being able to reallylead to really being one of the
lead vendors around cyber andthreat intelligence, et cetera,
(03:52):
et cetera.
So, under your new role thatyou're at today, under 40 Guard
Labs for ANZ, what are yourprimary responsibilities for
those who don't understand what40 Guard Labs is, and maybe you
can run through a bit of thatand what are the critical goals
of your team?
Glenn Maiden (04:05):
Yeah, sure, michael, I'll take you on a
quick segue.
You'll probably find that I'lldo that a little bit I like to
meander a little bit, but cyberis an interesting term.
So, as you say, guys like usthat have been around for a long
time there was a bit ofcontroversy when they started
calling information securitycyber.
But I've been thinking aboutthis the last couple of weeks
with that Israeli Mazar attackon Hezbollah where they blew up
pages, which is definitely notan IT system.
(04:27):
Cyber is normally meant toencompass computers and networks
, so that was sort of thedefinition of cyber.
But now I think that thedefinition is probably not quite
right when you think that,while that was not a traditional
cyber attack as you'd probablydefine it, because obviously
without attacking over radionetworks and attacking on
non-digital systems, it wasstill a cyber-enabled attack,
(04:50):
which I know we'll talk aboutlater on in this podcast.
So yeah, I think, as we becomemore and more converged.
I think that some of theseterms are probably almost worn
out in the brave new world.
Michael van Rooyen (05:00):
They are.
They are.
So for those again who arethinking about threat
intelligence, because that'sreally a source of understanding
what's going on globally, wheremost attacks are coming from.
So you and your team are reallyingesting a lot of that threat
intelligence from a global pointof view, working with lots of
customers, working with lots ofother vendors to kind of
collaborate on that data toreally give your customers
(05:21):
downstream effectively the bestintelligence to protect
themselves, give your customersdownstream effectively the best
intelligence to protectthemselves.
And your team then spends timecurating that data, looking at
data.
Maybe you can touch on what theteam really does.
Glenn Maiden (05:31):
Yeah, yeah, thanks .
Thanks, michael, I'll get backto your question.
So FortiGuard Labs is basicallythe nerve center for all the
Fortinet products.
So most people know us for theFortiGate, the firewall.
It's an industry leader and infact out of every firewall sold
globally, one out of two isgoing to be a FortiGate and then
the other two is everybody else.
So we are absolutely in everycorner, in every industry
(05:54):
vertical in the planet.
So obviously we need to keepthose firewalls update as the
threats change.
So all the telemetry comes backto me in FortiGuard Labs and my
team.
That's where we go through andwe'll exploit it, we'll rack and
stack it.
We've got several hundredhumans that do about three
quarters of a million hoursevery year of human research,
(06:14):
and I know we'll talk about AI.
Michael van Rooyen (06:16):
It would be remiss of us not to, we have to.
Glenn Maiden (06:19):
We have to, yes, but yeah.
So we've been training our AIsystems and ML systems since
before.
It was actually cool.
So we've got multi-billion nodeAI systems that have been
trained for over 10 years.
And if you think that,telemetry, so all that metadata
coming back from those firewallssaying, well, what's good,
what's not, do we even know?
We've been training onpetabytes and petabytes of data
(06:40):
for all that time.
For all that time.
So now our system is quitemature and able to go with with
incredible accuracy, be able tounderstand if a behavior or a
signature is malicious or not.
So, where we're a bit differentthan other threat intelligence
organizations, we all read thedata the Verizim data breach
report and reports like that,which are fantastic, but a lot
(07:00):
of the threat intelligence thatwe get is based on post incident
reporting and where people rackand stack it together.
So we're able to be a littlebit before the breach in near
real time.
So we go through a process whatwe see at that network and
operating system layer andinstead of just putting it
directly into a report forsomeone to read at a later date,
we push that back into theFortinet fabric and also to
(07:23):
partners like yourself at Oro.
So, assuming you're not patientzero in almost near real time,
you're actually protected fromthese threats as they evolve.
So it is very, very different.
But to get to your point aboutcollaboration, obviously we'll
ingest information from all ofour systems, processes, devices
across the network.
But we're big on partnering.
So we've got teams that gothrough and they sit in dark web
(07:45):
forums and telegram channels,so all that goes in to get an
understanding of the bad guys.
Wow.
But we also partner.
So we've been working closelywith Interpol for about sort of
seven, eight years.
We've been working closely withNATO for a long time In fact, my
boss is going to the NATOconference very, very, very soon
and the World Economic Forum,and this has actually been one
that I've been directly involvedin myself.
(08:06):
So we've got a project programthat we've been working with as
a founding partner of the WorldEconomic Forum Center for
Cybersecurity, trying to map outthe cyber criminal ecosystem.
So yeah, where that'sinteresting is, you know we
normally talk about IOCs, whichis a bad IP or a bad DNS address
, but what we're trying to do isfind out who are the humans and
(08:29):
the systems that they use andthe accounts that they hold that
sit behind these bad guys, thecontis and the trick bots and
the dark sides and the revils,so trying to actually understand
the real people behind thecyber criminal ecosystem and the
dark net that we hear so muchabout and that's a really
interesting couple of points.
Michael van Rooyen (08:46):
then tying back to your point around the
pager and two-way radio attack,and I guess let's circle back to
that.
So thanks for covering off whatthe labs teams does and people
don't probably see that right,it's a huge team working behind
the scenes to make surecustomers are protected, sharing
threat intelligence toeffectively protect the world in
some way, right.
But then if I think about yourpoint around this recent
(09:09):
physical attack which could beconsidered, you know it is a
technology attack ultimately,and the time you've spent doing
the space, you know landscapehas changed and continues to
change all the time.
What are some of the mostsignificant changes then you've
seen from a cyber threat pointof view over the years and kind
of how they're impactingbusinesses and countries?
Today You're talking aboutWorld Economic Forum.
(09:30):
That would never been a topicbefore, right?
I mean, the cyber is soimportant today, fundamentally.
Glenn Maiden (09:35):
Well, I think I mean you've probably cracked it
right there.
I mean in terms of the bad guys, I mean the volume's still
there.
But I guess the key point thatI think that really is pertinent
to the answer there iseverything now is connected
together.
So again, we'll talk about OTand connecting OT to IP-based
(10:00):
networks.
But everything that we use,everything that we do, is
connected to one big borg of asystem, and in the old days,
again, we'll talk aboutelections later on big borg of a
system and in the old days,again we'll talk about elections
later on.
So you imagine, if I wanted tointerfere with an election in
the old days, I might go andbomb an election booth or I
might steal a big bag of paperballots.
(10:20):
Now I might want to hack intoan election.
So everything from getting ascript to ordering a car or even
turning on your tap in themorning, everything is cyber
enabled.
So you know the bad guys in theearly days, where they were
just trying to breach oursystems and you know,
(10:43):
essentially, steal data.
They realised a few years agothat well, availability is
something that we can attack aswell and that's something that's
really, really going to makecustomers scream and pay us some
money.
So I think, from my perspective,the bad guys have always been
the same.
They're going to be a nationstate that's hostile to us the
Iran's, the North Korea's.
It's going to be anissue-motivated group, and you
think of the famous anonymousguys there.
It might be an insider threatand that insider might be doing
(11:07):
it for financial reasons orother reasons, or they might
just screw up, yes, but most ofit is going to be these serious
organised crime groups that haveprobably migrated and evolved
since the old days of theItalian mafia and now they're
all going all the way across toNigeria and these big scam farms
that are now popping up on theborder of Cambodia and Thailand,
(11:28):
sort of up in that part of theworld.
This is just such a lucrativeindustry for the bad guys and
unfortunately we're riding thatcrosshairs?
Michael van Rooyen (11:34):
Yeah, unfortunately.
Yeah, because there's.
You know, many of the Westerncountries, australia etc.
Have got you know a fair bit ofwealth realistically, so that's
a soft target.
I had a chat to one of thepartners at Grand Nickel and we
were talking about the sametopic and he was made the the
comment around um, be hard beinga drug dealer today.
Right, because you know, youknow there's a whole process
(11:55):
there and people involved, etc.
Where now you can sit, as youjust said, any, any in any
border.
As long as you're connected tothis connectivity, you can
really get away with a lot moreand be really anonymous.
Right, it's, it's.
Glenn Maiden (12:04):
It's fascinating from from a business point of
view, even how that, how they'redoing that well, it's so
advantageous because I can gothrough and route my attack
through sort of a whole bunch ofjurisdictions and then I can be
sort of sitting in North Korea,or I can be sitting in Moscow,
or I can be sitting in Beijing.
I can attack you and me heresitting in Brisbane today.
You can imagine just how hardthat would be to track us back.
(12:26):
So you know the likelihood ofthe police being able to get us
in somewhere where there isn'tan ability to come and move us
back to Australia to be charged.
Michael van Rooyen (12:34):
It's absolutely beautiful, yeah, and
do you think, with thiscontinuous hyper connectivity,
that that is just going tocontinue to be harder, or do you
think we're getting better atmitigating?
Of course there's things likelabs that are helping mitigate
known problems, but do you thinkthis cat and mouse game is
always going to be a system thatwe close in that gap, or is it
widening from what you see andyour counterparts you speak to?
Glenn Maiden (12:55):
I think we're definitely getting better and I
know with working with groupslike Oro, so I think we've got
some really really goodtechnical solutions now to
defend our networks we mentionedbefore.
It's so ubiquitous.
I mean three, four, five yearsago, if you talk to a board
member, cyber would haveprobably been the last on their
list of problems, but now ifthey have a significant breach
(13:16):
they can actually be charged andmaybe go to jail or lose their
house now.
So that's certainly somethingthat's really, really important
to them.
So they're quite happy toinvest and take cybersecurity as
one of the key business risksto their business.
Being able to go through and dosome really robust defence,
especially proactive defence,before you have that big problem
(13:37):
.
I think we're getting.
I mean, probably the statisticsdon't always paint that as a
good picture, but certainlywe're getting more resilient
than what we were a few yearsago.
There's absolutely that'sobviously a sweeping statement
and there's gaps and there'ssome industries that are more
mature than others, butcertainly in Australia we're
better than what we were.
I think.
Michael van Rooyen (13:55):
Yeah, and do you feel as well that our
government is really starting topush a few more things?
In the US they talked abouthaving to have a kind of cyber
person size on the board.
Today it's kind of mandated ata certain company level from
what I read and understand.
But you know, I knowAustralia's obviously adopted
(14:16):
the SOCI Act for criticalinfrastructure.
Do you think our government'sdoing enough now to really start
pushing forward that we helpclose that gap?
Glenn Maiden (14:21):
I think the government is doing some really,
really good work.
So, if you think obviously youmentioned SOCI.
There's been updates to thePrivacy Act.
We've got the Cyber Strategy,where Home Affairs wants us to
be the most cyber secure nationin the world by 2030.
Really really good stuff there.
The Privacy Act, the fines goneup to about $20 million I think
it was $2 million or maybe it's$50 million now.
(14:42):
Either way, significantlyhigher than what it was before.
If you don't do due diligencearound protecting personally
identifiable information, pii.
So, yes, certainly the dialshave been screwed up there.
I think that my biggest concernin terms of gaps is that, as the
world is now becoming a very,very unstable and probably the
(15:04):
most dangerous world that we'veseen in decades, probably since
World War II when there is thefirst sign of conflict, the
first weapon to be fired will bea cyber weapon, and I think we
need to have a much greatersense of urgency in protecting
our critical infrastructure.
As I said before, it's easy forus to expect to go out and turn
(15:28):
on the tap in the morning andget fresh water and get in our
car and drive to work.
So if I was a bad guy and therewas some conflict, it would be
very easy for me to target awater processing plant or a
water pump or disable thecountry's fuel supplies and,
from a knock-on effect,obviously it would not take very
, very long to cause significantdisruptions for our economy.
(15:50):
So I think we really need totake much more of a sense of
urgency in looking at that macrolevel threat and just how some
of these threats could berealised by a hostile nation.
Again, instead of having tocome and send a rocket across
the north of the country and hitDarwin or whatever, why not
launch an attack from sittingback in the northern hemisphere?
(16:12):
It's going to be just aseffective, just as devastating.
Yeah, true, true.
And actually probably morewidespread, because a piece of
arsenal will damage an area asopposed to a much more
widespread issue, right, yeah,yeah, and hopefully we've got
enough resilience and enoughsegmentation in some of our
systems where it won't bewidespread.
But we have seen sort of somewhat were relatively simple
(16:32):
attacks.
You know the colonial pipelinethat we saw over in the US
caused reasonably significantdamage.
We had a recent issue where theports or one of the shipping
systems went down here inAustralia, so we had boats
floating across our coast unableto dock and unload their
containers for a day or two, soit doesn't take very long.
Michael van Rooyen (16:52):
Knowing that you're spending so much time
with your team looking at threatanalysis, what are kind of the
cyber threats facingorganizations in 2025?
And what should be thepriorities or what should teams
think about prioritizing forthose, if you can give us any
insights?
I know things can changeovernight, but what are you
seeing today from your lens?
Glenn Maiden (17:12):
So from my perspective, I mean I can talk
about the increasingsophistication of threats.
So we've got now AI, we've gotsome very, very smart actors
that are looking for bugs inhardware.
They're looking for breaks insystems.
So there's always going to bethat, there's always going to be
a vulnerability somewhere.
But I like to look at it fromthe other side, and this is from
(17:33):
your side in Auro.
This is the defender side.
So if I'm trying to defend asystem, how can I make the
impact of any one breach get asclose to minimal or zero as
possible, and that is somethingthat we can do.
So, whether that's usingmulti-factor authentication, so
if someone does manage toexploit one of your attack
(17:54):
surface or one of your perimeterdevices, if someone does manage
to get access to that, how canwe segment that off?
Or how can we make sure thatall those user accounts that
they will then pop out of thatbox, how can we make sure that
they're useless or harder toexploit?
To get further into the system?
Smart role-based access toexploit, to get further into the
system.
Smart role-based access, andnot just for people but for
(18:18):
machines as well.
That helps really, really goodsecurity operations, like I know
you do at Oro making sure thatwe know what our assets are, how
they could be exploited,getting logs and telemetry off
those devices, centralising them, normalizing them and then
getting those into use casesthat will then sit in front of a
really really smart analyst'sscreen.
So when something that isn'tnormal comes up, we've minimized
(18:41):
what we call false positives,so it's not just something
that's going to waste someone'stime a red alert but we know
with a reasonable amount ofconfidence that that alert
that's just popped up on myscreen is something that I've
got to take a look at and fromthere I can go through and
isolate and clean up and thenbring back into service as quick
as possible.
And if you think about it inthat way from a defender's
(19:01):
perspective, it doesn't matterif I shouldn't say it doesn't
matter, it matters less that abad guy has got a zero day that
they're using against you,because you know they're only
going to get to a certain amountof, they're only going to get a
certain, a certain distancebefore we find them and we stop
them?
Michael van Rooyen (19:16):
yes, correct , you talked about the kind of
nation states, uh, things thatare happening and, from a global
perspective, as we sit heretoday catching in brisbane,
we're just coming off the backof the the us elections, you
know, and they're obviously theresults are a little bit in the
spotlight, you know.
You could argue which way itwent, but it's happened and
there was a lot of discussionleading up to it and post the
(19:38):
last election in the US, plusother elections globally, that
for people who followed alongwith the, you know,
disinformation, misinformationit always kind of dominates the
conversation.
Now that we've so cyberconnected and influencing and
all these sorts of things, canyou talk a little bit about some
of the cyber enabled threatsthat relate to these issues and
how they may detract from whatshould be a normal process and
(20:02):
how the world's changed just inelections alone?
Glenn Maiden (20:04):
Yeah, so this is a fascinating one, michael.
So, if we think about thatconvergence of threat, and just
before we get into themisinformation, I'm always
fascinated about some of theseglobal cyber gangs.
So how do you go from a gangthat's operating out of Nigeria
or over in Eastern Europe allthe way to attacking my mum
(20:27):
that's sitting on her iPhone upat Burley Heads here as part of
a scam?
So it's well enough to have theinfrastructure sitting behind
it.
It's well enough to maybe havean exploit, and maybe I want to
just do some crypto mining offher phone, or maybe I do want to
scam her out of her lifesavings.
There has to be somewhere thatall that infrastructure converts
(20:49):
into a localised attack.
So mum knows that she gets amessage saying oh, this is
Australia Post or this is theAustralian Tax Office.
So how do these bad guys on theother side of the world craft a
social engineering attack thatis so realistic that it can get
past my mum?
So I think that there's thisconvergence and this is where we
get into the election.
I think that there's thisconvergence and this is where we
(21:09):
get into the election.
The same bad guys and nationstate guys are using the same
malicious ecosystem that thecriminals are using and more and
more we see.
Sometimes they'll call themmercenaries, but we're seeing
that convergence of nation stateactors and cyber criminals
using the same infrastructure,in some cases working together,
in some cases for trying toinfluence an election, or people
, in some cases trying to stealmoney.
(21:31):
So just to get a few terms outthere, they call it MDM now.
So there's a new term thatthey're starting to come out
with, which is calledmisinformation, disinformation
and malinformation.
Now, misinformation isbasically where I would say
something and I just get itwrong.
So I might say I'm doing apodcast with Michael in Sydney
today.
It was an honest mistake, butanyway, someone gets hold of
(21:54):
that and they said oh, glenn'sin Sydney today, why did he not
turn up to this meeting inSydney when I'm actually up in
Queensland?
So that's misinformation.
Disinformation is wheresomeone's a little bit more
deliberate in what they're doing.
So if you imagine I was a badguy, I might get a FortiGate and
I might say, oh, fortinet saysthat it can do five terabits
(22:16):
worth of throughput when this isactually only two terabits.
So I just make somethingcompletely up, send that out,
and then I could use thatagainst me.
So there's sort of those twodifferent ways that we can use
to influence Malinflammation.
Isinformation is a bit of acontroversial term, but that's
where you use, I guess,legitimate information with
malicious context.
(22:36):
So if you think, probablyrevenge porn is a good example
of that.
So a photo is taken in theprivacy of someone's home that
then gets leaked to people thatweren't originally accessed or
authorized to have thatinformation and that's used
against the victimMalinformation the reason why
that's sort of a bitcontroversial.
It could actually be somethingthat's true.
So if you think of our goodfriend Donald Trump and Stormy
(22:56):
Daniels, that may or may not betrue, but if it was true that
would be really really juicy touse against him if I was one of
his enemies.
So, basically, forever hostilenations have wanted to go
through and interfere withdemocracy.
So, back in the day, it might beRussia funding some Marxist
groups at a university orsomething like that.
(23:17):
There might be some otherpolitical parties that they'll
funnel some money into to tryand influence, but now in these
cyber-enabled days, it opens upa whole world of possibilities
for these guys.
So if you go back to sort of2016, the Russians had about 500
Russians activated and tryingto disrupt the American
elections and American society.
(23:38):
And if you think of those 500,that would have actually been
quite rare back then.
So you need Russian people thatspeak really, really good
English.
They understand and they'respeaking with American accents.
They understand the subcultures.
They understand sort andthey're speaking with American
accents.
They understand the subcultures.
They understand sort of some ofthe societal norms.
They understand the politicalsystem.
They know how elections work.
So apparently these guys goingback to that election back then,
(23:58):
they pumped out about 80,000posts and pieces of propaganda
just to influence us.
So that was 500.
And obviously that was thescale they could get.
But if you think now in the ageof AI, you could probably have
just a handful of people thatcould do much, much more than
that by generating some of thesemalicious posts.
(24:19):
And just you mentioned theelection that we just saw
yesterday.
Going back on the 4th ofSeptember, there was a group
called Tenant Media that wascharged over in the US and they
were a right-wing group, butthey were taking money from
Russia to go out and spreadmisinformation to all their fans
, all the people that they wereinfluencing, and they were
saying, oh, go in and intimidatevoters, go in and steal votes,
(24:41):
go in and destroy ballotcollection areas.
So this is a real threat andit's happening every day and
luckily I can't think off thetop of my head any really
catastrophic things that havehappened down here in Australia,
but it's only a matter of time.
Michael van Rooyen (24:55):
It is true, and I think you do touch on a
very good point there if I thinkabout influencing media.
So if we go right back, youknow a newspaper, then
television, you know this kindof thing's been happening for a
while where people want to kindof make things come to fruition.
The challenge we've got now isagain we're so cyber enabled or
(25:15):
so connected.
I should say no doubt thatsocial media has played such a
big role in that becauseeveryone's connected on that and
I think about the newgeneration coming through.
So you have baby boomers, allthat were probably still paper
based reading, all that, andthey were influenced in some way
, but probably not ascatastrophic.
If we go all the way down tothe people who can vote now,
where they're justhyper-connected and everything's
on a screen, probably theability to influence the outcome
is completely different, right,if you think about how wide
(25:37):
that gap is.
Glenn Maiden (25:39):
Yeah, it's funny.
I sometimes think, and theytalk about these digital natives
, and I've got three kids a17-year-old daughter, a
15-year-old son and a12-year-old daughter a
15-year-old son and a12-year-old daughter.
They're all digital natives.
And my son is an absolute.
He loves technology.
He's built his own PC fromparts.
He programs in Python.
Technology is just his absolutepassion.
(25:59):
But I think I don't know when wetalk about digital natives.
Going back to our day, we builtsystems from the ground up.
We'd build a rack and then we'dput a router in it and we'd put
a switch in it and we'd put afirewall in it and then we'd put
a server in it and we'd plug itall in and load the
applications on the top of thatinfrastructure and then push
that out.
We'd know what IP address ithad, we knew exactly where that
(26:23):
server was and what was runningand what it was doing and if
something happened you'd walkinto the server room and turn it
off, yeah, yeah.
So I just wonder, especiallywith sort of some of these
digital natives these days,whether they've become a little
bit a part of the attack service, because they're so good at
using these applications andexploiting these applications,
but not necessarily knowing howthey work.
And then, if you think, in mostcases or many cases these days,
(26:44):
these applications are poweredby service from the cloud.
Do we actually even know whereour data is or where it's
getting processed.
So I think it's very, verydifferent in 2025 than what it
was even probably pre-COVID.
Michael van Rooyen (26:58):
Yeah, yeah.
And if I think about againthose attacks, the influencing
election and state-basedactivities to influence a
country, and election's alwaysthe peak period you also touched
on earlier around campaigns youknow christmas is coming then
they're very crafty about howthey do their, their threats etc
.
But if I think about electionsparticularly and we've heard
(27:18):
over the last three or fourelections globally that they've
been influenced and there's beensome proof in it and maybe not
some proof in it you knowthere's a bit of a debate, but
do you think this has affectedthe public's trust in in the
editorial and the electoralprocess?
But do you think this hasaffected the public's trust in
the electoral process or do youthink it's kind of they just get
on with it?
What's your view on that?
Glenn Maiden (27:34):
I think, michael, that's 100%.
The public's trust has beenaffected and in some ways, that
is actually the intent of someof these disruptions.
So I don't necessarily need tohave my candidate win.
But what happens if like we sawsort of last time what happens
if I can erode the public'strust so much in elections that
I can use that then against myenemy country?
(27:56):
And I just read a reportrecently about our handling of
COVID and you could argue withhow good a job we did versus how
bad and a few mistakes with2020 hindsight.
But the frightening part ofthat particular report was there
was an erosion, a significanterosion of public trust in
authorities, people like thehealth system.
(28:16):
So when the next pandemic comesalong, maybe people won't be
quite as compliant in some ofthese.
So it becomes very, very, very,very different situation and
quite dangerous very, veryquickly.
Michael van Rooyen (28:27):
Do you think there's some strategies that
governments, organisations orindividuals can use to protect
themselves against the spread ofmisinformation, and maybe ways
to really validate and identifycredible sources, considering
we're talking a lot about AI,you know, deep fakes, all these
sorts of things or it's justgoing to get harder and harder,
I think?
Glenn Maiden (28:44):
it is going to get harder and harder, I think,
especially with the rise of AIand deep f facts, it's going to
be very, very hard to work outwhat's real and what's not.
And you know, I don't know if Ican answer you, michael, where
this goes.
I mean, you know, if it was acyber attack, you know a buffer
overflow or some sort of exploitagainst a service, I'd say,
well, we need to put a firewallin front of it and block that
port or monitor that port orsomething.
(29:06):
But when it comes toinfluencing humans, I don't know
.
Maybe we get an AI, some sortof an AI system to defend
against it.
But it's definitely a risk.
And even if you look at wherethe attackers are going, so it's
so, so common now for attackersto not even use necessarily use
malware, but certainly more andmore they're using credentials
(29:27):
that they've either stolen ordumped from the victim or
they've just bought from aninitial access broker and you
guys at Oro in the SOC.
It's one thing to see to noticesomeone doing a port scan
inside a network.
That's unusual.
That's something really, reallyunusual.
I've got to go and investigatethat.
But it's another thing to seeMichael move from server A to
server B.
Well, that might actually beyou just going through and
(29:50):
accessing a file share, but itcould be someone using your
account.
That's a lot harder, as the SOCanalyst, to know.
Well, is this legitimate or isthis anomalous?
Michael van Rooyen (29:58):
I hope you enjoyed part one of my
discussion with Glenn Maiden,Director of Threat Intelligence
at FortiGuard Labs ANZ.
Tune in next week for part two.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy And Charlamagne Tha God!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.