June 2, 2025 • 55 mins
Ihab Shraim shares his expertise on domain security and why it represents the "missing chapter" in modern cybersecurity strategy. We explore how AI is accelerating cyber threats from years to weeks and why protecting your online presence is more critical than ever.
• Domain security is often overlooked despite being critical to an organization's reputation and online presence
• Over 93% of security professionals can't identify their company's domain registrar or DNS provider
• Modern cyber criminals are sophisticated organizations who target "soft targets" rather than heavily defended perimeters
• AI-powered tools like FraudGPT and WormGPT enable custom malware creation for as little as $200 on the dark web
• Voice cloning and deepfake technologies are being used in increasingly convincing social engineering attacks
• Zero Trust architecture and layered security approaches are essential for comprehensive protection
• Blended attacks targeting multiple systems simultaneously represent the future of cyber warfare
• Reputation management encompasses domain protection, brand abuse prevention, and counterfeit detection
• Personal data protection requires vigilance about what you share online and implementing proper security at home
• Companies must have actionable response plans, not just detection capabilities
Connect with Ihab Shraim on LinkedIn or email him at ihab.shraim@cscglobal.com to learn more about domain security and protecting your online presence.
PodMatch Automatically Matches Ideal Podcast Guests and Hosts For Interviews
Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.
Listen on: Apple Podcasts Spotify
Follow the Podcast on Social Media!
Tesla Referral Code: https://ts.la/joseph675128
YouTube: https://www.youtube.com/@securityunfilteredpodcast
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
How's it going, ihab?
It's great to finally get youon the podcast.
You know, I think I may havehad to reschedule a couple times
there.
I'm blaming everything on mynewborn at home, so I don't know
if it's a viable excuse, butthat's what it is, it's a
legitimate excuse for sure.
Speaker 2 (00:18):
Congratulations on your newborn and hopefully he'll
be a scholar in the future andhopefully he'll be in our field
in the cybersecurity world.
Speaker 1 (00:29):
Yeah, I feel like my firstborn.
She's only two, but every timeI'm on the computer you know
she's like very interested in it.
She wants to, you know, hit thekeyboard and see what it does.
You know, because like nowshe's putting together.
If I hit this, somethinghappens on the screen.
You know like she's figuringthat out and so it's.
(00:50):
It'll be really fascinating tosee like you know where they go
in life, right and and what theydo.
Yeah, I, I don't really care,and it's the same thing for my
wife Like no-transcript.
Speaker 2 (01:28):
I totally agree with you.
My daughter luckily, lastSaturday she got married and
she's in law school.
She's got one year to go and Ilook at you know her progression
in life, how she looked atcomputers and what did she like.
She loved debate.
She liked to debate things and,to be honest with you, she will
(01:50):
be one of those unique lawyersin the future who is extremely
versed in technology.
So the impact or the effect ofparents over children is huge,
specifically not just from a DNAperspective and teaching them
the right principles in life,but also your work affects them
(02:10):
in one way or the other.
They may not pursue what you,let's say, have pursued in life.
However, they will have a spinor an addition by which they are
going to utilize that expertisethat you passed on to them.
In my daughter's case, she'snot going to be like your normal
(02:31):
average good boy.
You know most lawyers today.
They know computers, but mydaughter knows depth in how the
Internet works and how is itinterconnected and what's behind
.
You know scams and attacks andthings that I'm involved in that
I described, you know, to herand the family over dinner.
Speaker 1 (02:53):
Yeah, I think that's really important Setting a good,
you know role, maybe not evennecessarily like setting that
good role model I guess you'redoing it, you know, regardless
but setting the standard rightand and the expectations.
And I want to like clarify whatI mean by that right.
(03:13):
Like I like, uh, going into itright, I don't have the
expectation that my kid's goingto be a doctor or a lawyer or
anything like that, but I'mworking on my PhD right now and
I have two little kids, two kidsunder two, right, and so that's
like three full-time jobs rightthere, you know, all on its own
older.
(03:45):
You know, I kind of want toeliminate those excuses for them
to be like I don't want to goget my master's, I don't want to
get my bachelor's, I don't wantto get my PhD, because I want
to show them like, hey, you know, yeah, it's difficult but it's
achievable, you can do this.
You know, if this is somethingthat you're passionate about,
that you want to do, you can doit right.
It's kind of like eliminating.
I view it as eliminating thoseexcuses before they even like
(04:05):
crop up, right, because it'slike well, if dad did it, you
know, I can do it too If mom gottwo masters, I can at least get
one.
Speaker 2 (04:14):
Right, right, no, setting an example is amazing.
What is that PhD in, joe?
If I may ask, yeah, yeah.
Speaker 1 (04:20):
So it's utilizing the Zero Trust Framework on
communication satelliteinfrastructure to prepare it for
post-quantum encryption.
Speaker 2 (04:28):
Wow.
Speaker 1 (04:29):
Wow, yeah, so there's three major components there,
right, zero, Trust, satellitesecurity and quantum.
I've never touched on before,I've never looked at, or
anything like that.
And I really wanted to use, youknow, this, this PhD, to kind
of prepare myself for the future, right, like that's where
(04:51):
security is going, that's wherewarfare is going, even.
And then I wanted to challengemyself, because I feel like if
I'm not challenging myself, I'mnot growing.
I get very frustrated.
So if I was going to do my PhD,you know, in like cloud
security or something I mean,that would be easy, right, that
would be a cakewalk for me.
I don't want to, you know,knock anyone getting their PhD
(05:13):
in cloud security.
Speaker 2 (05:23):
But you know, at the same time it's like, hey, if I'm
going to do this degree, I'mgoing to get as much value out
of it as I possibly can.
By the way, you are combiningprobably three of the most
exciting areas of heavydevelopment, specifically on
satellite and quantum computing.
I mean, this is not only thefuture.
This is where the attacks aregoing to be so blended in the
future, by which they're notgoing to be just what we see
(05:46):
today.
The blended attack, threatvectors, the combined ones, they
are going to be massive.
If you remember what took placea few weeks ago in Spain, it's
$1.6 billion loss in just in afew hours and people panicked in
Spain, just because, you know,the internet was not available.
(06:07):
Well, satellite communicationwas not available, telephone
communication was not available.
Everybody went south, theydidn't know what to do.
And if you look at it, say 35years ago, I remember the phone
that we had in the kitchen withthat long wire Right by which,
yeah, if I want to talk to Joe,hey, Joe, I'll call you tonight
(06:28):
at 8.
And that's when Joe will bewaiting by the phone for me to
call him at 8 from my kitchenphone, Whereas today people
carry that mobile device andtheir livelihood is dependent on
it.
And to tie it with whathappened in Spain, this is
what's going to happen in thefuture.
Yeah, Attacks are going to bein mass attack.
Speaker 1 (06:50):
Yeah, yeah, you know I didn't look too hard into the
Spain attack.
I heard about it, but as soonas I heard about it, my initial
thought was well, that's a greatpractice run for someone.
You know someone, someadversary out there is 100%
trying to run a practice test onit.
I always go back to whenAmerica invaded Iraq.
(07:14):
The very first thing that wedid months in advance of our
invasion was we intercepted allcommunications in that country.
Every single thing.
If you picked up a phone, had aradio on you, whatever it was,
we were intercepting it.
When we decided we were going toinvade, still months beforehand
(07:35):
, the power went out, did notcome back on, the water stopped
flowing, the gas stoppedoperating, and that was all
cyber.
The NSA was doing all thatstuff Exactly.
I mean, a decade, two decades,before we even realized that was
possible, right.
And then fast forward toStuxnet, and I think it was 2011
(07:58):
timeframe, right around there,and that's when the world kind
of started to slowly wake up,right, and the NSA was doing
that.
You know, 10, 15 years prior,right, it's.
It's fascinating because, assecurity experts, we're looking
at that and we're like well, youknow, we, we test out things.
(08:21):
You know the same.
The just other nations test itout on other nations.
You know, by the time we get tothe nation state level attack,
it's I mean it's operating onits own.
You know you hit enter and it'sdoing everything on its own.
And that's actually what somefriends of mine that were cyber
warfare officers said.
(08:42):
You know, like you do so muchprep work and you do so much
practice and testing and it isverified by five, seven
different levels, that by thetime the actual attack occurs
it's all automated.
You hit enter on a keyboard,it's done.
You don't have to worry aboutit for the next 10 years.
It's going to do its thinguntil it's discovered for the
(09:05):
next 10 years.
Speaker 2 (09:05):
It's going to do its thing until it's discovered.
Yeah, in fact I remember I usedto.
One time in my past I worked atNASA and one of the interesting
things and, by the way, this ishow I got into cybersecurity I
used to set up machines Linuxmachines at that time.
I used to set up machines Linuxmachines at that time and do
(09:26):
the security posture on thesemachines, machine by machine
about 300 of them and there'sgroupings of machines associated
with missions and these aresatellite missions and of course
, the satellite has beenlaunched and we send and receive
data to the satellite and thesemachines crunch the data for
(09:47):
the various scientists to workon a specific research and of
course, they want to achievethat conclusion.
That research could be alengthy research 10, 20 years
and so forth.
And one day one of thescientists on one of the
missions came and told me I seethis user on my machine.
His name is Papari.
(10:08):
He comes in at 4 pm every dayand I don't like that.
Can you please tell him not tocome on the machine?
I'm like you know that user.
This is his personal Unixmachine.
He said no, I don't, so I go inthe machine, I delete the user
and I go away.
Machine.
I said, no, I don't, so I gointo the machine, I delete the
user and I go away.
Well, then he came back andtold me he created the account
(10:29):
again and it's immediately, likeI said, that machine is
breached.
We do some investigation on themachine.
We find that there are 60machines with the name Papadi
and none of us understood whatis happening, because security
in the early 90s wasn't like themost important thing and in
fact we want to share data andinformation.
(10:50):
And who thought about security?
Finally, we find out that thisperson has multiple accounts and
we went and deleted them and ofcourse, we set up some sniffers
et cetera on the network.
Now there's a huge number oftechnologists trying to figure
out where is Papadi coming from.
We couldn't tell the source IP,because that individual was
(11:15):
very smart.
Finally, one of us said whydon't you advise me, go to the
library and search for whatPapadi is?
At that time the internetwasn't even there in the sense
of having Yahoo and-.
Yeah, you're going to thelibrary and search for what
Papadi is, and at that time theinternet wasn't even there in
the sense of having Yahoo and-.
Speaker 1 (11:27):
Yeah, you're going to the library.
Speaker 2 (11:29):
Yeah.
So I went to the library.
I found out that Papadi is aGreek god.
He said oh, he's coming fromGreece, this is how we knew him.
And we set up some traps andluckily he was caught and all
that.
But this is how things begin.
And now look what they willbecome.
(11:49):
What they will become is whatyou just mentioned Satellite
communication, jam, all thatcommunication at any, say,
country you want to invade.
Let's say we are not invading acountry.
Let's say we just you knowstate-sponsored attacks.
What do they want to do?
Well, now they can use theseamazing AI-powered platforms to
(12:13):
generate malware, like in thecase of StocksNet.
It will make StocksNet looklike it's a child with what we
are seeing today.
I mean these platforms arealready out there.
There's ChatGPT, which is whatwe are seeing today.
I mean these platforms arealready out there.
There's ChatGPT, which is whatwe use.
There's BadGPT, there's GlowGPT, there's FraudGPT, there's
(12:34):
WarmGPT.
I mean the names are almostinfinite.
And what they are all designedbehind is to generate the top
number one vector that we allare suffering from phishing and
malware distribution.
And these platforms are sopowerful to generate.
And look how sophisticatedthese platforms are.
(12:56):
Not only they're capable togenerate malware that can be
changed in real time, and thisis key.
This is how you evade signaturedetection techniques.
Not only that, they cangenerate, you know, with
(13:18):
deepfake and voice cloning theycan generate your executive's
voice, augmented with E-Net tojust launch a phishing campaign,
phishing what we started within 2003 as a commercial product.
I used to work for a companywhere we launched our first
commercial phishing product atthat time and I'm telling you we
(13:44):
were in the dark ages if youwere to look at 2003 versus 2005
.
I mean, it's insane what we areseeing.
The threat vectors are severeand now blend these attacks
together between satelliteattacking the infrastructure of
a country, augmented withattacking the infrastructure of
(14:06):
a country, augmented withattacking the banking industry
or the financial sector.
This is serious Attacking, forexample, anything with the power
industry programmable logiccontrollers.
These programmable logiccontrollers are for specific
systems to do a specificfunction.
Think of it as an isolatedsystem to do something for that
(14:28):
power plant or that watertreatment center.
What if you pollute it?
What if you add ammonia to it?
What if?
I mean, this is gettingsophisticated to the level that
you really really must employzero trust model.
You must Zero trust if it's notemployed, you are in trouble.
(14:49):
And if you don't have the rightprograms and if you don't have
the right mechanisms to dosecurity in depth, that security
posture is so essential now tocorporations, as in private
sector and the public sector.
But that will get us intoanother topic, which is the most
(15:10):
critical topic, that I thinkit's a missing chapter in the
cybersecurity posture, which isdomain security, and that I
would like us to discuss that ifyou are interested to dive a
little bit deeper into thistopic, because I think this is a
chapter that is truthfullymissing.
While companies think that theyare covering it, they're
(15:32):
covering a portion of it, butthey are not covering the whole
spectrum of domain security.
Speaker 1 (15:41):
Yeah, we're definitely moving into uncharted
territory before you know, likewe've never had.
I feel like AI has always beenon the horizon and I'm currently
I'm like in this argument withmyself right when it's like well
, we've been told, you know, aiis next year, and then 10 years,
you know it comes right, it'salways 10 years away.
(16:03):
Years, you know it comes right,it's always 10 years away.
But now it feels like it's morepresent than ever and I'm
trying to fight with myself andconvince myself ah, it's five
years away, you know, but at therate of growth and the rate of
expansion of it, it's like man,maybe it's eight months away,
you know.
And with the attack that youwere talking about, I actually
(16:24):
experienced that at my currentemployer, and I won't mention
the name, of course, I don'tfeel like getting sued today.
That's good, but the attackerspoofed our CEO's email, spoofed
his voice, sent an email tosend $20 million somewhere.
He sent it to our CFO, the guythat would actually be approving
(16:49):
it, and then he followed upwith a phone call.
The CFO basically automaticallycalled the CFO from a number
that the CFO didn't recognize,and that's how he was alarmed by
it.
But it sounded exactly like theCEO, exactly like it, and it's
(17:09):
not hard to do that right.
We do earnings calls everymonth, every quarter whatever it
is.
You know, and so you could justtake that transcript, put it
into your AI and now you havetheir voice fully replicated,
because the CFO he was saying itsounded exactly like him, like
didn't miss a beat, how he wasresponding to everything.
(17:31):
That's how I expected him torespond.
The only thing that caught himoff was the wrong phone number.
And there was another level ofverification that they had to go
through that we have like aninternal policy around that the
attacker didn't know and so theyweren't able to do that, that
final like verification.
But I mean he, he literallysaid he's like if they give me
(17:53):
that final piece of verification, I mean it's, there's no
questions about it.
It's like the money is goingthis is you right Like we don't
have to do it in person, youknow, and so like it's just
crazy because, like a month ago,you know, I was reading about
those kinds of attacks and now,literally a couple of weeks ago,
you know, this happened in myenvironment.
(18:15):
I'm just sitting here like man.
We're going at such a rate thatit's going to be almost
impossible to keep up.
Speaker 2 (18:26):
Joe, you've hit the nail on the head.
Ai now accelerated the growthof anything, whether positively
or negatively, to a rate ofweeks, months at best, versus
what we used to deal with, whichwere years.
Not anymore Is what we areseeing today.
(18:49):
The acceleration factor isunprecedented.
No one is keeping up and thisis why it is crucial of what
corporations should look at now.
It's not the truth.
Is everybody's going to getbreached in one way or the other
.
What is the level of the breachis the key.
(19:10):
You could lose a system here.
You could lose, you know, say,unsecured whatever in your cloud
environment.
However, you cannot lose assets, online presence you cannot
lose that.
You cannot lose your reputation.
This is extremely not important.
(19:32):
It is the key factor of how weshould exist.
Reputation now is important.
Look at the level of breaches.
People are losing data.
So let's look at the growth ofAI now.
With these platforms that are inthe dark web, by the way,
(19:54):
highly accessible for $200 toalmost $1,700, $1,800, you can
have the world at your hand,between your fingertips.
You can generate malware brandnew malware.
It's brand new.
It's yours.
You can launch the malware viacampaign.
You can rent your command andcontrol, as well as your
(20:16):
distribution site and thecollection points.
You can own it all.
You can own a botnet for 10,000machines, 20,000 machines,
30,000, whatever number you want.
It's how much we would pay.
Organized crime can pay.
And 10 grand, 20 grand is not aokay, they'll pay it, but
because they steal it fromsomewhere else.
So that level of sophisticationis out there.
(20:41):
So the good guys, the white hats, are really struggling now to
keep up with what's going on,and we're all are saying the
same thing.
So what is the answer then?
The answer is you have to thinkin terms of zero trust.
If you are a corporation or anenterprise, you must have a
layered approach to security.
(21:01):
You must have partners.
You must.
It's non-negotiable.
You can't run just a datacenter anymore, thinking the
world is great.
No, you have to have to run thedata center and your cloud with
trusted partners, and thosetrusted partners must be
auditable.
And to keep up with AI, you'vegot to have an AI team.
(21:24):
You've got to have it.
You've got to have people whounderstand AI, not to just read
about it.
Implement, and corporationsmust invest now.
This is, with all due respect.
Whoever doesn't do it, they'redoing two things to their
organization.
Number one they will lose thegame Definitely in their field.
So let's say their field ismanufacturing something.
(21:47):
Somebody is going to come withan automated method via AI and
will take that business, thatmanual business, out of their
hands.
That's it.
They lost their bread andbutter.
But the other one is they'regoing to lose it for the bad
actors, the cyber criminals.
These guys are so crafty, that'sall they do all day long.
They're organized.
They don't come as one person,like in the old days.
(22:09):
20 years ago, we used to havethis kid who's sitting in the
basement trying to hack intothings and he or she have a
piece of droppings on theirshirt.
No, this is not who we aredealing with.
We're dealing with people whoknow how to do reconnaissance
scanning.
They look at your social mediafor your corporation.
They understand your jobpostings.
(22:29):
They know your executives.
In that example you mentioned,they cloned the CEO's voice.
That means they have used AIcloning.
They probably have already.
Not only the spoofing part isan old scam which is spoofing
the headers of an email, but ittells you that probably the
(22:49):
campaign or the kit that wassold to them was not
comprehensive and that's whythey fumbled by calling the
wrong number because they had anold number.
It's just amazing.
To be honest with you, you guyslucked out on this one.
But imagine if they have theright number Social engineering
is so crucial If the companydoesn't train their employees on
social engineering and if theydon't have a security program.
(23:12):
What is a security program?
Penetration, testing throughthird party trusted partners as
well as you.
You, the owner of thatcorporation, must execute, must
have security teams that do that.
You should have vulnerabilityassessment program.
You must have a CISO to attendto your security policy and
(23:35):
adherence training, training.
Oh my God, if corporations takethis lightly, they're in
trouble.
Think in terms of your onlinepresence.
Let's say a corporation, xyzcom, exists online.
If you think in terms ofsomebody hijacking that domain
name, what would thatcorporation do?
You know, I go to securityconferences and we are a vendor
(24:00):
and I go to the vendor floor andI ask a simple question.
We are a vendor and I go to thevendor floor and I ask a simple
question All these securitycompanies, security companies
well-funded by the VC world inSilicon Valley, well-funded.
I ask them two questions who'syour registrar and who's your
DNS provider?
Here's after a year ofinvestigation and doing that
(24:24):
survey.
Here's the finding More than93% of the folks who are on the
floor within that securitycompany don't have a clue, not
even don't have a clue.
They will tell you I reallydon't know.
That's a good question.
Shouldn't be a good question.
You should tell me I know theperson who knows the answer.
(24:46):
You don't have to know theanswer, but I know the person
who will give you the answer.
You must know your registrar,your domain name, which you do.
Your online presence you doyour online.
If you are a financialinstitution, that's online
banking.
If you are a manufacturingcompany, it's your website with
a user ID and password to loginto that portal.
(25:08):
It's your reputation.
People don't know who theyregister and then, when you find
out who the registrar behindthem oh my God, it could be some
retail registrar that no onehad heard of just because they
have some cheap services andthey don't know.
And you look at the company, youwill see the marketing
department.
They're buying their own domainnames.
(25:29):
That legal team is buying theirown domain.
The IT team.
This is called shadow IT.
Shadow IT comes when you haveno security policy that controls
who gathers all these domainnames and how these domain names
are being managed and how theyare being renewed.
It's not about renewing andmanaging.
(25:50):
It's your reputation, and thesame applies for your DNS.
Who's managing that DNS?
Do you have a businesscontinuity plan as part of your
security posture or yoursecurity program?
Okay, okay, let's say the DNSservices have been taken out by
a DDoS attack.
What do you do?
(26:11):
What's next for you?
And then someone will say yeah,don't worry about it, we can
scrub the traffic through ourpartner.
Yeah, really Okay.
Most of the time when you areunder DDoS attack, start
thinking that you have blendedattack, that they are doing
something else to yourorganization While your team is
busy doing DDoS mitigation.
(26:32):
Something else is happening and, by the way, when you do a DDoS
mitigation, you lose some ofyour real traffic.
Most corporations are going togo through this DDoS attack.
Speaker 1 (27:05):
Recon, being, if you are well known, on the block, so
to speak and it's funny becauseI'm in a young neighborhood,
there's a lot of families withkids all around me and
everything.
There's a group of kids thatwill ring your doorbell, run
away, light some fireworks offin front of your house in the
(27:26):
street, you know, just beingkids, you know, and I got tired
of it and I like tech enough, soI bought a couple cameras, just
put them around my house, notto like identify them, right,
like who cares about that, butso that they would just see that
there's a camera there.
Like hey, you probablyshouldn't.
You know mess with my house,right?
(27:47):
And sure enough, you know allof it stopped immediately, like
as soon as they realized.
You know that those were up,even though I don't really care,
you know it all stopped andit's beneficial, right, because
I have two little kids at home,so it's like I'd prefer them not
to wake up my two-month-old,you know, after I just tried to
put her to sleep, there's noneed for her to wake up with
(28:09):
fireworks.
But you bring up a really validpoint, a valid area that I feel
like hasn't even been touchedon or harped on like it used to,
when I was first getting intosecurity, the whole rave was
Cloudflare and DDoS protectionand WAF protection and I really
(28:34):
haven't like heard very muchabout it, that domain of
security at all at that domainof security at all.
You know, and I've been atseveral, you know, multi-billion
dollar companies, very largecompanies, very small companies,
and it seems like it's justlike forgotten almost.
Speaker 2 (28:53):
Exactly, actually, what we classify it.
It's the missing chapter.
So, like I told you earlier, Istarted in cybersecurity in the
early 90s, in the dot-com boom.
I joined one of the best,probably, companies at that time
in Maryland.
It's called DigX Web Hosting.
We were the it, the itEverybody hosted with us.
(29:16):
And I cannot tell you how manyattacks have we received 99,000.
We hauled 40% of the internettraffic through DGX.
We ran major pipes 48, by theway.
It's a joke now, but thenthat's what we did.
But the attacks were relentlessDDoS attacks.
(29:38):
We had DNS poison, dns emailspoofing, session hijacking, all
types of attacks.
And that's in the early I'msorry, late 90s, early 2000s,
fast forward to today.
These attacks are still beingused, but the way they are being
deployed in differenttechniques and tactics.
(30:00):
So if you look at the threatvectors, they're all, by the way
, in general are part of theweakness of the TCP IP protocol.
And this is our problem TCP IPversion 4.
Yes, they say you can go to 6.
Yeah, but we depleted all theIP pool for TCP IP version 4.
And that's where all the flawsare in, because we're still
(30:23):
running as an internet, we'restill running old code, we're
still running, by the way, unixmachines on Solaris.
We're still running that.
You will find the DNS serversomewhere.
But when it comes to domainsecurity, domain security is
built on registrars andregistrars speak with registries
.
A registry.
(30:43):
Think of it.
Security is built on registrarsand registrars speak with
registries.
A registry.
Think of it like the owner ofthe map of how we deploy things
on the internet from a namingconvention point of view,
meaning domain name convention.
So Verisign,verisigntodaymanagecomnet.
There are 13 root servers, only13.
(31:04):
And they're allocated tocertain entities to operate them
.
But under these registries,there are accredited registrars.
They're accredited by ICANN,and here's where it begins.
You will have corporateregistrars that are secured and
retail registrars that are notvery secured, and you have the
(31:27):
mom and pop shop in some countryout there.
So think about it in terms ofhow things happen.
There's a global company andyou have call it dot and then
country name.
I'll give you an example Dot UKis a country, dot US is a
country.
That's called ccTLD, country,called top-level domain, and
(31:50):
then you have gTLD, globaltop-level domain, which is
something like a com net.
Now, if somebody wants to attacka company, you go through the
soft targets.
You mentioned it.
You don't want to be the easypart, right?
You want to be the soft target?
No, but that's what they do.
They go through the softtargets, the exposed soft target
(32:11):
.
Why should you go and attack anorganization or an enterprise
that spend hundreds of millionsof dollars on their firewalls
EDRs, xdrs, ips, name it?
They haven't and, by the way,nothing is integrated, but they
have.
But then the perimeter seemslike well defended.
Why would you want to breachthat perimeter when you can
(32:33):
attack their domain names andall you got to do is do some
social engineering attack and nohacking techniques are needed?
Or, which is even best?
I look at the company.
Yeah, they have a presence inVietnam.
Beautiful, go hack into thatregistry.
A registrar over there, that'sit.
And, by the way, it's not goingto be well defended 99 out of
100,.
It's not going to be welldefended unless you're working
(32:55):
with a registrar who creates thedefense mechanism for those
domain names that they'remanaging, mechanism for those
domain names that they'remanaging, such as the company I
work for.
In such case, that domain nameportfolio has a moat around it,
virtual moat, and that virtualmoat is the protection mechanism
.
Then you layer the solution bywhich you protect DNS, and now
(33:23):
you have protected the mostcritical entities for your
online presence.
And then you augmented withsolutions to tackle the top
threat vectors.
You want to see how many domainnames got registered on a daily
basis that are associated withthat brand, how many were
re-registered, how many weredropped, how many are classified
, as we call them, dormantdomain names.
A dormant domain name is wherebad actors buy them and they buy
(33:46):
masses of them.
By the way, organized crimedoesn't buy one domain name.
They buy thousands Everywhere,with multiple extensions.
So they buy them and sit onthem and then they activate them
, meaning weaponize them as partof a campaign, and then they
deploy, and they deploy in mass,they deploy en masse While
people are asleep or whilepeople are busy at work
(34:07):
launching something.
They will take that opportunityand attack that corporation.
So let's say we're launching aproduct and they're hearing yeah
, in September we're going tolaunch a product, but we didn't
disclose yet the full date.
Say, ok, we're going to attackthem in September, we'll attack
that enterprise in September andthis is what we're going to do.
We're going to do a blendedattack and we're going to go
(34:29):
after the exposed surfaces.
Exposed surfaces are the ones.
I described your domain name,your DNS, your email gateway,
anything that you can query onthe internet.
And, by the way, you don't haveto be a genius.
You go to any online serviceand you will query any company.
You will see.
You don't have to go far.
Go to their job postings.
(34:52):
You would know what kind ofinfrastructure they have
internally.
The information job postingwill describe what most
companies offer inside.
You know, within theirenterprise.
They'll say you know, I wantyou to know, for example, xyz
software release and so forth.
That's it.
They've already known what'sinside.
Then they can query your.
You know your WAF or yourfirewall.
(35:14):
They can figure out in some wayor fashion that security
posture and then they willattack the soft targets.
And this is the missing link.
This is the problem and Ireally we have been sounding the
alarm in the industry on thistopic and it's sad when you see
that people don't have athorough understanding of that
(35:37):
particular problem and when theyhave it.
With all the respect, imagineyou could be a multi-billion
dollar company fighting.
What is the domain name?
It costs about 25, 30 bucks.
They're fighting theorganization for how are you
going to protect 25.
Man, this is your reputation.
You should have brandprotections partner, you should
have a fraud protection partner.
(35:59):
And here's the best part youjust don't want to say where the
problem is.
You want to manage the problem.
In other words, most platforms,cybersecurity platforms.
They rely on detecting theproblem, analyzing the problem
or detecting the problem andproviding you a platform to do
threat hunting Fabulous, okay,then what do I do next?
(36:21):
Or you can block it if you buymy appliances.
What if I didn't buy yourappliances, all of them?
Well, you're in trouble.
So in our company, we are quiteinnovative, because this is the
space I have been working insince the 90s.
So we came up with what'scalled actionable global
(36:41):
intelligent takedown service,which means not whack-a-mole
like in 20 years ago.
No, intelligent.
Look at the botnet, youdismantle it, you neutralize the
threat.
This is actionable in real time.
If you have a 30,000, 40,000that are distributed around the
world, what are you going to do?
We're going to go whack-a-mole?
(37:01):
No, you can't do that.
You don't have enough manpower.
So you have to neutralize thethreat.
Well, how do you neutralize thethreat?
You got to have the rightpartners who are versed in that
space, like that corporation isversed in the space.
They are making their revenuefrom.
There are cybersecuritycompanies such as ours are
(37:22):
versed in that space that are socapable to protect that domain
name portfolio and give you acybersecurity solution to
protect the domain name, andthen you take care of what's
called inside the firewallcybersecurity posture.
That gives you a completepicture for a comprehensive
cybersecurity posture.
(37:43):
Otherwise it's incomplete.
A complete picture for acomprehensive cybersecurity
patch.
Speaker 1 (37:45):
Otherwise it's incomplete.
Yeah, you bring up a very validpoint, right.
Like you have to protect yourbrand like no matter what you
know and I think of when we'retalking about like brand.
You know reputation, right?
I think of LastPass, yes, andyou know the community that they
kind of catered to.
(38:05):
They catered to the averageuser, but then they heavily
catered to the securitycommunity as being the best
password manager out there.
It gives you all of theadvanced features that you're
probably working with at workand they ended up getting
breached.
And they ended up gettingbreached and it took them three
(38:28):
months to own up to what wasactually breached and how it
happened, maybe even longer thanthree months.
Speaker 2 (38:32):
Or being sold Right.
Speaker 1 (38:33):
You know, and, like I was sitting here like are you
kidding me?
Like you don't know whathappened.
Is that really your argument?
Right now, because I literallywork in the industry that you
market to, I know for certain,without a doubt, that you would
know exactly what happenedwithin seven days.
Like you can't, you can't tellme that you don't Right, and it
(38:56):
was really just based on howthey handled that that I ended
up just switching passwordmanagers because, like there's
no way I'm paying you for aservice that you can't figure
out how to secure, right, andyou're over there, you know,
owning up and saying like, ohyeah, we, it's not that bad.
And then it turns into they gotthe, they got the vault, but
they don't have the key.
All they, they actually got thevault, but you know it's
(39:18):
encrypted this other way.
You know what?
Never mind, they already gotthat.
Like it's all this back andforth and I'm just sitting here
like, man, guys, you handledthis.
This is a masterclass on how tonot handle a brand related
issue that we sold.
Speaker 2 (39:45):
He called me and told me he invested in LastPass and
he wanted me to help him duringthat breach.
So I spoke with their CTO atthat time and it was within a
week of a breach and they werefrightened and they wanted me to
help out due to the fact thatI'm, you know, I built all these
solutions to combat fraud onthe internet and brand
protection that's my specialty.
So he told me that they lostthe encryption keys and brand
protection that's my specialty.
So he told me that they lostthe encryption keys.
(40:09):
I said, okay, I'll look.
So I did.
And I said my friend, you arein trouble, he goes.
Can we clean up the undergroundworld?
I said there is no entity onthis earth that can clean up the
underground world.
You got to understand yourinsecurity.
(40:30):
How do you say a statement likethat?
Nothing against that person,but seriously, they think you
hire a vendor, you go clean up.
This is not how it works.
That said, the kitty is out ofthe bag, it's done.
I told them what you need to donow is to work on mitigating.
This is not how it works.
That said, the kitty is out ofthe bag, it's done.
I told them.
(40:52):
What you need to do now is towork on mitigating your
reputation.
So reputation, what is onlinereputation?
Online reputation is the mostessential thing On a personal
level.
It's your entity, your name,your family name, your credit
line history.
It's your entity, your name,your family name, your credit
line history.
It's your standing in societyand so forth.
It's a multitude of say,disciplines, right, but from an
(41:17):
online perspective, yourpersonal identity is important.
You don't want to lose thatyour PII data, your personal
information, identity data.
You don't want to just give itaway.
People say I have nothing tohide in social media.
Okay, great, all your pictures,all your information is being
fingerprinted, digitized andarchived in massive databases
(41:41):
now.
But the trick is not.
The trick is not justprotecting an individual
reputation.
What about the corporatereputation?
So there are three factors.
There's brand abuse, where youcan badmouth the corporation.
There's counterfeit, if thecorporation produces a product
that can be copycatted ormimicked so that it will be sold
(42:06):
in the legal market on theseonline stores today and auction
sites.
And there's the third one,which is unauthorized resellers,
meaning I am selling alegitimate product but I'm not
an authorized reseller.
There are three and most peopledon't know the depths of what
is reputation or brandprotection of an enterprise.
(42:28):
This is what we do.
We invented this methodology.
We invented these threedisciplines or three areas by
which we go not only detect itbut enforce on it, meaning
delist it, remove it, clean itup.
But there is no such thing thatI have an eraser and I'm going
to go erase it from the Internet.
It's impossible.
(42:49):
You're going to erase it fromthe common gathering areas,
e-commerce areas, social mediachannel.
So there are channels.
You clean it up in social media, e-commerce, you clean it up in
your search engines and soforth.
There are these well-knownareas Underground.
Forget about it.
You can't, because it's notowned by the individual.
(43:12):
Also, you can go to a website,I'm sorry, to a site by which
it's underground, by which youcan say, you know, shut it down
and say, okay, I'm not going toshow.
What are you going to do?
Sometimes I'm going to give youthe most interesting there's
something called bulletproof webhosting or bulletproof
registrar, et cetera.
That concept is a veryimportant concept in
(43:35):
cybersecurity Because then, forexample, in Russia, the
registrar is the cyber criminalsis the web hosting, is the one
who's launching the attack.
So what are you going to do?
Call them and they will pick upthe phone.
Yes, they have an answeringservice, they are a full-fledged
company.
Yeah, but they will not doanything about it.
So what do you do in that case?
(43:55):
How do you mitigate that?
Okay, there's a phishing attackagainst that corporation,
jeopardizing the reputation ofthe company or mimicking, say, a
website with some indecentimages on that website, claiming
that this is your websitebecause they can create a
lookalike domain name.
And they did that.
So what do you do?
And that domain name is insearch engines and in site
(44:18):
engine optimization,distributing across the world.
And they go distribute itthrough social media and they
have these engines to do that.
So what do you do?
You have to devise a technique.
We devised a technique calleddomain casting, by which we
block it from the internet.
But the blocking is not justbrowsers, by the way.
We came up with that solutionin Spannable Solution in 2003.
(44:40):
But it's not through browsersonly.
You have to use othermechanisms.
You've got to modify thesolution.
In other words, when you aresolving a problem today as a
white hat or a vendor, you'llhave to solve the problem, by
which it can scale over time andchange and get modified.
(45:03):
Today, everybody's speaking interms of AI and they're lodging
all these out there.
You must then have an AIsolution that detects these
threats and able to detect,analyze and mitigate.
You must do all four steps.
If you don't, you're in introuble.
(45:25):
If you notice what companies,most platforms they have detect,
analyze, and that's it themitigation part.
They say, as I said earlier, ifyou don't buy my products, I
can't block it.
No, the mitigation has to becomprehensive and it has to be
agnostic to vendors or solutionproviders, otherwise it won't
(45:46):
work.
Speaker 1 (45:47):
Yeah, that is really interesting, you know, like how
this still isn't really eventhought about.
And like to your point rightwhere the CTO was saying, well,
can't we just erase it?
Yeah, I mean, it's like, youknow, these criminal
organizations, they also have anintegrity that they have to
(46:12):
abide by.
You know, imagine if one ofthese criminal organizations
went and broke their integrityand decided to, you know, erase
your data on their forum, ontheir site, you know, to keep it
from other criminals.
I mean, it's like, yeah, whatthey did was wrong, but they're
not going to breach their ownintegrity.
Speaker 2 (46:33):
Yes, if you notice what is happening, mark Warner,
the head of the investigationcommittee for cybercrime, had
sent letters to severalregistrars, big names, and you
can see.
By the way, you can search itonline.
I'm not going to mention thosenames because it's improper to
mention companies.
Speaker 1 (46:53):
I don't want to get sued today.
Speaker 2 (46:54):
Yeah, and it's not the right way to do it.
We are respectful and we thinkeveryone is trying to do a good
job, but sometimes loosesecurity controls get you in
trouble.
Trying to do a good job, butsometimes loose security
controls get you in trouble.
And in the letter he mentionedthat they're enabling cyber
criminals to launch attacks fromthese platforms.
So think about it.
If you are a company that,let's say, somewhere in the
(47:18):
Baltics, in, let's say, poland,and say that company is a rogue
company, and say that company isa rogue company, a web hosting
company offering email services,blah, blah, blah, et cetera
they're offering it at no cost.
Most people are going to usethat solution and now they are
reading your email, they knoweverything about that particular
(47:42):
company or individual, and thenthey will launch the attack,
they will block it.
And then what are you going todo?
Well, okay, they closed it toanyone who had information over
there.
You may have copied itsomewhere else, but the actual
service can be blocked.
So the trick here is you haveto check who you are providing
(48:03):
your information to, whether youare enterprise level or an
individual level.
Now let me just share with yousome data and this is important
data In 2004,.
Pii data just normal data thatwere hijacked.
They were stolen.
National public data 1.3billion individuals lost their
(48:29):
information.
Tnt 110 million individualsthis is not, I'm not zooming on
them, I'm just giving you this.
By the way, these metrics andstats are online.
United Health 100 millionpeople are losing information
due to a breach and,unfortunately, the breaches are
(48:51):
severe, very serious.
Pii data is everywhere andthat's what you need to do as an
individual.
You need to protect it at yourhouse.
Do not just use a router, don'tjust log in to your router
provided by your ISP.
Put some more mechanism localfirewalls on the machines, use a
(49:11):
decent proxy services, parentalcontrols over where the kids go
.
Social media cannot be just.
I will provide any data justbecause I have nothing to hide.
No, no, this is part of theteachings that we have to employ
with our children.
Scams are everywhere.
I heard of a scam that's reallyfrightening, by which they have
(49:36):
called the parents.
First of all, they went afterthe child and they kidnapped the
child not full-fledgedkidnapping that she held them
hostage for a while and tooktheir phone and this is a true.
I heard it in a conferenceearlier this year Took the phone
, that mobile device of thatchild and called his parents and
(49:59):
told them if you don't pay thatransom, we're going to hurt the
child.
Now you'll say wait a minute.
How could this happen in theUnited States?
Well, it did happen, but it'snot the true.
We're going to hold them forseveral weeks.
No, it's just a quick scam.
A quick scam and the parentshad to provide because they went
(50:25):
in social media.
They frightened the parents.
The parents couldn't doanything.
There are other scams, by which,in fact, I heard on a podcast
two days ago, one of the cryptoowners was kidnapped so that he
will divulge his password forhis Bitcoin account.
I mean, things are getting outof whack because people are
(50:49):
providing so much informationabout themselves.
Well, who told these peoplethat he or she has that
individual?
It was a he.
He has a great big account andI think it's in Bitcoin.
Who told him he did?
He was talking about it.
Don't talk about it on socialmedia.
Keep your information asprivate as possible.
Share what you need to sharewith control.
Speaker 1 (51:13):
Yeah, yeah, absolutely.
Well, you know we're at the topof our time here, unfortunately
, but it's been a fascinatingconversation.
I'd love to have you back onsometime.
I'd love conversation.
I'd love to have you back onsometime.
Speaker 2 (51:25):
I'd love to.
I'd love to Joe Anytime, please.
I'd love to talk about this.
As you know, I have a majorpassion.
This is what I do for a livingand I enjoy it.
Attack service management issomething that, in fact, if you
look at my LinkedIn profile,you'll see it's my passion, it
really is, and AI now is goingto take this whole game not only
(51:49):
to another level.
To keep up with it, you got toget dedication, it's true
dedication.
This is not about reading onearticle or two.
Either you're in it or you'regoing to be out of this game,
because these cyber criminalsare really, really focused on
the soft targets of enterprisesas well as individuals.
Speaker 1 (52:10):
Yeah, yeah, absolutely.
Well, you know before I let yougo, how about you tell my
audience you know where theycould find you if they want to
reach out and connect and wherethey could find your company?
Speaker 2 (52:21):
Yeah, sure, my name is Ihab Shraim, i-h-a-b dot
Shraim at CSCglobalcom.
Drop me an email.
I'll be more than happy to helpyour corporation or enterprise.
We also do pro bono work forcertain agencies and we help our
(52:41):
government.
We provide research andinvestigations.
We're very strong in the senseof managing corporate domain
name portfolios globally we'rethe largest, by the way.
We grew it over time and wehave built that cybersecurity
solution to protect the domainname portfolios of enterprises
and we have one of the strongestactionable global intelligent
(53:05):
enforcement in the world.
And this is all proprietarysolutions that we have devised
ourselves, patentable solutions,and we possess a lot of patents
.
This team has been working onthis problem, which is outside
the firewall, since 2003.
We don't let go.
We all like it, we love it.
This is what we enjoy to do ona daily basis, and you can find
(53:28):
me on LinkedIn at Ehab Shraim.
Drop me a note, we can connectand I will be more than glad to
help out.
Speaker 1 (53:37):
Awesome.
Well, thanks everyone.
I hope you enjoyed this episode.
Speaker 2 (53:42):
Thank you very much.
How's it going, ihab?
It's great to finally get youon the podcast.
You know, I think I may havehad to reschedule a couple times
there.
I'm blaming everything on mynewborn at home, so I don't know
if it's a viable excuse, butthat's what it is, it's a
legitimate excuse for sure.
Speaker 2 (00:18):
Congratulations on your newborn and hopefully he'll
be a scholar in the future andhopefully he'll be in our field
in the cybersecurity world.
Speaker 1 (00:29):
Yeah, I feel like my firstborn.
She's only two, but every timeI'm on the computer you know
she's like very interested in it.
She wants to, you know, hit thekeyboard and see what it does.
You know, because like nowshe's putting together.
If I hit this, somethinghappens on the screen.
You know like she's figuringthat out and so it's.
(00:50):
It'll be really fascinating tosee like you know where they go
in life, right and and what theydo.
Yeah, I, I don't really care,and it's the same thing for my
wife Like no-transcript.
Speaker 2 (01:28):
I totally agree with you.
My daughter luckily, lastSaturday she got married and
she's in law school.
She's got one year to go and Ilook at you know her progression
in life, how she looked atcomputers and what did she like.
She loved debate.
She liked to debate things and,to be honest with you, she will
(01:50):
be one of those unique lawyersin the future who is extremely
versed in technology.
So the impact or the effect ofparents over children is huge,
specifically not just from a DNAperspective and teaching them
the right principles in life,but also your work affects them
(02:10):
in one way or the other.
They may not pursue what you,let's say, have pursued in life.
However, they will have a spinor an addition by which they are
going to utilize that expertisethat you passed on to them.
In my daughter's case, she'snot going to be like your normal
(02:31):
average good boy.
You know most lawyers today.
They know computers, but mydaughter knows depth in how the
Internet works and how is itinterconnected and what's behind
.
You know scams and attacks andthings that I'm involved in that
I described, you know, to herand the family over dinner.
Speaker 1 (02:53):
Yeah, I think that's really important Setting a good,
you know role, maybe not evennecessarily like setting that
good role model I guess you'redoing it, you know, regardless
but setting the standard rightand and the expectations.
And I want to like clarify whatI mean by that right.
(03:13):
Like I like, uh, going into itright, I don't have the
expectation that my kid's goingto be a doctor or a lawyer or
anything like that, but I'mworking on my PhD right now and
I have two little kids, two kidsunder two, right, and so that's
like three full-time jobs rightthere, you know, all on its own
older.
(03:45):
You know, I kind of want toeliminate those excuses for them
to be like I don't want to goget my master's, I don't want to
get my bachelor's, I don't wantto get my PhD, because I want
to show them like, hey, you know, yeah, it's difficult but it's
achievable, you can do this.
You know, if this is somethingthat you're passionate about,
that you want to do, you can doit right.
It's kind of like eliminating.
I view it as eliminating thoseexcuses before they even like
(04:05):
crop up, right, because it'slike well, if dad did it, you
know, I can do it too If mom gottwo masters, I can at least get
one.
Speaker 2 (04:14):
Right, right, no, setting an example is amazing.
What is that PhD in, joe?
If I may ask, yeah, yeah.
Speaker 1 (04:20):
So it's utilizing the Zero Trust Framework on
communication satelliteinfrastructure to prepare it for
post-quantum encryption.
Speaker 2 (04:28):
Wow.
Speaker 1 (04:29):
Wow, yeah, so there's three major components there,
right, zero, Trust, satellitesecurity and quantum.
I've never touched on before,I've never looked at, or
anything like that.
And I really wanted to use, youknow, this, this PhD, to kind
of prepare myself for the future, right, like that's where
(04:51):
security is going, that's wherewarfare is going, even.
And then I wanted to challengemyself, because I feel like if
I'm not challenging myself, I'mnot growing.
I get very frustrated.
So if I was going to do my PhD,you know, in like cloud
security or something I mean,that would be easy, right, that
would be a cakewalk for me.
I don't want to, you know,knock anyone getting their PhD
(05:13):
in cloud security.
Speaker 2 (05:23):
But you know, at the same time it's like, hey, if I'm
going to do this degree, I'mgoing to get as much value out
of it as I possibly can.
By the way, you are combiningprobably three of the most
exciting areas of heavydevelopment, specifically on
satellite and quantum computing.
I mean, this is not only thefuture.
This is where the attacks aregoing to be so blended in the
future, by which they're notgoing to be just what we see
(05:46):
today.
The blended attack, threatvectors, the combined ones, they
are going to be massive.
If you remember what took placea few weeks ago in Spain, it's
$1.6 billion loss in just in afew hours and people panicked in
Spain, just because, you know,the internet was not available.
(06:07):
Well, satellite communicationwas not available, telephone
communication was not available.
Everybody went south, theydidn't know what to do.
And if you look at it, say 35years ago, I remember the phone
that we had in the kitchen withthat long wire Right by which,
yeah, if I want to talk to Joe,hey, Joe, I'll call you tonight
(06:28):
at 8.
And that's when Joe will bewaiting by the phone for me to
call him at 8 from my kitchenphone, Whereas today people
carry that mobile device andtheir livelihood is dependent on
it.
And to tie it with whathappened in Spain, this is
what's going to happen in thefuture.
Yeah, Attacks are going to bein mass attack.
Speaker 1 (06:50):
Yeah, yeah, you know I didn't look too hard into the
Spain attack.
I heard about it, but as soonas I heard about it, my initial
thought was well, that's a greatpractice run for someone.
You know someone, someadversary out there is 100%
trying to run a practice test onit.
I always go back to whenAmerica invaded Iraq.
(07:14):
The very first thing that wedid months in advance of our
invasion was we intercepted allcommunications in that country.
Every single thing.
If you picked up a phone, had aradio on you, whatever it was,
we were intercepting it.
When we decided we were going toinvade, still months beforehand
(07:35):
, the power went out, did notcome back on, the water stopped
flowing, the gas stoppedoperating, and that was all
cyber.
The NSA was doing all thatstuff Exactly.
I mean, a decade, two decades,before we even realized that was
possible, right.
And then fast forward toStuxnet, and I think it was 2011
(07:58):
timeframe, right around there,and that's when the world kind
of started to slowly wake up,right, and the NSA was doing
that.
You know, 10, 15 years prior,right, it's.
It's fascinating because, assecurity experts, we're looking
at that and we're like well, youknow, we, we test out things.
(08:21):
You know the same.
The just other nations test itout on other nations.
You know, by the time we get tothe nation state level attack,
it's I mean it's operating onits own.
You know you hit enter and it'sdoing everything on its own.
And that's actually what somefriends of mine that were cyber
warfare officers said.
(08:42):
You know, like you do so muchprep work and you do so much
practice and testing and it isverified by five, seven
different levels, that by thetime the actual attack occurs
it's all automated.
You hit enter on a keyboard,it's done.
You don't have to worry aboutit for the next 10 years.
It's going to do its thinguntil it's discovered for the
(09:05):
next 10 years.
Speaker 2 (09:05):
It's going to do its thing until it's discovered.
Yeah, in fact I remember I usedto.
One time in my past I worked atNASA and one of the interesting
things and, by the way, this ishow I got into cybersecurity I
used to set up machines Linuxmachines at that time.
I used to set up machines Linuxmachines at that time and do
(09:26):
the security posture on thesemachines, machine by machine
about 300 of them and there'sgroupings of machines associated
with missions and these aresatellite missions and of course
, the satellite has beenlaunched and we send and receive
data to the satellite and thesemachines crunch the data for
(09:47):
the various scientists to workon a specific research and of
course, they want to achievethat conclusion.
That research could be alengthy research 10, 20 years
and so forth.
And one day one of thescientists on one of the
missions came and told me I seethis user on my machine.
His name is Papari.
(10:08):
He comes in at 4 pm every dayand I don't like that.
Can you please tell him not tocome on the machine?
I'm like you know that user.
This is his personal Unixmachine.
He said no, I don't, so I go inthe machine, I delete the user
and I go away.
Machine.
I said, no, I don't, so I gointo the machine, I delete the
user and I go away.
Well, then he came back andtold me he created the account
(10:29):
again and it's immediately, likeI said, that machine is
breached.
We do some investigation on themachine.
We find that there are 60machines with the name Papadi
and none of us understood whatis happening, because security
in the early 90s wasn't like themost important thing and in
fact we want to share data andinformation.
(10:50):
And who thought about security?
Finally, we find out that thisperson has multiple accounts and
we went and deleted them and ofcourse, we set up some sniffers
et cetera on the network.
Now there's a huge number oftechnologists trying to figure
out where is Papadi coming from.
We couldn't tell the source IP,because that individual was
(11:15):
very smart.
Finally, one of us said whydon't you advise me, go to the
library and search for whatPapadi is?
At that time the internetwasn't even there in the sense
of having Yahoo and-.
Yeah, you're going to thelibrary and search for what
Papadi is, and at that time theinternet wasn't even there in
the sense of having Yahoo and-.
Speaker 1 (11:27):
Yeah, you're going to the library.
Speaker 2 (11:29):
Yeah.
So I went to the library.
I found out that Papadi is aGreek god.
He said oh, he's coming fromGreece, this is how we knew him.
And we set up some traps andluckily he was caught and all
that.
But this is how things begin.
And now look what they willbecome.
(11:49):
What they will become is whatyou just mentioned Satellite
communication, jam, all thatcommunication at any, say,
country you want to invade.
Let's say we are not invading acountry.
Let's say we just you knowstate-sponsored attacks.
What do they want to do?
Well, now they can use theseamazing AI-powered platforms to
(12:13):
generate malware, like in thecase of StocksNet.
It will make StocksNet looklike it's a child with what we
are seeing today.
I mean these platforms arealready out there.
There's ChatGPT, which is whatwe are seeing today.
I mean these platforms arealready out there.
There's ChatGPT, which is whatwe use.
There's BadGPT, there's GlowGPT, there's FraudGPT, there's
(12:34):
WarmGPT.
I mean the names are almostinfinite.
And what they are all designedbehind is to generate the top
number one vector that we allare suffering from phishing and
malware distribution.
And these platforms are sopowerful to generate.
And look how sophisticatedthese platforms are.
(12:56):
Not only they're capable togenerate malware that can be
changed in real time, and thisis key.
This is how you evade signaturedetection techniques.
Not only that, they cangenerate, you know, with
(13:18):
deepfake and voice cloning theycan generate your executive's
voice, augmented with E-Net tojust launch a phishing campaign,
phishing what we started within 2003 as a commercial product.
I used to work for a companywhere we launched our first
commercial phishing product atthat time and I'm telling you we
(13:44):
were in the dark ages if youwere to look at 2003 versus 2005
.
I mean, it's insane what we areseeing.
The threat vectors are severeand now blend these attacks
together between satelliteattacking the infrastructure of
a country, augmented withattacking the infrastructure of
(14:06):
a country, augmented withattacking the banking industry
or the financial sector.
This is serious Attacking, forexample, anything with the power
industry programmable logiccontrollers.
These programmable logiccontrollers are for specific
systems to do a specificfunction.
Think of it as an isolatedsystem to do something for that
(14:28):
power plant or that watertreatment center.
What if you pollute it?
What if you add ammonia to it?
What if?
I mean, this is gettingsophisticated to the level that
you really really must employzero trust model.
You must Zero trust if it's notemployed, you are in trouble.
(14:49):
And if you don't have the rightprograms and if you don't have
the right mechanisms to dosecurity in depth, that security
posture is so essential now tocorporations, as in private
sector and the public sector.
But that will get us intoanother topic, which is the most
(15:10):
critical topic, that I thinkit's a missing chapter in the
cybersecurity posture, which isdomain security, and that I
would like us to discuss that ifyou are interested to dive a
little bit deeper into thistopic, because I think this is a
chapter that is truthfullymissing.
While companies think that theyare covering it, they're
(15:32):
covering a portion of it, butthey are not covering the whole
spectrum of domain security.
Speaker 1 (15:41):
Yeah, we're definitely moving into uncharted
territory before you know, likewe've never had.
I feel like AI has always beenon the horizon and I'm currently
I'm like in this argument withmyself right when it's like well
, we've been told, you know, aiis next year, and then 10 years,
you know it comes right, it'salways 10 years away.
(16:03):
Years, you know it comes right,it's always 10 years away.
But now it feels like it's morepresent than ever and I'm
trying to fight with myself andconvince myself ah, it's five
years away, you know, but at therate of growth and the rate of
expansion of it, it's like man,maybe it's eight months away,
you know.
And with the attack that youwere talking about, I actually
(16:24):
experienced that at my currentemployer, and I won't mention
the name, of course, I don'tfeel like getting sued today.
That's good, but the attackerspoofed our CEO's email, spoofed
his voice, sent an email tosend $20 million somewhere.
He sent it to our CFO, the guythat would actually be approving
(16:49):
it, and then he followed upwith a phone call.
The CFO basically automaticallycalled the CFO from a number
that the CFO didn't recognize,and that's how he was alarmed by
it.
But it sounded exactly like theCEO, exactly like it, and it's
(17:09):
not hard to do that right.
We do earnings calls everymonth, every quarter whatever it
is.
You know, and so you could justtake that transcript, put it
into your AI and now you havetheir voice fully replicated,
because the CFO he was saying itsounded exactly like him, like
didn't miss a beat, how he wasresponding to everything.
(17:31):
That's how I expected him torespond.
The only thing that caught himoff was the wrong phone number.
And there was another level ofverification that they had to go
through that we have like aninternal policy around that the
attacker didn't know and so theyweren't able to do that, that
final like verification.
But I mean he, he literallysaid he's like if they give me
(17:53):
that final piece of verification, I mean it's, there's no
questions about it.
It's like the money is goingthis is you right Like we don't
have to do it in person, youknow, and so like it's just
crazy because, like a month ago,you know, I was reading about
those kinds of attacks and now,literally a couple of weeks ago,
you know, this happened in myenvironment.
(18:15):
I'm just sitting here like man.
We're going at such a rate thatit's going to be almost
impossible to keep up.
Speaker 2 (18:26):
Joe, you've hit the nail on the head.
Ai now accelerated the growthof anything, whether positively
or negatively, to a rate ofweeks, months at best, versus
what we used to deal with, whichwere years.
Not anymore Is what we areseeing today.
(18:49):
The acceleration factor isunprecedented.
No one is keeping up and thisis why it is crucial of what
corporations should look at now.
It's not the truth.
Is everybody's going to getbreached in one way or the other
.
What is the level of the breachis the key.
(19:10):
You could lose a system here.
You could lose, you know, say,unsecured whatever in your cloud
environment.
However, you cannot lose assets, online presence you cannot
lose that.
You cannot lose your reputation.
This is extremely not important.
(19:32):
It is the key factor of how weshould exist.
Reputation now is important.
Look at the level of breaches.
People are losing data.
So let's look at the growth ofAI now.
With these platforms that are inthe dark web, by the way,
(19:54):
highly accessible for $200 toalmost $1,700, $1,800, you can
have the world at your hand,between your fingertips.
You can generate malware brandnew malware.
It's brand new.
It's yours.
You can launch the malware viacampaign.
You can rent your command andcontrol, as well as your
(20:16):
distribution site and thecollection points.
You can own it all.
You can own a botnet for 10,000machines, 20,000 machines,
30,000, whatever number you want.
It's how much we would pay.
Organized crime can pay.
And 10 grand, 20 grand is not aokay, they'll pay it, but
because they steal it fromsomewhere else.
So that level of sophisticationis out there.
(20:41):
So the good guys, the white hats, are really struggling now to
keep up with what's going on,and we're all are saying the
same thing.
So what is the answer then?
The answer is you have to thinkin terms of zero trust.
If you are a corporation or anenterprise, you must have a
layered approach to security.
(21:01):
You must have partners.
You must.
It's non-negotiable.
You can't run just a datacenter anymore, thinking the
world is great.
No, you have to have to run thedata center and your cloud with
trusted partners, and thosetrusted partners must be
auditable.
And to keep up with AI, you'vegot to have an AI team.
(21:24):
You've got to have it.
You've got to have people whounderstand AI, not to just read
about it.
Implement, and corporationsmust invest now.
This is, with all due respect.
Whoever doesn't do it, they'redoing two things to their
organization.
Number one they will lose thegame Definitely in their field.
So let's say their field ismanufacturing something.
(21:47):
Somebody is going to come withan automated method via AI and
will take that business, thatmanual business, out of their
hands.
That's it.
They lost their bread andbutter.
But the other one is they'regoing to lose it for the bad
actors, the cyber criminals.
These guys are so crafty, that'sall they do all day long.
They're organized.
They don't come as one person,like in the old days.
(22:09):
20 years ago, we used to havethis kid who's sitting in the
basement trying to hack intothings and he or she have a
piece of droppings on theirshirt.
No, this is not who we aredealing with.
We're dealing with people whoknow how to do reconnaissance
scanning.
They look at your social mediafor your corporation.
They understand your jobpostings.
(22:29):
They know your executives.
In that example you mentioned,they cloned the CEO's voice.
That means they have used AIcloning.
They probably have already.
Not only the spoofing part isan old scam which is spoofing
the headers of an email, but ittells you that probably the
(22:49):
campaign or the kit that wassold to them was not
comprehensive and that's whythey fumbled by calling the
wrong number because they had anold number.
It's just amazing.
To be honest with you, you guyslucked out on this one.
But imagine if they have theright number Social engineering
is so crucial If the companydoesn't train their employees on
social engineering and if theydon't have a security program.
(23:12):
What is a security program?
Penetration, testing throughthird party trusted partners as
well as you.
You, the owner of thatcorporation, must execute, must
have security teams that do that.
You should have vulnerabilityassessment program.
You must have a CISO to attendto your security policy and
(23:35):
adherence training, training.
Oh my God, if corporations takethis lightly, they're in
trouble.
Think in terms of your onlinepresence.
Let's say a corporation, xyzcom, exists online.
If you think in terms ofsomebody hijacking that domain
name, what would thatcorporation do?
You know, I go to securityconferences and we are a vendor
(24:00):
and I go to the vendor floor andI ask a simple question.
We are a vendor and I go to thevendor floor and I ask a simple
question All these securitycompanies, security companies
well-funded by the VC world inSilicon Valley, well-funded.
I ask them two questions who'syour registrar and who's your
DNS provider?
Here's after a year ofinvestigation and doing that
(24:24):
survey.
Here's the finding More than93% of the folks who are on the
floor within that securitycompany don't have a clue, not
even don't have a clue.
They will tell you I reallydon't know.
That's a good question.
Shouldn't be a good question.
You should tell me I know theperson who knows the answer.
(24:46):
You don't have to know theanswer, but I know the person
who will give you the answer.
You must know your registrar,your domain name, which you do.
Your online presence you doyour online.
If you are a financialinstitution, that's online
banking.
If you are a manufacturingcompany, it's your website with
a user ID and password to loginto that portal.
(25:08):
It's your reputation.
People don't know who theyregister and then, when you find
out who the registrar behindthem oh my God, it could be some
retail registrar that no onehad heard of just because they
have some cheap services andthey don't know.
And you look at the company, youwill see the marketing
department.
They're buying their own domainnames.
(25:29):
That legal team is buying theirown domain.
The IT team.
This is called shadow IT.
Shadow IT comes when you haveno security policy that controls
who gathers all these domainnames and how these domain names
are being managed and how theyare being renewed.
It's not about renewing andmanaging.
(25:50):
It's your reputation, and thesame applies for your DNS.
Who's managing that DNS?
Do you have a businesscontinuity plan as part of your
security posture or yoursecurity program?
Okay, okay, let's say the DNSservices have been taken out by
a DDoS attack.
What do you do?
(26:11):
What's next for you?
And then someone will say yeah,don't worry about it, we can
scrub the traffic through ourpartner.
Yeah, really Okay.
Most of the time when you areunder DDoS attack, start
thinking that you have blendedattack, that they are doing
something else to yourorganization While your team is
busy doing DDoS mitigation.
(26:32):
Something else is happening and, by the way, when you do a DDoS
mitigation, you lose some ofyour real traffic.
Most corporations are going togo through this DDoS attack.
Speaker 1 (27:05):
Recon, being, if you are well known, on the block, so
to speak and it's funny becauseI'm in a young neighborhood,
there's a lot of families withkids all around me and
everything.
There's a group of kids thatwill ring your doorbell, run
away, light some fireworks offin front of your house in the
(27:26):
street, you know, just beingkids, you know, and I got tired
of it and I like tech enough, soI bought a couple cameras, just
put them around my house, notto like identify them, right,
like who cares about that, butso that they would just see that
there's a camera there.
Like hey, you probablyshouldn't.
You know mess with my house,right?
(27:47):
And sure enough, you know allof it stopped immediately, like
as soon as they realized.
You know that those were up,even though I don't really care,
you know it all stopped andit's beneficial, right, because
I have two little kids at home,so it's like I'd prefer them not
to wake up my two-month-old,you know, after I just tried to
put her to sleep, there's noneed for her to wake up with
(28:09):
fireworks.
But you bring up a really validpoint, a valid area that I feel
like hasn't even been touchedon or harped on like it used to,
when I was first getting intosecurity, the whole rave was
Cloudflare and DDoS protectionand WAF protection and I really
(28:34):
haven't like heard very muchabout it, that domain of
security at all at that domainof security at all.
You know, and I've been atseveral, you know, multi-billion
dollar companies, very largecompanies, very small companies,
and it seems like it's justlike forgotten almost.
Speaker 2 (28:53):
Exactly, actually, what we classify it.
It's the missing chapter.
So, like I told you earlier, Istarted in cybersecurity in the
early 90s, in the dot-com boom.
I joined one of the best,probably, companies at that time
in Maryland.
It's called DigX Web Hosting.
We were the it, the itEverybody hosted with us.
(29:16):
And I cannot tell you how manyattacks have we received 99,000.
We hauled 40% of the internettraffic through DGX.
We ran major pipes 48, by theway.
It's a joke now, but thenthat's what we did.
But the attacks were relentlessDDoS attacks.
(29:38):
We had DNS poison, dns emailspoofing, session hijacking, all
types of attacks.
And that's in the early I'msorry, late 90s, early 2000s,
fast forward to today.
These attacks are still beingused, but the way they are being
deployed in differenttechniques and tactics.
(30:00):
So if you look at the threatvectors, they're all, by the way
, in general are part of theweakness of the TCP IP protocol.
And this is our problem TCP IPversion 4.
Yes, they say you can go to 6.
Yeah, but we depleted all theIP pool for TCP IP version 4.
And that's where all the flawsare in, because we're still
(30:23):
running as an internet, we'restill running old code, we're
still running, by the way, unixmachines on Solaris.
We're still running that.
You will find the DNS serversomewhere.
But when it comes to domainsecurity, domain security is
built on registrars andregistrars speak with registries
.
A registry.
(30:43):
Think of it.
Security is built on registrarsand registrars speak with
registries.
A registry.
Think of it like the owner ofthe map of how we deploy things
on the internet from a namingconvention point of view,
meaning domain name convention.
So Verisign,verisigntodaymanagecomnet.
There are 13 root servers, only13.
(31:04):
And they're allocated tocertain entities to operate them
.
But under these registries,there are accredited registrars.
They're accredited by ICANN,and here's where it begins.
You will have corporateregistrars that are secured and
retail registrars that are notvery secured, and you have the
(31:27):
mom and pop shop in some countryout there.
So think about it in terms ofhow things happen.
There's a global company andyou have call it dot and then
country name.
I'll give you an example Dot UKis a country, dot US is a
country.
That's called ccTLD, country,called top-level domain, and
(31:50):
then you have gTLD, globaltop-level domain, which is
something like a com net.
Now, if somebody wants to attacka company, you go through the
soft targets.
You mentioned it.
You don't want to be the easypart, right?
You want to be the soft target?
No, but that's what they do.
They go through the softtargets, the exposed soft target
(32:11):
.
Why should you go and attack anorganization or an enterprise
that spend hundreds of millionsof dollars on their firewalls
EDRs, xdrs, ips, name it?
They haven't and, by the way,nothing is integrated, but they
have.
But then the perimeter seemslike well defended.
Why would you want to breachthat perimeter when you can
(32:33):
attack their domain names andall you got to do is do some
social engineering attack and nohacking techniques are needed?
Or, which is even best?
I look at the company.
Yeah, they have a presence inVietnam.
Beautiful, go hack into thatregistry.
A registrar over there, that'sit.
And, by the way, it's not goingto be well defended 99 out of
100,.
It's not going to be welldefended unless you're working
(32:55):
with a registrar who creates thedefense mechanism for those
domain names that they'remanaging, mechanism for those
domain names that they'remanaging, such as the company I
work for.
In such case, that domain nameportfolio has a moat around it,
virtual moat, and that virtualmoat is the protection mechanism
.
Then you layer the solution bywhich you protect DNS, and now
(33:23):
you have protected the mostcritical entities for your
online presence.
And then you augmented withsolutions to tackle the top
threat vectors.
You want to see how many domainnames got registered on a daily
basis that are associated withthat brand, how many were
re-registered, how many weredropped, how many are classified
, as we call them, dormantdomain names.
A dormant domain name is wherebad actors buy them and they buy
(33:46):
masses of them.
By the way, organized crimedoesn't buy one domain name.
They buy thousands Everywhere,with multiple extensions.
So they buy them and sit onthem and then they activate them
, meaning weaponize them as partof a campaign, and then they
deploy, and they deploy in mass,they deploy en masse While
people are asleep or whilepeople are busy at work
(34:07):
launching something.
They will take that opportunityand attack that corporation.
So let's say we're launching aproduct and they're hearing yeah
, in September we're going tolaunch a product, but we didn't
disclose yet the full date.
Say, ok, we're going to attackthem in September, we'll attack
that enterprise in September andthis is what we're going to do.
We're going to do a blendedattack and we're going to go
(34:29):
after the exposed surfaces.
Exposed surfaces are the ones.
I described your domain name,your DNS, your email gateway,
anything that you can query onthe internet.
And, by the way, you don't haveto be a genius.
You go to any online serviceand you will query any company.
You will see.
You don't have to go far.
Go to their job postings.
(34:52):
You would know what kind ofinfrastructure they have
internally.
The information job postingwill describe what most
companies offer inside.
You know, within theirenterprise.
They'll say you know, I wantyou to know, for example, xyz
software release and so forth.
That's it.
They've already known what'sinside.
Then they can query your.
You know your WAF or yourfirewall.
(35:14):
They can figure out in some wayor fashion that security
posture and then they willattack the soft targets.
And this is the missing link.
This is the problem and Ireally we have been sounding the
alarm in the industry on thistopic and it's sad when you see
that people don't have athorough understanding of that
(35:37):
particular problem and when theyhave it.
With all the respect, imagineyou could be a multi-billion
dollar company fighting.
What is the domain name?
It costs about 25, 30 bucks.
They're fighting theorganization for how are you
going to protect 25.
Man, this is your reputation.
You should have brandprotections partner, you should
have a fraud protection partner.
(35:59):
And here's the best part youjust don't want to say where the
problem is.
You want to manage the problem.
In other words, most platforms,cybersecurity platforms.
They rely on detecting theproblem, analyzing the problem
or detecting the problem andproviding you a platform to do
threat hunting Fabulous, okay,then what do I do next?
(36:21):
Or you can block it if you buymy appliances.
What if I didn't buy yourappliances, all of them?
Well, you're in trouble.
So in our company, we are quiteinnovative, because this is the
space I have been working insince the 90s.
So we came up with what'scalled actionable global
(36:41):
intelligent takedown service,which means not whack-a-mole
like in 20 years ago.
No, intelligent.
Look at the botnet, youdismantle it, you neutralize the
threat.
This is actionable in real time.
If you have a 30,000, 40,000that are distributed around the
world, what are you going to do?
We're going to go whack-a-mole?
(37:01):
No, you can't do that.
You don't have enough manpower.
So you have to neutralize thethreat.
Well, how do you neutralize thethreat?
You got to have the rightpartners who are versed in that
space, like that corporation isversed in the space.
They are making their revenuefrom.
There are cybersecuritycompanies such as ours are
(37:22):
versed in that space that are socapable to protect that domain
name portfolio and give you acybersecurity solution to
protect the domain name, andthen you take care of what's
called inside the firewallcybersecurity posture.
That gives you a completepicture for a comprehensive
cybersecurity posture.
(37:43):
Otherwise it's incomplete.
A complete picture for acomprehensive cybersecurity
patch.
Speaker 1 (37:45):
Otherwise it's incomplete.
Yeah, you bring up a very validpoint, right.
Like you have to protect yourbrand like no matter what you
know and I think of when we'retalking about like brand.
You know reputation, right?
I think of LastPass, yes, andyou know the community that they
kind of catered to.
(38:05):
They catered to the averageuser, but then they heavily
catered to the securitycommunity as being the best
password manager out there.
It gives you all of theadvanced features that you're
probably working with at workand they ended up getting
breached.
And they ended up gettingbreached and it took them three
(38:28):
months to own up to what wasactually breached and how it
happened, maybe even longer thanthree months.
Speaker 2 (38:32):
Or being sold Right.
Speaker 1 (38:33):
You know, and, like I was sitting here like are you
kidding me?
Like you don't know whathappened.
Is that really your argument?
Right now, because I literallywork in the industry that you
market to, I know for certain,without a doubt, that you would
know exactly what happenedwithin seven days.
Like you can't, you can't tellme that you don't Right, and it
(38:56):
was really just based on howthey handled that that I ended
up just switching passwordmanagers because, like there's
no way I'm paying you for aservice that you can't figure
out how to secure, right, andyou're over there, you know,
owning up and saying like, ohyeah, we, it's not that bad.
And then it turns into they gotthe, they got the vault, but
they don't have the key.
All they, they actually got thevault, but you know it's
(39:18):
encrypted this other way.
You know what?
Never mind, they already gotthat.
Like it's all this back andforth and I'm just sitting here
like, man, guys, you handledthis.
This is a masterclass on how tonot handle a brand related
issue that we sold.
Speaker 2 (39:45):
He called me and told me he invested in LastPass and
he wanted me to help him duringthat breach.
So I spoke with their CTO atthat time and it was within a
week of a breach and they werefrightened and they wanted me to
help out due to the fact thatI'm, you know, I built all these
solutions to combat fraud onthe internet and brand
protection that's my specialty.
So he told me that they lostthe encryption keys and brand
protection that's my specialty.
So he told me that they lostthe encryption keys.
(40:09):
I said, okay, I'll look.
So I did.
And I said my friend, you arein trouble, he goes.
Can we clean up the undergroundworld?
I said there is no entity onthis earth that can clean up the
underground world.
You got to understand yourinsecurity.
(40:30):
How do you say a statement likethat?
Nothing against that person,but seriously, they think you
hire a vendor, you go clean up.
This is not how it works.
That said, the kitty is out ofthe bag, it's done.
I told them what you need to donow is to work on mitigating.
This is not how it works.
That said, the kitty is out ofthe bag, it's done.
I told them.
(40:52):
What you need to do now is towork on mitigating your
reputation.
So reputation, what is onlinereputation?
Online reputation is the mostessential thing On a personal
level.
It's your entity, your name,your family name, your credit
line history.
It's your entity, your name,your family name, your credit
line history.
It's your standing in societyand so forth.
It's a multitude of say,disciplines, right, but from an
(41:17):
online perspective, yourpersonal identity is important.
You don't want to lose thatyour PII data, your personal
information, identity data.
You don't want to just give itaway.
People say I have nothing tohide in social media.
Okay, great, all your pictures,all your information is being
fingerprinted, digitized andarchived in massive databases
(41:41):
now.
But the trick is not.
The trick is not justprotecting an individual
reputation.
What about the corporatereputation?
So there are three factors.
There's brand abuse, where youcan badmouth the corporation.
There's counterfeit, if thecorporation produces a product
that can be copycatted ormimicked so that it will be sold
(42:06):
in the legal market on theseonline stores today and auction
sites.
And there's the third one,which is unauthorized resellers,
meaning I am selling alegitimate product but I'm not
an authorized reseller.
There are three and most peopledon't know the depths of what
is reputation or brandprotection of an enterprise.
(42:28):
This is what we do.
We invented this methodology.
We invented these threedisciplines or three areas by
which we go not only detect itbut enforce on it, meaning
delist it, remove it, clean itup.
But there is no such thing thatI have an eraser and I'm going
to go erase it from the Internet.
It's impossible.
(42:49):
You're going to erase it fromthe common gathering areas,
e-commerce areas, social mediachannel.
So there are channels.
You clean it up in social media, e-commerce, you clean it up in
your search engines and soforth.
There are these well-knownareas Underground.
Forget about it.
You can't, because it's notowned by the individual.
(43:12):
Also, you can go to a website,I'm sorry, to a site by which
it's underground, by which youcan say, you know, shut it down
and say, okay, I'm not going toshow.
What are you going to do?
Sometimes I'm going to give youthe most interesting there's
something called bulletproof webhosting or bulletproof
registrar, et cetera.
That concept is a veryimportant concept in
(43:35):
cybersecurity Because then, forexample, in Russia, the
registrar is the cyber criminalsis the web hosting, is the one
who's launching the attack.
So what are you going to do?
Call them and they will pick upthe phone.
Yes, they have an answeringservice, they are a full-fledged
company.
Yeah, but they will not doanything about it.
So what do you do in that case?
(43:55):
How do you mitigate that?
Okay, there's a phishing attackagainst that corporation,
jeopardizing the reputation ofthe company or mimicking, say, a
website with some indecentimages on that website, claiming
that this is your websitebecause they can create a
lookalike domain name.
And they did that.
So what do you do?
And that domain name is insearch engines and in site
(44:18):
engine optimization,distributing across the world.
And they go distribute itthrough social media and they
have these engines to do that.
So what do you do?
You have to devise a technique.
We devised a technique calleddomain casting, by which we
block it from the internet.
But the blocking is not justbrowsers, by the way.
We came up with that solutionin Spannable Solution in 2003.
(44:40):
But it's not through browsersonly.
You have to use othermechanisms.
You've got to modify thesolution.
In other words, when you aresolving a problem today as a
white hat or a vendor, you'llhave to solve the problem, by
which it can scale over time andchange and get modified.
(45:03):
Today, everybody's speaking interms of AI and they're lodging
all these out there.
You must then have an AIsolution that detects these
threats and able to detect,analyze and mitigate.
You must do all four steps.
If you don't, you're in introuble.
(45:25):
If you notice what companies,most platforms they have detect,
analyze, and that's it themitigation part.
They say, as I said earlier, ifyou don't buy my products, I
can't block it.
No, the mitigation has to becomprehensive and it has to be
agnostic to vendors or solutionproviders, otherwise it won't
(45:46):
work.
Speaker 1 (45:47):
Yeah, that is really interesting, you know, like how
this still isn't really eventhought about.
And like to your point rightwhere the CTO was saying, well,
can't we just erase it?
Yeah, I mean, it's like, youknow, these criminal
organizations, they also have anintegrity that they have to
(46:12):
abide by.
You know, imagine if one ofthese criminal organizations
went and broke their integrityand decided to, you know, erase
your data on their forum, ontheir site, you know, to keep it
from other criminals.
I mean, it's like, yeah, whatthey did was wrong, but they're
not going to breach their ownintegrity.
Speaker 2 (46:33):
Yes, if you notice what is happening, mark Warner,
the head of the investigationcommittee for cybercrime, had
sent letters to severalregistrars, big names, and you
can see.
By the way, you can search itonline.
I'm not going to mention thosenames because it's improper to
mention companies.
Speaker 1 (46:53):
I don't want to get sued today.
Speaker 2 (46:54):
Yeah, and it's not the right way to do it.
We are respectful and we thinkeveryone is trying to do a good
job, but sometimes loosesecurity controls get you in
trouble.
Trying to do a good job, butsometimes loose security
controls get you in trouble.
And in the letter he mentionedthat they're enabling cyber
criminals to launch attacks fromthese platforms.
So think about it.
If you are a company that,let's say, somewhere in the
(47:18):
Baltics, in, let's say, poland,and say that company is a rogue
company, and say that company isa rogue company, a web hosting
company offering email services,blah, blah, blah, et cetera
they're offering it at no cost.
Most people are going to usethat solution and now they are
reading your email, they knoweverything about that particular
(47:42):
company or individual, and thenthey will launch the attack,
they will block it.
And then what are you going todo?
Well, okay, they closed it toanyone who had information over
there.
You may have copied itsomewhere else, but the actual
service can be blocked.
So the trick here is you haveto check who you are providing
(48:03):
your information to, whether youare enterprise level or an
individual level.
Now let me just share with yousome data and this is important
data In 2004,.
Pii data just normal data thatwere hijacked.
They were stolen.
National public data 1.3billion individuals lost their
(48:29):
information.
Tnt 110 million individualsthis is not, I'm not zooming on
them, I'm just giving you this.
By the way, these metrics andstats are online.
United Health 100 millionpeople are losing information
due to a breach and,unfortunately, the breaches are
(48:51):
severe, very serious.
Pii data is everywhere andthat's what you need to do as an
individual.
You need to protect it at yourhouse.
Do not just use a router, don'tjust log in to your router
provided by your ISP.
Put some more mechanism localfirewalls on the machines, use a
(49:11):
decent proxy services, parentalcontrols over where the kids go
.
Social media cannot be just.
I will provide any data justbecause I have nothing to hide.
No, no, this is part of theteachings that we have to employ
with our children.
Scams are everywhere.
I heard of a scam that's reallyfrightening, by which they have
(49:36):
called the parents.
First of all, they went afterthe child and they kidnapped the
child not full-fledgedkidnapping that she held them
hostage for a while and tooktheir phone and this is a true.
I heard it in a conferenceearlier this year Took the phone
, that mobile device of thatchild and called his parents and
(49:59):
told them if you don't pay thatransom, we're going to hurt the
child.
Now you'll say wait a minute.
How could this happen in theUnited States?
Well, it did happen, but it'snot the true.
We're going to hold them forseveral weeks.
No, it's just a quick scam.
A quick scam and the parentshad to provide because they went
(50:25):
in social media.
They frightened the parents.
The parents couldn't doanything.
There are other scams, by which,in fact, I heard on a podcast
two days ago, one of the cryptoowners was kidnapped so that he
will divulge his password forhis Bitcoin account.
I mean, things are getting outof whack because people are
(50:49):
providing so much informationabout themselves.
Well, who told these peoplethat he or she has that
individual?
It was a he.
He has a great big account andI think it's in Bitcoin.
Who told him he did?
He was talking about it.
Don't talk about it on socialmedia.
Keep your information asprivate as possible.
Share what you need to sharewith control.
Speaker 1 (51:13):
Yeah, yeah, absolutely.
Well, you know we're at the topof our time here, unfortunately
, but it's been a fascinatingconversation.
I'd love to have you back onsometime.
I'd love conversation.
I'd love to have you back onsometime.
Speaker 2 (51:25):
I'd love to.
I'd love to Joe Anytime, please.
I'd love to talk about this.
As you know, I have a majorpassion.
This is what I do for a livingand I enjoy it.
Attack service management issomething that, in fact, if you
look at my LinkedIn profile,you'll see it's my passion, it
really is, and AI now is goingto take this whole game not only
(51:49):
to another level.
To keep up with it, you got toget dedication, it's true
dedication.
This is not about reading onearticle or two.
Either you're in it or you'regoing to be out of this game,
because these cyber criminalsare really, really focused on
the soft targets of enterprisesas well as individuals.
Speaker 1 (52:10):
Yeah, yeah, absolutely.
Well, you know before I let yougo, how about you tell my
audience you know where theycould find you if they want to
reach out and connect and wherethey could find your company?
Speaker 2 (52:21):
Yeah, sure, my name is Ihab Shraim, i-h-a-b dot
Shraim at CSCglobalcom.
Drop me an email.
I'll be more than happy to helpyour corporation or enterprise.
We also do pro bono work forcertain agencies and we help our
(52:41):
government.
We provide research andinvestigations.
We're very strong in the senseof managing corporate domain
name portfolios globally we'rethe largest, by the way.
We grew it over time and wehave built that cybersecurity
solution to protect the domainname portfolios of enterprises
and we have one of the strongestactionable global intelligent
(53:05):
enforcement in the world.
And this is all proprietarysolutions that we have devised
ourselves, patentable solutions,and we possess a lot of patents
.
This team has been working onthis problem, which is outside
the firewall, since 2003.
We don't let go.
We all like it, we love it.
This is what we enjoy to do ona daily basis, and you can find
(53:28):
me on LinkedIn at Ehab Shraim.
Drop me a note, we can connectand I will be more than glad to
help out.
Speaker 1 (53:37):
Awesome.
Well, thanks everyone.
I hope you enjoyed this episode.
Speaker 2 (53:42):
Thank you very much.
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.