Microsoft Office 365 Gets Hacked, Sweden Government Payroll Shut Down By Ransomeware

it's Mike Brennan and we're back again on mitech TV and we're going to be doing going to one of our cyber security gurus U this one happens to be Richard steon from it Harvest who we've had on the show many times Richard and I and and Matt we all go way back to the early days of the internet in the 1990s it's hard to believe that's been 30 years but um while the internet holds lots of promise and you can do lots of fun things it also poses a lot of cyber security risk and and Richard's going to be talking about that uh so I guess Microsoft is one of those targets that you're going to be talking about that got hacked or what what exactly happened yeah classic hack and I think that the lessons we're already ding from it is hey even the best of the best which you got to admit Microsoft's really good at securing their own environments um can't get hacked because they do stupid things and sure enough in this case it was a stupid thing um so Microsoft of course does a lot of public reporting on threat groups uh ADV danc persistent threats they call them uh which means nation state hacking groups and so they're in the crosshairs of those hacking groups they want to know what they know about them and how can they you know get around Microsoft protection and stuff like that so it it appears that the uh either the s RV or the gru within the uh Russia has targeted key Executives at Microsoft and they did it by first compromising a uh a Legacy account is how Microsoft told the SEC about it um and what does that mean yeah it me an account that had it was thrown up together you know just so they could test some stuff and never put any security controls on it no no multiactor no nothing but the account had admin access to you know like Office 365 not not your Office 365 all Office 365 so you know Ma most massive email infrastructure in the world uh was completely owned for two months by these Russian hackers and they use that time to read the emails of key Executives they appear to be looking for information on themselves in other words what are you saying about us internally um so it's little egg on the face for Microsoft because that's pretty Lan way to get hacked uh it means that even Microsoft has trouble doing the attack surfice uh Discovery and management that's kind of a Hot Topic in the industry right now it's like you know how do you know what's exposed how do you find it um and if you spend you know I've always been frustrated because if you spend all of your time finding vulnerabilities and patching them you no matter how much you invest in that you're still G to miss you're miss something right and even if you knew all of your resources all of your exposed applications all of your computers from IP address to MAC address and none of them were vulnerable to anything that we know about they were all patched and up to date you would still be wide open all zero day attack which are by definition vulnerabilities and exploits that don't that aren't known about yet so and Microsoft just demonstrated that once again it can happen to anybody and that's why you need layers of Defense right it's like you gota ask yourself well what happens if there's a server out there that has admin access we can't find it we're just a security team you know there's hundreds of thousands of developers creating stuff all the time at Microsoft um so let's just figure out a way to I don't know do Behavior Analysis and people reading email why would they be searching for that topic in multiple email boxes lots of solutions that they could be deploying you know I certainly hope that somebody's head rolled on that one do we do we know that for a fact you're you're muted there Richard they I I I kind of doubt that they would disclose that but somebody might have leaked it to a media person I suppose if somebody gets fired uh we'll find out because yeah because somebody on the team will mention it I mean is that something that's actionable in court on liability could somebody that had all that information exposed to these brusis uh could they then sue Microsoft is that possibility well well in this case uh the target was only Microsoft employees oh okay so there would there wouldn't be any suing going on um but you know there have been plenty events es of Microsoft vulnerabilities leading to massive breaches um but I'm not sure Microsoft's ever been sued for that it's probably pretty good assumption that they've been sued for everything that possibly could be so it's it yeah I'm sure they got a million right yeah if you're the largest or most highly valued public traded company in the world and in history you're GNA get targets from you know hackers and lawyers yeah I remember back when I first started out they were just a little organization with you know Steve belmer at the top and and of course Gates you know the the what was it Harvard Dropout or whatever he was but I mean I I lived in Seattle for seven years so I knew the didn't know the family but I knew the story that you know for the first seven years of Microsoft his dad mom paid all the bills while he was developing I mean that's a luxury that few of us entrepreneurs have right so that's right good point good point and uh in another Seattle company Amazon had a similar startup uh story his parents um 250,000 into Jeff Fido's startup and sold the stock I'm told right oh my god well we don't know if they've sold the stock but it's if they still had it its current valuation would be over $25 billion it's a pretty good Roi yeah you know yeah yeah so yeah yeah so that's a secret to being wealthy in your old age is have a son or daughter that you finance and they pay you back and then some holy mackerel that sounds like you know Matt's got a couple of kids like that I mean who knows right they could you know yeah Lo them a little D and uh there you go right so right well one of the things Richard I wanted to talk to you about I've seen uh a lot of it in the uh media lately and I personally have gotten a a couple of these letters from uh vendors of health care companies with uh breaches of Health Care information so what's going on there yeah that's interesting because uh my wife is just telling me that on um what's the neighborhood social media platform the next door same thing everybody's complaining about all these coming in um so I think it's actually very similar to another topic we could talk about today which is Sweden got act and it's um because of the the healthc care organizations are poorly protected um their it insecurity has always been way underfunded for the value of the data they have and um so their targets of ransomware so the ransomware attackers have learned to not only encrypt all the data but steal it first so they can you know threaten to leak it if they don't get paid for their uh uh extort so if you know Healthcare is a lot like universities um they aren't proactively looking for ways to reduce risk or uh become more secure so they basically they sit here right the regulation was passed the kipo was passed you know probably 20 years ago so they did a bunch of stuff hired a ciso did a bunch of stuff but then they're set right but in the meantime regulations just keep cranking up and attacking keep cranking up their activities so they they don't keep up because they're they don't have baked in 10% increases in their budget every year so they're just totally unprepared to defend themselves against pretty lame attackers right guys who are doing affiliate networks with the people who actually create the ransomware in the first place and uh so it's really Plug and Play to attack so everybody's trying to find Targets so they find the stupid hospitals and attack them and then eventually Le come and in the hospitals have to you know at Great expense communicate with everybody whose records were touched and tell them what happen but what the heck can you do with the health record though I mean if if somebody gets the files from a knee replacement or something I mean what what value is that yeah uh I totally agree with you there are some cases where you might have an embarrassing ailment that you don't want the world to know about okay well met bionic knees now but I mean other than that I mean you know that is why I picked that ex that is why I picked that example yeah yeah yeah yeah uh technically from the healthc care provids p uh point of view they those are hippo violations and they could be whacked with hundreds if not millions of dollars worth of fines they they aren't you know um they they are for specific ones right where you a elevator uh two doctors talk to each other about a patient if somebody overhears that they could have a hipo violation it's U pretty Draconian so yeah I agree with you it's no big deal if they get access to your you know my Bowmont chart for instance maybe they can get access to your method of payment when because you pay your bill so I think that's where they're they're targeting certainly they get your name um your ailment name of your doctors so they get really fish you well right they could say hey reaching out from your Dr son so's office and you have a balance with us and and then you go oh heck I'll just pay it online right okay exactly yeah yeah so well I don't think that's really the target I think it's more if they have the records we're going to Blackmail you that we're going to release the records unless unless you give us a zillion dollars or some crazy ass thing so but I mean because I mean going after individual patients that would be very tough time consuming so but but speaking go ahead plenty of people who've got the time to do it so they do the guys who steal the data sell it to somebody who monetizes it yeah speaking of Sweden you were saying when we first started out that those darn swedes weren't getting paid because of this that would a that probably aggravate a person or two right you know yeah so you know we switched from talking about hospitals but the entire government of Sweden was hacked you know the administrative side of it I think it'd be like our maybe Office of Management and budget um getting attacked um but evidently they haven't been able to you know write payroll checks for a week now good Lord and they're projecting several weeks before they're able to get back up and running oh not good yeah that's going to be pretty bad it you know it reminds me of we've talked a lot in this program about having backups of your data which is a really good defense against say ransomware uh but the other thing is backup of your systems so for instance if you're a retail store owner right you got a little shop single shop mom and pop you've got a cash register and you upgrade it to the latest thing from square or whatever the cool thing is do you really want to not sell stuff if there's a snowstorm and the power goes out you can't sell stuff because you don't have have any way to take money because your cash for this was closed or would you plan for that and have you know a lock box you could put cash in in handwritten receipts and you'd sell the deiser the rest of the stuff that your shovels that your customers might need um so all the way to Ukraine who of course attacked by sge who um uh attacked Microsoft and shut down their power grid um the post office went all the way back to manual systems when they did that the power grid came back up fairly quickly because they still had manual overrides for all of the big Power switches things that we don't have in this country anymore if we got hit by something like that it'd be even a worse disaster than happened to Ukraine yeah I I remember during that power outage in 2003 um which was caused by you know one one tree on one branch essentially in Ohio someplace and it took him a day and a half to get the power back on because they had to do things in a certain order and you know make sure that they weren't overloading anything because it was that complicated they didn't have manual switches I don't think that's right that's right and that was a big high power line right they couldn't climb up there and fix it so I was always suspicious of that explanation but then I'm suspicious of a lot of things the government does um and I remember I remember Richard and I wrote a book way back when on uh uh c a cyber hacker uh and we were talking to the kasperski people about sponsoring it and they were saying well if you include a portion in there that says that was really a Cyber attack we'd be willing to sponsor your book and you you were we were both a little reluctant to do that but I mean kasperski was saying getting back to the 2003 event that wasn't a tree that was something else you know I don't know but me I'm just I I don't trust government to begin with so you know so yeah I recall I mean I was in it luckily I was in Wisconsin so I could monitor everything on the internet um and there were a bunch of people doing that you'd see the power you know shifting uh and being swapped around and stuff and it was basically a combination of stuff including a you know a Linux server that got overloaded um had bad uh access controls on it um and it yeah when it all came down I go okay probably was just a bad design and system in place that couldn't take the power surch from that one branch falling on a a line yeah well hopefully that's all been dealt with I mean we uh deal real closely with ITC and I think they're a tad more sophisticated I've actually been in that building in they have a area that you can look down on their control room about the size of a football field and they have the whole map of the what's going on right there in the control room and I had shot some video in there that they really wanted me to promote and then about 6 months later they somebody came back to M ITC and said delete that video so I don't know what was going on but uh I obliged you know so it it it must have shown something they did not want shown inadvertently yeah I mean they invited me in I did what they ask and uh yeah and then all of a sudden somebody got paranoid and I got this desperate call from him delete it off your YouTube wow you know so yeah yeah yeah you show um screens right then you immediately show how they operate and the controls and the tools that they have yeah that an attacker would really be interested in that information sure yeah well considering that they're in what seven or eight states and you know they they're the high tension lines and so those go down you know game set match right you know so yep yep and I think the proof or the evidence that we're in better shape than 2003 is we haven't had outages like that right the Texas grid went down but it didn't fall over into the other two grids so that's good they don't do power sharing they're an entity unto themselves I've never understood texicans you know so but well I would understand it if their grid was better then you wouldn't want to but it's not no every time it gets too cold or too hot right there's a problem yeah Texas so the other thing that's come up and and this is a tangent but you know I want to move off on tangents as we all know there was a Middle East attack where some GIS got killed I think on Sunday and they're they're looking at responses now the only thing I haven't heard much about is could there be a cyber response to Iran that would really like say oil production and it would be much more subtle than going in and bomb bombing the crap out of them or something right uh for sure I think we'd be a little concerned about um tipping our hand right we want to save that for when we want to shut down their nuclear power production as we did in the tans with stuck St um so I think yeah that would be and and we don't want we're very very careful not to show Russia our hand ever so anytime we did anything then Russia would see it one they would though we didn't they'd accuse us of doing it and all the rest but then they'd also be they'd use copycat basically they'd say oh we we can do that too and then they then they'd start doing it so develop or they develop a countermeasure for it sure right of course yeah or shut down the vulnerabilities that allowed it to happen Etc yeah so I think it's much more likely there'll be just a classic you know helicopter born raid or fighter jets um going in and causing havoc and it's shiny you know if you're going to make a political response to something you're going to make it uh lots of things blow up well that will do it yeah so what else is their hands yes so let's talk about your book how are now that you're with hotton is that who you're with uh uh Wy very exciting uh today I just um finished you know all the details I need to turn in it took so what's that uh 29 days from January 1st to compile the entire book so so I'm very excited about that people are already buying it it's you can buy it on pre-order it on Amazon this is security yearbook 2024 um it'll be available June 5th for shipping and but you can pre-order it and that's causing the you know Amazon rank to go up above the minimum which is 7 million it's hovering around a million or something so somebody's buying it that's cool okay so did you use uh AI again to to write some of the short uh company profiles uh so while there aren't any company profiles in the book um just all my writing and thoughts so no AI involvement in producing the book and interestingly the for the first time ever when I signed the contract with there's a whole section devoted to AI if I do use AI to do any of the writing I have to disclose it okay yeah so there Publishers are that was fast reaction right um and of course then you've got by the way on February I'm starting to doing a webinar for Detroit working writers on February 7th on AI and writing and I'm going to try and counter the fears a lot of writers have that AI is going to displace them or it's it's already stolen all of their intellectual property and oh my gosh you know we're I get so infuriated when I hear my the office Guild of which I'm a member sewing open AI for you know copyright infringement you you used our books to train your model and now you've got a pot of money and we want a big chunk of that pot of money um and it reminds me of of you know how mad uh people were at the the music industry was mad at um uh the file sharing services but the musician is not so much right it's like hey we want people to love and know our music so if you're sharing it amongst yourself that's fine this is an opportunity for any writer who's been so graced with luck that open AI use their writing to help train their models that means that you've just been ingested into the Corpus of all human knowledge and will influence all future decisions by anybody using it you're not going to it's not going to it could quote you exactly but um your way of putting words one after another will have this infant testinal influence on how open AI writes and that will go on to have an influence on humans and you will have more of an impact thanks to open AI than the 150 people who bought your book on Amazon interesting that's an interesting way to look at it yeah I me it's it's how you look at the the whole concept came to me when the head of engineering at open AI was describing you know how how can I you know we we learn a large language model is just a statistical relationship between words and it just they use a lot of words to come up with these uh probability of what word comes next it so it just starts writing and just magically builds things that make sense and somebody was quizzing him about that that's kind of magical and he goes well if you think about it you know humans communicate with those words if you take all the written record and put it in a model you're going to get human thought out of it so that's why it seems like it's intelligent because it's the encompassing all human thought in all languages my well we all know merely a here Richard and and he's my social media guy and my web master and uh we obviously talking frequently and I've kind of been hesitant about getting into AI um it's just I need to invest some time I know I'm dragging my heels he uses it every day now he's doing a lot of Social Media stuff advertising stuff things like that he says he uses it every day and it's like it saves him so much time something that would take him 5 hours to do AI does it in you know 15 minutes or something and so he swears about it and I said well heck we should start a course online about this don't you think you know I'm always thinking money right like remember in 92 93 and this internet thing came along and remember I got so excited I you know dumped my job at russet and started or dumped my job at virtual engineering and started ret um because it was the biggest thing to happen in our lifetimes and we were early we all everybody was on russet recognize that they were early adapters we were there were fewer than a million people on the internet when we got online um the Advent of open AI chat GPT last year is bigger than the Advent of the internet bigger there 100 million people signed up right away and they're getting 20 bucks a pop or something yep yep 200 million a month in oh wow that's like cash flow there yeah that's cash flow that'll fund a lot of stuff and then and thousands of people including myself are taking advantage of it you know I'm paying pennies for more I would need 20 full-time industry analysts to do what I do with open AI every day so you well I'm saying is get into it as deeply and as far as you can because you're you know you're not going to get old you're a technologist you jump on everything when it happens so this is it yep I know I got to get plugged into AI I've just been uh like I say dragging my feet just got to invest the time you know I hope you I'll walk you through it you'll love it okay sounds good now this event on the 7th is this a virtual event or is this a live event yeah it's a virtual event and I'm doing it for the Detroit working writers which is a writing uh Association uh it's the oldest writing group in the country it's I think going to celebrate its 116th year or something like that wow it was founded as the Detroit women's writers association and then in the 90s they switched over to just they became more inclusive oh nice included the men so uh send me an invite on that I'd love to check that H okay yeah so would I absolutely awesome we'll do coming down to the final stretch here uh so anything else you want to touch on the next two three minutes yeah so you know we've heard a lot about a recession that just has never materialized right look around recession been four or five years that you've been talking about it where the heck is it uh last year was you know very slow year in the cyber security industry I think there's going to be a backlash this year so instead of laying people off companies are going to be struggling to hire people they won't be able to hire them fast enough uh so stand back um you know if you're frustrated trying to find a job it's going to get a lot easier so don't take the first job that comes your way you know you can be afford to be a little picky