Inside Threat Vector’s Bold Conversations on IoT, XDR, and Quantum Security
This week, Unit 42 exposed "Deceptive Delight," a method for bypassing AI safeguards by embedding harmful prompts in harmless ones, underscoring the need for stronger AI defenses. Meanwhile, Lumma Stealer malware is bypassing CAPTCHAs to steal sensitive data, and Bumblebee malware has resurfaced, more dangerous and harder to detect, highlighting the urgency of robust ransomware defenses. On Threat Vector, I had thought-provoking conversations with Dr. Daniel Ford on cyber hygiene, Dr. May Wang on IoT security, and Allie Mellen from Forrester on XDR, offering fresh insights into evolving cyber challenges.
What caught my attention this week?New Tactics to Jailbreak AI: The Risk of Camouflage and Distraction
A recent Unit 42 investigation reveals how malicious actors can bypass large language model (LLM) safeguards through a clever technique called "Deceptive Delight." By embedding harmful prompts within benign topics, attackers trick AI systems into generating unsafe content. This highlights a significant vulnerability in AI models that needs to be addressed to prevent misuse. Read more about how this tactic works and the steps needed to strengthen LLM security here.
Tricking CAPTCHAs: Lumma Stealer Malware on the Rise
Cybercriminals are using Lumma Stealer malware to bypass CAPTCHA protections, allowing them to steal sensitive data, such as login credentials and financial information. This development weakens one of the basic online security measures, making it easier for attackers to compromise accounts. Strengthening security defenses is crucial as these threats evolve. Read more in the full article here. For additional insights on cyber threats, explore Unit 42 research here.
Bumblebee Malware Returns with a Vengeance
Bumblebee malware has made a comeback, more potent and harder to detect than before. Used by threat actors for ransomware attacks and data theft, this revamped version highlights the adaptability of cybercriminals. Organizations must stay vigilant as botnet-driven threats evolve. Cyber defenses should be strengthened to counteract these persistent threats.
For more details, check out the full article here.
We had a busy week recording new episodes of Threat Vector.
I was thrilled to have had Dr. Daniel Ford join to record an episode of Threat Vector! His insights on cyber hygiene and cyber literacy have been rattling around my head since all week. His insights on who takes the risk vs. who experiences the risk (hint: security teams take the risk, you and I experience the risk) changed my perception of my relationships with security teams.
I also had a chance to go deep into IoT Security with Dr. May Wang. I can’t wait to release it - I think May named this one during the episode “The ABCs of IoT Security. This episode struck a great balance between security insights and forward-looking strategy. Plus, it’s always great to share the mic with a fellow nerd (her words! though I am right there with her).
Early in the week, I was able to get Meerah Rajavel and Niall Browne to talk to me about the relationship they have as Palo Alto Networks CIO and CISO. Meerah and Nial discussed the importance of integrating security into software development and emphasizing designing frictionless security early in processes. They also shared how they foster a culture of security at Palo Alto Networks. I know this episode will resonate with executives who are looking to drive speed and innovation.
Allie Mellen from Forrester and I also recorded an episode. It's supposedly about XDR and The Forrester Wave™: Extended Detection And Response Platforms, Q2 2024, but we went off script. Allie answered some deeper, tough questions and was absolutely wonderful to chat with. This will be a totally different episode of Threat Vector, and I am all for it.
Finally, I had Richu Channakeshava on to talk about Quantum Security. She did a fantastic job as a guest and an advocate for our listeners. At the end of the conversation, she called me out. Her observations were spot on, I was stiff and ran the interview as a Q&A. Quantum is such a big topic that I didn't want to let my ignorance get in the way, but as she pointed out, we need the conversation to flow, and when I don't know something, it’s better to ask (I keep learning that lesson). So, we will rerecord it in the style of What Roman Mars Can Learn About ConLaw, one of my favorite pods and podcasters. As soon as we redo this one, we will release it.
Why Your Identity Is the Only Perimeter That Matters
In a recent episode of Threat Vector, I spoke with Jamie Fitz-Gerald, Sr. Director of Product Management at Okta, about the crucial role of identity security in the hybrid work era. With employees accessing resources from various locations, identity has become the new perimeter, necessitating robust controls like multifactor authentication (MFA) and passwordless authentication. Jamie emphasized that identity is the cornerstone of a zero trust security strategy, where every user, device, and application is verified before access is granted. He also highlighted emerging trends like phishing-resistant authentication and identity proofing as vital tools in the fight against cyber threats. Tune in to the full interview to learn more about Jamie's insights and the future of identity security.
Identity Security in the Hybrid Work Era
In a recent episode of Threat Vector, I had the pleasure of hosting Jamie Fitz-Gerald, Sr. Director of Product Management at Okta. Jamie’s journey in cybersecurity is fascinating, from a fitness instructor to a defense contractor, and eventually to a key player at Palo Alto Networks and now Okta. His unique experiences have equipped him with deep insights into the evolving landscape of identity security.
Identity as the New Perimeter
In today’s hybrid work environment, where employees access resources from various locations, identity has emerged as the new perimeter. Traditional security measures are no longer sufficient. Jamie emphasizes the importance of strong identity controls, including multifactor authentication (MFA) and passwordless authentication. These measures are crucial in safeguarding organizational resources against unauthorized access.
Identity is the one door, it is the one place where you can ensure you have some security control no matter what.
Zero Trust Security Strategy
Jamie explains that identity is the foundation of a zero trust security strategy. Organizations can significantly reduce their risk of cyber attacks by verifying every user, device, and application before granting access. This approach ensures that only authenticated and authorized entities can access sensitive information, thus bolstering overall security.
Emerging Trends and Technologies
Phishing Resistant Authentication
Jamie highlighted the rise of phishing-resistant authentication methods. As traditional passwords become obsolete, the focus is shifting towards more secure, user-friendly options like biometric authentication. This approach not only enhances security but also provides a seamless user experience, which is critical in today’s fast-paced work environment.
Identity Proofing
Another emerging trend is identity proofing. This technology involves verifying the authenticity of a user's identity, often through digital means such as biometric data. Jamie points out that this can help organizations combat social engineering attacks, where attackers impersonate legitimate users to gain access to sensitive information.
Top Lessons for Cybersecurity Leaders
Prioritize Identity Security Identity is the cornerstone of modern cybersecurity strategies. Implementing robust identity controls, such as MFA and passwordless authentication, is essential in protecting against unauthorized access and ensuring the integrity of organizational resources.
Embrace Zero Trust A zero trust approach, where every user, device, and application is verified before granting access, is crucial in today’s threat landscape. This strategy minimizes the risk of cyber-attacks and ensures that only authenticated entities can access sensitive information.
For further reading, consider exploring "Zero Trust Networks" by Razi Rais, Christina Morillo, Evan Gilman, Doug Barth, which delves into the principles and implementation of zero trust security. Another valuable resource is the article "Is the password dead? Legacy technology prevents the shift" By Amber Jackson. By embracing these lessons and staying informed about the latest trends and technologies, cybersecurity leaders can better defend their organizations against evolving threats.
Identity Under Siege: Insights with Okta
To hear more about Jamie Fitz-Gerald's insights on identity security and the future of authentication, tune into the full episode of Threat Vector. Jamie shares his journey, delves into the importance of identity controls, and discusses the critical role of identity in a zero-trust strategy.
Have an idea for the show? Email me at threatvector@paloaltonetworks.com.
Insights into the Evolution of Cyber Conflict and Defense Strategies
In the latest episode of Threat Vector, I had the privilege of watching Michael Sikorski, CTO of Unit 42, and Jason Healey, Senior Research Scholar at Columbia University, dive deep into the evolution of cyber conflict and defense strategies. Their discussion highlighted the need for innovation and collaboration to outpace threat actors. Key takeaways include the importance of evolving defense tactics and using outcome-based metrics to measure success. This episode is a must-listen for cybersecurity leaders looking to make a real impact and secure our digital future.
Michael “Siko” Sikorski interviews Jason Healey
I had the unique opportunity to watch as Michael Sikorski and Jason Healey recorded the latest episode of Threat Vector, and it was an absolute thrill to see two great minds dive deep into a topic they’re both incredibly passionate about. It was early morning in Vegas, and the energy in the room was palpable as they explored the ever-evolving cyber landscape, dissecting the challenges and opportunities that have shaped our industry over the last five decades.
First, I want to extend a heartfelt thank you to Siko for stepping in as our guest host. Siko is a true expert in reverse engineering and malware analysis, with a career that spans over two decades at Mandiant, the NSA, and now Palo Alto Networks. His passion for education, highlighted by his teaching role at Columbia University and his leadership on the Board of Directors for the Cyber Threat Alliance, made him the perfect guide for this conversation. His deep expertise and commitment to advancing cybersecurity shone through in every part of the discussion.
Joining Siko was Jason Healey, a Senior Research Scholar at Columbia University's School of International and Public Affairs. Jason’s career is a testament to his pioneering work in cyber conflict studies. Jason has been at the forefront of shaping our understanding of cyber strategy and policy from the military and the White House to academia. He was a founding member of the first joint cyber command and the White House's Office of the National Cyber Director. As an acclaimed author and thought leader, Jason brought a wealth of knowledge and insight to the conversation.
The Evolution of Cyber Conflict
Reflecting on his extensive experience, Jason highlighted a sobering truth: many of the challenges we face in cybersecurity today aren’t new. The notion that "the red team always gets through" has been with us since the 1970s, underscoring a persistent advantage for attackers. This historical perspective is a stark reminder that innovative thinking in defense strategies is not just beneficial—it's essential.
As Jason noted, “If we don't innovate, our grandkids are going to inherit a worse internet than we have today.” His words serve as a clarion call to all cybersecurity professionals to rethink traditional approaches and push for systemic changes that can truly shift the balance of power.
Scaling Defense: A Collaborative Effort
One of the key takeaways from this episode is the critical role of collaboration in cybersecurity. Jason discussed how initiatives like the Cyber Threat Alliance are essential for achieving defense at scale. By sharing threat intelligence and coordinating responses, cybersecurity organizations can collectively outmaneuver adversaries.
He also touched on the need for a new framework to measure the success of these defense efforts. Jason advocates for a shift from input metrics, such as the number of trained experts, to outcome-based metrics that reflect whether threat actors are actually being disrupted.
Lessons for Cybersecurity Leaders
For those of us leading cybersecurity efforts, the conversation offers two critical lessons:
- Innovation in Defense: To keep pace with the ever-evolving tactics of threat actors, defense strategies must evolve. This means embracing new technologies, frameworks, and collaborative approaches that can amplify our defensive capabilities.
- Policy and Education: There is a strong need for a focus on policy and education. By engaging with policy-makers and fostering cross-disciplinary education, we can help shape a more secure digital future.
We need to step back and look at the scoreboard," ensuring our strategies are making a real impact—Jason Healey
For further reading on the topics discussed, I recommend exploring Jason’s work on the history of cyber conflict or diving into the latest reports from the National Cybersecurity Strategy. These resources provide valuable context and deepen our understanding of the ever-evolving cyber landscape.
As cybersecurity continues to evolve, the need for innovation, collaboration, and a broader strategic focus becomes ever more pressing. The insights shared by Jason Healey in this episode of Threat Vector offer a roadmap for professionals who are eager to make a meaningful impact in the field. By embracing these lessons, we can work toward a future where defense holds the advantage, and the digital world is a safer place for all.
Thank you again to Michael for stepping in as a superb guest host, and to Jason for sharing his invaluable expertise with us. It’s through conversations like these that we continue to push the boundaries of our field and better prepare for the challenges ahead.
Four things that help me get the most out of my iOS experience.
Four things that help me get the most out of my iOS experience
Plus a bonus tip for podcast listeners.
Type less, faster and smarter. Use Text Replacement
I use text replacement so I do’t have to type out common things like my email, phone, address and common replies.
You’ve likely seen this on your phone if you are typing “on my way” or “omw” and see that phrase ready for you to use (though Apple puts an explanation mark in the phrase).
Having some of these pieces of information or phrases at the ready is great. You have to type less, make fewer errors and can finish replies faster, though you do have to remember your shortcuts. Plus if you use iCloud these text replacements will sync across your devices.
For example when I type in “pn” text replacement expands those two letters out to my entire phone number. The same effect also works for my address (I use “addy” if you are curious). And for my various email addresses, I use a letter plus “ml”. For my Gmail address its “gml”, for IBM, its “iml”.
My latest use is for “a dad joke on demand”. I have grown (groan?) rather fond of dad jokes and now get asked for a joke more often than expected… with “jk1” you get “What do you call a guy with no shins? NEIL!!!!” My thanks to CNN’s dad joke generator for that gem!
Other uses you might consider:
Conference line + dial in code for work calls
Common misspelled words
Contact info — address, email, phone number
Common replies for emails
Common searches (“coffee shop near me” or “Apple stock price”)
I am sure there are may other ideas you are having, so, while you are thinking about it, here are instructions to help you out.
Go to Settings > General > Keyboard > Text Replacement. In the upper right corner tap the plus (+) sign. Type in your phrase and optionally (though I highly recommend it), your shortcut. Tap Save. That is it. If you come up with some great use cases, let me know in the comments.
Instructions: Text Replacement for iPhone
Instructions: Text Replacement for iPhone
Listen. Use Speak Screen to make your device read to you.
When I was working as a manager at Salesforce I had a 43-minute commute into downtown Indy and a 43-minute commute home. At the time I needed to go through a lot of emails (a global team never sleeps) and I figured out a way to get my iPhone to read to me while I drove. I found that if I used an accessibility feature called Speak Screen it did the trick.
Go go Settings > General > Accessibility > Speech. On the Speech screen tap the Speak Screen toggle to on. You will see the instructions “Swipe down with two fingers from the top of the screen to hear the contents of the screen.”
In the screen shots below, you will see that one is in the Notes app. That is my iPhone reading to me. The turtle and rabbit are speed controls. I like to tap the rabbit a couple times and listen as fast as I can. It takes a little time to develop an ear for it, but when you have 43 minutes to “read” an entire inbox you learn to hear faster.
Instructions: Use Speak Screen
Instructions: Use Speak Screen
Speaking of listening faster, I try to listen to a couple podcasts per day. I am a huge fan of Overcast by Marco Arment. The app is a joy to use and saves me a ton of time.
First I set custom speeds for each show. I like to listen to my podcasts a bit faster than normal. So for a show like Roman Mar’s 99& Invisible, I crank things up to nearly 2x speed. Roman speaks very deliberately and very slowly so this works. Other shows, like RadioLab, don’t speed up well. The background music beds, sounds and layers of human voices start to blur to a point where I can no longer enjoy the show.
Next, I turn on Smart Speeds and Voice Boost. Smart Speeds, which according to the note in the app’s Settings has saved me 14 hours beyond speed adjustments. This is incredible to think about. Had I just listened to the podcasts I love sped up, I would have listened to 14 days of nothing. 14 days of silence (not a bad movie title there). Two weeks of empty! Anyway, you get the idea, Smart Speed “dynamically shortens silences in talk shows”. For me, that is amazing!
Voice Boost is also a great feature that really works. As the site says, “boost and normalize volume so every show is loud, clear, and at the same volume”. It works as advertised, I wish this was something that worked across the entire device. When I switch to Pandora or Spotify, the ads nearly always play louder. I know there is science to back up this user unfriendly choice, but it is so jarring that I often associate negative feelings with the product being advertised (hint hint).
Overcast. Awesome for podcasts
Give your eyes a break: Dim the screen waaay down.
When I’m in a dark room and I don’t want to disturb others or scorch my eyes I triple click to dim my screen to take the brightness incredibly low. Before you can get this to work you need to set it up.
Go to Settings > General > Accessibility. Scroll to the bottom of the screen to Accessibility Shortcut. Tap to open the list of shortcuts. Tap Zoom. Now, back out to the Accessibility view and scroll back up to the top. Look for and tap on Zoom. Scroll down until you see Zoom Region and Zoom Filter. Set your Zoom Region to Full Screen Zoom and the Zoom Filter to Low Light. Now try that triple click out. Your screen should be notably less bright.
If you also see that the screen is zoomed in, you will need to use three fingers and triple tap on your screen. This should bring up the controller. Make sure the zoom slider is all the way to the left.
Use location reminders like a pro
I use the built-in Reminders app to create tasks. I like to invoke Siri and make reminders, and I’ve had great luck creating location-specific reminders. To do this, just say “Siri, remind me to take my lunch bag out of my trunk when I get home” or Siri, remind me to send a text to my wife when I get to work”.
However, not all reminders are for arriving or leaving work or home. Sometimes I need to remember air filters when I get to Lowe’s or a birthday card at Target. To do this, I have to create these reminders in the app.
To do this, go to Reminders App > Tap the plus (+) in the list you want to add a reminder >Type your reminder text > Tap on the “i” in the circle > Tap on the toggle to turn on “Remind me at a location” > Tap on Location (should show up under Remind me at a location). Now search for the location where you want the reminder. Tap the right location and tap “When I Arrive” or “When I Leave”. Now on the top left, tap Details to go back and then tap Done in the top right corner.
While having at least ten taps to set up a location reminder is a UX issue that Apple needs to address, having a reminder like this save me from making a return trip to the hardware store or forgetting an important birthday card has been worth it.
I wish that I could say, “Hey Siri, when I get to Target, remind me about anyone’s upcoming birthdays that are in my favorites” and the app would create a location + data aware reminder that checked my favorite contacts and if I was near a Target, remind me to grab a card. But that is a future feature!
Those are the four iOS tips plus the recommendation to use Overcast if you listen to podcasts. I hope you find them as useful as I do. And, I am always looking for more ways to get more done or have a better experience with my iOS devices. Let me know what you’ve found helpful.
In my next post, I want to share how I am using the Workflow app and IFTTT for more advanced functionality. My favorite / most lazy Workflow “app” allows me to remotely launch iTunes so we can watch the movies on my Mac. I got tired of having to go “all the way to my office” to flip on iTunes.