Byer-Nichols Threat Brief for February 1-15 2026
Season: 2
Published: February 17, 2026
By: Phish Tank Digital
This threat intelligence report detailing global cyber activity for the first half of February 2026 highlights a significant shift toward cloud-based exploitation and identity theft. Prominent ransomware groups like Qilin and The Gentlemen continue to dominate the landscape, frequently targeting manufacturing and technology sectors within the United States. The document identifies several trending malware families, such as CastleLoader and HYPERCALL, which utilize sophisticated social engineering and multi-stage execution to compromise infrastructure. Additionally, the brief warns of active vulnerabilities in widely used software like Notepad++ and SolarWinds, urging organizations to prioritize patching against these critical risks. Data indicates that small businesses bear the brunt of these attacks, representing the vast majority of documented victims. Ultimately, the source serves as a comprehensive guide for defenders to understand the evolving tactics and adversaries currently threatening digital security.
Link: Byer-Nichols Threat Brief for February 1-15 2026
Keywords:
Episode Transcript
00:00:00 - 00:00:02
(upbeat music)
00:00:02 - 00:00:05
- Welcome back to The Deep Dive.
00:00:05 - 00:00:08
Today we have a stack of papers on the desk
00:00:08 - 00:00:10
that paints a pretty intense picture
00:00:10 - 00:00:11
of where we are right now.
00:00:11 - 00:00:12
- This is a lot to get through, yeah.
00:00:12 - 00:00:15
- Resuming in on the Byron Nichols threat brief
00:00:15 - 00:00:19
for the first half of February, 2026.
00:00:19 - 00:00:22
And usually when we look at a two week slice like this,
00:00:22 - 00:00:23
we're looking for trends.
00:00:23 - 00:00:25
Is ransomware up, is fishing down.
00:00:25 - 00:00:27
- Right, we're looking at the Spanometer,
00:00:27 - 00:00:29
the volume gap. - Exactly.
00:00:29 - 00:00:31
- But this report, - Yeah.
00:00:31 - 00:00:33
- It feels less like a Spanometer.
00:00:33 - 00:00:36
And more like we're looking at a map where the road
00:00:36 - 00:00:38
is just taking a sharp unexpected turn.
00:00:38 - 00:00:40
- The landscape is definitely shifting.
00:00:40 - 00:00:41
I've read a lot of these briefs.
00:00:41 - 00:00:44
And it's usually just more of the same, but faster.
00:00:44 - 00:00:47
But this one, from February 1st to the 15th,
00:00:47 - 00:00:49
it shows a real change in philosophy.
00:00:49 - 00:00:50
- How so?
00:00:50 - 00:00:52
- The briefing uses this phrase that really stuck with me.
00:00:52 - 00:00:55
We are moving away from smash and grab tactics
00:00:55 - 00:00:57
towards stealth and dwell.
00:00:57 - 00:00:57
- Stealth and dwell.
00:00:57 - 00:00:59
That sounds, yeah, that sounds a little bit.
00:00:59 - 00:01:00
A lot more ominous.
00:01:00 - 00:01:01
- It is.
00:01:01 - 00:01:02
Think about a physical robbery.
00:01:02 - 00:01:03
- Yeah.
00:01:03 - 00:01:04
- Session grab is a brick through a window.
00:01:04 - 00:01:07
You grab what you can and you're gone in 30 seconds.
00:01:07 - 00:01:09
It's loud, it's messy.
00:01:09 - 00:01:10
- Right, it's over quickly.
00:01:10 - 00:01:12
- Stealth and dwell is completely different.
00:01:12 - 00:01:15
It's hiding in the ceiling tiles after closing time,
00:01:15 - 00:01:18
waiting for everyone to leave, disabling the cameras.
00:01:18 - 00:01:21
- And then you have the whole weekend to empty the safe.
00:01:21 - 00:01:23
- You're not just robbing the place, you're moving in.
00:01:23 - 00:01:26
And that's the theme screaming out from this report.
00:01:26 - 00:01:30
We're seeing cloud abuse, deep identity compromise,
00:01:30 - 00:01:33
this unnerving level of persistence.
00:01:33 - 00:01:35
- They want to be silent administrators on your network
00:01:35 - 00:01:37
for months, not minutes.
00:01:37 - 00:01:37
- Great, thanks.
00:01:37 - 00:01:39
- And there's one threat actor
00:01:39 - 00:01:41
that seems to be the mascot for this new era.
00:01:41 - 00:01:44
UNC386.
00:01:44 - 00:01:47
- UNC3886 is the absolute poster child
00:01:47 - 00:01:48
for stealth and dwell.
00:01:48 - 00:01:50
They are not looking for a quick crypto payout.
00:01:50 - 00:01:53
They're focused on high value infrastructure.
00:01:53 - 00:01:54
- And what the keys to the kingdom?
00:01:54 - 00:01:55
- They want to clone the keys to the kingdom
00:01:55 - 00:01:57
and just sit there watching everything.
00:01:57 - 00:01:59
- Okay, we are definitely gonna unpack that
00:01:59 - 00:02:02
and some other frankly bizarre actors later on.
00:02:02 - 00:02:04
But I wanna start with the leaderboard.
00:02:04 - 00:02:06
- The billboard hot 100 of cybercrime.
00:02:06 - 00:02:08
- It's a grim way to look at it, but yeah.
00:02:08 - 00:02:10
It tells us a lot about the market forces.
00:02:10 - 00:02:12
So who's at the top of the heap right now?
00:02:12 - 00:02:14
- Well, it's a competitive field.
00:02:14 - 00:02:17
Taking the gold medal with nearly 16% of the total activity
00:02:17 - 00:02:18
is Quillen.
00:02:18 - 00:02:21
- Quillen, we've been hearing that name for a while,
00:02:21 - 00:02:23
but it seems like they've surged what's their deal.
00:02:23 - 00:02:25
- I'd say consistency.
00:02:25 - 00:02:27
- Quillen isn't flashy.
00:02:27 - 00:02:29
They're not trying to be the most innovative group out there.
00:02:29 - 00:02:32
They are just incredibly efficient business operators.
00:02:32 - 00:02:33
- So they're corporate.
00:02:33 - 00:02:34
- Very.
00:02:34 - 00:02:37
They've carved out a niche targeting mid market firms.
00:02:37 - 00:02:40
They know exactly how much ransom a company of that size
00:02:40 - 00:02:42
can pay and they don't get greedy.
00:02:42 - 00:02:45
It's just industrial scale cybercrime.
00:02:45 - 00:02:48
- So Quillen is the steady, predictable assembly line.
00:02:48 - 00:02:49
Who's number two?
00:02:49 - 00:02:53
- A group with a wildly misleading name, the gentleman.
00:02:53 - 00:02:55
They're sitting at about 13.4%.
00:02:55 - 00:02:56
The gentleman.
00:02:56 - 00:02:57
I'm guessing they don't say please.
00:02:57 - 00:02:58
- Hard, no.
00:02:58 - 00:03:00
Nothing polite about them.
00:03:00 - 00:03:03
If Quillen is an assembly line, these guys are pure chaos.
00:03:03 - 00:03:06
The report describes their activity as swingy.
00:03:06 - 00:03:08
It comes in these massive unpredictable waves.
00:03:08 - 00:03:09
- What drives the waves?
00:03:09 - 00:03:10
- Data leaks.
00:03:10 - 00:03:12
They are all about extortion.
00:03:12 - 00:03:14
They steal terabytes of data first
00:03:14 - 00:03:17
and then the negotiation is basically pay us
00:03:17 - 00:03:20
or this goes to your competitors and the press.
00:03:20 - 00:03:22
Pure high pressure tactics.
00:03:22 - 00:03:25
And rounding out the top three, an old familiar name,
00:03:25 - 00:03:29
CL-Zero P, just over 9%.
00:03:29 - 00:03:33
But the report says they are actually hitting many new places.
00:03:33 - 00:03:34
Is that right?
00:03:34 - 00:03:35
- No, they're not.
00:03:35 - 00:03:38
And that just shows the power of a really big exploit.
00:03:38 - 00:03:40
CL-Zero P is still riding the wave
00:03:40 - 00:03:42
from that massive, Quillen linked victim dump
00:03:42 - 00:03:43
from earlier in the year.
00:03:43 - 00:03:46
- Ah, right, the Quill vulnerability, that was huge.
00:03:46 - 00:03:46
- It was massive.
00:03:46 - 00:03:48
And when you hit a supply chain tool like that,
00:03:48 - 00:03:50
you get so many victims at once
00:03:50 - 00:03:51
that you can't process them all.
00:03:51 - 00:03:53
- So their activity in February
00:03:53 - 00:03:54
is really just them finally getting around
00:03:54 - 00:03:56
to the victims they popped in January.
00:03:56 - 00:03:57
- That's incredible.
00:03:57 - 00:03:59
It's like a criminal enterprise with a backlog.
00:03:59 - 00:04:01
Sorry, we'll get to Robbie you next Tuesday.
00:04:01 - 00:04:03
- It's literally a Q management problem for them.
00:04:03 - 00:04:05
- Okay, now this is where it gets really interesting for me.
00:04:05 - 00:04:07
We've talked about the attackers.
00:04:07 - 00:04:11
But the shift in who is getting hit,
00:04:11 - 00:04:13
that really stopped me in my tracks.
00:04:13 - 00:04:14
- You saw the sector shift?
00:04:14 - 00:04:15
- I did.
00:04:15 - 00:04:19
For years, it's been technology or finance at number one.
00:04:19 - 00:04:21
That's where the IP is, the money.
00:04:21 - 00:04:22
But not this time.
00:04:22 - 00:04:25
- Nope, manufacturing has overtaken technology.
00:04:25 - 00:04:28
It's now over 15.5% of victims.
00:04:28 - 00:04:30
Tech is second, finance, third.
00:04:30 - 00:04:32
- Why manufacturing?
00:04:32 - 00:04:33
Is it just weaker security?
00:04:33 - 00:04:35
- That's part of it, for sure.
00:04:35 - 00:04:38
Operational tech is notoriously hard to patch.
00:04:38 - 00:04:41
But the bigger factor is the cost of downtime.
00:04:41 - 00:04:42
- Ah.
00:04:42 - 00:04:43
- If a software company server goes down for a day,
00:04:43 - 00:04:44
it's annoying.
00:04:44 - 00:04:46
But if a factory floor stops.
00:04:46 - 00:04:48
- You're losing millions by the hour,
00:04:48 - 00:04:51
physical inventory spoiling, trucks waiting at the dock.
00:04:51 - 00:04:53
- The pressure to pay that ransom is immediate
00:04:53 - 00:04:54
and it is physical.
00:04:54 - 00:04:56
They know manufacturers will fold faster.
00:04:56 - 00:04:58
- But the biggest aha moment for me
00:04:58 - 00:05:00
wasn't even the sector.
00:05:00 - 00:05:02
It was the size of the companies.
00:05:02 - 00:05:04
I think a lot of people listening assume,
00:05:04 - 00:05:06
I'm a small business, 50 employees.
00:05:06 - 00:05:07
I'm too small to be a target.
00:05:07 - 00:05:09
- That is the single most dangerous assumption
00:05:09 - 00:05:11
you can make in 2026.
00:05:11 - 00:05:13
That myth is dead.
00:05:13 - 00:05:16
The data here is, it's staggering.
00:05:16 - 00:05:18
Companies with fewer than 500 employees
00:05:18 - 00:05:20
made up over 84% of all victims.
00:05:20 - 00:05:23
- 84% that's almost everyone.
00:05:23 - 00:05:25
- It's the vast majority.
00:05:25 - 00:05:26
And look at the flip side.
00:05:26 - 00:05:29
Large enterprises companies with over 5,000 employees.
00:05:29 - 00:05:32
Their numbers drop by almost 50%.
00:05:32 - 00:05:35
They're now only 1.26% of victims.
00:05:35 - 00:05:37
- So why is the big fish slipping off the hook?
00:05:37 - 00:05:38
- It's evolution.
00:05:38 - 00:05:40
The large enterprises have the budget.
00:05:40 - 00:05:42
They have security operation centers,
00:05:42 - 00:05:45
204/7 monitoring, AI defense tools.
00:05:45 - 00:05:47
They've hardened to their perimeters.
00:05:47 - 00:05:48
- It's just too much work to hack 'em.
00:05:48 - 00:05:49
- It is.
00:05:49 - 00:05:51
So the attackers are like water.
00:05:51 - 00:05:54
They're finding the path at least resistance.
00:05:54 - 00:05:56
Why spend six months trying to crack a bank vault
00:05:56 - 00:05:58
when you can rob 500 convenience stores
00:05:58 - 00:06:00
in the same amount of time with the script?
00:06:00 - 00:06:02
- So if you're a small business owner listening to this,
00:06:02 - 00:06:03
you're not just a target.
00:06:03 - 00:06:05
- You are the target market now.
00:06:05 - 00:06:07
- So let's talk about how they're getting in.
00:06:07 - 00:06:09
I saw something in the report about notepad++
00:06:09 - 00:06:11
and I admit I check my own computer.
00:06:11 - 00:06:12
I use it all the time.
00:06:12 - 00:06:13
- A lot of people do.
00:06:13 - 00:06:14
It's simple.
00:06:14 - 00:06:15
It's ubiquitous.
00:06:15 - 00:06:17
And that's exactly why it's a target.
00:06:17 - 00:06:22
We're talking about CVE 2025, 1555, 566.
00:06:22 - 00:06:24
- Okay, what does that mean in plain English?
00:06:24 - 00:06:28
- It means the update feature in notepad++ was hijacked.
00:06:28 - 00:06:29
For months.
00:06:29 - 00:06:31
This wasn't just a bug.
00:06:31 - 00:06:33
Chinese state hackers were actively exploiting
00:06:33 - 00:06:34
the update channel.
00:06:34 - 00:06:37
- Wait, so I click update thinking I'm being secure.
00:06:37 - 00:06:39
- And you are essentially holding the front door
00:06:39 - 00:06:41
wide open for them.
00:06:41 - 00:06:42
- That's a betrayal of trust.
00:06:42 - 00:06:43
- It is.
00:06:43 - 00:06:46
And it shows that even the most benign everyday tools
00:06:46 - 00:06:48
can be a gateway.
00:06:48 - 00:06:49
You're watching your firewall,
00:06:49 - 00:06:51
but are you auditing your text editor?
00:06:51 - 00:06:52
Probably not.
00:06:52 - 00:06:54
- And the report mentions this idea of chaining.
00:06:54 - 00:06:56
So it's not just one bug.
00:06:56 - 00:06:57
- Never just one bug.
00:06:57 - 00:07:00
This is where that stealth and dwell strategy comes to life.
00:07:00 - 00:07:03
Getting in through notepad++ is just the beachhead.
00:07:03 - 00:07:04
It's the foot in the door.
00:07:04 - 00:07:06
- But you can't run a whole operation from there.
00:07:06 - 00:07:08
- Right, you need higher privileges.
00:07:08 - 00:07:11
So they might start there or maybe with a flaw
00:07:11 - 00:07:12
on the SolarWinds web help desk.
00:07:12 - 00:07:17
There's a big one, CVE 2025 40536.
00:07:17 - 00:07:19
But once they're inside, they start looking
00:07:19 - 00:07:20
for the heavy hitters.
00:07:20 - 00:07:21
- It's Windows vulnerabilities.
00:07:21 - 00:07:22
- Exactly.
00:07:22 - 00:07:25
The report lists a whole string of Microsoft CVEs
00:07:25 - 00:07:28
and those are privileged escalation bugs.
00:07:28 - 00:07:31
They take you from a guest to an administrator instantly.
00:07:31 - 00:07:34
- So the analogy is, they pick the lock on a bathroom window
00:07:34 - 00:07:35
to get inside the house.
00:07:35 - 00:07:36
- Yeah.
00:07:36 - 00:07:39
- And once they're in, they find the master keys
00:07:39 - 00:07:40
sitting on the kitchen counter.
00:07:40 - 00:07:41
Perfect analogy.
00:07:41 - 00:07:43
And they don't rob the place right away.
00:07:43 - 00:07:45
They copy the keys, learn the alarm codes,
00:07:45 - 00:07:46
and they wait.
00:07:46 - 00:07:47
That's chaining.
00:07:47 - 00:07:48
- And once they have that control,
00:07:48 - 00:07:50
they open up the toolbox.
00:07:50 - 00:07:53
And I have to say, the malware menagerie section
00:07:53 - 00:07:56
of this brief is, it's like a sci-fi anthology.
00:07:56 - 00:08:01
We've got futuristic AI weapons next to ancient zombie tech.
00:08:01 - 00:08:02
- It's a bizarre mix, isn't it?
00:08:02 - 00:08:05
It really shows how diverse the threat landscape has become.
00:08:05 - 00:08:07
- Let's start with a sci-fi stuff.
00:08:07 - 00:08:09
UNC 2069, this sounds like something
00:08:09 - 00:08:10
out of a cyberpunk novel.
00:08:10 - 00:08:11
It really does.
00:08:11 - 00:08:14
UNC 2069 is a North Korean nexus actor,
00:08:14 - 00:08:17
and they are laser focused on one thing,
00:08:17 - 00:08:20
cryptocurrency, defy organizations.
00:08:20 - 00:08:21
- And they have new malware.
00:08:21 - 00:08:24
- Two new tools, hyper call and wave shaper.
00:08:24 - 00:08:26
But honestly, the malware isn't even the scariest part.
00:08:26 - 00:08:27
It's the delivery method.
00:08:27 - 00:08:28
- Okay, tell me about the delivery.
00:08:28 - 00:08:30
- We're all used to phishing emails, right?
00:08:30 - 00:08:32
UNC 2069 is way beyond that.
00:08:32 - 00:08:34
They're using compromised telegram accounts.
00:08:34 - 00:08:36
They're setting up fake zoom calls.
00:08:36 - 00:08:39
- Fake zoom calls with a person.
00:08:39 - 00:08:40
- Yes, except it's not a person.
00:08:40 - 00:08:42
They're using deep fake videos.
00:08:42 - 00:08:43
- You're kidding.
00:08:43 - 00:08:44
- No, you get on a call.
00:08:44 - 00:08:45
You see someone you think you know,
00:08:45 - 00:08:49
a recruiter, a client, they look real, they sound real,
00:08:49 - 00:08:51
but it's an AI-generated persona.
00:08:51 - 00:08:53
- That is absolutely terrifying.
00:08:53 - 00:08:55
It's social engineering on steroids.
00:08:55 - 00:08:55
- It is.
00:08:55 - 00:08:58
It's click-fix style social engineering, but with AI,
00:08:58 - 00:09:01
they trick you into downloading an app for the meeting
00:09:01 - 00:09:03
or clicking a link to fix your audio.
00:09:03 - 00:09:06
And because it's live, your guard is down.
00:09:06 - 00:09:08
- Wow, okay, so that's the future.
00:09:08 - 00:09:11
But then you mentioned zombies, SSH stalker.
00:09:11 - 00:09:12
- SSHacker is the complete opposite.
00:09:12 - 00:09:16
It's almost nostalgic in a bad way.
00:09:16 - 00:09:19
It's a Linux botnet, but the tech stack is from 2009.
00:09:19 - 00:09:21
It uses IRC for control.
00:09:21 - 00:09:22
- IRC, internet relay chat.
00:09:22 - 00:09:24
I haven't used that since high school.
00:09:24 - 00:09:26
- Right, but it works.
00:09:26 - 00:09:28
They combine that ancient control method
00:09:28 - 00:09:29
with modern mass scanning.
00:09:29 - 00:09:32
They're brute-forcing SSH credentials
00:09:32 - 00:09:35
and exploiting bugs in Linux 2.6.x kernels.
00:09:35 - 00:09:37
- Linux 2.6, that's ancient.
00:09:37 - 00:09:40
- It is, but think about all the forgotten infrastructure
00:09:40 - 00:09:40
in the cloud.
00:09:40 - 00:09:43
Old servers spent up for a project years ago
00:09:43 - 00:09:44
and never turned off.
00:09:44 - 00:09:45
- Zombie servers.
00:09:45 - 00:09:48
- Exactly, SSHacker finds them, infects them,
00:09:48 - 00:09:50
and build a massive botnet.
00:09:50 - 00:09:53
- So we have deep fakes and zombie bots.
00:09:53 - 00:09:55
And then there's the stuff you can just buy.
00:09:55 - 00:09:56
Zero-Day Rat.
00:09:56 - 00:09:59
- This is the democratization of cybercrime.
00:09:59 - 00:10:02
Or a rat is remote access Trojan.
00:10:02 - 00:10:04
And Zero-Day Rat is commercial spyware.
00:10:04 - 00:10:07
You don't need to be a coder, you just need a telegram account.
00:10:07 - 00:10:08
- What can it do?
00:10:08 - 00:10:09
- Everything.
00:10:09 - 00:10:12
Full remote control of Android and iOS devices.
00:10:12 - 00:10:16
Live camera, microphone, key logging, banking data,
00:10:16 - 00:10:16
all of it.
00:10:16 - 00:10:18
- And it's openly marketed on telegram.
00:10:18 - 00:10:18
- Openly.
00:10:18 - 00:10:22
And the control panel requires zero technical skill.
00:10:22 - 00:10:23
It lowers the barrier to entry,
00:10:23 - 00:10:26
so any criminal can become a high-level spy.
00:10:26 - 00:10:27
- We also have castle loader in here.
00:10:27 - 00:10:29
That one sounds more targeted.
00:10:29 - 00:10:30
- It is.
00:10:30 - 00:10:33
It's used against government and critical infrastructure.
00:10:33 - 00:10:35
It uses a technique called process hollowing.
00:10:35 - 00:10:36
- Process hollowing.
00:10:36 - 00:10:37
- It's a great visual.
00:10:37 - 00:10:40
The malware starts a legitimate program like the calculator.
00:10:40 - 00:10:42
It pauses it, scoops out the legitimate code
00:10:42 - 00:10:44
from memory hollowing it out,
00:10:44 - 00:10:47
and injects its own malicious code into that empty shell.
00:10:47 - 00:10:48
Then it just resumes the process.
00:10:48 - 00:10:51
- So in my task manager, I just see calculator running normally.
00:10:51 - 00:10:52
- Correct.
00:10:52 - 00:10:56
And your antivirus sees assigned Microsoft binary
00:10:56 - 00:10:58
and says that's fine.
00:10:58 - 00:11:01
Meanwhile, inside that shell,
00:11:01 - 00:11:03
the malware is stealing everything.
00:11:03 - 00:11:05
It's a wolf in a sheep's carcass.
00:11:05 - 00:11:07
- So we have all these tools and actors.
00:11:07 - 00:11:09
Let's talk about the real world consequences.
00:11:09 - 00:11:10
- Yeah.
00:11:10 - 00:11:11
- Because real money is being lost here.
00:11:11 - 00:11:12
- Huge amounts.
00:11:12 - 00:11:15
The report highlights step finance.
00:11:15 - 00:11:17
They lost $40 million in crypto.
00:11:17 - 00:11:20
- $40 million, just gone.
00:11:20 - 00:11:20
- And how did it happen?
00:11:20 - 00:11:23
It wasn't some complex hack of the blockchain.
00:11:23 - 00:11:26
It was compromised executive devices.
00:11:26 - 00:11:29
- So something like the UNC 1069 tactic,
00:11:29 - 00:11:32
a fake call, a compromised phone.
00:11:32 - 00:11:33
- It fixed the profile perfectly.
00:11:33 - 00:11:35
If you compromise the identity of an executive,
00:11:35 - 00:11:37
you don't need to break the vault.
00:11:37 - 00:11:38
You just use their keys to open it.
00:11:38 - 00:11:39
- And Coinbase had a similar issue.
00:11:39 - 00:11:41
- They confirmed insider breach.
00:11:41 - 00:11:42
- Right.
00:11:42 - 00:11:44
- Yeah, leaked screenshots from a support tool.
00:11:44 - 00:11:45
Again, it all comes back to identity
00:11:45 - 00:11:46
and social engineering.
00:11:46 - 00:11:48
- It's not all bad news though.
00:11:48 - 00:11:50
I saw some headlines about justice being served.
00:11:50 - 00:11:51
- We did see some wins for the good guys.
00:11:51 - 00:11:54
The owner of the incognito dark web drug market
00:11:54 - 00:11:55
got 30 years.
00:11:55 - 00:12:00
And the fugitive behind a $73 million pig butchering scheme
00:12:00 - 00:12:02
got 20 years.
00:12:02 - 00:12:04
But the most interesting arrest for me
00:12:04 - 00:12:07
was the seller of a tool called Joker OTP.
00:12:07 - 00:12:10
- Joker OTP, I assume that's for one time passwords.
00:12:10 - 00:12:11
- Exactly.
00:12:11 - 00:12:13
Those six digit codes your phone gets
00:12:13 - 00:12:15
for two factor authentication.
00:12:15 - 00:12:17
- The things that are supposed to keep us safe.
00:12:17 - 00:12:20
- Joker OTP is a tool designed specifically
00:12:20 - 00:12:21
to intercept them.
00:12:21 - 00:12:22
And the fact that police arrested the seller
00:12:22 - 00:12:25
of the tool is significant.
00:12:25 - 00:12:25
- Why is that different?
00:12:25 - 00:12:29
- It shows law enforcement is finally going after
00:12:29 - 00:12:31
the arms dealers, not just the soldiers.
00:12:31 - 00:12:34
They're targeting the cyber crime supply chain.
00:12:34 - 00:12:36
Take down the tool makers and you make it much harder
00:12:36 - 00:12:38
for everyone else to operate.
00:12:38 - 00:12:39
- That's a huge shift.
00:12:39 - 00:12:40
Okay, let's wrap this up.
00:12:40 - 00:12:42
We've got ransomware hitting small businesses,
00:12:42 - 00:12:44
Chinese hackers and our text editors,
00:12:44 - 00:12:47
North Korean actors using deep fakes on Zoom.
00:12:47 - 00:12:49
- It's a landscape that's all about that ship
00:12:49 - 00:12:51
to stealth and dwell.
00:12:51 - 00:12:53
The attackers are getting quieter, staying longer
00:12:53 - 00:12:55
and targeting the people least prepared to spot them.
00:12:55 - 00:12:57
- So if I'm a listener, what's the one thing
00:12:57 - 00:12:59
I need to take away from this?
00:12:59 - 00:12:59
- Patch.
00:12:59 - 00:13:00
Patch everything.
00:13:00 - 00:13:04
Apple, Microsoft and yes, even your notepad plus plus plus
00:13:04 - 00:13:05
link.
00:13:05 - 00:13:06
Fast patching is your first landed defense.
00:13:06 - 00:13:08
Don't give them an open window.
00:13:08 - 00:13:09
- And the identity side.
00:13:09 - 00:13:11
- You have to tighten your identity controls.
00:13:11 - 00:13:14
Use hardware security keys, not just SMS codes.
00:13:14 - 00:13:16
Watch for impossible travel.
00:13:16 - 00:13:17
If a login comes from New York
00:13:17 - 00:13:19
and then Moscow five minutes later, block it.
00:13:19 - 00:13:22
- And kill those zombie servers in the cloud.
00:13:22 - 00:13:22
- Absolutely.
00:13:22 - 00:13:23
Before we sign off,
00:13:23 - 00:13:26
I wanna leave everyone with a final thought.
00:13:26 - 00:13:29
The deep fakes, the fake Zoom calls.
00:13:29 - 00:13:30
- Yeah.
00:13:30 - 00:13:31
- That's really stuck with me.
00:13:31 - 00:13:33
- It raises a really important question, doesn't it?
00:13:33 - 00:13:36
If an attacker, like UNC 2069,
00:13:36 - 00:13:39
can mimic a face and a voice in real time?
00:13:39 - 00:13:42
Are we reaching a point where we can no longer
00:13:42 - 00:13:46
trust any remote digital communication?
00:13:46 - 00:13:47
- That is a disturbing thought.
00:13:47 - 00:13:49
The end of digital truth.
00:13:49 - 00:13:52
- I mean, unless we have some kind of cryptographic proof
00:13:52 - 00:13:55
of identity, I see it shouldn't be believing anymore.
00:13:55 - 00:13:56
- Well, on that cheerful note,
00:13:56 - 00:13:59
I'm gonna go check my no-pad plus updates right now.
00:13:59 - 00:14:01
I suggest you all do the same.
00:14:01 - 00:14:03
Thanks for listening to this deep dive.
00:14:03 - 00:14:04
- Stay safe.
00:14:04 - 00:14:07
- Reach out to us at jbuyer.com for comments and questions.
00:14:07 - 00:14:09
Follow us at buyer company on social media.
00:14:09 - 00:14:11
And if you'd be so kind,
00:14:11 - 00:14:13
please rate and review us in your podcast app.
00:14:13 - 00:14:15
[Music]