Sign Hawaii Banking Agreement Secure

Industry sign banking hawaii agreement secure

[Music] [Applause] [Music] okay we're back we're live we're back we're live i'm jay fightel here's a given wednesday morning and we're on security matters with andrew lanning it's really his show but he's appearing with me and we're going to talk about russia and how it hacked our government agencies whatever happened there and what we can do about it really important question it's a revelation um we haven't figured out exactly what happened or what we could do but we're gonna we're gonna start that conversation today with andrew landing hi andrew hey jay how you doing thanks for having me on this morning i think i was on yesterday on my show it's good to be a guest once in a while [Laughter] we're trying to treat you nice thank you so andrew what happened here i mean this is a bad thing it's in the transition and one has inevitably led to the possibility that somebody was taking advantage of our transition uh and i guess the paper said it was all about russia and the papers also said something very interesting is that they had done it by way of compromising a texas an american company that was selling tools to other software companies so it's hard to track that because you think it's an american company but it was a trojan horse of some kind can you talk about what we know sure um so let's talk about solar winds first solar winds is a a ubiquitous product out there solar winds is used they have a variety of tools but um endpoint management um endpoint monitoring um so literally probably all of the fortune 500 and down i think a half a million customers globally right so you're talking about a product that's used everywhere um and trusted you know for that for that reason that they've got a great track record um what happened what we know happened is some of their one of their updates right companies are constantly updating their software and pushing that out what we know is um uh one or some versions back in looks like back in march uh april march through june a few versions i'm not sure how many they released during that time um the ad bar adversaries some criminals were able to gain access to that code and then inject um some malware into that code um and then it the the real nice you know nice is probably not the best word but the um the interesting thing that they did is that they were able to hide that injection in a way that made it look like valid code from that manufacturer so that that manufacturer's own code checking mechanisms failed to detect this in its in its in their build so they of course issued that that download out there and everyone or some i think they said about 18 000 companies um applied that so that tells you there's a whole bunch of companies who aren't keeping their software up to date but the ones that were keeping themselves up to date unfortunately got a um i got this malware and they called it sunburst um sunburst is really a dropper um what that means is it um it lets the command and control software that it's talking to it beacons out to that maybe in some period of time let's say a week or two goes by and let's for example just say it calls home so it's going to go out back out the firewall um and let the command and control software that it um is communicating with it's programmed already to communicate with this um let it know that it's there it will have done some uh initial scanning of its environment ahead of time to let the command and control software know you know what it uh has found uh what it's potentially got and then the adversaries will just you know decide you know based on the type of um information that they get back what's the best way to start to move laterally what type of other tools may they need to go in and continue to assess that environment that they're in or to learn more about it all the while these guys in particular are trying to be very very stealthy uh with this activity they don't want to be known so this is a this is a remote sort of uh long-term attack uh what you call an advanced persistent threat and um i did want to say that although i've seen some some media talking about that this is attributed to cozy bear which is apt 29 i've not read of any formal forensic attribution and i don't think any i think people are saying it looks like those guys it looks like those guys but no one's attributed this to anyone yet so for right now it's an unknown entity um does that mean it's not it's not clear that it's russia not clear i mean and there's an interesting thing it the techniques are very good and very russian but russia doesn't tend to steal our technology that's china so you know china would love this to look like it's russia you know what i'm saying those guys do that all the time to each other so you know that we just have to be attribution is just not something that's been done yet and everyone's very cautious about attribution because it's very difficult to prove oftentimes so the the um some of the hallmarks uh in particular why they're saying that is because these guys were able to use the outlook web access token tokens probably from one of the administrators of the software that worked on the software to actually gain access to it they had to compromise someone inside that organization and these organizations are you know they they use multi-factor authentication something that we recommend everyone do but this particular group has a way to get around multi-factor authentication related to outlook web access owa so at tokens so you know that um that's one of the reasons why and this group that was studied before was able to do this to a think tank uh so there's been some forensic analysis and and so some of this forensic analysis and it's early on looks like that analysis so that's kind of why there's this this um this thinking that okay these may be these same guys but again it's not been proven yet so you know it seems clear this is brilliant this is not some kid in the basement in serbia now yeah criminals today don't work that way um the the kids can't even keep up anymore cr crime cyber criminals today are definitely nation state funded they're their nation state hired their they work with nation states um many of the nation states will let them do their crime as long as they'll be a partner in crime when that particular nation state wants help with something uh so there's a lot of that that blending has occurred uh with a lot more frequency in the last you know 18 months so that's a problem for everybody right so this attribution problem is it a criminal is it a nation is it both you know are they in cahoots so that kind of problem uh is what all the law enforcement agencies in the country are around the world are facing uh with cyber crime i think cyber crime is the third largest uh gross domestic product today in the world well i kind of want questions for you so what you know so i suppose there's an investigation going on about this american company that had an inside person and uh and ultimately you know it sounds like there's a fair chance they'll find that person uh because uh you know he had to be in a position to um receive the instructions uh act on the instructions uh insinuate the the code necessary to to give the nation state a uh a hook in inside that particular software module but what's what what i guess what i don't understand is um why why this and and why the government the newspapers are talking about you know a half a dozen government agencies or more in the united states that all got hit and had their data ripped off and the question is why would anybody go to this kind of trouble and was it limited to government from what you say it sounds like it was way beyond government so what was the the purpose and scope here yeah for sure so government's just a a victim in this case as anyone else um so again solarwinds is used by so many different organizations right just if i said microsoft word right every company probably uses microsoft word right so it's that ubiquitous as far as endpoint management goes so they are out there they have different types of products so not everyone uses all of their products this particular orion suite is very popular obviously so you know the it was it was brilliant to target them um this is another thing when we talk about the amount of resources that it takes um i i'm just gonna go out on a limb and it's only my um sort of uh thinking that this this particular attack probably was worked on for a long time so that takes a lot of resources a lot of money a lot of patience you're going to have to work to get someone's credentials to compromise them uh that's that takes a lot of research on social media and uh it just takes a lot of work right so yeah but you know the work you're talking about is compromising somebody it's almost like uh finding an agent for espionage uh rather than pure technology well it's not finding a person so they a person's credentials were compromised so they were they were able to take a person's credentials and then emulate them so that so it's like i became you to the system just for example if you were the administrator now i can act upon that system with your authorities and of course when they get in they work to escalate that privilege until they got to the level that they needed to where they could actually work on the code base itself um and again this this type of of um supply chain problem right so there's there's a lot of concern you hear the word the term supply chain risk management today you're starting to see that in bid proposals in fact where we have to explain uh the supply chain risk management infrastructure that we have behind our offerings when we sell things to the government for example so for software supply chain risk this type of product um in our product for that matter really isn't regulated there's a lot of protections that go in no one wants to make bad products right however um they're that we would love to see a product like this built in a in a let's just call it a white room where there it can never be touched by the internet therefore no crit no system compromise can ever occur from outside that could allow something like this to get introduced it would have to be code somehow walked in the door like on a usb drive for example right which would also not be allowed in the white room so there's ways to sort of prevent this type of thing from happening and they're known they just aren't regulated so industry doesn't isn't forced to operate oftentimes at these higher levels of assurance that we would like it to because there's no one really um you know there's a risk solar winds may surely run a risk of being sued or something like that as an outcome of this but you know the the the doing the doing the building of the code building a white room having a lab having it audited by third parties to make sure you're doing everything proper uh is very expensive and so companies don't go to that expense um because they're not forced to and that's uh go ahead do we understand exactly what the mechanics are here do we understand what you know what this code does i mean you've described how it got into the system and how it got into the sub the what you call software supply chain i guess is what it is sure um but but do we understand what it does it i i'm assuming in a gross sense i'm assuming it allows a foreign actor to come in and find things and take them out again take out data does it also allow them to screw up the system and bring it down does it allow them to modify the code and modify the functionality is to get a wrong result for example in calculation do we understand it well i i there will definitely be more research as we find out what these actors have done again most of those systems so the right now they're uh microsoft solarwinds fireeye several of these companies have put out what are called indicators of compromise so you need to go look either at your firewall laws or your system logs your identity management logs um and if you find any of these indicators of compromise uh the first one would be that that that initial dropper uh right got um reached out you know the first one would be do you have any of these versions of of the bad uh solarwinds software did you install that if you did install it there's no doubt that that dropper was installed on your system now the next thing to check is see they already know which command and controller they know some of the ip addresses that the command and control called out to the dropper software called out to that a certain ip so you can look on your firewall log for example and see wow was there was there something inside my system that reached out okay if so um then you know you you've got uh you probably need to offline that system you need to at that point presume that it's infected right you've got to presume that they've come back in and done something else and then you've got to go look and it just depends on what type of system you have and how you know how in depth and how connected it is with other systems is it a cluster of servers is it an isolated system so you know that would all that forensic work is is ongoing uh in a variety of systems so we'll start to learn more about you know potential exfiltrations of data obviously if anyone has command and control capability inside your system they can use that system for whatever they want you hear of ddos attacks right so you'll hear of like a botnet a botnet is nothing more than let's just say a hundred thousand computers that someone has command and control software installed on and they take those and at one moment in time they call them up and use all of them to go to a website for example to start to ping a website with a bunch of packets and that that dynamic denial of service ddos attack uh could happen so because uh the ip address that they're pinging on uh cannot handle that much traffic at one time so yeah for sure so your you know your system can be used to do other other crime uh obviously if you have um the keys to the castle in there those can be stolen from you and sold on the dart on the black market you know on the dark web um or you know they could be um used against you perhaps in a media campaign it's very embarrassing to have your tools stolen uh i commend fireeye for coming out and letting everyone know that's how this got found uh they had some of their tools stolen they are one of the preeminent red team companies in the united states um and they use they have tools they built to hack into your systems tools that are proprietary to themselves so they've now had to go release indicators of compromise that would show that their tools are also being used against you right so that you could detect them those types of companies don't like to have their tools known because that's they're basically the keys to their castle that's how they're such good so good at doing what they do well it's just looking at this as an outsider um an outsider so you say okay we we know that um these certain products in the supply chain were were um uh were kidnapped um and um we're just gonna change them we're gonna say okay the the you know what this is the suspect module is going to get switched out now and we're going to have another one we developed from scratch and we're sure that this one you know doesn't get through the firewall and allow and allow bad actors to get into our systems um okay so would that solve the problem to switch it out uh what are what are the challenges about doing that because you have all these downline companies already using you know the the software that's been compromised you have to reach them of course you have to reach everybody in the supply chain but how hard would that be well so that's that's a normal thing anyone running that software right is going to get an update typically those are automated some companies may not automate it but um it's it is out the hf2 was supposed to be released today hotfix number two uh for that that uh solarwinds orion and so that is available for everyone and you must go do that if you're running orion you need to go do that right now that doesn't solve the problem because you've already had the dropper installed the droppers already potentially called out to the command and control sof ware and installed something else right so that it's sitting there waiting to be used or waiting for the command and control to access it so that's the problem that you have is that you've got to go get rid of that dropper that's there you've got it and you block it for example go to the firewall and say if this suspicious activity happens then port this or port that or in a certain way uh just don't don't don't recognize it uh you know sort of neutralize the the dropper as you say you do that um for sure you could you could and that's a good idea but it just they made there may already be other stuff installed that's calling somewhere else so that's a while that's a good practice yes then that's you know one thing you need to go look at because it's if it's been there more than a few weeks which it probably has it has called out and if it called out then you have to presume that other tools have already been installed and they may be calling to other places so again some of this forensics that we're learning there are some things we do know i believe microsoft is going to block that entire domain today so that no one can call the known ones anymore right so that even if you've got software and you haven't had the time to clean up your system or do it it can't call that particular command and control the one that we know but if i'm a criminal um as soon as i started getting penetration and i got my command and control software contacted i would i would have started to prioritize the places i was in and and immediately gone back in i want to go hide this dropper i want to go hide those firewall logs if i can and i want to install something else that no one is looking for some other type of advanced persistent threat that's going to do something else for me at some point in time maybe tomorrow maybe a month from now most of their time is spent gathering they've got to gather a lot of information and then you know it's no it's not a trifling thing to exfiltrate you know terabits of data from someone it's a lot of time and so that needs because your firewall will see that everyone watches for that type of activity right and so you know you've got they've got to take it out a little bit at a time which takes a long time so they're they're remaining in stealth mode is critical and now of course that they you know the fire eye found them um the world's looking for them and now they'll be in particular they'll get rooted out but a lot of people probably aren't capable of doing this forensic work um they won't they'll just hatch their solar winds and the apt will be sitting there and it'll sit there for a long time you know there's no way to to necessarily stop that if you don't go find it and find out what's been infected within your system right and even to that end and it shouldn't nobody should think this is hopeless this is work that we have to go do when we know what we need to do we go do it right before andrew you have a huge industry of uh you know cyber security and uh you know security software all over the country the world the world i mean you know every every country that that that has the internet has this and um and the software everywhere every every country in the world so couldn't anybody see this coming couldn't anybody figure it out why is it such a surprise why is it a newspaper headline well because the the it sells papers i mean the the people don't know people i mean you know it's like for i.t people in general and and security people for sure um everyone's well aware of this right this is not this isn't new or anything like that droppers aren't new malware isn't new um infecting a supply chain has been has happened before this is not um um you know a new event um it is i think sensitive because it's solar winds this is one of our this is one of our security vendors that we trust and they've been compromised and the the depth of the conference you know the the size of the compromise is just a testament to how vulnerable we are because of our supply chain dependencies right again if i said if microsoft word you know we've had um uh sql sql worms right because because sql microsoft sql is everywhere those are very very effective um is that the injection attack yeah sure yeah exactly so and those and there's there's ways to um prevent that for example there's the part of the ul program i talked about they they do fuzz testing where they intensely take your software and inject it with gibberish or inject it with super long strings or inject it with certain types of packets and it can cause it to act erratically when it acts erratically sometimes you can take advantage of that and then and then inject code or cause it to run go into an error operating mode which allows you to then um um use it to do something else with so you know when a system gets uh has anomalies right those anomalous behaviors can create outcomes that no one had thought of before and this is when we talk you hear the term like zero days and things like that so there are people that are constantly researching this type of stuff when they find them hopefully they're the good guys the white hat guys and they sell those uh compromises back to like microsoft and microsoft will fix them um had someone found this one in solarwinds before uh uh before it uh you know it got um obviously you know found by fireeye um you know they would have hopefully offered that to them these companies offer what are called bug bounties so they'll offer um white hat hackers a lot of money to to report to them these vulnerabilities so that they can fix them and that's a good system we we find a lot of things that way but you have to just go to mitre keeps the common vulnerability enumeration or critical vulnerability enumeration cves you can go online and look there right now just google cdes and go look at those those are all the critical vulnerabilities that haven't been resolved right so when i want to attack something i can just go look up okay let's let's go see uh let's go see what kind of cisco cves are out there today for uh routers for example right i can go look and there's half a dozen of them there i can take those there are already attacks built to to detect those particular products like you've heard of shodan um so there's tools available where i can just go and go find a where these routers are in the world and then start to run those attacks against them so the vulnerabilities are known the attacks are built this is there's no cost to any of this there's just time so you know getting into getting into someone is is you know really just a matter of effort you know there's not a isn't that difficult but this this software hacks a little different because they were able to get you know compromised an administrator and then use that administrator's credentials to uh get into the code this is by a developer right who writes code and then they were able to insert this through his with his credentials right so that i thought the us was was ahead of the game i thought we kind of software started with us and uh we have not only silicon valley but if you look at the country now there are experts in software all over including in honolulu like you and and so um did you see uh halt and catch fire a fantastic series about the development of some of these things back in the 80s i didn't see it no there is a series on netflix anyway my point though is that uh with all of the expertise that we have query how did these guys in nation states that are ostensibly behind us get so far advanced that we can't stop them and that they relentlessly keep on going and we're in this kind of uh tennis game with them but they always seem to get a leg up on us um why is that and and and what what are we missing here what is the government missing what is industry missing that we're not ahead of them well i am i would just venture venture this for you for thinking i would say we're well ahead of them we just don't advertise it nor do they when we break into their stuff they don't talk about it we have freedom of speech here so the newspaper says oh the russians are attacking the government yeah maybe the the russians attack solar winds right everyone uses solar winds so the government's a victim also along with all the other victims but the stuff that we attack you have to remember we took uh nsa put our defensive and our offensive capabilities together now under paul nakasone right so i would just venture to guess um you you really really really don't want to be in our radar because we bring an absolute nightmare when we want to and where we want to i believe that we do i just that's a that's for top secret conference rooms that i'm not allowed in and none of us will know about right but um our defenses are very good now that's government defenses so a commercial defense right we see the vulnerability here in the supply chain where a a commercial vendor who's you know been compromised you know hurt us all and so that's that's a difficult issue you know and again you have to understand when we say government this it's very unlikely and i i don't have visibility on this but i'm gonna say it's very unlikely that any of this um this breach would have gotten anything into any of our classified or above systems right those are maintained differently they're monitored differently there's a lot of other work that goes on there so you know the i think one of the bigger breaches that government had was the opm if you remember the opm breach when all of our you know i'm a former veteran so my uh my details were lost in that event as well so you know but but so that was a massive breach of pii personally identifiable information but by and large i you know i can't imagine you know that um they got very far well you saw the list of government agencies that you know forget the private sector for a moment just the united you know half a states major departments in in washington and our government were compromised um a you know how much and let's assume also they never got into classified information you know military secrets would have yeah um but how much damage i mean it seems to me that we are a huge bureaucracy we need to talk to each other those agencies have to function and these were you know it's all about software how much damage have they done uh either now or sort of in the future using these same what did you call them bots that are that are you know inside government computers how much damage have it done to the government is this just a step one of a multi-step process where later we're gonna we're gonna hurt not necessarily on secrecy but on data and functionality uh potentially i mean now that we know the iocs fortunately the government does have resources it's called our taxpayer dollars and they're going to spend them cleaning this up that's there's a cost for sure but that's that's this particular attack right which is a good thing we need to go clean this one up again it it doesn't mean that there aren't other apts already resident across our telecommunications infrastructure our energy infrastructure we know they are as a matter of fact so many of these systems have been penetrated what we call critical infrastructure um and you know we're all working to protect them to find them to lift them out forensic auditing is brutally hard work not very many people on the planet are that good at it you know we talk about cyber experts but there's a there's a few groups in the united states that specifically will work will will fund your education if you happen to have the skill sets uh to be able to do forensic auditing uh they need you alan power cutting out to hawaii worked with our governor he's worked with many of the governors um to try to they built a game that actually high schoolers can take um and it's not stem related this is your ability to be persistent and to be uh and to um have their certain tenacity and just certain things you've got to have in you to be able to stay after it you know and really go find these things in our system well let's assume for a moment you know that private industry spends the money and there isn't a lot of money in some sectors these days private industry spends the money brings experts in and they close down you know the holes and the federal government uh you know brings the resources and they close down the holes and do damage control as as necessary um and but of course you know there's this whole industry out there i guess it's mostly in government um that's supposed to give us security so you would talk before the show about how you know what they do is not necessarily known to the public a lot of it is classified may not be the right word but it's not available to the public and my question to you is um so let's assume all of this gets somehow and it will fixed it'll get fixed and the holes will be plugged for now um what is that it's a hard question what what is the next one what is going to happen it's like like i asked about covid you know what's the next virus what's what's the next hole in the boat um then you know are we are we prepared for that are we working on that do we know what it is do you know what it is and can you talk about it well sure i mean uh we we know it is this one we know was from march so there was probably one in january and probably one from last year and there's probably a lot of undetected uh advanced persistent threat tools installed in a variety of subsystems in critical infrastructure will they wait when i say they will the adversaries wait to use those to take down the electrical grid in the northeast for example will they use them to take down the banking system to cause financial disruption uh to uh an economy of some country our country or another country who knows um you know we have to presume that we are already compromised and that's the way we function the way i function anyway um so if you know that that you must take your really valuable assets and make sure that they're not connected to those things that are probably already compromised does that make sense and so if they and if they are you've got to keep them encrypted right you got to use strong encryption so that if they're taken then it takes an extra you know a really big effort to get them decrypted right you've got to change your um your uh the tokenization of your credentialing right your your identity management for who you are and for who your devices are you gotta rotate that stuff out you can't ever use administrators of any type to do anything else this is uh this compromise of of outlook web access tells us that probably this administrator had an email account associated with that same account that he worked on the system with that's a bad idea right because it can be compromised you don't want to an administrator someone who's working on the code for example that is all he should do he should go in that white room sit on a computer and that's all it does it doesn't do anything else he can't google he can't do anything while he's sitting there working on that nor can he communicate from it he's got to go use a different system right you've got to have yeah you've got to have that segregation to keep your assets protected i mean that's that's a it's a standard practice um classified and above it's just that below classified and out in the commercial spaces it's expensive to do and so you know it doesn't get done properly all the time well business is collaboration these days and the bigger the the bigger the collaboration the more effective the business is yeah you can't you can't grow without growing your software but let me just as a final thought here let me talk about the ordinary shmo the ordinary schmo is loading all these utilities on the internet he's getting this and that and he you know of course he is likewise compromised there's stuff people can you know crack crack his system and they can take his data and all that we know that you know identity theft all over town but but here's here's one and i won't mention names because i i'm not sure that this is that the name i have in my mind is the one that that could do this but there there are various utility software manufacturers that feed um you know the the private computer personal computer market and you can download them in a minute and you have them on your system and they do all kinds of things and they're very helpful and they're very good they're very good um but but when you look a little further you find out that these companies are owned by and programmed in russia for example sure okay and i say to myself in a paranoid way i say because i think you have to be paranoid about these things um and your industry is loaded with paranoia it has to be yeah i say to myself you know if this is leaving some kind of uh tracks on my computer and it's it's meshing up with you know millions of other computers because it's good software it works well can't complain but if there was some kind of trojan horse in there that connected by the internet to other people millions and millions of other people and somebody you know pulled the trigger on the far end say in russia they could bring down the entire personal computer industry and and beyond in in the country maybe the world and i'm saying you know uh is this is this unlikely or is is this is am i being paranoid or is this is it capable of being a legitimate thing it's a it's a full-blown business already so when when you want to do something like that you just go on the dark web and purchase it i can buy two terabits per second of ddos attack right now i just buy it it's already built there are already millions of not only pcs but devices iot devices that are compromised and so the people who own them lease them out to other criminals does that make sense so this is just this is business so if i want to ddos a company um i just i wouldn't i'm not going to go infect 100 000 computers i just go pay the guy who already did it schedule myself a two-hour ddos attack on my competitor and when he's trying to have a conference or something and make him look bad or something you know whatever for whatever reason that's a that's a done deal that's been around for a long time let's suppose i want to bring the country down suppose i want to stop all commerce stop all productivity i really wrecked the economy and i have a handle on every single personal computer mac or pc what have you in the in the country because i have very good software living on there and they like it and they use it and it's open to the internet um that would that would be a business of another kind yeah nations yeah well the yeah so there's still going to be command and control infrastructure right that the the major providers are going to see that start to happen they already start to pair down ddos as a matter of fact so they built out nodes to push all those packets off so that they're not all hitting one gateway and closing it down so there's there's the major providers have built out infrastructure across the us already to help us mitigate some of these types of things when people try to do them they still try to do them and they're still quite effective i think the biggest ddos today is about 8.1 terabits that is phenomenally huge i i can't imagine how many devices that was uh working on that particular that particular network um but that's what's been recorded and i think verizon just released their uh report you know these companies put out these reports crowdstrike and fireeye and all them every year about all the stuff that they've seen um you know and so the the small guy like us you're sitting at home they're doing that with your computer you just think your computer's running slow you don't really know it's not like they took the whole thing because they don't really want you to kick them out they don't want you to dis all this software makes my computer run so they don't want you to take it off right so they just want to use 30 of your processing power not a 100. yeah you know what i mean well let's say we're just about out of time andrew i really enjoy this conversation i i hope other people you know do too i think we the word has to get out about this and and that's my last question you know what what message would you leave from your end of the security industry uh what message would you leave with people how how should they approach this handle it think about it should they be worried should they be confident uh what what mindset should we all have about you know what comes out of this newspaper headline so for sure if you use the solarwinds product you need to get um get a hold of the ilc's right which solarwinds has published them microsoft has published them you can go get a look at those now uh run scans on your systems look for these iocs to see what you've got obviously you need to update your solar winds but to the new hotfix version which is supposed to be out today um that'll take care so you won't have that but you've got to go look around forensically and then you you definitely need to be monitoring your firewall for outbound calls right and look for um outbound exfiltration of data again there could be something else installed that these indicators of compromise don't see right there could already be another tool that's been installed that they're using um and there are a lot of iocs most of these most of these tools are looking for all these things that we know about it's the stuff that's unknown that we don't know about if it's there there's nothing you can do but except watch for you know why is all of a sudden you know five megabits of data flowing out some port that that never happened before on my firewall right so there's things like that that um people need to look for and that's your your intrusion detection intrusion prevention systems right but the small guys oftentimes don't have that so they can at least do the um do the windows updates the windows defenders looking for these ioc that's going to quarantine them on your system uh as of today i believe they were going to load the binaries in there so you know they're there's um you got to do the normal good computing you also you need to be aware of what's going on and then and also try not to spread like fear like we know what to do to fix it so you just do what you got to do do good computing habits use multi-factor authentication um you know do those things that are smart separate your your valuable assets don't have them on your network um you know if if your network's on the internet and you're playing games or whatever you're doing you know if it's not safe or not secure um you don't want to have assets on there you know that's just uh good computing goods good cyber hygiene we call it yeah andrew lang integrated security technologies uh the host of security matters and a principal of the security industry association as well thank you very much andrew i really enjoyed talking with you thanks for having me jay i hope the audience likes it stay safe everybody [Applause] you