EP04: The Modern Take on Social Engineering in Email

by | May 9, 2023 | Podcast

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In this episode, we delve into the world of social engineering, phishing, and spam campaigns, exploring modern techniques threat actors are using to trick users into divulging sensitive information through email. Security Evangelist Andy and guest expert Umut Alemdar, head of the Security Lab here at Hornetsecurity, explain how phishing remains the top method of attack for many cybercriminals due to its cost-effectiveness and ability to exploit human vulnerability.

Attackers use excellent context and timing to create convincing email messages that trick even the most savvy users into divulging sensitive information. Despite the prevalence of anti-spam solutions, phishing continues to rise as attackers adapt and evolve their techniques.

Tune in to gain a better understanding of social engineering and how to protect your organization in the modern age.

Timestamps:

1:47 – Social engineering, phishing, and spam campaigns: still a problem in the modern era

6:30 – Why is phishing so effective, even today?

11:43 – What other types of attacks does phishing enable for end users?

16:48 – How does the industry ultimately solve the problem of phishing?

Episode resources:

Cyber Security Report 2023

Security Awareness Services

Google and Facebook Accounts Payable Fraud

Find Andy on LinkedIn , Twitter , Mastodon

Find Umut on LinkedIn

EP03: The Reemergence of Emotet and Why Botnets Continue to Return

EP03: The Reemergence of Emotet and Why Botnets Continue to Return

by | May 3, 2023 | Podcast

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

Welcome back to the Security Swarm Podcast! In this episode, our host Andy Syrewicze talks with Umut Alemdar, Head of Security Lab here at Hornetsecurity, about the reemergence of Emotet and the pervasiveness of botnets. Why does Emotet malware returns, i.e., why do they keep coming back?

Emotet is the well-known botnet that returns for spreading malware and stealing personal information. it had been dormant since December before reappearing in March 2023 with new tactics and capabilities. The Botnet has a modular architecture that allows threat actors to include any kind of payload that gets executed on the victim’s device.

Tune in to hear Andy and Umut discuss the attack chain of Emotet, how it has evolved and the risks it may pose to your organization. They also explore why botnets such as Emotet persist despite efforts to shut them down.

Timestamps:

1:58 – What is Emotet?

6:25 – Emotet’s Attack Chain

12:20 – How do Botnets continue to return?

14:44 – How can organizations guard against botnets like Emotet?

Episode resources:

Hornetsecurity Article Regarding Emotet

Hornetsecurity CyberSecurity Roundtable Discussion

Advanced Threat Protection

Security Awareness Services

Andy on LinkedIn, Twitter, Mastadon

Umut on LinkedIn

EP02: How Tech Pros Handle Security News

EP02: How Tech Pros Handle Security News

by | Apr 26, 2023 | Podcast

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

Welcome back for another episode of the Security Swarm Podcast, the podcast that brings you the insights and expertise straight from the Security Lab here at Hornetsecurity. In this episode, we’ll be diving into recent security disclosures with Eric Siron, Microsoft MVP, and discussing how organizations should respond when vulnerabilities are discovered.

We’ll focus on two major incidents as examples throughout this episode; the Outlook Vulnerability CVE-2023-23397, and the re-emergence of Emotet.

In today’s digital landscape, threats are constantly evolving and becoming more sophisticated, making it critical to respond quickly and efficiently minimize the impact of such incidents. Whether you’re a SysAdmin working in a small organization or the CISO of a large business, you have to be more vigilant, and have a plan.

Tune in to learn valuable insights into how tech professionals should handle security news.

Timestamps:

3:16 – A baseline example of a busy security news-cycle

8:00 – Keeping an eye on the security news-cycle and has it always been this way?

17:45 – What should organizations be doing to keep tabs on the security news-cycle?

23:21 – What can vendors be doing better to help SysAdmins handle security news?

Episode resources:

CVE-2023-23397

The Re-Emergence of Emotet

Hornetsecurity July 2022 Threat Review with Talk of Qakbot

White House to Shift Cybersecurity Burden

Andy on LinkedIn, Twitter, Mastadon

Eric on Twitter

EP01: We Used ChatGPT to Create Ransomware

by | Apr 18, 2023 | Podcast

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

By loading the podcast, you accept Libsyn's privacy policy.
Read more

Load podcast

In our very first episode we welcome Yvonne Bernard to the show for an in depth discussion into the security implications of ChatGPT. There is no doubting that ChatGPT and other recent AI models have brought some very positive change to a number of industries. However, did you know that there is potentially a darker side to AI? Can it be used for malicious purposes? The short answer is yes! In fact, we were able to use ChatGPT here at Hornetsecurity to essentially create ransomware!

In today’s episode we discuss the particulars of that process, the implications as well as other methods threat-actors can use to get ChatGPT to help them with illicit activities!

Timestamps:

5:51 – What are the cybersecurity benefits of ChatGPT?

10:05 – How is ChatGPT used for malicious use by threat-actors?

17:15 – Does OpenAI have controls in place to prevent malicious use?

20:48 – What are the legal implications that ChatGPT brings to the industry?

23:40 – What does the industry do about the potential security implications of ChatGPT?

Episode Resources:

The DAN Method on Reddit

Hornetsecurity Webinar on the Security Implications of ChatGPT

Andy on LinkedIn, Twitter, Mastadon

Yvonne on LinkedIn

Security Awareness Service from Hornetsecurity