Understanding KillNet and Recent Waves of DDoS Attacks – Michael Smith – ESW #357
Full Audio
View Show IndexSegments
1. Understanding KillNet and Recent Waves of DDoS Attacks – Michael Smith – ESW #357
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened?
Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet.
Segment Resources:
- Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work? - I know the title makes this blog post sound rather basic, but it will get you up to speed on all the latest DDoS types, actors, and terminology pretty quickly!
- What is An Application-Layer DDoS Attack, and How Do I Defend Against Them?
- 2023 DDoS Statistics and Trends
- https://en.wikipedia.org/wiki/Killnet
Announcements
Security Weekly listeners save $100 on their RSA Conference 2024 Full Conference Pass! RSA Conference will take place May 6 to May 9 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac24 and use the code 54USECWEEKLY! We hope to see you there!
We’d like to invite our listeners to be part of our prestigious 2024 SC Awards! Entries are officially open.
The SC Awards continue to serve as a beacon of excellence, recognizing the industry’s best solutions, organizations, and people that are advancing information security. This year, there are 34 categories, many updated to reflect trends in artificial intelligence, cloud security and continuous threat exposure management. This is your chance to shine among the brightest in the cybersecurity world.
Take advantage of the early bird rate by April 12! Visit securityweekly.com/scawards to submit your entries by May 31st!
Guest
Michael Smith is Vercara’s Field Chief Technology Officer and is responsible for the organization’s overall technology strategy including product management, threat intelligence, customer support, and sales and channels enablement. Smith initially started as a Russian translator in the U.S. Army, before serving in CTO roles in startups and information security officer roles leading major government security projects. With over 30 years of experience in cybersecurity, information technology, and intelligence, he has managed high-profile incidents such as the wave of DDoS attacks against major U.S. banks in 2012 and 2013 and attacks by e-commerce account takeover gangs, as well as security monitoring for the 2014 FIFA World Cup and 2014 Winter Olympic Games, and preparations for both the 2018 and 2020 Olympic Games.
Host
2. The AI-est news segment ever, now with even more AI! – ESW #357
This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later
They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor.
They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like.
Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW.
They discuss a number of essays, some of which are a must read:
- Daniel Miessler's Efficient Security Principle
- Subsalt's series on data privacy challenges
- Lucky vs Repeatable, a must-read from Morgan Housel
- AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo
- Customer love by Ross Haleliuk and Rami McCarthy
We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach.
We wrap up discussing Air Canada's short-lived AI-powered support chatbot.
Announcements
Google has announced that they will be shutting down the Google Podcasts platform in mid-2024. To ensure that you don't lose access to the Security Weekly content you know and love, please make sure that you subscribe to your favorite podcasts feeds on an alternative platform such as Spotify, YouTube Music, Amazon Music, Apple Podcasts, Overcast, Podcast Addict, PocketCasts, or anywhere else you listen to podcasts! Visit securityweekly.com/subscribe to find the buttons to subscribe to each show now!
On the evening of Monday, May 6, 2024, W2 Communications and CyberRisk Alliance are bringing CYBERTACOS back to San Francisco! If eating FREE tacos, sipping on margaritas and mingling with cyber professionals from all over the world sounds good to you, make sure to register to secure your spot! Visit securityweekly.com/cybertacos to RSVP today!
Hosts
- 1. FUNDING: AI data security startup Cyera confirms $300M raise at a $1.4B valuation
- 2. FUNDING: Scrut Automation Raises $10M in Funding
- 3. FUNDING: Allure Security Closes $10 Million Series A to Help Companies Protect Their Brands Online
$10M Series A led by Curql. I find it interesting that online brand protection is still a category with early stage vendors. Checks the boxes you'd expect - fraudulent website discovery, takedown, social media protection, and mobile app protection.
Perhaps, as cybercriminals turn to AI to automate creating website clones, fake mobile apps, etc this kind of brand protection is going to become a standard product all businesses need?
- 4. FUNDING: TrojAI Raises $5.75M in Seed Funding to Secure AI in the Enterprise
- 5. FUNDING: Knostic Emerges From Stealth With Enterprise Gen-AI Access Controls
$3.3M Seed round, with Shield Capital, Pitango First, DNX Ventures, Seedcamp, and several angel investors participating. Founders Sounil Yu and Gadi Evron are well known and should have no trouble finding design partners and early adopters.
The company is building products designed to limit the problem of "oversharing" LLMs, which we have a few examples of in our other news stories today!
Knostic's launch blog, also pointing out that it is an RSAC Launch Pad Finalist
- 6. NEW COMPANY: PromptArmor
I believe they raised some seed as well, but couldn't find a link to details on that. Yet another LLM security vendor, looks like.
- 7. NEW PRODUCTS: Multiplying Security Research: How Eclypsium Automates Binary Analysis at Scale – Eclypsium
- 8. ACQUISITIONS: Wiz completes $350 million acquisition of Gem Security to expand CDR offering
Sounds like something out of a D&D campaign. Remember when Wiz, Orca, and Lacework's marketing was all about how terrible it was that Palo Alto was growing by acquisition, and they were better because they didn't do that? Awkward...
- 9. ACQUISITIONS: Veracode Connects Security from Code to Cloud with the Acquisition of Longbow Security
Still sounds like something out of a D&D campaign.
- 10. ESSAYS: Efficient Security Principle (from Daniel Miessler)
- 11. ESSAYS: Cautionary Tales: Learning from the Frontlines of Data Privacy and Security – Part 3 of 3 – Apr 08, 2024
A great series - I learned a lot!
- 12. ESSAYS: Lucky vs. Repeatable
A very good one - well worth the read. I've always hated the concept of "Lucky". Most things that get this label applied to them are explainable. Call it what you will, but luck is usually the right move + the right skills + the right people + at the right time.
I think that some people can manufacture something vaguely similar to luck by working really hard, but I think the true key to the stuff worthy of calling "luck" is due to great timing, and that can't be manufactured, as this essay demonstrates through multiple interesting examples.
- 13. ESSAYS: AI has Flown the Coop…
The latest from our very own Katie!
- 14. ESSAYS: Customer love: a recipe for building winning cybersecurity startups
We've seen writeups on PLG before, but this one is a bit different. It focuses in on one particular aspect of PLG that makes it work: customer love. It's a long read, but the most comprehensive I've seen on this one crucial aspect of product-led growth that really gets things moving.
In a world where most vendor discussions are angry grumbles about broken products and bad support, when buyers see their peers, seemingly unprompted, sharing their love for an enterprise cybersecurity product, they naturally want to know more!
Curious to hear from Tyler on whether or not this effect could be created without going full PLG. Are there examples of this?
- 15. AI PROBLEMS: Air Canada must honor refund policy invented by airline’s chatbot
- 16. AI PROBLEMS: AI bots hallucinate software packages and devs download them
- 17. POST MORTEM: Zach Whittaker’s this week in security newsletter covers Adrian’s CSRB Microsoft Breach thread
Late last week, I live tweeted thoughts and insights as I went through the Cyber Safety Review Board's review of last year's Microsoft Breach (the one that compromised all of M365).
This kills two stories with one stone:
- Zach's newsletter is great, subscribe to it
- Click the embedded Mastodon toot in the beginning of this week's newsletter to read my thread
For folks that don't like threads, a blog post is coming soon.
- 18. VULNERABILITIES: Hugging Face works with Wiz to strengthen AI cloud security
Some very interesting AI-model-related vulnerabilities that my girlfriend had to explain to me for me to understand.
- 19. SUPPLY CHAIN: Researchers Observed Visual Studio Code Extensions Stealing Users’ Sensitive Data
- 20. LEGAL: Google to Delete Billions of Browsing Records in ‘Incognito Mode’ Privacy Lawsuit Settlement
- 21. DUMPSTER FIRE: Microsoft left internal passwords exposed in latest security blunder
Uh, Microsoft, could we wait until I'm done writing up a post mortem analysis of last summer's breach before we have more???
