3029 Fortra on Phishing, AI, and LOTS Tactics: Protecting Against Trusted Service Abuse

[00:00:04] [SPEAKER_00]: Welcome back to the Tech Talks Daily Podcast where today we're joined by Michael Tyler, a cybersecurity

[00:00:11] [SPEAKER_00]: expert from a company called Fortra.

[00:00:14] [SPEAKER_00]: And in our conversation today we're going to explore the critical topic that's increasingly

[00:00:18] [SPEAKER_00]: relevant in the cybersecurity world.

[00:00:21] [SPEAKER_00]: What I'm talking about are the tactics cyber criminals are using to exploit trusted

[00:00:26] [SPEAKER_00]: platforms trusted services for malicious purposes.

[00:00:31] [SPEAKER_00]: Because recently Fortra uncovered a sophisticated fishing campaign that abused the legitimate

[00:00:36] [SPEAKER_00]: e-signature platform U-Sign.

[00:00:39] [SPEAKER_00]: And in doing so they were able to bypass traditional e-mail security gateways and filtering

[00:00:45] [SPEAKER_00]: tools.

[00:00:46] [SPEAKER_00]: So I want to explore how attackers are leveraging these trusted services to conduct their

[00:00:50] [SPEAKER_00]: operations while also avoiding detection and the challenges that poses for defenders.

[00:00:57] [SPEAKER_00]: And Michael will also share insights into the broader implication of this living-off trusted

[00:01:02] [SPEAKER_00]: services tactic and how organisations can fortify their defenses against these evolving

[00:01:08] [SPEAKER_00]: threats.

[00:01:09] [SPEAKER_00]: And hopefully enable you to answer how can your organisations stay ahead in this ever-changing cybersecurity

[00:01:16] [SPEAKER_00]: landscape?

[00:01:17] [SPEAKER_00]: Reaching listeners in 165 countries every day is testament to the unwavering support

[00:01:23] [SPEAKER_00]: of U-Mil listeners and our sponsors without whom this podcast just simply wouldn't be

[00:01:28] [SPEAKER_00]: possible.

[00:01:29] [SPEAKER_00]: And it also gives me a chance to talk about the fact that legacy DRM failed to securely

[00:01:33] [SPEAKER_00]: enable external collaboration, especially on sensitive files.

[00:01:38] [SPEAKER_00]: And how every organisation faces this risk-trust contradiction where they can share content

[00:01:43] [SPEAKER_00]: with untrusted third part is yet expected to protect that data.

[00:01:47] [SPEAKER_00]: So it's time for something more modern, a DRM solution that solves that dilemma without

[00:01:52] [SPEAKER_00]: compromising security or productivity.

[00:01:55] [SPEAKER_00]: And you could do all that with a company called CiteWorks that will enable you to say

[00:01:59] [SPEAKER_00]: goodbye to deployment headaches, file transfer, collaboration barriers and productivity

[00:02:04] [SPEAKER_00]: constraints.

[00:02:05] [SPEAKER_00]: So you can experience a more modern way to collaborate on sensitive content without sacrificing

[00:02:10] [SPEAKER_00]: control or security.

[00:02:12] [SPEAKER_00]: Please visit CiteWorks.com to get started today.

[00:02:15] [SPEAKER_00]: That's CiteWorks.com to get started today.

[00:02:19] [SPEAKER_00]: Now is the moment you've really been waiting for time to get today's guest on.

[00:02:24] [SPEAKER_00]: So a messy wall welcome to the show.

[00:02:27] [SPEAKER_00]: Can you tell everyone this thing a little bit who you are and what you do?

[00:02:31] [SPEAKER_01]: Yeah, thanks Neil.

[00:02:33] [SPEAKER_01]: So my name is Michael Tyler.

[00:02:36] [SPEAKER_01]: I've been in the cybersecurity field in one way or another for about 15 years or so

[00:02:41] [SPEAKER_01]: and over that time I've done a lot, right?

[00:02:44] [SPEAKER_01]: Spensive time in power analysis, fishing, threat intel and email security.

[00:02:51] [SPEAKER_01]: Currently I'm the senior director of security operations here at Fortra or one of a couple

[00:02:57] [SPEAKER_01]: of our senior directors.

[00:02:59] [SPEAKER_01]: I oversee all of our managed service operations for our email security and our digital

[00:03:05] [SPEAKER_01]: risk business functions which are things like fishing and personations and other fraud.

[00:03:11] [SPEAKER_01]: I also run our managed threat intelligence operations here where we, our customers understand

[00:03:19] [SPEAKER_01]: the bigger picture about how they're being targeted by adversaries with regards to these

[00:03:26] [SPEAKER_01]: different types of fraud and email scams.

[00:03:29] [SPEAKER_00]: And I'm glad you mentioned the word fishing there because that's one of the things

[00:03:33] [SPEAKER_00]: that put you on my radar there, the fishing campaign abused you so I'm and I think it

[00:03:39] [SPEAKER_00]: was fortunate recently discovered it.

[00:03:41] [SPEAKER_00]: That's what put you on my radar.

[00:03:42] [SPEAKER_00]: So can you just expand on that?

[00:03:44] [SPEAKER_00]: Everybody that's not heard of it and also what are the key tactics being used by the

[00:03:49] [SPEAKER_00]: cyber criminals in these attacks?

[00:03:52] [SPEAKER_01]: Or those that aren't familiar with years sign, your sign is an e-signature service

[00:03:59] [SPEAKER_01]: where basically instead of having to facts the contract over and then ship it back

[00:04:06] [SPEAKER_01]: and forth, you can execute contracts or other types of documents digitally.

[00:04:13] [SPEAKER_01]: Well in this instance an adversary has figured out that they were able to take use

[00:04:20] [SPEAKER_01]: of online platform and basically create a fishing website out of it where instead of asking

[00:04:28] [SPEAKER_01]: you for your signature, it asks you for your password.

[00:04:32] [SPEAKER_01]: And they've basically used this, they basically created this fake document and then have

[00:04:41] [SPEAKER_01]: sent it out as a fishing email to victims.

[00:04:47] [SPEAKER_01]: So there's a couple of pretty interesting tactics here.

[00:04:50] [SPEAKER_01]: The first is the use of use sign.

[00:04:54] [SPEAKER_01]: So this is a tactic that we call living off trusted services or LOTS lots, if you hear me say

[00:05:03] [SPEAKER_01]: that, that basically means instead of an attacker setting up their own infrastructure and

[00:05:12] [SPEAKER_01]: know registering their own domain setting up their own site, they take advantage of a service

[00:05:19] [SPEAKER_01]: that's out there, a legitimate service that a lot of normal wallbiding folks use and

[00:05:26] [SPEAKER_01]: they figure out a way to whisk it to meet their own ends.

[00:05:32] [SPEAKER_01]: And I think that's probably you sign and that abuse is the main focus.

[00:05:36] [SPEAKER_01]: A couple of other interesting tactics, the email campaign that we're talking about here

[00:05:41] [SPEAKER_01]: specifically shows signs that it was built using generative AI, which I know is a big topic right now.

[00:05:51] [SPEAKER_01]: And so we are seeing and see here instances where adversaries instead of taking the time to write

[00:05:58] [SPEAKER_01]: the email, write the the lures themselves, we use Gen AI and generate these very quickly with

[00:06:07] [SPEAKER_00]: a simple prompt.

[00:06:07] [SPEAKER_00]: And the question I've got asked on behalf of business leaders listening everywhere that use

[00:06:12] [SPEAKER_00]: e signature services because let's be honest most sooner and they will also believe that

[00:06:17] [SPEAKER_00]: they have robust cyber security measures in place.

[00:06:21] [SPEAKER_00]: So the question I've got to ask is how a cyber criminals leveraging these legitimacy

[00:06:25] [SPEAKER_00]: signature services like you sign and how are they bypassing email security gateways and filtering tools?

[00:06:34] [SPEAKER_01]: Absolutely so, um, you know, we'll focus on e signatures but I think it's important to call out

[00:06:42] [SPEAKER_01]: that the living off trusted services isn't limited to e signature services.

[00:06:47] [SPEAKER_01]: I'm at file hosting social media platforms pretty much any service where users can come in

[00:06:55] [SPEAKER_01]: generate their own content is at risk or a living off trusted services abuse.

[00:07:04] [SPEAKER_01]: The, and I call that out just because protecting your organization against this can't just stop

[00:07:13] [SPEAKER_01]: that e signature services but the concepts are all basically the same so it comes down to trust

[00:07:20] [SPEAKER_01]: when a, when a legitimate service like you sign or another e signature service generates

[00:07:27] [SPEAKER_01]: lots of good traffic and relatively small amounts of bad traffic the way that we do sort of

[00:07:37] [SPEAKER_01]: domain reputation folds in their favor right they go well 99% of the time the email coming from

[00:07:44] [SPEAKER_01]: domain is going to be legitimate so I'm going to let it through. This, you know this is

[00:07:53] [SPEAKER_01]: necessary in the way that things currently exist because if you had a zero tolerance policy then

[00:08:01] [SPEAKER_01]: one bad actor getting in doing something bad shuts down your entire business right which

[00:08:07] [SPEAKER_01]: you know everybody says well that's fine until it happens to them. Yeah so ultimately

[00:08:14] [SPEAKER_01]: you know if you know I'm going to make up some math here right if you sign sends out if they send

[00:08:20] [SPEAKER_01]: up a million and 100 or malicious well that's one in 10,000. Be it's malicious and that's a very

[00:08:26] [SPEAKER_01]: small percentage and a lot of organizations we're going to say okay well that's not your bad right

[00:08:33] [SPEAKER_01]: you know that's an acceptable risk for me to be able to accept this mail. So this is why they sale

[00:08:40] [SPEAKER_01]: past most email gateways and this is you know it's the same reason why you know you will see a lot

[00:08:47] [SPEAKER_01]: of organizations get attacked by threats coming from Gmail addresses because Gmail sends a ton

[00:08:55] [SPEAKER_01]: of mail they have a very strong reputation because by and large the vast majority of email that

[00:09:01] [SPEAKER_01]: they send is legitimate and as a result they have a you know they have a strong domain reputation

[00:09:08] [SPEAKER_01]: and by default they will pass through most email filters. It's such a great example because before

[00:09:16] [SPEAKER_00]: you came on the podcast I was also reading about that the fact that domains associated with

[00:09:20] [SPEAKER_00]: the German service providers like to email is you mentioned that all you sign that often not

[00:09:26] [SPEAKER_00]: blockbodies email filters so as a result what kind of challenges what kind of challenges it's

[00:09:31] [SPEAKER_01]: posing for saw a peculiar teams. Well it poses cyber security sorry it poses a bunch of challenges

[00:09:39] [SPEAKER_01]: because living off trusted services provides adversaries with a lot of benefits. The first is if

[00:09:49] [SPEAKER_01]: the platform they're abusing is free as most of them are well they don't have to pay for infrastructure

[00:09:57] [SPEAKER_01]: so you know it's there's a little bit of a financial burden but oftentimes even if it's a low

[00:10:03] [SPEAKER_01]: cost service they still can come out ahead financially apart from doing it themselves. They also

[00:10:09] [SPEAKER_01]: don't have to take the time and energy to stand up their own infrastructure which helps there

[00:10:16] [SPEAKER_01]: but from a defense perspective I'd say there's three big issues with living off trusted services.

[00:10:27] [SPEAKER_01]: The first and we'll see this you know if we look directly at this campaign and detail in a minute

[00:10:33] [SPEAKER_01]: it reduces the indicators that are available to us because you no longer can save on

[00:10:39] [SPEAKER_01]: a look for email coming from this sender because the sender is the trusted service. You can no

[00:10:46] [SPEAKER_01]: longer look and say on a look for this malicious URL because the URL points in the trusted service.

[00:10:54] [SPEAKER_01]: You know a lot of the traditional methods for blocking threats don't work very well when you

[00:11:09] [SPEAKER_01]: issue which means that most of your automated email filtering is not going to block based on the

[00:11:15] [SPEAKER_01]: sending domain and that you're gonna have to rely on other mechanisms which might be more expensive

[00:11:22] [SPEAKER_01]: or they may be more time intensive which can cause issues or email delivery. Right you can't

[00:11:32] [SPEAKER_01]: in a most organizations aren't going to tolerate holding an email for five minutes while you run

[00:11:38] [SPEAKER_01]: every scan on the sign under the sign on it. And I'm curious what are the specifics for

[00:11:47] [SPEAKER_00]: our indicators that thought true was able to identify in these fishing campaigns? Are there any

[00:11:53] [SPEAKER_00]: examples that you can share just to illustrate and shine a light on these indicators because

[00:11:58] [SPEAKER_01]: hey it may help somebody listening. Yeah absolutely so well you saw the blog right so I don't know

[00:12:06] [SPEAKER_01]: if share the link to the blog is something that you can do as part of the podcast that will

[00:12:11] [SPEAKER_01]: get them all of the details in the screenshots but as far as the specific indicators so there's

[00:12:18] [SPEAKER_01]: two really hard indicators here. The first is the sender's name or sometimes we call this a friendly

[00:12:28] [SPEAKER_01]: from and more technical terms where even though the actual sending address comes from a

[00:12:36] [SPEAKER_01]: you sign dot com sending address it will have a we call it a friendly from where it will have

[00:12:45] [SPEAKER_01]: a more narrative name right so for example for example your actual email address might be

[00:12:52] [SPEAKER_01]: tech blog writer at outlook.com but when you send an email it might say Neil Hughes that's given

[00:12:59] [SPEAKER_01]: as a friendly from so for this email campaign we saw the friendly from of you sign for HR notification

[00:13:08] [SPEAKER_01]: we also have an email subject which was you've been invited to sign review updated 2024 employee

[00:13:17] [SPEAKER_01]: handbook. It's not a very eloquent subject but that's one that Joe's to use yeah

[00:13:23] [SPEAKER_01]: so these will help you identify this exact campaign. The problem is that these are also very

[00:13:28] [SPEAKER_01]: easy to change and so I couldn't recommend them for more of the general use case.

[00:13:34] [SPEAKER_00]: And given attackers can conceal their fishing attempts under the service providers domain name

[00:13:40] [SPEAKER_00]: and even generate unique links for each request and as you've said that it's very challenging

[00:13:45] [SPEAKER_00]: because they can all be changed every day even a email so what strategies can organize

[00:13:51] [SPEAKER_00]: and poorly to detect and mitigate some of these threats that we're talking about here.

[00:13:57] [SPEAKER_01]: There's my mention it's challenging. Actually Neil I realized on the earlier question we were

[00:14:03] [SPEAKER_01]: talking about living off trusted services I told you to get their reach challenges and I'm like

[00:14:07] [SPEAKER_01]: maybe two of them. The I'll give you the third one real quick. The third challenge with living off

[00:14:17] [SPEAKER_01]: trusted services is actually that as a recipient of the email it's it can be more difficult

[00:14:24] [SPEAKER_01]: or an end user to recognize that an email is malicious because especially if they use

[00:14:30] [SPEAKER_01]: that service in this case you sign regularly they may see you sign they may go oh this is

[00:14:37] [SPEAKER_01]: you sign I know them I trust them when in fact it could be an attacker that's taking advantage

[00:14:43] [SPEAKER_00]: of that service. Yeah it makes perfect sense and so how can companies but a bolster there

[00:14:50] [SPEAKER_00]: defense against fishing attacks exploit a signature services. Are there any recommendations

[00:14:56] [SPEAKER_00]: that you have at full tour here for improving secure images and showing that the things that

[00:15:02] [SPEAKER_00]: they don't happen in the future will start by acknowledging that this is a challenge. You are

[00:15:08] [SPEAKER_01]: being off trusted services dealing with the strong reputation that these services possess is

[00:15:17] [SPEAKER_01]: challenging for organizations to handle and if the best solution really requires a partnership

[00:15:24] [SPEAKER_01]: on between that cybersecurity services and these trusted platforms but on this cybersecurity side

[00:15:35] [SPEAKER_01]: the two the two recommendations I would make to any organization is first strong end user education

[00:15:46] [SPEAKER_01]: knowing how difficult these things are to stop proactively to prevent them from getting into your

[00:15:53] [SPEAKER_01]: environment means that you need to invest in multiple layers of defense and end user education

[00:16:00] [SPEAKER_01]: is one of those layers. Brain your employees on how to recognize when something doesn't smell right

[00:16:08] [SPEAKER_01]: social engineering is you know the crops of fishing, breaking somebody into giving up

[00:16:16] [SPEAKER_01]: you know critical information that they wouldn't otherwise provide and teaching your employees

[00:16:22] [SPEAKER_01]: how to recognize when they're being manipulated is critical because that's actually the downfall

[00:16:29] [SPEAKER_01]: social engineering is that it's that it won't the spell only works until you notice that something's

[00:16:35] [SPEAKER_01]: wrong and then it generally falls apart. For example, you know we look at this use sign email

[00:16:44] [SPEAKER_01]: and the minute that you go a charge never set a use sign document to me to be signed before

[00:16:51] [SPEAKER_01]: all of a sudden you realize that something's hugely wrong you also could go

[00:16:56] [SPEAKER_01]: wilder what I try to mean my password. Yeah so that's part of it the other part is

[00:17:03] [SPEAKER_01]: having a strong rapid response you know program in place to deal with a threat that makes a

[00:17:13] [SPEAKER_01]: past your security protocols because what you really want to be able to take advantage of

[00:17:21] [SPEAKER_01]: is if the email gets delivered to one person or sorry if the email gets delivered to 10 people

[00:17:27] [SPEAKER_01]: and one person recognizes is it a recognizes it as a threat and is able to report it to the

[00:17:34] [SPEAKER_01]: security team immediately. The first order of business needs to be getting it blocked or pulled

[00:17:42] [SPEAKER_01]: out of the email and boxes of those other nine people were taking steps to contain the issue.

[00:17:51] [SPEAKER_01]: Now those are those are the two approaches I would recommend to any organization.

[00:18:00] [SPEAKER_01]: There's more dramatic steps that some organizations could take such as

[00:18:08] [SPEAKER_01]: looking to identify services you know trusted services that they don't use and working to

[00:18:16] [SPEAKER_01]: believe block them that can be risky though because for example you know what's use of

[00:18:22] [SPEAKER_01]: use sign again even if you don't use use sign and you want to sign a contract with a third

[00:18:30] [SPEAKER_01]: party vendor that uses use sign and you've blocked the use sign well that's going to be very

[00:18:34] [SPEAKER_01]: difficult to do and so organizations are going to have to balance how aggressively they work to

[00:18:42] [SPEAKER_01]: retain these attacks where making sure that they don't overly disrupt business operations.

[00:18:49] [SPEAKER_00]: And we've talked a lot today around what businesses can do to better protect themselves but

[00:18:54] [SPEAKER_00]: I mean in your opinion how should some of these trusted service providers like

[00:18:58] [SPEAKER_00]: the signature service providers what should they be doing to enhance their security protocols

[00:19:02] [SPEAKER_00]: to prevent their own platforms from being exploited in this way for fishing campaigns anything

[00:19:08] [SPEAKER_01]: could be doing better to anything? Yeah absolutely so right now living off trusted services is

[00:19:15] [SPEAKER_01]: really a popular attack vector you sign is one of many platforms that we see abused and the reason

[00:19:23] [SPEAKER_01]: that's so popular is because these providers have been primarily focused on things like

[00:19:33] [SPEAKER_01]: ease of access user-based size and other metrics that demonstrate success as a business.

[00:19:40] [SPEAKER_01]: And there's nothing inherently wrong with that and I'm not saying

[00:19:46] [SPEAKER_01]: that these providers encourage abusive use of their services because I don't think that's true

[00:19:51] [SPEAKER_01]: but preventing malicious use does take a back seat oftentimes.

[00:19:56] [SPEAKER_01]: Those several things that providers can do to limit the

[00:20:03] [SPEAKER_01]: opportunity for adversaries to take advantage as well as sort of raise the barrier to

[00:20:09] [SPEAKER_01]: entry so that they have to try harder. These are things like limiting bulk registration

[00:20:16] [SPEAKER_01]: opportunities and I would see some platforms where you can sign up for an account via an API or

[00:20:23] [SPEAKER_01]: something like that and it's fairly trivial to write a little script that will just automate

[00:20:26] [SPEAKER_01]: signing up for 100 or 1000 accounts which gives them a very large footprint on the service

[00:20:35] [SPEAKER_01]: and makes it generate a lot of work for that platform to then go clean up the mess. So limiting

[00:20:42] [SPEAKER_01]: bulk registration opportunities I would also say working to improve sort of know your customer

[00:20:49] [SPEAKER_01]: routines even on free trials a lot of these services will offer free trials or be available

[00:20:59] [SPEAKER_01]: you know at a base tier for free and attackers will take advantage of that they'll take advantage

[00:21:07] [SPEAKER_01]: of it repeatedly you know one free trial ends and we'll just go sign up for another account

[00:21:13] [SPEAKER_01]: working to improve their ability to detect sort of duplicate registrations and you know

[00:21:19] [SPEAKER_01]: other know your customer opportunities will help minimize that. These platforms also and

[00:21:29] [SPEAKER_01]: implement sort of proactive scanning of either high risk such as like let's use the use sign

[00:21:36] [SPEAKER_01]: for example right if somebody creates a form that says please enter your password I cannot think of

[00:21:41] [SPEAKER_01]: any legitimate reason why a user of one of these platforms would put something like that

[00:21:50] [SPEAKER_01]: and one of their forms and so you know you sign has the ability to see what is being put on

[00:21:58] [SPEAKER_01]: their platform and taking steps to minimize that these really high risk opportunities

[00:22:06] [SPEAKER_01]: can help it's not going to be perfect right you can't block every possible version of

[00:22:13] [SPEAKER_01]: trying to get somebody to type in their password but you can make it further you also can look

[00:22:18] [SPEAKER_01]: for anomalous usage of services if somebody signs up an account and within 15 minutes they're blasting

[00:22:23] [SPEAKER_01]: out thousands of emails it's a pretty big red flag and then finally you know something that we

[00:22:30] [SPEAKER_01]: also said on the on the recipient side of this equation rapid response and take down of identified

[00:22:38] [SPEAKER_01]: threats adversaries will continue to abuse a trusted service or another platform until

[00:22:50] [SPEAKER_01]: it no longer meets their needs usually because it's not worth the trouble to use it how long

[00:22:56] [SPEAKER_01]: they're allowed to set on the platform before actions taken against them is a huge determining factor

[00:23:02] [SPEAKER_00]: so as we look ahead into the future only a few months away from 2025 already so

[00:23:09] [SPEAKER_00]: what steps do you think cyber security industry needs to take to address some of these evolving

[00:23:14] [SPEAKER_00]: tactics that we're talking about here that cyber criminals are using particularly in the context

[00:23:20] [SPEAKER_00]: of exploring legit a purpose and the industry should be doing better than the other

[00:23:28] [SPEAKER_01]: thing. Cyber security is a cat and mouse game yeah living off trusted services showed up

[00:23:34] [SPEAKER_01]: because we got really good at blocking low reputation domains it's I'm not going to say it never

[00:23:42] [SPEAKER_01]: happens but it is a lot more it's a lot more challenging for an adversary to register a domain

[00:23:51] [SPEAKER_01]: and immediately start spamming out emails than it used to be so with living off trusted services

[00:23:58] [SPEAKER_01]: in particular defeating this is going to require deeper inspection of emails than we've done

[00:24:06] [SPEAKER_01]: historically because we're not going to be able to solely rely on metadata like the

[00:24:13] [SPEAKER_01]: the sender or just the URLs are in it. We're going to have to examine

[00:24:23] [SPEAKER_01]: what's the messaging right we're also going to have to examine things like does this bear signs

[00:24:30] [SPEAKER_01]: of impersonation a simple example of this would be something like if my friendly from said

[00:24:39] [SPEAKER_01]: Neil Hughes but my email address was you know some random string of characters that jmail.com

[00:24:48] [SPEAKER_01]: that's that's a big red flag right that's unlikely your actual email address

[00:24:54] [SPEAKER_01]: unless you're cat signed you up for an email. So that level of deeper inspection is going to be

[00:25:00] [SPEAKER_01]: one way that we're going to continue to combat this and this is something that for sure already

[00:25:04] [SPEAKER_01]: does and it's continuing to evolve on but it's really also going to require a partnership with these

[00:25:12] [SPEAKER_01]: with these providers because as long as we keep giving fertile ground to adversaries where

[00:25:21] [SPEAKER_01]: easy for them to abuse it they're going to camp out there we have to attack it from both sides

[00:25:26] [SPEAKER_00]: of the equation to to really stop this and I think that's a powerful moment to end on today

[00:25:33] [SPEAKER_00]: so much food for thought and we've been talking about the very serious and daunting cat and mouse

[00:25:38] [SPEAKER_00]: going between cyber security teams and cyber criminals but before I let you go I want to have

[00:25:43] [SPEAKER_00]: a little bit of fun with you now I always ask my guests to leave everyone listening with a book

[00:25:49] [SPEAKER_00]: that means something to them but I was on wish list all a song that we can add to our Spotify playlist

[00:25:55] [SPEAKER_00]: guilty pleasures all allowed you can leave either but which is it that you would like to leave

[00:26:00] [SPEAKER_01]: and what and so so I'll recommend a book I am a and we're going to pivot away from cyber security

[00:26:07] [SPEAKER_01]: for a minute right I am somebody who in addition to cyber security really enjoys being able to

[00:26:15] [SPEAKER_01]: help lead teams to realize their full potential and and lead organizations and really just

[00:26:23] [SPEAKER_01]: help a bunch of people do really awesome things and one of the books that I

[00:26:31] [SPEAKER_01]: I've read that has really inspired me on that is book by a kind of martial goldsmith called

[00:26:37] [SPEAKER_01]: what dot you here won't get you there and it really helps people that are trying to make

[00:26:47] [SPEAKER_01]: that journey from being an individual contributor and transitioning into leadership

[00:26:55] [SPEAKER_01]: understand that but the things that make you strong when you're an analyst are still good

[00:27:00] [SPEAKER_01]: even when you step into that leadership realm but if you lean too far into them they can actually

[00:27:07] [SPEAKER_01]: get in your way because leadership is a lot more about building consensus getting people going

[00:27:15] [SPEAKER_01]: in the same direction you know having those strong relationships and getting that buy and

[00:27:21] [SPEAKER_01]: if a lot more about that then it is being right all the time well that you here won't get you there

[00:27:27] [SPEAKER_01]: really teaches that lesson as well as a bunch of other powerful lessons and a really great way

[00:27:36] [SPEAKER_00]: awesome choice I'll get that added straight to our Amazon wish list and but the blog post

[00:27:42] [SPEAKER_00]: it will accompany this website I will include the link to the blog post that we mentioned today

[00:27:47] [SPEAKER_00]: this got a lot of that information around how you discovered that novel fishing campaign

[00:27:52] [SPEAKER_00]: abusing you son but for everyone listening is that anywhere else you'd like to point them

[00:27:58] [SPEAKER_00]: I am on LinkedIn you know feel free to connect with me there perfect well I want to add links to

[00:28:05] [SPEAKER_00]: website as well so people can find out more information about fortune so many big talking points

[00:28:10] [SPEAKER_00]: around this and around this campaign it was abusing you selling an e-signature platform there

[00:28:18] [SPEAKER_00]: so cyber criminals could bypass the e-mail security gateways and filtering tools with the

[00:28:23] [SPEAKER_00]: e-s I do urge anyone listening to check that out I will add links but more than anything

[00:28:27] [SPEAKER_00]: I'm Michael just a big thank you for shining a light on this and hopefully we've saved a few

[00:28:32] [SPEAKER_00]: people from becoming a victim of this but thanks for your time today absolutely the pleasure to

[00:28:37] [SPEAKER_00]: speak with you I think our discussion remarkable today highlighted the effort of

[00:28:42] [SPEAKER_00]: solving nature of cyber security threats particularly the concerning trend of attackers

[00:28:47] [SPEAKER_00]: exploiting trusted services like you side and as we've learned defending against these

[00:28:52] [SPEAKER_00]: sophisticated tactics requires a multi-layered approach from enhancing user education to implementing

[00:28:59] [SPEAKER_00]: more in-depth e-mail inspections and fortress findings underscore the importance of

[00:29:04] [SPEAKER_00]: remaining vigilant and proactive in the face of so many of these threats but so if you would like

[00:29:11] [SPEAKER_00]: to learn more about the insights and recommendations shared by Michael I'll provide links

[00:29:16] [SPEAKER_00]: over on my website techprogeriet.co.uk go to podcasts you should find this episode I'll link to

[00:29:23] [SPEAKER_00]: everything there but before I go watch strategies will you prioritize to safeguarding your

[00:29:28] [SPEAKER_00]: organization against this next wave of cyber threats please email me techprogerietooutroek.com

[00:29:35] [SPEAKER_00]: Twitter link to instagram at Neil Sey Hughes let me know your thoughts maybe we can all

[00:29:40] [SPEAKER_00]: help each other remain that little bit safer online but that's it for today I will be back

[00:29:47] [SPEAKER_00]: bright and early in your podcast feed with another guest bright and early tomorrow morning but

[00:29:51] [SPEAKER_00]: thanks for listening as always and I will speak with you all again tomorrow bye for now