Welcome to 16 minutes to a 16 seed, show, where we talked about tech Trends in the news, what's happened? What's real and the long Arc of innovation. I'm Soren and today, we're talking about the latest developments and Trends in cyber crimes, including Defence of ram somewhere and a tax on physical infrastructure. First, we have the recent attack on the meat processing plant JBS the largest meat processor in the world just last week and had to temporarily shut down some operations in the US, Canada and Australia, due to an attack on its servers with the hackers demanding payment, from the company. These types of ransomware attacks are increasing recently. Hackers to the Colonial pipeline, the largest refined oil pipeline in the US and disrupted fuel Distribution on East Coast in that attack hackers, demanded and received millions in Ransom, do the justice department announced on Monday? It had recovered much of that Ransom paid in Bitcoin. Actors have also recently hit Healthcare organizations, school systems and Ferry services in the second segment will briefly talked about the breach of home and Enterprise wireless network management. Technology provider Ubiquiti security researcher, Brian Krebs reported allegations in The Whistleblower and more recently lost.
I've been filed, he will focus on the question of security that raises both segments, get your a16z operating partner for security and former box ESO Joel delagarza, a16z, General partner of my team. Casado co-founder of networking company. Nice, Sarah choices for the second segment. Explaining how technology transfer beating to a wider range of potential targets for hackers. Every business is essentially becoming a software business and meat processing and a large chunk of our food processing. Infrastructure is now a software business. He's highly automated facilities are run by computers and essentially are subject to destruction by things like ransomware. I like, it makes sense that a pipeline operator or some of these other bits of critical infrastructure of power, plant excetra, you know, for a meat-processing conglomerate to be subject to these same forces, it's pretty incredible. The FBI on Wednesday providing information on the identity of the JPS ransomware hackers saying it was a cybercrime group is linked to Russia. So, what do we know about this group in the
We operate. So this is going to get to there are evil packing, ransomware group and this is our ransomware as a service organization. Pretty similar to all the other ones that are out there. And their MO is pretty similar. So there is certainly a freelance nature to this. They have kind of an affiliate model where people can bring victims into the ecosystem, and then get paid for bringing those victims into the ecosystem. Let's say, you are a freelance hacker that got yourself into JVS. Well, you can go to someone like Reidville use their infrastructure deploy, the tools and take kind of a percentage of the payment of Ransom that comes in as part of that activity. And we don't know right now, whether JBS has paid or plants to pay any Ransom, although, in the case of the colonial pipeline attacking May the company that operates the pipeline to confirm didn't pay the ransom, but focusing on the news at the JPS attack in based on what we know about these types of crimes detectives get access.
The hackers that are doing this ransomware, stuff are using, is very basic attacks because you don't kick the door. If the window is left open, you just go through the easiest point of access. And so these people are going after really low-hanging fruit, getting to the really critical pieces of our supply chain and then disrupting them for a lot of money. Typically, they guess a password on like a remote Administration terminal or they may be sent to spear phishing email and get them our and they're basically, they get access to the company. They lock up their computers. They lock up their systems and then they sell a key to unlock those systems. Back to the people who've been breached from what's real. Are there actually more ransomware attacks going on? Or are we just hearing more about them? Enable this was in a widespread adoption by businesses of cyber insurance policies. Combined, with a belief that if you buy an insurance policy, you don't have to take any precautions to protect yourself. And so,
You just had a bunch of companies that were, like, rather than hiring security people building a program during their infrastructure. They saw it while I was paid for insurance now, so it doesn't matter. And this is just very much the sign of a super early, super kind of immature industry and it's kind of wild west. You flush billions of dollars into the Cyber Insurance Market. In the policy start paying out. What happens while ecosystem developed that exist, extract, that value from those Insurance. That's what's happening now. So these attacks are hitting important, infrastructure targets. Now, such as fuel pipelines. We had two recent Colonial, pipeline attack, and major Supply chains food sources, like, in the jbs-case, in this all has National Security implications. So the Department of Justice announced late last week that they were elevating ransomware attacks to a similar priority as terrorism. What kind of impact will this have in? Are there any other steps should be taken for example, by security Regulators on the federal government side? Like, before we rushed kind of like him, pull that new regulations, and expand.
And the scope of control for Regulators to just be really nice. If there could be some coordinated law enforcement activity around. As I think you're seeing this with task force has been set up by Department of Justice. There, any working as sort of a fusion center with National Security Council and other intelligence agencies to bring the hammer down. These folks like once these mechanisms get into motion, there's going to be a lot of pressure brought to bear not just on the criminal actors, write the other put a few of them in jail but they're not going to eat all of them. But like a lot of the intermediaries that Annapolis and then what's going to be interesting is thinking about what comes next. It's time for insurers like wholesale decide to stop paying Ransom. What is that due to the market? Will the price of ransoms will go down cuz they're going to try to find an amount that a business to pay out of pocket without it destroying the business. But then they're also going to move more aggressively to monetize the date of a steel. And we've seen that that is a new monetization strategy, which is like half a ransomware hospital. Let me steal patient records. And then let me go to the patients and make the patients. Pay me to not make the records public, right? It's just
Going to kind of slide down to change the right now. You have deep-pocketed. Insurance companies that are making a lot of payments. You're going to have smaller pocketed, corporations making the payments and then eventually it's going to hit the individuals and so they'll be looking to collect. You know, smaller sums from hundreds of thousands of people were talking about Ubiquiti. There's a lot going on here but supposed to start with the basics and Joel, let's start with you. What do we actually know about the breach? What actually happened here, we have a whistle-blower, either a person who was working inside of ubiquity, as an employee or external contractor or perhaps even a consultant La all of the different ways in which Ubiquiti has been breached and it turns out according to this whistleblower, that it was actually a compromise of credentials from somebody's LastPass password manager. So somebody got into a password manager for an administrator who gave them full access to their AWS account. And so there was a lot more information there that obviously was not shared with the public in the initial preach disclosure Martinez,
What's the next we mean base of the allegations. It seemed that they had access to everything including signing Keys, which seems to me. If that involves firmware updates, that means the attackers could potentially run arbitrary software on all of these devices that around the world, all of their AWS accounts, all of their S3 data, buckets, all application logs, all databases, all user database, credentials to everything. And all secrets, if true, it's almost like an attack was able to get access to any device anywhere and you know this isn't some app on your desktop, right? This is like your wireless infrastructure in this is potentially your security cameras, right infrastructure that you rely on for security and conductivity at cetera. I don't recall in your history a delegation from Attack that's potentially so dramatic that touches the small
The end consumers according to the allegations that hackers gained all kinds of access. But how big of a deal is this really like how far did this attack spread? If you travel anywhere in the world region and you look up, you'll see like a little white antenna that Ubiquiti. I mean it's basically you know the last mile of conductivity for low-cost and rural area so it's absolutely everywhere. Okay? So let's see, some part was typing with real as we do on this show, is this kind of packed. Tell us anything we didn't know about our vulnerabilities. Here's what I'll say that this is a little bit different, you know. It's one thing like you lose the bunch of data but then you come in your remediated and the companies have the money to do it. They have the awareness and they have the knowledge. It's also something to attack software on it and computer because the companies that provide the top learn about it and they kind of upgrade and so forth and that's kind of very well understood in the industry. What is not as common is a man were talking about devices that people buy or antennas?
Security cameras and they put them up and they never think about them again and it's not like these things go through upgrade Cycles, it's not that these are sitting on a desktop stuff that we interact with them as software in the traditional sense could be the case I would ever attack. And back doors are going to be with us for the next decade. His to equipment like sits out there. Any materially different flavor in that sense. It's like these little crumbs all over the world that are unlikely to be updated. Like we spent the last twenty years additional users to update their software, updating your toasters a whole new motion ride ever ridden. The interesting thing is like a lot of these yet, we always say nest in, toasters and cameras, but a lot of iot devices really. Are you do kind of like a new thing that a few people have it. Like, they don't have like, a lot of deployment but we're literally talking about pretty much anybody that has a connection to anywhere in the world right now. The chances are 50% or greater is he
But he's a big deal of things that we don't really think about patching and upgrading as technology has gotten easier to use and into the hands of individuals rather than the large organizations that exposes, his kind of news on the difference in that in that you can sit up for an iPhone, but we understand how to fix those and pets them. An upgrade them because it's part of the user experience with computers and laptops and iPads and iPhones. What we're talking about something that people do is Elmo's like his non-technology like a table or something. And not only that, it's in the most farthest reaches of the world. And so, we potentially have these devices that don't have a software interacts with the way that we use it. If you don't think about them being compromised, we don't have enough great cycle and so it could be is now endemic thing. So what do we know about the hackers? In this case, the credit report says, they demanded 50 Bitcoins as Ransom to stay quiet about the attack back when the breach was first discovered the based on that and use and the overall fact pattern here. What can we do in about who is doing this?
Why there's probably like two potential actors for this. And you know, I would say the first is always nation-state just think of the surveillance capabilities of having a network that was as far as right like you get access to millions of Route around the world and now you can serve a private internet traffic and you can look at that is a agency and they did eventually ask for a ransom in the course of this negotiation. But that could be subterfuge and that could be a way to make it look like, it was an issue that there are a lot of people who are doing government work that are working for you. No intelligence agencies that are also kind of mood lighting in the ransom we're staying. And so I think like it's some Confluence of that kind of a group probably relatively sophisticated. What's the bottom line here in your view? What's the big takeaway from people? And I have been in this for a long time. Have you seen a lot of attacks? This is another one of my primary messages like let's not let this stop progress. I think that the benefits that we get from connecting the next billion and from having kind of far more advanced physical security
Far, outweigh the risks that you see from these attacks but thank you, thank you.