Why Hackers Target YOU. Dark Web EXPOSED. Artwork

Cyber Crime Junkies

Translating Cyber into Plain Terms. Newest AI, Social Engineering, and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research, and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manage cyber risk.

Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast

All Episodes

Cyber Crime Junkies

Why Hackers Target YOU. Dark Web EXPOSED.

June 20, 2025 • Cyber Crime Junkies. Host David Mauro. • Season 6 • Episode 88

Host David Mauro interviews Jeremy Samide, CEO of Blackwired, about why hackers target you. We expose the latest dark web secrets, and the latest social engineering risks.

Find more about Blackwired here: https://www.blackwired.com/

Send us a text

Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Attacks,Evolution Of Cyber Threats,Why Hackers Hack People,Best Cybersecurity Practices For Business,Blackwired,Jeremy Samide,Cyber Crime Junkies

WHY Hackers Target You. Latest Dark Web SECRETS.

Host David Mauro interviews Jeremy Samide, CEO of Blackwired, about why hackers target you. We expose the latest dark web secrets, and the latest social engineering risks.

Find more about Blackwired here: https://www.blackwired.com/

Chapters

00:00 Introduction to Cybersecurity Threats

02:54 Jeremy Samiti's Journey into Cybersecurity

06:11 The Evolution of Cyber Threats and Law Enforcement

09:06 Understanding Threat Intelligence and Proactive Defense

12:07 The Importance of Visualizing Cyber Threats

14:56 Direct Threat Risk Management Explained

18:09 WHY Hackers Target You

20:58 The Anonymity of Cybercriminals

23:52 The Impact of Digital Transformation on Security

26:55 Small Businesses as Targets for Cybercrime

29:46 Shifting the Mindset on Cybersecurity Risks

32:30 Understanding Criminal Behavior and Risk Mitigation

34:08 Latest Dark Web Secrets

36:36 The Role of Cyber Liability Insurance

39:01 Handling Breaches: Transparency and Accountability

46:10 Innovative Approaches to Cybersecurity

54:15 The Future of Cybersecurity: AI and Deepfakes

Topics: WHY Hackers Target You,Latest Dark Web Secrets,Cybersecurity,Cybercrime,Hackers,Threat Intelligence,Small Business Security,Ransomware,Social Engineering,Healthcare Security,Risk Management,Breach Response,Transparency,Financial Impact,Threat Landscape,Dark Web EXPOSED,Emotional Toll Of Cyber Attacks,Evolution Of Cyber Threats,Why Hackers Hack People,Best Cybersecurity Practices For Business,Blackwired,Jeremy Samide,Cyber Crime Junkies

Speaker 1 (00:00.59)
you

you

Speaker 2 (00:08.622)
Hey, do you think your firewall and your antivirus are keeping you completely safe? That's adorable. Here's a pop quiz. Do you know what 100 % of all the data breaches that happened in the last year had in common? They all had a firewall and antivirus, and yet they still happened. What if the bad guys are already inside and the only people who saw it all coming before your systems and production got shut down are

on the outside of your organization. And they don't even know you yet. So let me introduce you. In this episode, we sit down with Jeremy Samiti, CEO of Blackwired. Jeremy has supported clandestine operations for the US intelligence community, NATO, Interpol, and military forces. He's the guy who tracks down cyber threats before they hit the news, before they hit your systems, and honestly, before your IT team.

generally even knows they exist. Stick around to the end for a practical no BS takeaway every leader needs to know to stay out of the news for a data breach. Cause in today's cyber jungle, you're either proactive and hunting or you're the prey.

Speaker 2 (01:27.918)
Catch us on YouTube, follow us on LinkedIn, and dive deeper at cybercrimejunkies.com. Don't just watch, be the type of person that fights back. This is Cybercrime Junkies, and now the show.

Speaker 2 (01:47.948)
Welcome everybody. Cybercrime junkies. I am your host, David Mauro I'm really excited about the guest that we have today. It is Jeremy Samide, CEO of Blackwired, one of the most trusted cyber intelligence experts working on the planet today. He's led high profile ransomware investigations, traced criminal crypto flows across the dark web, and briefed government and private sector leaders on how to counter the next generation of cyber threats. Over the last 20 years,

Jeremy has supported clandestine operations for the US intelligence community, NATO, Interpol and military forces across APEC and Europe, specializing in state-sponsored threat, cyber warfare and cryptocurrency tracking. His expertise has even been tapped by the writers of CBS's Person of Interest, Harvard's Master Program and NATO's Military University of Technology.

in Warsaw. Jeremy, welcome to the podcast.

Great to meet you. And honestly, we had such a great conversation. Unfortunately, we didn't record it. we're just going to redo the whole thing. Let's do it. Right. So so tell us a little bit about yourself. Originally, what I always am fascinated by is how did you get into what drove you into cybersecurity in general? Because some of us who aren't in our trees, like it wasn't really a thing. I got started years ago. I started working.

decades and decades ago, but I made it into cybersecurity right around the Y2K era. And it was nothing like it was today. So what, what led you into it? Like, were you one of the kids that would like take apart computers? Or did you just have a belief in national security and patriotism? Like what, what, what walked me through it.

Speaker 1 (03:43.574)
Yeah, sure. So originally, my mom wanted me to be a doctor. And so I felt I felt the peer pressure. Having to be having to be a doctor, right, like a pediatrician. Right. So, you know, I volunteered, started volunteering at hospitals and I realized through certain, you know, events that I would see there with the elderly and whatnot, I just I realized I didn't want to do it. It wasn't me. But I always had a knack for.

having.

Speaker 1 (04:11.214)
gadgets and technology and doing those types of things. So I was a little bit around the same era, right? Growing up in the technology space and it was all about modems and phones and things like that. So I realized that that was really my passion in doing those things. So I built my first computer virus at 16. I built my first computer when I was 16 or 17 right around there.

Hang on, hang on. Let's pause there for a second. You built your first computer virus at 16? Yes. Okay. What did it do? Like what?

So in today's terms...

15 year old Jeremy come up with in his room

So yeah, yeah, so it's funny because I'll leave, you know, organizations anonymous here. But so I built basically a virus that was able to, in today's terms, exfiltrate data from computers.

Speaker 2 (05:08.782)
your exfiltrate. Yeah, have to use a fancy word. Steel steel, right? Because people get turned.

That's the word we use today.

Speaker 1 (05:18.422)
Really? Yeah. So back then it was, was educational purposes only, but you know, I didn't have many computers to work with in this situation. So I took, I took one to where I was working and, you know, back then it was modems, right? It wasn't really like a broadband connection. you know, you put the virus on a three and a half inch floppy disk and you know, you stick it in the drive. They turn the computer on in the morning. They don't know any different. It does its thing as it boots.

right? And then it pulls data in a specific way. And then, you know, the the modem number was taped onto the modem, you know, for, you know, back in the area. And so I had a computer at home that my parents bought, you know, and I was good with it, right. So we dial into the modem into the place where I worked. And then I was able to get to the machine to see what it pulled from the disk. And it's simple, right. But it was the concept.

wasn't able to gather up like

Passwords are sensitive to Well, basically there was passwords, there was also, because all that was clear text back then. But it was the system itself and it was all the receiving of all the product that was coming into the store and the manifests and pricing and scheduling and all that stuff. So back then it wasn't as sophisticated. So a lot of it was command line driven.

or they could have.

Speaker 1 (06:39.978)
We could see lots of things on the hard drive, the C drive. But conceptually, was the start of essentially my career in doing those types of things and knowing how computers worked and being able to understand the operating system. So I come from the command line world, not the point and click. So it's very old school, but it was also very efficient. So, but yeah, that stuff and then doing like the phone freaking stuff, right? Like the, you know, those kinds of things was also very... Yeah, I mean, that's what you had.

That's how.

That's how we, that's how, yeah, that's what we had, right? Those are the technologies and being able to bypass toll free, long distance calls and all those things that were kind of part of technology back then that we were able to circumvent.

That's amazing. So how did you, did you go into, where did you go from there then? Career path into medicine.

So you can do the.

Speaker 1 (07:35.858)
No, I didn't. yeah, so I studied, I started out in computer science at university and then I realized that it want to be like a, like a coder my whole life. Programmer. was good at it, but I switched my major into the business side, which was management information systems. That's what they call it back then. So it had a business track. It was in the college of business, but then there was also, you know, technology courses and such, but you know, I did a lot of self taught.

things as well while going to university and reading a of things and experimenting because I had my own computer and I had those types of things, access to those types of things. And so the university was a great place to look at systems and other types of things as well to learn. So a lot of that stuff just came naturally to me and I enjoyed doing it. And it was a, you know, even then it was really kind of an up and coming field. Like, you management information systems, using data with business and those kinds of things.

Yeah.

Speaker 2 (08:34.04)
So back then there was data was it wasn't new, but the housing of data, the protecting of data, like the value of data and putting dollar amounts around data and what it really means. was really getting, it was at its inception stage.

Totally. Yeah. And it was called, you know, data security. Now my first internship, was, it wasn't information security or cyber security. was just data security. And again, as you said, very infancy in the stages.

How did you get involved in helping law enforcement?

So I started attending and being co-found, but I was one of the early attendees at some of these round tables and conferences that were put on by federal law enforcement. And in talking to some of the agents, the special agents, I saying, how are you guys doing this and how are you guys doing that? And they were actually looking to the community to help as well, because a lot of the federal law enforcement agents back then, they didn't have a lot of cyber, but they were more in the protection business or they were in the treasury business or.

you know, in the, in the, just in the law enforcement side of things that wasn't really cyber. And so they asked me to help in assisting in some of their federal investigations, their white collar crime, you know, different types of activities, child pornography cases, and those kinds of things where they needed expertise in, in forensics and networking and looking at data and, and snooping around and doing those kinds of things. So that kind of got me into.

Speaker 1 (10:04.846)
that domain. Then back then I had my own, I still do, but I had a different company and we started to get into federal government work. So it's sort of evolved from federal law enforcement into Department of Defense work and then ultimately into the intelligence community. So people leave in a trip and then they move over here and they say, we want you to do this work over here. And you know, throughout that process you get security clearances and they get elevated and then you can start to do that kind of work later on. So

That's the evolution of how I got into that space. But then there's a lot of private sector work that we would do too. You you'd start out with, you know, back then doing the red teaming, the blue teaming stuff, and then going in and doing assessments. And this is when like, you know, Wi-Fi was starting to really come about, right? Yeah, become popular. So we were doing a lot of war driving.

things started to get connected to the net.

Yeah. And there was a couple of institutions that were quite prominent that we run around with some of the law and federal law enforcement agencies to kind of show some awareness. And they said, see what you can do. And so we were able to just get into some certain places that were very prominent. And I did it on behalf of working with some of the law enforcement agencies. So they would go in and I'd be like, what'd they say? What'd they say? And like, you know, their jaws dropped and their, you know, their drawers dropped and everything else because they couldn't believe that this could happen. Like,

you know, out of the air, you know, and then, then being, yeah, they couldn't see it exactly. And exactly. And that still happens today, you know, at that executive level, which is, which is, which is, you know, why we built some of the tools that we built, because it was, you know, seeing is believing. And if you can see connections and you can see these things and visualize them, it's very different. So being able to, so just telling someone like, Hey, you have a real big vulnerability here or a big open gap here.

Speaker 1 (11:50.818)
They don't understand it. can't grasp the concept as they can't see it. Like, where is this guy at? Like, I don't see anybody walking to the front door. Like, who's stealing what? And that's been a problem. It's been a challenge my whole career is to convince people to believe that they have issues.

Yep, absolutely. Hang on.

And that's really the challenge that a lot of just business leaders that aren't technical really have. And that's where they're really struggling to understand the risk, right? And they all like every business has a risk appetite. And but a lot of them, especially when comes into cyber, they don't they don't see it. They don't know that they're flying blind. They don't know that they they have almost a false sense of

security because they haven't been breached that they know of. They haven't been breached in the past.

Yeah. And this is, and this, goes to the conversation that we had earlier is the, the industry, in my opinion, the industry is looking inward. Like we're all looking inside the organization. Right. So, you know, things like your firewall and your EDR tools and your mail screen, everything is looking inside. Right. And it's, it's, no one's looking the other way, right. Which is part of what we've done in terms of solving these problems, which is

Speaker 1 (13:17.26)
looking at really what's happening around me versus like waiting for something to happen on the inside. So that the response we did.

the value of threat Intel, right? And right, because it really gets into the modus operandi of the cyber criminal. Like, like everybody's got everybody's focused on, I need a really strong front door in my home, and I need a ring camera. But if you know that every Wednesday, there's been break ins in your neighborhood over on the side window by the laundry room. That's invaluable to know that. because now you're like, well, why spend the time

Yes

Speaker 2 (13:53.996)
there focused on that, right? Right. Let's put some guards up and some cameras and some lighting over on that part of the house because that's actually what is happening in

Yeah, and that's part of the translation, the simple translation that we use is your own home because people can relate to that. If I tell you, David, said, there's people that are going to attack your home tonight and you're like, whoa, how is that going to happen? And if I said,

Don't worry, I've got a front door with a lock on it.

So we hear that too. But part of the questions that I would ask in that situation was, okay, where are they right now? So to me, that's a new measure of risk that we're not looking at that we've been able to address, which is called proximity risk. So how far is the threat actor from my front door or my back door? And being able to visualize that now is key. The second thing that I would want to know is,

is how many of them are there, like how many thugs are going to be around my home or your home. And the third one would be how severe is it, right? So are they carrying knives? Are they carrying guns? Like what do they have with them that they're going to use to try and attack me or attack my house? And it's the same thing in an organization.

Speaker 2 (15:17.592)
gather up that info. Is it through the dark web? Is it through the chat forums and then to see trends and exploits?

So it's a of a lot of things. So we're redefining a category called direct threat risk management, which is looking at those things that you mentioned. Certainly, we've been doing that for nine years. We have a nine year intelligence apparatus to garner that type of information and collect that type of information. But we've also built some proprietary technology that allows us to visualize every existential threat around an organization. So this is something that's very new.

And it's, we launched it back in September of 2024 and we've gotten a tremendous amount of traction for organizations that are, that we can show that we're looking at things very differently, which is we want, we turn the lens around. Then we're looking outward from a 360 degree view in three dimensions of every existential threat you have. that proprietary technology allows us to look at every single threat surrounding your organization.

And we can contextualize that and we can build attack sequences to show here's adversarial development outside of your organization because it's comprised of a phishing campaign with these 12 attachments. This command and control server, it's using Cobalt strike. It's going to use Mimikatz. It's going to use some Crypto Locker and it's part of an infrastructure that is being built and being developed outside of your organization. So it's the same kinetic.

in the kinetic world, which is if I have a satellite flying over a forest and I see two intercontinental ballistic missile batteries, and then I have another satellite fly over six hours later and I see eight batteries and 30 tanks, that's adversarial movement or adversarial development. So we see the same kind of movement in the adversarial domain sitting outside of my organization. So it's, being able to visualize that.

Speaker 1 (17:19.554)
being able to contextualize it and then provide prioritized attack sequences to our customers to say, here are the 12 attack sequences that are sitting outside of your organization. Here's the most formidable, here's the most severe and here, and then we descend those in order.

You can help to prioritize the risk.

Exactly. Right. And then on top of that, we also provide the solution to each one of those attack sequences, which is not only can we identify what that attack sequences is, we have, we now can gather the metadata behind that to say, here are the indicators of attack or the indicators of compromise that they are going to attack you with. So here's the, here's the phishing attachment link, right? Here's the hash to that. Here's the IP address for source origination.

Here's the long URL and those are the types of things that we can provide as intelligence to the organization to integrate into their current technology stack or security stack and say when this comes This is what you do you block and tackle so we inherit the policies of the organization So to your point earlier when when you get someone that says well, I don't see this. I don't see this in my network I don't see it my sin That's the point you don't see it because it's not hasn't

hit you yet.

Speaker 2 (18:39.886)
It hasn't gotten in to be the

Exactly. And once anything is in your organization, it's already too late. That's the mentality that the cat and mouse, the detect and respond mentality, which is from the 1980s, is still being programmed in our minds that that's what we're supposed to do. We're supposed to wait for the threat, brace for the attack, and then deal with it. Like that's so old in 1980s mentality that we just

think that that's the way we're supposed to do it. When now today you can actually see the threat actor and the threat campaign forming and developing outside of my organization and notifying me before it even happens. So it's a process we have what's called RFI, aim, ready, fire, which is how every threat actor moves. That's their MO, which is they aim, pick the company, the target, they ready themselves, which is the...

rural healthcare right? Rural healthcare is on the agenda. Yeah. And so if you're rural healthcare, it's going to apply. Right. And this is their MO. This is their formula.

Yeah, the industry,

Speaker 1 (19:44.397)
Exactly.

Speaker 1 (19:55.918)
can digitally fingerprint those attack sequences now and say, this thing that's attacking rural healthcare is also attacking these other 17 healthcare organizations because they use the same system, they have the same vulnerabilities, and when threat actors are successful in one target or one industry, they'll continue to repeat. Now, there might be some differences in that that we can identify, but ultimately,

It's the common denominator is the same infrastructure that they're using in the same techniques that they're using because they've been successful at it.

So one question I get asked a lot is because where I live, I'm in the, you know, I'm looking at forums and dark web, you know, marketplaces and things. And, and especially the small to midsize business owners in the Midwest or the rural healthcare in the U S they, everybody's still surprised that these cyber criminals aren't

arrested or I mean, they do occasionally get arrested when they travel, right? We, we catch them when they're on their way to, a beach somewhere or something. Right. In general, a lot of them go, they operate with impunity. So like, can you explain to us why that is, or, you know, how the organized crime element here is, has developed? Yeah.

So there's a they to dispel any of them the mystique around, you know threat actors and hackers like right they don't all wear hoodies and they don't Yeah, exactly. Yeah, some of them are but I mean, know, this is part of the the issue too is The face of the threat actor today is is so varied right and so so different than it used to be a lot of these people have jobs, right a lot of these people are

Speaker 2 (21:36.748)
picture right

Speaker 1 (21:55.512)
They might be stateside. A lot of them are not in the United States. So there's a level of anonymity here, and there's different levels of threat actors in the campaigns that they have. It's just like anything. have a level one, which is your loosely affiliated or rogue type of threat actors that are trying to make a quick buck and scam them.

a certain demographic perhaps. And then you have your state, your level two, which is your state criminal gangs, right, which is organized, funded, you know, even maybe funded by the state, but not really affiliated.

Right. Or at least sponsored in some way.

Exactly. And then you have your level three state criminal gangs, right? Or your level three state sponsored organizations. you know, the lines are being blurred between level two and level three these days, because it's almost you can't even tell the difference now between a criminal gang and a state sponsored organization. The only difference might be financially motivated outside of the North Korea, which is financially motivated.

But most other state criminal gangs are not. Or I'm sorry, state sponsored gangs, right? So jurisdiction is very tough today, you know, in terms of where these guys are. It's not as easy. mean, you know, if DOJ puts out, you know, mugshots of, you know, five hackers from the PRC, good luck. They're never traveling. So it's a lot of bark, but no real bite in situations. So it really just depends. mean,

Speaker 1 (23:32.566)
Social engineering today is completely redefined and it's evolving so quickly that, you know, it's a lot of times it's really hard to determine who's the ringleader, right? I it these organizations like Scattered Spider and, you know, it's a really popular one today.

remarkable. Their ability, the level of research that they do, their OSINT, their ability to persuade people and convince, mean, their skill set in social engineering is absolutely remarkable.

reason that is, or one of the reasons that is, is I've seen, you know, we've seen these guys under the hood, you know, one of the criteria is, must speak English.

I mean, that's, but today, you know, it's like, you you can you got call centers in Asia and got call centers in certain parts of the world that, you know, it's commonplace to hear accents for people asking for things, looking at social engineering techniques. mean, some of these guys are very good and they're very persuasive in what they do. And so it's fear mongering, you know, with different demographics. mean, you know, my mother gets calls all the time and she answers the phone. I don't understand it, but.

Speaker 2 (24:54.198)
Or they're clicking on ads like I've product forever, this one's 90 % off, I've gotta buy it. I'm like don't click on me. It's not real.

I mean

Speaker 1 (25:01.672)
Yeah, yeah, I mean, yeah, part part of the problem too today, I think is just it's just vanity. mean, you know, you we've done we've done things at conferences where it's like you put up a easel before you come into the into the to the event and it's when a free iPad scan this QR code. Like I have I have a QR code phobia. Because the thing I ask everybody is, okay, what is that? Where does that take you? What does it say? Where does it go? I don't know.

I'm not clicking on that. I'm not going to put my camera on that and open my Chrome browser. That's ridiculous. But people do it, right? And during the pandemic, was big. was popular to recreate QR codes on the tables in the restaurants that had the menu, right? So if it looks like the menu when you go there and all of a sudden it drops a piece of malware on or some sort of tracker, and then all of sudden it's, you know, that's the end. so there's all different kinds of

That brings up a question. And you've talked about the kinetic world. When you first got started, we had two versions of our life. We had computers in the office and then we had our regular kinetic world, our physical world. And frankly, if the computers were down, we were fine. Generally speaking, we were fine. We could still process payroll, deal with vendors, conduct sales. Everything was still working.

Yeah. And now we've all gone through this digital transformation. mean, anybody that's been to healthcare recently, like the nurse doesn't come in with your records, all papers of your records to be able to tell you what you need and where you're at. Like there, it's all on a tablet. It's all in an EHR system. It's all tucked away and we're more dependent on technology now than we were 15 years ago. impact of these attacks is worse than it

It's 100 % David and it's a perfect example is the healthcare industry where the value now of health records and bringing a hospital back online from a ransomware attack is priceless today because if the hospitals are working you're now starting to see isolated cases of collateral damage right like so people are dying because they couldn't get their surgery or they couldn't the x-ray over to the radiologist

Speaker 2 (27:25.134)
If it's a rural healthcare, they have to transfer two hours away or an hour and a away when every minute counts.

Yeah.

Speaker 1 (27:31.406)
Exactly. it's, know, in that type of world, yes, we did it, you know, 30 years ago, 40 years ago, but today, no one knows where the reams of paper are anymore. Right. Right. So if my iPad isn't working, that's got all the records and the ordering medications and this, that and the other, it slows everything way down and brings you back into the archaic ages.

Well, yeah, because not just the over reliance on technology today compared to before, but we've gotten rid of all the processes and all the policy. Like, we don't know how we would do it. Pen and paper anymore because we had to do it for 10 years, 15 years. And so those processes have been dismantled.

Easy.

Yeah, 100%. Right. And as you say, the reliance on the technology is so great today that the younger generations, you know, they don't know what a phone is anymore, right? Or a little printer or any of those things that we would we would use, right? 20 years ago. And so if you take away their only device that they know how to use, mobile device or a computer,

thinking is very different today in terms of they don't know what to do. Most of them don't know what to do. And so like, like I would say our generation, like we bridge that gap, right? Between that era. Yeah, we lived in both. Exactly.

Speaker 2 (29:00.206)
Yeah, we'd be hard pressed to tell Gen Z and Gen Alpha like, hey, you got to fax this over to there. And then go and get the form. Yeah, duplicate and go. Right out. They were like, what? Yeah. What am I supposed to do? Yeah. And write that out. Like, why can't read your handwriting? Because it's cursive. Right. Hang on, Yeah.

Yeah, yeah, or pick up a

Speaker 1 (29:22.254)
Yeah, Yeah. I mean, we kind of we started that whole that whole era right at the point click and everything. mean, but today it's critical thinking. And it's it's a different way of thinking. And it's not I don't want to say necessarily it's their fault. But it's also you know, it's how you're raised to in terms of generations like how you know how you look at things, right. So

Yeah, it's more circumstance than anything else. One thing I hear is SMBs groups, they're always saying, well, I don't feel like I'm a target because I'm too small, or I don't feel like I'm a target. That they're the ones that are hurt the most. And it seems to me, based on the report that you look at, but a good half of all breaches are involving the really small ones. So they're just not making news. How do we, you know,

Yeah.

Speaker 2 (30:13.334)
What are some of the misconceptions you see that leaders that make those when they get pwned?

Yeah, yeah, yeah. So the first thing I'd say is small business is big business. It drives the country, the small business world. So it's a mentality that needs to shift because people think, you know, well, just, you know, I ship cardboard boxes or I do this or I do that, you know, which we try and explain to companies, whether they're big or small, you know, a threat to one is a threat to all. and that getting that mentality understood.

And anything that makes you money, right? Whether I'm shipping boxes, making flowers, selling flowers, or even some of the other small business, a lot of the other small business activities, these are the things that run the country. if you get, you know, you get ransomware, which a lot of small businesses do, and they don't have to report it because there's no regulatory requirements for these small businesses to do anything. So that's why you don't hear about it. So a lot of the statistics that are out there, you know, they're deflated.

in my opinion, because they're only looking at the things that people report. it's a mentality, it's a paradigm shift that we need to make in terms of small business to say, there are solutions that can help mitigate those risks that they don't have to spend a million dollars. This is what everybody thinks is, I'm not Citibank, I'm not Chase, I'm not Wells Fargo, I'm not a big bank.

or big organization that spends millions and millions of dollars. But there are solutions that can help small businesses in terms of protecting their environment, looking at different processes and procedures, but it's the same threat.

Speaker 2 (32:02.37)
Yeah, 100%. And, and they don't need to out swim the shark or outrun the bear, right? They just need to do better than the guy next to them. Like, do like, because the criminal mindset is really they're going for the open. Like the more I interview these guys that are actually doing it, the more I'm seeing or more I read about them too, is the more I'm seeing is they're almost, they're very similar to the criminal.

Yeah, it's exactly right.

Speaker 2 (32:30.222)
walking through the parking lot of like Target, like just opening all the car doors to see which ones are open. Yeah, they'll, they might break the window and do that, but the risk of them getting caught doing that is a lot higher. So they're really just looking for the people that left their car doors open. And so if you just do some of the fundamentals, which is more than a lot of them are even doing today, like that maturity leveling up doesn't call, it doesn't break the bank. And it really does.

change the trajectory of your wrist.

It does and like you said a lot of the smaller time criminals, you know, they're looking for the low-hanging fruit and if you have You know certain things doors and locks and know things like that that are there You're right. They will move on and that's the idea is to is to mitigate that risk But we see so many of these companies these smaller companies that are hit with ransomware and it really

it puts them on their knees. Like they cannot operate.

yeah. Yeah, it's, it's absolutely devastating. And then the costs because they don't have the things in place, the costs are much worse than they need to

Speaker 1 (33:42.67)
it's who wants to do it right because it's not a big prize or you know, you can't afford my you know $750 an hour or whatever like these guys don't have that to do that So, you know some of them some of them go out of business and some of them, know They just it's a very long road to recovery and it doesn't have to be like that Yeah, is. It is emotional. Yeah, it is emotional

emotional, right?

Speaker 2 (34:07.694)
So you've worked with governments, global firms, what mind shift shift or mindset shift should SMB leaders adopt in order to stop playing kind of defense only and to be more aware?

I think that defense is good, but I also think being more proactive in how they run their business, how they transact with their third parties, how they transmit their data. know, again, closing the loop on some of, know, with the employees that they have in terms of how they conduct their business. There are some things that they can take, small business can take from enterprise business, from larger businesses and such, in terms of protecting themselves.

A proactive mindset is something that I think is where a lot of that starts and I think it starts at the top in terms of top of the organization. Because that has to come down from the top. If it doesn't, it's very hard to push that upstream. And so when you have owners and or executives in smaller businesses, sometimes they, you know, again, the mindset is we don't need that because as you said, we're not a target, which is

We're not a target. We haven't been breached yet. hear that I'm like, well, how do you know? We don't have the systems in place. You're not going to know. So like, and, and they're like, well, there's no harm. And I'm like, not yet. Like, and when it happens, the longer it sits there, the more harm it's going to be.

that they know of.

Speaker 1 (35:29.663)
Yeah, exactly.

Speaker 1 (35:39.243)
Exactly.

Speaker 1 (35:45.676)
Yeah, it's, we've tried, mean, there's a lot of different analogies that we've tried to use, you know, which is like, okay, every small business, small to medium sized business, like you have an accountant, someone does your books, right? Or you have them audited or you have them piled statements or whatever. Someone does that. It's no different in the cybersecurity world, right? It's, it's a, you can look at it as a cost center if you want, but at end of the day, you have to have someone and not like your

think there's a definite positive PNL impact on investing in security. There is because that reduced that mitigated savings when you reduce your risk, that even if something bad happens, it is costing you less it is for sure rebound rebounding faster. All of that has a real dollar value.

100 %

Speaker 1 (36:36.088)
Sure. Yeah. And this is something that we're working now with the insurance companies in terms of cyber liability insurance. the technology that we developed, I mean, being able to present this and say, look, this is what this does. And this is allows you to more accurately estimate cyber risk. Absolutely. And they say, well, you know, this is unbelievable because now I don't have to stroke these checks because my loss ratios are going to decrease. Right.

because of the proactive mindset and some of the technology and intelligence we can now and the data that we can now consume that can more accurately estimate cyber liability insurance.

Oh yeah. And, and that's, it's almost a matter of like just being able to predict and quantify and throw metrics around it because then they can more accurately assess premiums because he writes ago, just a handful of years ago, everybody, every insurer was rushing into the market and then they all got pummeled and a bunch of them, a bunch of them got out of the market because they're like, did you not think this was real? Like this is the freaking wild west.

Yeah, you guys are jumping into this, right?

And a lot of the insurance companies even still today, like even when we renew our insurance, mean, it's a checklist. Right. Like, it's like, do you have a firewall? Like, if I said yes, then what? You leave me alone? You you want to write me like, I mean, it's not a really good

Speaker 2 (38:02.254)
I

Speaker 2 (38:10.39)
and they're like why have I'm a fan one thing so sure and yes fill that out and I'm like no no that's

That's the reality of small business and cyber liability insurance today. There's no accountability in the process.

until it's too late and it has to There's no coverage or even cyber insurance. A lot of SMBs feel like it's going to cover them. I don't need these services because I've got insurance. It's like, well, hey, well, what? Like that's like, I don't need to wear seat belts. I can drunk. I can drive drunk because I've got insurance. Like you're still going to have liability and insurance doesn't cover everything. Like it really doesn't. it's

and some small business.

out of long-term things.

Speaker 1 (39:01.206)
And some of them use that as a cornerstone of their strategy, meaning I don't have to buy a security product or a managed service. have a cyber liability insurance that the insurance company gave me. if I do get breached, it's paid for. That's bad mentality. Yeah, it's Yes.

That's exactly and don't you want to should it happen again you don't have to out swim the shark but even having some preparation and some exact detection involved etc at least you're able to minimize it and reduce it so that the insurance you do have will cover what's outstanding right but if you don't

then you're going to be left with a big gap and then you're still no better off. And now you're on the feeds. Everybody knows you're a target. Like it's almost prime season on you after that.

Right, right. And there's a very high statistic of organizations that are hit predominantly with ransomware. Right. later. Yeah, it's like the bully on the playground. mean, I'm gonna take your money today and I'll take it again.

that's it

Speaker 2 (40:09.292)
Right, exactly. It's protection. they gotta pay protection.

Yeah, it's everywhere. everybody does. Everybody's got to pay.

Unbelievable. So let's, let's talk a little bit about shame. know, many SMBs are embarrassed when, when a breach happens, right? They don't want to their buddies. They don't want to tell their, their, their customers. And, know, in the SMB space, something may or may not fall into reporting land because it's not necessarily regulated. You never know. But what's your take on how

What is the right way? I guess what I'm trying to ask is what is the right way any size business, but what's the right way an organization should handle themselves when they've been breached? Because you and I have both seen good examples and I've got like poster children of what you're not supposed to do. Yeah. Right. Like walk us through your giving your experience.

It's probably similar to yours. mean, doing incident response for many years, you know, it's both ends of the spectrum. It's the ones that want to say, you know, hey, can we say this was just like someone pulled the plug or someone dropped water on the, you know, on the server. Yeah, technically, yeah, technical issues. I mean, we've heard it all. And then there's a lot of spin doctoring going on, you know, in the boardrooms. No one wants to report it on a 10K and that's in the...

Speaker 2 (41:22.958)
technical issues.

Speaker 1 (41:35.008)
in the SEC world. in the small business world, think, you know, they don't have that type of resources all the time to do that. I think, you know, the best method here is there's a lot of excuses we hear too, in terms of in this business, which is, it was it was state sponsored, it was the Russians. Right. And then like we're supposed to give empathy to that. Like, I don't don't don't necessarily agree with that, because it doesn't matter who it is.

It's almost in some level state sponsored. Like, they're either sponsored or they're operated with impunity or they just, so long as they don't hit CIS countries or whatever, they're coming after you. So it doesn't really change anything.

the

Speaker 1 (42:20.974)
It doesn't change anything. And it's more looking for empathy, in my opinion, in the community that, you know, we couldn't have done anything about it when you're talking about big enterprise companies that turn down things all the time, from technology standpoint. So I think transparency is the best method here. mean, you can craft your words properly when doing that. But I think there's been some organizations and you've seen them that where they've actually done it right.

Like it's like, look, this happened. made mistakes. Here's what we're doing to fix these mistakes. And, know, this is what we're doing in the future and we're going to offer this and we're going to do that. So I think transparency is the best way to, because it is the elephant in the room. Yeah. Right. Anytime you're doing these things.

People are going to judge if you, if you like, if you're trying to not take accountability or deny that it happened or not be fully transparent with the number of people that have been affected, we've seen that or the types of data that has been affected so that they are worried about what could be done. It's a bad look like it, because it's a, you didn't protect our data maybe well enough. We don't know because you're not being transparent and you're not even owning it.

Right. then that infuriates

Yeah, and it doesn't fly anymore.

Speaker 2 (43:45.58)
No, and here's another point like to me and tell me what your thoughts are on this. Like if they're doing some things, right, it can still happen. It's still an intervening third party criminal act. Like they could still get in. But if you're doing reasonable efforts, then say it and say, yes, despite our reasonable efforts, this criminal act still occurred. We are owning it. We are responding. We will provide monitoring and blah, blah. But like

Nobody bashes those companies. Like when you see that you're like, okay, well I feel good still doing business with them because I know they're still doing the best practices. Can this happen? Sure. Just like a storm can happen. Just like a fire can happen. It can still happen, but I know that they have fire extinguishers. I know that they have, you know, spray things on the ceilings and I know that overall we'd be protected. Like they'll make reasonable efforts. There's still a good trusting feeling for those organizations.

There is, and I think that that is where you get the most understanding and empathy from the community when you are transparent in that regard, just like you said. But the ones that start to fabricate stories. There's that or there's a couple, there's one recently, I won't mention any names, but it was in the crypto space that was talking about how they were breached with ransomware and they were saying, well, someone social engineered our...

our call center. said, well, how does that have to do with anything with your systems? mean, that's, that's customer data. It shouldn't have anything to do with access to your systems. Like a customer doesn't have access to the systems. So it doesn't really, some things don't add up if you're, if you're initiated in this business that when the spin doctoring that they do and saying, it's just sophisticated social engineering attack and it got customer data. Can it co-coerce people to do this and that? And what does that have anything to do with your core systems? Yeah.

The media always says like, it's a sophisticated phishing attack. I'm like, there's nothing sophisticated about that at all. Send them an email and they clicked. Like that was not sophisticated folks. You know, but it was effective. It was effective social engineering. just may not have been sophisticated.

Speaker 1 (45:49.07)
I know, everything is-

Speaker 1 (45:55.342)
Yeah, right,

Speaker 1 (46:03.946)
Right, right. And those words are being thrown around all the time, right? Again, it's the party line.

Yeah. So tell us a little bit about Blackwired and then I want to get your, your predictions on the future and any top best practices you have. so tell us, like, are you guys, what all are you, we'll have links to it in the show notes so, so that people can, can reach out to you and learn more about it. But you guys really have a very unique approach and looking at active chatter on the dark web. And these are places that

business leaders don't go to. So what is the benefit to the business leaders by engaging with groups like you that see those things? I mean, I think we talked about it. Yeah. Right. But but what are you know, what are some of the the main things you think that that provide benefit to business hours?

Yep. So BlackWired, we are a cyber innovation company where we develop products and solutions that defy conventional wisdom in the space. So as we discussed earlier, the industry is looking this way. We'll look this way and identify problems and develop solutions for that. we've...

What you're saying is a firewall may not be enough? What you're saying is I got a firewall. Like, aren't I set? Aren't I free from all this? Because I bought a firewall.

Speaker 1 (47:24.397)
It's not a

Speaker 1 (47:32.588)
Yeah, it's a common question and the answer is no. Yeah. So we built solutions around the infrastructure, right? mean, firewalls are good. They have their purpose. Yeah, so we built solutions and technology to look at the problem in a different lens. And it's what we've done with our third watch platform.

Yes. I'm glad I'm not the only one saying it.

Speaker 1 (48:02.846)
is being able to visualize the existential threat, every existential threat surrounding an organization. So if you want to really know what's going on before it actually happens, this type of technology is beneficial for not only the largest enterprises that we work with, but also the small to medium sized organizations.

Yeah, because then they can know where to invest. They can know what to do. can know what to do. then they can decide what is my risk appetite. Like to me, I think a lot of business leaders are sitting there thinking they have this level of risk and they're accepting that and they're good with it, which is brilliant. That's good business. But I think what the gap I'm seeing, the void, the big void is

They are making a lot of assumptions in that and they are assuming that risk is not as big as it really is. And it's usually exponentially worse.

Right. And being able to provide an organization with that sort of counterintelligence actually, which is yeah, the data exactly that tells me where my issues are. And as you said, what I need to invest in, like what is it?

And then you know, now I know what my my risks are. And if you know the different categories and if this one's really high, I'm not comfortable with that. If I'm going to invest, going to invest a little bit to reduce that.

Speaker 1 (49:25.902)
Right. Yep. And being able to provide that intelligence on a long-term basis and a trending analysis to say, here's how you compare to your other peers in the business that are also against these types of threats. And so where do you fit in?

Because that gets to the just like you don't have to out swim the shark. You just have to out swim that guy. Right. So if you don't know how good of a swimmer or you can't see that person swimming, you don't know whether you're even beating that person. Right. You might be the one closer to the shark. Right. Right. So you need to know that exactly. Intel is really key.

Right. And that's the kind of intelligence, part of the intelligence that we provide our customers with around contextualized data that actually is evidence-based, right? So there's a lot of companies out there that say, well, we're going to do a vulnerability assessment and we're going to give you this magic score. And all of a sudden it's all this fear-mongering and everyone's like, well, why is my score so high? Well, it's just, is because we did this magical click of a button and we got this score.

Here's the hundred and seventy things you need to fix.

They're exploiting five. So just take the hundred and seventy put hundred and six of them down at the bottom. Right. Let's just focus on five because you know what they're actually doing. Right. Side to know.

Speaker 1 (50:41.951)
Exactly.

Speaker 1 (50:48.59)
And that's part of what we do as well with our technologies, being able to map the actual threats that you face with your vulnerability report, right? And map that together and prioritize for any size organization that's saying, are your, like you said, the hundred or thousand different things, but there's only 17 that really matter because these are the ones either being exploited or can be exploited based on real life events. Right? So everything else can

be prioritized later or wait till your next scan. But the data and the intelligence that we enrich all of that with is all based on evidence. So like you said, it has to do with the chat rooms, the telegrams, the WeChat, the discords, the dark web. But it has to do with a lot of different things that we're looking

There's a lot on Telegram, there's a lot on Discord.

Right. And we see lots of stuff that we're using natural language processing to read all this, right? In real time. And then, you know, provide risk scores to that, that create through algorithms and calculations, true risk scores, right? Of an organization or that of your third party vendors or suppliers, which is also a huge risk today, which is that supply chain risk or that sideways risk that it's not only, I want to look at how I look to the rest of the world, but how

how do my third parties look and are they? Yeah. Cause I conduct business with them through API connections, VPN connections, wire transfers, SSH, like all these different technologies, right? And they're called, we call them communication relationships. So what is your relationship with your third party and is that a risk? And can we can actually see that your third party has been compromised and are they using tools and weapons that

Speaker 2 (52:14.99)
They're my vendors.

Speaker 1 (52:41.954)
that are going to compromise me and being able to visually see that and say, third party acts as a really high risk score because of the proximity risks that they face. This is at the front door. This is probably inside the house and they're actually going to use this campaign to launch against them to get to me. And that's how that

I information in my opinion because then you can you've got some negotiation got some leverage when you're talking to the vendor. Like you want to keep doing business with us. For this risk score man right right jeopardize my whole organization just to give you the contract.

Right and it's based on evidence David which is the beauty of it which is it's a lot of evidence that we show of why it is the way it is

There's a lot of data now, which is really good because there's a lot of data that shows doing certain cybersecurity controls actually reduces your risk. And that's a real benefit to an organization's P &L because that is a true savings. Like less money that will go out means more profit in that benefits the P &L. like. Right. Exactly. Yeah. So really, really good.

or reinvestment with the company.

Speaker 2 (53:57.664)
So before you leave us, what's on the horizon for you and what top suggestions do you have for for business leaders, rural health care? Like this moment to kind of go people, would you please, you know, do more than firewalls and MFA?

Yeah, yeah. Yeah. I would say looked at in today's today's threat landscape, a proactive mindset is is the paradigm shift. It is all about the data is about the intelligence. We're starting to leverage artificial intelligence and true machine learning, both supervised and unsupervised in helping us automate this because we are staying at pace with the adversary. And that is becoming very difficult to do. So, you know, look outside of the upper right quadrant.

There's technology out there that's doing some very innovative things and addressing the problems that continue to haunt all of us. And there's technologies that can solve those problems today. So it's having that open mind, having a more proactive mindset, an intelligence-led mindset, I think is very important.

Absolutely brilliant Approaches and solutions and organizations that aren't in the Gartner magic quadrant the Gartner magic quadrant solutions are great, but there's a lot of fantastic ones Yeah, might not have been there because they're not as old or they're directly the game and they're busy, right? There's a whole bunch of reasons

Right, right. Exactly. Yeah, yeah, exactly. Yeah. And so that's, yeah, that's, that's kind of where I would say, mean, you know, as far as predictions, I mean, look, it's, it's anybody's game. But, you know, I think a lot of these things like, you know, the social engineering techniques are getting, are getting very sophisticated. Use that word again. The AI, the deep fakes, the voice alterations,

Speaker 2 (55:51.438)
Yeah, we didn't even talk about AI and deepfakes and I'd like to actually a little bit before I let you go because I'm a student of that. I've read Perry Carpenter's book. I've had him on the show. You know, it's remarkable how effective it is. And I have spoken to small organizations that in even in their hiring process, they're getting they're doing teams meetings and zoom meetings and they're like, this isn't the person like, yeah, on paper, they're the person but there's something up.

And they don't and the deep fake detection isn't quite there yet. There's some that have made strides, but it's not quite there yet. And it's definitely not something that most business leaders are even aware of. it increases the threat landscape. Like every leader and their face and their voice is now part of the threat landscape. And they're like, what does that even mean? I'm like, because they can be impersonated and you won't know it. Like it's it's very, very good.

Yeah.

Speaker 2 (56:50.478)
the level that it has gotten to in the last five, six months. it is a year ago, two years ago, it wasn't that good. It was pretty easy to spot. It is not so now. Like it has gotten really good.

even the chat bots and the AI bots that can translate that is getting very, very good in terms of being conversational and being conversational where it's very difficult to tell if it is a chat bot. There's technology being developed today to detect, like there's sort of anti-chat bots, right? Like to detect those things. I read the other day, which I thought this was pretty interesting.

I think there's two kinds of these social engineering tactics. There's ones that terrorize and there's ones that monetize. And this article I read, which was talking about AI female has been created like an only fans. So it's like, they're monetizing not even a real person that's doing all these different acts and it's monetizing it. So it's not even a person that's supposed to be a person that's,

monetizing these situations and it's a made-up person. not even real. It's the weird science of today. yeah, right.

Unbelievable, it's not even.

Speaker 2 (58:09.437)
That's unbelievable. We're to see more and more of that. I think we're going to see more and more of AI deepfakes in social engineering and social engineering already is such a technique in tactic.

And it's going to get cheaper and it's going to get cheaper and cheaper and more readily available. And then even doing Zoom interviews, know, doing Zoom interviews with a deep fake is, and then being able to have the chat bot tell me exactly what the answers are and read those. And it's getting very, very difficult and very sophisticated.

Yep. And that is coming to a small business.

Yeah, the employment angle is a big one. You have threat actor groups and state-sponsored groups that are monetizing that in terms of like they don't even know they're hiring North Koreans. And some of that is being surrogated here, right? In terms of, you know, can have proxies and things like that to show origination, but you have people that are helping.

Right, exactly. Really widespread.

Speaker 1 (59:13.058)
them overseas do that here in terms of surrogating the whole process.

Again, it's organized.

Yeah, absolutely.

Absolutely. Jeremy, thank you so much, Great conversation.

Yeah, likewise. Yeah, very good.

Speaker 2 (59:29.346)
What's on the horizon? Are you doing any speaking coming up? In the fall or anything happen in the summer? With developing a running a business.

yeah, I'm actually Vince.

Yep, I got Well, it's... It's that, but yeah, I'm actually speaking at a Citibank conference, this month. Later this month. In London.

Fantastic. Yeah. Well, that's great. I want to hear about how it goes and it won't be the last time we talk for sure. Thanks, man. Appreciate it. everybody got something out of it. I know I did. You too. Great insight, buddy.

Thanks, David. Appreciate it. All right. Talk to you later. Talk to you. Yep.

People on this episode

David Mauro

Host

Cyber Crime Junkies