In this episode, we dive into the forefront of cybersecurity, exploring the evolving threats and the power of AI in network security. From the alert issued by CISA about the Volt Typhoon group targeting SOHO devices, highlighting the urgency for secure design in technology products, to Kentik’s introduction of AI-assisted network monitoring, revolutionizing how professionals manage and troubleshoot networks. We also cover Vade’s innovative approach to spear-phishing detection, using generative AI to combat sophisticated email threats. Join us as we unpack these critical developments and their implications for our digital world.

• CISA’s Secure Design Alert: Read More
• Kentik AI’s Network Innovation: Read More
• Vade’s Spear-Phishing AI Detection: Read More

Tune in to understand how these advancements are setting a new standard in cybersecurity and network management.

Thanks to Jered Jones for providing the music for this episode. Find him on Spotify here: https://open.spotify.com/artist/37xLl4KR8hJ5jBuS8zYjQN?si=W75mgw68SsmCb7Zfu5ESeg

---

00:00:00] announcer: Welcome to the Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Today is February 1st, 2024, the most important day of your life. Here is your host, Offset Keys.

[00:00:23] offsetkeyz: Good morning, cybersecurity fans. Thanks for tuning in.

Today, we’re going to be talking about, what’s known as Soho devices or small office or home office devices, such as network routers and stuff, . How they’re being targeted. And how they’re vulnerable.

Then we’re just going to talk about AI’s place in cybersecurity and the good things that it’s doing. For the industry as a whole.

Okay. So our first article.

Includes lots of new acronyms for our listeners. So it comes from the cybersecurity and infrastructure security agency. C I S a SISA. And it focused on a [00:01:00] critical cyber security alert that they put out about. Small office or home office devices or Soho devices. So this stems from the activities of the volt typhoon group who are known for their sophisticated cyber attacks, originating from the people’s Republic of China.

This group has a history of targeting vulnerabilities in global networks, but they now focus on Soho routers.

What’s compelling about this story is not only the group’s history, but also the specific vulnerabilities they exploited. These include flaws in router, web management interfaces,

which allow attackers to gain unauthorized access or control.

So before I lose you guys everyone listening to me, unless you’re a network professional probably has a vulnerable Soho router in their home. If you have internet. I have a couple of friends that don’t have internet. Freaks, but. If you have internet, it’s probably a Chinese made router.

So that’s why I’m bringing you this story first because it’s very applicable. And it’s something that I really love talking about. So SISA [00:02:00] and the FBI are urging manufacturers to rethink their design approach. It’s about addressing these specific vulnerabilities at the development stage. Making devices inherently more secure. For example, automating firmware updates and enhancing default security configurations are some of the recommended measures.

Why should you everyday users be concerned? These vulnerabilities are in our home and office routers that can lead to data breaches, privacy, invasions, and potentially facilitate larger cyber attacks.

So we all have network routers.

That’s how the internet gets delivered to you. It’s a little black box that some random guy comes in, plugs in from your cable company. That probably has a monopoly and enforces you to take this device. That’s a whole nother topic. But they come, they plug it in to give you the pass code. Then it delivers you internet and you don’t touch it ever again. One of the benefits. To this is the it’s pretty much local, like the only way for someone to exploit.. A router [00:03:00] is to be in your home or small office,

the article didn’t cover the specific vulnerabilities, but there are routers out there that have public facing web interfaces. So what does that mean? That means that me at my house can go onto the internet and access the web interface of your router. Most of you out there have probably never even looked at the web interface of your router, but if you go to. Google Chrome.

This is a little lab. All right. We’re going to go through a little walk through. You’re going to feel like a hacker. Okay. So if you go to Google Chrome, And instead of typing in www dot anything, you’re just going to type in the following numbers. You’re going to type in 1 9, 2. Dot 1 6, 8. Dot zero. Dot one and see what happens.

If nothing comes up, try one.one at the end, instead of zero.one. This is the default. Address to your web interface.

So once you logged into the portal, you can. Do things like change your router name, which is something [00:04:00] that’s super fun and cool to do you like to give your neighbors a good laugh with your wifi network named pretty fly for a Wi-Fi.

Or the land before time.

Abraham LyncSys.

Martin router king.

Yeah. Harry.

Give them a good laugh. So if nothing else, this podcast has now taught you how to do that. And given you some fun examples of that, but. If, for example, I could log into that portal.

I would be able to do the same thing. Such as, yeah. Change your wifi name.

And also changed the password to that portal so that you can’t get in and change your wifi name back. You don’t even know the password to your wifi anymore. You don’t have wifi. Ah, what are you going to do?

Not only that I can see all the devices that are connected to that if you’re using an insecure protocol like HTTP and you enter in a credit card number, I can see that credit card number. I can see your passwords. Even if they’re those little black dots.

In the password field, [00:05:00] they come through as plain text over HTTP. I can see that. So as you can see, this is pretty bad. There’s a lot of things. That can go wrong with home routers. And one of the main things. That we don’t love about most of these routers is they. Stop being supported. Relatively quickly, they turn out a new model.

They forget about the old model. Then it just sits there and someone discovers a vulnerability. Like these ones. And the company that made the router doesn’t fix that vulnerability. It’s done being supported. There’s also no automatic updates. So even if the company did decide to fix that vulnerability, You would have to go in there and update it. So I’m really glad that CSO is looking into this and encouraging these.

Manufacturers. Two. Incorporate security more. Now it’s expensive to incorporate security more. So it’s going to be an uphill battle for CSO, but. All in all, it is very necessary

and yeah, leave a comment below. If you got to that [00:06:00] screen, if you found that screen, that’s one of the methods that I use really quickly when I sit down to a coffee shop. If I can even access that. Login portal.

That’s bad. So next time you’re at a coffee shop.

Type in those numbers.

One nine, two.one six eight.zero.one. It’ll pop up in the top left corner. It’ll have the brand of the router. And it’ll have a username and password, enter it in. Try the combination admin for the username and password for the password. Try that. If that doesn’t work. Try admin password.

Then try Googling. The name of that router that’s in the top left, it’s provided for you and follow the name of that router by the words, default credentials. So you’ve got LyncSys. X 100 default credentials. It’ll probably show up.

Yeah, pretty scary. I hope that was interesting to you. I love talking about that,

but let’s move on to our next topic.

[00:07:00] Okay. So yeah, I just want to talk a little bit about AI’s role in. Cyber security and network management.

[00:07:07] offsetkeyz: I was reading an article by health net security, which highlights an innovative leap in network monitoring. Brought to us by Ken tick launching its AI product. This tool significantly enhances network observability. Empowering engineers and developers to troubleshoot complex networks more effectively. What’s fascinating.

Here is the way that Ken took AI transforms the network management landscape utilizing generative AI. It introduces features like Ken tick query assistant and Ken tick journeys.

These tools allow users. To ask questions in a natural language and receive insightful answers. Making complex network insights, accessible to a broader range of professionals. So what’s interesting about this is AI isn’t necessarily coming for our jobs, but it’s able to process words in such a way that we’ve never had the capabilities to do before. W there’s so many different [00:08:00] query languages, google has a query language that you probably don’t even know about, but,

Elite. Influencers on Instagram, love to harp on how important it is to know how to search through Google with the minus sign and parentheses and all these fancy things. I don’t know that. But that’s for Google.

Large enterprises use what’s called a SIM which essentially stores logs for every interaction you do on their network. And then they store them so that if something weird happens, they can go look at those logs. Those logs also might generate alerts, security alerts. If something weird or fishy is happening in the network. But in order to. Look at those logs or query those logs, you have to know the query language.

So it’s. It’s a little bit of a learning curve. So they’re essentially just helping professionals.

Get up to speed quicker.

I love to see that I know that I was in way over my head when I started learning cabana query language and stuff like that. So this is really cool.

There’s also another company [00:09:00] called Vade, which is using AI technology for spear phishing detection. Spear phishing is a highly targeted form of regular phishing through emails or chat messages, and it poses a significant threat to. Security.

[00:09:16] offsetkeyz: Veda solution utilizes generative AI as well. Which is yeah, a type of artificial intelligence that can generate new content based on learning patterns and data. This allows it to recognize and respond to evolving email scam tactics. The system analyzes various elements of emails, such as language and metadata. To identify potential threats.

So I’m sure you’ve noticed that phishing attempts have gotten a little better, maybe two or three years ago, there were always grammatical errors. There was always a weird URL, email.

But now with the use of generative AI. Anyone in any language can ha can have generative AI, such as chat, [00:10:00] GBT, craft, efficient email for them. And they can probably even have chatty. write the code for a website that phishing email. Directs to, and the code to steal your credentials and all the things that phishing.

Entails. Chatty BT can make that much more accessible to.

Low-level attackers. Really basic stuff. So it’s really great. That defenders are also utilizing. Generative AI to help identify phishing. Emails.

Hopefully, this will make. These security products, a little cheaper and more accessible to smaller companies. There’s already products on the market that intercept all link clicks from an email. Run them through scans, check their behaviors before anyone can click on them. But that’s an exclusive things to larger enterprises and really security minded companies, which. We’re still a little behind on, really excited for this age of AI.

It’s not necessarily coming for our jobs. It’s just making [00:11:00] the work. We do a little easier if you’re a cybersecurity professional. Learn the stuff you’re asking Chad GPT to do for you. Don’t just feed it logs and say, what do I do next? That’s good for a starting point, but make sure you learn the stuff because the, if you don’t, they are going to be coming for your jobs.

So that’s all we have for today.

[00:11:24] offsetkeyz: Happy February. I hope this month, this short month brings you lots of joy and no cybersecurity issues. But if you do happen to run into cybersecurity issues, if your Facebook gets hacked, if you accidentally clicked a link that you shouldn’t have clicked. On Instagram or Facebook and it does some weird stuff. Shoot us a DM.

We have an Instagram now.

Shoot us a tweet and I’d be happy to walk you through. What steps I would take proactively retroactively. For any security situation? I love it keeps me up at night. I’m very excited to lose sleep over it because [00:12:00] it’s so fun and so relevant. So thanks for tuning in hoping to share some of that knowledge with you through this podcast.

We will talk to you tomorrow.