Privacy Please
Tune into "Privacy Please," where hosts Cam and Gabe engage with privacy and security professionals around the planet. They bring expert insights to the table and break down complicated tech stuff everyone can understand.
Privacy Please
S6, E236 - Is Technology Turning Against Us? Exploring Robot Behavior and Cyber Threats
Today's episode dives into the intersection of AI behavior and digital security concerns. We discuss a startling incident involving a malfunctioning AI robot and explore a new ransomware threat known as Ghost.
• Overview of an AI robot incident that raised ethical concerns
• Examination of Asimov's Laws of Robotics and their relevance
• Introduction to Ghost ransomware and its impact on multiple industries
• Discussion on backup security strategies and resilience against ransomware
• Insights into the evolving tactics of ransomware attacks, including Ghost's methods
• Encouragement for businesses to prioritize future-proofing their data security
We encourage listeners to reach out with questions or further discussion on data backups and data security measures.
We are live.
Speaker 1:Here's your daily weather report from Tampa and St Pete.
Speaker 2:Sunny outside, a cool 76 degrees, with a southwesterly wind coming in off the sea Sunshine coming through your windows and we're feeling good on the highways here.
Speaker 1:Traffic is a little light out there. Keep your heads up and your coffees full. This is Privacy, please. Ladies and gentlemen, we got some pretty hot topics, gabe. I'm going to go ahead and share my screen for this one to start us off. Let's see how we think about this. So I'm pretty sure a lot of people saw this, but it's pretty crazy. So there's a video in China that an AI robot allegedly attacks the crowd at a festival. Everybody's saying so it begins. So let's go ahead and just show the video real quick. In my opinion, gabe, so it begins. Let's go ahead and just show the video real quick. In my opinion, gabe. In my opinion, as we talked offline, I think, a human in the crowd said something to the robot and the robot got offended and then they had to hold him back. That's what I see in this video.
Speaker 2:Let's watch the video. Let's have a look. That's what I see in this video. Let's watch the video.
Speaker 1:Let's have a look. Come at me, bro. First of all, he doesn't even have a head. Where's his head? There's no head. What are your first thoughts?
Speaker 2:on this game. My first thoughts is if he had a head, you'd probably hear him say bite my shiny metal ass. That's my first thought. My second thought is whoever created that robot obviously never read asimov's I robot. There are three very, very, very simple rules, very simple rules in the handbook of robotics, 56 edition, 2058 ad. They are a robot may not injure a human being or, through inaction, allow a human being to become, come to harm. That's rule number one. It's right there in the rules. Rule number two a robot must destroy the order must obey. Must obey the orders given by human beings, except where such orders would conflict with the first law. See the laws even work in harmony. Rule number three the third and final law a robot must protect its own existence as long as such protection does not conflict with the first or second law.
Speaker 2:Pretty straightforward this robot does not seem to have much regards for the law. It's an interesting video. I don't know what to take away from it. I'm just glad it's not one of those Boston Scientific jammies, you know.
Speaker 1:Yeah, seriously.
Speaker 2:Somewhere here in the US accidentally shoving someone. I don't know what the difference is really, other than distance in that sentiment I just expressed, like at least it's way over there, not way over here.
Speaker 1:Yeah, agreed, I mean. So it seems like it was a.
Speaker 2:They're claiming it as a robot, an ai robot, and I I glitched today I saw sorry, forget, identify once, once, once you start wiring in more, and not some, but more electronic prosthetics, so to speak. Right, yeah, what they're called, but all augmented bodies, yeah, why? Why can't I use that excuse? I mean you, I mean there's lots of good reasons why I actually can't use that excuse well, um.
Speaker 1:So in in all seriousness, though, what it's not like, it's not surprising. You know, we've seen the movies, and what it makes me think of is, uh, terminator makes me think of iRobot. Like you said, I don't really understand why we're making these kind of robots, like. What was the purpose of that robot at that? Like, are they supposed to be security? Is it just like? Was it a presentation? Were they showing something? I haven't really looked into it that much, but hard to tell.
Speaker 2:There's a lot of real world application to those types of humanoid-style robots, especially when it comes to repetitive tasks that involve lifting heavy objects, that certainly seems like the thing that is much, much better suited for those kinds of robots than humans.
Speaker 1:Yeah, like warehouse workers.
Speaker 2:Yeah, and I know there's a problem there in the context of well, what happens to those people? Do they lose their jobs? That's a different conversation for a different podcast. Quite frankly, I'm not even going to touch it right, it just is. I will acknowledge that that is a question to be answered, not by me and not now. Yeah, fair, and so there's definitely a lot of legitimate use for these types of robots. But your question is the most valid one, like what's it doing out there? Right, what's the robot doing out there? I think the answer is.
Speaker 2:Qa is what it was.
Speaker 1:Yeah, like let's just throw them out there in a crowd pool, they would take it into the quality assurance.
Speaker 2:run to see how it would do and apparently it glitched, yeah or got offended who knows yeah, or got offended who knows yeah, who knows who knew software could glitch.
Speaker 1:Let's just not give them knives or guns, thanks, no weapons.
Speaker 2:I think those ships have sailed yeah.
Speaker 1:I mean, you know, I think we should treat it as if it's a wild animal, Like think about playing with a cat and how they can just flip on you and just bite you because they're.
Speaker 2:That's why I don't keep big cats in my house. House cats are the limit to age. But it's a good analogy, though it's different than when you play with a little rock and sock and robot, but now you've got a life-size. Yes.
Speaker 1:Exactly. We should probably keep them behind. If, if anything, let's just create a robot.
Speaker 2:Cameron wants to round them all up and put them in work camp well, I mean robots. Replay this episode of privacy, please. 100 years from now, we won't be here. Your great-great-grandchildren are safe now. I hope so too.
Speaker 1:Don't know, leave a message behind for them that the robots might come looking for them, because cam said no judgment to the robots if you're hearing this 100 years later, but we should test it out in like a you know, not quite a work camp.
Speaker 2:Just, you still can't leave and there's still bars and boundaries. We're going to keep you here.
Speaker 1:Right, right. I mean, that's an idea right there.
Speaker 2:You could just power them off at night. But then you get into like that whole severance territory of like yeah, what about?
Speaker 1:Do you remember? This reminds me, do you remember that movie Passengers now?
Speaker 2:I'm not sure I've heard of it.
Speaker 1:Tell me it's the one with Chris Pratt, and I know who that guy is. And uh, lawrence, the girl from. Uh, the girl from um the that one series the book the Hunger Games that girl.
Speaker 2:Basically it's about like.
Speaker 1:it's about like the girl from that one series, the book the Hunger Games, that girl. Basically it's about a malfunction in a sleeping pod on a spacecraft traveling to a distant colony planet wakes one passenger 90 years early.
Speaker 2:So they're basically stuck on this thing between just them two and robots.
Speaker 1:That's interesting. Yeah, yeah, it's pretty cool it was. It was a. It was an okay movie, um, but there was a quote in the movie that I was trying to find that I really liked let me see if I can find it, because the the bartender in the movie was a robot and he said something to chris pratt's character. That was let me see. Yeah, he said, um, he said something to Chris Pratt's character. That was, let me see, he said. He said a friend once said you can't get so hung up on where you'd rather be that you forget to make the most of where you are. We get lost along the way, but we find each other and we made a life, a beautiful life, together.
Speaker 2:I don't know that that first quote was not certain how we got from robots pummeling humans to this quote, but I love it. Yeah, it got a little random.
Speaker 1:I like it. It was just a little squirrel moment for me. I like it, squirrel.
Speaker 2:I'm here for it.
Speaker 1:But if anything, that was an insightful quote. You brought it back to the peace and love train. I'm here for it. Right, okay, yeah, which is? I thought that was fascinating about the AI robot I'm sure a lot of people have seen it and everybody's freaking out about it.
Speaker 2:We got two good quotes today. We got that quote and we got bite my shiny metal ass from Bender.
Speaker 1:You can't go wrong, it's a quotable day and I'll tell you what Futurama was. That was more of my favorite than the the simpsons be honest tough call, they're both good. They're both good, yeah I can't, I can't choose, I can't choose. But bender is a really great character. He's my, he's my spirit robot yeah, he's fantastic, so shout out to bender shout out, um, and if you know futurama wants to sponsor this show, that'd be great yeah, or sue us because we played an entire episode without your.
Speaker 1:Sue us. Yeah, that works too, don't say that. Or don't, allegedly, allegedly, allegedly Don't do that, anyways, because we don't have the show. Everything's all left in, unless you know it's rare, but anyways, let's talk about another topic. Gabe, you had brought this up on your socials, so people can't at you there on this one.
Speaker 2:Yeah, we'll allow it, the judges will. You can at me.
Speaker 2:You can at me in the socials, where I posted this in particular yeah, it was some like a ghost ransomware attack, something revolt like resolved, I think the real news here is that right that the fbi issued a joint announcement about a ransomware group, and what's news there is that there are a lot of ransomware attacks every day.
Speaker 2:I think I've seen the numbers right, you know around 1.7 million attacks a day. For the FBI to issue a critical advisory notice about a ransomware group you know suggests that there is something certainly uniquely worth paying attention to, because all the other ransomware groups haven't magically disappeared and ransomware hasn't magically gone anywhere. But this group known as Ghost is carrying out a series of ransomware attacks, a significant number of them targeting multiple industries and across more than 70 countries, which is also not unique, but it is different than a lot of ransomware patterns. A lot of ransomware patterns are fairly concentrated For what it's worth. A lot of them are fairly concentrated, like at the US, but others are regionally concentrated, right like they're intentionally targeting folks, you know, maybe in the Middle East or Europe.
Speaker 2:Another quote for you. Yeah, yeah, hit me, quote me. I ain't afraid of no ghosts. Oh, this is good, this is good, I ain't afraid of no ghosts bite my shiny metal ass, that's right that's right no, it's bite my shiny metal ass. I ain't afraid of no ghosts. There it is, there it is. That's the quote, that's it.
Speaker 1:That's a, this is, this is. This is the theme of the episode. We'll see how many more quotes we can get out of this content.
Speaker 2:Yes, yes.
Speaker 1:So what does this mean, Gabe? What is this ghost ransomware?
Speaker 2:Well, one of the other things that's different about this ransomware in particular and it's not unique, but it's different than many of the others is it is leveraging a primarily non-phishing style attack. What does it mean by that? So yeah, it's not phishing its way into organizations. Ultimately, any ransomware has to get inside the boundaries of your business, right, whatever set boundaries might look like, and phishing is, for certain, one of the number one entry points for that kind of activity. But this one, it's a good reminder that there are know there are lots of different tactics that Ransomware uses. There's no shortage of tactics that Ransomware uses, and it's not always going to come in through the front door, so to speak, like these guys, like Ghost. It's going to come in through, you know, the side door. Don't leave it unlocked.
Speaker 2:Don't leave it unlocked, don't leave it unlocked. I think one of the other very interesting things about this group, the Ghost group, that's worth noting is they're using Cobalt Strike, which is completely freely available. You know, it's open source software. You can get paid versions of this too, but it's an adversary simulator, right. It simulates what a red team does inside of an organization, does inside of an organization, and so it's using these readily available tools off the shelf to complete its mission, which, for me, is kind of two ways to look at this. The first is that should make it easier for organizations to identify, certainly, but it also is like, yeah, this should have made it. Our networks, to some degree, shouldn't allow these types of toolings to exist on systems in the first place. But I'm not going to pretend that's easy for everyone to do. The last thing I think that's noticeable about the FBI's announcement is that they call for organizations to ensure they have backups and secured backups, a topic that is obviously near and dear to me, and what I take away from this is the FBI has always suggested that you have backups as part of your plan, and the reason for that is because and what looks like to be the case in this scenario is these adversaries are pretty aggressive and fairly persistent, and my read into that is yeah, you can expect that they will get in if you have these issues, and you can expect that you're going to have a better chance of recovery than stopping it and cleaning up. I mean, it's a stark reminder to everyone what needs to be done about our business continuity, planning our disaster recovery capabilities.
Speaker 2:We have to be resilient to ransomware. Simply trying to stop it isn't going to win the day. It doesn't really stop there, though. I mean we talked about this before, but one of the things that ransomware tends to do today is goes after those very backups, because the ransomware groups know that you are going to go to those backups to restore your business. So Ghost also does those things. It exploits lack of isolation in between where backups are and where operating networks are. It destroys those on-network backups. It moves laterally to cloud networks where they are integrated. It disables shadow copy of data. It intentionally goes out of its way to hamper your recovery capabilities. That is by design. It makes it more difficult for you to recover by design, and that's more reasons why having the backups is just half of the resiliency solution, whatever percentage you want to put on it. But the other side of the have the backups is the protect the backups right.
Speaker 1:So is it like have a backup of a backup.
Speaker 2:Well, that's the strategy that is employed today. I mean it's called the 3-2-1 strategy. I mean it's called the 3-2-1 strategy, 3-2-1-1-1, once you start including immutable copies, right? So the strategy as it is outlined requires you to have three copies of your data on at least two types of media, at least one of them off-site and immutable. And so, yeah, the answer to your question is have a backup of some of your backups and a backup of those backups and then secure them. That's the only way you can do it. That does become a problem, though. That gets expensive, it's like. So now I got to make three copies of the same thing, especially if I have a lot of it. The answer is yes. The answer is there's also people that will help you take care of those things, lower those costs.
Speaker 2:There is Shout out.
Speaker 1:Back up those that Myota, okay, okay, so let me take it back. So, ghosts, are they the only ones out there doing this unique approach? Not at all.
Speaker 2:That's the thing it's not unique so much that it's a bit different amongst the majority of groups operating the usual tactics that we see. Operating the usual tactics that we see. We see far more phishing attacks as the primary vector when, in the case of Ghosts, what we see is a series of CVEs being exploited, that they're leveraging vulnerabilities in Fortinet, the 40OS appliances, servers that are running Adobe, coldfusion, microsoft SharePoint, microsoft Exchange. This is commonly referred to as the proxy shell attack chain.
Speaker 1:All right, so tell me if I'm on the right track here. So, basically, they focus or they don't focus on data exfiltration, but they do demand payment for decrypting data.
Speaker 2:Yeah, what does that?
Speaker 1:mean At a high level.
Speaker 2:So the FBI has not observed a lot of activity going back to any known Cobalt servers or any activity out of the breached entities that have been looked at. It doesn't look like there's a lot of data being exfiltrated. This group doesn't seem to be super interested in the. We're going to take your data and sell your data, so that's the other side of ransomware right.
Speaker 2:Yeah, that's more of the double ransomware, so to speak. Encrypt your data and force you to pay for it, then go sell it again, or tell you to pay me some more or I will sell it. And then they sell it anyway. Because what are you going to trust? Are you going to trust a ransomware group to hold their word Like come on guys.
Speaker 1:So it looks like they use a couple different tactics to make it very challenging to defend against, compared to just using one way in. Yes, is that the assumption? So they exploit lack of isolation, they destroy on-network backups, cloud network vulnerability, disabling shadow copies, and I mean, does that sound right? Is that on? Yeah, that's all. What are shadow copies? Are those?
Speaker 2:They are copies of data that's kept inside of an operating system. For a copy of an application, data that's kept Like local recoveries yeah, it's a local recovery.
Speaker 2:Okay okay, okay, that's the best way to put it I'm kind of stumbling on my words here but, like Active Directory, for example, keeps a volume shadow copy of its database that is locked and that can't be accessed during runtime. But if something fails you can recover from that volume shadow copy. But there's also attacks, using tools like Mimikatz, that will make it very easy that allows you to steal that volume shadow copy. Very easy, that allows you to steal that volume shadow copy. And in the case of the attackers, they like to disable and destroy those volume shadow copies because you can just use them through Right.
Speaker 1:So I'm a little confused. I mean, it sounds like they go after the backups, but the FBI is advising to prioritize backup security. Oh, I see I read it wrong. So prioritize backup security yes, not just the backups.
Speaker 2:That's the thing. If I told you, hey, I encrypted your data, you might think to yourself next, huh, I wonder how he protects my encryption keys. It's the same thing. Like you backed up the data, well, how do you protect the backup data, right? Like you made it immutable, how do you protect the immutability capability? You put a big steel door on the front of your house, well, how do you protect the door? Right? Like you know, okay, is it?
Speaker 1:yeah, it's fascinating though it's, it's interesting though, but why? Why this all? Maybe maybe I don't know if you covered this, but why is this all of a sudden coming up? I guess? Is it just because ghost is new? Nobody's ever heard of them.
Speaker 2:I I don't know the the answer, that one as to why the fbi is putting this out now. My, my guess is just a widespread impact of it seems to be moving fast and hard and and hitting 70 countries is a lot right like it's super active, that's very active, that is very, very, very active.
Speaker 1:So more of like an awareness campaign kind of thing.
Speaker 2:Yeah, for sure. Yeah, and it's exploiting CVEs that go all the way back to 2009,. Right? So that's another problem, right? These are issues that hell we've known about for a long time. What's up with that?
Speaker 1:So that makes sense. Yeah, let's let them know now you know, 20 years later, almost 20 years later, yeah, and take any takeaways before dropping off on this.
Speaker 2:I mean we certainly should. Because it's a quotable kind of day, we should share a couple of quotes from some of the other folks around the industry. So you know Juliet Hudson, the CTO at Cyberverse, you know she's quoted as stating Ghost is a dangerous nation state actor which organizations must make effort to protect against. So if this is a nation-state actor hitting that many nations, just like 70 different countries all over the place, it suggests that there's really no boundaries to what activity they're willing to get into.
Speaker 1:Okay, Well, lots of stuff going on AI, robots, ransomware, attacks, which are always going on but that's a pretty interesting story, though, in itself. I mean it's nice to see someone bringing awareness to it, but I guess it's never too late, the best time was yesterday.
Speaker 2:The second best time is today.
Speaker 1:Yeah, Well, if anybody has any questions more on, you know, data backups and data backup security and anything like that, or anyone that knows more on these topics that want to come on the show or just uh chat with us, hit us up. Yeah, yeah, um, that'll be all for this week and, uh, we'll see you guys next week.
