Skip to main content
Right of Boom
January 30, 2025

Session 1

Guests

Andrew Morgan

Video Transcript

Welcome, obviously, you know, introduce, you know, we here with my cohost Wes Uhoh. We've got, um, threat title. You're gonna have a bunch of people join. I think. Why? Uh, I got a notification. It went live. I thought I unlisted it. Well, maybe that was just to my account only, but I did get a notification that it just went live. I don't know if that'll show. It probably won't show, but It shouldn't. It's unlisted. Okay, no worries. No one's.

So, uh, threat intelligence evangelist is, is my new rule Threat inte. Sorry, lemme just, yeah, I like it. And there's some loud background noise. Someone have like a fan going or something? Uh, i I don't, It could be my actual MacBook. It's, it's fans going pretty hard. Ah, yeah, we're hearing it. It's like a drone, right? Les? Yeah. I would joke, we'll joke about it. What, what Bryson's working so hard is MacBook is, is sizzling. I could, uh, switch microphones instead of using the built in.

That may help. Yeah, it's fine. We'll joke about it. Okay. I think we joke about it'd be better we just turn off all my dinging and doning crap. Uh, okay. WhatsApps off. Close my emails. Email. All right, cool. Alright Wes, we'll do our usual one. Take my friend. Let's do it. Yeah. I got a 1230 so one take is that's what we're gonna do. Alright, fair enough. Let's go. 3, 2, 1. Hey everybody. Andrew Morgan here with my co-host from the cyber call. Mr. Wes Spencer, AKA dictator.

Wes, how are you Doing great. Alright. Hey, so we are joined with threat intel evangelist at the ConnectWise CRU Bryson Medlock. Bryson, thanks for joining us. Yeah, thanks for having me. Hey. Hey. So Monday 1:00 PM Eastern, we are gonna be talking about the, uh, potential conflict from a cyber warfare, cyber warfare perspective between obviously Russia and the us.

Um, we've had as of today, Friday midday rumors and, and TV announcements already that, you know, Biden suggests we should go attack Russia. Those have been since denounced, but we have seen the anonymous group actually attacking Russia successfully. Bryson, you're doing a lot of work, um, on the threat intelligence, uh, around this and we're gonna have you on talking about it. What can you share? What have you learned so far? So, so far all the activity has really been focused on Ukraine.

Um, and, and the main, uh, methods of attack they've been using so far are, you know, DDoS attacks to hit critical infrastructure and banks. Uh, there's been some defacements of, you know, government sites.

There's, there's been some, you know, vague warnings about big things to come or be afraid on, on different government sites as well as, uh, some, some lots of disinformation campaigns that are mostly targeted at Ukrainian and Russian citizens to, um, suggest that Ukraine was about to attack, uh, to discredit the Ukrainian government actually calling the Nazis. Um, saying that Ukraine's not a, an actual state, uh, that it's a US puppet.

Um, there's been lots of, uh, unsubstantiated claims about, uh, Ukrainian human rights violations against Russian nationals, that sort of thing. So that's, that's a lot of the justification that, uh, the Russian government has used for what they have done. Um, so, so that's, that's a big part of it.

Uh, but then as far as malware that we've observed, we, we, we've found different malware that, uh, have been attributed to multiple Russian intelligence organizations, uh, targeting Ukrainian organizations that are, uh, just data wipers. So they're just straight up destroying data. Uh, they, they are usually deployed either with ransomware or they pretend to be ransomware. Uh, but, but they, it's just, it's just determined to destroy data.

They're just trying to wreak havoc and, and, uh, um, distract from from the other things that are going on right now. So thi so Wes, I'm gonna come to you. Um, we're having John Murson, CEO Black Point on, he was with the NSA prior career, so I'm really interested to get his perspective on how, you know, US intelligence probably gears up with this. Let's talk about MSP.

'cause I was on with Ryan Weeks earlier, he was talking about wipers and he's gonna be talking about the four things that he's seeing from, um, an intelligence side. Wes, how and why should MSPs be tuning into this? And, you know, we talk about them being critical infrastructure. Give us your, your thoughts on that. You know? Yeah, there's a lot to say here. Uh, one of the things I wanted to mention is, you know, this whole idea of cyber warfare, right?

We've used those terms ad nauseum for decades now and, uh, we, we've always sort of wondered what would be the kickoff motion that would do something in a devastating, um, form and fashion that we've never seen before. And, you know, will any of this that's happening, um, between Russia and Ukraine, kick that off? Well, nobody knows, right? It's conjecture at this point and Bryson's correct.

You know, there's a lot of things that we're seeing, you know, um, being circled around what are the true, um, nation state capabilities of not just the US but many other enabled countries as well. And, you know, a lot of people want to speculate on these things and the truth is we just don't know. Um, there's arguments that one could make saying that, you know, the federal government has had all kinds of power and capability, been waiting for the moment to unleash it.

We just, at this point, you know, we have to, it's a wait and see. But what we do know is this, because of the sophistication of this conflict and the capabilities of Russia, both as a nation state and threat actors inside their own domain, we know that we need to be prepared, right? Like, this should be a moment that we say the capabilities of something happening, Andrew, that we've never seen of this kind before. We've gotta be prepared for that eventuality, right? We've got to.

And so I think MSPs need to be prepared. There's already a lot that's come out. I know you, as you mentioned, Ryan shared some great things from CSA and their shields up and like some preparation things that need to be in place.

Um, I think what we don't want to do is we don't wanna run around as the security people of like chickens, you know, their heads cut off of like, oh no, the world is falling and we're all about to be destroyed and, and hacked to oblivion and power grids are gonna be off forever and dams are gonna be broken. We don't know that yet, right?

So let's not go to those extremes yet in communication because if those things don't happen, then once again, we, cyber people are seen as the nerds that are never brought into actual discussions of risk in the boardroom, right? So let's prevent that. But let's, let's also engage, um, our stakeholders in, hey, we're aware of this. We know that vigilantes like anonymous are engaging. They've already declared cyber war themselves.

What may happen from nation to state to nation state is capable and possible, but it's not happened yet. So here's what we're doing to prepare. And so on the cyber call, we're gonna talk about those things that you need to do to be prepared. Um, but let's, let's make sure we guard our communication at this point until more and more news comes out and we see what actually comes of all of this. So that's Andrew, what I think MSPs need to be really thinking about and preparing for.

Let's leverage this, but let's not over leverage it, if that makes sense. Yeah, really well said, Wes. And I think communication and how we're communicating to clients and prospects, this is a really an, I see it as an opportunity, not opportunistic, but an opportunity for MSPs that have been preparing, increasing their security posture and really looking for ways in which to talk about risk with their customers. Um, this is a good, good opportunity.

So Monday 1:00 PM Bryson can't wait to have you can't wait to have John Merchants and the rest of the team. Um, we'll put the links in, um, the description on how to join us and so that make it a great deal, everybody. Thanks. Thanks. Good stuff. Perfect. Cool. Yeah, that's good. That was good. Alright, I'll get that off. I did I mention Conti? I you didn't, I don't remember that. I didn't. Okay.

They, they recently, they just like a few minutes ago released a statement publicly endorsing Russia and, you know, declaring war on anybody who attacks Russia. Do you have that URL You can throw in chat real quick. Um, Or is it Twitter? I mean, it's, it's their leak site. I don't, I don't like sharing sites directly owned by threat actors Publicly. Oh, okay. Um, Can you screenshot that statement though? Yeah, I can do that. Yeah, if you can send it over via Email.

This is like the third talk I've had on this today. I don't remember what I talked about and what I haven't. Uh, where do you want me to send it? Just through email to me and Wes. Alright. Um, okay, I'll get Wes. Do you think wait till Monday or push this out now? Yeah, get it out. Okay. I will get it out And I don't know what, uh, um, LinkedIn is the, the hashtags for what's going on in this conflict, but may wanna search for a few and see which hashtags to use. Okay.

Uh, let's see if I can figure out a couple. I would obviously use, um, Russia, Ukraine, that's trending. Um, Russia, Russian threat is trending. Cyber, I don't know what else is trending, but those two are trending. Um, can you share those us either text or something to me? Yeah. Uh, let's see this one and Uh, This one and More, I'll copy pasta them to you here in chat. Can you check just to, oh, okay.

I was wondering if you could, is there any chance, since you have that on your clipboard, can you text it to me? Just, uh, because I'll shut this. Uh, yeah, I'm on a PC but I can email it. Okay. Email. That'd be great. Compose Andrew. Alright, dudes. All right. Yep. All right. Right. Uh, Bryson, thanks. Can't wait to have you back. Um, yeah. Thanks. Thank you bud. Talk soon. See you guys. Take care. Thanks.

Related Videos

Session 1 | Right of Boom