Our own Senior Director of Security Dan Trauner was recently interviewed on Hacker Valley Red, by hosts and fellow Axonians Ronald Eddings and Chris Cochran. Dan talked about the technical specifics of a hacker’s mind — how we can understand motive and deception, trends among attacks, and much more.
In this excerpt from the podcast episode titled ‘‘Crowdsourcing Hackers with Dan Trauner,” Dan provides insight on the future of cyberattacks, cohesion between red and blue teams, and security risk trends.
Editor’s note: The following transcript has been edited for brevity and length.
Ron Eddings: Is there a big difference in the security risks and themes that pop up for large organizations and startups?
Dan Trauner: There are some basic threats that are going to be present for almost all companies. For example, commodity threats like credential stuffing.
And it's not because any one company's being targeted. It's just because it's so easy to automate that at scale and the availability of passwords from previous breaches. Plus, the fact that people are people and they're going to keep reusing passwords.
That, in turn, should motivate some of the early stage controls you set up at a company, like corporate password managers, implementing single sign-on, and enforcing multifactor authentication.
You do need to consider your own threat model as well. Not all companies have access to the same data. Not all companies have the same types of customers. It's very important to think about who your adversary is, what they're after, and what the stakes are before you even decide what particular defensive tech needs to be applied. Because a one-size-fits-all approach doesn't work.
Chris Cohran: For someone that's listening to this podcast, how would you simplify the relationship between the red and blue teams?
Dan: When it comes to the difference between the red team and blue team, there’s this cat and mouse game of one side trying to develop certain techniques that the other side can't detect, and going back and forth.
Each side has to look at the other side's cutting edge techniques and understand how they got there.
If you're a blue team practitioner, and you want to understand how you would pivot around a Windows environment, researching cutting edge tools or listening to conference talks that outline techniques for doing this in modern architect environments will help you understand the thought process to arrive at this particular set of tools or techniques. The best people, on either side, can then extend that a little bit and think about it from their perspective.
Ron: What is your stance on the future of cyberattacks? Do you think that certain types of attacks are going to start to evolve?
Dan: There are two things that come up a lot when I hear people talk about the future. One is that there's AI and it's going to be really good at this.
In my experience, there’s a component of this that’s going to be driven by humans pretty much forever. Because as we build more advanced systems, make the inputs more complicated, and do things like create smart contracts on a blockchain, these systems are going to have novel ways of being attacked. There's not going to be a good enough way, at least for a very long time, of automating those attacks.
If you look at the technology side, some of the vulnerabilities that exist because of technologies like smart contracts and how those systems are designed, there's this built-in incentive model where if one of those contracts are broken, you can steal hundreds of millions of dollars. That’s a pretty big incentive.
And I look out for these bleeding edge technologies, where there's a very big gap in skills, not enough people are doing security for things like smart contracts. As new technologies appear, there's always going to be a cohort of people that very quickly find the worst possible weaknesses and build stuff up.
Tune in to the full episode now.
