Reputation is Everything: How AI and Domain Security Shape Today's Threat Landscape Artwork

Security Unfiltered

Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

All Episodes

Security Unfiltered

Reputation is Everything: How AI and Domain Security Shape Today's Threat Landscape

June 02, 2025 • Joe South • Episode 193

Send us a text

Ihab Shraim shares his expertise on domain security and why it represents the "missing chapter" in modern cybersecurity strategy. We explore how AI is accelerating cyber threats from years to weeks and why protecting your online presence is more critical than ever.

• Domain security is often overlooked despite being critical to an organization's reputation and online presence
• Over 93% of security professionals can't identify their company's domain registrar or DNS provider
• Modern cyber criminals are sophisticated organizations who target "soft targets" rather than heavily defended perimeters
• AI-powered tools like FraudGPT and WormGPT enable custom malware creation for as little as $200 on the dark web
• Voice cloning and deepfake technologies are being used in increasingly convincing social engineering attacks
• Zero Trust architecture and layered security approaches are essential for comprehensive protection
• Blended attacks targeting multiple systems simultaneously represent the future of cyber warfare
• Reputation management encompasses domain protection, brand abuse prevention, and counterfeit detection
• Personal data protection requires vigilance about what you share online and implementing proper security at home
• Companies must have actionable response plans, not just detection capabilities

Connect with Ihab Shraim on LinkedIn or email him at ihab.shraim@cscglobal.com to learn more about domain security and protecting your online presence.

Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.

Listen on: Apple Podcasts Spotify

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Speaker 1: 0:54

How's it going, ihab? It's great to finally get you on the podcast. You know, I think I may have had to reschedule a couple times there. I'm blaming everything on my newborn at home, so I don't know if it's a viable excuse, but that's what it is, it's a legitimate excuse for sure.

Speaker 2: 1:12

Congratulations on your newborn and hopefully he'll be a scholar in the future and hopefully he'll be in our field in the cybersecurity world.

Speaker 1: 1:22

Yeah, I feel like my firstborn. She's only two, but every time I'm on the computer you know she's like very interested in it. She wants to, you know, hit the keyboard and see what it does. You know, because like now she's putting together. If I hit this, something happens on the screen. You know like she's figuring that out and so it's. It'll be really fascinating to see like you know where they go in life, right and and what they do. Yeah, I, I don't really care, and it's the same thing for my wife Like no-transcript.

Speaker 2: 2:21

I totally agree with you. My daughter luckily, last Saturday she got married and she's in law school. She's got one year to go and I look at you know her progression in life, how she looked at computers and what did she like. She loved debate. She liked to debate things and, to be honest with you, she will be one of those unique lawyers in the future who is extremely versed in technology.

Speaker 2: 2:50

So the impact or the effect of parents over children is huge, specifically not just from a DNA perspective and teaching them the right principles in life, but also your work affects them in one way or the other. They may not pursue what you, let's say, have pursued in life. However, they will have a spin or an addition by which they are going to utilize that expertise that you passed on to them. In my daughter's case, she's not going to be like your normal average good boy. You know most lawyers today. They know computers, but my daughter knows depth in how the Internet works and how is it interconnected and what's behind. You know scams and attacks and things that I'm involved in that I described, you know, to her and the family over dinner.

Speaker 1: 3:46

Yeah, I think that's really important Setting a good, you know role, maybe not even necessarily like setting that good role model I guess you're doing it, you know, regardless but setting the standard right and and the expectations.

Speaker 1: 4:02

And I want to like clarify what I mean by that right. Like I like, uh, going into it right, I don't have the expectation that my kid's going to be a doctor or a lawyer or anything like that, but I'm working on my PhD right now and I have two little kids, two kids under two, right, and so that's like three full-time jobs right there, you know, all on its own older. You know, I kind of want to eliminate those excuses for them to be like I don't want to go get my master's, I don't want to get my bachelor's, I don't want to get my PhD, because I want to show them like, hey, you know, yeah, it's difficult but it's achievable, you can do this. You know, if this is something that you're passionate about, that you want to do, you can do it right. It's kind of like eliminating. I view it as eliminating those excuses before they even like crop up, right, because it's like well, if dad did it, you know, I can do it too If mom got two masters, I can at least get one.

Speaker 2: 5:07

Right, right, no, setting an example is amazing. What is that PhD in, joe? If I may ask, yeah, yeah.

Speaker 1: 5:13

So it's utilizing the Zero Trust Framework on communication satellite infrastructure to prepare it for post-quantum encryption.

Speaker 2: 5:21

Wow.

Speaker 1: 5:23

Wow, yeah, so there's three major components there, right, zero, Trust, satellite security and quantum. I've never touched on before, I've never looked at, or anything like that. And I really wanted to use, you know, this, this PhD, to kind of prepare myself for the future, right, like that's where security is going, that's where warfare is going, even. And then I wanted to challenge myself, because I feel like if I'm not challenging myself, I'm not growing. I get very frustrated. So if I was going to do my PhD, you know, in like cloud security or something I mean, that would be easy, right, that would be a cakewalk for me. I don't want to, you know, knock anyone getting their PhD in cloud security.

Speaker 2: 6:16

But you know, at the same time it's like, hey, if I'm going to do this degree, I'm going to get as much value out of it as I possibly can. By the way, you are combining probably three of the most exciting areas of heavy development, specifically on satellite and quantum computing. I mean, this is not only the future. This is where the attacks are going to be so blended in the future, by which they're not going to be just what we see today. The blended attack, threat vectors, the combined ones, they are going to be massive.

Speaker 2: 6:45

If you remember what took place a few weeks ago in Spain, it's $1.6 billion loss in just in a few hours and people panicked in Spain, just because, you know, the internet was not available. Well, satellite communication was not available, telephone communication was not available. Everybody went south, they didn't know what to do. And if you look at it, say 35 years ago, I remember the phone that we had in the kitchen with that long wire Right by which, yeah, if I want to talk to Joe, hey, Joe, I'll call you tonight at 8. And that's when Joe will be waiting by the phone for me to call him at 8 from my kitchen phone, Whereas today people carry that mobile device and their livelihood is dependent on it. And to tie it with what happened in Spain, this is what's going to happen in the future. Yeah, Attacks are going to be in mass attack.

Speaker 1: 7:43

Yeah, yeah, you know I didn't look too hard into the Spain attack. I heard about it, but as soon as I heard about it, my initial thought was well, that's a great practice run for someone. You know someone, some adversary out there is 100% trying to run a practice test on it. I always go back to when America invaded Iraq. The very first thing that we did months in advance of our invasion was we intercepted all communications in that country. Every single thing. If you picked up a phone, had a radio on you, whatever it was, we were intercepting it.

Speaker 1: 8:24

When we decided we were going to invade, still months beforehand, the power went out, did not come back on, the water stopped flowing, the gas stopped operating, and that was all cyber. The NSA was doing all that stuff Exactly. I mean, a decade, two decades, before we even realized that was possible, right. And then fast forward to Stuxnet, and I think it was 2011 timeframe, right around there, and that's when the world kind of started to slowly wake up, right, and the NSA was doing that. You know, 10, 15 years prior, right, it's.

Speaker 1: 9:05

It's fascinating because, as security experts, we're looking at that and we're like well, you know, we, we test out things. You know the same. The just other nations test it out on other nations. You know, by the time we get to the nation state level attack, it's I mean it's operating on its own. You know you hit enter and it's doing everything on its own. And that's actually what some friends of mine that were cyber warfare officers said. You know, like you do so much prep work and you do so much practice and testing and it is verified by five, seven different levels, that by the time the actual attack occurs it's all automated. You hit enter on a keyboard, it's done. You don't have to worry about it for the next 10 years. It's going to do its thing until it's discovered for the next 10 years.

Speaker 2: 9:58

It's going to do its thing until it's discovered. Yeah, in fact I remember I used to. One time in my past I worked at NASA and one of the interesting things and, by the way, this is how I got into cybersecurity I used to set up machines Linux machines at that time. I used to set up machines Linux machines at that time and do the security posture on these machines, machine by machine about 300 of them and there's groupings of machines associated with missions and these are satellite missions and of course, the satellite has been launched and we send and receive data to the satellite and these machines crunch the data for the various scientists to work on a specific research and of course, they want to achieve that conclusion. That research could be a lengthy research 10, 20 years and so forth.

Speaker 2: 10:53

And one day one of the scientists on one of the missions came and told me I see this user on my machine. His name is Papari. He comes in at 4 pm every day and I don't like that. Can you please tell him not to come on the machine? I'm like you know that user. This is his personal Unix machine. He said no, I don't, so I go in the machine, I delete the user and I go away. Machine. I said, no, I don't, so I go into the machine, I delete the user and I go away. Well, then he came back and told me he created the account again and it's immediately, like I said, that machine is breached.

Speaker 2: 11:31

We do some investigation on the machine. We find that there are 60 machines with the name Papadi and none of us understood what is happening, because security in the early 90s wasn't like the most important thing and in fact we want to share data and information. And who thought about security? Finally, we find out that this person has multiple accounts and we went and deleted them and of course, we set up some sniffers et cetera on the network. Now there's a huge number of technologists trying to figure out where is Papadi coming from. We couldn't tell the source IP, because that individual was very smart. Finally, one of us said why don't you advise me, go to the library and search for what Papadi is? At that time the internet wasn't even there in the sense of having Yahoo and-. Yeah, you're going to the library and search for what Papadi is, and at that time the internet wasn't even there in the sense of having Yahoo and-.

Speaker 1: 12:21

Yeah, you're going to the library.

Speaker 2: 12:22

Yeah. So I went to the library. I found out that Papadi is a Greek god. He said oh, he's coming from Greece, this is how we knew him. And we set up some traps and luckily he was caught and all that.

Speaker 2: 12:36

But this is how things begin. And now look what they will become. What they will become is what you just mentioned Satellite communication, jam, all that communication at any, say, country you want to invade. Let's say we are not invading a country. Let's say we just you know state-sponsored attacks. What do they want to do?

Speaker 2: 13:00

Well, now they can use these amazing AI-powered platforms to generate malware, like in the case of StocksNet. It will make StocksNet look like it's a child with what we are seeing today. I mean these platforms are already out there. There's ChatGPT, which is what we are seeing today. I mean these platforms are already out there. There's ChatGPT, which is what we use. There's BadGPT, there's GlowGPT, there's FraudGPT, there's WarmGPT. I mean the names are almost infinite.

Speaker 2: 13:30

And what they are all designed behind is to generate the top number one vector that we all are suffering from phishing and malware distribution. And these platforms are so powerful to generate. And look how sophisticated these platforms are. Not only they're capable to generate malware that can be changed in real time, and this is key. This is how you evade signature detection techniques. Not only that, they can generate, you know, with deepfake and voice cloning they can generate your executive's voice, augmented with E-Net to just launch a phishing campaign, phishing what we started with in 2003 as a commercial product. I used to work for a company where we launched our first commercial phishing product at that time and I'm telling you we were in the dark ages if you were to look at 2003 versus 2005. I mean, it's insane what we are seeing. The threat vectors are severe and now blend these attacks together between satellite attacking the infrastructure of a country, augmented with attacking the infrastructure of a country, augmented with attacking the banking industry or the financial sector. This is serious Attacking, for example, anything with the power industry programmable logic controllers.

Speaker 2: 15:11

These programmable logic controllers are for specific systems to do a specific function. Think of it as an isolated system to do something for that power plant or that water treatment center. What if you pollute it? What if you add ammonia to it? What if?

Speaker 2: 15:29

I mean, this is getting sophisticated to the level that you really really must employ zero trust model. You must Zero trust if it's not employed, you are in trouble. And if you don't have the right programs and if you don't have the right mechanisms to do security in depth, that security posture is so essential now to corporations, as in private sector and the public sector. But that will get us into another topic, which is the most critical topic, that I think it's a missing chapter in the cybersecurity posture, which is domain security, and that I would like us to discuss that if you are interested to dive a little bit deeper into this topic, because I think this is a chapter that is truthfully missing. While companies think that they are covering it, they're covering a portion of it, but they are not covering the whole spectrum of domain security.

Speaker 1: 17:04

Yeah, we're definitely moving into uncharted territory before you know, like we've never had. I feel like AI has always been on the horizon and I'm currently I'm like in this argument with myself right when it's like well, we've been told, you know, ai is next year, and then 10 years, you know it comes right, it's always 10 years away. Years, you know it comes right, it's always 10 years away. But now it feels like it's more present than ever and I'm trying to fight with myself and convince myself ah, it's five years away, you know, but at the rate of growth and the rate of expansion of it, it's like man, maybe it's eight months away, you know.

Speaker 1: 17:42

And with the attack that you were talking about, I actually experienced that at my current employer, and I won't mention the name, of course, I don't feel like getting sued today. That's good, but the attacker spoofed our CEO's email, spoofed his voice, sent an email to send $20 million somewhere. He sent it to our CFO, the guy that would actually be approving it, and then he followed up with a phone call. The CFO basically automatically called the CFO from a number that the CFO didn't recognize, and that's how he was alarmed by it. But it sounded exactly like the CEO, exactly like it, and it's not hard to do that right. We do earnings calls every month, every quarter whatever it is.

Speaker 1: 18:39

You know, and so you could just take that transcript, put it into your AI and now you have their voice fully replicated, because the CFO he was saying it sounded exactly like him, like didn't miss a beat, how he was responding to everything. That's how I expected him to respond. The only thing that caught him off was the wrong phone number. And there was another level of verification that they had to go through that we have like an internal policy around that the attacker didn't know and so they weren't able to do that, that final like verification. But I mean he, he literally said he's like if they give me that final piece of verification, I mean it's, there's no questions about it.

Speaker 1: 19:20

It's like the money is going this is you right Like we don't have to do it in person, you know, and so like it's just crazy because, like a month ago, you know, I was reading about those kinds of attacks and now, literally a couple of weeks ago, you know, this happened in my environment. I'm just sitting here like man. We're going at such a rate that it's going to be almost impossible to keep up.

Speaker 2: 19:49

Joe, you've hit the nail on the head. Ai now accelerated the growth of anything, whether positively or negatively, to a rate of weeks, months at best, versus what we used to deal with, which were years. Not anymore Is what we are seeing today. The acceleration factor is unprecedented. No one is keeping up and this is why it is crucial of what corporations should look at now. It's not the truth. Is everybody's going to get breached in one way or the other. What is the level of the breach is the key. You could lose a system here. You could lose, you know, say, unsecured whatever in your cloud environment. However, you cannot lose assets, online presence you cannot lose that. You cannot lose your reputation. This is extremely not important. It is the key factor of how we should exist. Reputation now is important. Look at the level of breaches. People are losing data. So let's look at the growth of AI now.

Speaker 2: 21:12

With these platforms that are in the dark web, by the way, highly accessible for $200 to almost $1,700, $1,800, you can have the world at your hand, between your fingertips. You can generate malware brand new malware. It's brand new. It's yours. You can launch the malware via campaign. You can rent your command and control, as well as your distribution site and the collection points. You can own it all. You can own a botnet for 10,000 machines, 20,000 machines, 30,000, whatever number you want. It's how much we would pay. Organized crime can pay. And 10 grand, 20 grand is not a okay, they'll pay it, but because they steal it from somewhere else. So that level of sophistication is out there.

Speaker 2: 22:04

So the good guys, the white hats, are really struggling now to keep up with what's going on, and we're all are saying the same thing. So what is the answer then? The answer is you have to think in terms of zero trust. If you are a corporation or an enterprise, you must have a layered approach to security. You must have partners. You must. It's non-negotiable. You can't run just a data center anymore, thinking the world is great. No, you have to have to run the data center and your cloud with trusted partners, and those trusted partners must be auditable. And to keep up with AI, you've got to have an AI team. You've got to have it. You've got to have people who understand AI, not to just read about it. Implement, and corporations must invest now. This is, with all due respect.

Speaker 2: 22:58

Whoever doesn't do it, they're doing two things to their organization. Number one they will lose the game Definitely in their field. So let's say their field is manufacturing something. Somebody is going to come with an automated method via AI and will take that business, that manual business, out of their hands. That's it. They lost their bread and butter. But the other one is they're going to lose it for the bad actors, the cyber criminals.

Speaker 2: 23:24

These guys are so crafty, that's all they do all day long. They're organized. They don't come as one person, like in the old days. 20 years ago, we used to have this kid who's sitting in the basement trying to hack into things and he or she have a piece of droppings on their shirt. No, this is not who we are dealing with. We're dealing with people who know how to do reconnaissance scanning. They look at your social media for your corporation. They understand your job postings. They know your executives. In that example you mentioned, they cloned the CEO's voice. That means they have used AI cloning. They probably have already. Not only the spoofing part is an old scam which is spoofing the headers of an email, but it tells you that probably the campaign or the kit that was sold to them was not comprehensive and that's why they fumbled by calling the wrong number because they had an old number.

Speaker 2: 24:19

It's just amazing. To be honest with you, you guys lucked out on this one. But imagine if they have the right number Social engineering is so crucial If the company doesn't train their employees on social engineering and if they don't have a security program. What is a security program? Penetration, testing through third party trusted partners as well as you. You, the owner of that corporation, must execute, must have security teams that do that. You should have vulnerability assessment program. You must have a CISO to attend to your security policy and adherence training, training. Oh my God, if corporations take this lightly, they're in trouble.

Speaker 2: 25:04

Think in terms of your online presence. Let's say a corporation, xyzcom, exists online. If you think in terms of somebody hijacking that domain name, what would that corporation do? You know, I go to security conferences and we are a vendor and I go to the vendor floor and I ask a simple question. We are a vendor and I go to the vendor floor and I ask a simple question All these security companies, security companies well-funded by the VC world in Silicon Valley, well-funded. I ask them two questions who's your registrar and who's your DNS provider? Here's after a year of investigation and doing that survey. Here's the finding More than 93% of the folks who are on the floor within that security company don't have a clue, not even don't have a clue.

Speaker 2: 26:02

They will tell you I really don't know. That's a good question. Shouldn't be a good question. You should tell me I know the person who knows the answer. You don't have to know the answer, but I know the person who will give you the answer.

Speaker 2: 26:13

You must know your registrar, your domain name, which you do. Your online presence you do your online. If you are a financial institution, that's online banking. If you are a manufacturing company, it's your website with a user ID and password to log into that portal. It's your reputation. People don't know who they register and then, when you find out who the registrar behind them oh my God, it could be some retail registrar that no one had heard of just because they have some cheap services and they don't know.

Speaker 2: 26:48

And you look at the company, you will see the marketing department. They're buying their own domain names. That legal team is buying their own domain. The IT team. This is called shadow IT. Shadow IT comes when you have no security policy that controls who gathers all these domain names and how these domain names are being managed and how they are being renewed. It's not about renewing and managing. It's your reputation, and the same applies for your DNS. Who's managing that DNS? Do you have a business continuity plan as part of your security posture or your security program?

Speaker 2: 27:28

Okay, okay, let's say the DNS services have been taken out by a DDoS attack. What do you do? What's next for you? And then someone will say yeah, don't worry about it, we can scrub the traffic through our partner. Yeah, really Okay. Most of the time when you are under DDoS attack, start thinking that you have blended attack, that they are doing something else to your organization While your team is busy doing DDoS mitigation. Something else is happening and, by the way, when you do a DDoS mitigation, you lose some of your real traffic. Most corporations are going to go through this DDoS attack.

Speaker 1: 28:28

Recon, being, if you are well known, on the block, so to speak and it's funny because I'm in a young neighborhood, there's a lot of families with kids all around me and everything. There's a group of kids that will ring your doorbell, run away, light some fireworks off in front of your house in the street, you know, just being kids, you know, and I got tired of it and I like tech enough, so I bought a couple cameras, just put them around my house, not to like identify them, right, like who cares about that, but so that they would just see that there's a camera there. Like hey, you probably shouldn't. You know mess with my house, right? And sure enough, you know all of it stopped immediately, like as soon as they realized.

Speaker 1: 29:16

You know that those were up, even though I don't really care, you know it all stopped and it's beneficial, right, because I have two little kids at home, so it's like I'd prefer them not to wake up my two-month-old, you know, after I just tried to put her to sleep, there's no need for her to wake up with fireworks. But you bring up a really valid point, a valid area that I feel like hasn't even been touched on or harped on like it used to, when I was first getting into security, the whole rave was Cloudflare and DDoS protection and WAF protection and I really haven't like heard very much about it, that domain of security at all at that domain of security at all. You know, and I've been at several, you know, multi-billion dollar companies, very large companies, very small companies, and it seems like it's just like forgotten almost.

Speaker 2: 30:16

Exactly, actually, what we classify it. It's the missing chapter. So, like I told you earlier, I started in cybersecurity in the early 90s, in the dot-com boom. I joined one of the best, probably, companies at that time in Maryland. It's called DigX Web Hosting. We were the it, the it Everybody hosted with us. And I cannot tell you how many attacks have we received 99,000. We hauled 40% of the internet traffic through DGX. We ran major pipes 48, by the way. It's a joke now, but then that's what we did.

Speaker 2: 30:58

But the attacks were relentless DDoS attacks. We had DNS poison, dns email spoofing, session hijacking, all types of attacks. And that's in the early I'm sorry, late 90s, early 2000s, fast forward to today. These attacks are still being used, but the way they are being deployed in different techniques and tactics. So if you look at the threat vectors, they're all, by the way, in general are part of the weakness of the TCP IP protocol. And this is our problem TCP IP version 4. Yes, they say you can go to 6. Yeah, but we depleted all the IP pool for TCP IP version 4. And that's where all the flaws are in, because we're still running as an internet, we're still running old code, we're still running, by the way, unix machines on Solaris. We're still running that. You will find the DNS server somewhere.

Speaker 2: 31:57

But when it comes to domain security, domain security is built on registrars and registrars speak with registries. A registry. Think of it. Security is built on registrars and registrars speak with registries. A registry. Think of it like the owner of the map of how we deploy things on the internet from a naming convention point of view, meaning domain name convention. So Verisign, verisigntodaymanagecomnet. There are 13 root servers, only 13. And they're allocated to certain entities to operate them. But under these registries, there are accredited registrars. They're accredited by ICANN, and here's where it begins. You will have corporate registrars that are secured and retail registrars that are not very secured, and you have the mom and pop shop in some country out there. So think about it in terms of how things happen. There's a global company and you have call it dot and then country name. I'll give you an example Dot UK is a country, dot US is a country. That's called ccTLD, country, called top-level domain, and then you have gTLD, global top-level domain, which is something like a com net.

Speaker 2: 33:18

Now, if somebody wants to attack a company, you go through the soft targets. You mentioned it. You don't want to be the easy part, right? You want to be the soft target? No, but that's what they do. They go through the soft targets, the exposed soft target.

Speaker 2: 33:34

Why should you go and attack an organization or an enterprise that spend hundreds of millions of dollars on their firewalls EDRs, xdrs, ips, name it? They haven't and, by the way, nothing is integrated, but they have. But then the perimeter seems like well defended. Why would you want to breach that perimeter when you can attack their domain names and all you got to do is do some social engineering attack and no hacking techniques are needed? Or, which is even best? I look at the company. Yeah, they have a presence in Vietnam. Beautiful, go hack into that registry. A registrar over there, that's it. And, by the way, it's not going to be well defended 99 out of 100,. It's not going to be well defended unless you're working with a registrar who creates the defense mechanism for those domain names that they're managing, mechanism for those domain names that they're managing, such as the company I work for. In such case, that domain name portfolio has a moat around it, virtual moat, and that virtual moat is the protection mechanism. Then you layer the solution by which you protect DNS, and now you have protected the most critical entities for your online presence. And then you augmented with solutions to tackle the top threat vectors. You want to see how many domain names got registered on a daily basis that are associated with that brand, how many were re-registered, how many were dropped, how many are classified, as we call them, dormant domain names. A dormant domain name is where bad actors buy them and they buy masses of them. By the way, organized crime doesn't buy one domain name. They buy thousands Everywhere, with multiple extensions. So they buy them and sit on them and then they activate them, meaning weaponize them as part of a campaign, and then they deploy, and they deploy in mass, they deploy en masse While people are asleep or while people are busy at work launching something. They will take that opportunity and attack that corporation. So let's say we're launching a product and they're hearing yeah, in September we're going to launch a product, but we didn't disclose yet the full date. Say, ok, we're going to attack them in September, we'll attack that enterprise in September and this is what we're going to do. We're going to do a blended attack and we're going to go after the exposed surfaces. Exposed surfaces are the ones.

Speaker 2: 35:56

I described your domain name, your DNS, your email gateway, anything that you can query on the internet. And, by the way, you don't have to be a genius. You go to any online service and you will query any company. You will see. You don't have to go far. Go to their job postings. You would know what kind of infrastructure they have internally. The information job posting will describe what most companies offer inside. You know, within their enterprise. They'll say you know, I want you to know, for example, xyz software release and so forth. That's it. They've already known what's inside. Then they can query your. You know your WAF or your firewall. They can figure out in some way or fashion that security posture and then they will attack the soft targets.

Speaker 2: 36:44

And this is the missing link. This is the problem and I really we have been sounding the alarm in the industry on this topic and it's sad when you see that people don't have a thorough understanding of that particular problem and when they have it. With all the respect, imagine you could be a multi-billion dollar company fighting. What is the domain name? It costs about 25, 30 bucks. They're fighting the organization for how are you going to protect 25. Man, this is your reputation. You should have brand protections partner, you should have a fraud protection partner.

Speaker 2: 37:21

And here's the best part you just don't want to say where the problem is. You want to manage the problem. In other words, most platforms, cybersecurity platforms. They rely on detecting the problem, analyzing the problem or detecting the problem and providing you a platform to do threat hunting Fabulous, okay, then what do I do next? Or you can block it if you buy my appliances. What if I didn't buy your appliances, all of them? Well, you're in trouble.

Speaker 2: 37:52

So in our company, we are quite innovative, because this is the space I have been working in since the 90s. So we came up with what's called actionable global intelligent takedown service, which means not whack-a-mole like in 20 years ago. No, intelligent. Look at the botnet, you dismantle it, you neutralize the threat. This is actionable in real time.

Speaker 2: 38:18

If you have a 30,000, 40,000 that are distributed around the world, what are you going to do? We're going to go whack-a-mole? No, you can't do that. You don't have enough manpower. So you have to neutralize the threat. Well, how do you neutralize the threat? You got to have the right partners who are versed in that space, like that corporation is versed in the space. They are making their revenue from. There are cybersecurity companies such as ours are versed in that space that are so capable to protect that domain name portfolio and give you a cybersecurity solution to protect the domain name, and then you take care of what's called inside the firewall cybersecurity posture. That gives you a complete picture for a comprehensive cybersecurity posture. Otherwise it's incomplete. A complete picture for a comprehensive cybersecurity patch.

Speaker 1: 39:08

Otherwise it's incomplete. Yeah, you bring up a very valid point, right. Like you have to protect your brand like no matter what you know and I think of when we're talking about like brand. You know reputation, right? I think of LastPass, yes, and you know the community that they kind of catered to. They catered to the average user, but then they heavily catered to the security community as being the best password manager out there. It gives you all of the advanced features that you're probably working with at work and they ended up getting breached. And they ended up getting breached and it took them three months to own up to what was actually breached and how it happened, maybe even longer than three months.

Speaker 2: 39:54

Or being sold Right.

Speaker 1: 39:56

You know, and, like I was sitting here like are you kidding me? Like you don't know what happened. Is that really your argument? Right now, because I literally work in the industry that you market to, I know for certain, without a doubt, that you would know exactly what happened within seven days. Like you can't, you can't tell me that you don't Right, and it was really just based on how they handled that that I ended up just switching password managers because, like there's no way I'm paying you for a service that you can't figure out how to secure, right, and you're over there, you know, owning up and saying like, oh yeah, we, it's not that bad. And then it turns into they got the, they got the vault, but they don't have the key. All they, they actually got the vault, but you know it's encrypted this other way. You know what? Never mind, they already got that. Like it's all this back and forth and I'm just sitting here like, man, guys, you handled this. This is a masterclass on how to not handle a brand related issue that we sold.

Speaker 2: 41:08

He called me and told me he invested in LastPass and he wanted me to help him during that breach. So I spoke with their CTO at that time and it was within a week of a breach and they were frightened and they wanted me to help out due to the fact that I'm, you know, I built all these solutions to combat fraud on the internet and brand protection that's my specialty. So he told me that they lost the encryption keys and brand protection that's my specialty. So he told me that they lost the encryption keys. I said, okay, I'll look. So I did. And I said my friend, you are in trouble, he goes. Can we clean up the underground world? I said there is no entity on this earth that can clean up the underground world. You got to understand your insecurity. How do you say a statement like that? Nothing against that person, but seriously, they think you hire a vendor, you go clean up. This is not how it works. That said, the kitty is out of the bag, it's done. I told them what you need to do now is to work on mitigating. This is not how it works. That said, the kitty is out of the bag, it's done. I told them. What you need to do now is to work on mitigating your reputation.

Speaker 2: 42:17

So reputation, what is online reputation? Online reputation is the most essential thing On a personal level. It's your entity, your name, your family name, your credit line history. It's your entity, your name, your family name, your credit line history. It's your standing in society and so forth. It's a multitude of say, disciplines, right, but from an online perspective, your personal identity is important. You don't want to lose that your PII data, your personal information, identity data. You don't want to just give it away. People say I have nothing to hide in social media. Okay, great, all your pictures, all your information is being fingerprinted, digitized and archived in massive databases now. But the trick is not. The trick is not just protecting an individual reputation. What about the corporate reputation?

Speaker 2: 43:12

So there are three factors. There's brand abuse, where you can badmouth the corporation. There's counterfeit, if the corporation produces a product that can be copycatted or mimicked so that it will be sold in the legal market on these online stores today and auction sites. And there's the third one, which is unauthorized resellers, meaning I am selling a legitimate product but I'm not an authorized reseller. There are three and most people don't know the depths of what is reputation or brand protection of an enterprise. This is what we do.

Speaker 2: 43:53

We invented this methodology. We invented these three disciplines or three areas by which we go not only detect it but enforce on it, meaning delist it, remove it, clean it up. But there is no such thing that I have an eraser and I'm going to go erase it from the Internet. It's impossible. You're going to erase it from the common gathering areas, e-commerce areas, social media channel. So there are channels. You clean it up in social media, e-commerce, you clean it up in your search engines and so forth. There are these well-known areas Underground. Forget about it. You can't, because it's not owned by the individual.

Speaker 2: 44:35

Also, you can go to a website, I'm sorry, to a site by which it's underground, by which you can say, you know, shut it down and say, okay, I'm not going to show. What are you going to do? Sometimes I'm going to give you the most interesting there's something called bulletproof web hosting or bulletproof registrar, et cetera. That concept is a very important concept in cybersecurity Because then, for example, in Russia, the registrar is the cyber criminals is the web hosting, is the one who's launching the attack. So what are you going to do? Call them and they will pick up the phone. Yes, they have an answering service, they are a full-fledged company. Yeah, but they will not do anything about it. So what do you do in that case? How do you mitigate that?

Speaker 2: 45:28

Okay, there's a phishing attack against that corporation, jeopardizing the reputation of the company or mimicking, say, a website with some indecent images on that website, claiming that this is your website because they can create a lookalike domain name. And they did that. So what do you do? And that domain name is in search engines and in site engine optimization, distributing across the world. And they go distribute it through social media and they have these engines to do that. So what do you do?

Speaker 2: 45:51

You have to devise a technique. We devised a technique called domain casting, by which we block it from the internet. But the blocking is not just browsers, by the way. We came up with that solution in Spannable Solution in 2003. But it's not through browsers only. You have to use other mechanisms. You've got to modify the solution. In other words, when you are solving a problem today as a white hat or a vendor, you'll have to solve the problem, by which it can scale over time and change and get modified. Today, everybody's speaking in terms of AI and they're lodging all these out there. You must then have an AI solution that detects these threats and able to detect, analyze and mitigate. You must do all four steps. If you don't, you're in in trouble. If you notice what companies, most platforms they have detect, analyze, and that's it the mitigation part. They say, as I said earlier, if you don't buy my products, I can't block it. No, the mitigation has to be comprehensive and it has to be agnostic to vendors or solution providers, otherwise it won't work.

Speaker 1: 47:10

Yeah, that is really interesting, you know, like how this still isn't really even thought about. And like to your point right where the CTO was saying, well, can't we just erase it? Yeah, I mean, it's like, you know, these criminal organizations, they also have an integrity that they have to abide by. You know, imagine if one of these criminal organizations went and broke their integrity and decided to, you know, erase your data on their forum, on their site, you know, to keep it from other criminals. I mean, it's like, yeah, what they did was wrong, but they're not going to breach their own integrity.

Speaker 2: 47:55

Yes, if you notice what is happening, mark Warner, the head of the investigation committee for cybercrime, had sent letters to several registrars, big names, and you can see. By the way, you can search it online. I'm not going to mention those names because it's improper to mention companies.

Speaker 1: 48:16

I don't want to get sued today.

Speaker 2: 48:17

Yeah, and it's not the right way to do it. We are respectful and we think everyone is trying to do a good job, but sometimes loose security controls get you in trouble. Trying to do a good job, but sometimes loose security controls get you in trouble. And in the letter he mentioned that they're enabling cyber criminals to launch attacks from these platforms. So think about it. If you are a company that, let's say, somewhere in the Baltics, in, let's say, poland, and say that company is a rogue company, and say that company is a rogue company, a web hosting company offering email services, blah, blah, blah, et cetera they're offering it at no cost. Most people are going to use that solution and now they are reading your email, they know everything about that particular company or individual, and then they will launch the attack, they will block it. And then what are you going to do? Well, okay, they closed it to anyone who had information over there. You may have copied it somewhere else, but the actual service can be blocked. So the trick here is you have to check who you are providing your information to, whether you are enterprise level or an individual level. Now let me just share with you some data and this is important data In 2004,.

Speaker 2: 49:37

Pii data just normal data that were hijacked. They were stolen. National public data 1.3 billion individuals lost their information. Tnt 110 million individuals this is not, I'm not zooming on them, I'm just giving you this. By the way, these metrics and stats are online. United Health 100 million people are losing information due to a breach and, unfortunately, the breaches are severe, very serious. Pii data is everywhere and that's what you need to do as an individual. You need to protect it at your house. Do not just use a router, don't just log in to your router provided by your ISP. Put some more mechanism local firewalls on the machines, use a decent proxy services, parental controls over where the kids go. Social media cannot be just. I will provide any data just because I have nothing to hide. No, no, this is part of the teachings that we have to employ with our children.

Speaker 2: 50:51

Scams are everywhere. I heard of a scam that's really frightening, by which they have called the parents. First of all, they went after the child and they kidnapped the child not full-fledged kidnapping that she held them hostage for a while and took their phone and this is a true. I heard it in a conference earlier this year Took the phone, that mobile device of that child and called his parents and told them if you don't pay that ransom, we're going to hurt the child. Now you'll say wait a minute. How could this happen in the United States? Well, it did happen, but it's not the true. We're going to hold them for several weeks. No, it's just a quick scam. A quick scam and the parents had to provide because they went in social media. They frightened the parents. The parents couldn't do anything.

Speaker 2: 51:53

There are other scams, by which, in fact, I heard on a podcast two days ago, one of the crypto owners was kidnapped so that he will divulge his password for his Bitcoin account. I mean, things are getting out of whack because people are providing so much information about themselves. Well, who told these people that he or she has that individual? It was a he. He has a great big account and I think it's in Bitcoin. Who told him he did? He was talking about it. Don't talk about it on social media. Keep your information as private as possible. Share what you need to share with control.

Speaker 1: 52:36

Yeah, yeah, absolutely. Well, you know we're at the top of our time here, unfortunately, but it's been a fascinating conversation. I'd love to have you back on sometime. I'd love conversation. I'd love to have you back on sometime.

Speaker 2: 52:48

I'd love to. I'd love to Joe Anytime, please. I'd love to talk about this. As you know, I have a major passion. This is what I do for a living and I enjoy it. Attack service management is something that, in fact, if you look at my LinkedIn profile, you'll see it's my passion, it really is, and AI now is going to take this whole game not only to another level. To keep up with it, you got to get dedication, it's true dedication. This is not about reading one article or two. Either you're in it or you're going to be out of this game, because these cyber criminals are really, really focused on the soft targets of enterprises as well as individuals.

Speaker 1: 53:33

Yeah, yeah, absolutely. Well, you know before I let you go, how about you tell my audience you know where they could find you if they want to reach out and connect and where they could find your company?

Speaker 2: 53:44

Yeah, sure, my name is Ihab Shraim, i-h-a-b dot Shraim at CSCglobalcom. Drop me an email. I'll be more than happy to help your corporation or enterprise. We also do pro bono work for certain agencies and we help our government. We provide research and investigations. We're very strong in the sense of managing corporate domain name portfolios globally we're the largest, by the way. We grew it over time and we have built that cybersecurity solution to protect the domain name portfolios of enterprises and we have one of the strongest actionable global intelligent enforcement in the world. And this is all proprietary solutions that we have devised ourselves, patentable solutions, and we possess a lot of patents. This team has been working on this problem, which is outside the firewall, since 2003. We don't let go. We all like it, we love it. This is what we enjoy to do on a daily basis, and you can find me on LinkedIn at Ehab Shraim. Drop me a note, we can connect and I will be more than glad to help out.

Speaker 1: 55:00

Awesome. Well, thanks everyone. I hope you enjoyed this episode.

Speaker 2: 55:05

Thank you very much.

People on this episode

Joe South

Host