Revisiting Cybersecurity Trends with Max Heinemeyer

Max Heinemeyer

Max Heinemeyer

It’s been two years since cybersecurity expert Max Heinemeyer first joined the show to discuss trends in cybersecurity. In this update, Don and Max discuss the people and organizations behind the hacks that have recently devastated companies, our infrastructure and governments. They also discuss current cyberthreats and vulnerabilities, and how joint efforts between government and the private sector can help protect citizens all over the world against cybercrime.

Max is a cybersecurity expert specializing in network monitoring and offensive security. At Darktrace, Max works with strategic customers to help them investigate and respond to threats, and he oversees the cybersecurity analyst team in Darktrace’s Cambridge, U.K., headquarters. Max has extensive experience as a white hat hacker in addition to his membership to the German Chaos Computer Club.


Resources From This Episode

Follow Max on Twitter

Connect with Max on LinkedIn

Visit the Darktrace website

Connect with Don on LinkedIn

Follow Don on Twitter


Read the Transcript:

Don MacPherson:

Hi, this is Don MacPherson, your host of 12 Geniuses. It's just been two years since I first talked with cyber security expert Max Heinemeyer. In that time, the profile of his industry has been significantly elevated. In this update, I wanted to learn more about the people and organizations behind the hacks that have recently devastated companies, our infrastructure, and governments. This episode of 12 Geniuses is sponsored by the Think2Perform Research Institute, an organization committed to advancing moral, purposeful, and emotionally intelligent leadership.

Max, welcome back to 12 Geniuses.


Max Heinemeyer:

Hey, thanks for having me, Don. Much appreciated.

Don MacPherson:

We first talked just over two years ago. Can you briefly describe what has happened in the cybersecurity space since then?

Max Heinemeyer:

So much has happened on all fronts, Don. Two years is like 20 years in other industries, I would say, here in cyber. First and foremost, I suppose, Darktrace has grown like crazy. We went public, which is a huge milestone for us. But I guess, more interestingly for our audience here is, how much has changed on the attacker side. How cyber attacks have become fast and furious, and much more damaging than they used to be two years ago. We've seen a big trend towards more ransomware, faster attacks, more automation, nobody being too small or too insignificant to be hit. So, there's been a lot going on from every direction, every angle.

Don MacPherson:

When you say nobody is too small to be hit, are you talking about individuals or companies? What do you mean by that?

Max Heinemeyer:

I'm mostly talking about organizations. So, if you ask me the same question as you did two years ago, I would most probably say, "Oh, it's big companies, where everybody knows they've got money. You can extort a ransom, and you can sell their data." These days, attackers don't just go off for the big, obvious, popular targets. They do their research, they do their homework. So they find out, oh, that's a medium business in the middle of Germany, they don't have a huge public profile. But they do have money. So I might go after them. I'm going to encrypt all the data. I'm going to steal all the data and hold them to ransom. And you can exchange Germany here with any country in the world. So there's been a lot of professionalization, if you want, in the cyber crime space. The attackers have stepped up their game, and go after anybody who they think they can extort money from.

Don MacPherson:

How have these attacks increased in terms of numbers? Do you have any data on that?

Max Heinemeyer:

Just from anecdotal feedback, and looking at mainstream media, and what we see internally here, it's a huge increase across the board. Any type of attack. But a particular focus on ransomware, which is huge in today's media, of course, with the Colonial Pipeline attack and the beef producers. And ransomware, as we know, is when somebody hacks into your system, encrypts all the data, so you can't access it anymore, but also steals it and threatens to release it publicly. So all your dirty laundry. All your intellectual property is out in the open. And tries to get money from you. And we've seen a particular rise in these type of attacks. Not just in number, but also in how they're being conducted, and how they get in.

Don MacPherson:

The data that they would be releasing out into the open. What's the nature of the data? Is it emails? Is it client data, employee data, all of the above?

Max Heinemeyer:

That has also changed. So, two years ago, I would've said it was maybe your emails, maybe your core database. In technical terms, a few gigabytes, a treasure trove of data. These days, it's all of the above. What you said. The attackers get everything. All of the email history for the whole organization. They get all your customer information. They got all your employees' information. They get your intellectual property. If you're currently very popular in mainstream media, if you're a software development house, maybe a video games company, they take your source code. Your core business value. And put it up for sale on the internet. So, that has increased massively. Not just what kind of data they're taking, but also how much data that they're taking. So they've become much bolder these days.

Don MacPherson:

You mentioned the Colonial Pipeline and the JBS attacks, here in the US. These have attracted a lot of attention. Can you talk about some of the other recent higher profile attacks, outside the US?

Max Heinemeyer:

There are two coming to mind. One is called the Solar Winds attack, which we call a supply chain attack in the industry. That's where a software company got hacked, and, like poisoning a well, the attackers hacked into their software and poisoned the software. So every downstream customer that used that software, thousands of organizations, got subsequently infected. And that's a very clever way to hack into many, many companies, with basically hacking the supply chain. And that has a massive impact. So, the industry is still recovering, and trying to wrap their heads around how to prevent the next big supply chain attack. We have seen attacks against COVID vaccination companies. So, companies tasked with delivering COVID vaccinations, the logistics companies that get completely crippled, can't do the operations anymore. We've seen hospitals being hit. We've seen small utility companies being hit. So, it feels like it's everywhere at the moment.

Don MacPherson:

I think a lot of people who haven't been following this space are waking up to realize how vulnerable we are. And I say we, I don't mean just the United States, but the world. Vulnerable to cybersecurity breaches. Could you talk about some of the legitimate vulnerabilities that we do have? And I'm thinking about big sectors, like energy, or banking, or other things like that.

Max Heinemeyer:

Generally speaking, I'd say the situation is improving from many angles. Cybersecurity is multi-pronged problem, right? You never going to solve it with tech, or just government, or new policies, or more budget. And there's a lot of movement in all these spaces happening. Today's IT systems are just too complex for humans to grasp. Where does your network start? Where does it end? How does your supply chain look like? What about your software servers inlays? Where do your suppliers come in from? What was the new acquisition you just brought in? Most companies kind of understand the traditional data center perimeter. What's happening there. But in today's landscape, in today's digital environment, it is just too complex for human teams to grasp. So, you asked about specific vulnerabilities, and this is core of the problem. It is too complex for humans to solve. We struggled with this, 10, 15 years ago, and now we've dialed the dial to 11 or 12. And complexity has just exploded in the last 10 years or so. And we can't get hold of this, and just control the situation by throwing more humans at the problem. It doesn't work.

Don MacPherson:

I still think that people are unaware of exactly where these pinpoints could hit, and what could happen to our transportation, or to our banking, or these different parts of our economy, and the way that we live. Colonial was, I think, really eye-opening for a lot of people, because they're just thinking, well, it's just oil flowing through a pipeline. How is this going to be disrupted by a group in Russia, or someplace else that we we've never even heard of before? It's not just limited to that industry. It's many of these different industries.

Max Heinemeyer:

Yeah. If we think about the impact for a second, then our eyes should pop open. Like you said, the US folks have woken up to the ransomware issue, or the cyber security issue, with Colonial and the beef producers. But it has an impact on everyday life. Think about maybe your kids, if you've got kids. Or think about other situations, where you run a municipality, or school or university, and you just can't learn in these remote times, you can't access your systems. And your kids can't go to school. They stay at home, you have to teach them. That has a massive impact on most people's mental health. How to deal with that, how busy they are. So cyber is everywhere these days. And the impact can be, as we've seen with the Colonial Pipeline, very easily felt, in terms of warmth, or oil and gas. We have to keep in mind that every aspect of our lives is digital these days. So, any attacker could be clever enough to go into it.


Don MacPherson:

So, what's the solution? How can companies and governments prepare to thwart these threats?

Max Heinemeyer:

Cyber security can't be solved by single entity. It's a global problem, and you can't just say the government or the private sector to solve it. So we see a lot of positive movement. On the one hand, we see governments moving forward. In the US with executive orders, more budget policies being pushed through the Senate. So, government is waking up. And enabling companies with more budget, better regulations. But also law enforcement is getting more power to hunt down these bad guys, and shut them down. That is incredibly important.

At the same time, we see the private sector, where Darktrace sits as well, wake up and do much more, get good technology out, to solve that complexity issue. So, the governments are waking up, hunting down the bad guys, putting up better regulations. The private sector is getting better at adopting cutting edge technology, like Darktrace, for example, to help with this problem, where you cannot predefine. You can't tell where tomorrow's attack is going to hit you from. So, there's multi-pronged solutions coming all sides. And it actually looks more positive than many years ago. Even better than last year. Partially because we have these wake up calls, like Colonial. But partially also because cyber has gained so much momentum, and is now getting better and better, every single day.

Don MacPherson:

You talked about law enforcement. Are they able to hold people accountable in different countries? How is that working out?

Max Heinemeyer:

It is a problem of these attackers often sitting in multiple countries. Sometimes there's no extradition rules. And it is really difficult for national law enforcement to get hold of the bad guys and bad girls, in different countries across the world. So often these are huge multinational efforts, where law enforcement across different organizations, across different nations, have to work together with private sector to get the full perspective, and get the bad guys. There was a recent case, for your listeners, maybe interesting to read up on, of the Emotet botnet being taken down by a multinational law enforcement effort. So, one of the most notorious botnets in the world, called Emotet, has been taken down. The plug has been pulled. And it hasn't recovered since. But that was one of many, really an outstanding law enforcement action.

And the problem is, as you say, often, a single national law enforcement entity can't access the IT servers, where the bad guys might host their stuff in another country. Maybe that hosting is redirected to yet another country, and the person using the data in that third country is actually logging in from yet another country. And as a law enforcement officer, you have to go through all the jurisdictions, and that can be extremely tedious, and a lot of red tape.

Don MacPherson:

What has working from home, as a result of the pandemic, done, in terms of individual and organizational vulnerability?


Max Heinemeyer:

Working from home, and the pandemic, has really shifted the game, in terms of cyber. When the pandemic hit, we saw a huge increase in phishing attacks related to COVID. Almost overnight. We call it fearware. Where we've seen a lot of topical phishing coming in, saying things like, "Click on this link and see in your neighborhood who's been infected with COVID." And people are extremely curious. And of course they click the link, and they get infected. So we've seen change in tactics and procedures, but also a huge rise in the number of attacks against people.


COVID has also opened up a lot of organizations to more vulnerability. IT staff has been cut short. Has been furloughed. All of a sudden existing IT has to make remote work work, right? They have to spin up all these solutions, and VPNs, and Teams and everything. And often it's been done on a dime and a nickel, and maybe rushed out in the last minute. So security has been an afterthought. Which means that security teams and IT teams are overstretched. They don't have enough budget. Security is sometimes an afterthought. And it has really led to organizations being more vulnerable than before.

Interestingly, we're going to see the same problem in a few weeks time, across the globe, or a few months, with people going back into the office, right? Things change again. You have to close down these solutions gracefully. You have to decommission systems. You might have to take some of the remote solutions away from people again. And it all comes back to the same thing, though. It's about complexity and change, right? The pandemic hit. People work from home. IT systems change. You have to adapt your security. It's very complex and difficult. People go back to the office, or you run a hybrid system, and it's very complex again, and different. And you know what? Who knows what next year's going to look like? More moving to the cloud, more on premise, who knows. So, it always comes back to this idea of change and complexity. Which humans are not really good at adapting with. So that's why we drive so much towards more artificial intelligence, and let the machines do the heavy lifting instead of throwing more humans at the problem.

Don MacPherson:

Could you talk about the importance of space, and how allowing companies and governments access to space relates to our infrastructure, and relates to cybersecurity?

Max Heinemeyer:

Space is extremely important for most nations. It's critical national infrastructure. And therefore also a hotbed of potential cyber crimes. We know that many nation states use cyber as a means of conducting their geopolitical business, of conducting influence. And of course, getting influence in space, in space research, in space resources, and space exploration, is very important too many big countries. So it only makes sense that cyber, for the space industry, is becoming increasingly important. And many people might think of satellites, or things flying in space, and space shuttles. But there's also a very mundane aspect of cybersecurity for space, which is all the ground-based infrastructure, where you launched your shuttle, where you do your research. Where you calculate the maths to fly to Mars, or Venus. So, a lot of that needs to be secured.

Imagine somebody hacks into a ground-based space exploration center, where the calculations are being done to fly a shuttle to Mars. And the malicious actor doesn't just encrypt the system or steal the data, but they change a bit. They change a few of those calculations. So you can't trust the data anymore. And that space shuttle, or that satellite that goes out in space for two years to Mars, all of a sudden has a problem in their calculations. Maybe the fuel is not enough. Maybe it's slightly off course. So there's a lot of damage that can be dealt via cyber security. Via cyber means. Actually, the first cyber crime in space has been committed, I think last year. I think, if I recall correctly, an astronaut had been hacking into their spouse's bank account from space. So, turn it as you want, but the first cyber crime in space has been committed.

Don MacPherson:

I was doing some research on this topic, and the US Department of Defense has a budget of about $750 billion. It's a little bit more than that, I think. And only 10 billion of that is spent on cyber security. Which is really quite amazing to me, when you think about where we're going, and where our true vulnerabilities are. Are other countries investing appropriately in cybersecurity, in your opinion?

Max Heinemeyer:

It really depends on the country. Some countries are much more practiced in investing into technology, I would say, in general. What comes to my mind is China's investment into AI. China sees AI, space, and cyber, as some of the leading military applications. And they're heavily investing into research in that area. I don't know how that stacks up against the US at the moment, but it comes to mind, because that's an intersection that Darktrace is very concerned about. AI, space, cyber, and military, of course.

So, current budgets in those countries have not been enough. Wake up calls, like we've seen with Colonial and the beef producers, have been necessary, unfortunately, and countries are ramping up the budgets. And it always depends on where this budget is spent. Often it is spent, unfortunately, in offensive cyber means. Many countries focus on how to better attack other nations, and how to preempt attacks. And that can be a dangerous escalatory spiral. And we think that a much better position would be defensive superiority. Instead of trying to become the better hackers, and deter people by flexing your cyber muscles, you should focus on preventing cyber attacks, and detecting them and responding to them, in your own countries, creating the national infrastructure. That is going to determine the battlefield of tomorrow, and that is going to determine who comes out of this arms race ahead.

Don MacPherson:

Could you talk about what the cost of ransomware attacks are, or have been, globally?

Max Heinemeyer:

Yeah. Actually, the cost of ransomware attacks globally has doubled every year since 2015 to 20 billion nowadays, in 2020. And that's according to Marsh, one of the leading global insurance conglomerates, that do a lot of research on this topic. So, we also see, globally, that there will be a ransomware attack on businesses every 11 seconds in 2021. Which is another stat by Cybersecurity Ventures from 2020. So it is really a heating area that nobody can use the ostrich approach, and shy away from to try and defend themselves.

Don MacPherson:

Max, as always, this has been fascinating. Thank you for your time, and thank you for being a genius.

Max Heinemeyer:

Anytime, Don. Thanks for having. Appreciate it.

Don MacPherson:

Thanks for listening to 12 Geniuses. During next week's interview, we're going to discuss the topic of trust, with Alvaro Marquez. He is going to help us understand how the pandemic has influenced the way we trust governments, our institutions, and even other people. That episode will be released July 20th, 2021. Thanks for listening, and thank you for being a genius.