This episode, we’re joined by Ford Merrill, Senior Director of Research and Innovation at SEC Alliance, to discuss the evolution and sophistication of Phishing as a Service (PhaaS).Merrill shares from his 11 years of experience working on security research in primarily the areas of phishing and DDoS botnets. In the episode, he talks about the shift from Russian to Chinese-speaking operators, who the developers of advanced kits like Darcula and Lighthouse are, and who actually uses them to impersonate brands for financial gain.Merrill also outlines a complex ecosystem with supporting technologies and roles involving spammers, data brokers, and money launderers. He also shares what thinks needs to be done to respond this problem, and where he sees rays of hope already.Related resources:If you haven’t listened to our series on Darcula, a phishing-as-a-service operation targeting victims globally, check out episode 137 and 138 to hear Robby’s interview with mnemonic's security researchers Erlend Leiknes and Harrison Sand about the findings from their technical investigation into the phishing kit platform Magic Cat. And hear how this story progressed as Robby interviews investigative journalist Martin Gundersen from the Norwegian media agency NRK.Send us a text
--------
50:23
--------
50:23
Agentic
We´re back from Summer break! To kick things off, we’re excited to have Armin Buescher and Einar Oftedal from RSAC join Robby for a dive into the most talked-about topic at this year’s RSA Conference: the emergence of agentic AI.Agentic AI, the way they define it, are agents that complete tasks acting on behalf of a user. Unlike the traditional LLM experience, where the agent is relying on human prompts, agentic AI is designed to plan, decide, and act on their own within set goals - instead of waiting for instructions.During their conversation with Robby, they cover what agentic AI means for different domains within cyber, how it is being utilised, and the challenges of implementing agentic AI.They also talk about the importance of human oversight, why decision-makers need to stay educated, and the biggest buzzwords when it comes to agentic AI.Send us a text
--------
56:19
--------
56:19
Proofing for Quantum
In this episode, we’ll explore what quantum computing might mean for the world of security in the future, and the concrete measures the banking sector is taking to prepare for it.Robby is joined by Ulf Larsson, Security CTO at the SEB Group, a leading financial services group in the Nordics, to discuss the work he’s been doing on the potential impact quantum computing will have on his sector, what it can do with our ability to protect data, and preparing his bank to be quantum safe by 2030.They discuss the concrete tasks security teams have in front of them already now, how banks are working together to secure the financial eco-system, and the ongoing development within this field by tech companies and consultancies. Send us a text
--------
27:49
--------
27:49
Magic Cat (Part 1)
Magic Cat (part 1) with security researchers Erlend Leiknes and Harrison Sand Darcula is a phishing-as-a-service operation targeting victims globally. Over the past 1.5 years, mnemonic researchers and an international investigative reporting team have been looking into the technology, operations and individuals connected to this crime group.In this episode, Robby speaks with mnemonic's Erlend Leiknes and Harrison Sand about the findings from their technical investigation, offering a rare look behind the scenes of this global phishing-as-a-service operation utilising the phishing kit Magic Cat.The research unveils hundreds of thousands of victims spanning the globe, unique technical insight into the software enabling hundreds of criminal subscribers, and a glimpse into the flashy lifestyle of the operators.This podcast was recorded in April, but on May 4th, Norwegian media agency NRK, together with French Le Monde and German BR released the first of their multi-part global investigation into the prominent people behind the phishing operation. The investigation brings them to Thailand, where they attempt to confront Darcula, and learn more about the inner workings of the scam central.Listen to Part 2 to hear how this story progresses as Robby interviews investigative journalist Martin Gundersen from NRK.- mnemonic's technical blog about Magic Cat: https://www.mnemonic.io/resources/blog/exposing-darcula-a-rare-look-behind-the-scenes-of-a-global-phishing-as-a-service-operation/- Inside the Scam Network at NRK: https://www.nrk.no/dokumentar/xl/inside-the-scam-network-1.17399135- The Hunt for Darcula at NRK: https://www.nrk.no/dokumentar/xl/the-hunt-for-darcula-1.17399157 Send us a text
--------
1:01:54
--------
1:01:54
Magic Cat (Part 2)
Magic Cat (part 2) with investigative journalist Martin GundersenThis is the second part of our series about our investigation into Darcula, a phishing-as-a-service operation targeting victims globally, and the phishing kit platform Magic Cat. Over a period of 1,5 years, mnemonic researchers and an international investigative reporting team from the Norwegian media agency NRK, together with French Le Monde and German BR, looked into the technology, operations and individuals connected to this scam network.The findings offer a rare look behind the scenes of this global phishing-as-a-service operation utilising Magic Cat. The research unveils hundreds of thousands of victims spanning the globe, unique technical insight into the software enabling hundreds of criminal subscribers, and a glimpse into the flashy lifestyle of the operators.In this episode, Robby talks with Martin Gundersen from NRK about how they worked on this investigation, and what happened when they travelled to Thailand to confront the people behind the scam network.If you haven’t listened to Part 1 of this series yet, check out episode 137 to hear Robby’s interview with mnemonic's security researchers Erlend Leiknes and Harrison Sand about the findings from their technical investigation into Magic Cat.mnemonic's technical blog about Magic Cat: https://www.mnemonic.io/resources/blog/exposing-darcula-a-rare-look-behind-the-scenes-of-a-global-phishing-as-a-service-operation/Inside the Scam Network at NRK: https://www.nrk.no/dokumentar/xl/inside-the-scam-network-1.17399135The Hunt for Darcula at NRK: https://www.nrk.no/dokumentar/xl/the-hunt-for-darcula-1.17399157Send us a text
The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
South Africa