It’s a Digital Transformers takeover of the Supply Chain Buzz for November 15, in partnership with TNS – and with good reason! According to cybersecurity firm Kaspersky, DDoS attacks have increased by 24% in the past year, while smart DDoS attacks increased by 31%. That’s a big problem for supply chains big and small, particularly as digital transformation efforts widen the network of third-party providers and IoT endpoints (that double nicely as attack vectors). In this livestream, co-hosts Scott and Kevin tackle the topic of cybersecurity with a little help from featured guest Richard Hummel, Manager of Threat Intelligence at NETSCOUT. Join this dynamic trio as they break down the increasing speed and bandwidth of DDos attacks, new, more targeted ransomware strategies, the intricate web of entities impacted by supply chain vulnerabilities – and the shift to manufacturing firms as the latest target of cyber attacks. You’ll learn new terms like “honeypot,” get actionable strategies for safeguarding your network – and find out how you can get timely updates on the threat landscape from NETSCOUT.

Intro/Outro (00:00:03):

Welcome to Supply Chain Now, the voice of global supply chain. Supply Chain Now focuses on the best in the business for our worldwide audience, the people, the technologies, the best practices, and today’s critical issues, the challenges, and opportunities. Stay tuned to hear from those making global business happen right here on Supply Chain Now.

Scott Luton (00:00:30):

Hey, hey, good morning. Scott Luton and Kevin L. Jackson with you here on Supply Chain Now. Welcome to today’s livestream. It’s a Digital Transformers takeover. Kevin, how you doing?

Kevin L. Jackson (00:00:42):

Yes. I’m doing great. Happy Monday, everyone. The third Monday in the month. This is Digital Transformers time.

Scott Luton (00:00:50):

Well, you know what? We’re going to raise the stakes a little bit more, Kevin, because not only is this the Digital Transformers takeover, but it is your 27th birthday. Happy birthday, Kevin!

Kevin L. Jackson (00:01:02):

You know what? This isn’t like the [inaudible] for 27. I love it. I love it. I don’t want anything. Thank you. Thank you very much. And, I appreciate all the well wishes. I tell you my stream on LinkedIn and Twitter and WhatsApp and Facebook just blew up this morning, starting like, you know, a minute after midnight. It was amazing. And, actually my daughter, her birthday is November 14th. So, yesterday was her birthday and she lives down in Virginia Beach and she drove up here with her fiancé and surprised us yesterday morning. I want to spend my birthday with my dad. So, that was really [inaudible]. It has been a good weekend.

Scott Luton (00:01:53):

Outstanding, well, as it should be, so happy birthday. We’ll celebrate with you a little later on today, perhaps. But, again, it’s all about Digital Transformers today. We have a big guest. We’ve got Richard Hummel, manager of Threat Intelligence with NetScout. So, buckle up and get ready because beyond what we’re going to be sharing a lot of it rotating around cyber security, really across global business and a lot more. But, hey, we want to hear from you too, right, Kevin?

Kevin L. Jackson (00:02:20):

Yeah. Absolutely. One of the things that we have all experienced over the past year is this transition into the virtual world and everybody working from home and that’s been a boom for the mal actors out there. They have an attacked us at home, attacked our networks. And, Richard and his team really can help us out there, especially in supply chain. You’ll be amazed at – this is really the soft underbelly of every enterprise is their cyber defense of this supply chain.

Scott Luton (00:03:01):

That’s a great point. You know, the European Union predicted a four-fold increase in supply chain cyberattacks this year. So, they’re going to tell them what is in store for next year. We’re going to talk about some of those things here today. So, buckle up and get ready.

Scott Luton (00:03:16):

Hey, we’re going to share a couple of quick announcements and then we’re going to share some of the folks that have already been logging in and contributing in the skyboxes. Folks, we want to hear your comments here today as we get ready for this Digital Transformers take over discussion of The Buzz.

Scott Luton (00:03:30):

But – all right. So, Kevin, last Friday, we had a livestream with our dear friends at Esker, right, Esker as being part of the Digital Transformers Community. Well, Chad had joined us and as we were parting the department platform. “Hey, Chad, what you got going on tonight?” He goes, “I’m going to take my wife out for a steak and an adult beverage.” I said, “Wait, Chad, if you don’t send the picture, it didn’t happen.” And he obliged.

Kevin L. Jackson (00:03:54):

Oh, that’s the future.

Scott Luton (00:03:55):

So that is out in Denver. Look at that gorgeous sky. It looked like they might have a little storm coming up. But, Chad, hopefully you enjoyed a wonderful time drinking good beer and eating a good steak with your wife. So great to have you with us last week. Kevin, did you have a chance to get a good meal in over the weekend?

Kevin L. Jackson (00:04:16):

You know what? Absolutely. I went to Chris – Ruth’s Chris Steakhouse. Oh, god. You know, that’s like, it just melted in my mouth. And it was one of the first times, you know, that I’ve been able to go out to a, you know, a real restaurant that have ordering stuff in there every day. And, the place was crowded. It was, you know, packed. But, you know, things are trying to get back to normal.

Scott Luton (00:04:44):

That’s right. So you kind of pre-celebrated your birthday a little bit. Is that right?

Kevin L. Jackson (00:04:48):

Yeah. Yeah. A little bit.

Scott Luton (00:04:50):

All right. Love that. Ruth’s Chris is a good, good place to eat. Great steak. All right. One other thing, really quick, before we say hello to a few folks, is join us this Thursday. So, cloud native TMS, right, in this world of disruption when it comes to supply chain and freight and moving stuff. Well, join us with our friends at Manhattan Associates as we talk about why supply chain is a team sport. So, the link to join us for this free webinar should be in the show notes. And that’s going to be this Thursday at 12 noon Eastern Time. Kevin, old Greg is going to join us and may be from the coast. There might be some seagulls in the background. There might – there may be –

Kevin L. Jackson (00:05:31):

[Inaudible] That man is on a different level now. [Inaudible] he’s – you know, when you exit, you’d become a God.

Scott Luton (00:05:42):

So, what Kevin’s talking about is of course Blue Ridge, the company that Greg founded, was acquired by a private equity company in the last couple of months. So, that’s created a ton of work and, you know, plus Greg should be able to kick his feet back a couple of times, right? That’s not a bad thing, is it, Kevin?

Kevin L. Jackson (00:06:01):

Yeah. Absolutely.

Scott Luton (00:06:04):

Well, hey, so join us this Thursday. But, hey, we got to switch over and say hello to a few folks that have joined us here today. Hiren is tuned in via LinkedIn. He says, “Happy birthday, Kevin.”

Kevin L. Jackson (00:06:15):

Thank you. Thank you.

Scott Luton (00:06:17):

Hiran, let us know what part of the world that you are at. We’d love to connect dots there. Adam. He’s listening in from Canada via LinkedIn. “Happy birthday, Kevin, my fellow scorpion.”

Kevin L. Jackson (00:06:27):

Scorpionos. Yes.

Scott Luton (00:06:30):

Ashley’s tuned in via LinkedIn from Arizona. So, great to see you, Ashley. Chicku is tuned in from Arizona as well, via LinkedIn, says birthday wishes, Kevin.

Kevin L. Jackson (00:06:42):

Absolutely.

Scott Luton (00:06:42):

Gene. Gene Pledger. Now, if you know Gene, Gene’s been a part of some previous episodes. Well, in fact, Gene shared some pictures of a steak meal he had up in Chicago. I meant to grab those earlier. But he is tuned in from Northern Alabama. Gene. Kevin, I want to say you grew up – you spent some of your upbringing in Alabama, right?

Kevin L. Jackson (00:07:05):

We’re not Alabama, actually Mississippi. I was on the golf coast.

Scott Luton (00:07:08):

Mississippi.

Kevin L. Jackson (00:07:09):

Yeah. In a golf court in Biloxi. So, I’m more familiar with LA.

Scott Luton (00:07:19):

Mohib is tuned in, of course, from Wichita, the air capital of the world, via LinkedIn. Mohib, great to see you here today. I’ve really enjoyed your contributions here lately. Hiren. He’s answering my question. London.

Kevin L. Jackson (00:07:31):

That’s the rarest place. Sunny London.

Scott Luton (00:07:35):

Sunny London .That’s right. Esther is tuned in via YouTube. “Happy birthday, Kevin.”

Kevin L. Jackson (00:07:41):

Thank you.

Scott Luton (00:07:41):

Thank you for that, Esther. And, finally, Vincent is tuned in from France via LinkedIn. And, it’s getting – I wonder what time – it’s probably, what, 8:00 PM there depending where he is.

Kevin L. Jackson (00:07:53):

Yeah. [Inaudible] difference six or seven hours. Yeah. [Inaudible] changed clock so I’m not sure if it’s five or six hours.

Scott Luton (00:08:00):

I don’t know who’s coming or going with these daylight savings and reversals. But, Vincent, thank you for spending a portion of your evening with us. Kelly Barner’s tuned in. Happy birthday to Kevin, of course –

Kevin L. Jackson (00:08:10):

Hey, Kelly. [Inaudible]

Scott Luton (00:08:15):

So, Kelly of course leads our Dial P for Procurement programming here at Supply Chain Now. So, I hope this finds you well, Kelly. Madhav is tuned in from Marlborough, Massachusetts, up there near where Kelly is. And then, one final one here, Fred Tolbert. You know who Fred Tolbert is, Kevin?

Kevin L. Jackson (00:08:34):

He’s been on the stream a lot. Where is he? Where is he?

Scott Luton (00:08:38):

Well, he’s in the Atlanta area. I think he’s out here near where we are, but he is the Doc Holliday of supply chain. He tells it like it is. You don’t want to miss with the Huckleberry Fred Tolbert.

Kevin L. Jackson (00:08:48):

I’d like to meet him next time I’m down there.

Scott Luton (00:08:50):

That’s right. And, Fred, we enjoyed – I hadn’t seen the replay yet, but it looks like you had a conversation with you and Karin Bursa. So, thanks for all you do with the next generation of supply chain talent. Okay. Kevin –

Kevin L. Jackson (00:09:02):

It’s 6:08 in France.

Scott Luton (00:09:03):

6:08 in French, France. 6:08. Well, are you ready, Kevin?

Kevin L. Jackson (00:09:08):

Yes.

Scott Luton (00:09:09):

We’ve got a rock and roll star with us here today. Are you ready to bring in our featured guest?

Kevin L. Jackson (00:09:14):

Can’t wait.

Scott Luton (00:09:16):

Let’s do it. I want to introduce and bring into the stream, Richard Hummel, manager of Threat Intelligence with NetScout. Richard, how are we doing?

Richard Hummel (00:09:28):

Good morning, Scott. Good morning, Kevin. I’m doing great. How are you guys? Thanks for having me.

Kevin L. Jackson (00:09:34):

Thank you. Thank you. Where are you today?

Richard Hummel (00:09:35):

I’m coming at you from just south of Washington, DC, in a very cold, starting to be a winter environment. So, it’s – I’m not ready for it. I just got back from Florida from a vacation and I don’t want to deal with the cold.

Kevin L. Jackson (00:09:48):

Yeah. I heard that the snow this year is going to be heavier than the last two years combined.

Richard Hummel (00:09:56):

I have a small driveway. So, there’s a saving grace there.

Scott Luton (00:10:00):

Well, so, I want to – there’s a couple of warm-up questions we want to start with. Right? We’re going to have a little bit fun this morning. And, folks, if you’ve ever been to Disney world, well, go ahead and plant this seed with you. Let us know your favorite business takeaway from the experience down there at Walt Disney World, because Richard Hummel spent last week at Disney World with his family. And, Richard, I’m putting you on the spot. What was your one favorite thing about your most recent trip down?

Richard Hummel (00:10:28):

I think the best one was just how well our two-year old did. He enjoyed everything about it. He found a couple of his favorite rides. It’s a small world and the new Mickey mouse ride. He just wanted to keep doing it over and over again. So, it was fun to see his kind of personality coming out to enjoy those rides. I think, to me, that’s the biggest takeaway as a family.

Scott Luton (00:10:49):

I love that. Love that. And, Kevin, that resonates with both of you, both of us as fathers, right? If the kids –

Kevin L. Jackson (00:10:55):

Yeah, yeah. Absolutely.

Scott Luton (00:10:55):

Man, if the kids are happy, that is worth the price of admission for sure.

Kevin L. Jackson (00:11:00):

But I tell you, two years old, right?

Richard Hummel (00:11:03):

Two years. Yeah.

Kevin L. Jackson (00:11:04):

Well, I wonder – when my son when he was like seven – we went to Disney World when he was like three, right, and then he was like eight or seven or eight or nine and he said you never took me to Disney World. I said –

Richard Hummel (00:11:20):

What a minute.

Kevin L. Jackson (00:11:21):

What do you mean? You had the same thing, right?

Richard Hummel (00:11:25):

Oh, I’m sure. I’m sure.

Kevin L. Jackson (00:11:27):

[Inaudible].

Scott Luton (00:11:29):

Well, these days, of course we, as opposed to my earliest visits, it’s so easy to document, right, document the trip, so lots and lots of pictures. Okay. So, what I want to do, one more kind of fun question. So, Kevin, Richard, if y’all will humor me here because today is clean-out-your-refrigerator day. So, hey, I didn’t know this is a thing, but this idea was born back in 1995. Many folks, it’s not official because folks don’t know exactly where it started, but some folks believe that Whirlpool corporation, the appliance company, started it and then it has gained a little traction ever since. So, the question for you, Richard, I’m going to start with you, question here on clean-out-your-refrigerator day is a simple one. Hey, what is one thing that always gets stuck or hidden in your fridge?

Richard Hummel (00:12:20):

I wouldn’t necessarily say it’s stuck or hidden. I think it’s oversight on both mine and my wife’s point. We both love Asian dishes and every time we get ready to make a new one, do we have fish oil? Or do we have that soy sauce? And inevitably, both of us miss it. And so, when you clean out the refrigerator, suddenly we had three bottles of fish oil and two bottles of soy sauce. For whatever reason, they just get stuck there and they never go away.

Scott Luton (00:12:42):

I love it. So, you’re saying you’re bad inventory managers of your refrigerator?

Richard Hummel (00:12:48):

[Inaudible] refrigerator. Absolutely.

Scott Luton (00:12:49):

All right. So, Kevin, same question. In the Jackson household, what gets lost in the refrigerator?

Kevin L. Jackson (00:12:55):

Well, I’ll tell you. I mean, we do go out to eat quite often and you go out to restaurants and sometimes you get too much food, right? So, you asked [inaudible] bag or the box and you want to take it home. And he said, “Oh, that could be great for lunch tomorrow.” Wrap it up, put it in your refrigerator. And then, three weeks later you figure out, “[inaudible] is in the bag.” And it goes into the trash, so that great food that you’re meant to eat for lunch [inaudible].

Scott Luton (00:13:29):

Happens -happens all the time. And, you know, also with leftovers from restaurants, I bet I’ve left after asking for a box or getting something boxed up, I bet I’ve walked out of a restaurant a thousand times leaving it sitting right there on the table. Right?

Richard Hummel (00:13:43):

Yes.

Scott Luton (00:13:44):

So, it never makes it to my refrigerator. But, nonetheless, I appreciate y’all humoring me on what is clean-out-your-refrigerator day, the 15th of each of November of each year. Okay. So, what I want to do, Kevin and Richard, we’ve got some heavy lifting to get into, some hard-hitting news and developments. You all ready to get started?

Richard Hummel (00:14:04):

Let’s do it.

Kevin L. Jackson (00:14:04):

Yeah. Absolutely. Let’s do it.

Scott Luton (00:14:05):

All right. So, I’m going to pop this up here ’cause I want to talk about the big increase as reported by cybersecurity firm, Kaspersky, is reporting a big increase in smart distributed denial of service attacks. That would be DDoS as Kevin and Richard have trained me up on. So, Kevin, what the heck is DDoS attacks? So, tell us more about the story.

Kevin L. Jackson (00:14:32):

So, first of all, I want to talk about what’s DDoS versus a smart DDoS. So, DDoS is denial of service attack. And traditional DDoS attack is that you flood the connection on the network so it can’t be used. Well, a smart DDoS attack is a targeted attack, right, and it disrupts specific services or many times focused on stealing money, right? So, by the third quarter, be it every record in term of the barely number of DDoS attacks, right? They observed on August 18th there were 8,825 separate attacks with more than 5,000 on both the 21st and 22nd of August. So, the total number of DDoS attacks were up 24% compared to last year. But the smart attacks were up 31% over the same time period. So, these attackers are attacking with purpose. So, these are also profitable. So, the number of these attacks will continue to increase, and they’re always especially high in the year. You can imagine with the holidays and all of the online purchasing and shopping.

Kevin L. Jackson (00:16:11):

But another thing’s kind of interesting is that 80%, 40% to 80% of these attacks were directed at U.S. based resources. And, they will typically send flooding, and maybe Richard could help us with that. But the botnet servers, there’s actually a command and control network that manages these attacks. But most of these servers were in the United States, with 43.4% of them in the United States. The reason I’ll bring that up because people are always thinking other countries are doing that. But most of the bots attacking honeypots operate from China. So, the U.S. and China were sort of the, you know, originators of a lot of these DDoS attacks.

Scott Luton (00:17:09):

So, bots, honeypots. Richard, what else sticks out here to help us through it?

Richard Hummel (00:17:14):

Yeah. So, I mean, there’s a lot to unpack here and kind of where do you start? I mean, how long has DDoS been around? And really since the internet has been a thing, there’s been DDoS, whether incidental DDoS or on purpose or malicious attempts such as trying to extort victims. And the reality is like we have been continually doing this kind of up into the right thing with DDoS.

Richard Hummel (00:17:36):

You know, we published a threat report recently where we talked about record breaking numbers, and in 2020, we saw over 10 million DDoS attacks. In the first half of this year, we’ve seen 5.4 million. And if that trend continues, which Kevin just noted towards the holiday season, we tend to see uptick in surges in DDos attacks. We’re on track to beat 11 million attacks. Now, I bring up these numbers because, you know, Kevin referenced the numbers that we’re seeing in Kaspersky report. They’re talking about 8,000 or whatever. And just to put it into perspective from kind of the global visibility we have, we see about 33,000 attacks per day. And so, there’s a big scale difference here.

Richard Hummel (00:18:14):

Now, let me break that apart and why we see such big differences, and that’s because we’re seeing things from the entire internet perspective. So, a lot of the first and second tier internet service providers provide, you know, statistics to us and anonymous feedback data and actually ascertained to say, “Look, this is the total breadth of DDoS attacks.” Now, when we’re looking at it from like a Kapersky’s angle or various other peers in that space, we’re talking more enterprise related. And so, then when we started getting into the smart DDoS stuff, we’re talking about, well, what’s actually targeting applications or certain services, or maybe a certain server, or maybe it’s something that we rely on. And I know we’re going to get into this later, but VPNs became critical with COVID, right?

Richard Hummel (00:18:54):

And so, now we’re talking about adversaries doing their due diligence, doing their network reconnaissance to figure out what are these critical assets on this network that I want to go after and not just deploying these brute force, you know, sledgehammer methods of the past where – I mean, let’s go back several years when we talk about, you know, Mirai attacks from 2016. You have the Memcached stuff from 2019, which had, you know, 1.7 terabit per second.

Richard Hummel (00:19:20):

So, all of these things, you know, like single vectors, right? One vector that, as soon as it comes out, everybody knows about that. We know how to mitigate those. In fact, now you get a 2 terabit per second attack using some UDP method, which is like a connection list protocol. And, you know, you don’t really feel the impacts of those anymore. Maybe, there’s a little bit of what [inaudible] didn’t see, but, you know – go ahead.

Scott Luton (00:19:40):

So, for the non-technologists that may be tuned in here today, when you talk about those terabytes speeds and vectors, break that down just a little bit more. What’s a standard – when we hear 2 terabyte per second attack? Is that faster than most attacks? Is that about average? Give us some perspective.

Richard Hummel (00:20:00):

There’s two metrics. Yeah. There’s two metrics here and just clarification terabits versus terabytes, different, different metrics. So, the terabit per second, it’s kind of like this new era that we’re in. You know, the media has always sensationalized these really big attacks. And, when we talk about the terabit per second attack, we’re talking about bandwidth, so the total bandwidth of an attack.

Richard Hummel (00:20:18):

Now, there’s also a separate metric we call throughput or speed. How fast is that attack? So, two different things that are very distinct in and of themselves. And even in the past year or so, we’ve had these media articles come out saying we observed the fastest attack on records, something like 865 million packets per second, so on and so forth. Cloudflare or Google came out with something saying 2.4 terabit per second attack in terms of bandwidth.

Richard Hummel (00:20:45):

And so, this is like full saturation. These are all the pipes coming in. This is the aggregate of all of the internet transit occurring during that DDoS attack. Now, maybe it’s all simultaneous, maybe it’s consecutive, but that is the totality of that DDoS attack traffic. And so, that’s what we talked about when we talk about big sizes, the bandwidth, the total aggregate of all the DDoS traffic. Yeah.

Scott Luton (00:21:06):

Go ahead.

Richard Hummel (00:21:07):

I was going to say the thing you want to keep in mind is the point in time that is the highest peak ’cause that’s going to be when things really trigger. And so, we have something – we tried to coin this term. I’m going to put a little, you know – I hope you noticed it. But what we’re just trying to coin this term called the DAC, the DDoS attack coefficient. And what we were looking at is what is the single highest peak of all aggregated DDoS attack traffic for any given internet transit pipe?

Richard Hummel (00:21:37):

And, it didn’t really catch on. So, now we call it the peak, the aggregate peak of all the DDoS attacks. And basically what we’re saying in a given second or given minutes, this is the highest peak that we’ve achieved of concurrent DDoS transit across internet pipe. And we can do this for any size, like ASN CIDR block, geography whether it’s country or region. And so, we can start to look at these things. And, just in that threat report, we’ve got two instances of these, one in Brazil and one in Angola. The one in Brazil reached 2 terabit per second of attack traffic against local internet service provider, cable networks. And we anticipated this is related to gaming, which a lot of DDoS attacks are in the ISP space. The second one was at 1.4, 1.6 terabits of aggregate traffic in a one second interval against a local TV provider, so actually targeting a local TV provider in Angola.

Richard Hummel (00:22:30):

I mean, so we can start to do these things and figure out like, what is the actual impact we have here? Because when we talk about these 2.4 terabits, did Google really feel the impact of that? Probably not because they distributed the attack all over the place and they have the transit capacity to handle that. Now, you’re talking about a small TV provider, maybe in Angola, and they may not be able to handle that saturation over that one-minute intervals and now you’re talking about bandwidth overload in this kind of flooding concept. So, yeah.

Kevin L. Jackson (00:22:59):

Well, I think they covered a really surprising I can see in audience. I mean, how could someone really prepare for something like that? They don’t even then imagine it exists.

Richard Hummel (00:23:12):

Well, you know, the thing is it’s like a lot of these really big attacks. They’re important to understand that they’re happening. But are they as critical as they used to be? And my answer would be immediately no. Why? Because we know how to mitigate these. Most DDoS services out there, protections, mitigation services out there, they understand these attacks. They’ve been happening for many, many years. And the thing with DDoS attacks you have to keep in mind is that there is no regression. There is always moving forward. And an adversary never has to remove a certain attack factor as not working anymore because they just keep adding to it.

Richard Hummel (00:23:50):

In Germany this past year, we saw a single attack leveraging 31 different attack vectors in that one attack. Because what happens is these adversaries, you know, that developed these new methodologies and these new attack vehicles or they find a new protocol that can amplify traffic, and they run these [inaudible] stressor services. They run these botnets and they just keep adding to the toolkit. Why take it away? There’s no reason to because these vectors remain alive essentially forever.

Richard Hummel (00:24:20):

Two years ago, I did a case study to figure out like, you know, do these vectors live? Do they die? What is the cadence at which they did, you know, degrade or increase?

Scott Luton (00:24:28):

Don’t they retire at some point?

Kevin L. Jackson (00:24:31):

They don’t. They really don’t.

Scott Luton (00:24:31):

[Inaudible].

Richard Hummel (00:24:32):

It’s super surprising. So, Memcached is a good example because when it first came out there’s about 35,000 in Memcached servers that could amplify traffic. And when I say amplify, I’m talking a 1 to 52,000 amplification factor, which is just absurd. And that’s how we reached the 1.2 and the 1.7 terabit benchmarks at the time. Well, fast forward to today, and we still see anywhere between 10 to 15,000 of these existing in a while. So, why aren’t we cleaning these up?

Richard Hummel (00:24:58):

The same is true for any other vector out there. And, IoT is a huge proponent of this because the rate at which we’re adding IoT devices to the internet and the networks is increasing at such a rate that we can’t actually secure them from being able to launch these types of attacks. So [inaudible], is it a protocol? ARMS, which is Apple Remote Management Services protocol. Every January, I see a spike in the number of devices that can leverage Apple Remote Management Services an amplification vector. Why is that? Because thousands and tens of thousands of people got new MacBooks for Christmas, and in January, they’re turning these things on and all of a sudden it can be abused now by adversaries.

Richard Hummel (00:25:35):

And so, that’s the nature of this field. It’s like adversaries are continually adding to this, which contributes to that smart DDoS that Kaspersky is talking about here, right? Because it all adds to this complexity. In these other statistics, they’re spot on with regards to like C&C servers and botnet traffic attacking honeypots coming from China. In fact, China, Vietnam, and India are the top three. United States is a pretty close follower there in terms of honeypots go. But, you know, a surprising statistic about the traffic from China to honeypots, the vast majority of the traffic that we observed can be traced back to 23 distinct IP addresses in China. And that’s like 50% of all of the inbound honeypot traffic we saw comes from 23 IPs, right?

Scott Luton (00:26:21):

Can you crack down on those 23 IP addresses and shut them down? Do you think – is there a reason why that doesn’t happen?

Kevin L. Jackson (00:26:30):

You’re lucky Greg is not here. They’re owned by Chinese government.

Scott Luton (00:26:37):

I know you’re kidding, but is there an element there where there they may be supported by governments overseas?

Richard Hummel (00:26:44):

You know, the problem is if you shut one of these things down and two seconds later, another one springs up elsewhere. And so, you can shut them down, and, I mean, cybercrime world has, you know, we’ve been talking about bulletproof hosting and fast flux for many, many years. And, this is like constantly iterating through tons of IP addresses or tons of host names like on a continuous basis, sometimes seconds. And so, you could shut one down, but then another one stands up a few seconds later and, you know, what’s the point?

Scott Luton (00:27:12):

So, we’ve got three more stories to get to, but we’ve got a good question here. We’ve got a good question. So Sylvia said, “Mind blown.” I’m with you, Sylvia, as the only non-technologist here. But she says, “What are honeypots?” So, what’s, in a nutshell, definition of that?

Richard Hummel (00:27:27):

So, think of it as a device whether it’s a virtual device or an on-prem device that just sits there and does nothing but collect inbound connections. And so, a honeypot can do any number of things. Now, I will tell you that, and that’s how we do things a little bit different. We don’t just collect the passive stuff. We actually have some active stuff that pertains to DDoS so we actually know when an adversary says, “Hey, DDoS this person.” We actually can capture that command and we can inform that person that’s being attacked that, hey, you’re going to be attacked.

Richard Hummel (00:27:56):

So, ours is a little bit different in that regard, but most honeypots out there they just sit out there somewhere on the internet, looking for connections. And the reality is that these Miria bots, [inaudible], Gafgyt, Lucifer, and I can name any number of half a dozen of IoT bots, right? They’re all out there doing this auto-propagation. And so, they’re constantly scanning the entire IPv4 internet space looking for things that they can compromise. And so, when we see an inbound connection to a honeypot, which should not get any inbound connections, unless we initiated it, we would suspect that connection as being bad. Now, it could be a crawler, right? It could be Google crawling websites, trying to find things. Sure, we can discard that. It could be someone scanning the internet like we also do to find security things to inform our customers. But by and large, it’s a bad guy trying to brute force something or exploit something. And, we basically looked at how soon does a new device on the internet get brute forced. And the answer is less than five minutes.

Scott Luton (00:28:52):

Wow.

Richard Hummel (00:28:52):

So, you think Christmas comes around and you have all these devices that are IoT connected. You connect them to the internet. And, the first thing you’re not going to do is go change your password, right. You’re going to play with your toy. That’s what I would do and I’m a security professional. But the reality is within five minutes, those things are getting brute forced. And so, that’s the nature of the landscape.

Scott Luton (00:29:10):

Wow. Okay. So, let’s do this. So, Vincent, you asked about these attacks slowing down digital transformation and supply chain. It’s a great question. We’re going to address some of that in just a few minutes, so stick tight just for a few minutes with us here.

Scott Luton (00:29:23):

Okay. So, Kevin, I’m going to give you one succinct last word before we moved to our second story. Your final word on the DDoS.

Kevin L. Jackson (00:29:29):

Actually just move to the second story because I think we can answer Vincent’s question with the second story.

Scott Luton (00:29:36):

Wonderful. And in this case, we’re moving from smart DDoS attacks to ransomware. So, according to ZDNet, we’re seeing a lot more sophisticated ransomware attacks in the market. So, Kevin, tell us, what are we seeing here?

Kevin L. Jackson (00:29:52):

So major incidents of ransomware are targeting supply chain’s critical infrastructure and hospitals, and they have been very disruptive, very successful. And talking about slowing down digital transformation, 800 to 1500 small and medium-sized companies have experienced ransomware compromise through their providers. So, these small companies don’t have enough money to maybe have their own IT staff so they get the service from a managed service provider, an MSP, and a ransomware is coming through the MSP to attack the small and medium-sized companies. One of these most recent is Kaseya. They provide IT solutions via a small, a product of theirs called VSA. And, it’s a remote monitoring and management piece of software. So, if you get a managed service, many of them over 40,000 managed service providers worldwide, use the Kaseya VSA product to service their customers. Right? All right. So, you don’t even know that you have the product. It’s just part of your service. And the attackers are ransomware. Attackers are attacking the Kaseya software to get at the end users.

Kevin L. Jackson (00:31:38):

So, if you’re trying to digitally transform your business, you’re a small business that is trying to look at this software provider or this managed service provider and say I can do this easily and quickly, boom, you’re now a target. And you didn’t even do anything. This is a big shift in the attack paradigm, right? Instead of attacking the end user, they’re attacking the end user’s IT supply chain, right, your managed service provider. And, the ransomware operators are choosing targets based on their financial capability to comply with higher rents and demands and their need to resume operations as quickly as possible.

Kevin L. Jackson (00:32:31):

So, think about it. You are a small and medium business. You need to make payroll. You now have a ransomware that says you pay this money or you’re not going to make payroll. You’ll lose your business unless you pay that money right now. And, that’s why they’re coming after. And that will – I mean, that’ll put a break on any digital transformation.

Scott Luton (00:32:56):

Right. Richard, coming to you, again we’re talking ransomware and some of ruthless tactics and some of the growth there. So, what are some of your thoughts here?

Richard Hummel (00:33:04):

Oh, man. I could literally spend an entire day talking about ransomware. It’s fascinating to me. My last job, when I was working for FireEye, I was primarily focused on ransomware. So, I’ve been kind of in this space for, you know, seven years now. And ransomware is interesting. In fact, let me ask you, Scott and Kevin, when do you think ransomware first entered the scene? Can you give me a year?

Scott Luton (00:33:28):

Kevin L. Jackson (00:33:29):

Maybe 95, maybe 95, when –

Richard Hummel (00:33:33):

Almost 10 years off, guys, [inaudible]. 1989 is the first, you know, documented instance of ransomware. And, you know, at the time it was just things like, you know, we blocked your screen and now you’re going to wire transfer us, or you’re going to do premium SMS on behalf of us. And that’s kind of how things invented, right? But, I mean, fast – 1989, that’s a long time, right? Now, think about this from the digital world. How far have we come since 1989? Well, the adversaries have progressed along with us. In fact, they can iterate much, much faster than we can. And sometimes they’re able to turn things around in a 24-hour window that would take a large enterprise months to do. And so, when we talk about new exploits and we talk about new ways to get in, like this is constantly turning for adversaries and they have no – there’s no managers, there’s no CEO. There’s no like oversight committee. They’re basically just reiterating this on their own. It’s really, really rapid.

Richard Hummel (00:34:28):

You know, Scott, and Kevin and I were talking about this before we kick this off. And, the cybercrime world is really a fully functioning enterprise. It’s really an entrepreneur’s game. And, these guys have gotten to the point where it used to be one adversary would do everything, right. They would code malware. They would operate the infrastructure. They would distribute it in spam messaging. They would, you know, have their own infrastructure stood up and all of that tied back to them. But they realized that you know what, if we actually get caught, and they’re going to take it down, our operation ceases, and we’re not going to pay it anymore. So, you know, the malware authors thought about this. You know what? I’m going to code malware. I’m not actually going to do anything illegal. I’m just going to make something that’s very nefarious. Somebody else is going to buy it from me and operate it, and they’re going to take on the responsibility of getting hit. Well, then the operators are like, well, you know what? I don’t want to take on full responsibility. And so, they outsourced their infrastructure. And so somebody else is running their C2 servers and things like that.

Richard Hummel (00:35:24):

Well, you know, the real intrusive part is actually getting people to click on a link or to download something and actually compromise a computer. So, I’m going to outsource my spam distribution as well. So, now you have all these [inaudible] things and by nature of that, you have all of these guys able to specialize in what they do. And so, you have these spam content creators that are getting very, very good at what they do and you cannot often distinguish a spam message from something that’s legitimate. And you have all these outer services out there doing what I call opportunistic targeting, where they will take advantage of a data breach for instance. Go back to OPM. How many of us lost our social security number [inaudible], right?

Richard Hummel (00:36:02):

And so, adversaries would take that list. They would very specifically curate the list and say, hey, I’m going to send to all 260,000 plus of these people. I have all of your social security numbers. So I can automate this process. And now I’ve crafted an email that says, look, I have your social security number. There’s more things that were compromised. If you want to fix it, click here. Well, guess what, how many people are going to click that? You have their social security number so this is legitimate, right? And so, you have all of this kind of phenomenon happening where this full enterprise is working out.

Richard Hummel (00:36:31):

Ransomware now operates as a service. It’s ransomware as a service now. And so, you have all of these operators out there, like the Maze stuff and the DarkSide and all of these different operations –

Scott Luton (00:36:44):

Sounds like comic book characters.

Kevin L. Jackson (00:36:45):

That’s scary, scary stuff.

Richard Hummel (00:36:48):

How they come up with these names is anybody’s guess. I mean, sometimes we, as researchers, name these things, but for the most part, you know, some of these ransomware guys that are around to stay for a while, they named themselves. DarkSide is a name that probably everybody knows because think of Colonial Pipeline and shutting down, you know, the crude oil in the Eastern Seaboard. Well, that’s a supply chain attack because they went after a billing provider for the Colonial where Colonial could not charge where the oil was going to because they couldn’t access the customer data. And so, very clearly that these ransomware guys went after this.

Richard Hummel (00:37:20):

Now, I want to tie this back to the first topic we were discussing, which is DDoS. Well, April 24th, DarkSide actually started offering DDoS as part of their ransomware as a service platform. Well, who else has done that? So, Maze has done it. Avalon has done that. We have LockBit 2.0 operators in the underground saying, hey, if anybody knows how to do DDoS, contact us because we want to get into the business. Hello Kitty, a new ransomware. They just started offering DDoS as part of their toolkit. And so, we’re seeing more and more of these folks adding to this.

Richard Hummel (00:37:52):

And so, ransomware is very much a thing and it’s continually increasing, getting a lot more complex. And it used to be that you could just, with ransomware, let’s reboot the system and maybe we get our files back, or the encryption key is resident locally and so let’s get that out. But they’ve gotten really wise to this. And so, you’re not going to get it unless you pay. But as a security researcher, I’m going to tell you don’t pay because you’re enabling that adversary. Sometimes it’s illegal to do that. And who knows if you’re going to get your files back? I think in this same report that we’re referencing here, it says that they got up to 50, 51% of their data back. That’s, I mean, if I’m going to pay a million dollars to get my data, I don’t want to have just 50% of it returned. I want all of it. So, the better –

Scott Luton (00:38:37):

Folks.

Richard Hummel (00:38:37):

Yeah. Go ahead.

Scott Luton (00:38:37):

Don’t pay, don’t pay.

Kevin L. Jackson (00:38:39):

Do not pay.

Scott Luton (00:38:39):

You heard it here first. Hey. So, in layman’s terms here, I do want to share something that Kevin and Richard both have spoken to, which was in the article, the cybercriminals have been personalizing their approach for this year. How nice of them, right? How nice of them. Instead of an approach targeting the masses, criminals have been selecting a much smaller target list based on who they think, as Kevin and Richard both spoken to, who they think is most likely to pay.

Scott Luton (00:39:07):

So, don’t pay. Go out and get a VPN. Go out and take precautions. Now’s the time to act for sure. And that’s not – I don’t think that is sensationalizing the threat that’s out there, right, Kevin?

Kevin L. Jackson (00:39:20):

No, not, not at all. I mean, they are really getting personal and because there’s so much data about every one of us out there, and they use that data that other bad actors have collected to target you.

Scott Luton (00:39:40):

So on, that note, and, you know, Mike Hill asked a great question and we’ll try to circle back to that. We’ve got a couple more things to share, and then we’ll try to get to Mike’s question about how the industry is no longer authenticating people, they’re authenticating devices, and how do we address that. So, Mike, hold on that thought just for a second. Richard, one final, quick comment on ransomware. It’s one of your favorite topics that sounds – give one piece of advice to our listeners, and then we’re going to keep trucking.

Richard Hummel (00:40:11):

You know what just follow industry best current practices because the way that these guys are getting into systems is tried and true methods that we have been talking about for almost a decade. They’re using common brute forcing methods to get into RDP and SSH and Telnet and SMB. They’re using social engineering via emails to get you to click something or to download something. In some rare cases, they will use exploits zero-days, but for the most part it’s outdated stuff, 4 or 5, 6, 7 years old, and so making sure that you’re staying in tune with those best current practices.

Scott Luton (00:40:46):

Awesome. Especially as you’re giving your kids new devices, it opens new opportunities for you to be compromised. So, find a great resource like a NetScout, or Google is your friend here. So, take precautions.

Scott Luton (00:40:58):

Let’s move right along, Kevin. ‘Cause we will talk about – you know, we’ve already mentioned it several times. Global supply chains are certainly getting hit more and more with cyberattaks, whether you’re a small company, medium-sized company, or a global enterprise. So, Kevin, what are you seeing as it relates to supply chains getting hit?

Kevin L. Jackson (00:41:18):

Well, we’re talking about customizing these attacks, right? So, if you’re in the business of ransomware of DDoS, you want to maximize the effectiveness of your products, right? And you’re going to – you want to focus your attack on a limited number of targets and these targets should be – it shouldn’t be very difficult for these targets to detect you. Guess what? Supply chain is one of these targets. Because as an attacker, I have to do a trade-off between casting a very wide net to compromise a lot of people or narrow to a very targeted list and be very effective in that strategy. That’s a small scale attack that could be just as effective because if I picked a white attack vector, their customers will also be affected. So, the supply chain, IT supply chain compromises really focused on a developer environment because of the privilege the developers have and also on mobile environments.

Kevin L. Jackson (00:42:40):

So, the expected growth and the frequency of supply chain attacks will really increase the need to detect these vectors. And there have been rapid advances in the technology that supply chain operators use. So, the complexity actually increases, and the supply chain is digitally transforming. And, they’re trying to use these managed service providers and there’s more organizations that are trying to use this technology to move –

Scott Luton (00:43:16):

So target rich environment, Kevin.

Kevin L. Jackson (00:43:18):

Yeah. Move a little faster. So, you know, you will fall victim to a cyberattack in the supply chain if you don’t think about this.

Scott Luton (00:43:29):

So, Richard, your thoughts here, specifically talking about supply chains under attack.

Richard Hummel (00:43:34):

Yeah. And, you know, I want to abstract the supply chain a little bit more, but, I mean, think back to WannaCry and NotPetya. I mean, these are names that should ring a bell because they impacted tens of thousands of organizations because this malware was able to propagate via SMB version 1 that wasn’t patched. And, it was a huge problem. And, that’s the reality is, when you get into the supply chain stuff, you got to look at where’s all of these things connecting into my organization and am I securing that third-party access? And what privilege levels do they have? And am I isolating that from the rest of my network? So, if my third party does get compromised, am I still going to be okay? Or is that going to saturate everything that I do and make me shut down operations?

Richard Hummel (00:44:14):

So, these are thoughts that you all have, right? And it goes back to the comment that I just mentioned about ransomwares. If they have passed SMB version 1, you know, you wouldn’t have an issue, but there was still – now, in terms of – sorry, go ahead, Scott.

Scott Luton (00:44:28):

No, no. Finish your thought. I’ve got a question here from Jacqueline about VPNs, but please go right ahead.

Richard Hummel (00:44:32):

Yeah. I’ll definitely going to address that as well. So, that’s kind of a part of where I’m going with this. So, with regards to supply chain, abstracting it a level even further. So we’re talking about digital world, digital transformation, and we’re talking about supply chain in terms of, you know, there’s a third-party billing out. There was a digital software somewhere that as the supply chain, there’s a distribution mechanisms such as the software updates or downloads or whatever they might be, right. Something that comes into the organization. Well, what does all of that stuff rely on? The internet, right? So DNS servers, VPNs, internet exchanges, like, all of these things that make the internet function. Without that, what is the rest of the supply chain? And so, one of the things we looked at in our recent threat report is, are there attacks against those key supply chain elements what we call the conductivity supply chain? And, absolutely there is.

Richard Hummel (00:45:23):

In fact, there’s been an uptick in attacks against VPNs. And, there’s two distinct kind of threads here. There’s the commercial VPN world, which is separate from kind of our enterprise conversations we’ve been having so far. And the commercial VPN is primarily going to be used by gamers. Gamers. In fact, as a streamer, if you’re gaming, you haven’t really arrived until you start advertising for a VPN. That’s just the way it works. And so, they’re continually pushing you to get these VPNs. Well, what happens when all of those VPN nodes are made public, which they are? You go to any VPN website and you can actually see all the nodes and you take all those nodes and an adversary starts attacking us. Does it affect the one user that they’re trying to attack? No, it doesn’t. In fact, it impacts every single person on that single VPN concentrator node. And so, now you have a collateral damage impact that just has waves that you don’t really know the reaches of.

Richard Hummel (00:46:15):

The same is true in the corporate space. And so, there’s a simple OPSEC thing that you can do to avoid this, is one just don’t expose some of these things publicly. But what we found, there’s a DDoS extortion crew author called Lazarus Bear Armada. We’ve blogged about them. They’re in the threat report. But what they have specifically done that’s kind of different from past DDoS extortion crews is they will actually do network reconnaissance and they’ll do a reverse look-ups. So, they’ll find your entire IP space. And then, they’ll look what, you know, what’s hosted on these. And it just kind of – it just baffles me that some organizations will call their VPN concentrators as vpn.organization.com.

Richard Hummel (00:46:57):

So, all [inaudible] has to do is look at the host resolution and say, this is a VPN concentrator. If I go after this, I’m going to take it down. And guess what happened? This LBA extortion crew went explicitly after those corporate VPNs. And so, something as simple as practicing a little bit of OPSEC, not to name it as VPN, might have saved them from that attack. Now, is there other ways to figure out this out? Yeah, there is. You can look at the protocols and what’s responded in scanning, but, again, there’s ways to avoid that as well. There’s definitely ways to avoid attacks against these VPNs.

Kevin L. Jackson (00:47:29):

Yeah. One thing I wanted to bring up, and this goes back to Mike Hill’s question, right. Yeah. It’s not – there’s this thing that’s referred to as an NPE, a non-person entity, and these are things like routers or servers. They are not people. They are things. They are devices, right? And these NPEs managed more than anything else across the internet. So, it’s really important as an enterprise to identify the critical NPE nodes in your infrastructure and to protect them. OPSEC to protect the NPE of your VPN concentrator is an example of that. So, it’s really important to focus on these NPEs well because they can just – an attack on an NPE, its damaged is just magnified a hundred times.

Scott Luton (00:48:41):

Right. I need an acronym translator before this next conversation. We sit down. I want to share just a couple of quick comments here, and we’re going to the last article specifically on manufacturing. We’re going to hit that really quick. But Mohib says, “I’m glad that these hackers did not attack the supply chain control tower of our local grocery chain.” I guess the service rep at the grocery store told him, “It’s not a supply chain issue. Your ink cartridge is in a container unloaded in the dock waiting to find a truck to bring it here.” Okay. That’s better than a cyber issue, right? And Jose, this is a great question. You know, what are those immediate top three actions, a single person in a company need to take today? I think we’ve already shared a couple there. But we’ll circle back before Richard leaves us here today and we’ll address that question one more time.

Scott Luton (00:49:35):

All right. So, I want to, Kevin and Richland, move to his final quick article about ransomware specifically in the manufacturing sector. And I want to call something out quickly, and then I’ll get both of your takes here. But it’s really important that the rise of activity here is not all about targeting and disrupting the manufacturing companies themselves, but rather they’re breaking through. You want upstream to get data from their suppliers and using that, or going downstream, as one of you referenced earlier, getting data on their customers that the hub, the manufacturers, aren’t always the number one target here with this. But, hey, let’s go to Kevin, and, Kevin, this whole article is driven by our friends at BitSight and ThirdParty Trust where they teamed up to analyze the last three years of attacks to hit the manufacturing industry. So, Kevin, what was important to you based on this research here?

Kevin L. Jackson (00:50:32):

Well, today we’ve mentioned Kaseya and Solarwinds and the Colonial Pipeline, but these aren’t isolated attacks. And in fact, the manufacturing sector received 17% of all of the attacks on businesses and organizations, and they are targeting high value data by extorting third parties, right? So, it’s the suppliers, the clients, the partners, by extorting that data, they can use it to demand ransom from those entities.

Kevin L. Jackson (00:51:18):

So, if you’re in manufacturing, the likelihood of a ransomware attack is probably high and, you know, based upon your overall security performance. So, if you’re sort of lax on security, cybersecurity, guess what? You’re right there. You’re in the [inaudible]. Your patching cadence will also impact ransomware risk.

Kevin L. Jackson (00:51:50):

People see a patch on a server and they may say, “Okay, we’ll do it next month.” Guess what? You won’t last until next month as – that’s what happened with, was it – not Enron. Yeah, long time before. Yeah, it’s happened before. And your configuration management of your IT infrastructure is also tied to your ransomware risk. So if you don’t have good records, if you don’t certify your security, your VPN, your certificates and keep track of your configuration management, your IT, guess what? You’re going to be attacked.

Scott Luton (00:52:44):

All right. So, Richard, we won’t, unfortunately have as much time to dive into this last piece, but really succinctly in a nutshell, key takeaways from the attacks going on in the manufacturing industry.

Richard Hummel (00:52:55):

So, let me give you a quick alliteration. I don’t know if either of you have seen Zootopia. So, there’s this sly fox in there and he extorts into getting like this free jumbo pop that he then melts down and sells smaller pops and then sells the sticks as redwood, right. And this is the mentality of the cybercriminals. Any way that I can monetize, I’m going to do it. And so, attack against manufacturing is absolutely let’s get in there. Well, let’s take down manufacturing while we’re in there, but let’s steal all the intellectual property and then I’m going to extort this person and this person and that person. And then, on the way out, let’s launch a DDoS attack. So, now we have a triple extortion event. And so, we’re seeing more and more of this everywhere.

Richard Hummel (00:53:35):

So, it doesn’t really matter if it’s manufacturing. It doesn’t matter if it’s hospitals or local government. It is happening across the board. And so, that’s really the kind of the phenomenon that we’re seeing here. And so, I don’t even think it’s a matter of let’s just focus on manufacturing. Let’s look at the whole world. What our adversaries doing and where are they going after to have the highest impact? DDoS extortion crews, like the LBA stuff, when they first started, they went after financial organizations. Why? Because that’s where the money is. Well, you know what? They figured out these financial organizations are well-protected, they’re not paying us. So, let’s go to manufacturing. Let’s go to energy. Let’s go to things like that. And so, this is kind of the domino effect. So, they’re going to go where the money is, where people are paying and that’s where they’re going to get their next book.

Scott Luton (00:54:16):

I love that. It’s good point, Richard. Let’s make sure we – Kevin and Richard, I’ll tell you, this has been a fast paced – there’s so much going on in this space. There’s so much folks that need – there’s so much that folks need to be made aware of, so I appreciate what both of you are sharing. But undoubtedly, you know, we can’t get to all the good stuff in an hour. I want to make sure folks know how to connect, Richard, with you and NetScout, and then we’ll make the connection with you, Kevin, as well. So, Richard, if folks want to learn more, if they want to download that threat report, how often do y’all do the threat report, by the way?

Richard Hummel (00:54:50):

We do the threat report twice per year typically kind of a March timeframe for end of the year roll-up. And then, we just released [inaudible] in September. So, that’s the typical cadence, every six months.

Scott Luton (00:55:02):

And, so beyond the current state of what the observations you’re making, there are some best practices and some suggested recommendations in there as well to Jose’s question?

Richard Hummel (00:55:14):

Yes. So, there’s a couple of kind of frequently asked questions deal where it gives you some blind items. Really, it’s the best common practices or the best current practices or BCPs as what we call them. And so, netscout.com/threatreport will get you there. It’s fully interactive, so you can actually go on there and click around. So, you can track the report there, and all future reports will be on that same link. And then, if you want to follow me, @MalwareAnalyzer for both LinkedIn and Twitter, and then we also have a research handle @ASERTResearch, which you can follow some of our more research-related items.

Scott Luton (00:55:46):

Wonderful. Richard Hummel. NetScout. Tell you, I really appreciate you carving an hour out. Kevin, we have – this has been a quite the hour, huh?

Kevin L. Jackson (00:55:57):

Oh, yeah. Absolutely. You know, in supply chain, I mean, your ICT, your information, your data, your communications, supply chain is critical to your business. And, as a professional, business professional, you must pay attention.

Scott Luton (00:56:17):

Got to, got to, especially moving into the new year. All these new nodes come online, Richard and Kevin, here in the year activity blows up. It sounds like it’s as sad as this. Sounds like it’s good time to be a startup entrepreneur in the cybersecurity space. I hate [inaudible].

Kevin L. Jackson (00:56:39):

[Inaudible] in cyberattacking space.

Scott Luton (00:56:42):

Right. All right. So, we’ve been chatting with Richard Hummel with NetScout. Really appreciate your time here today. Make sure you all connect with him, follow him, check out and download these reports. And we’ll have to have you back as we get through fourth quarter, hopefully, all in one piece, Richard.

Richard Hummel (00:56:57):

Let’s hope so. And, let’s hope we’re not projecting that 11 million number and that we hit below that. So the more we can go to the left and down, the better. I don’t foresee it happening, but, you know, fingers crossed, knock on wood, we’ll see.

Scott Luton (00:57:11):

Awesome. Well, hey, thank you so much, Richard Hummel with NetScout. We’ll be back in touch soon.

Richard Hummel (00:57:15):

Thank you so much for having me.

Scott Luton (00:57:20):

You bet. Oh, Kevin, man. I need a whiteboard. Y’all dropped so much today between what’s going on, some of the backstory, just the sheer size of the tremendous threat that as Richard made a great point, it’s not, you know, it’s not just manufacturers, not just supply chain, it’s everywhere, right. Everywhere. If you’re connected, you’re exposed to some degree. And one of my takeaways was the attacks are happening. It’s just which one’s breakthrough, right? So, you’re being – you’re under attack whether you know it or not. But, Kevin, those were a couple of my quick hitters from Richard’s POV today. What was one of your favorite parts?

Kevin L. Jackson (00:58:00):

First of all, this is a must-see broadcast, right? Anyone in business needs to listen to this. It will open up your mind to what your job is, and your job is to protect your information. Protect information of your customers and of your business partners. And this is really, you know, we’re opening your eyes to that. But more importantly, you know, you have to do what I call cybersecurity hygiene, right? The basics. And, I think going through that threat report and clicking on those links, if you can just do the basics, you’re protecting yourself because the bad guys are looking for that weak link, the people that are not doing the basics. And if you do that, you increase your protection value tenfold.

Scott Luton (00:59:00):

Right. It’s not just Achilles’ heel. It’s Achilles elbow. It’s Achilles index finger. I mean, all these weak spots across your enterprise that the bad folks, the bad actors out there, are constantly trying to find to penetrate and then use it against you, whatever, to monetize as Richard pointed out however it takes, whatever it takes.

Scott Luton (00:59:22):

Okay. Well, Kevin, thank you. I’ll tell you. These highfalutin technological conversations, I should have gone back and gotten my computer science degree. That’s where I started in college, Kevin. I don’t know if you knew that, but I hated the [inaudible] you learn how to program and code, which you do it and you do it and you do it. But, Kevin, how can folks connect with you and, of course, the Digital Transformer series?

Kevin L. Jackson (00:59:47):

Oh, yeah. Absolutely. I’m on Twitter, Kevin_Jackson, or Kevin Jackson on LinkedIn, and of course, Digital Transformers here on Supply Chain Now.

Scott Luton (01:00:00):

I love it, and really enjoyed our time together last week at the Johnson STEM Center in Atlanta, named after Doctor –

Kevin L. Jackson (01:00:09):

Oh, yeah. [Inaudible] for the Veterans Bowl on December 11th. We’ll be broadcasting live from the Johnston STEM Center.

Scott Luton (01:00:19):

That’s right. And, we had the chance to meet one of our collective idols, Dr. Lonnie Johnson, the center’s named for him. He has got, I think, 132 patents, including the biggest water-related toy in terms of sales of all time, which is the Super Soaker. And that’s just one. I mean, he’s from NASA and space to energy. You name it. That was pretty special, special time when it come.

Kevin L. Jackson (01:00:50):

Yeah. Absolutely. I mean, I was just in awe. I had to pick up my jaw from the floor. We got to go through his lab. Man, [inaudible].

Scott Luton (01:01:06):

Yeah. It was crazy. So, y’all join us –

Kevin L. Jackson (01:01:00):

[Inaudible] the yellow lines. [Inaudible]

Scott Luton (01:01:06):

So, join us December 11th for a special livestream dedicated to the Veterans Bowl, which is a really cool e-sports competition based, you know, focused on the Madden football game, where teams of veterans are vying for the championship. So, we’re honored to cover that and help give it some visibility. And it’s just a really cool way to engage the veterans’ community. So, I love that.

Scott Luton (01:01:30):

Okay. So, big thanks. Hey, thanks Mohib for the feedback. “New and hard hitting learning experience. Another awesome session today.” Dave, and great to see you here today. Hey, it was quite the learning opportunity I thought. And, Mike finishes with the weakest link is not the user. It is a thing we need to be authenticating. Is that right, Kevin?

Kevin L. Jackson (01:01:51):

Yeah. Absolutely. Those NPEs, right, non-person entities.

Scott Luton (01:01:56):

Yeah. NPEs, non-person entities. Hey, but, folks, hopefully you enjoyed this session and learned a lot like I did from these two technologists, Richard and Kevin. Join us on December 11th for the Veterans Bowl. Hey, join us this coming Thursday for our conversation with Manhattan Associates, all about cloud-based TMS and why supply chain is a team sport. Check out Digital Transformers. You don’t want to miss anything Kevin L. Jackson says. You can take it to the bank and you’ll have a fun time doing it.

Scott Luton (01:02:27):

Most important, I got to challenge y’all, the same when we challenge our team every single day. Hey, do good, give forward, be the change that’s needed. And on that note, we’ll see you next time right back here on Supply Chain Now. Thanks, everybody.

Intro/Outro (01:02:40):

Thanks for being a part of our Supply Chain Now Community. Check out all of our programming at supplychainnow.com and make sure you subscribe to Supply Chain Now anywhere you listen to podcasts, and follow us on Facebook, LinkedIn, Twitter, and Instagram. See you next time on Supply Chain Now.