‹ All episodes

Vancord CyberSound

063 - Halloween Kill Chain

October 25, 2022 Vancord Season 1 Episode 63
Vancord CyberSound
063 - Halloween Kill Chain
Info
Vancord CyberSound
063 - Halloween Kill Chain
Oct 25, 2022 Season 1 Episode 63
Vancord

It’s no secret that full-size candy bars are sought after and tracked down on Halloween night.

In this fun, holiday-esque episode, Jason, Steve, and Matt introduce an easy-to-follow scenario to walk you through the different stages of a cyberattack and guide your understanding of the Cyber Kill Chain.

Keep yourself safe from cyberattacks this Halloween season.

Share
Apple Podcasts Spotify Amazon Music Podcast Index Overcast Podcast Addict +
Show Notes Transcript

It’s no secret that full-size candy bars are sought after and tracked down on Halloween night.

In this fun, holiday-esque episode, Jason, Steve, and Matt introduce an easy-to-follow scenario to walk you through the different stages of a cyberattack and guide your understanding of the Cyber Kill Chain.

Keep yourself safe from cyberattacks this Halloween season.

00:01

This is CyberSound. Your simplified and fundamentals-focused source for all things cybersecurity, with your hosts, Jason Pufahl, Steven Maresca and Matt Fusaro.


Jason Pufahl  00:14

Welcome to CyberSound. I'm your host, Jason Pufahl, joined by Matt Fusaro, Steve Maresca, Steve's already, you're already laughing. 


Steven Maresca  00:23

Yep. 


Jason Pufahl  00:25

It's Halloween. So, I think today we're going to talk a little bit about the Halloween Kill Chain.


Matt Fusaro  00:33

Yeah. The horror Kill Chain, Halloween Kill Chain. We'll see where it goes.


Jason Pufahl  00:38

So we know that every single kid craves the full size candy bar. Right, nobody wants, nobody wants an apple. Nobody wants to think of popcorn balls, that was your least favorite.


Matt Fusaro  00:52

That and the darn house up the street that used to give out the wax lips, I'll never understand it.


Steven Maresca  00:58

And who can forget, you know, black licorice jelly beans.


Matt Fusaro  01:02

Oh, yeah, that too.


Jason Pufahl  01:03

So from a reconnaissance standpoint, every kid knows who gives out the wax lips, right? They know who to avoid. They also know who might have that prized either, supersized candy bar king size, or just a general full size candy bar. Nobody wants the Three Musketeers Mini because we all can agree that Three Musketeers in the worst candy that you can get on Halloween. So reconnaissance, right? Talk to your friends. Figure out which houses have the candy that you want. Right? So that's your target.


Matt Fusaro  01:38

And you could find that stuff on all those those parent websites too. What is that, Nextdoor?


Steven Maresca  01:44

Nextdoor for Halloween.


Matt Fusaro  01:45

There's another one too, I can't remember the name of it. I'm sure, you know, Facebook Groups, you'll find out where all the, all the good stuff is, all the moms post on there.


Jason Pufahl  01:52

And they're digital natives, these kids, so they probably do turn to Nextdoor and Facebook and figure out, you know, who's buying what candy and what do they plan on giving out? 


Matt Fusaro  02:00

Oh yeah.


Jason Pufahl  02:00

Because your point is well made, you don't want to be the last one to find out that a house gave full size candy bars, right? You want to be there first. So a little bit of digital surveillance.


Steven Maresca  02:10

And we have to take notes in a distributable form to everybody so you know which houses to egg afterward.


Jason Pufahl  02:18

So, egg afterward?


Steven Maresca  02:20

Well, well, yeah, the one that gives out saltines. Then they're reminded not to do that again.


Jason Pufahl  02:24

So that's interesting. So I was thinking, you have to get in the house somehow. So I was wondering if you know, a single egg might draw the inhabitants out and make it easier for you to get in, possibly, so do you do that even earlier?


Matt Fusaro  02:41

This is true. They usually get pretty angry, when you do something like that, 


Jason Pufahl  02:44

They do.


Matt Fusaro  02:45

Come out, run after you, maybe tackle your friend.


Jason Pufahl  02:47

Alright, so you want, you're gonna opt, you're going to opt for a little bit more subtle approach, initially. 


Matt Fusaro  02:54

I don't know. 


Jason Pufahl  02:57

I guess if I were really trying to do it, right, it would be great to get in and get out unseen. Maybe even make it so you can get in and get out another time in the future, if you're really gonna try to be crafty. 


Matt Fusaro  03:07

Well, if you got a big group with you, you have a whole bunch of kids, you can maybe sneak in behind them. Or just have their whole garage, open.


Jason Pufahl  03:12

Alright, so we know who has the candy bars. The great thing about Halloween is people who ordinarily wouldn't open their doors for strangers are going to open their door for every single stranger, right, so you've definitely simply got, Whole garage, they might put a whole box of candy right on the doorstep, which, when dumped in its entirety into a bag, is more than a king size bar. So that's the target of opportunity as well. But we don't want to, we have an objective and our objective is the king size. Walk up to your door and you say trick or treat right. And typically it's going to be confusing, right? The person behind has got a bucket of candy. They're probably getting mobbed by eight or ten kids. They really don't know how many kids were at the door, do you just have one slip inside?


Steven Maresca  04:00

It's sweet, little Raggedy Ann standing there looking adorable who, you know, disarms.


Jason Pufahl  04:08

So that is the trick if you send that one in, 


Steven Maresca  04:10

Absolutely.


Jason Pufahl  04:10

Right, probably like four years old, five years old, small, probably doesn't have any demons yet.


Steven Maresca  04:17

I mean, it could just be a dad wearing makeup and walking on his knees, but if It's Halloween, who knows?


Matt Fusaro  04:25

It has to be very specific. They want a very specific color of candy so they're fishing through the bowl, taking forever.


Jason Pufahl  04:32

Oh, you need to do that. Take three or four and make the person say, can you put two back, you're only supposed to take two. So you create confusion and you have a diversion by having a big group of people and you slip Raggedy Ann through the door, right, which is a good concept.


Steven Maresca  04:45

And if that doesn't work, I mean it is Halloween, so just dress up as the neighbor and you know make it look comical. But, you know, they'll believe you.


Jason Pufahl  04:54

So now they know the house, right? We've gotten to the door and we've slipped somebody in. They actually have, they have no idea that we've got this persistent, this persistent threat embedded.


Matt Fusaro  05:06

Well, you have to hide, right, because it might take you a little while to find what you're looking for.


Jason Pufahl  05:11

I mean, and I didn't call it an advanced persistent threat. It's just plain old persistent, because they're in there. They're gonna keep trying, but they're four years old, how advanced really, right,


Matt Fusaro  05:19

And I mean, when's the last time you saw an APT use like modern methods to get into places? I mean, it's always in the old stuff.


Jason Pufahl  05:28

Some basic social engineering, right, that's all. That's all that's happened so far. You know the kids know how to do it. So, you got you've got your insider.


Steven Maresca  05:35

You know, I'd say that the kids are probably the most adept at social engineering of anyone. They're manipulative, heartless, and ruthless. They've got nothing to lose. 


Jason Pufahl  05:47

Is this your kids? 


Steven Maresca  05:48

Well, no, they haven't learned social norms yet. So they're still okay and acceptably, you know, pathological.


Matt Fusaro  05:55

They can lose a friend, they'll find a new one. People like us, we lose a friend, that's one less friend now.


Jason Pufahl  05:57

That is true. So the good news is, right, if we're looking, they've studied the habits of the people at the house, and the likelihood is every single time that doorbell rings, it's an interruption from Jeopardy, or whatever it is that somebody's watching. They can't wait to go back to it. They're going straight back to the TV room, or the family room, whatever they want to call it. Right? So it probably leaves the kitchen, reasonably exposed. You got Raggedy Ann now wander around the house. Pretty much carte blanche, they don't know she's in there. She's small, quiet. She gets the candy. Actually, it's not really fair for us to presume that Raggedy Ann was a she. So, Raggedy Ann has now gotten the candy. What do we do? How do we get the candy out? Because everybody has to get a piece right?


Steven Maresca  06:45

Well, she needs a path out. And there's still a door there. You know, she's gotten in, but there's still fences. 


Matt Fusaro  06:51

You unlock the backdoor, right? 


Steven Maresca  06:52

Well, I mean, how tall is she? Maybe she can't reach the deadlock. What would he do?


Jason Pufahl  06:57

So do you send another group back in to knock on that door and exfiltrate her?


Steven Maresca  07:01

Maybe. Or you know, she's probably trying to find a way out. Gotta find the doggie door. Maybe there's,


Matt Fusaro  07:08

First story window?


Jason Pufahl  07:10

Or, do you just leave her in there? Is that just the persistence part?


Steven Maresca  07:14

Nope, nope, nope. This is Halloween, so there's got to be a basement hatch. You have to go down into the bowels, deeper into infrastructure.


Jason Pufahl  07:24

It's definitely dark out there.


Matt Fusaro  07:27

The bulkheads kind of noisy though when you open it.


Steven Maresca  07:29

Right, it's acoustic effects you expect to hear on Halloween.


Jason Pufahl  07:33

That's true. That's just a spooky sound, like a normal spooky sound.


Steven Maresca  07:36

Right, your neighbor wouldn't know any better.


Jason Pufahl  07:37

Right, and they probably got some ornaments out there that are making noise each time somebody passes by. So they don't, that's fine. So that's a good diversion right there, position one of those ornaments back behind the bulkhead. Let her open it up so she squeaks her way out. So now you've got an open bulkhead basically, carte blanche, you can go back anytime you want until they figure out that that thing is open. And again, they're watching Jeopardy. So you know you at least have like eight hours before sunlight? You know that they're probably up at daybreak, but you got a bunch of time to get in and out of that place. World's your oyster at that point. Alright, so we got Raggedy Ann we snuck the person in. Did they steal anything yet? Or do they simply get it so that everybody else can get in?


Steven Maresca  08:27

I mean, she's built a map. You know, there are teams now. People know where to go for the valuables, people know where to go for the candy. You know, the secondary target is now the primary target.


Jason Pufahl  08:39

So now, does Raggedy Ann actually tell anybody that there is this ingress and egress, or does she just actually sell the candy?


Steven Maresca  08:48

Exactly, she goes down to the corner,


Matt Fusaro  08:50

 Or she can she can tell everyone about it if they give up their bag of candy.


Jason Pufahl  08:54

That's the trick. Do a twofer. So, pretty easy exploit. I mean now that we've talked it out, I'm actually I might trick or treat this year. Seems like a no brainer.


Matt Fusaro  09:11

And find the bourbon for the candy bar.


Jason Pufahl  09:14

It's all what you're going after, right? I mean, in parallel. It really is how a normal Ransomware attack works. I mean, that is the, that's the reason this whole Kill Chain exists. 


Matt Fusaro  09:25

But do you rate, like how do you ransom the personnel zone? Do you tell them I'll give you your candy back if you give me money?


Steven Maresca  09:31

Well, it wasn't Raggedy Ann. She was just the breaking entering you know, initial salvo. It's Johnny down the street dressed up as Chucky, he'll leave the stink bomb or you know the flaming bag on the porch. I have to imagine that that is the,


Matt Fusaro  09:48

 You're showing your age with the Chucky reference.


Steven Maresca  09:50

I know, aren't we all Raggedy Ann? Come on now.


Jason Pufahl  09:55

Chucky was the worst, when Chucky was hiding under that bed, that was one of the scariest scenes I've ever seen, I did not like that at all. So that's a good point, though. There really was no ransomware, this was an outright theft, not a smash and grab, I think it was gracefully executed.


Steven Maresca  10:12

No, again, the secondary team who got sold entry is now incoming with the threat.


Jason Pufahl  10:20

Gotcha. We don't know what that is. I mean, that's up to them to be creative. So you know, threat actor one was able to get there was able to get entry, and then sell access to other people. That's it, of course.


Matt Fusaro  10:31

So how do we defend against this?


Jason Pufahl  10:34

It's tough, right? Because Halloween, you're at your most vulnerable to this attack? For sure. So once a year, I think we're all susceptible.


Matt Fusaro  10:42

So do you just put the full size candy bars out there for everybody?


Jason Pufahl  10:46

Yeah, I suppose you could do I mean, you could do like those. Maybe some like the baby gates, you at least can open your door. Somebody can reach over and get the candy, but they actually can't kind of slip past you.


Matt Fusaro  10:56

A lot of people take the screen door out, or take the top screen out.


Jason Pufahl  11:00

That's the way to do it. Like the old style half door. Yeah, I mean, it's the people who open the door all the way. Right, they're the fools. The Ring doorbell, I don't know, I mean, sure, you can see who snuck by later, but it doesn't help you at the time of theft.


Steven Maresca  11:16

Everybody's dressed up, you can't exactly authenticate people by looking at the Ring doorbell.


Jason Pufahl  11:20

That's true. And people are dressing up like, you know, Raggedy Ann is benign. So you trust that, it's not like somebody dressed as a spooky ghost, or Jack Skellington, something like that. Everybody's keeping an eye on that one, though, everybody's keeping an eye, what you need to do is come to the door actually with like a group of 14 or 15 year olds, people who you already don't want there because they're on the edge of too old, and that's when you slide Raggedy Ann down below, right, because they're already disgusted with the people who dressed as a bum, or a hobo. Right, the laziest costumes known to man. 


Matt Fusaro  11:35

Everybody knows that's a problem. Yep.


Steven Maresca  11:57

So, you know, is there anything left behind? You know, is there a camera for next year?


Jason Pufahl  12:03

I mean, I suggested leaving Raggedy Ann behind but,


Steven Maresca  12:05

Well, she has to eat, she can't just eat chocolate. 


Jason Pufahl  12:07

She has, you got a kitchen at your disposal, do whatever she wants in that place. She can't just live on candy?


Steven Maresca  12:14

You get the fish or whatever they have for the rest of the year.


Jason Pufahl  12:18

I think the only thing that you've left behind is permanent scarring and the fear of Halloween for the people who've been infiltrated.


Matt Fusaro  12:24

Yeah, yeah, probably no candy next year.


Steven Maresca  12:29

Probably not.


Jason Pufahl  12:29

Yeah, that light will be switched off the following year.


Matt Fusaro  12:34

Oh, well. Probably not a great idea to do this.


Jason Pufahl  12:38

I know, now I feel bad for the people. So this is the discussion here really is intended to talk about the Kill Chain a bit. And it's seven steps. You know, we did some reconnaissance and delivery, we installed our threat we got, what do they call it, that the intruder there, the hands on keyboard, somebody who's actually your actor inside. Weaponization, exploitation and Steve you were trying to figure out the command and control piece, right, the persistence aspect. Kind of fun to apply it to Halloween, but it is the way we see attacks occur, cyber attacks, we'll be more specific. I think on that, Happy Halloween, everybody, and put up your baby gate. I think it's clear enough that you want to protect your house. 


Matt Fusaro  13:29

And protect those full size candy bars.


Jason Pufahl  13:32

We hope you enjoyed the episode. Happy Halloween, everybody.


13:36

We'd love to hear your feedback. Feel free to get in touch at Vancord on LinkedIn or on Twitter at Vancordsecurity. And remember, stay vigilant, stay resilient. This has been CyberSound.