Transcript
Hey. Good to see you. Good to see you, Mike. So let's talk a little bit about the recently published Team 82 Threat Report. A lot of great data in there, and we're talking about actual attacks against cyber-physical systems, whether it's OT or healthcare devices. Just curious to you, what stood out? I mean, there's a lot of different angles we can tackle here, but... Well, look, at first, I think it's important to talk about the genesis of the report, that there's a lot of threat reports out there from a lot of different cyber vendors over the years. What we really wanted to do was have one that oriented... There's a question sometimes about what attacks are actually occurring against cyber-physical systems. And so we have a team of threat researchers that infiltrated the dark web, and we're looking for evidence of actual, real evidence of attacks against CPS assets, OT assets, medical devices. And so over the course of 2025, they were able to find over 200 documented examples of attacks against these assets. So we looked at the source country of the attack, we looked at what country was being attacked, we looked at what, if we could figure it out, what threat group was associated with it. So it really turned into a harvest of super interesting information. And so that's the genesis of it. Now, I want to get back to your question in terms of some of the interesting points. So I guess a little bit not surprisingly, we found that 71% of the attacks that originated from Iran in 2025 were targeting asset owners, infrastructure within the US and Israel. More surprising for me is that we found that attacks originating from Russia, 81% of the time were targeting countries within the European Union, I guess, because of the Ukraine war, but I was expecting actually to see more attacks against the US as well. So I thought, I thought that was interesting. So that's kind of one. Sure. Yeah, it definitely stands out. It also kind of the geopolitical leanings of some of these hacktivist groups. They're not necessarily super skilled, but they do align either politically or socially with what's happening geopolitically. And I thought that that actually showing that linkage in a lot of areas was really interesting Yeah, like one of the, I thought, really interesting things, attribution. So many... CISA recently published a report about a lot of opportunistic attacks by adversary affiliated hacking groups against critical infrastructure, which is borne out by our research. We saw a lot of Russian affiliated hacking groups, we saw Iranian affiliated hacking groups, and they were kind enough to us to put their logos on video recordings of their attacks. Lots of logos. They were able to see it. Now, the one thing that I thought was also super interesting is we found, I'll call it a getting start, a getting a quick start guide that hackers had published to teach other hackers around, step by step around how to find and attack OT assets using like Shodan and other tools. Yeah. And I mean, that's kind of what the dark web is all about is there's a lot of this information sharing between these groups and to see it against OT is kind of concerning. I mean, it's new, at least. Yeah. Look, I feel like there's always another red line that an attacker, some attacker will cross. Right. And I think that we need to recalibrate that it's like an elevation of our thinking about cyber physical system based attacks that it is just another tool that adversaries and cyber criminals have to achieve their strategic or financially motivated objectives. And so if you look at, you know, right now, you know, our team told me earlier this morning that they're seeing a lot of Iranian attacks against wastewater, retail and manufacturing. There was actually an Israeli retailer, again, targeting PLCs, these environments, an Israeli retailer whose refrigeration systems were taken offline, causing from Iran, causing a lot of spoilage. And so the intent is not just it's to cause malfeasance, but it's also to try to impact the supply chain. Right. So good place for the next question. Three of the industries that we really saw attackers targeting on focusing in manufacturing, water and wastewater and power generation, probably no surprise, you create a lot of social chaos there, get a lot of attention for your whatever your cause is just your reaction. Yeah. So if it's like 19 percent against manufacturing, like 15 percent, something like that against water, against water and 11 percent against power generation. Look, I think that it's the least for power generation and utilities. The goal is to domestically cause harm to U.S. based infrastructure or to implant themselves in U.S. based infrastructure as a means in case of a kinetic conflict to be able to cause disruption. Right. So I think, you know, again, we can talk about specific companies that we found, but a lot of the manufacturing is how can you influence supply chain? Like we saw like Colonial Pipeline attack influenced supply chain. And so there are so many, if we think about critical infrastructure, not as individual entities, but which ones need to be operating, the essential ones that could impact upstream or downstream capabilities. That's where I think the lens needs to be in manufacturing. I mean, the big point is that too many of these assets are exposed online. They're easily enumerated using scanning services and, you know, they give up a lot of information and that's really gold for an attack. Well, look, it's not very difficult to find cyber physical systems to attack there. When a couple of months ago, our team 82 looked at this on Shodan, we found over 4,000 building automation systems either using KNX or BACnet in the insecure manner. So with this insecure protocol, an attacker can directly connect to it and drive commands without the need for any password and any credentials. So it's kind of like bonkers to me that there's so much vulnerable infrastructure out there. So let's wrap up with a couple of minutes on the national cyber strategy that was released 10 days ago or whatever. Just curious on your thoughts on a few of the pillars, obviously most relevant to us would be protecting critical infrastructure and, you know, prioritizing that within the strategy. What was just kind of your initial reaction on that? Yeah, look, it's important that the administration put out the national cyber strategy. Just candidly, it was shy on details and shy on kind of implementation operations. But I was, you know, I think it was really important that as cybers, as critical infrastructure is the next cyber battleground, I think it was important that the administration called on, I think it's pillar four, around securing critical infrastructure. They specifically called out operational technology and impact potentially on supply chain. So I think, you know, it's good directionally. The question was like, so what is the implementation plan? There's also one of the pillars around, I think it's around smart regulation or pragmatic regulation. And so, again, it's good. I think it's important and good that there is some regulation because a lot of organizations won't implement cyber protection unless they have a requirement to do so and with penalties associated with it. So I think that's a good thing. The question is, what will that yield? Like, what is the result? I think the whole pillar on regulation was to be three or four sentences. So I'm eager to read the next chapter. Just final question. Just curious on your take, I think it was pillar one, just more of a leaning towards being more offensive in cyber and it's a slippery slope, let's be honest. Yeah, I read through it and I know the administration had talked about this. Just two sides of this. On one side, I get the fact that the administration is looking for leverage. I just worry about organizations putting a target on their own backs or maybe an organization getting it wrong. That's the bad one. Exactly. Now, on the other side of this, there are organizations out there, Microsoft and others, that have done a really nice job in terms of helping work with intelligence agencies, Department of Justice, FBI, to help secure infrastructure and take down finance. So there is some stark precedence for takedown of critical infrastructure. I think we just need to be really crisp and purposeful about where it should be focused and also a lot of introspection in terms of what the consequences are to be associated. All right, Grant. Good to catch up. Thanks.