Show Notes
A podcast about cloud adoption and cybersecurity.
Website: https://www.globaltech.tv/
Social networks: https://linktr.ee/globaltechtv
View Full Transcript
Episode Transcript
[00:00:03] Speaker A: Hi everyone, and welcome to another episode of global tech tv podcast.
This episode was recorded at the end of August 2024.
Hi Raz, how are you?
[00:00:15] Speaker B: Hey, good, how are you?
[00:00:16] Speaker A: Ial I'm okay. Excited for another monthly episode?
[00:00:23] Speaker B: Absolutely. It's good to be back.
[00:00:25] Speaker A: Yeah.
So as always, let's begin with cybersecurity related news. Raz yeah, yours.
[00:00:34] Speaker B: Thank you. Thank you. I know last time it was a bit long. We spoke about, it was almost an hour. Today we're gonna be back to our normal routines and stay tuned. Okay, so first of all, I have to rewind back to, to the crowdstrike it outage. Just give you a brief about what's going on after the since the outage in July 19, 2024, which is almost a month and a half ago, there are two things that happened. 1st 100% have been, that's what have been announced have been recovered from the outage. This is one thing. Second financial aspect, crowdstrike stock, including the stakeholders, when it was low, low and very down into the trenches of the price of the stock, it went also almost into around 35%. And today, believe it or nothing, stakeholders, the banks, the CISos, all of them keep putting their money with Crowdstrike. And the rebound of the stock is back 20% up since their lowest point since the outage. Meaning that as a market, the market is actually understanding how positive was the reaction of the company, how mature is their services and what we say people vote with their hands or their money. And over here we have a great evidence to see the transparency that the crowdstrike provided. Some people said it should be better. There is lots of comments around that, but this is like the situation. One more thing going to happen. We spoke about last time that Microsoft took, we didn't say they took the responsibility. We want them to take it. And what's going to happen on September 10, if you are in Redmond, Washington, and you're going to be in the campus of Microsoft, they going to have announcement and conference together with CrowdStrike. They're going to speak about how to prevent this type of outage in the future. They're going to discuss and focus on the visibility of application, relying on kernel mode in Windows and the implementation of EBPF for the future. So externally for promotion or any other public relations, Microsoft is kind of taking the responsibility and say, together with CrowdStrike, we're going to move on for a better future.
If you want to be there, we got to publish the links, correct the words.
[00:03:57] Speaker A: Yeah, a couple of things from my perspective from things that I'm reading over the public Internet.
First, from what I understand, the Crowdstrike CEO was invited to give a talk in the Congress, in front of the Congress, explaining how the outage happened and things that they did before and after the outage.
Other than this, I can see, I can read a lot of people talking about the crowdstrike official documentation regarding what they're saying, that from this day on, we make changes to the way we make QA analysis for any update. And there are many people in the industry saying, wait a second, it doesn't make sense. I mean, you're, you're a large corporation, well known corporation, and it seems that you have fundamental issues with the way you test your products naturally, product that goes directly to production for millions of workstation worldwide.
[00:05:08] Speaker B: Yeah.
[00:05:08] Speaker A: So it doesn't mean that they are off the hook right now at this moment.
But you're right, companies are not really ditching the use of crowdstrike. They still continue to use it, hoping that it would be better tool and their QA development process will change so that such an impact, such an outage will not impact so many customers worldwide. So these are things that I'm reading in parallel about fraudstrike.
[00:05:43] Speaker B: Yeah, absolutely right. And my prediction, last word about Crowdstrike is for sure there are more than two different entrepreneurs around the world that saying we have to come with a better solution. We have to come with a better understanding that this type of situation cannot happen anymore to any company. And we might kind of see in two years a new product that's going to compete Crowdstrike. Until then, we're going to try to use the best in the market. But I'm sure there are few that are already thinking how to make it better.
Let's move on to. So we've been in the US and actually globally in Crowdstrike, but I want to bring a local news from here, from Singapore. Amazing story. It's not always ants with the good notes. And over here, it's actually happened, thanks to the Interpol. So the story is about business email compromise.
Listen again. Business email compromise. These type of scams still happening and then not just happening from, we used to say, hey, it's the nigerian princess. Yeah, but it's not. It happens all over the world. And it's happened in the beginning of August.
The team over there, the crime, the criminals were able, with a compromise, with a phishing email, with a social engineering able to gain from one of the, of the vendors $41 million transfer to their account and we're talking about the.
[00:07:37] Speaker A: Us dollar or the singaporean one.
[00:07:40] Speaker B: Us dollars. Okay, it's a good one. Us dollars.
And then, believe it or not, there are good law enforcements. Very good one. The Interpol jump into the story. They start the investigation to chase the criminals, and guess what? They were able to return back $39 million back to the victim.
I don't know how many times during our cyber security news, we have a good story when the money actually has come back and the law enforcement were able to to do the anti fraud efforts and bringing the money. The lesson from that, two lessons. Number one, Interpol, you are amazing. The thing that you are doing. I didn't hear about this type of a story for my entire life, and I'm 42 years old. This is number one. Number two, scams happening all over the world. Always have a doubt. These people are sophisticated. They're going to use lots of different methods before you're moving money. Before especially $41 million. Come on, do more consulting debates with your colleagues. It can happen to anyone. And also in 2024.
So this is about Singapore jumping back. It took me around maybe 15 minutes, but I'm going to say it real AI AI. And this time I'm going to speak about LLM.
LLM, which is the large language models I'm trying to explain. Some people doesn't have, you know, familiar with that. This is the way that Chachi PT Copilot, Gemini, all these guys are giving them the brain to do what we ask for researchers, and this is a very important one.
There are today lots, I can say a lot, let's say thousands or maybe more startups that say LLM can be a very important place that need to be protected based on few different attack vectors. So one of the findings that I'm going to share today, it's called poison LLM. What does it mean? Let's give an example before we're going to go to Yale with the cloud and development, and we have lots of good services in the cloud for that. I'm going to Copilot and I'm asking him, hey, Copilot, can you create a piece of code that I want to inject of one of my artifacts before it became artifact? So he's going to LLM, and let's say this LLM is poisoned, meaning that the code I'm going to get, it can be from code brokers or any other developments. What's going to happen? I'm going to get a code with vulnerabilities. This is the meaning it's poisons.
[00:11:11] Speaker A: Will it affect the customer side or the backend side?
[00:11:16] Speaker B: It's going to affect any place that you're going to use this piece of code. If you're going to do copy paste in that you're going to go to any, it can be stack overflow or places when you're going to copy code. It can be an open source. You don't know what's the source of this open source, who developed it, where it came from? Yeah, they're not always telling you in the comments who's the source for this piece of code that you are using. Maybe it's a library that you need for authentication, for instance, but you don't know it's with the pectoral or vulnerability. And this is one of the threat vectors that already have been noticed.
My conclusion is it's actually not a new threat vector. It's just another way to treat an open source or use any type of code that you put in the production. You have to do a security review, there are no shortcuts, need to do a security review, need to put it in a pre production, need to do a QA, need to have vulnerability scanning and any other type of measurements before you run this code on your customer or in your production. So if you use the basic fundamentals for security lifecycle design, this is gonna be one of the measurements to proactively mitigate this type of technical.
[00:13:05] Speaker A: I would say from my side that using places like forums like OpenStack for looking for piece of code, or maybe open source libraries, this is not something new. This is the whole idea of supply chain and supply chain management and attacks and everything.
But so far, I mean, theoretically, if a developer was looking for some piece of code and was copy paste from a public forum without knowing what it actually does, without doing code review and statical analysis. Yeah, we had this risk for many, many years, but now we're talking about like a whole new generation of developer additional tools or add ons, because those kind of genai development tools, they're providing us suggestions. Sometimes it's based on our previous written code and sometimes just looking for in an open forums. And it's a huge issue because we're kind of relying more and more on these automatic tools for assisting us to write our code better, faster, more efficient.
So the technology is going there, but at the moment it's not really there. I mean, you still need a human eye to review the code, run static analysis, understand what is the source of this, what is the impact before you push into production, even if it looks very simple, don't push it to production before it did. All your due diligence for your code and open source libraries.
[00:14:47] Speaker B: Yeah, absolutely right. And I want to give the credit to doc reading, by the way, where I found that, and especially to the Sonyan, which is the doctoral students in Connecticut, which they did the research and they tried to give this aspect. But again, back to you. You're absolutely right. It's all about the fundamentals.
Next one, another follow up we had on May on our main news. If you want to listen to them, that's still relevant for you. You can go back to one of our episodes in May when we spoke about the cybersecurity news and the cloud news. And then over there, we spoke about North Korea operation in the US, what they call the laptop arm.
So guess what? The US operation finally shut down. This operation, it's been around there for almost three years. They've been arrested. A person, what they used to call him the Tennessee man. Yeah. Now, these Tennessee men have a name. He's 38 years old. His name is Matthew Izzak. Note what he did. He operated a scheme that assists north korean poisoning. US based it professional how he did it by using a stolen identity of american citizens. Getting there, asking for their laptops, get them to his farm, installing over there malwares or any other not legit. Yeah. Software. And send them back to the Fortune 500 companies.
And then the Korean actually have a footprint. And what they did with that, they sold it to China. Surprise, surprise.
So the complete supply chain happened for almost three years. We don't know yet how much information for american citizens have been flew to China via North Korea. But what we know, that note was convicted. He's going to have 20 years in the prison. And thanks to the law enforcement again. Yeah.
For keeping us safe. So before we end and moving forward to the cloud news, this is the last one we spoke about, Microsoft Copilot. But guess what copilot now can hack. Yeah. You want to have a new hacker, you want to have a penetration tester, or you actually want to use copilot as your criminal friend? So cybersecurity researchers has found a way to force Microsoft 365 copilot to harvest sensitive data such as password credentials. And how does it do that? By sending the party.
ASCII ASCII characters why? And I have, I had a conversation the other day with a very good friend, and I said one of the biggest problems today is that giants like Microsoft or other companies, they've built maybe three decades ago. Their infrastructure is so old, some of the things they cannot get rid of and they are totally vulnerable. It doesn't matter which type of technology you're going to put on them. It's going to be Genai, it's going to be the rocket, rocket science next generation something.
If they're not going to get rid of the legacy infrastructure, we're going to keep read this attack vectors. I don't know if it's the legacy.
[00:19:10] Speaker A: Infrastructure, it's more like compatibility backward for legacy code I would say.
[00:19:16] Speaker B: Okay, you can name it that way. When I see an attack, a malicious attack that's called ASCII smuggling and it happened to be using copilot. Yeah, it's maybe backward compatibility, maybe it's a legacy infrastructure, but it cannot happen anymore. The attack require al three things you need copilot for Microsoft reading the content of your email and attach a document, having an access to additional programs such as Slack. Everybody's using slack. Yeah, and being able to smuggle the prompt with a special Unicode characters that's Miro Dasci but actually not visible to the user interface.
Come on. So easy, so easy. So ending that if you have copilot and you have Microsoft 365, I think you need to have a good protections on your endpoint and your credentials because someone, Mike, cannot smuggle them. Ayal thank you and let's go to the cloud news.
[00:20:36] Speaker A: Okay, thank you Raz. So let's begin with the cloud news and by ABC let's begin with AWS. So AWS announced the Amazon EC two G six e instance powered by the latest Nvidia L forties tensor core gpu's. So you like all the EC two instance types. So this generation, the g six e instances can be used for a wide range of machine learning use cases and if you compare them to the previous generation, the G five instances, the new generation delivers two and a half better performance compared to the previous generation and up to 20% lower inference cost than the P 4D instances from the previous generation.
Another announcement from AWS. They announced the AWS backup is now generally available for a new feature which offers logically air gapped vault, which is a new type of AWS backup vault that allows to secure sharing of backups across accounts and organizations, supporting direct restore to help reduce recovery time from data loss events. Logically error gapped vault stored immutable backup copies that are locked by default and isolated with encryption key using the AWS owned kms. So for the time being, it doesn't support a custom managed key, but I'm guessing we'll see it sometime in the near future.
It provides isolation of backups, backup storage for user of the organizational and retention and recovery needs.
So this is why you need the logically heard gap votes another announcement from AWS. They announced the release of open source project called Carpenter for version 1.0. So far it was just less than zero versions and it was mainly beta versions. If you don't know carpenter, it's a flexible, efficient and high performance Kubernetes compute managed solution that helps improve application availability, reduce operational overhead and increase cluster computer utilization.
And I would say that one of the biggest advantages for using carpenter on Amazon EKS, the managed Kubernetes service, is the ability to scale the Amazon EKS cluster work nodes to zero when there are no connection from customer, which result in a reduction of cost. So far, even though Kubernetes support this capability, the Amazon EKS did not support it. I mean, the lore you can do is lower the number of worker nodes to one and that's it. So you still had to pay for one running node. So using Carpenter, which is now generally available, you can make adjustment and you can schedule the scale up and scale down according to your demand.
[00:23:49] Speaker B: If I'm thinking about the cost reduction, it's funny that AWS is actually mentioning that before, because before that, when they are releasing the G six, they didn't say it's going to be cost reduction.
They know how expensive this instance is going to be. But anyway.
[00:24:08] Speaker A: Yeah, but in this specific case, what you just mentioned, you're right, but it's based on the Nvidia processors, so they don't. If it was something that they're using based on their hardware, like from the hardware from processors from Anapuna Labs, this is a whole new conversation. But we were talking about a joint venture with Nvidia, so they're still relying on purchasing the hardware, at least for some of the workloads from Nvidia. So they can't really offer you for free. All right, moving on to Azure. Azure announced a joint venture with AI 21 labs.
This is an israeli company offer an LLMs.
So they announced the Jamba 1.5 large and Jamba 1.5 mini, which is now generally available on Azure AI, the Jamba family are models that are most powerful and efficient for long context models, and they offer 256k context window, which is the longest available today.
They officially support languages such as English, French, Spanish, Portuguese, German, Arabic and Hebrew. But you can also work with many other languages.
Another, another announcement from Azure. They just published a new blog post called Microsoft Defender for endpoints safe deployment practices.
You mentioned earlier about outages with anti malware and the ability of anti malware vendors to actually inject things and interfere in the kernel. So now Microsoft is part of they're trying to be more transparent in explaining how their own defender for endpoint is working. They release this document and it's distinguished or they defend for employee distinguished with two update mechanisms. One of them is software and driver updates that are updated monthly and potentially can update kernel mode components and security intelligence and detection logic updates that may be updated multiple times per day and apply only to user mode components. So then trying to divide between them so to know what will be the effect on the end on the endpoint itself.
Moving on to Google Cloud, they announced that Google Workforce Identity Federation now enables Microsoft entry id, the Microsoft identity provider, to access Google Bigquery directly from the Microsoft Power BI with a single sign on. So you don't need any user or group needs to be provisioned on the Google Cloud as a workforce and identity federation leverage a synchless federation capability using attribute based access control to authorize access to Google Bigquery using Microsoft entra user attribute such as user group membership. So it's a nice moving on for the multi cloud era.
[00:27:39] Speaker B: Yeah, a great opportunity. Sorry for maybe do a lateral movement. But you know, I was thinking from.
[00:27:48] Speaker A: Threat perspective, it's always an issue even within large organization working with the single cloud provider. Not to mention where you're somehow syncing or allowing identities from one cloud or one organization to consume resources in another cloud provider. So yeah, you're right, we need to make sure that authorization is tied to a specific resource, hopefully to a limited amount of time.
For the time being this is all we can do and always never neglect auditing. So that if something happens we can always do forensics and look at the logs and hopefully we'll get alerts in near real time if something anomaly happened.
[00:28:36] Speaker B: Yeah.
[00:28:38] Speaker A: So another announcement that I've seen a lot of blog posts mainly for Google, but from other other bloggers talking about Google is they added support for the Nvidia l four gpu's to one of the services called Google Cloud Run. This specific is currently in preview mode, hopefully to see it in general availability very soon. Google Cloud Run, if you don't know it's a managed compute platform that lets you run containers directly on top of Google's scalable infrastructure.
The new change or the new announcement has some interesting use cases such as performing real time inference using the latest meta Lambda models to build custom chatbots or on the fly document summarization while scaling to handle spiky user traffic and other use cases serving custom fine tuned genre models such as image generation tailored to the company's brand and scaling down to optimize cost when nobody is using them. So cost and Genai, two hot topics and another use case is speeding up compute intensive cloud run services such as on demand image recognition, video transcoding and streaming and 3d rendering. So these are the news from Google Cloud, an interesting report that was published beginning of August.
It was published by Synergy Research Group and it's labeled Hyperscale. Operators and colocation continue to drive huge change in data center capacity trends to short.
[00:30:35] Speaker B: The research.
[00:30:36] Speaker A: What they are saying is that today, and we're talking about 202-320-2441 percent of worldwide data centers, or the largest one are owned or rented by the hyperscale providers, whether it's Amazon, Google, Microsoft, Facebook and other large hyperscale data center providers like Equinix.
So this is 41% of the global data center market and the on prem data centers today are only 2030, 7% of all the data centers in the world. There's still some gap in between if you calculate the numbers, but when you look into the future, according to the Synergy Research Group report, if you're looking into 2029, they're expecting that hyperscale operators will account for over 60% of all capacity, while on premise will drop to just 20%.
So the hyperscale research is based on analysis of the data center footprint and operations of the world's major cloud and Internet service firms, including the largest operator in SaaS is bus search, social networking, e commercing and gaming. So a lot of information you can learn from it. If you're asking me, and I'm a huge advocate for cloud adoption, I would say for any organization, regardless of your size, look at what brings your business value. And unless you're hyperscale data center provider, which this is your main business for most of us, for most organization, I would say look for other alternatives. If the cloud providers can do better jobs and running your workloads, run it in the cloud. Just make sure you have the capable staff to know how to do the migration or re architect your workloads to work as best as you can in the cloud. Because at the end of the day, most of organization are not really expert in maintaining data centers.
So just food for those.
So these are all the cloud news and the cybersecurity news for today.
Raz, something, before we end this session.
[00:33:15] Speaker B: From your side, I think your last comment about the cloud, there is no other way to do it. Yeah, I think the trajectory, in order to improve your value, to get closer to your customers, to be fast to the market, to leverage the latest and cutting edge technologies, there is only one way. So thank you for sharing that. And it was wonderful news in the end. I like it.
[00:33:46] Speaker A: Okay. Thank you. So, as always, you're welcome to follow us on social media, look for global tech tv. Feel free to write to us, ask questions, and suggest future topics for discussions.
So this is here from the end of August 2024, and see you in the next month.
[00:34:06] Speaker B: Bye bye. Thank you.
