@vmiss warns about ransomware attacks on VMware
How great is it to discuss your favorite topics, learn something new, and have a great time all at the same time? That's what this episode is like. @vmiss (AKA Melissa Palmer) came on the pod for the first time this week. I've read a lot of her content and tweets over the years, and it was great to finally put a face to the name. She knows her stuff when it comes to security, since she was actually working in it before she got into VMware. It was a great conversation I think you'll learn a lot from.
Mentioned in this episode:
Interview ad
this week on the Restore it all podcast.
Speaker:We've got our good friend VMs, AKA Melissa Palmer, talking to
Speaker:us about ransomware and VMware.
Speaker:Uh, I don't like saying those two things together, but
Speaker:unfortunately it's happening a lot.
Speaker:Hope you enjoy the episode.
W. Curtis Preston:Hi, and welcome to Backup Central's Restore it All podcast.
W. Curtis Preston:I'm your host, w Curtis Preston, AKA Mr.
W. Curtis Preston:Backup, and I have with me one of only three people who actually know and
W. Curtis Preston:recognized my actual birthday today.
W. Curtis Preston:Prasanna Malaiyandi, how's it going, Prasanna?
Prasanna Malaiyandi:Good.
Prasanna Malaiyandi:Curtis, how are you doing?
Prasanna Malaiyandi:Happy birthday.
W. Curtis Preston:why is my birthday so complicated?
W. Curtis Preston:Why do I make it
Prasanna Malaiyandi:
Speaker:You make it complicated.
Prasanna Malaiyandi:
Speaker:Exactly.
W. Curtis Preston:I do.
W. Curtis Preston:But why do I do that?
W. Curtis Preston:I do it for a reason.
Prasanna Malaiyandi:Privacy.
W. Curtis Preston:Privacy.
W. Curtis Preston:Yeah.
W. Curtis Preston:So my, my Facebook, LinkedIn, et cetera.
W. Curtis Preston:Birthday was yesterday, . Um, and then my actual birthday is today.
W. Curtis Preston:Uh, so
Prasanna Malaiyandi:You know how I figured that out?
W. Curtis Preston:what's that?
Prasanna Malaiyandi:Because I saw on Facebook it was your birthday and
Prasanna Malaiyandi:the following day I totally forgot and I wished you happy birthday.
Prasanna Malaiyandi:And that's when you
W. Curtis Preston:and you got it
Prasanna Malaiyandi:And you're like, oh no, it's actually today's my,
W. Curtis Preston:got it wrong, but you got it right by getting it wrong.
W. Curtis Preston:You got it right.
W. Curtis Preston:Or by being delayed.
Prasanna Malaiyandi:exactly.
W. Curtis Preston:Yeah.
W. Curtis Preston:That's kind of funny.
W. Curtis Preston:Um, sometimes I tell people like when they, you know, when they wish me.
W. Curtis Preston:You know, happy birthday on Facebook.
W. Curtis Preston:I'm like, yeah, thanks, you know, whatever.
W. Curtis Preston:Uh, you know, but if it's like work people, I'm like, Hey, just so you
W. Curtis Preston:know, I actually do this for a reason.
W. Curtis Preston:Like it's privacy and, and you know, your birthday is only one of
W. Curtis Preston:like, uh, two in the US only one of two pieces of private information
W. Curtis Preston:that are needed to impersonate you.
W. Curtis Preston:So, um, you know, the, the one is, you know, so the other one is
W. Curtis Preston:social security number, which you don't typically put that out there.
Prasanna Malaiyandi:So are you sure you wanna be recording
Prasanna Malaiyandi:this on your, on the podcast and
W. Curtis Preston:I, you know,
Prasanna Malaiyandi:it
W. Curtis Preston:you know, if, if a hacker is willing to
W. Curtis Preston:actually follow me on the podcast
Prasanna Malaiyandi:get a listen in.
W. Curtis Preston:yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, you know, hackers beware.
W. Curtis Preston:Um, yeah.
W. Curtis Preston:So, you
Prasanna Malaiyandi:But what's your plan for your special day today,
W. Curtis Preston:So I'm trying, I'm trying to coordinate
W. Curtis Preston:immediately following this podcast.
W. Curtis Preston:So I have a, a breakfast place, breakfast lunch place that I've been
W. Curtis Preston:going to, uh, for like 25 years.
W. Curtis Preston:Uh, literally my kids, most of my kid, or both of my kids most of their entire life.
W. Curtis Preston:Uh, and I'm trying to arrange a, a, a lunch with, uh, my kids, their
W. Curtis Preston:husbands, and, uh, the granddaughter.
W. Curtis Preston:Uh, the grand dog will have to stay at home.
W. Curtis Preston:but we, we, we did hang out with her all day yesterday.
W. Curtis Preston:We got to watch her while my, while my daughter went, uh, went to Disney.
W. Curtis Preston:Um, so.
W. Curtis Preston:We should get on to the business at hand.
W. Curtis Preston:Um, our guest is known for her insightful virtualization comments on Twitter, so I
W. Curtis Preston:was very excited to see her now focusing on Public Enemy number one, ransomware.
W. Curtis Preston:She's been in the industry over 15 years, and in independent
W. Curtis Preston:technology, analyst and ransomware resiliency architect, you can follow.
W. Curtis Preston:At vmiss.net welcome to the podcast, Melissa Palmer.
W. Curtis Preston:AKA @vmiss
Melissa Palmer:Hello gentlemen.
Melissa Palmer:Thank you so much for having me.
W. Curtis Preston:how's it going?
W. Curtis Preston:Uh, you know, it's funny.
W. Curtis Preston:I knew I knew you and followed you for a long time and didn't
W. Curtis Preston:know you had another name,
Prasanna Malaiyandi:I, I, I, same thing as well, like, I'm like,
Prasanna Malaiyandi:I've seen like all your tweets and everything else, but I'm like, I
Prasanna Malaiyandi:didn't know your actual name either.
Prasanna Malaiyandi:I was like, who is this Melissa Palmer person responding to emails?
W. Curtis Preston:And
Melissa Palmer:I I get that a lot actually.
Melissa Palmer:People don't know we're the same person.
W. Curtis Preston:Yeah.
W. Curtis Preston:I, I, um, we actually, we've had a person on the podcast that, um, they continued
W. Curtis Preston:to go by their Reddit handle Snorkel 42.
W. Curtis Preston:It's like such a random name, you know.
W. Curtis Preston:Uh, but yeah, he, like, he wasn't, he wasn't hiding or anything.
W. Curtis Preston:He just preferred to go by snorkel42.
W. Curtis Preston:So I'm glad to actually know and be able to use your first names.
W. Curtis Preston:I'm very excited.
W. Curtis Preston:Um, I, I, I am curious, so what, what made you sort of make that jump, right?
W. Curtis Preston:You know, you were doing, I see that you, you know, you had background and
W. Curtis Preston:backup, you know, good for you, uh, having worked at Veeam, uh, but you
W. Curtis Preston:know, you, you've been spending so much time with virtualization lately.
W. Curtis Preston:Uh, what, you know, what made you sort of jump over to ransomware.
Melissa Palmer:so it's kind of funny how things work out sometimes.
Melissa Palmer:I have always been, I would say, security minded.
Melissa Palmer:, um, as long as I can remember.
Melissa Palmer:I might have been at DEF com when I was 16 years old.
Melissa Palmer:Anyway, um, so it's kind of a
Melissa Palmer:thing.
Melissa Palmer:Yeah.
W. Curtis Preston:Is that true?
Melissa Palmer:it's kind of a thing that has always been,
Melissa Palmer:uh, throughout my education, my master's in is in secure design.
Melissa Palmer:Throughout my career, I've been bringing it in, in Drs and drabs,
Melissa Palmer:but as ransomware started to pick up and I was really putting a big focus.
Melissa Palmer:Disaster recovery and recovery in general from at the VE perspective.
Melissa Palmer:A couple years ago, I kind of said, you know what?
Melissa Palmer:I think I really.
Melissa Palmer:pivot hard and focus on this cuz I, I just find it so interesting,
Melissa Palmer:like all aspects of it.
Melissa Palmer:Uh, and I've learned a lot and I've helped people fix a lot of things they
Melissa Palmer:had going very wrong in their environment.
Melissa Palmer:So hopefully they, they do not feel the impact of ransomware.
Melissa Palmer:So, like I said, I've had the security minded thing throughout my whole
Melissa Palmer:career and it just kind of got to the point where it was like, I'm
Melissa Palmer:gonna go further down this path now.
Prasanna Malaiyandi:And I think we need more people like that because there's
Prasanna Malaiyandi:so much ransomware out there, right?
Prasanna Malaiyandi:There's so many issues.
Prasanna Malaiyandi:It's, and I think everyone's trying to figure out, okay, what
Prasanna Malaiyandi:are sort of those best practices?
Prasanna Malaiyandi:What are the things we should be doing to sort of help protect
Prasanna Malaiyandi:ourselves from some of this?
Prasanna Malaiyandi:So I'm glad at least there's someone in addition trying to focus on this.
Prasanna Malaiyandi:So it helps.
W. Curtis Preston:I Is ransomware really happening?
W. Curtis Preston:I mean, is it really a thing?
Prasanna Malaiyandi:I thought that was like 2020, isn't it?
Melissa Palmer:So one of my favorite things is I just go to
Melissa Palmer:Google and I type in ransomware, and I just see what comes up.
Melissa Palmer:I was like, I, I, I, I think it's fun.
W. Curtis Preston:yeah.
W. Curtis Preston:Yeah.
Melissa Palmer:have a warped idea of fun as we've established.
Melissa Palmer:Um, but like I just go into Google and I type in ransomware and it, it's funny,
Melissa Palmer:the stuff that does make it to like the mainstream news and you see all these
Melissa Palmer:like people on all the news channels that like, I dunno, sometimes you get someone
Melissa Palmer:and they're like the cybersecurity expert, but they're also like the dog walking
Melissa Palmer:expert and like the cat fighting expert.
Melissa Palmer:I'm like, how do you find these people?
Melissa Palmer:But you'll see a lot of.
Melissa Palmer:So this kind of stuff going mainstream.
Melissa Palmer:So the threat is out there.
Melissa Palmer:It's becoming more and more pervasive.
Melissa Palmer:I don't think we're gonna see less of it.
Melissa Palmer:Um, cuz people have made a lot of money this way, right?
Prasanna Malaiyandi:When you have those, when you did your search though, right?
Prasanna Malaiyandi:What percentage do you think, or do you even think it's scratching the
Prasanna Malaiyandi:surface, like what you see publicly
Melissa Palmer:Oh no.
Prasanna Malaiyandi:versus like what's actually happening?
Melissa Palmer:I don't think people fess up unless they have to.
Melissa Palmer:, right.
Melissa Palmer:Unless there's a reason.
Melissa Palmer:And that's actually a problem I had at Veeam working with
Melissa Palmer:the disaster recovery product.
Melissa Palmer:Like no one wanted to be a customer reference.
Melissa Palmer:Like, I don't wanna admit I had a disaster or a ransomware attack or something
Melissa Palmer:and I use this stuff to save my behind.
Melissa Palmer:Like I'm not admitting that.
Melissa Palmer:Um, so that was actually a challenge getting people to like publicly fast on
Melissa Palmer:say, yeah, I got ransomware and everything went to Hella, but we recovered.
Melissa Palmer:Don't worry, like.
W. Curtis Preston:Yeah.
W. Curtis Preston:And by the way, uh, that reminds me to throw out our usual disclaimer.
W. Curtis Preston:Um, I work for Druva, uh,Prasanna, works for Zoom, uh, and this is not
W. Curtis Preston:a, this is an independent podcast, not a podcast of either company and
W. Curtis Preston:the opinions that you hear are ours.
W. Curtis Preston:And, um, also, uh, we'd love to have you join the conversation.
W. Curtis Preston:Just reach out to me, uh, w Curtis Preston gmail or WC Preston on Twitter.
W. Curtis Preston:Uh, as long as it's up and, um, For now.
W. Curtis Preston:And, uh, also please rate us, uh, just, you know, scroll down to
W. Curtis Preston:your, you know, you know, most of you based on the stats I'm seeing.
W. Curtis Preston:Most of you are on Apple Podcast.
W. Curtis Preston:Just scroll down to the bottom there and give us some stars.
W. Curtis Preston:Give us some comments.
W. Curtis Preston:We love comments.
W. Curtis Preston:You can tell us how much for, well, for those of you that
W. Curtis Preston:are watching it on video, which you can see@backupcentral.com,
Melissa Palmer:I didn't realize, I thought you guys
Melissa Palmer:told me the video was gonna be.
Melissa Palmer:For like outtakes and stuff.
Melissa Palmer:I've been sitting here making funny faces the whole time, like as we
Melissa Palmer:got started, like, cuz I thought you
W. Curtis Preston:This may be the best.
W. Curtis Preston:This may be the best recording ever.
W. Curtis Preston:Uh, you can comment on how much you like, you know, personas,
W. Curtis Preston:uh, are, are we at a tweard yet?
W. Curtis Preston:You will tell me when you get to a tweard, right?
Prasanna Malaiyandi:I think it's a, it's a, theard right,
W. Curtis Preston:The, the a the, yeah.
W. Curtis Preston:You're, you're at a tweet, but you're not at a, the when is the, the.
Prasanna Malaiyandi:Uh, two months.
W. Curtis Preston:Really.
W. Curtis Preston:Um, so that would be, I, if you don't follow Melissa, he hasn't shaved,
W. Curtis Preston:uh, or cut his hair since Covid.
W. Curtis Preston:Um, so he is at, at almost at a three year beard, otherwise known as a,
Melissa Palmer:I cannot relate to that.
Melissa Palmer:I'm sorry at all.
Prasanna Malaiyandi:It was initially supposed to be a year, which is a year
Prasanna Malaiyandi:long beard, and it just kept going.
Prasanna Malaiyandi:So
W. Curtis Preston:It's interesting, it's been getting grayer lately.
W. Curtis Preston:Um,
Prasanna Malaiyandi:getting grayer.
W. Curtis Preston:what,
Prasanna Malaiyandi:it's a stress.
Prasanna Malaiyandi:Curtis's stress.
W. Curtis Preston:in the Molly Andi household?
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:getting too stressed by your ransomware.
W. Curtis Preston:Um, yeah, so anyway, um, yeah, I, I agree with you of how much it's
W. Curtis Preston:gotten out into the, you know, the general, what, what do we call that?
W. Curtis Preston:Like the general mindset.
Melissa Palmer:don't know the regular people like
W. Curtis Preston:um, yeah, the regular people.
Melissa Palmer:The Normies.
W. Curtis Preston:I see it a lot on tv.
W. Curtis Preston:I'm seeing it in TV shows, right?
W. Curtis Preston:I, uh, the, the, you know, I don't know if you've
Prasanna Malaiyandi:Undeclared.
Prasanna Malaiyandi:War
W. Curtis Preston:the undeclared war is a great show.
W. Curtis Preston:Have you seen that, Melissa?
Melissa Palmer:No,
W. Curtis Preston:Um, you, uh, so it's, I don't remember where I saw it.
W. Curtis Preston:Did I sit on Peacock?
W. Curtis Preston:Thank you.
W. Curtis Preston:So it's actually a B B C show and it's set in.
W. Curtis Preston:Um, so yeah, so, so try to, try to sort of see how crazy this idea seems.
W. Curtis Preston:So the bad guy in, you know, the bad.
W. Curtis Preston:Country in the show is Russia.
W. Curtis Preston:And, and the good guy in the show is, is, you know, England
W. Curtis Preston:and, and, and US basically.
W. Curtis Preston:But England is the target.
W. Curtis Preston:And Russia in the show is using a variety of, uh, cyber attacks
W. Curtis Preston:and misinformation attacks to try.
Melissa Palmer:real.
Melissa Palmer:Like this is, wait, this is fake.
Melissa Palmer:Like,
W. Curtis Preston:is, this is a, this is a drama.
W. Curtis Preston:It's a series.
W. Curtis Preston:It's a series.
W. Curtis Preston:And, uh, to try and get to, basically to try and get England
W. Curtis Preston:to actually declare a war.
W. Curtis Preston:They, they're, they're using it, they're using this undeclared war to
W. Curtis Preston:get England to actually declare a war.
W. Curtis Preston:Um, and, and, and.
W. Curtis Preston:It was pretty good.
W. Curtis Preston:Uh, you know, they, they got a lot of the tech in there and they
W. Curtis Preston:even, I even learned a few things.
W. Curtis Preston:Um, so like I learned about, yeah.
W. Curtis Preston:What three words have you heard of what?
W. Curtis Preston:Three words?
W. Curtis Preston:So there's a, there's a group that has taken, uh, every three
W. Curtis Preston:meter segment in the world, right?
W. Curtis Preston:Three meter squared segment in the world and has assigned three words.
W. Curtis Preston:So that, so that you can, you can say, um, you know, uh, you
W. Curtis Preston:can go to what three words.com.
W. Curtis Preston:You can
Melissa Palmer:this is so cool.
W. Curtis Preston:can enter your address and like your house will
W. Curtis Preston:have multiple three words segments.
W. Curtis Preston:Right now it has two purposes.
W. Curtis Preston:Uh, one is meeting somebody at Coachella.
W. Curtis Preston:Right.
W. Curtis Preston:I, I'm, I'm at Squirrel Pizza, you know, tree.
W. Curtis Preston:And, and they can put that into, um, it's much easier than saying
W. Curtis Preston:I'm at 1 53 negative one genome.
W. Curtis Preston:Right.
W. Curtis Preston:. Um, and then they can, they can find you.
W. Curtis Preston:But also in a lot of the undeveloped world, there's a lot of people
W. Curtis Preston:that don't have addresses and this allows them to have an address.
W. Curtis Preston:Right.
W. Curtis Preston:And they can buy things on Amazon, uh, and have stuff delivered to
W. Curtis Preston:their house using what, three words.
W. Curtis Preston:Anyway, I learned it from.
W. Curtis Preston:So, um, I really don't know how we got onto this, but anyway, the Oh, oh, the
W. Curtis Preston:point was that it's, it's out there in the, you know, um, I mean even, is it
W. Curtis Preston:the, there's the doctor that has, um, Asperger's, that's, is that the good
Melissa Palmer:Oh, the good doctor.
W. Curtis Preston:Yeah.
W. Curtis Preston:They had a ransomware attack, took down the
Melissa Palmer:Grey's Anatomy had a ransomware
Melissa Palmer:episode.
W. Curtis Preston:Grace Anatomy
Melissa Palmer:big Grey's Anatomy fan, but then the whole Derek
Melissa Palmer:thing happened, and I don't know how I feel about it, and I'm still
Melissa Palmer:struggling with that years later.
Melissa Palmer:Um, but yes, Grey's Anatomy had a ransomware episode and I remember
Melissa Palmer:sitting it, watching it just like hysterical through the whole thing.
Melissa Palmer:I was like,
Melissa Palmer:I didn't even have words for it.
Melissa Palmer:I'm like, my favorite TV show has ran somewhere on it.
Melissa Palmer:My life is complete.
W. Curtis Preston:yeah.
W. Curtis Preston:I, I get excited when shows have backup in it and it, um, my wife
W. Curtis Preston:showed me a show just yesterday.
W. Curtis Preston:Darn it.
W. Curtis Preston:I can't remember what it was, but back up.
W. Curtis Preston:Oh, oh, I remember it was, there was a, I don't remember
W. Curtis Preston:the show, but there was in the.
W. Curtis Preston:The, this woman got interrupted because her, I'm guessing teenage son
W. Curtis Preston:called her and saying, Hey, um, like I, my, I'm, my laptop is messed up.
W. Curtis Preston:I can't get in my laptop or something.
W. Curtis Preston:And, and so he's, and he needs the, the data and she's like, you should
W. Curtis Preston:have backed it up like I told you to.
W. Curtis Preston:And then she hung up on him and I was
Melissa Palmer:I, yeah, there was a show, and this had to be years ago and
Melissa Palmer:I don't remember Trump, I'm gonna have to go figure it out afterwards, where
Melissa Palmer:like the ESXi shell was like in like
Prasanna Malaiyandi:Oh,
W. Curtis Preston:really?
Melissa Palmer:And I remember losing my mind.
Melissa Palmer:I remember the guy and it was really hot, but that's all I remember.
Melissa Palmer:Like, I'm gonna have to go figure this out afterwards.
W. Curtis Preston:That's funny because you know, normally when you
W. Curtis Preston:see the sh the stuff like this in the, in tv, it's not an actual vsx.
W. Curtis Preston:I shell, right?
W. Curtis Preston:It's some.
W. Curtis Preston:Total random thing.
W. Curtis Preston:Um, and it's complete nonsense.
W. Curtis Preston:Um, here's a question,Prasanna.
W. Curtis Preston:Have you seen any ransomware attacks in Bollywood?
Prasanna Malaiyandi:I don't think I have yet.
Melissa Palmer:Oh, please, please come find me one.
Melissa Palmer:I love Bollywood
W. Curtis Preston:know what we need.
W. Curtis Preston:You know what we need?
W. Curtis Preston:We need a musical, a ransomware,
Melissa Palmer:Please.
Melissa Palmer:Oh, can we,
W. Curtis Preston:
Speaker:ransomware, attack, music
Melissa Palmer:this?
Melissa Palmer:Like, I've thought about this, I literally have thought about this.
Melissa Palmer:I used to do a lot of musical theater and college and stuff like that.
Melissa Palmer:Like I would be so into a ransomware musical.
Melissa Palmer:Like that would be amazing.
W. Curtis Preston:This could be, this could
Prasanna Malaiyandi:
Speaker:That could be awesome.
W. Curtis Preston:yeah.
W. Curtis Preston:You know, send some, send some notes.
Melissa Palmer:I I might have come up with some alternate Taylor Swift
Melissa Palmer:lyrics about ransomware at one point.
Melissa Palmer:I'm
Prasanna Malaiyandi:Oh, are you guys gonna get into a battle now?
W. Curtis Preston:so you, you know, um,
Prasanna Malaiyandi:battle.
W. Curtis Preston:Yeah.
W. Curtis Preston:So Melissa, I've actually produced a handful of parody music videos that had
Melissa Palmer:Oh no, really?
W. Curtis Preston:backup.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, and one about
Melissa Palmer:to send me some.
Melissa Palmer:I need to see these.
W. Curtis Preston:Um, I'll give, I'll give you a quick sample.
W. Curtis Preston:Um, Walk into the lab.
W. Curtis Preston:Have you seen my VM server?
W. Curtis Preston:I'm, I'm so pumped about getting VMs in my server guests on a big disc.
W. Curtis Preston:It's so damn freaky.
W. Curtis Preston:People like, man, that's downright sneaky strolling into server rooms.
W. Curtis Preston:VMs have some massive appeal moving on to guests.
W. Curtis Preston:Even database aside for real, putting in some Hyper V.
W. Curtis Preston:Microsoft said it's free.
W. Curtis Preston:Should have done it sooner.
W. Curtis Preston:Thing my boss would agree.
W. Curtis Preston:Uh, the um,
Melissa Palmer:That's good.
W. Curtis Preston:Um, the, the chorus is I'm gonna build VMs, got
W. Curtis Preston:at least 20 gifts in my server.
W. Curtis Preston:I'm on virtual, getting rid of servers.
W. Curtis Preston:VMs are so awesome.
W. Curtis Preston:It's, it's, uh, what was the original, what was the original song?
W. Curtis Preston:Um, what was that song?
W. Curtis Preston:What was
Melissa Palmer:Uh, We're, we're gonna go pop some uh uh, McLemore
W. Curtis Preston:McLemore.
W. Curtis Preston:Yeah.
W. Curtis Preston:I'm gonna pop some tags.
W. Curtis Preston:Yeah, yeah.
W. Curtis Preston:Anyway, it is available on, it is available on YouTube.
W. Curtis Preston:I'll throw a link for those of you that are
Melissa Palmer:I've been rewriting Taylor Swift songs lately on a
Melissa Palmer:regular basis just because I don't know why I do this, but I do.
Melissa Palmer:And I used to do demos.
Melissa Palmer:That was my sign of doing a demo.
Melissa Palmer:Like, am I ready to cold do this on stage or something?
Melissa Palmer:Can I sing Taylor Swift while I do the demo?
Melissa Palmer:Like just sing my thing, click through all my stuff, whatever.
Melissa Palmer:And that was like my sign of like, you can't get me on this nowhere.
Melissa Palmer:What happens?
Melissa Palmer:I'm good to go.
Melissa Palmer:Like I have to be able to sing a Taylor Swift song while doing the
W. Curtis Preston:that's okay.
W. Curtis Preston:I just have to tell you a ran a random, this is, uh, so, uh, several
W. Curtis Preston:years ago when I was underemployed, I started doing Uber right.
W. Curtis Preston:And then it just turned out I liked it.
W. Curtis Preston:So I do it when I'm bored, like I go out and do.
W. Curtis Preston:Uber, right.
W. Curtis Preston:And, um, like, and also I'm, I'm an extrovert stuck at home,
W. Curtis Preston:so I, you know, it's my outlet.
W. Curtis Preston:But one night I picked up this couple and the woman had just
W. Curtis Preston:broken up with her best friend of like many years over a guy, right?
W. Curtis Preston:And she gets in her car, she gets in my car, and she is inconsolable like she's.
W. Curtis Preston:Bawling, like just, just ridiculously over the top, bawling her eyes out.
W. Curtis Preston:And then she goes, she's, she just, she just, uh, she touches me on
W. Curtis Preston:the shoulder and she goes, can you, can you play some Taylor Swift?
W. Curtis Preston:Can you play, play some Taylor Swift, any Taylor Swift song and just go, you
W. Curtis Preston:know, uh, and I was just like, oh my God.
W. Curtis Preston:And then I just, I just said, Hey, you.
W. Curtis Preston:Uh, Hey Siri.
W. Curtis Preston:Play, play Taylor Swift on Spotify.
W. Curtis Preston:Stop it.
W. Curtis Preston:Nope.
W. Curtis Preston:Nope.
W. Curtis Preston:I don't want it.
W. Curtis Preston:Sorry.
W. Curtis Preston:It started doing it, uh, and it picked a breakup song,
Melissa Palmer:Aw.
W. Curtis Preston:which of course all of them are right.
W. Curtis Preston:And so, uh, it didn't, and it, it didn't help.
W. Curtis Preston:Anyway, so we were talking about ransomware.
W. Curtis Preston:Um,
Melissa Palmer:We were.
Prasanna Malaiyandi:in the general public
W. Curtis Preston:yeah, because, because it is so huge, right?
Prasanna Malaiyandi:And the impact too, right?
Prasanna Malaiyandi:It's no longer, Hey, it's just this backend company that gets impacted.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:It's like hospitals, schools, right?
Prasanna Malaiyandi:Every, every company, every organization is, yeah.
Prasanna Malaiyandi:Is at.
W. Curtis Preston:Yeah.
W. Curtis Preston:So what do, what do you think?
W. Curtis Preston:Um, it, it, it, you know, looking out there from a security, I know from a
W. Curtis Preston:backup perspective, um, what do you think from a security perspective,
W. Curtis Preston:what do you think are the things that most people get wrong when they're
Melissa Palmer:They don't have their stuff backed up.
Melissa Palmer:Can we
Melissa Palmer:start with
W. Curtis Preston:Okay.
W. Curtis Preston:Okay.
W. Curtis Preston:We
Melissa Palmer:like, can we just start there?
Melissa Palmer:Because like there's this weird cross pollination between
Melissa Palmer:backup and insecurity at
W. Curtis Preston:There.
W. Curtis Preston:There is.
W. Curtis Preston:There is there.
W. Curtis Preston:By the way, we used to be
Melissa Palmer:have it backed up, we used to,
W. Curtis Preston:We used to be enemies, but we're over that.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
Melissa Palmer:it's ridiculous.
Melissa Palmer:Like if you don't have your BA stuff backed up, how do you think
Melissa Palmer:you're ever gonna recover it?
Melissa Palmer:And the amount of people that don't have their stuff backed up still or don't have
Melissa Palmer:everything backed up is still astounding.
W. Curtis Preston:When you do, do you run into, you don't run into
W. Curtis Preston:corporate people that don't have their stuff backed up, do you?
W. Curtis Preston:Oh.
Melissa Palmer:Yeah,
W. Curtis Preston:It hurts me.
W. Curtis Preston:It hurts me.
Melissa Palmer:it hurts.
Melissa Palmer:Or they don't have everything backed up.
Melissa Palmer:Like, well, this was too expensive to back up before, so we weren't backing it up.
Melissa Palmer:I'm like, well,
Melissa Palmer:how expensive is it if
Prasanna Malaiyandi:Or yeah, or someone just spun up something, right?
Prasanna Malaiyandi:Your shadow it use cases, right?
Prasanna Malaiyandi:And they're like, Hey, corporate, it didn't know about this.
Prasanna Malaiyandi:And so no backups were done.
W. Curtis Preston:yeah.
W. Curtis Preston:Okay.
W. Curtis Preston:I, yeah, I can, you know, I think, I think the second part Yeah.
W. Curtis Preston:That you said, Melissa, like they missed, they missed something that I
Melissa Palmer:I like, I, I can't tell you how many times like working
Melissa Palmer:for a backup vendor, they would be like, well, it's too expensive to
Melissa Palmer:back up this over here cuz it's only test dev, so we don't back it up.
Melissa Palmer:I'm like, okay, it's test dev.
Melissa Palmer:That's where you're doing all your active development.
Melissa Palmer:You're not backing it up.
Melissa Palmer:So what happens if that goes away?
Melissa Palmer:And they're like, but it's not production.
Melissa Palmer:I'm like, it's not production until something happens.
Melissa Palmer:Then you realize it's production.
W. Curtis Preston:My, my
Melissa Palmer:that.
Melissa Palmer:I think that was a common thing.
W. Curtis Preston:My favorite test dev story, and this, this is an old story.
W. Curtis Preston:Uh, by the way, this month I'll have been in the industry 30 years, Melissa.
W. Curtis Preston:Um, and so this is like 28 years ago.
W. Curtis Preston:Um, we had a developer group came to me and said, we need
W. Curtis Preston:to restore this directory tree.
W. Curtis Preston:And they handed me a directory tree that started with /tmp right?
W. Curtis Preston:And, and I said, we don't back up temp.
W. Curtis Preston:Like it's well documented.
W. Curtis Preston:We don't back up temp, we don't back up, you know, temp, right?
W. Curtis Preston:And this was an HP server, which I don't know what they do
W. Curtis Preston:these days, but Temp was in ram.
W. Curtis Preston:And so what happened was they rebooted and what went away was a directory, a source
W. Curtis Preston:code tree that was like 15 developers.
W. Curtis Preston:Storing their source code tree in temp and um, for like months.
W. Curtis Preston:And they're like, you don't understand.
W. Curtis Preston:This is really important.
W. Curtis Preston:I'm like, you don't understand.
W. Curtis Preston:You were
Melissa Palmer:backed it up.
W. Curtis Preston:source code in.
Melissa Palmer:You know that song, that Beyonce, that like made really pop.
Melissa Palmer:Or if you like it, then you should've put a ring on it.
Melissa Palmer:Like that song.
Melissa Palmer:If you like it, then you should've backed it up.
Melissa Palmer:Very simple.
W. Curtis Preston:Yeah, I, I, I do see, uh, and Prasanna, you've
W. Curtis Preston:run into it as well, right?
W. Curtis Preston:Like people not backing up, you know, either, either not having backups or,
W. Curtis Preston:you know, we, the, the last episode we talked about, you know, a company
W. Curtis Preston:that had a homegrown backups, right?
W. Curtis Preston:Um, that was
Prasanna Malaiyandi:or, or not even backing up everything
Prasanna Malaiyandi:required for that application.
W. Curtis Preston:right,
Prasanna Malaiyandi:Hey, I
Melissa Palmer:it's application dependency.
Melissa Palmer:Mapping's, the worst part of all this
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:That's why, you know, you know, going all the way back.
W. Curtis Preston:That's why I've always just been a fan of, you know, back up all the things.
W. Curtis Preston:Right.
W. Curtis Preston:Back up all the servers and all the directories.
W. Curtis Preston:I know it costs more money, but, um, what,
Melissa Palmer:Ah, but how much will a ransomware attack cost you these days?
Melissa Palmer:To Ching?
Melissa Palmer:There's your justification.
Melissa Palmer:Here's your budget.
Melissa Palmer:Go protect your stuff.
Melissa Palmer:Now.
Melissa Palmer:Finally,
W. Curtis Preston:Exactly.
Prasanna Malaiyandi:What, one question I have, I know we'll get to it probably
Prasanna Malaiyandi:at some point, but with virtualization, does it make it easier to sort of figure
Prasanna Malaiyandi:out like everything that's needed,
Melissa Palmer:It depends of course, cuz everything in it depends.
Melissa Palmer:Uh, if everything's hosted in the virtualization environment,
Melissa Palmer:then yeah, it's simple.
Melissa Palmer:But when you get into crazy stuff like well this database is on the Oracle
Melissa Palmer:Rack cluster over there and that's not virtualized cuz Oracle and virtualization
Melissa Palmer:we're not even gonna go there.
Melissa Palmer:Um, that's when you get a little dicey with stuff like that.
Melissa Palmer:Or, you know, especially with hybrid cloud now too.
Melissa Palmer:If you have a app that spans like on-prem in the cloud, then.
Melissa Palmer:Good luck guys.
Melissa Palmer:I hope you actually know what you're doing.
Prasanna Malaiyandi:But would you say though, in the virtualized
Prasanna Malaiyandi:environment that for those applications which are fully virtualized,
Melissa Palmer:love this question
Prasanna Malaiyandi:it
Melissa Palmer:we're gonna go down a dark path right after this.
Prasanna Malaiyandi:it makes it a little easier where maybe it doesn't
Prasanna Malaiyandi:cover, like you said, a hundred percent of your environment, but it covers
Prasanna Malaiyandi:some good chunk of your environment
Melissa Palmer:All right, let,
Prasanna Malaiyandi:you have a general solution and the rest of it you can focus
Melissa Palmer:Let's go with that.
Melissa Palmer:If you're an organization that's a hundred percent virtualized, which if you're
Melissa Palmer:a company that was started in the last 10 to 20 years, you probably are right?
Melissa Palmer:Yeah.
Melissa Palmer:Just back up the whole virtualization environment and you're good to go.
Melissa Palmer:But you know what else that means?
Melissa Palmer:That's a really big juicy target for the ransomware actors.
Melissa Palmer:They can come in, come through your virtualization environment
Melissa Palmer:and ransomware you a hundred times faster and a hundred times worse.
Melissa Palmer:If they get Es Xi or vCenter, yay.
W. Curtis Preston:Right.
Prasanna Malaiyandi:I think that's one thing that isn't talked about a lot
Melissa Palmer:It's not.
Melissa Palmer:It's not, and it drives me up a wall.
W. Curtis Preston:You brought up an interesting topic there, and I
W. Curtis Preston:don't think it's one that's discussed enough, and that is, environments
W. Curtis Preston:like vCenter are being targeted as a thing that they're not just targeting
W. Curtis Preston:the VMs, they're targeting vCenter.
Melissa Palmer:They're going after vm.
Melissa Palmer:The VMware infrastructure itself, not just the VMs.
Melissa Palmer:I mean, any Windows server you pop these days is probably a vm, right?
Melissa Palmer:If it's OnPrem, no, no, no.
Melissa Palmer:They're going after vCenter, which is a management interface, and the
Melissa Palmer:S X I hosts, they are going after the VMware environment as a whole.
W. Curtis Preston:Yeah.
W. Curtis Preston:And that, that sort of hurts, right?
W. Curtis Preston:Because like you
Melissa Palmer:go up to the backup environments too.
W. Curtis Preston:because, uh, yes, no, we, we talk about
W. Curtis Preston:that a lot on this podcast.
W. Curtis Preston:Um, that, um, and it, you know, and I know, I know this, I know this reaches
W. Curtis Preston:out to your former employer, but backup environments that are exclusively
W. Curtis Preston:Windows based, uh, bug me, right?
W. Curtis Preston:Uh, right , um, because I am worried about that,
Melissa Palmer:Because windows is just like the most secure thing ever.
Melissa Palmer:Like how many vulnerabilities out there?
Melissa Palmer:Target windows.
Melissa Palmer:Like,
Melissa Palmer:come on guys.
W. Curtis Preston:no one, no ransomware, no one has Windows,
W. Curtis Preston:laptops that they then bring, that get infected, and then they bring it
Melissa Palmer:No.
Melissa Palmer:Never.
Melissa Palmer:Never.
Prasanna Malaiyandi:You're talking about VMware, does sort of this ransomware
Prasanna Malaiyandi:angle also affect like the VMware cloud offerings as well in your mind, or do
Prasanna Malaiyandi:you think it's more about the on-prem customer deployed implementations?
Melissa Palmer:would say if, if I was, so, I, I, you know, you
Melissa Palmer:know, you've heard the whole red verse blue team thing, right?
Melissa Palmer:So I would say I'm usually like a blue team or a defender,
Melissa Palmer:recover, all that kinda stuff.
Melissa Palmer:I got, like, when it comes to VMware, I got like a little bit of red team in me.
Melissa Palmer:I gotta be honest, like I got some red team in there.
Melissa Palmer:Um, it kind of comes down to level of effort, right?
Melissa Palmer:If you've deployed VMware cloud the right way, it's probably harder to get into.
Melissa Palmer:Then your traditional on-prem infrastructure, if you've done
Melissa Palmer:everything right, if I have everybody, if everybody can log into my Cloud
Melissa Palmer:V center anyway, and I put it on the internet, then it's a target, right?
Melissa Palmer:Like that kind of thing.
Melissa Palmer:Um, but I would say I've seen a lot of the easier targets are
Melissa Palmer:still the on-prem kind of stuff.
Melissa Palmer:So that's where people go first.
Melissa Palmer:Um, but I, I, I think that everything is a target.
Melissa Palmer:There's kind of a misnomer that the cloud is more secure, right?
Melissa Palmer:Not, it's sometimes a little harder.
Melissa Palmer:So why there's enough low hanging fruit and data centers, why not start there?
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Well, I go after that harder target.
Prasanna Malaiyandi:Yeah.
Melissa Palmer:Yeah.
W. Curtis Preston:Do you want to, for those that don't know what a red and
W. Curtis Preston:blue team are, you wanna, uh, fill that?
Melissa Palmer:Yeah, I will.
Melissa Palmer:So if, if you think about it in two different ways, uh,
Melissa Palmer:red team is more like offense.
Melissa Palmer:Like I am the person penetration testing and actively trying to
Melissa Palmer:break stuff and trying to figure out where the weaknesses are.
Melissa Palmer:The blue team is really defense.
Melissa Palmer:I'm the defender.
Melissa Palmer:Um, I'm trying to make sure the red teamers can't break everything cause
Melissa Palmer:I'm trying to secure it and I really feel that backup and recovery does also
Melissa Palmer:fall under the blue team too, right?
Melissa Palmer:Like if I'm, if everything does go to hell, we are ransomware.
Melissa Palmer:We're gonna try, we're putting everything in place now so we can recover later.
W. Curtis Preston:Yeah.
W. Curtis Preston:I actually know a guy that is a physical pen tester.
W. Curtis Preston:Um, and yeah, his, his job is to physically like to
W. Curtis Preston:not, he doesn't break in.
W. Curtis Preston:He uses
Melissa Palmer:no.
Melissa Palmer:He gets someone to let him in
Melissa Palmer:the door.
W. Curtis Preston:engineering and then his job is to get to somewhere
W. Curtis Preston:where he's not supposed to be.
W. Curtis Preston:And take a picture and then, and then get, and then get the hell out.
Melissa Palmer:but that's very valid.
Melissa Palmer:Right?
Melissa Palmer:It's, it's all, there's all different layers and levels of security.
Melissa Palmer:That actually sounds fun.
Melissa Palmer:I think I'd be good at something like that.
Melissa Palmer:I know you can't tell how tall I am, but I'm like five feet tall.
Melissa Palmer:I'm like, wait, like nothing.
Melissa Palmer:So I'm like a tiny little unsuspecting, put a big smile on my face, put some pink
Melissa Palmer:on, like I could probably get it anywhere.
W. Curtis Preston:yeah.
W. Curtis Preston:I, I think, I think a female physical pen tester would be a, a, a force
W. Curtis Preston:to be reckoned with , I think.
W. Curtis Preston:You know, um,
Prasanna Malaiyandi:career opportunity, Melissa.
W. Curtis Preston:just, you know, just play the . It's a little innocent.
W. Curtis Preston:I'm not doing anything, you know, I'm lost.
W. Curtis Preston:Play, play on all our biases.
W. Curtis Preston:That would be mean, but very effective.
W. Curtis Preston:Um, so, okay, so we talked about, you know, we talked
W. Curtis Preston:about backing up everything.
W. Curtis Preston:We talked about the fact that that vCenter is a target, so you need to learn, and,
W. Curtis Preston:and I'm, you know, hyper V is a target.
W. Curtis Preston:Linux is a target as well.
W. Curtis Preston:Like everything's a target.
Melissa Palmer:kvm.
Melissa Palmer:Everything is a target.
Melissa Palmer:But here's the thing that people don't do, and like I said, I'm generally a
Melissa Palmer:blue teamer, but I got some red teaming.
Melissa Palmer:What comes to VMware and I'm kind of thinking, okay, I'm
Melissa Palmer:like a ransomware person.
Melissa Palmer:What do I want?
Melissa Palmer:I wanna make money.
Melissa Palmer:I wanna make you pay the ransom, which means I'm gonna do as much
Melissa Palmer:damage as quickly as possible before you figure out I'm.
W. Curtis Preston:Right.
Melissa Palmer:VMware, kind of VMware.
Melissa Palmer:I'm, I'm, I'm kind of like torn right now.
Melissa Palmer:I don't know.
Melissa Palmer:What's a better target?
Melissa Palmer:VMware or your backups?
Melissa Palmer:Probably both.
Melissa Palmer:If you get two people in there right, hit 'em at the same time.
Melissa Palmer:That way you can't recover and everything's gone.
Melissa Palmer:Um, but I'm just looking for a high impact way to wreak havoc.
Melissa Palmer:Hit the VMware environment, that's gonna be fast.
Melissa Palmer:Um, I do nerdy stuff like read ransomware, release notes, and I can't remember
Melissa Palmer:which strain it was, but they're like, oh, we redid something and now
Melissa Palmer:we encrypt, you know, much faster.
Melissa Palmer:We use more CPU threads, right?
Melissa Palmer:So you've got this big, massive vfu host sitting there with all these CPUs in it.
Melissa Palmer:Once you power everything down so you can encrypt it, boom, it's gonna go so fast.
Melissa Palmer:You're probably not even gonna notice before everything is encrypted.
Prasanna Malaiyandi:And this encryption, does that happen at the vCenter level
Prasanna Malaiyandi:or is it literally you pop each VM one
Melissa Palmer:no, you don't even have to do that.
Melissa Palmer:This is cake.
Melissa Palmer:Let me explain how this works.
Melissa Palmer:So, a VMware cluster is usually a bunch of physical servers in a cluster.
Melissa Palmer:We need shared resources so that these VMs can move around the cluster based on
Melissa Palmer:load balancing and if something fails, restarted, all that kind of stuff.
Melissa Palmer:So the shared resources are basically, um, network and storage,
Melissa Palmer:which means if I have eight nodes in my cluster, let's just use that.
Melissa Palmer:That one host is connected to all the data stores and they
Melissa Palmer:all see the same thing, right?
Melissa Palmer:So if I get into one host, I can see all the storage for the whole cluster.
Melissa Palmer:Now, when we get to the storage level or the data store level,
Melissa Palmer:in VMware, a VM is just a file.
Melissa Palmer:It's a file.
Melissa Palmer:They're encrypting.
Melissa Palmer:It's not, it's.
Melissa Palmer:at the file level, right?
Melissa Palmer:They just encrypt all the files on the data store, pretty much.
Melissa Palmer:It's not like I have to go VM by vm.
Melissa Palmer:They're just files at that point, which is why it happens so
Melissa Palmer:quick and why it's so dangerous.
Prasanna Malaiyandi:yeah.
Prasanna Malaiyandi:And unlike like your traditional file system, right, these data store files
Prasanna Malaiyandi:are pretty large in size, right?
Melissa Palmer:Yeah.
Melissa Palmer:Yeah.
W. Curtis Preston:Regarding the, you know, or, or go, you know, go
W. Curtis Preston:after V center or go after backup.
W. Curtis Preston:Um, the, the big, the big concern that I have, not just cuz generally what
W. Curtis Preston:you know, if they're going after the backup system, historically it's been
W. Curtis Preston:to just take it out, take it out of the equation, cuz they're gonna do
W. Curtis Preston:damage somewhere else and they don't want the backup system used to recover.
W. Curtis Preston:um, you can pretty easily get at least a doomsday copy.
W. Curtis Preston:Like if you're, if you're doing an on-prem system, most of them have the ability
W. Curtis Preston:to get something in the cloud, uh, to u to use to, to, you can deal with that.
Melissa Palmer:hopefully people have half a brainer putting a copy of their backup
Melissa Palmer:data in the cloud, like just by default,
Melissa Palmer:right?
Melissa Palmer:Like hopefully, hopefully.
W. Curtis Preston:is some of the encryption methods used by some of the
W. Curtis Preston:backup vendors aren't that great and that they can also use basically the backups
W. Curtis Preston:that, you know, you talked about how do I get paid the most if I'm a ransomware
Melissa Palmer:Yeah, exactly.
W. Curtis Preston:If you can figure out the, the encryption
W. Curtis Preston:method used by the backup server.
W. Curtis Preston:Now, not only do you have you.
W. Curtis Preston:All the D, you have unencrypted copies of everything, right?
W. Curtis Preston:That, and then you can do an extortion attack, right?
W. Curtis Preston:You can say, Hey, I
Melissa Palmer:I love the, I love me a good cup of extortion in the morning.
Melissa Palmer:Like, come on.
Melissa Palmer:That's how you, that's how you and, and like that's how you
Melissa Palmer:get people to pay too, right?
Melissa Palmer:Ooh, I found pictures of your ct c o doing a little something, something.
Melissa Palmer:I'm gonna take
Prasanna Malaiyandi:whammy.
W. Curtis Preston:Wow.
W. Curtis Preston:You go right for the, you go right for the ju.
Melissa Palmer:I do.
Melissa Palmer:I
W. Curtis Preston:I I was just thinking like, you know, the CEO's, cuz you know,
W. Curtis Preston:the thing is you showed me an email system and I'll show you, I'll show you
W. Curtis Preston:emails that shouldn't have been sent.
W. Curtis Preston:Right.
W. Curtis Preston:Um,
Melissa Palmer:yeah, let's go with that.
Melissa Palmer:It's a little more tamer.
Melissa Palmer:Like
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Uh, emails that, um, I, you know, I've known, you know, and, and like even
W. Curtis Preston:in places where, you know, we, you know, I've been in the corporate world
W. Curtis Preston:for 30 years now, and it's changed over the years when we talk about
W. Curtis Preston:things like sexual harassment, right?
W. Curtis Preston:Um, it ha it ha it has changed, right?
W. Curtis Preston:Um, But like, what a lot of it has done is it's just gone closeted, right?
W. Curtis Preston:It's like, you know, so guys still talk amongst each other, but
W. Curtis Preston:they still do it on email, right?
W. Curtis Preston:And you're
Melissa Palmer:Oh, I've got some stories about
W. Curtis Preston:Oh, I'm, I am absolutely sure
Melissa Palmer:I got stories.
W. Curtis Preston:I am sure you do.
W. Curtis Preston:Uh, but that's what, if I were, if I were a hacker, I would be going after
W. Curtis Preston:the backups and I would be going after backups specifically where I could
W. Curtis Preston:figure out the encryption mechanism.
W. Curtis Preston:and that I can, maybe, I can't decrypt the data directly, but what I can do is
W. Curtis Preston:I can get administrative access to the backup server and then I can restore
W. Curtis Preston:whatever I want, wherever I want.
W. Curtis Preston:And a lot of people, a lot of people aren't watching their backup
Melissa Palmer:one.
Melissa Palmer:No, they're
W. Curtis Preston:Right.
W. Curtis Preston:Um, not like, not like they should be because, well, let me ask you this.
W. Curtis Preston:So you, you, you've dealt with a lot of backup folk.
Melissa Palmer:I have.
W. Curtis Preston:It, it's, it's still this thing of like, nobody wants to do it.
W. Curtis Preston:Right.
W. Curtis Preston:And so it's the junior person
Melissa Palmer:I will say, I will say one of my specializations
Melissa Palmer:when I worked with backup was also monitoring the backup systems.
Melissa Palmer:And I was telling everybody, you realize you need to be monitoring
Melissa Palmer:these two for like a number of reasons, especially like if you're
Melissa Palmer:ransomware and you go to Restore and you realize your backups weren't running.
Melissa Palmer:Like that's a big one too, but kind of looking at like, Hey, like why is Bob
Melissa Palmer:from accounting restoring a VM at 3:00 AM.
Melissa Palmer:Bob from accounting shouldn't be doing that.
Melissa Palmer:Like what is going on here?
Melissa Palmer:Well, someone got his credentials and he had access to the backup server.
Melissa Palmer:Hello?
W. Curtis Preston:yeah, yeah.
W. Curtis Preston:Um, least privilege, right?
W. Curtis Preston:The
Melissa Palmer:One of my favorites.
Melissa Palmer:That is probably like my number one, I talk to people about
Melissa Palmer:like, let's start there please.
W. Curtis Preston:yeah.
W. Curtis Preston:Yeah.
Melissa Palmer:Especially when it comes to VMware, right?
Melissa Palmer:Like Bob, I like Bob.
Melissa Palmer:I'm gonna pick on Bob from accounting now, like Bob from Accounting
Melissa Palmer:shouldn't be able to log into vCenter.
Melissa Palmer:I'm just putting that out there
W. Curtis Preston:Yeah, I know Bob from accounting's, an idiot.
Prasanna Malaiyandi:Are there other things you would recommend
Prasanna Malaiyandi:sort of as like best practices to sort of reducing the risk of
Prasanna Malaiyandi:ransomware in a vCenter environment?
Melissa Palmer:put vCenter on the internet.
Melissa Palmer:If you go to Showdan, it's all over the place.
Melissa Palmer:People still do this.
Melissa Palmer:People put their ES x I hosts on the internet too.
Melissa Palmer:Do not do this, please.
Melissa Palmer:And I know, but Melissa, there's valid reason that we would do this.
Melissa Palmer:And if you do it in a protected manner and blah, blah, blah, and
Melissa Palmer:you think it's safe, well whatever.
Melissa Palmer:Nothing's safe these days, fine.
Melissa Palmer:Fight me on it.
Melissa Palmer:But like, let's start there.
Melissa Palmer:Let's start with the basics.
Melissa Palmer:Um, that's important.
Melissa Palmer:Principle least privilege is a big thing.
Melissa Palmer:Um, Having a good strong E S X I root password is a good thing.
Melissa Palmer:Not having it written on or in a file on your desktop.
Melissa Palmer:What was it?
Melissa Palmer:I, so I follow a lot of this stuff and I can't remember, oh, it was some
Melissa Palmer:big hack and I can't remember which one right now, but it was really going
Melissa Palmer:around Twitter and like someone found the password file that was on someone's
Melissa Palmer:desktop and whoever posted on Twitter, it was all redacted with the passwords
Melissa Palmer:out, but they had every password to all of the infrastructure in a notepad file.
Melissa Palmer:So someone got into someone's desktop, cuz that's when a lot of it happens.
Melissa Palmer:They get access to your desktop or your PC or whatever they found it.
Melissa Palmer:And guess what?
Melissa Palmer:Now I have the root password for E S X I.
Melissa Palmer:I have the keys to the whole kingdom.
Melissa Palmer:Like, don't
W. Curtis Preston:You know, the, the thing is these things sound so
W. Curtis Preston:stupid, but you know that, you know, like so many of the hacks that happen,
W. Curtis Preston:ransomware and, and, uh, and otherwise they're, because of really stupid stuff.
W. Curtis Preston:Like not installing
Prasanna Malaiyandi:human error.
W. Curtis Preston:right?
W. Curtis Preston:Not installing a patch, having your root passwords up on a thing, um, you know,
Prasanna Malaiyandi:saved in a browser.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:Your password.
Melissa Palmer:Like don't do
W. Curtis Preston:yeah.
W. Curtis Preston:Um, the, so, so it's like the, these seem like really basic things, but
W. Curtis Preston:if everybody in the world did these really basic things, there would be
W. Curtis Preston:a significantly, um, smaller amount of ransomware, I think, in the
Prasanna Malaiyandi:But I have a question about that though.
Prasanna Malaiyandi:I agree with everything you guys have said.
Prasanna Malaiyandi:. But if you got rid of all the low hanging fruits, wouldn't
Prasanna Malaiyandi:everything else become much har,
Melissa Palmer:Well, that's the thing, right?
Melissa Palmer:Once we get through this and we
Prasanna Malaiyandi:
Speaker:It'll be the next level.
Prasanna Malaiyandi:
Speaker:Yeah.
Melissa Palmer:that's the thing, right?
Melissa Palmer:So like these threat actors are out there doing this stuff day in and day out.
Melissa Palmer:Like, uh, it is like if I'm a threat actor, like.
Melissa Palmer:. I bet they, I bet these gangs have like VMware specialists working
Melissa Palmer:for them at this point, that all they do is go in and home.
Melissa Palmer:VMware, I'm sure they have a backup specialist that they
Melissa Palmer:know all the backup systems.
Melissa Palmer:They just go like, you have to understand that these threat actors are specialized.
Melissa Palmer:Right.
Melissa Palmer:Of course there's generalists.
Melissa Palmer:Um, you have the whole ransomware as a service thing where they just get in
Melissa Palmer:and they kind of hand it over to the threat actors and all that kind of stuff.
Melissa Palmer:So like all these people do is, and they're generally probably
Melissa Palmer:pretty smart people, is like, I'm just gonna figure out every way I.
Melissa Palmer:Just own VMware.
Melissa Palmer:And that's, that's, that's what they do day in and day out, right.
Melissa Palmer:So it, it's hard to compete that with that kind of stuff.
Melissa Palmer:And once we clear up the basics, yes, there's gonna be another area to target.
Melissa Palmer:There's gonna be something new to exploit.
Melissa Palmer:Um, those zero days are gonna come out and people aren't gonna patch 'em
Melissa Palmer:and everybody's watching it, right?
Melissa Palmer:Like I read, um, All the CVEs and stuff like that.
Melissa Palmer:Like they're just sitting there going, oh, I can exploit this and off to the races.
Melissa Palmer:Like it's, it's a big thing.
Melissa Palmer:There's no, there's no silver bullet.
Melissa Palmer:There's no one size fits all.
Melissa Palmer:It's just
W. Curtis Preston:Well, I know.
Melissa Palmer:mitigate the risk.
Melissa Palmer:Right?
W. Curtis Preston:Yeah.
W. Curtis Preston:That, that's why my approach when talking to people has been, just assume that
W. Curtis Preston:ransomware is going to get into your
Melissa Palmer:Assume breach.
Melissa Palmer:Thank you.
Melissa Palmer:let's, just, let's just stop playing around.
Melissa Palmer:Assume breach.
Melissa Palmer:How do you recover?
Melissa Palmer:How do you stop them?
Melissa Palmer:How do you recover?
W. Curtis Preston:And how do you, and how do you limit the blast?
W. Curtis Preston:Right.
W. Curtis Preston:How do you, you know, we, you know, I
Melissa Palmer:do you, how do you limit, the amount of damage
Melissa Palmer:they can do and then recover.
W. Curtis Preston:I know,
Melissa Palmer:That's where it has
W. Curtis Preston:And a, and a great for those that are, you know, if you're
W. Curtis Preston:listening to this and you're on, because you're a fan of @vmiss, that's great.
W. Curtis Preston:Uh, you should check out this other guy that we, we had on a podcast.
W. Curtis Preston:We went pretty deep into this Snorkel 42.
W. Curtis Preston:I'll put a link in the show notes.
W. Curtis Preston:Um, so we, you know, he went into things like, um, what do you call it?
W. Curtis Preston:Um, um, limiting.
Melissa Palmer:U Rack reference?
Melissa Palmer:Like how did he come up with 42?
W. Curtis Preston:You know what
Prasanna Malaiyandi:I
Melissa Palmer:Rack or is it like, what's that
W. Curtis Preston:know, we didn't ask, we didn't ask.
Prasanna Malaiyandi:
Speaker:Oh, Hitchhiker's guide.
Melissa Palmer:the Universe?
W. Curtis Preston:Yeah.
W. Curtis Preston:The Hitchhikers guide.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
Prasanna Malaiyandi:He posts on Reddit all the time on the CIS admin forum, so,
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, and you know, he, he talked a lot about limit limit limiting
W. Curtis Preston:or stopping lateral movement within your company, period.
W. Curtis Preston:Cuz it's, it's, it's the kind of thing where people.
W. Curtis Preston:I've only been in literally one company, one company in my entire
W. Curtis Preston:career where lateral movement had been completely shut off.
W. Curtis Preston:Right.
W. Curtis Preston:And, and I, and I only knew that was because backup was really, really hard.
W. Curtis Preston:like we, we had to go in and, yeah.
W. Curtis Preston:And I had, there, there's a, there's a great story, which I won't retell right
W. Curtis Preston:now, but it ends up with me losing.
W. Curtis Preston:Stuff at late at night.
W. Curtis Preston:Um, and, uh, because of they did that.
W. Curtis Preston:But that's the kind of thing you have to do.
W. Curtis Preston:Look at it's, it's, it's like the, it's like the concept of least privilege.
W. Curtis Preston:Look at your network, figure out which servers need to talk to which servers
W. Curtis Preston:and make that happen and nothing else.
W. Curtis Preston:Um, what, anything else that you're, you're thinking about Melissa,
Melissa Palmer:Oh, there's so much.
Melissa Palmer:There's, there's so much.
Melissa Palmer:It's just like, it's a ridiculous amount of stuff and it's little stuff, right?
Melissa Palmer:It's like leaving s ssh on making sure it's turned off by detail fault.
Melissa Palmer:That's a good way to get in.
Melissa Palmer:Uh, anything, anybody who has access to vCenter, right?
Melissa Palmer:We
Prasanna Malaiyandi:RDP
W. Curtis Preston:about rdp?
Melissa Palmer:Well, the good news is vCenter is a Linux-based appliance.
Melissa Palmer:So you can't already p to vCenter anymore, at least if there's still
Melissa Palmer:some Windows vCenters around there.
Melissa Palmer:Wish they probably are
W. Curtis Preston:there, there.
Melissa Palmer:I shouldn't say that.
Melissa Palmer:See, I feel weird like saying all this stuff.
Melissa Palmer:Like I hate going places and be like, well here's how you break into word.
Melissa Palmer:Really screw it up.
Melissa Palmer:Um, I feel like I shouldn't be doing that, but I'm sure
W. Curtis Preston:Yeah, I mean,
Melissa Palmer:stuff.
Melissa Palmer:Um, I think there's still some Windows V centers hanging around.
Melissa Palmer:. Um, but the same thing with the V Center, right?
Melissa Palmer:Don't, don't have SSH on there either.
Melissa Palmer:Turn off all the ssh s it's really simple to do, but people like it.
Melissa Palmer:It's like a thing, right?
Melissa Palmer:Like, oh, it's easier to ssh and go do whatever I have to do, but you forget to
Melissa Palmer:turn it off afterwards, stuff like that.
Melissa Palmer:Um, VMware's actually been very good about, um, they have like a whole
Melissa Palmer:ransomware page where they list everything out that they suggest and stuff like that.
Melissa Palmer:And that's like a good reading starting point for anybody.
Melissa Palmer:But people, people just get like sloppy and, and I get that
Melissa Palmer:and I have found like being.
Melissa Palmer:It's weird.
Melissa Palmer:I have like two personalities, like which Melissa's gonna show up?
Melissa Palmer:Is it VMware, Melissa and infrastructure VMware's infrastructure?
Melissa Palmer:Melissa's gonna show up.
Melissa Palmer:Or is security Melissa gonna show up?
Melissa Palmer:Are they gonna show up together?
Melissa Palmer:Like who knows, right?
Melissa Palmer:It's like I've got these two personalities.
Melissa Palmer:Um, and I've noticed that there is not a lot of cross
Melissa Palmer:pollination in this space, right?
Melissa Palmer:There's not a lot of VMware people doing security and there's not a lot of
Melissa Palmer:security people that really understand.
Melissa Palmer:and I've seen this gap for a very long time, and I'm like trying to
Melissa Palmer:bridge it with some of my blog posts and my content and stuff like that.
Melissa Palmer:So I'll be putting more effort into there.
Melissa Palmer:But you know, you really gotta the two organ, the two teams
Melissa Palmer:really just need to work together.
Prasanna Malaiyandi:that's interesting that you mentioned like, yeah, security
Prasanna Malaiyandi:and virtualization teams not necessarily
Melissa Palmer:Like I can tell you, every time I see a VMware ransomware
Melissa Palmer:article in the news, it is factually.
Melissa Palmer:, like, I don't know where they're getting their information from, from, but it's
Melissa Palmer:like usually wrong most of the time.
Melissa Palmer:And I'm just like, people don't understand these things.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:I wonder if it's kind of like back in the day, how backup and
Prasanna Malaiyandi:virtualization teams never talked to each other and everything was broken.
Prasanna Malaiyandi:Maybe if they need something like that.
Melissa Palmer:I remember those days and I feel old saying that,
Melissa Palmer:but I, I do remember those days.
W. Curtis Preston:Do you remember?
W. Curtis Preston:You remember?
W. Curtis Preston:Uh, what was it?
W. Curtis Preston:Uh, V C B.
W. Curtis Preston:You remember V c b
Melissa Palmer:Yeah.
W. Curtis Preston:I said, I said that it stood for very crappy backup.
W. Curtis Preston:That's what I said.
W. Curtis Preston:It stood
Melissa Palmer:Yeah, I remember
W. Curtis Preston:Um, yeah, that was
Melissa Palmer:More backup
W. Curtis Preston:1.0.
W. Curtis Preston:Um, yeah.
W. Curtis Preston:So e everything you just said about VMware, I would take, and I would
W. Curtis Preston:use, I would say exactly the same thing about backup teams, right?
W. Curtis Preston:And they're often, they're often very junior.
Melissa Palmer:So what happens when we have to get the VMware
Melissa Palmer:team, the backup team, and the security team in the same room?
Melissa Palmer:What is
Prasanna Malaiyandi:And network and network team.
Prasanna Malaiyandi:Don't forget that.
Melissa Palmer:the network team too while we're at it.
W. Curtis Preston:Well, I, I mean, hopefully these attacks
W. Curtis Preston:have become so common, right.
W. Curtis Preston:You know, um, Druva did a, a survey and, and half of the companies
W. Curtis Preston:said that they had been hit with ransomware in the last three years.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and.
W. Curtis Preston:You know, hopefully things are become, because you know, if I back up, if I
W. Curtis Preston:look at traditionally backup and Dr.
W. Curtis Preston:Um, you could often, you could often say things like, well, if, if a meteor hits
W. Curtis Preston:or if, if a, you know, if the earthquake takes out, I live in San Diego, right.
W. Curtis Preston:If the earthquake and, and suddenly Arizona becomes beach freight property,
W. Curtis Preston:I'm gonna be dead and I won't care.
W. Curtis Preston:Right.
W. Curtis Preston:And the, and the odds of that are, you know, right.
W. Curtis Preston:But,
Melissa Palmer:And that's the
W. Curtis Preston:but you can't say that with, with
Melissa Palmer:the problem with DR.
Melissa Palmer:And all the traditional dr.
Melissa Palmer:I like to say that ransomware is a disaster, right?
Melissa Palmer:Your disaster recovery plan is a great place to start.
Melissa Palmer:But here's the thing, how many organizations didn't actually bother?
Melissa Palmer:Cause we're gonna accept the risk of the meteor strike cuz it's not gonna happen.
W. Curtis Preston:Right,
Prasanna Malaiyandi:Versus ransomware, which is so much
Melissa Palmer:gonna happen.
Melissa Palmer:It's not if it's
W. Curtis Preston:Yeah.
W. Curtis Preston:I remember being in a, in, in a, in a meeting trying to work with a large.
W. Curtis Preston:Company, defense contractor and, and, and, and they were basically saying, yeah, if,
W. Curtis Preston:if, you know, if, if that hit, if that happens, I will be dead and I won't care.
W. Curtis Preston:That was literally his official position.
W. Curtis Preston:Let's move on.
W. Curtis Preston:Move on.
W. Curtis Preston:He said . I was like,
Prasanna Malaiyandi:But one question I have, so we're saying
Prasanna Malaiyandi:that ransomware is common, right?
Prasanna Malaiyandi:People are hit with it, but are there sort of best practices like, Hey,
Prasanna Malaiyandi:here's what you should be doing, and not just in silos, like the backup
Prasanna Malaiyandi:team has stuff that they talk about the VMware, like you said, VMware published
Prasanna Malaiyandi:something on how to prevent it, but.
Prasanna Malaiyandi:Sort of looking holistically across all these organizations, security, networking,
Prasanna Malaiyandi:virtualization, backup teams, right?
Prasanna Malaiyandi:To come together as, Hey, here's really what you guys should be
Prasanna Malaiyandi:talking about before, letting each team sort of figure things out.
Melissa Palmer:So here's the interesting thing, part interesting thing.
Melissa Palmer:I think until the tail end of 2022, the number one way threat actors got
Melissa Palmer:in was through phishing attacks, right?
Melissa Palmer:Someone clicked a link in the email.
Melissa Palmer:, that was the number one way, but I believe in the later half of the year,
Melissa Palmer:and you guys might know better, it switched to vulnerabilities, right?
Melissa Palmer:Vulnerabilities are now the number one way threat actors are getting in.
Melissa Palmer:So I think we really need to start with.
Melissa Palmer:How are they getting in and starting there?
Melissa Palmer:And each piece right kind of starts with cleaning up their house,
Melissa Palmer:the VMware vulnerabilities, cuz there are VMware vulnerabilities.
Melissa Palmer:Like everybody likes to talk about hypervisor escapes.
Melissa Palmer:Like, that's like the classic VMware hacking thing.
Melissa Palmer:Like, hahaha hypervisor escape.
Melissa Palmer:I'm gonna be, and I'm gonna take over the hose.
Melissa Palmer:Like I, it drives me up a wall.
Melissa Palmer:I'm like, that's all anybody ever thinks of when they think about virtualization
Melissa Palmer:insecurity as a hypervisor escape.
Melissa Palmer:And that does not.
Melissa Palmer:, no one cares.
Melissa Palmer:That's not what's gonna get you.
Melissa Palmer:Right.
Melissa Palmer:So if we start with something like vulnerabilities, right?
Melissa Palmer:Everybody's gotta clean their own house, right?
Melissa Palmer:All the VMware team, the network team, the storage team, the backup
Melissa Palmer:team, cuz backup software has vulnerabilities sometimes too.
Melissa Palmer:Like anything can be vulnerable.
Melissa Palmer:So let's look at the way that the threat actors are getting in and
Melissa Palmer:everybody clean up their house.
Melissa Palmer:And then let's all get together and talk about how we clean up
Melissa Palmer:our house and go from there.
W. Curtis Preston:Yeah.
W. Curtis Preston:I think if, if we look at like all these teams, right?
W. Curtis Preston:What they all have in common is let's get good passwords in a password
W. Curtis Preston:management system, whatever you have, let's make sure that patch management
W. Curtis Preston:and patch installs is, is top of the top of the priority, right?
W. Curtis Preston:Get MFA.
W. Curtis Preston:. Right.
W. Curtis Preston:Um, and, you know, and, and, and, and, and monitoring and, and also
W. Curtis Preston:the concept of least privilege.
W. Curtis Preston:How are you, how are you implementing these concepts in your environment?
W. Curtis Preston:Security team, backup team s you know,
Melissa Palmer:Security team too, right?
Melissa Palmer:They don't get a free pass.
Melissa Palmer:It's not like I'm the security person, so I don't have to update my software.
Melissa Palmer:Like it doesn't work that way.
Melissa Palmer:Like you're, you're the same as everybody else,
W. Curtis Preston:Yeah, because I think if you, if you just, if you
W. Curtis Preston:just put in like, so many hacks are simply based on zero zero day
W. Curtis Preston:vulnerabilities that came out six months ago that have been, that have been
Melissa Palmer:and no one
W. Curtis Preston:that no one patched, right?
W. Curtis Preston:You know, you look, you look at what happened at Rackspace.
W. Curtis Preston:The Rackspace, they're calling it a zero day vulnerability, but it was actually
W. Curtis Preston:fixed only because it was unknown.
W. Curtis Preston:Prior to that, but it was actually fixed by the patch that came
W. Curtis Preston:out a month before the attack,
Melissa Palmer:And I think, um, I remember was it Exchange or something?
Melissa Palmer:I don't remember what, but I remember seeing this go around.
Melissa Palmer:It was, uh, some microsofty thing.
Melissa Palmer:I don't know if it was like RDP or Exchange R d p,
Melissa Palmer:ransomware Deployment Protocol.
Melissa Palmer:Um,
W. Curtis Preston:they've, I.
Melissa Palmer:Um, so it was something that, it was like a lot of, uh,
Melissa Palmer:windows-based ransomware going around, but it was the same thing, like the
Melissa Palmer:vulnerability used was like six months old and no one had bothered to patch it so,
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:Yeah,
Prasanna Malaiyandi:So, uh, I know we talked about like each house cleaning up.
Prasanna Malaiyandi:I think though, the other thing that these four groups need coordinated with is when
Prasanna Malaiyandi:they do get hit by ransomware though, what does their response look like?
Prasanna Malaiyandi:I feel that a lot of organizations don't have that.
Melissa Palmer:of Worm as my friend.
Prasanna Malaiyandi:I know a lot of organizations don't have that plan.
Prasanna Malaiyandi:In fact, Curtis, when we had Tony from Spec Spectra Logic on the call, right?
Prasanna Malaiyandi:Talking through like what happened when Spectra Logic
Prasanna Malaiyandi:got hit with ransomware, right?
Prasanna Malaiyandi:His big thing was like, I don't even know where to start.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:And luckily they had cyber insurance they had just signed
Prasanna Malaiyandi:up for the month before, right?
Prasanna Malaiyandi:And so they had experts who would come in and sort of guide them through that.
Prasanna Malaiyandi:But a lot of these organizations like, it's almost like you have
Prasanna Malaiyandi:to do that fire drill right ahead of time and be like, Hey,
Melissa Palmer:have it.
Melissa Palmer:That's what you have to do.
Melissa Palmer:You have to practice
W. Curtis Preston:Honestly, uh,
Melissa Palmer:DR test, ransomware recovery test.
W. Curtis Preston:I want us to do an entirely separate recording on that.
W. Curtis Preston:I, I, I agree with you.
W. Curtis Preston:We're already, we're already over our normal time.
W. Curtis Preston:Uh, and we, and I don't wanna shortchange that topic.
W. Curtis Preston:I think that topic is, is dead onPrasanna and, uh, and I
W. Curtis Preston:think Melissa should come back.
W. Curtis Preston:What do you think, Melissa?
Prasanna Malaiyandi:Yeah.
Melissa Palmer:Absolutely.
Melissa Palmer:I'd love to come back.
W. Curtis Preston:All right.
W. Curtis Preston:All right.
W. Curtis Preston:Well, I have a birthday lunch waiting for me.
Melissa Palmer:You do.
W. Curtis Preston:I'm gonna go do that.
W. Curtis Preston:And, um, Melissa, uh, this, this has been great, uh, exciting and, and I'd love to
W. Curtis Preston:hear, you know, uh, somebody talk about backup and security all at the same time,
Melissa Palmer:I know it's fun, right?
Melissa Palmer:There's like, how many of us are there out there?
Melissa Palmer:I don't think there's many of us.
Melissa Palmer:It's so nice to be able to have a conversation about it.
W. Curtis Preston:yeah, and thanks again.
Prasanna Malaiyandi:Anytime.
Prasanna Malaiyandi:Nice to meet you, Melissa, and looking forward to having you back on.
Melissa Palmer:Absolutely.
W. Curtis Preston:All right, and thanks again to our listeners.
W. Curtis Preston:We're nothing without you.
W. Curtis Preston:Remember to subscribe so that you can restore it all
Prasanna Malaiyandi:
Speaker:Happy birthday Curtis.
W. Curtis Preston:and.
Listen On
