Future of Threat Intelligence

Wikistrat’s Jeffrey Caruso on New Methods in Cyber-Physical Attacks

Listen Later

In this episode of The Future of Threat Intelligence, Jeffrey Caruso, Senior Analyst at Wikistrat & Author of Inside Cyber Warfare, shares examples of how teams with minimal budgets achieved kinetic effects through OT system manipulation — from destroying missile research facilities to compromising subway systems and burning down FSB-affiliated banks. His findings, based on two years documenting Ukrainian cyber operations, demonstrate how deep supply chain understanding and innovative attack methods are proving more effective than conventional nation-state capabilities. 

Through methodical vendor system compromise and strategic engineering documentation exfiltration, he tells with David how these teams have developed techniques for creating cascading physical effects without entering Russian territory. Notably, they've demonstrated that successful cyber-physical attacks don't require massive resources; instead, success comes from understanding system interdependencies and supply chain relationships, combined with the ability to interrogate key technical personnel about specific system behaviors. 

This research challenges traditional security models that emphasize tool stacks over team composition and suggests that adversary categorization (nation-state vs. criminal) may be less relevant than previously thought.

 

Topics discussed:

  • How Ukrainian teams executed cyber-physical attacks by compromising vendor systems to obtain engineering diagrams and documentation, then exploiting OT vulnerabilities to create kinetic effects.
  • Why commercial security tools face limitations in addressing these attack methods due to business model constraints and design approach.
  • Technical examination of supply chain compromise techniques enabling physical infrastructure attacks, with examples of vendor system exploitation.
  • Evidence supporting an "adversary agnostic" approach to defense rather than traditional threat actor categorization.
  • Practical insights on building security teams by prioritizing mission focus and institutional loyalty over technical credentials.
  • Analysis of how OT system trial-and-error testing creates new risks for critical infrastructure protection

    • Key Takeaways: 

    • Implement an adversary-agnostic defense strategy rather than focusing on threat actor categorization, as demonstrated by Ukrainian operations showing how even small teams can achieve nation-state-level impacts.
    • Prioritize supply chain security assessments by mapping vendor relationships and identifying potential engineering documentation exposure points that could enable cyber-physical attacks.
    • Establish comprehensive OT system monitoring to detect trial-and-error testing patterns that could indicate attackers attempting to understand system behavior for kinetic effects.
    • Transform security team building by prioritizing veteran hiring and mission focus over technical credentials alone, focusing on demonstrated loyalty and motivation.
    • Design resilient backup systems and fail-safes for critical infrastructure, operating under the assumption that primary defenses will be compromised.
    • Evaluate commercial security tools against their fundamental design limitations and business model constraints rather than feature lists alone.
    • Document all subsystems and interdependencies in OT environments to understand potential cascade effects that could be exploited for physical impact.
    • Build security team loyalty through comprehensive support services, competitive compensation, and burnout prevention rather than relying on high-paid "superstar" hires.
    • Develop verification checkpoints throughout automated security processes rather than assuming tool effectiveness, particularly for critical infrastructure protection.
    • Create architectural resilience by assuming breach scenarios and implementing multiple layers of manual oversight for critical system changes.

      • Join us for the 15th anniversary of RISE in San Francisco this April 8-9, where cybersecurity professionals, law enforcement, and threat intelligence analysts come together for two days of TLP-RED content sharing and hands-on collaboration in the fight against cybercrime. 

      Apply now at http://www.cymru.com/rise.  

      Listen to more episodes: 

      Apple 

      Spotify 

      ...more
      View all episodesView all episodes
      Download on the App Store
      Future of Threat IntelligenceBy Team Cymru
      • 4.5
      • 4.5
      • 4.5
      • 4.5
      • 4.5

      4.5

      11 ratings

      More shows like Future of Threat Intelligence

      View all
      Global News Podcast by BBC World Service

      Global News Podcast

      7,710 Listeners

      WSJ What’s News by The Wall Street Journal

      WSJ What’s News

      4,357 Listeners

      WSJ Tech News Briefing by The Wall Street Journal

      WSJ Tech News Briefing

      1,637 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      637 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,023 Listeners

      The Daily by The New York Times

      The Daily

      112,351 Listeners

      Click Here by Recorded Future News

      Click Here

      415 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,013 Listeners

      Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security

      Talkin' About [Infosec] News, Powered by Black Hills Information Security

      94 Listeners

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics by SPYSCAPE

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics

      1,963 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      137 Listeners

      Security Matters by CyberArk

      Security Matters

      22 Listeners

      Bloomberg Tech by Bloomberg

      Bloomberg Tech

      60 Listeners

      Microsoft Threat Intelligence Podcast by Microsoft

      Microsoft Threat Intelligence Podcast

      22 Listeners

      Better Offline by Cool Zone Media and iHeartPodcasts

      Better Offline

      548 Listeners