Lock and Code

On today's show, we discuss cybersecurity's public enemy number one: Emotet. This piece of malware started in 2014 as a simple banking Trojan, but it later evolved into a fully functional malware business, as its operators sold access to other threat actors and helped load separate malware for a price. The danger was real, but on January 27, Europol announced they'd taken Emotet down. Today, we talk to Malwarebytes security evangelist Adam Kujawa about Emotet's past, its takedown, and the power vacuum it leaves behind.

For Data Privacy Day this year, Lock and Code returns with a special episode featuring guests from Mozilla, DuckDuckGo, and EFF in a discussion on how to protect your online privacy.

Education faced a crisis in the US this year, as the coronavirus forced schools across the country to develop new strategies for teaching. At Malwarebytes, we wanted to discover how these shifts impacted education cybersecurity. Today on Lock and Code, we discuss the latest findings from our report, "Lessons in cybersecurity: How education coped in the shift to distance learning," and we speak with Doug Levin, founder of K12 cybersecurity resource center and advisor to K12 Security Information Exchange, about how schools can plan for a cybersecure 2021.

Today we look at two topics that, maybe surprisingly, intersect: charity organizations and online ad tracking. Ad tracking isn't new—luxury brands used to place their advertisements specifically in newspapers that delivered to high-income zip codes. But today's ad tracking supercharges that match-making game with a complex, opaque machinery that can track what you do online, what websites you visit, what browser you use, and even your gender, religion, and political bias. To help us better understand how charity organizations utilize ad tracking tools—and why that could concern some users—we’re speaking with Chris Boyd, lead malware intelligence analyst for Malwarebytes.

Today, we’re offering Lock and Code listeners something different. We’re giving you a backstage pass to a training we held for employees during Cybersecurity Awareness Month. The topic? The future of cybersecurity for the Internet of Things. Will we ever run antivirus software on IoT devices? What predictions can we make for how the cybersecurity industry will respond to the next, possible big IoT attack? And what can we do today to stay safe? This episode was recorded live in front of our fellow Malwarebytes employees. It also includes a Q&A with our employees at the end.

Cybersecurity Awareness Month is upon us, and while the value of the once-a-year awareness campaign may be obvious to the countless employees now enrolled in cybersecurity trainings, phishing quizzes, and multi-factor authentication webinars—likely mandated by their employers—the value of this awareness campaign may be a little less obvious to the everyday consumer. To help us better understand the value of Cybersecurity Awareness Month for the consumer, we’re talking today with Jamie Court, president of the non-profit advocacy group Consumer Watchdog.

We often learn about cybersecurity issues because of reporting. And as the years have progressed, the stories have only become more intertwined into our everyday lives. Tune in to hear about the role of journalism in cybersecurity—like what makes a vulnerability newsworthy and what coverage helps readers most—on the latest episode of Lock and Code, with guests Seth Rosenblatt of The Parallax and Alfred Ng of CNET. 

A recent history of hacking shows the importance of experimentation. In 2015, security researchers hacked a Jeep Cherokee and took over its steering, transmission, and brakes. In 2019, researchers accessed medical scanning equipment to alter X-ray images, inserting fraudulent, visual signs of cancer in a hypothetical patient. Today, we're discussing one such experiment—a garage door opener called “Open Sesame.” Join us for a discussion with "Open Sesame"'s developer, who is also the chief security officer and co-founder of Open Path, Samy Kamkar, to hear about how his tool works, and who holds responsibility for protecting against modern attacks.

The world of Google Chrome extensions—the sometimes helpful tools that can work directly with the Google Chrome browser to provide a variety of features—is enormous. So, with a marketplace of more than 200,000 items, quality control gets tricky. On today's episode, we speak with Pieter Arntz, malware intelligence researcher for Malwarebytes, about safely downloading Google Chrome extensions and how to avoid some of the more malicious extensions that are meant to hijack searches or sneakily deliver money for their developers.

Ask yourself, right now, on a scale from one to ten, how cybersecure are you? Are you maybe inflating that answer? Our main story today concerns “security hubris,” the simple, yet difficult-to-measure phenomenon in which businesses, and the people inside them, are less secure than they actually believe. To better understand security hubris—how businesses can identify it and what they can do to protect against it—we’re talking today to Adam Kujawa, security evangelist and director for Malwarebytes Labs and security evangelist.