Security
Headlines
HeadlinesLatestCVEs

Headline

How looking at decades of spam led Jaeson Schultz from Y2K to the metaverse and cryptocurrency

“I’m completely interested in the creative ways computers can break down,” Schultz jokes.

TALOS
#web#ios#mac#google#cisco#git#sap

Monday, October 9, 2023 08:10

At this point in his career, Jaeson Schultz has seen nearly every type of online scam there is to see.

From fake bomb threats at schools, to “sextortion” campaigns, cryptocurrency mining, metaverse and more of the 2010s, to the earliest type of spam emails in the 1990s that promised to protect people from a Y2K meltdown or had the next great penny stock that the recipient needed to jump on asap, Schultz’s security career has spanned more than 25 years now.

At this point, nothing adversaries come up with surprises him, but that doesn’t mean he’s not looking for those surprises.

Schultz, a researcher for the Talos Outreach team focused specifically on email threats and spam, is currently looking to new and emerging technologies and how they play into attackers’ hands, including Web3, the metaverse (including the capital “M” Metaverse from the company Meta), cryptocurrency exchanges and the blockchain.

But his security experience dates back to the early days of email when he took a job with the state government of Nevada performing traditional IT troubleshooting and support. At the time, cybersecurity was not a specialized field, so by working in IT, you already needed to be interested in security, Schultz said.

“At that point, [cybersecurity] was more of a hobby for me in the late 80s and early 90s. It wasn’t an established profession, and you couldn’t study it. So, if you were into network administration, you were probably also into security,” he said.

Schultz started pursuing cybersecurity as a hobby, and he even attended some of the first DEF CON conferences, which today is known as one of the largest hacking conferences in the world.

That eventually led him to a job with Brightmail – one of the earliest anti-spam filtering offerings for email — and at the “abuse desk” for another email service provider, where he was tasked with stopping malicious users from sending spam.

At the time, the threats and tactics he saw then were the same as the ones most users get today: They focus heavily on social engineering, trying to trick users into providing personal information, sending money to the attacker or clicking on a malicious link that downloads malware.

Schultz eventually made his way to Cisco through the company’s acquisition of IronPort, which eventually became part of Cisco Talos nearly 10 years ago, where he became part of the Outreach team, conducting more public-facing threat research.

Today, Schultz said attacks are more sophisticated than before thanks to AI language models and years of experience on the attackers’ end. In his earlier career, Schultz said the wildest scam he saw was an email sender claiming to be a time traveler searching for pieces of their time machine, a tactic that (most) users would sniff out quickly in 2023.

“The techniques have evolved over time, but the basic themes have primarily remained the same,” he said.

One of the techniques Schultz is particularly interested in currently is DNS and URL manipulation. He’s written extensively for the Talos blog about how adversaries are using typosquatted domains — attacks in which bad actors use eerily similar URLs to legitimate sites to trick users into visiting an attacker-controlled page. For example, instead of visiting google.com, an attacker may use the domain googie.com in a spam email.

He’s also conducted research into attackers who distort the DNS system. DNS is essentially the backbone of browsing the internet and is what ensures attackers are visiting the page they want to land on — that typing in google.com will take the user to Google.com. Other attackers are using newly released top-level domains like .zip to trick targets into disclosing potentially sensitive files that end in that extension.

Perhaps in one of the more unlikely scenarios, Schultz is also researching how cosmic rays could interfere with network connections and mistakenly send users to the wrong destination.

“I’m completely interested in the creative ways computers can break down,” Schultz jokes.

Many users can feel hopeless when it comes to spam because they’re still getting emails and text messages every day despite the best efforts to research and continued calls to report certain phone numbers, emails or email subjects as spam. But Schultz said he’s driven by the victories he does get along the way.

“There are just so many people out there who are out to commit crimes online. And the number of people who actually get in trouble for committing those crimes is pretty low when you consider how much work goes into cybersecurity,” he said. “It gets under my skin when there are innocent users who get scammed by these people, like what if it was my mom or my grandma? It motivates me to go out there and disrupt their operations.”

Disruption may not even look like directly taking down email servers they’re using or other infrastructure. Even by writing a blog about an actor’s operations or talking to other security researchers at a conference, Schultz said his team’s work can make bad actors’ work more difficult in many ways. Even by just publicly exploiting their tactics, it forces them to change their strategy on the fly.

Schultz’s life doesn’t slow down outside the office, though. He juggles many interests like snow skating during the cooler months. He also owns a home in Ecuador where he likes to get away from the cold at times — Cisco’s work flexibility allows him to work remotely from either location to fit his schedule. Though he did joke his teammates get jealous when he’s working from Ecuador and brings a fresh coconut on a Webex call for a lunchtime drink.

Perhaps his most personal endeavor is running a toy shop in South Lake Tahoe, California with his family. Schultz’s late wife opened the store in 2019 — she wanted to be her own boss after years of having partners in other small business endeavors around the state.

After her death, Schultz said he and his three children wanted to keep the store running so he got more involved on a day-to-day basis. He even gets to put his IT admin hat back on while managing the online storefront and website.

“This was her project, she was always involved in different small businesses around Lake Tahoe, I talked her into buying this toy store so she would be the sole proprietor and not have to answer to anyone else,” Schultz said. “She bought it in 2019, and thankfully it survived the pandemic.”

Since getting more involved at the store, Schultz has gotten into collecting trading cards like Pokemon and the recently released Disney “Lorcana.” Interestingly, he’s interested in collecting real-world goods while the adversaries he typically tracks try to swindle users out of their virtual NFTs.

TALOS: Latest News

Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on