DDoS Attacks

Scammers are getting smarter, understanding the psychology behind social engineering and the challenges companies face every day can help keep networks secure. This episode will show how to anticipate these threats and secure networks against ever-changing vulnerabilities. We'll focus on practical, real-world solutions to protect data and trust.

Dr. Jared Smith joins us to share his insights from his role leading research and development at SecurityScorecard. He also co-founded UnCat, a B2B accounting technology company serving thousands of customers and teaches as an adjunct professor at the University of Tennessee, Knoxville and NYU. His experience shows why social engineering is so effective and how companies can adapt to a world where attackers are always refining their techniques.

This episode shows how even small oversights or minor issues can lead to big breaches. Dr. Smith shares concrete steps to strengthen defenses, and why we need both technical solutions and employee awareness. By looking at the psychology behind the attacks, he'll show that staying one step ahead depends on using smart security tools and a culture that recognizes vigilance at every level.

Show Notes:

• [01:19] Jared is a distinguished thought researcher at SecurityScorecard. He's built systems and helps vendors monitor and secure their networks. He also has a PHD in computer science. He focuses on Border Gateway Protocol or BGP.
• [02:16] He was also a high clearance government national security researcher.
• [03:02] Jared shares a story about how sophisticated phishing scams are becoming.
• [08:43] How large language models are making more sophisticated social engineering possible.
• [10:26] The importance of thinking about cybersecurity needed in the next 10 years.
• [11:02] BGP is like the plumbing of the internet. BGP poisoning breaks the typical internet traffic route. It's very nuanced traffic engineering that uses the Border Gateway Protocol.
• [13:34] BGP is also useful when you have multiple internet connections and one goes down.
• [14:20] The most sophisticated DDoS works are called link flooding attacks, where they identify links that have a certain amount of bandwidth, and they flood that specific border gateway protocol link, effectively segmenting the internet in those places.
• [15:39] Managing DDOS attacks and where the traffic comes from.
• [16:02] Being aware of botnets, because they are what's rented out or being used for these attacks.
• [17:32] Lizard Squad launched DDoS as a service.
• [21:00] Attackers try to get the actual IP addresses from behind a CDN.
• [23:41] How AWS has the ability to manage large amounts of traffic.
• [25:24] There are some DDoS that just require sending enough traffic to fill up the buffers on the other side of the application.
• [28:15] The size of a botnet for DDoS to take down a big network like X. We explore potential paths for these attacks.
• [32:21] We talk about the uptick on attacks during tax season. A large accounting firm with a lot of clients could be spoofed.
• [36:50] The predominant attacks are coming from organized cybercrime groups and ransomware groups.
• [45:40] The vast majority of large networks taken out are usually a result of user error.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Jared M. Smith
• Dr. Jared Smith - SecurityScorecard
• Dr. Jared Smith - LinkedIn
• Uncat
• Evasive AI
• Jared Smith - X