Subscribe
Share
Share
Embed
On Ahead of the Threat, Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farshchi—a strategic engagement advisor for the FBI who also works as Equifax’s executive vice president and chief information security officer—discuss emerging cyber threats and the enduring importance of cybersecurity fundamentals.
Featuring distinguished guests from the business world and government, Ahead of the Threat will confront some of the biggest questions in cyber: How will emerging technology impact corporate America? How can corporate boards be structured for cyber resilience? What does the FBI think about generative artificial intelligence?
Brett Leatherman, assistant director of the FBI’s Cyber Division: Welcome back to Ahead of the Threat. I’m Brett Leatherman, assistant director of the FBI Cyber Division. Later in the episode, I sit down with Amy Herzog, VP and CISO [chief information security officer] at Amazon Web Services. Amy’s threat intelligence teams recently identified a single actor using commercial AI [artificial intelligence] tools to compromise over 600 network devices across 55 countries in just five weeks. That’s the kind of visibility you get when you’re sitting at the center of one of the largest cloud ecosystems in the world.
We get into AI-enabled threats, how nation-states are targeting critical infrastructure through third-party access, and what it takes to defend the cloud at scale. That conversation is coming up. But first, the news. I’ve got Jason Bilnoski with me. Jason is the FBI’s deputy assistant director for cyber operations. Jason, welcome to the show.
Jason Bilnoski, deputy assistant director for cyber operations: Brett, thanks for having me here today.
Leatherman: Before we get into the news, give folks a sense of your background in the FBI and how that shapes how you lead our cyber efforts on the front lines today.
Bilnoski: Absolutely, Brett. Eighteen-plus years going on 19 now with the FBI. And no matter where I went, no matter where the FBI sent me around the world or domestically through a variety of field offices, I always seem to find my way back to cyber.
So, it’s a privilege to be here once again as the deputy assistant director for operations, to have a front row seat, if you will, against some of the most sophisticated and technical operations that we undertake to counter the adversaries that we face today.
Leatherman: So, you lead the Cyber Operations Branch within FBI Cyber Division. What does the Cyber Operations Branch do day in and day out?
Bilnoski: Well, if you start at the top with our overall mission, which I’m sure you’ve hit on several times, is we drive to impose the greatest cost possible on malicious cyber actors. So, within my branch, our teams work operations coordinated with our 56 field offices that lead those operations along with our domestic, international partners, U.S. intelligence community members, and more and more now with the private sector, with industry partners to drive the greatest consequence, the greatest impact that we can have on the threats we face.
Leatherman: And the two other branches we have in Cyber Division. We had Mike Machtinger on last week, deputy assistant director for cyber intelligence. They’re embedded with our operations teams, your teams who are bringing the fight to the bad actors, helping to lead that intelligence activity, and then our capabilities branch. Tell us a little bit about kind of how they factor into what our teams do on the operations side.
Bilnoski: Sure. All three branches are co-equal in the sense that one cannot operate without the other. We need our personnel within the capabilities branch, our personnel within the intelligence branch, all working together with our operations, with our partners, with our international partners to drive these operations. So, all three work seamlessly together to combat these threats that we’re facing.
Leatherman: And then, kind of before we move into the news, you know, we talked about imposing cost on bad actors, but an equal part of our mission is to impose that cost, but also provide significant assistance to victims of cyber crime. And that is key to what your teams do … and coordinating that across the country.
Bilnoski: No, Brett, absolutely. So, speed matters in cyber, not only as we drive against the threat, but our ability to quickly take information—information in the FBI’s holdings or partner holdings—and respond to victims in near real time. We’ve got it down to minutes and hours in some cases, and that matters for network defenders when they have an adversary either attempting or already in their networks.
Leatherman: Yeah. That’s great. And now talking about the cyber operations branch and kind of leading the efforts to impose cost, on March 4, in coordination with Europol and international partners, the FBI announced Operation Leak, a coordinated joint sequenced operation targeting the LeakBase cyber criminal forum.
LeakBase has been operating since 2021. We identified over 142,000 members, 33,000 threads, 215,000 messages on the forum.
It was a marketplace for database dumps, stolen credentials, PII [personally identifiable information] and software vulnerabilities, all obtained through unauthorized access to victim networks.
The operation involved law enforcement actions against approximately 45 targets in 12 countries. Thirteen arrests, 32 searches, 33 interviews, about 100 enforcement actions in total. We shut down the hosting in the Netherlands and Malaysia and seized the domains associated with the platform.
We also seized the forum’s database, which enables the deanonymization of users who believe that they were operating anonymously. Law enforcement then engaged directly with the suspects through the same online channels they use to facilitate criminal activity, which demonstrates that very few people are truly invisible online.
So, Jason, we’ve seen this progression before. We started with Raid forums, Breach forums, the groups moved to LeakBase, which we just took down. What does this tell us about the threat environment?
Bilnoski: Well, first, every time we expose their activities, it equals failure. By exposing them, we reduce their ability to operate as a criminal ecosystem. These actors evolve and so do we. We’re no longer in that reactive space, but we are proactively hunting the adversary both in the cyber criminal and the nation-state space. We must evolve, we must adapt, and we use every resource we have.
We’re no longer in the business of just arresting. We combined all of our resources, the best-athlete approach. These joint sequenced operations, like this one for the LeakBase takedown ... we do these dozens of times a year. They’re extremely complex, but they’re absolutely essential to pushing back against these criminal actors.
Leatherman: Yeah, I’ve talked about this before. So imposing cost isn’t just about arrests in this space because so many cyber criminals operate from safe-haven countries who don’t cooperate with U.S. legal process. Meaning, we have to go after their infrastructure, we have to go after their money, we have to go after their tools, we have to demask them, we have to identify who they are and publicly attribute that.
The more of those things we do, the more impactful the operation. And this kind of demonstrates that we pursued a variety of lines of effort with Europol and our international partners to remove that capability.
Bilnoski: Absolutely. And we’re going to continue to do operations like this. And more and more, we’re driving to bring in additional partners. For example, we work now closely with the private sector and industry partners. They have tremendous capability, intelligence. And the ability for them to defend their own environments is critical in us to understanding and countering the threats we’re facing today.
Leatherman: Yeah. So, speaking of industry, now knowing that we took this platform down, it doesn’t mean that the data has disappeared. So, there’s been countless transactions, bad guys getting ahold of credentials, exploits, things that can still be launched against industry partners.
If you were a CISO listening to this today, knowing my employees’ credentials could be within that platform, they could be in the hands of a cybercriminal. Like, what kind of action does that translate to on Monday?
Bilnoski: Well, one of the ... several of the reasons why we did Operation Winter SHIELD was to highlight what we continue to see through our investigations. And unfortunately, what we see with victims as they’re facing threats like those that are posed from LeakBase. But again, adopting and maintaining phish-resistant authentication.
One of the most critical, I would argue, steps we need to take to protect against stolen credentials and passwords: implementing risk-based vulnerability management. These actors are not dropping, you know, million-dollar zero-day exploits on victim networks. They’re using the lowest hanging tools that they need or exploits that they need to compromise networks.
And then, of course, your internet-facing systems, edge devices out of, you know … end-of-life devices, all those are really important to making yourself more resilient and harder against these adversaries as they try to, you know, gain persistence or access and persistence into your environments.
Leatherman: Yeah, the actors are probably not disclosing zero days in a forum like this. Zero days are way too vulnerable … are way too valuable. Which means they’re peddling in exploits for old vulnerabilities, which we see exploited all the time. So, vulnerability management and end-of-life devices: retiring those devices is incredibly important.
So, Operation Winter SHIELD, folks who are interested can see our recommendations at fbi.gov/wintershield.
So, that’s the enforcement side: pressuring the platforms where criminals currently operate. Now let’s talk about how AI is changing the landscape for both attackers and defenders.
On Feb. 20, Anthropic announced a tool called Claude Code Security. It scans code bases for security vulnerabilities and then suggests patches for human review. Before the public launch, their team used it to find over 500 previously unknown high-severity bugs in production-based, production-grade, open-source software. Bugs that survived years of expert human review. The AI found what humans had missed.
Here’s what should be, I think, on every security leader’s radar, because Anthropic said it plainly: The same capabilities that help defenders find and fix vulnerabilities could help attackers exploit them. Attackers can use AI to find exploitable weaknesses faster than ever. So it’s a race, right? The organizations that move first—scanning their own code, finding weaknesses, patching before adversaries get there—are in a fundamentally different place than those who wait to do that.
So, Jason, both sides have access to AI-based technology to review code, to look at vulnerabilities. How should organizations think about these new capabilities to find these vulnerabilities faster than ever?
Bilnoski: Well, you think of it from an offensive and defensive perspective. AI is not reinventing or, you know, inventing new types of cyber attacks. What it is doing is dramatically increasing speed, scale, accessibility of attacks that already exist. So, what would take, as you previously stated, would haven take days, weeks, and months to develop and launch, you know, attacks on networks, can be done in minutes to hours.
We need to use that same technology to defend our networks, but we need to understand that the basics of cyber security, good cyber hygiene, those best practices that we have highlighted in Operation Winter SHIELD, for example, will still hold up against the speed and increased accessibility of the attacks.
The targets still remain the same. We just need to understand how the adversary is using AI and still prevent against the very basic exploits that are being launched against us.
Leatherman: Yeah, a couple narratives, I think, come out of this, which is number one, if you are somebody who develops code or your teams develop code, how are you leveraging AI to now go back and review that code. Because often when we write code, we use software libraries. Not all software libraries remain secure over time or utilize best coding practices.
Now you have a way to, in essence, quality review that code and to look for these vulnerabilities. So, that’s one application is, if you’re developing code, start using it to understand, “Are there vulnerabilities I’m just not tracking?”
I think the other narrative that comes out of this is, even if you’re not developing code internally to your organization, you are deploying code throughout your entire ecosystem at the edge of your networks, on your SAS [statistical analysis system] environments, in the cloud, on premises.
And so, how are you starting to use artificial intelligence to enumerate the code that you’re running, that you’re not responsible for, and then mitigating threats from that? And I think we’ve talked through this a little bit, previously with speed, scope, and scale of AI and the threat actor use of it, especially as vulnerabilities are disclosed. I think of, you know, historically Log4j, several years back was an incredibly impactful breach to code in people’s environments that they just didn’t know about.
It’s only speeding up. The adversaries’ use is only speeding up, allowing them to get to vulnerable systems before we do. And the actors are not going through, you know, control boards to understand when can we deploy AI in our organization? They’re just using it.
And so, I think organizations in their adoption of AI, in support of network defense, to me, it seems like you have to be much more agile in finding ways to deploy it in your environment.
Is that the way you see it?
Bilnoski: Yeah. The adversary does not have to follow policies and procedures and update their manuals for operations. So, they’re quickly targeting, you know, code repositories, as you mentioned, they’re searching, you know, developer forums. They’re finding those tools or those exploits much quicker than teams of researchers will. And then they fire it away. They develop the exploit and they fire it away.
They don’t need the quality control that most code developers seek. So, they have the luxury of being wrong. We do not when we’re defending networks. And so, they’re going to continue to use it for cybercriminal means, such as developing phishing campaigns, smishing campaigns. They’re going to create deepfake and audio in the cybercrim to convince people to inadvertently or, you know, fraudulently, you know, send them money.
And then the nation-state adversaries are absolutely using it to their advantage also. So, while they don’t have to follow the rules, we certainly have to be faster and smarter in our deployment of AI to defend our networks.
Leatherman: Yeah, I’ve said it before. I’ll say it again. It doesn’t mean enterprise adoption of AI. It means using AI in ways that move the needle now. And so, looking for those individuals in your organization or devices in your organization that are most vulnerable, starting to apply it responsibly to those environments, will help you move the needle when it comes to defending using AI.
Alright. So, we’re talking there about AI finding vulnerabilities faster than humans, but the criminals aren’t waiting either. They already have commercial tools that defeat the authentication most organizations rely on. And this week, one of the biggest ones got taken down.
I’m talking about the March 4 Europol announcement of the takedown of Tycoon 2FA, one of the largest phishing-as-a-service platforms in the world.
Microsoft led the technical disruption, supported by Trend Micro, Cloudflare, Intel471, Proofpoint, and others. Law enforcement in six countries executed seizure warrants, which resulted in a total of 330 domains seized. This platform had been operating since 2023 and generated tens of millions of phishing emails every month. It hit nearly 100,000 organizations globally. Schools, hospitals, government agencies.
By mid-2025, Tycoon 2FA accounted for roughly 62% of all phishing attempts blocked by Microsoft. That’s what we’re reading in the post.
Here’s how it worked: Tycoon 2FA used adversary-in-the-middle techniques to intercept live authentication sessions. The victim then enters their credentials and their MFA [multi-factor authentication] code on what looks like a real login page.
The platform captures everything in real time, including session cookies. The MFA works as designed and the attacker gets in any way. The subscription price for this platform, $120 for 10 days.
So, Jason, this is exactly why we say phish-resistant authentication, not just multi-factor authentication, is important. So, this operation; what’s the takeaway here for defenders?
Bilnoski: Well first, unfortunately this is just one of many of the criminal organizations that are out there and platforms that are operating, that as defenders of your network or as individuals working, thinking you’re in a secure environment, you simply aren’t. Especially if we’re not using the most secure systems, like phishing-resistant MFA that, we have to have it.
If not, there’s adversaries. There’s criminals out there like this for, like you said, 120-plus, you know, they can have a 10-day subscription to start, you know, harvesting credentials from a variety of organizations. So it’s scary stuff if you’re a CISO of an organization and trying to use the tools that you have at your disposal thinking they are working and you have criminals out there.
We also need to highlight once again what we’re seeing from industry and our private sector partners: amazing capability and insight to the threat based on the platforms and the environments that they manage. And their ability to disrupt the threat should not be understated.
Leatherman: Yeah, I want to talk about that in just a second here. But first, you know, what we identified here, or what Microsoft, Europol, and others identified is that FIDO2 keys, device-bound passkeys. They were resistant to this type of attack that was being used by these actors. Push notifications, one-time SMS codes, they’re not.
And so, how do organizations start to think about how they defend identity? And I heard one of our colleagues in industry say, “Identity is the new perimeter for cyber attacks.” And so, how should we start to think about looking at our credentials and how we implement better safeguards to our environments through that?
Bilnoski: Yeah, it’s one of the most critical functions to defend is identity management within our networks and within our environments. You know, simplicity. And for, you know, ease of use. We went to SMS and other less secure means of authentication. We have to get back to a place where, I know a lot of organizations are getting there when we have those true, those FIDO keys, those security keys, to defeat these low-level attacks to our authentication, identity management.
We’ve got to get there. We’ve got to get to that place. One of the reasons why we continue to highlight that because when we see victims, still the majority of attacks we see are due to weak multi-factor authentication. They’re getting into the environment and it’s off to the races at that point.
Leatherman: Yeah, I agree, authentication is the perimeter now that is that is under attack. And the adversary will always take the path of least resistance. And targeting the end user often is the case. And so, enhancing technical safeguards around them is incredibly important.
Now, I want to touch on that piece that you mentioned about the importance of industry and how industry is playing an increased role in conducting these disruptions.
Last week I talked, or … the last episode I talked to, Mike Machtinger about, Google’s takedown of IPIDEA. And now we see Microsoft and these other companies taking action against this platform. What to you, as the head of cyber operations for the FBI, what does that show in the way of industry’s role in conducting some of the disruptive operations that we’ve been seeing, and where it may be going?
Bilnoski: You know, if you asked me this question two or three years ago, we would still look to industry or private-sector partners as either victims of an attack or perhaps, you know, reports, information, reporting stream, on attacks. That is no longer the case. They are an equal partner in the operational space. In fact, we frequently engage with a variety of industry partners when we’re planning these joint-sequenced operations.
The value they bring not only to their customers and the individuals that they protect, the value they bring to law enforcement and our partners around the world to disrupt this threat is simply impressive. We’re in a place that we’ve never been before in our operational space, and we now plan our operations based around not only our, you know, domestic and international law enforcement partners, but what does industry know and what could ... what steps could industry take to help us defeat this threat?
Leatherman: Yeah. So I think what industry, what you’re hearing here from FBI Cyber Division is kudos to everything you’re doing to increase cost to malicious cyber actors. Kudos to the Europeans for embracing industry’s role in this particular takedown. We’ll continue to leverage this all-of-society approach that the actors are using to target us to defend the homeland as well.
So, Jason: Appreciate you being here and appreciate what you and your teams do every day. Thank you.
Bilnoski: Thanks, Brett.
Leatherman: So, three stories this week: We took down one of the largest criminal forums for trading stolen data. We saw AI creating new tools for both sides of this fight. And we disrupted the platform responsible for more than half of the phishing attacks Microsoft was blocking.
The common thread: the FBI, law enforcement, and our partners are on the offense. And the fundamentals—like phish-resistant authentication, patching, knowing your attack surface—are what separate the organizations that hold the line from those who end up getting breached and having significant impact as a result of that breach.
So, our next guest sees all of this from the center of one of the largest cloud ecosystems in the world. Amy Herzog is vice president and CISO at Amazon Web Services. My conversation with Amy is next.
__________
Leatherman: Welcome back to “Ahead of the Threat.” My guest today is Amy Herzog, vice president and chief information security officer at Amazon Web Services. She previously served as CISO at Amazon for devices and services, media and entertainment, and advertising, overseeing security for Ring, Alexa, and Amazon Leo. Amy joined Amazon in February of 2023 and was appointed to AWS CISO in June of 2025, which was consequentially when I was also appointed head of Cyber Division.
Prior to Amazon, Amy held executive and security engineering roles across startups and large enterprises. Amy, welcome to “Ahead of the Threat.”
Amy Herzog, vice president and chief information security officer at Amazon Web Services: Thank you so much for having me on. It’s a pleasure to be here today.
Leatherman: Great. Well, you’re VP and CISO at AWS, one of the largest cloud ecosystems in the world. You guys have tremendous … a tremendous view of the threat landscape given the infrastructure that you own and operate. You run small business, you run professional sports—because I see all the time that the statistics are built on AWS—and you also run, Fortune, you know, business for Fortune 50 companies.
Tell me what your teams are kind of seeing. What do your teams do and what visibility does that give you into the threat landscape?
Herzog: Yeah, I think we have a really unique view into the threat landscape, as you mentioned, because we are crossing so many different industries. And that means that, you know, we’re attentive to all of the different kinds of threat-actor motivations there are. Right. There are, you know … nation-states are within our scope and financially motivated threat actors are within our scope, and we kind of see it all.
And I think that … one of the things that I love about what we can do here is that AWS is a very security conscious, security first, let’s figure out how to do it in the engineering way and the fast way and the innovative way kind of place. And that’s a great thing for, you know, for a CISO to have as an advantage for their team.
We have great relationships with our business partners. We take very seriously our obligation to make sure that security is accelerative to the business. That we are an enabler and a way for them to deliver awesome things to customers quickly, rather than a gatekeeper or a “Department of No,” which has sometimes been my experience in the past. And it’s super important for us to be co-builders with the products teams.
And it’s really easy to do that at AWS. And I think that’s a lovely perspective for us to be able to have and then to share with all of our customers.
Leatherman: Yeah. And you have an engineering background. So, engineering factoring into security, that all makes sense to you as CISO now.
Herzog: Yeah, I will admit to a certain inherent laziness where if I have to do the same thing twice, I would like that to be automated. Laziness, impatience, easily bored. Like all of those have an aspect, right? But I look for ways to automate and move at speed.
Leatherman: So, tell us about the kind of, the cloud environment. I think, you know, you talked about the fact that security really plays a role now in everything that you do. I know historically, when it comes to cybersecurity, devices were built so folks could operate them. They were built for function, not necessarily security. Cloud is still new in the world of technology, and so it gives us somewhat of an advantage of being able to start building that security in early.
Is that kind of what you see? It’s a new technology, which means today we can start building security in place before or at the same time we’re currently engineering functionality and speed-of-use and ease-of-use at the same time.
Herzog: Yeah, I think it’s really important to recognize that security is functionality, right? And that’s one of the things that’s been true for the cloud, you know, since its very inception. It’s important to all of us here that as we make a place that’s fast, that is easy to use, that helps all of our customers further their businesses, they get security baked in from the ground up. They’re building on top of infrastructure where we understand what it means to be secure.
We can constantly iterate what that looks like in an agentic world, in an AI world, as the threats are changing. You know, that’s something that we build in from the start. And I think that the cloud does give you an opportunity to do so quickly and without disruption to the business.
Whereas early in my career, engineering meant, you know, deploying a new thing meant that we were going to bring everything down, or we had overnight installs, or we had, you know, times where you couldn’t make changes to production. And all of that, now the cloud helps you sort of move past it.
So, automatic failover, you know, that the logs are automatically where they need to be, we support the right kind of authentication, and credential rotation is easier. All of this stuff can happen kind of below the notice of the business without slowing them down at all.
Leatherman: And for businesses who don’t have a threat intelligence team or businesses who don’t have a robust threat intelligence team, or even businesses who have really good threat intelligence teams, they probably don’t see the kind of telemetry that your team sees. So, talk through how you protect customers, given the telemetry and the visibility that AWS has across the ecosystem.
Herzog: Yeah, I love this. We’ve published a few threat intelligence blogs recently that have showcased a little bit of what the world looks like to us, what you can notice if you’re seeing things at scale across; sort of the scale of the internet. And there are a few things that we see that we try to help all of our customers and work with our partners to address. One of them is that we are seeing attackers getting faster and more sophisticated thanks to the use of AI.
You know, after the React2Shell vulnerability in December, we saw attempts to exploit that were pretty scaled within hours. And so that really means that some of the things you’re focusing on with Winter SHIELD are super important, right? You have to understand what you’ve got. You have to understand how it’s configured, and you have to take that risk-based approach to vulnerability management.
And we’re also seeing attackers … kind of operate in the same economic realities that we do. So, one of the things that we wrote a post about was a Russian state-sponsored set of actors pivoting from exploiting vulnerabilities—which has an expense to it, it’s a slower cycle—to taking advantage of misconfigured network devices.
Like, “Oh, there’s this thing on the edge that is misconfigured, and maybe it’s easier and cheaper for us. We’re flying lower under the radar to attack those devices and then use that vantage point instead of the latest CVE [common vulnerabilities and exposures] to move laterally through the network.”
And then, I don’t think I can say this enough, and I think it’s so important for smaller or medium sized businesses or places without an active threat intel team, the basics are always super important, right?
It’s … it is important to keep up with the latest CVEs. We’ll help you there if we can. But also, if you’ve got single-factor authentication and there’s weak passwords, like the attackers know how to how to exploit easily, cheaply, quickly that way. So, you have to attend to the security fundamentals.
Leatherman: Yeah, I think your blog posts demonstrate that and maybe we can go through a few of those because those bring reality to kind of what we’re seeing today. And as we point out, through Operation Winter SHIELD, the top 10 controls really are the fundamentals that continue to get exploited over and over again. It’s not necessarily zero days or end days, like, it is truly the fundamentals that are being exploited.
In the most recent post, just from a few days ago, was the … AI augmented threat actor accessing FortiGate devices at scale, meaning we all see edge devices getting targeted by malicious actors. But in this case, Amazon put a blog post out that said a low-skill, Russian-speaking, financially motivated cyber actor used commercially available AI tools to compromise over 648 devices across 55 countries in roughly a five-week period from January 11th to February 18th of this year.
In this case, Amazon said that AI didn’t necessarily make the actor smarter. It made a mediocre actor faster and scalable. And, by the way, I love publicly calling out hackers as mediocre actors, so appreciate you guys doing that. In this case, the actor used at least two commercially available LLMs [large language models] across every phase of operations, which included scanning, tool development, attack planning, post exploitation, reporting.
And they built custom Python packages, really to go after … those devices. There were no vulnerabilities in these devices, from Amazon’s perspective. But really it was targeting and scanning these devices based on open ports and looking for weak credentials. And as a result of that, they were able to exploit the devices, really set up the ability to capture stolen credentials from there, all the credentials that come through those devices, and replay them against other devices in the network.
And so, I think that’s a different conversation than what we’ve had recently, where it’s the sophisticated actor use of artificial intelligence to target victims. This is less that and probably more in line with where we’re at today, which is those mediocre actors being able to be … have increased impact on organizations that they might not otherwise be able to exploit.
So, from your perspective, kind of where does this blog, on the use of AI, what does that mean to us? Where does that take us, you know, over the next few months?
Herzog: Yeah, yeah. It was such an interesting phenomenon. I’m so glad that, that we’ve got the blog post for people to be able to read up on the details. You did a great job summarizing it. I think, given that I have a combined business and security background, one of the lenses that I view this through is economic. The AI tools for the especially for the less skilled actors, are changing the economic trade you make when you decide to carry out or not carry out an attack.
If a target is not that high value to you, and it’s expensive to scan for weak credentials and exploit them, then you’re not going to do it. But AI, in this case, we’re seeing, it reduces that cost and time to carry out an exploit. So, why not just, you know, search broadly and quickly as far as you can when you … when you know how to get into a system, because maybe you can go from there—given all of the 3P risk that most enterprises have—maybe you can go from there to somewhere else.
And so, it just changes the way that they view, I think, the return on the investment and the time to attack. And it was super interesting, this case, because we saw definite explicit signs that this was not a sophisticated actor. I spend my day worrying about sophisticated actors. I know you do, too. But what we saw was that when this actor ran into a hardened system or something that was you know, more properly configured or that looked more time consuming, they just went on.
They just abandoned it to the next one. So, that that shows a kind of opportunism of the less-sophisticated actors. And I think it just reiterates how important it is for us to attend to those fundamentals; make sure we understand what we look like to the internet; what are our internet-focused endpoints? How are they configured? So, that we can kind of get on defending at scale, in the same way that we now see attackers adopting this technology.
Leatherman: Yeah. It was interesting. Your point … when they saw … when they got resistance, when they saw that the fundamentals were in place, they simply moved on and they went to the next organization. And I think for most small to medium and even large businesses, that’s the goal … is to plug those gaps so that they do move on so that they find the next organization and were not a victim as a result of that.
And I think that that is part of the story here.
Herzog: Exactly. We’ve, you know, we’ve been focused on defense in depth or layered controls, or kind of whatever the phrase du jour is to describe it since the beginning, because we know that many threat actors are opportunistic. And if you make the cost higher for them, they’re more likely to go on to somewhere that does not have so many of the fundamentals.
Right. It’s an eternally important principle.
Leatherman: Yeah. What goes into the thought behind publishing this kind of intelligence? Because what you guys could do is take that, defend your customer base, which is a tremendous amount of security here in the U.S., anyway, because of the amount of people who ride on AWS infrastructure. So, you could take that, apply it, and have real impact on defense, but instead you guys go out and publish this information publicly.
What goes into factoring around what you put out publicly?
Herzog: Well, we’re embracing the power of “and” here. We definitely take everything that we see and turn that into defenses, both that our customers can leverage immediately and kind of autonomously on their own in GuardDuty or … in some of our other security products. And in the work that my team does to identify and close down stuff that we see that shouldn’t be going on.
So, there’s definitely a bunch that we do that’s both immediately visible to customers and then not, behind the scenes to make sure everyone is protected. Because this is not … like we can’t protect ourselves in isolation. Nobody can. Cybersecurity is a team sport, and when we think that there’s great benefit to the kind of general defender community in sharing differences that were noticed—changing in the attack approach that we notice, trends that we might see before others—then we do try to figure out how to safely share that threat intelligence so that we can all improve our defenses.
And this is a classic case of that, right? Where we’re seeing folks who might not have … who might not be living in the nation-state worry place, understand that they might have to worry about more sophisticated and faster attacks than was true two years ago.
Leatherman: Yeah, I think this really hits home the fact that even if you’re a small business, it doesn’t mean you’re hidden to the adversary, right? I continue to hear that in my conversations with businesses throughout the country is, “Why do I have to worry about this? Because I’m like, not … I’m not somebody of consequence to a Russian national or a PRC [People’s Republic of China] state hacker or anybody, frankly.”
But this tells a different story, right? It shows that there is a level of automation that goes into targeting, that even small businesses should pay attention to.
Herzog: Yeah, absolutely. And the good news is that this is not an … like this does not have to slow down your small business. This does not have to be a bunch of friction and a statement that you can’t do things. It just means that you need to think about those fundamentals in the small moments. You know, when you’re setting up a third-party software connection, make sure it’s MFA [multi-actor authentication] enabled.
If they don’t offer MFA, then think about whether you’ve got alternatives. There’s easy ways to make sure that you’re protected from the start that don’t require an awful lot of friction in getting those fundamentals right. It’s not that you need to have, you know, an expert in zero day defense on your team. You need MFA.
It’s not that, you know, you have to have a team of engineers, even though you’re a tiny business developing defenses. You need to patch. The fundamentals are pretty accessible and quick.
Leatherman: Yeah. Those 10 fundamentals that we have highlighted in Winter SHIELD are meant to be things that anybody can move the needle on in a short amount of time. We recognize that they’re not something that holistically people can always apply across the enterprise.
But at the very least, we’re trying to give meaningful ways that folks can implement risk-based solutions for all 10 of those to at least begin to start to move the needle and hopefully help those actors move on from you, like ping your environment, and say, “They’re hardened enough that we’re simply going to move on from there.”
Herzog: “Not worth it. Next.”
Leatherman: Yeah. So, in December of 2025, mid-December, Amazon Threat Intelligence put out another blog entry. This one identified Russian cyber actors targeting Western critical infrastructure and, in this case, Russia’s GRU, known as Sandworm, was targeting Western critical infrastructure, especially within the energy sector.
The most significant finding was that by 2025, the GRU reduced its use of zero days and N-day exploits because customer misconfigurations gave them everything they needed for free.
So, the tactical evolution really told the story here. 2021 to ‘22. They exploited watch guard vulnerabilities … but also began targeting misconfigured devices. ‘22 to ‘23 they exploited confluence vulnerabilities, continued hitting misconfigurations, regardless during that time. In 2024, they exploited additional vulnerabilities in other environments. But in 2025, they largely stopped exploiting those vulnerabilities and they sustained focus on misconfigured edge devices.
At that point, they said, “Okay, vulnerabilities are taking a little bit more time than actually finding those misconfigurations.” So, while we’ve talked about the importance of vulnerabilities in patch management, there’s an importance in understanding—whether you have an on-premises or cloud environment—what that configuration looks like across that environment. It can be S3 storage, which we see a lot of exploitation.
A lot of folks try to put, security in place there, but because of misconfigurations, the actor gets in and exfiltrates a lot of storage. What are you guys seeing in that space? Is it significant where we can continue to see actors targeting misconfigurations? Is it primarily vulnerabilities? Is it a combination of both?
Herzog: Yeah, I … combination of both. I would not want anyone to take that blog as a signal that vulnerability management’s not important. For sure it is. We definitely see plenty of threat actors focusing on known CVEs with proof-of-concept exploit code out there. So, it’s not that that’s not important. But particularly when there is a more focused target, I would say, and stealth over time is an important part of a threat actor achieving whatever objective they have.
We’ve definitely seen some pivots to, “How can I be cost effective and slip under the radar as much as possible?” And network edge devices with misconfigurations are attractive from that perspective because it just looks like normal network activity, or you’re using credentials that are valid.
And so, in addition to making sure that you’ve got good patching hygiene, we think it’s really important for businesses to look at what their network edge devices are, how they’re configured, and to be sensitive to things like credential replay attacks and to work it into your game days.
“What if this were not, you know, acting not … what if this edge device were compromised and acting in an unusual way? Would we catch it? What would we do if we caught it? How fast is that cycle time?” Yeah. So, that’s the sort of goal in that blog post, was to make sure that folks understand that adversaries also adapt to making sure that they can, you know, achieve their goals as cleanly as possible, whether that’s cost or speed or stealth or etc.
Leatherman: Yeah, that one also targeted, I think, MSPs [managed service providers] in kind of third parties connected to critical infrastructure networks. So, here they are, state actors targeting energy sector, critical infrastructure, but they’re looking for, in some cases, the path of least resistance, which is that third party that connects to the environment. They might be, you know, just … they may just have remote access to the network, or they might be managing devices, those edge devices for critical infrastructure.
And so, I think for all of us, that shows we have to start to really understand the trusted third parties who connect to our environments and how we mitigate risk associated with those third parties.
Herzog: That’s right. Exactly. The great thing about the world we’re living in now is that I don’t have to invent absolutely everything I need to run a business. There’s lots of undifferentiated work that, you know, a third party is happy to sell me fast, to solve. And the flip side of that, from a security perspective, is we’ve got this very complicated, interwoven, transitive trust set of relationships for basically any business or enterprise today.
And so, making sure that you understand what your picture is, that you are prioritizing kind of how you’re restricting or setting up your integrations with third parties based on risk, like that’s now a key factor in the, you know, security and business’s accountability or obligation that, you know, wasn’t true when I first started my career.
Leatherman: So, talk a little bit more about that, because, you know, a lot of people will say, “Well, third parties are cloud providers, like AWS. Third parties are people who come in and remotely manage my network. Third parties are people who manage devices within my environment, or third parties are also people who don’t touch my network, but they house some of my data.”
What are some of the questions executives should start to think through? Not necessarily the CISOs or the network defenders, but executives, who have overall risk management, responsibility, fiduciary responsibility for the organization. How do they start to approach that from a risk management standpoint? What kind of questions should they be asking?
Herzog: Yeah, I love the way you framed that question. One of the things I love most about working at AWS is that our security culture means that business leaders are deep owners of security. It’s not just my job, it’s our joint job. And the business leaders recognize … right? … recognize the fact that this is, this is their responsibility as well.
And so, they’re deep … they deeply care about it. I would ask about … Let’s see. I would ask about their practices in-house, and I would make sure that that’s not just a one-time question, but that’s an ongoing thing. I would ask about the paths where we know attackers like to live. I would ask about authentication. I would ask about credential replay attacks.
I would ask about their incident response plans and how often they get exercised, and if you could do something jointly because that’s the time when you want things to work smoothly and to know how it goes. You don’t want your first interaction with a third-party security team to be when something’s happening. I would ask about … their third-party dependencies.
If it’s a particularly, you know, if it’s an engagement that requires a lot of trust, you’re giving them API [application programming interface] access. They’re going to have a bunch of your data, they’re going to store your creds. And then I would ask about log retention. This is a little bit of a nerdy security topic, but I think it’s a blind spot for some executives.
I’d like to sort of encourage us all to ask about log retention, because the time of compromise to time of action is not 30 days, in many cases. It’s not even 90 days, in many cases. Like you want to be able to go back and know for sure what happened six months ago, eight months ago, 10 months ago.
So yeah, I think if I had a short list for executives who wanted to ask about third parties, it would be authentication, logs, and response.
Leatherman: Let me … will you let me jump on my soapbox for a minute?
Herzog: Of course, of course.
Leatherman: Okay. Because you mentioned something that we have not mentioned yet on this podcast and that is log retention, log management. It is incredibly important. It’s a topic that we haven’t touched on yet here, but is included in Operation Winter SHIELD. And the FBI does incident response all the time. We’ve got teams … Our Cyber Action Team is deployed on multiple incidents right now.
And one of the few things that they look for immediately is trying to pull in the log files, because it helps do a variety of things. It helps with attribution, to understand who the threat actor is, often what their intent is. It demonstrates whether there was exfiltration or not or whether it was just an encryption event. It also, really importantly, can help you determine if you’ve contained and eradicated the actor.
There may be situations if you don’t have good logs in place, that you may feel like you’re in a good spot as an organization post breach, but you cannot say whether that actor was contained and eradicated. And two weeks, two months later, they may be sitting in your environment and they may actually execute a more consequential attack because you have tried to go through and eradicate them.
And they have dug in. They’ve moved laterally so persistently and impactfully in that environment. So, I want to foot stomp that from the FBI’s perspective, that log management and log retention is incredibly important. And a lot of folks think through like, “My servers have got to have logging on them.” But increasingly you want to ensure, like authentication logs, especially around your most important users who have privileged access; those edge devices right now that are the conduit to get in and out of your network; that’s where often where the actors get in.
There’s ways to pull those logs into one location. And I know it takes a little bit of work, but it’s so important to centralize if you can. But to really start down the path of, “What do we log? Do we log enough? And how long do we retain those logs?” is incredibly important.
Herzog: That’s right. I’ll join you on your soapbox. Like there’s not really anything like logs, just in terms of return on that investment when you need it because of all of the reasons you said. Like, it’s great to be able to say, “We were able to conclusively determine that this is it.” It’s great to be able to say, “We need to go and tend to this thing, too.”
And, you know, as you get more used to using them and collecting them and correlating across them, it helps you be a better defender because the logs have the signs of how the threat actor was trying to accomplish what they were trying to accomplish.
It’s good sort of intelligence, if you will, about what you’re dealing with and what they’re after and what’s attractive in your environment. And that can help you make sure that as you defend, you’re doing so in the most effective and efficient way possible. Yeah.
Leatherman: Yeah. And actually, that’s a good point because not only are they good when it comes to incident response and really informing how you conduct incident response, you can effectively use your logs now to help build your own cyber threat intelligence program internally to your organization. You can understand what the … boundary connections are from adversaries like, what are they doing at our edge?
Have they gotten in the environment? What kind of vulnerabilities are they scanning for? You can build your own cyber threat intelligence program just by looking at how adversaries are targeting you, and then correlating that to an extent on your blog posts, you know, the posts from other major tech providers. So, there’s utility to analyzing those logs rather than just storing them, every day, and understanding kind of the threat-actor behavior.
Herzog: Yes, absolutely. And as you … like, if I bring the business tie into this a little bit, as you have to make prioritization decisions, right? Where do we harden first? Where is it most important to make sure that we’ve got MFA super tightened up, not just for our employees but for those third parties. Like it just helps you make those decisions more effectively toward a secure outcome.
Leatherman: Absolutely. Okay. You mentioned it. So, I’m going to jump into it: React2Shell. So, that was something that was announced … I remember, in early December. I was at a tech conference when that first went public. And so, my teams pinged me to let me know new very significant CVSS [Common Vulnerability Scoring System] 10.0, vulnerability out there that’s going to have tremendous impact.
Shortly after I got it, I started to notice all the tech folks around me going to their phones and kind of checking in with their teams. And it was it was one of those moments. You don’t see them often in the cybersecurity community, where you look across the room and you start to see something’s happening here, right?
That was a big one. So, for those who don’t know, CVE-2025-55182—React2Shell. It really was one of those moments where it was a huge critical vulnerability that impacted many people. But I think the story here was the scale of exploitation. And you reference that. Can you kind of talk through what you guys saw when it came to speed and scale of exploitation of that vulnerability when it was announced?
Herzog: Yeah, absolutely. It was really … like the time lapse from public disclosure to active exploitation attempts was notable. Like this, this was ours. It was really they all needed to be on their phones across the room because it was happening pretty much right away. And the other aspect of the activity that we saw that was notable was that, we observed both kind of automated scanning tools and different individual proof-of-concept exploit attempts.
So, we kind of saw both the speed to action and the breadth of action, we thought, were notable in … in this case. And I think, you know, you hesitate to do too much attribution in a case like this, but I think it reiterates the most recent blog post and kind of ties with that. We’re really seeing actors be able to act quickly, iterate quickly, develop quickly, and have the sort of breadth-based attack fast, where if a public exploit that is disclosed, they’re just able to rapidly integrate it into scaled operations from a threat actor perspective.
Leatherman: What does that mean for organizations who are still operating in that 30-day patch cycle? Right? I think, you know, many organizations still are like, “Assess the patch. Will it work in a production environment?” How should we start to assess that 30-day patch cycle as a result of something like this vulnerability?
Herzog: I’ll step on my soapbox for a second. Obviously, if what you’re, you know, where you’re at is that 30 days is an improvement, by all means, make the improvement. But I think for the CISOs who are listening to this podcast, I would really like us, as a field, to start moving beyond binary evaluations of our defense actions.
Am I an SLA [service level agreement] or not? I have an SLA. Did I need it or not? That’s binary. You’ve either succeeded or you failed. And if you’ve failed, like, where’s your motivation to do anything about that? Toward one that helps us understand our true speed to response so that we can keep tabs on how that’s stacking up against threat actor action.
Right? I’ve been very passionate about this over the last few years. In part because of, you know, what we’re seeing on the threat intel side that there are lots of good reasons to track a 30-day SLA. Many compliance regimes are based on that. You got to know that information. But if you’re a CISO talking to business leaders and your teams, I want you to think about what common time to exploit is in the wide internet right now, and then know how you’re doing against that.
Communicate to your business leaders how they’re doing against that so that they can understand not just, “I’ve met my SLA,” but here’s where you are. Here’s what your internet edge looks like. Here’s what it looks like five days out. Because, you know, a 100% SLA success rate can look pretty different from a pragmatic adversary standpoint. If you’ve got 95% of stuff done within three hours, because you’re auto patching everything and you’ve got a long tail, that’s really different than everything was open for 29.5 days, and then you got to it.
Leatherman: Yeah, I talk about that a lot. With regulated organizations. I get to speak at different events across different sectors. And many of those organizations are regulated. And sometimes you’ll hear folks say, “We meet regulatory requirements.” And regulatory requirements are reacting to what happened two or three years ago often and not what’s happening today. And so, simply meeting an SLA or simply meeting a regulatory threshold, I would argue, does not mean you’re secure. It means you’re secure against what regulators or others may have seen several years ago.
Instead, we should be continually looking at what the actors are doing today and driving towards that. And it’s not to minimize the importance of having SLAs or regulatory requirements in place, but it does … there is something to say, what we’re seeing today is not reflected in SLAs and regulations often.
Herzog: Yeah. I mean, I think they’re aiming at different things, right? We want to have a basic understanding of a shared “it doesn’t matter what your context is. We think this is a reasonable bar goal.” I think there’s a really important place for that. And it’s, you know, in the spirit of security being an enabler, there are situations or businesses or cases or machines in which that’s a completely appropriate thing.
And me pushing for a super expensive automated response is just not the right allocation of resources against the threat. Like so, I’m not, I’m not out to diminish the importance of those regulatory standards at all. I just don’t think as security owners, our job stops there. If that makes sense.
Leatherman: And metrics matter. And learning to drive … like our understanding of what dwell time looks like or what, time to contain or, remediate in certain environments, like really trying to understand what is, what is important in our environment, where should we focus those metrics on, and then driving our defenses towards some of those metrics and then measuring that, measuring ourselves against that, that would probably drive meaningful results.
And communicating the same to business owners, to executives, to boards of directors is incredibly important. One thing you’ve hit on a couple times now in the podcast is the idea of incident response and really starting to understand how are we going to respond to an incident? I’m a, in addition to being an FBI agent, I’m a pilot.
And so, we prepare all the time for emergency situations and what we do is we practice, practice, practice. There’s a low likelihood we’re going to run into certain scenarios, but it’s going to be a high impact if we run into it. And so, we ensure that what we do is a reaction to our training and how we exercise that training.
I don’t think we do that enough in the cybersecurity discipline. And where we do do it, I think it’s the CISOs or the cyber defenders who do it, and it’s not other people who are buying into that. Can you kind of talk through your perspective of tabletop exercising your incident response plan and the importance of doing that?
Herzog: I think it is crucial to practice realistically and regularly. Like I can’t … particularly for small or medium businesses or companies where they’re not living in the nation-state world all the time. That’s not what they’re thinking about when they get up. Like, I can’t overemphasize how important it is to practice what you’re going to do. This is a bunch of, you know … I love that you’re a pilot … a bunch of safety focused industries do a great job of this.
And I think security could learn a lot from the kind of safety practices that involve, but just go through it. And there are a couple of things that I think are important there. One, it needs to be realistic. You can’t pregame it too much. The scenario has to be realistic. Most people need to know that … not know exactly what’s going on.
And a thing that I think often gets overlooked is that business leaders, legal, communications, like critical third-party engagements where, you know, you have a lot of trust, law enforcement … like they all need to be part of that practice because at the end of the day, security is about customers. And that means an incident is a business crisis.
It’s not a security crisis. And you need to help your executives, your legal folks, your messaging folks all understand what it will look like to make very quick decisions under tremendous amounts of pressure, with limited information in scenarios like that. I just don’t think it can be emphasized enough how important that regular practice is.
Leatherman: Yeah, I think, in our discipline, whether you’re a pilot, whether you’re a law enforcement officer and you tabletop or you walk through these unlikely scenarios, but with high impact, what you’re looking for are gaps. Where are our gaps, right? And what we see in doing our incident response with victims is the gaps often are with outside counsel or legal counsel, and understanding, at what point they’re going to bring in and share data with law enforcement and the value that law enforcement brings, and how law enforcement protects that information.
We’ve seen it here in recent weeks, and I feel like it’s Groundhog’s Day. We explain to them over and over like this is what we can … this is the information we can get you to help with your containment and your eradication efforts. This is how we protect your data.
But I’ve also sat in FBI field offices where we’ve been a part of tabletop exercises for corporations. And we can bring insight to those tabletops to help before a breach. Outside counsel, inside counsel, the C-suite, the board of directors, understand what it is that we do with data and the value that we bring.
The same is true for, like you said, media messaging, because inevitably, if it’s a significant breach, you’re going to have to deal with the media at the same time you’re dealing with crisis, and finding those gaps is critically important.
And when you bring everybody together and bring those unique perspectives together, you’re going to start to see those gaps and then you start to iterate your incident response plans off of those so that when crisis actually does happen, you’re much more aligned. And that’s what we see. Folks who do that are tremendously successful when it comes to incident response versus those who are doing it for the first time.
Herzog: Yeah, I’m so glad you brought that up. As important as practicing is fully debriefing. No blame. Like just talk about what happened. You’ll identify gaps, make sure they have owners, make sure that the owners are tracked and accountable for closing the gaps. And so much of what happens in a live incident builds on relationships that you need to have set up beforehand, and like highlighting that through an exercise.
Go to your local field office. Make sure you’ve got all of their relationships and alignment ahead of time … makes the difference between successful incident management and not.
Leatherman: Yeah, agree. Well we’ve talked about a lot. Let me give you a few seconds to kind of think through what we’ve talked through and what you would tell organizations to start considering today as a result of our conversation.
Like if you had a few minutes to talk to stakeholders, whether it’s the CISO, the outside counsel or the board of directors, what are some of the things that, from your perspective leading cybersecurity at AWS, you would want to impart to help them understand how they start to approach the current threat environment?
Herzog: Yeah. I think maybe I’ll talk through three things kind of in increasing order of complexity, or detail or the number of people you’ll need to get involved. Maybe.
I think the first is … we touched on it a little bit with the SLA topic … but really internalize both as a security leader or as a business leader listening to this conversation, that security is part of what you deliver to customers.
It is part of the customer experience. Whatever your business is, whatever your threat model is, big or small, a secure experience is part of what your customers need to get from you. And everyone owns that. And if you don’t believe that, like dig into it, figure out how, you know, what’s the disconnect between what I’m saying and how you see the world.
Because I truly think this is true. And then second, learn from us that adversaries are really good at exploiting fundamentals. This is their preferred way to attack a system. And so, you don’t need to be at the latest edge. You need to get your fundamentals settled. And the good news is we have lots of help for you, like we have access analyzers that can tell you who can get to what.
There’s tons of stuff out there on easy multi-factor authentication. All of these problems, we know how to solve them cheaply and at scale. So take advantage and tend to your fundamentals work. And then if I can go one further to just where we wrapped up, think about what incident response looks like for you. Practice it.
Make sure that you’re doing this quarterly with all of the stakeholders, as senior leaders come into and out of your organization. This kind of culture and practice needs to be repeated.
And then consider this not just the security team, not just the security and business owners, but all of the outside stakeholders, including relationships with law enforcement that you need to attend to. I think that’s like the most important next important.
And then if you’re there, here’s where you go next.
Leatherman: Well, that I think sums up our conversation really well. What I would say is in addition to that is, what matters is taking the first step. And so, I would encourage everybody listening today to start to think through baby steps like, what does it take to start approaching this problem? And it starts with conversations. It starts with conversations with your CISO, your board of directors, your inside, outside counsel.
We’ve talked about that. But really, what can we start to do in the most important parts in our … of our environment, where our data, the most important data, where the most important people log in? And when I say most important, I mean privileged access and those who will have the largest downstream impact—and start to put those controls in place around those things and then start to build out from there.
I think that first step is incredibly important.
So, Amy, thank you for being on the show. Thank you and the AWS teams for what you do day in and day out to help Fortune 100 companies, our professional sports teams, and small and medium businesses defend themselves from an increasingly harsh threat environment. And from me and FBI Cyber Division, thank you for the partnership that you have with us and FBI Cyber in helping to defend the homeland.
Herzog: It’s been such a pleasure. Thank you so much for having me on. What a great conversation.
Leatherman: Thank you. To our listeners: Thank you for tuning in to the podcast. If you haven’t already, you can explore operation Winter SHIELD by going to fbi.gov/wintershield. It’s the FBI 60-day campaign to defend the homeland by focusing on the 10 key defenses that raise the cost of exploitation to the malicious actors.
Until next time. I’m Brett Leatherman, head of FBI Cyber Division. And together, let’s stay ahead of the threat.