DDoS Attacks

Scammers are getting smarter, understanding the psychology behind
social engineering and the challenges companies face every day
can help keep networks secure. This episode will show how to
anticipate these threats and secure networks against
ever-changing vulnerabilities. We’ll focus on practical,
real-world solutions to protect data and trust.


Dr. Jared Smith joins us to share his insights from his role
leading research and development at SecurityScorecard. He also
co-founded UnCat, a B2B accounting technology company serving
thousands of customers and teaches as an adjunct professor at the
University of Tennessee, Knoxville and NYU. His experience shows
why social engineering is so effective and how companies can
adapt to a world where attackers are always refining their
techniques.


This episode shows how even small oversights or minor issues can
lead to big breaches. Dr. Smith shares concrete steps to
strengthen defenses, and why we need both technical solutions and
employee awareness. By looking at the psychology behind the
attacks, he’ll show that staying one step ahead depends on using
smart security tools and a culture that recognizes vigilance at
every level.
Show Notes:

[01:19] Jared is a distinguished thought researcher at
SecurityScorecard. He's built systems and helps vendors monitor
and secure their networks. He also has a PHD in computer science.
He focuses on Border Gateway Protocol or BGP. 

[02:16] He was also a high clearance government national
security researcher.

[03:02] Jared shares a story about how sophisticated phishing
scams are becoming.

[08:43] How large language models are making more
sophisticated social engineering possible.

[10:26] The importance of thinking about cybersecurity needed
in the next 10 years.

[11:02] BGP is like the plumbing of the internet. BGP
poisoning breaks the typical internet traffic route. It's very
nuanced traffic engineering that uses the Border Gateway
Protocol.

[13:34] BGP is also useful when you have multiple internet
connections and one goes down.

[14:20] The most sophisticated DDoS works are called link
flooding attacks, where they identify links that have a certain
amount of bandwidth, and they flood that specific border gateway
protocol link, effectively segmenting the internet in those
places.

[15:39] Managing DDOS attacks and where the traffic comes
from.

[16:02] Being aware of botnets, because they are what's
rented out or being used for these attacks.

[17:32] Lizard Squad launched DDoS as a service. 

[21:00] Attackers try to get the actual IP addresses from
behind a CDN.

[23:41] How AWS has the ability to manage large amounts of
traffic.

[25:24] There are some DDoS that just require sending enough
traffic to fill up the buffers on the other side of the
application.

[28:15] The size of a botnet for DDoS to take down a big
network like X. We explore potential paths for these attacks.

[32:21] We talk about the uptick on attacks during tax
season. A large accounting firm with a lot of clients could be
spoofed.

[36:50] The predominant attacks are coming from organized
cybercrime groups and ransomware groups.

[45:40] The vast majority of large networks taken out are
usually a result of user error.



Thanks for joining us on Easy Prey. Be sure to subscribe to
our podcast on iTunes and leave a nice review. 
Links and Resources:

Podcast Web Page

Facebook Page

whatismyipaddress.com

Easy Prey on Instagram

Easy Prey on Twitter

Easy Prey on LinkedIn

Easy Prey on YouTube

Easy Prey on Pinterest

Jared M. Smith

Dr. Jared Smith - SecurityScorecard

Dr. Jared Smith - LinkedIn

Uncat

Evasive AI

Jared Smith - X