The first episode of “Exploited: The Cyber Truth,” a podcast brought to you by RunSafe Security, features an engaging conversation between host Paul Ducklin and Joe Saunders, CEO and founder of RunSafe Security. The discussion focuses on Volt Typhoon—a nation-state threat group attributed to China—and the severe risks they pose to critical infrastructure worldwide.
Learn about the advanced techniques used by Volt Typhoon to exploit vulnerabilities in systems like routers, firewalls, and VPNs, and how they plant persistent backdoors to potentially disrupt transportation, communication, financial services, and energy grids. Joe Saunders shares his deep experience in cybersecurity, highlighting the challenges defenders face, from memory-based vulnerabilities to the complexities of securing legacy systems.
This episode also dives into the importance of adopting Secure by Design principles, rewriting software in memory-safe languages like Rust, and leveraging advanced memory protection techniques. With insights into the geopolitical motivations of nation-state actors and actionable advice for infrastructure owners and product manufacturers, this episode is a must-listen for anyone invested in cybersecurity.
Stay ahead of the threat and gain the knowledge needed to protect critical systems by tuning into “Exploited: The Cyber Truth.”
Speakers:
Paul Ducklin: “Paul Ducklin is a computer scientist who has been in cybersecurity since the early days of computer viruses, always at the pointy end, variously working as a specialist programmer, malware reverse-engineer, threat researcher, public speaker, and community educator.
His special skill is explaining even the most complex technical matters in plain English, blasting through the smoke-and-mirror hype that often surrounds cybersecurity topics, and helping all of us to raise the bar collectively against cyberattackers.”
Joe Saunders: Joe Saunders is the founder and CEO of RunSafe Security, a pioneer in cyberhardening technology for embedded systems and industrial control systems, currently leading a team of former U.S. government cybersecurity specialists with deep knowledge of how attackers operate. With 25 years of experience in national security and cybersecurity, Joe aims to transform the field by challenging outdated assumptions and disrupting hacker economics. He has built and scaled technology for both private and public sector security needs. Joe has advised and supported multiple security companies, including Kaprica Security, Sovereign Intelligence, Distil Networks, and Analyze Corp. He founded Children’s Voice International, a non-profit aiding displaced, abandoned, and trafficked children.
Key topics discussed:
- How Volt Typhoon is targeting critical infrastructure in sectors like transportation, communications, and financial services to create potential footholds for future conflicts
- Why memory-based vulnerabilities are a major risk, enabling attacks that are hard to detect and trace
- Practical ways to secure systems—like rewriting code in memory-safe languages or using advanced memory protection techniques like load-time function randomization
- How Secure by Design and Secure by Demand initiatives can drive adoption of practices to improve cybersecurity in critical infrastructure
