Flashpoint CEO: Cyber, physical security threats converging

LAS VEGAS -- Although physical and cyber threats might appear to exist in different realms, they can often go hand in hand.

At Black Hat USA 2024, Flashpoint CEO Josh Lefkowitz spoke with TechTarget Editorial regarding a range of topics. In addition to the cybersecurity research the vendor is known for, he discussed other aspects of Flashpoint's operations, such as its physical security intelligence business.

Like cyber threat intelligence, Flashpoint monitors for potential threats against customers in both moment-to-moment and longer-term contexts.

"It's a fusion of that strategic horizon line -- better understanding trends and trajectories -- and more tactical intelligence," Lefkowitz said. "We have a C-level executive. They're traveling overseas, or they're traveling to an important meeting. Are there threats to them? Are there threats to their family? Are there threats to their extended network?"

Interactions between physical and cyber security are nothing new. But this convergence might be finding new life as threat actor techniques grow more aggressive and personal. During our interview, Lefkowitz spoke to this as well as threat actor disruptions, election security and more.

Editor's note: This interview was edited for clarity and length.

There have been a number of large-scale cybercrime disruptions in recent years, from ransomware gangs to spyware vendors. What do you make of these efforts? Do you think these make a dent in the overall problem of cybercrime?

Josh Lefkowitz: It's absolutely a good thing for making a dent in the cybercriminal ecosystem. One of the things that stands out to me in the course of the recent takedowns is the strength of international collaboration as well as private sector-public sector collaboration. It's awesome to see how the international community is coming together to punch the bad guys in the nose, so to speak.

On top of that, what also stands out to me is the idea of turning some of the bad guy tactics and deploying them similarly from a law enforcement lens. It's LockBit and using some of their same tactics such as the countdown clock that cyber extortion actors use to try and put pressure on their victims. They're [law enforcement] being more creative, taking the gloves off. And while the scope and scale of the cybercriminal ecosystem is still vast, they are absolutely having an impact. And it's also creating some mistrust amongst the bad guys, which is very much a valuable asset. That's because fundamentally, bad guys are not only financially motivated but also fundamentally distrustful of who they're working with and around. And if this can seed meaningful doubt, then that can be a disruptive lever as well.

Does Flashpoint ever play a role in these efforts, whether it's providing helpful threat intelligence or any other involvement?

Lefkowitz: We've been running Flashpoint for 14 years. In our roots as a company, we're supporting U.S. and allied governments on terrorism investigations and prosecutions with our dedicated national security subsidiary, Flashpoint National Security Solutions. We're proud to work across the globe with the allied government ecosystem, helping to support a broad array of mission requirements.

From the national security angle, CISA Director Jen Easterly talked about election security in her keynote. What kind of threats are you thinking about or anticipating going into the election season this year?

Lefkowitz: Certainly, there are a few threat vectors top of mind. One, you may have seen the U.S. ODNI [Office of the Director of National Intelligence] put out an unclassified memo two weeks ago, highlighting how Iran, Russia and China are inserting themselves into the election narrative, often using cutouts and proxies to push their narratives to be disruptive and influential. As we saw in prior election cycles, both here in the U.S. as well as internationally, that can take on a more active and invisible form than simply running sock puppet operations on social media platforms and otherwise. It can take the form of hack and leak operations. It can take the form of misinformation and disinformation that's posted on cybercriminal forums where you purport to have particularly sensitive information from a candidate that could be embarrassing. We saw that in elections overseas in the last couple of months.

Also, of course, closely looking at physical threats and how that can manifest in terms of threats to critical assets and life is important. Certainly, coming out of the Trump assassination attempt, the temperature online is arguably higher than it's ever been, and there have been a number of arrests within the U.S. of individuals who have threatened violence against political candidates, against elected officials, and so on. That's top of mind as we head into the heart of the election cycle as well.

In addition to cyber threat intelligence, Flashpoint provides physical security intelligence as well. Can you tell me more about that?

Lefkowitz: We're providing intelligence that identifies threats to people, to places, and to critical assets. It could take the form of helping to protect C-level executives as they're traveling. That could take the form of critical event monitoring if there's a board meeting or a critical conference that's taking place and, for example, monitoring online chatter to ensure that physical threats are not manifesting as well as cyber threats.

In a similar vein, we are often working to better understand where hot pockets are emerging and how that can pass an inflection point to then trigger physical violence, which can encompass a broad range of spectrums and threat actor communities.

But Flashpoint doesn't provide private security itself. It's more of an intelligence and monitoring intermediary for those providing physical security.

Lefkowitz: Exactly. We're not a guns-and-guards operation. Typically, in certain situations, we are informing those teams, whether they're within Fortune 500 enterprises or their contracted security layer, and helping them better understand what the threat landscape looks like as well as how to prioritize resources.

As cyber operations get higher stakes and tactics, techniques and procedures get more complicated, do you see more physical-cyber hybrid integration happening across the broader security industry?

Lefkowitz: 100%. And we're seeing that cyber-physical convergence manifest robustly. We're seeing organizations within the enterprise set up fusion centers because they're recognizing that the siloed approach -- where this is the cyber swim lane and this is the physical swim lane -- is anachronistic. It's not reflective of how bad guys are operating. It's not reflective of today's dynamic threat landscape.

Even if you bring it back to the corporate and physical security example, we're seeing threat actors talk about not only inflicting physical harm in the physical realm but also how that can be multiplied and magnified by cyber actions.

Let's look at a C-suite executive and their family. The threat actor is saying, 'How can we dox them? How can we post their Social Security numbers, their bank account information, their passwords, and anything that can help really paint a bullseye on them?' We see that whether it's those threat actors [committing the attacks] or just putting that information out there for exploitation by others.

That's something where someone who is focused purely on cybersecurity or purely on physical security wouldn't strictly cut it, because you're seeing offensive behaviors that would require a fused response.

Lefkowitz: It's that 360 lens of, 'How do you look externally to understand the multi-nodal component of the threat?' And that's exactly what we're seeing in Ukraine. That's exactly what we're seeing in China. That's what we're seeing in Israel. It's that fusion of cyber and physical, and it's manifesting domestically with enterprise threats as well.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.