Cybercrime Amid the Pandemic

Alberto Casares, VP of Risk Protection at Constella Intelligence

In this episode, we are excited to talk with Alberto Casares, the VP of Risk Protection at Constella Intelligence. Alberto discussed the different online threats in the market and dark web. He also shared how his company is improving awareness of securing online presence, compromised data, early detection capabilities, and more!  Alberto also shared important tips on how to avoid being hacked. 

We all want to secure our privacy, and this conversation will help you understand how we can do that. Please tune in to my very interesting conversation with Alberto Casares.

About Alberto Casares

Alberto is the VP of Risk Protection at Constella Intelligence. He is also a deep and dark web expert, researcher, and investigator. 

Alberto is passionate about security and how breached and leaked data can be used to protect citizens and organizations across the globe. 

He has over 10 years of experience managing and leading teams for several startups and has led several research and development projects supported by the Spanish Ministry of Industry in collaboration with the University of Granada.

Saul Marquez:
Saul Marquez:
Welcome back to the Outcomes Rocket. Saul Marquez here, and today I have the privilege of hosting the outstanding Alberto Casares. He is the VP of Research at 4iQ. Alberto is a deep and dark web expert, researcher, investigator, and product manager at Four IQ where he helps define and drive product strategy to expand the addressable market. Alberto is passionate about security and how breached and leaked data can be used to protect citizens and organizations across the globe. He leads investigative work at 4iQ and manages verification, attribution and analysis of data and Rich’s marketing content, and helps with pre-sales activity. Alberta has over 10 years of experience managing and leading teams for several startups and has led several research and development projects supported by the Spanish Ministry of Industry in collaboration with the University of Granada. He’s an awesome guy and he is with us from Spain. So really, really delighted to have Alberto with us to talk about something very serious that’s a cyber-enabled crime and I.T. risk. So, Alberto, such a pleasure to have you here. Thanks for joining us.

Alberto Casares:
Thank you, Saul. The pleasure is mine.

Saul Marquez:
So I definitely excited to jump into the work that you guys are up to that 4iQ. But before we do that, Alberto, tell me a little bit about you and what inspires your work and health care.

Alberto Casares:
Yeah, good question. What inspires me the most is actually to know that with our daily war, we can protect help one of the most important sectors, especially during this pandemic. So actually, I’ve been researching about many threats started in the health care sector and industry. And you can imagine so during the last few months, the number of cyber-attacks and threats has increased drastically. So it is a huge fraud industry around the health sector nowadays with the many fake vaccines, fake news around this pandemic or health care or so this trend in vaccines, etc. So we saw fake ones in the dark with a long time to lose. So many, many people have been scammed. as well as sites or fake sites, sites offering for example face masks. This is something that we live in during the beginning of this pandemic. So it’s absolutely motivating to work in cybersecurity and trying to help this sector and also the citizen.

Saul Marquez:
Yeah, and I totally agree. And, you know, it’s such a shame that people take advantage of this time to take advantage of others in a time of crisis. But the reality is it’s happening. And so it’s important that we think about ways to protect ourselves, our organizations, our businesses, our patients, our employees. It’s critical. So I’d better talk to us a little bit about what 4iQ is doing to help against some of these things in the health care ecosystem.

Alberto Casares:
Sure. I would say that we are helping or supporting the health care ecosystem in three different ways. So the first one is providing awareness. So I’m personally providing some educational webinars, meet apps, etc., and fully dedicated to the health sector in order to provide or — these kinds of threats and attacks and also to educate people, employees within the industry Right. the health care industry in order to avoid those kind of attacks again and risks. So the second thing I would say is that with our product offering, so we have a really broad product offering going from, as you said during my presentation, really focused on identity protection.

Alberto Casares:
So we have a very compelling, if not the best product in protecting the identity, online presence, and compromised data and also with other languages detail risk protection, which is essentially covering many use cases from executive protection to dark web monitoring and brand protection, etc. So we have a compelling solution that is helping us to detect and gain threats. And some have also this early detection capability is protecting not only the one we traditionally do in many of the companies protecting the network and IP’s etc. We are also taking care of the employees and executives. Finally, I will say that the third thing that we are providing to the industry is services. So we have a huge team of analysts who are experts and they help companies providing on-demand investigation even after being attacked. So that essentially is helping the industry to understand who are the adversaries and how they are targeting them. It’s very important to know your adversaries as well.

Saul Marquez:
Well, those are all really key areas to focus on. I mean, we hear of so many things, right, from ransomware to cyber attacks to fake websites. There’s so many things that we need to be looking out for. As you consider 4iQ. What would you say makes you guys different or better than and what else is out there?

Alberto Casares:
Yeah, so I would say that, as I said before, so we are not only providing traditional cybersecurity, but we are providing what we call today cyber safety, which is heart-rending or even an emerging concept that is essentially explaining that it is not these protection or detail risk protection is not only about protecting your traditional assets like network or infrastructure or physical infrastructure is more about protecting people, about protecting the business and doing that at this scale. So it’s one of our challenges and is one of the things that we are better than others, that we provide that kind of detailed risk protection on the scale. And we have very good automation capabilities. We have our own technology that we have been developing for more than 10 years in the industry and helping the leaders in most of these sectors from the bank to the health care sector as well as law enforcement. So certainly this is a proven technology that we have to develop for more than 10 years.

Saul Marquez:
Yeah. So Alberto, tell us a little bit about maybe some of the ways you’ve been able to help. Some examples around the technology that service the things that you guys do has helped a client in health care.

Alberto Casares:
Yeah. So actually recently, like last month, we were helping four hospitals here in Europe and we provide what we traditionally call an actual face. So we were monitoring this — from the phase to the deep and our web where we are experts and we found many risks. So we are essentially erasing those risks, explaining those risks to the company so that our customers, similarly, they can take care of that. We explain which are the vector of attacks. That is important because as you can imagine, there is a big gap, especially in this industry, between the technology, the practitioners, and the final customer, where most of the time they are not familiar with cybersecurity. So you have to really explain in detail what are the risks and why you have to take care of them.

Alberto Casares:
And also, I would like to explain how we are helping companies by detecting their compromised credentials, which is one of the most known vectors of attacks. So in the end, you can imagine that most of the attacks, as I mentioned before, so are conducted to the C level or even employees. So it’s very important to monitor, detect and protect which are your supposed credentials, but not just one shop, because many companies are. Yes, our customers are focusing on doing these once a month or once a year, which is even worse.

Alberto Casares:
It’s very important to do that continuously in time because when you have exposed credential and someone has your email or your password can use it to impersonate you. But so it’s quite important to have that kind of capabilities, monitoring capabilities, et cetera.

Saul Marquez:
Yeah. Now that’s fantastic. Great examples. And so it’s a challenge and it’s really difficult to do all this in-house for many even large employers and hospitals. What would you say is one of the biggest setbacks you’ve seen from an employer or a facility level? And how are you guys able to come in and help them out?

Alberto Casares:
Yeah, so actually, I’m going to give you an example of what happened, what I have experienced recently that happened to me like a couple of years ago. And it’s also related with your previous question, so I was researching about open devices, so those devices that are publishing sensitive information get to as a personal project. But also I detect unopened devices and located in Egypt that was publishing health records from some patients. And they were very, very sensitive because they were tax. So I reported that and it literally took me like three months. I spent three months trying to notify these to the victim, the hospital that was publishing that. So the first time I reported that, I was considered like a doctor because they didn’t understand that I was a hacker by the hacker is in good terms because it has cybersecurity. So they thought that I hacked this server. So they were quite defensive. And they actually I had to explain how I did that and proved that there was an active threat and was very sensitive because you can imagine what’s happening in real-time. So I was seeing all the tax going to that open device in real-time. So with real data. So you can imagine the Social Security number, the full name, and the pictures of the scan. So it’s quite scary and also that, well, all the kind of issues. So you can read the full health record. So quite a scary thing. But as I said, so for me, the most disappointing part is that that I was like, consider like a bad actor. So you have to explain that. And this is something that I think that most of my colleagues have experience somehow. So that is my experience there.

Saul Marquez:
And, well, you know, and the thing is like to be able to figure these people out, you really have to know how they think and what they do eight> to get into that same lane. I think about that movie, Catch me if you can. I don’t know if you’ve seen that with Leonardo di Caprio Yeah. I mean, he goes from, like, the best con man to, like, the lead investigator, the FBI. You gotta know how to do it right.

Alberto Casares:
Yeah. No, that’s I think that’s the key. Learning is actually very important to educate people. Great learning.

Saul Marquez:
So what are you most excited about today, Alberto.

Alberto Casares:
Yes, I would say that with no doubt I’m so excited about thinking and knowing that what we are actually doing today, the technology that we are building and creating, is making this world a little bit better place. What I mean is essentially that we are helping people, companies to avoid being a victim of cyber attacks or losing money. Actually, I’m going to tell you that I recently was contacted someone from Australia that was a scam, and this person lost literally all his money so far for all the savings, for his retirement, and because.

Saul Marquez:

Alberto Casares:
Yeah. So actually, two hundred thousand dollars is a lot because I a scam.

Saul Marquez:
How did he get scammed?

Alberto Casares:
It was like this kind of a fake investment in cryptocurrency. So there are many sites that are promising that you are going to win a lot of money. So I don’t know how this person at the end with all his savings there and he finally lost everything. So it was kind of.

Saul Marquez:
That was terrible.

Alberto Casares:
Very advanced scam because I was personally helping. This is what these as I said, I’m excited about. So I set about helping people, if I can, and just providing all that I know. Right. And my experience then. So I was supporting this person, I was talking to my contacts from different law enforcement, trying to help him with the investigation, etc. and it is very scary because you can imagine how advanced these kinds of threat actors are. They are building a lot of sites, many applications like mobile applications. So they are giving you a lot of material and they are creating you that sense that the material is actually working in this case. And this is an important investment. You can see the cryptocurrency evolution and time trends, et cetera, the market, et cetera. Do you know what I mean? And that’s. So you cannot imagine that this is a scam. So, yeah, so we don’t have to trust in these kinds of scams.

Saul Marquez:
Yeah, man. Well, you guys are doing great things to keep up the awesome work. Folks, if you're curious about how to get in touch with Alberto and the 4iQ team, why don't you leave us with the closing thought and the best place that the listeners could get in touch with you or somebody in your team to continue the conversation?

Alberto Casares:
Yeah, sure thinks so. Well, I think that my thought is essentially that we are nowadays living in unusual times Right. because of this pandemic. So this is really impacting our personal and professional lives. And I would like, if I may Saul provide just three simple advice that I think will help people to avoid being a victim of a victim.

Saul Marquez:
Absolutely. Please do.

Alberto Casares:
So first of all, do not use passwords. So, yes, for all of you to know, in the last few months, we have detected millions, hundreds of millions of compromised passwords in plain text. So you cannot imagine that information can be in the hands of cyber criminals. The second thing is do not open unknown links or provide extra information no matter who asks. And I think that I gave you an example of this person that was scammed. So they are so sophisticated. I mean, the threat actors and cybercriminals. And the third thing, and especially nowadays, as I said during this pandemic, don’t believe everything you read.

Alberto Casares:
So there are a lot of fake nukes and in the end and many of them are linking you to the malicious side or are getting you getting information, personal information from you that can be used to perform social engineering attack social etc. So I hope you stay safe and healthy. And if you want to get in touch with me, yes, you can find me on LinkedIn, find out, search for Alberto Casares. 4IQ or Daily Souls website for IQ.

Saul Marquez:
That's awesome. Alberta and folks, Alberto. Thank you so much. Thanks for keeping us safe. Thanks for giving us some tips to keep ourselves safe and can't thank you enough for making time to being on our podcast today.

Alberto Casares:
My pleasure. So thank you so much.

Saul Marquez:
Things You’ll Learn

  • It’s important to educate people. 
  • The number of cyber-attacks and threats have increased dramatically in the past few months. 
  • Do not reuse passwords. 
  • Do not open any unknown links. 

