The Great Cyber Power Struggle: Russia, China, Iran, and the Coming Digital Chaos

How's it going, Sergey? I think this might be the first time that I've had someone on this, probably in the same year, right? So you came on in August. We talked about your background and whatnot. Extremely interesting. Unfortunately, you can't talk about probably 80% of it. But, you know, really excited for our conversation today.

Me too, Joe. Thank you very much for having me back. It's a great pleasure. And I'm again, I'm I'm enjoying watching your your your episodes, your series. It's quite interesting, and it's a great pleasure to be here again. And again, good morning, good afternoon, good evening, everybody who is like either listening or watching us. It's I do really appreciate your kind of a time on watching this interesting series.

Yeah. Yeah, no, I I appreciate that. I'm I'm glad to hear that someone's watching the content I put out, right? You never know. You never actually know, you know. So it's like it's always good to hear that someone listened.

Joe, the the the story is again, uh the I I'm a big fan of this kind of informal conversations.

Yeah.

You're not getting bored by by by by following you guys and learning something new every single episode.

What Cyberproof Actually Does

Yeah. No, I that I appreciate that. That's that's something that I really take a lot of pride in, you know, having like a very original, unfiltered conversation, you know. But you know, Sergei, I think last time we didn't dive too much into cyberproof and the work that you guys are doing. Why don't we talk about that and then we'll dive into you know maybe the new findings that you found in 2025 and you know the impact that it's gonna have going forward? Because I feel like so many things changed and evolved and came to fruition in 2025, like the groundwork is laid for 2026 to be another absolutely crazy year, not even talking about like geopolitics or anything like that, just in the cyberspace, you know.

2025 Trend: Identity As Attack Surface

Criminal And State Group Collaboration

Right, right. It's it's quite interesting for me as well to share at least what we see from a cyberproof perspective. But before I start, if I can quickly introduce myself and remind the audience like who am I, what I'm doing, why I'm here, and like why are you guys spending your time on like listening, listening to this podcast? Targanovikov, I'm director of cybersecurity content at Cyberproof. Cyberproof is is a very niche and unique managed service security service provider. We're operating all over the world with uh different kinds of working with different kinds of enterprise organizations, providing, again, different security solutions, security services. Our kind of a core thing is a co-managed SOC, co-managed MDR. And I like this co-managed approach because we're always in touch with our clients, accounts, and customers. And my particular role there, I'm I'm not responsible for like managing soccer MDR. I'm more responsible for kind of a proactive services we're putting on top of classical MDR, which is mainly cyber threat intelligence, which is my kind of a core background. On threat hunting, we call it use case management, or we can call it detection engineering, kind of a content creation on different platforms, mainly on different themes, and we're supporting kind of a most most popular, most uh kind of relevant themes today. So this is kind of an area of my responsibility, something which goes like slightly beyond of like regular MDR, which brings a lot of proactiveness to to defensive posture to our customers. All right. So that's that's me like today, and you can watch the the previous the previous episode when we me and Joe, we covered a lot of historical, historical background. So switching to the main kind of a question you you you you started with as soon as we are at the end of the year, having kind of a summary of what we have faced in 2025 and what was, I don't know, challenging or interesting for for us as uh as the security researchers. I I would like to mention a couple of main trends, let me put it this way. Uh so uh there are very obvious ones, and like everybody's talking about them, and maybe a few of them which are not that obvious from at least my perspective. So I wanted to start with uh kind of a identity became the primary attack surface. So in 2025, we've seen kind of a shift away from perimeter bypass towards identity compromises as the starting point for nearly every single major intrusion. So threat actors weaponized OOT uh tokens, machine keys, IT, impersonation, SaaS integrations to obtain trusted identities that unlock entire environments. The idea behind this is quite simple. So one once identity replaced infrastructure as the point of failure, even small compromises scaled into sector-wide operational impact. And we've seen this storage a lot during during the last year, which is kind of an interesting trend, at least at least, at least from my perspective. One. And this is also kind of a not maybe not necessarily new, but we've seen a lot of this kind of stuff in 2025. Different kind of a collaboration between threat groups which increase the impact and speed of those attacks. Criminals and state-aligned actors increasingly shared infrastructure, tooling, and access methods, creating blended ecosystems rather than isolated groups. And a bunch of examples. Overlaps such as scattered spider lapsus hunters, logbit dragon force killing, collaboration, Kim Suki, Lazarus, and many others made those campaigns much more resilient to harder to attribute. So collaboration became a force multiplier, allowing adversaries to operate with greater tempo, geographical reach, and definitely increased technical sophistication. And as kind of a part of this trend, I also wanted to say about state-aligned activity which became more blended and more operational. And as an example here, like North Korean, Chinese, Russian clusters, they adopted a more unified operational posture, sharing again, it's kind of a similar what I already mentioned, sharing tooling, exploiting the same vulnerabilities and pursuing overlapping sectors such as aerospace, finance, critical infrastructure. And again, some of those campaigns, they they mixed espionage, financial theft, interruptive operations within a single intrusion chain. And again, it's not a secret, and it's already a trend for a couple of years. Boundaries between espionage and financially motivated activity completely blurred, producing hybrid operations that were much harder to detect, attribute, gain, uh research, and so on and so forth. And and those kind of uh kind of uh interesting trends, which uh which are more kind of a hype ish ones, and that's like everybody's talking about this, at least from from what I've what I've seen in different kinds of uh podcasts and news. AI. Everybody's talking about AI. It's it's strange not to talk about AI at the end of 2025. So, and the same thing here, is talking about the threat landscape. AI, and again, it's slightly overhyped, but still it's accelerated the ransomware economy. So we've seen AI enhanced phishing, automated malware generation, kind of adaptive encryption, which increased the speed and scale of ransomware attacks. So models like PromptLock demonstrated fully automated intrusion to encryption workflows, reducing technical barriers and enabling rapid campaign replication. So and kind of uh my thought process here is that AI didn't or like will didn't in talking about 2025, did not replace ransomware but it kind of uh industrialized it, allowing even low-skill actors to deploy advanced advanced attacks. Talking about ransomware, it's still here. Uh maybe in 2025 it it became a little bit more like whiter and more surgical, but it didn't disappear. It even opposite, it matured. We saw fewer maybe loot campaigns and more targeted intrusions with uh double uh or triple extortion. So ransomware groups are increasingly operating like advanced criminal enterprises using access brockers, custom backdoors, and and cloud cloud-centric cloud-centric supply chain supply chain attacks. So it's again, it's not new in 2025, but it become like a kind of uh high-leverage targets. So attackers increasingly exploited interconnected SaaS platforms and third-party vendors, force integrations, I don't know, different IT service providers, aviation technology suppliers, many different things to reach dozens or uh dozens of uh downstream victims at once. So this mirrored the patterns seen in automotive retail aviation and manufacturing disruptions. And again, we've heard so many stories in 2025 behind Scatter Spider and many other groups using this kind of uh supply chain intrusion attacks. So the shift towards platform-centric intrusion meant a single-week integration created multi-sector consequences. So that's kind of a main statement behind this trend.

Hmm. Yeah, there's there's quite a bit there. I I did find it interesting when you know, like different nation states started to like really collaborate. I mean, they they probably did to some degree, you know, behind closed doors on the cyber front, like collaborate with each other, like Russia, China, Iran. But now they're just like openly, openly doing it. Like, yeah, we're gonna work together, we're gonna, you know, attack different infrastructure together and whatnot, which it like almost puts like a cyber arms race together, almost like right in front of us, right? I mean, like that's like basically what it does. That reminds me of like the Cold War, essentially.

Exactly. That's what's happening. And this all all this kind of geopolitical tensions, it it has its own reflection in the cyberspace as well. And and we're definitely kind of victims of what is happening. And any kind of enterprise or even consumers can say, like, so what? Like what what how am I affected by this? Like, why should I need to be worried about this? Simple. I mean, my purpose is not to kind of scary anyone or kind of put some some some some tensions or whatever, but that's about being aware. It's about being like prepared. We are talking here about at least my goal is to the more aware you are, the more prepared you are, the less chances you you have to be one of those victims, right? Why do they need to care? Is that when we're talking about state-sponsored attacks or uh kind of all this Chinese, Russian, Iranian different APTs, is that definitely their goal is not, I don't know, small, medium enterprise, but they need to test their development somewhere. This is one. Two, it's about disruption still. There they can attack maybe their the main focus is, I don't know, some critical infrastructure, but how they can address this critical infrastructure by by infecting different supply chains and uh contractors and suppliers.

AI’s Role In Ransomware Industrialization

That's that's that's the main Yeah, I mean you gotta think about it in terms of like you know, the the first example I gave with China and Russia working together, right? Well, who builds the stuff that makes our power grid work? Who builds the controllers, right? That you know controls the the water supply in the system or how much chlorine or fluoride goes into a system because there was a literal hack that happened, I don't know if it was this year, might have been last year, where the FBI found that some foreign actor had hacked into the water supply of uh of like the whole East Coast, and they were probing and seeing if they could modify how much fluoride or chlorine was in the water. Think about that, like great way to you know poison an entire population all at once. No one would know, you know, like like what was uh what's been done in other attacks, right? Like more advanced attacks is like even the the digital meters on it that are maintaining these things, they get hacked, and so they're representing like hey, it's a normal read when you know it's anything but normal, right? We're we're living in like uncharted territory, right? And you know, it kind of it takes me back to like my grandparents. My grandparents grew up, you know, in the in the 20s and 30s, right? So like they they had you know shelters underground, they had extensive pantries with water and canned goods and you know food that wouldn't expire, all that sort of stuff, right? Like they just had it. And I remember being little going over to their place, and it was like, okay, if it's not in the fridge, check the pantry. Well, if it's not in the big pantry like upstairs, we'll go downstairs in the basement because the basement has like literally a grocery store down there of everything that you could think of. And I mean, sure enough, they always they always had it. And it was just like, well, why would we not have it? Like, we have a family, you know, like if something happens in the world, you know, the and this is like the 90s, right? Like to date myself specifically. I'm over there in the 90s, you know, and and we're like, Grandma, what are you doing with all this stuff? You know, like didn't even think about it.

Listen, that's a beautiful reference, by the way. Who knows? Who knows what is happening tomorrow? They why also it's as interesting for me to be in this industry for so many years, is that there are so many kind of uncertainty. And what we definitely know is maybe like a small peak of an iceberg. Like what is there below the water? Come on. Many people are asking why for so many years those APTs weren't covered. Very simple. We we simply don't don't know. We didn't know, we still don't know a lot about what's happening in in our infrastructures.

Platform And Supply Chain Intrusions

How, you know, so we're using AI more to create more advanced attacks. And I think we talked about this a little bit before. Where the attack the attacks are potentially getting so advanced that we don't even know that the attack is happening, right, until it's like way too late. When are we gonna get like a security vendor that is able to detect these attacks, right? Because like even you know, even CrowdStrike says that it's like extremely difficult to detect these things, right? And it's it's funny, just a couple weeks ago, I was talking to one of my pen testers, and I I asked him, I was like, well, you know, when you're looking at an environment, because you're betting a thousand right now for the year, like you've never not gone into someone's environment. When you're trying to get into someone's environment, it surely it can't always look like it's just completely you know insecure, right? Like it should be looking like it's secure. How are you getting in? And he told me he's like, you know, after trying for a while, if I still can't get in, I start doing, you know, prompt engineering and in Claude and Perplexity and whatever you know LLM I want, and I start describing a situation to it, you know, make it think that it's uh you know in an ethical situation, which it is, we're only doing ethical hacks, right? But you have to like reinforce that with an LOM. And the LLM always finds a way in. If I'm stumped, I go straight to the LLM and the LLM finds a way in, gives me the exact code to run, and voila, I'm in. I have a golden ticket in this domain controller now or whatever it is, right? And you know, when we go and talk to the customer and ask them, like, hey, did you know this? Did you see this or anything like that? They go back and they don't even have alerts for it, you know? It's like, it's like, how do we know at this point if we're even breached?

Why Non-Experts Should Still Care

That's that's a fantastic conversation. I really like it. I mean, it's unstoppable. They're always one step in front of us. And especially using the all those LLMs and all those capabilities they have today. Sorry to say, it's it's a it's a bad news, but still it's the news. The thing is again, that that's what we are always telling to our customers or like uh I don't know, to our partners, is that it's just a matter of time. It's just a matter of time and a matter of investment. If they want to be inside, they will be inside sooner or later. What our goal is, is to maximize this investment for them, is to build this kind of uh infrastructure of different security controls, different security tools, services, which will be much more complicated for them to get in. One. Two, and that's it, it can it can sound it can sound marketing, but but still I'm like I mentioned it already at the beginning. It's about being proactive in terms of the defense. And this is what the the main meaning of like offensive services or threat hunting or threat intelligence is being instead of being reactive, instead of using all those traditional security controls, is to to search what can be inside if like the the main hypothesis is that the threat actor is already inside. Let's try to get to to find it. And that's what I mean by being proactive. It it doesn't guarantee anything, don't get me wrong. But it's again, it's maximize your defensive postures. That's the main concept. And it's it's also maximize their time and their investment to be inside. But again, with all those AI capabilities, it's it's like again, I'm a little bit tired of this uh hype ish story, and every security provider is telling that we're AI, yeah blah blah blah automation and so on and so forth. It's it's a little bit annoying on the one hand. On the other hand, it's partially true. Like all those kind of security controls and and service providers, they're like trying to build and so as cyberproof, we are trying to build our agentic MDR, which which is again one of our key topics for 2025 2026.

Yeah. Yeah, agenc AI and agenc security is already becoming a headache on multiple fronts, really. I'll give you, you know, recently, recently, my wife actually got a new phone, right? We upgraded her cell phone, and in the setup process of it, you know, you put in the phone number, you put in the billing zip code, and it like looks up the account or whatever and activates it on the cell phone network. Well, it didn't do it, and so after a couple tries, it said, you know, give the cell phone provider a a uh a call and they'll they'll just activate it manually, right? So I call and it says, you know, what it it it's like one of these AI agents, right? It says, Well, what are you trying to do? I said, activate a new phone. Said, oh, okay, do you want to use an existing phone number for the new phone? Said, yeah, it's this phone number, right? And it said, okay, it's done, and my call hangs up. So I thought my phone, you know, hung up the call or lost connection or whatever. And I look at my phone and it's in SOS mode. I was like, what? SOS mode? Like it's not connected to the network anymore. Okay. So I go and I look at you know my wife's two phones, and both of them are connected. I was like, oh my god. They literally, like, they they transferred my phone number, which wasn't the number that I gave them, my phone number to a new phone, and then they deactivated my phone and removed it from like their their account, my account, you know. And I had a call, and 30 minutes on the call of talking to someone, I was like, like, I it took me 20 minutes to explain to him what happened because he just didn't believe it. I was like, no, man. Like, I literally didn't tell it to do this. I don't know why I would want it to deactivate my phone. I didn't, I didn't upgrade my phone, you know. Like, he even said he's like, yeah, it's completely removed from the system. I need to get these codes from your phone now, your your IMEI numbers, you know, like all this stuff. He's like, I have to manually re-add it, create your account. Like, like, dude. It's crazy. It's insane. I should say the the provider, but I won't because then it's just an attack vector for myself, you know.

Listen, welcome to to reality. This is it happens every single day, like with so many consumers, even security professionals.

Can We Even Detect These Attacks

Happens with like even people trying to like book a vacation too. You know, I've I've heard I've heard about people, you know, just like even just like looking on different websites to book like a vacation to you know Disney World Orlando. And like the agent goes and like books this$15,000 trip on you know their their credit card just right off the bat without them you know clicking checkout or anything like that. They were just looking at the pricing, and this agent goes and books it. It's like guys, maybe we're moving a little too fast with this thing because all these companies are using agentic AI and L Labs and everything to rationalize reducing headcount or whatnot. Even even NVIDIA CEO said, well, the companies are making a mistake because they literally should be using AI to increase the performance of their employees by text rather than getting rid of an employee. They should be using it to optimize their work to the max to make more money to become more profitable.

Listen, exactly. It's it's happening on uh like attacks on consumers, it's also happening on attacks on enterprises. That's what I uh what I said when I mentioned this kind of uh identity as the number one attack surface. Like they're trying to bypass, again, maybe matured IT administrators or even security professionals. And there are a bunch of such examples of such attacks, like oyster backdoor. For example, we we just like announced it a couple of weeks ago, and uh there was like different different publications behind. So what has happened it was like a wave of attacks distributing the the oyster backdoor by using search engine optimization, which is like kind of a tactic known as SEO poisoning, right? So attackers create fake download sites that appear when users search for popular tools. For example, again, legitimate software installers for products like Microsoft Teams, Win SCP, and and many other admin utility tools. So when the users click and download what they believe is legitimate software, the fake installer executes code that silently drops the backdoor, often via DLL side loading or similar techniques, and installs persistence mechanisms such as schedule tasks to ensure the backdoor remains active even after reboot. So that's that's one of the things, like one of the the vectors of of attack. And this is again, I I don't want to call it like social engineering. This is the way they're trying to get in. One one of the examples.

Yeah, with with agentic AI, now identities are just exploding in people's environments. You know, I was I was talking to a customer recently, and he said, you know, everyone internally is pushing hard for agentic AI, and we have literally 400,000 accounts and like service accounts and all that sort of stuff, just from you know, calling it like a legacy environment, right? The past you know, 25 years of just normal account creation and whatnot, they have 400,000 identities, and now people want to invoke agentic AI into their environment, and yeah, there's value, but that's gonna triple his identities overnight. He doesn't even know how to keep up with that. People don't even realize that that's expanding your attack service significantly. You know, you look at like you look at the you know, MGM breach, that all happened from a social engineering. Correct. Right. I mean that because and and someone explained it properly where you know these companies realize, hey, we have to secure our network, right? We have to secure our infrastructure. And so they built up the defenses, they just spent the last 15 years building up those defenses in every way possible. And so now attackers are just looking for the lowest hanging fruit, and lowest hanging fruit is an account, right? Like that's how I get into my VPN, it's an account. That's how I log into my SSO service, right? So if you can just get the account, you get through the firewall, you get through the proxy, you get through the EDR protections, the certificate protection. I mean, if you log in, you can download the search if you know how to do it, you know. Listen, I agree 100% with you.

Proactive Defense And Threat-Led SOC

Agentic AI: Consumer And Enterprise Risks

And let's also, if you don't mind, let's also cover uh like a little bit of what what are the kind of uh trends and what are the predictions for 2026. And again, uh it's it's still important for me to mention what we are doing on top of like again implementing a Gentic MDR, using different agents in in at least my proactive services. Like, let's say we're trying to implement different agents for threat intelligence, for threat hunting, for threat hunting, for example, to prioritize the hunting queries, to prioritize the hypothesis based on the customer infrastructure, their technology stack, their threat profile, and so on and so forth. Let's say for threat intelligence, we're heavily utilizing agents in terms of a again creation of those kind of company threat profiles dedicated to those organizations we're working with. But still, on top of this agency approach, it's very important for us kind of instead of adding different more other tools or different alerts, we concentrated on making security operations thread-let by design and outcome driven by by default. And this kind of a threat led by design, threat-led detections, threat-led hunting is definitely kind of a from my perspective, is one of the key priorities. So historically, again, many different stocks claim to be kind of a threat-led, but but in practice they still operate like alert first. What we try to change in 2025, and that's kind of what our strategy for for this year and next year, is shifting the center of gravity from kind of alerts to validated adversary uh behavior. So threat intelligence is now uh directly shaping detections, huntings, responses, not sitting as a separate feed. So we're strength uh strengthening uh the kind of feedback loops between and collaboration between threat intelligence, detection engineering, threat hunting, MDR, vulnerability management, and other different services. And also focusing, for example, on uh kind of a key chain detections. This is this is also our priority. So not not just like detecting different IOCs, but uh first of all, behavioral patterns and key chain detections. This is where we see definitely the value is. And very quickly, I think think it's like always interesting to do at least at the end of the year, and that's like we're working at Cyberproof on the kind of a global annual report for threat landscape, and I know many of our competitors are doing the same, but still it's about it's about being aware, it's about being prepared. So like always, and this is my kind of uh professional background, it's well it was also always interesting to kind of uh try to predict what is coming. What what do we expect to see like next year, next three years, and and at the end of next year to to figure out whether we were right or not. And if you don't mind, let's let's spend five minutes on on those kind of predictions together. If you if you have something on your side, I I'll be also glad to hear kind of your vision, because it's always interesting to try to play like as an expert and and try to predict.

Yeah, no, I definitely want to hear what your predictions are, and then we'll we'll revisit it maybe six, seven months and see if you're right.

Like the idea. So let's let's do it. Like I would like you to play this game as well. So like you you can even start. What do you think should we expect in 2026?

Yeah, I I wouldn't be shocked if we're seeing more mature collaborations between nation states to affect geopolitics within different regions of the world. Maybe the primary one or the primary couple obviously being Ukraine, Israel, and Venezuela. Like I think that those are the top three of you know nation-state issues right now. Also, probably even probably even maybe a little bit like against China in terms of rare earth minerals and whatnot that are they're withholding now from other parts of the world.

Yeah. Like it, and plus one, and definitely about all these geopolitical tensions and kind of real life definitely will affect the the cyberspace as well. And all these kind of tensions between US and China, for sure, different campaigns against each other will happen. And again, blurred lines between state-sponsored attacks and kind of uh cybercrime will also be even more blurred. Let me continue if you don't mind, and continue with the most hype ish prediction. Autonomous attacks. Autonomous attacks. As we like spend some time discussing what's happening today, definitely in 2026, we expect attackers to adapt AI even more. And AI agents capable of performing multi-step attacks, automatically reconnaissance, privilege escalation, lateral movement, exfiltration, with very, very minimal human involvement. This will compress intrusion timeliness dramatically from from from our perspective. And the entry point to this kind of a dark side of the story will be will be much lower and much much easier. So that's that's kind of uh on one hand very obvious, but also very interesting. How shall we be prepared for this? Then if I may continue, and then I'll do one more, and then you'll do one more if you don't mind. I would like to say about cloud identity. Cloud identity and API compromise will become stay and will be number one bridge vector. More organizations shift workloads to cloud and uh SaaS platforms, but kind of uh API security haven't kept pace. So we expect attackers to increasingly target identity federation, service accounts, and and machine-to-machine tokens. So that's kind of uh one one other prediction from my side. What do you think?

SEO Poisoning And Oyster Backdoor

Yeah. So I wanted to get your opinion. How do you think how do you think these will these attacks will evolve in such a way to where it impacts the normal life of people, you know, as they're going about their day, right? Because what we're talking about is things will s that will certainly impact our lives, but we're also on the fringe. You know, I mean, like what is there, like two million security professionals in the world or something like that, or three or four million. I don't know, I don't know what the number is, right? But a couple million, right? There's billions of people on the planet. But what we're talking about also has like greater implications. I mean, if we start to use cyber warfare techniques against our adversaries to pressure them into you know, providing us with more, you know, rare earth minerals like silver and gold or whatever for our for our electrical grid, for our electronics, all that sort of stuff, we're already seeing these huge enterprises moving out of personal computing spaces, you know, to you know, make more money with selling to AI data centers and stuff like that, right? So, like, that's not necessarily an example of an attack vector, but things are shifting right now in ways that 12 months ago couldn't have sold me that Crucial was gonna be exiting the RAM space, right? Two weeks ago, you couldn't have told me that NVIDIA is gonna reduce the GPU supply next year by 50%, right? Like, I mean that that is something completely unheard of, completely unexpected. I I would have not put a single dollar on that bet if you would have told me that that's what's gonna happen, right? Like I would have been like, you're crazy. They're never going to do that, but now they're doing it.

That's that's that's a very good statement. Listen, the the main implication is that you mentioned we have like millions of security professionals. I see, and I think many of my colleagues will agree with me, that we are still lacking the professionalism in this security industry. We're lacking the quality and quantity of of of skilled professionals. I know many of my friends and like in the in other security organizations, they are struggling to recruit, I don't know, threat hunters, SOC level three engineers, beauty researchers. So we still do not have enough of kind of a manpower in this industry. And we can say anything about artificial intelligence, anything about identification of all our uh like again, security operations. Impossible. Sorry to say this. The reality is still we are dependent on the human factor. We need to have like humans, like experts to verify the outcome of those agents and so on and so forth. So we're still kind of dependent on lack of quality professionals engineers in this industry. And that is quite a risky situation, knowing the capabilities of those guys who are standing on the dark side of the story.

Right. Yeah, it's uh it's gonna be real interesting what happens in 2026. And honestly, you know, if something comes up that you know you're an expert on, then you know inside and out that Cyberproof is doing, you know, right now, right? And you know, you see it in the wild, please come back on. I'd love to have you back on to like immediately talk about that, you know. I think that would be fantastic. Thank you.

Identity Sprawl And Social Engineering

With pleasure. Joe, it was a great pleasure talking to you again. And again, thank you very much for your time. Thank you very much for your interesting kind of questions and and ideas. And definitely I'll be happy to join you again for this podcast. And at the end of the year, I want to say, guys, again, just to be aware, all those kind of big attacks usually quite often happen on the big holiday seasons. On Christmas, on the new year. Uh so I on one hand, I want to wish everybody to have a very great holiday season, to have a very nice time with your families and friends. Happy Christmas, happy Hanukkah, happy new year to everybody. But but I want again everybody to be prepared that some crazy stuff, sorry, crazy stuff can happen during this holidays. So again, we need to we need to be online, we need to be aware and prepared.

Yeah, absolutely. Well, Sergei, before I let you go, how about you tell my audience where they can find you if they wanted to connect with you and where they could find Cyberproof if they wanted to learn more and be a little bit more on top of what's going on in their environment.

Sure. Thank you for this. Cyberproof.com. It's our webpage where you can find all the information about our company and uh the services we are providing. In my humble opinion, we have a lot of interesting stuff we are sharing in terms of the research and publications and unique kind of value proposition uh from our site. So feel free to look at the webpage and and learn from from and connect with us. And my personal LinkedIn page, I don't know whether you can paste a link or something. It's not difficult to find me there as well. I'm not that active in the social networks, but it's again, it's my kind of a paranoia historical background, but still I'll be happy to connect with you guys if you have any questions or topics to discuss. Would be more than happy to communicate.

Yeah, absolutely. Well, thanks everyone. I really hope that you enjoyed this episode. We'll definitely have Sergei back on and make sure that you check out the links in the description of this episode. See you everyone. Have a happy holidays.