Your fridge could be a threat to national security

Summary of Your fridge could be a threat to national security

by The Stack Overflow Podcast

29mMay 19, 2026
Listen to Episode

Overview of Your Fridge Could Be a Threat to National Security

This episode of the Stack Overflow Podcast features Ryan Donovan speaking with Adam Myers, Senior Vice President of Counter Adversary Operations at CrowdStrike, about the evolving global threat landscape. The conversation centers on CrowdStrike’s latest Global Threat Report, how attackers are increasingly abusing identity and cloud access rather than classic malware, and why AI, IoT devices, and supply-chain weaknesses are making software and infrastructure more exposed than ever.

Key Threat Trends

The adversary landscape is broadening

  • CrowdStrike tracks 281+ adversaries, including:
    • Chinese nation-state actors
    • Russia, Iran, and North Korea
    • e-crime and ransomware groups
    • hacktivists
    • newer country-linked actors from places like Colombia and Kazakhstan
  • Threat actors are no longer confined to highly sophisticated nation-state operations; many are using scalable, lower-cost tactics.

Identity is now a primary attack path

  • Traditional phishing and malicious attachments still exist, but attackers are increasingly bypassing perimeter defenses by targeting credentials and identities.
  • Common methods include:
    • phishing that captures logins to cloud services
    • infostealer malware from compromised home machines
    • voice phishing (vishing) against help desks
  • Multi-factor authentication is not a complete shield:
    • SMS MFA can be bypassed via SIM swapping
    • personal email accounts used for MFA can also be compromised

Nation-State Tactics and Targeting

China focuses on vulnerable infrastructure

  • Chinese threat actors are heavily focused on network appliances and legacy systems such as those from Fortinet, Citrix, Cisco, and others.
  • Their campaigns are described as more surgical and intelligence-driven, often using purpose-built exploits against known targets.

Other actors are often opportunistic

  • Ransomware and data-extortion groups usually target based on what looks profitable:
    • company size
    • revenue
    • number of employees
  • Iran and some hacktivist/e-crime groups were described as more opportunistic and less mature in their targeting and deployment.

Why IoT and “Ordinary” Devices Matter

Home and office devices can become attack infrastructure

  • Threat actors are compromising home routers to proxy traffic and avoid detection.
  • The report also noted a case where a web camera was used as a foothold to deploy ransomware across an environment.
  • The episode’s title point is reinforced here: even devices people think of as harmless—like a fridge, camera, router, copier, or HVAC unit—can become part of an attack path if connected to the network.

Exposure management is crucial

  • Many of these devices are hard to patch or poorly maintained.
  • CrowdStrike recommends visibility and instrumentation so defenders can:
    • see what’s connected
    • understand lateral movement risk
    • detect follow-on activity after an intrusion
  • The core idea: the vulnerability is just the start; the attacker still needs to move, escalate, and exfiltrate.

AI’s Role in Offense and Defense

AI is helping attackers, but unevenly

  • CrowdStrike reported an 89% year-over-year increase in adversary use of AI.
  • Less sophisticated attackers often misuse AI and create flawed malware:
    • example: ransomware with broken encryption and obvious author tags
  • More advanced groups are using AI to improve operations:
    • generating Windows commands
    • automating reconnaissance
    • assisting with data exfiltration

AI is also increasing enterprise risk

  • Organizations adopting AI agents can accidentally expand their attack surface.
  • Risks include:
    • agents pulling in unnecessary dependencies
    • hallucinated packages/libraries
    • unsafe or opaque code changes
  • The transcript emphasizes that AI systems need boundaries and visibility, or they may “achieve the goal” in unsafe ways.

Defenders can use AI to scale

  • CrowdStrike’s Threat AI and related agents are meant to offload repetitive work from analysts.
  • Use cases discussed:
    • threat hunting
    • malware analysis
    • exposure management
    • digital risk monitoring
  • The goal is to reduce context switching and let human analysts focus on high-value decisions.

Malware Analysis and Detection

AI-assisted malware analysis can reduce noise

  • CrowdStrike says it has indexed 8.8 billion malware samples plus clean samples.
  • Their approach uses AI to:
    • identify related samples
    • perform dynamic analysis in controlled environments
    • link samples through shared artifacts or reused strings
  • This was compared to a DNA/genome library for malware, helping defenders spot families, variants, and hidden relationships.

“Malware archaeology” matters

  • Sometimes the most interesting threats are the ones seen once and never again.
  • Reused names, strings, or code fragments can help analysts trace older campaigns or uncover new ones.

North Korea, Remote Jobs, and Financial Operations

Remote work has created a new abuse pattern

  • North Korean actors are allegedly using fraudulent remote IT jobs to generate revenue.
  • CrowdStrike reportedly stopped 600 such attempts last year.
  • These operators use AI and deception throughout the process:
    • fake LinkedIn profiles and resumes
    • AI-assisted interview answers
    • deepfake voice and appearance changes
    • coding assistants once hired

The end goal is regime funding

  • The wages and access from these jobs can support:
    • weapons programs
    • malware operations
    • cryptocurrency theft
  • A striking example cited was a North Korean-linked theft of $1.46 billion in a single incident.

Practical Defensive Advice

Don’t try to defend everything equally

  • The speakers stress that organizations do not need perfect coverage; they need prioritization.
  • Recommended approach:
    • use threat intelligence to know who targets your sector and region
    • focus patching on known exploited vulnerabilities
    • improve visibility into endpoints, identity systems, and network appliances
    • instrument environments so you can detect lateral movement and privilege escalation

Visibility beats guesswork

  • The message is not “don’t use AI” or “don’t use agents.”
  • It is:
    • know what’s running
    • know what it’s allowed to do
    • monitor what it actually does

The Speed of Modern Attacks

Breakout time is shrinking fast

CrowdStrike’s reported breakout times show attackers are moving faster each year:

  • 2023: 62 minutes
  • 2024: 48 minutes
  • 2025: 29 minutes
  • Fastest observed breakout time: 27 seconds

Why that matters

  • Once attackers get initial access, they can move deeper into an environment extremely quickly.
  • Defenders need:
    • faster detection
    • better instrumentation
    • stronger identity controls
    • actionable threat intelligence

Notable Takeaways

  • Identity is the new perimeter.
  • IoT and home devices are now legitimate security risks.
  • AI increases attacker speed, but also gives defenders better scale.
  • Nation-state and criminal tactics are converging on the same weak points: credentials, supply chain, and exposed infrastructure.
  • The best defense is visibility plus prioritization, not perfection.

Resources Mentioned

  • CrowdStrike Global Threat Report
  • CrowdStrike Adversary Universe
  • CrowdStrike blog and threat intelligence resources
  • CISA’s Known Exploited Vulnerabilities (KEV) list