Google and FBI analysts urge defenders to harden against social engineering, supply‑chain compromises and nation‑state pre‑positioning
February 18, 2026 | Federal Bureau of Investigation (FBI), Department of Justice (DOJ), Executive, Federal
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
John Holtquist, chief analyst at Google Threat Intelligence Group, and Brett Leatherman of the FBI laid out a threat picture that ranges from commodity cybercrime to sophisticated nation‑state pre‑positioning.
Holtquist stressed that many intrusions still use "low‑hanging fruit" such as stolen credentials and phishing rather than novel zero‑day exploits. "That's the majority of our business," he said, noting that adversaries look for one‑to‑many points of injection to maximize downstream impact.
He identified social engineering and call‑center compromise as a major vector exploited by groups such as Scattered Spider, which has moved sector to sector. "The very first thing is where is your call center, and do they need to know that they need to be ready to say no," Holtquist said, urging supervisors and processes that allow help‑desk staff to escalate suspicious requests.
On technical mitigations, both guests advised prioritizing phish‑resistant multifactor authentication and reducing reliance on SMS‑based second factors. "The security that we thought we'd had in this SMS 2 factor . . . it's just not the case anymore," Holtquist said, warning of SIM‑swap and push‑notification fatigue attacks.
They also discussed nation‑state campaigns such as Volt/Veil Typhoon and Salt Typhoon: Leatherman described Salt Typhoon as "probably the most consequential espionage campaign we've seen" against telecommunications providers, and both speakers urged defenders to focus on resilience and plans to restore services rapidly if disrupted.
Brett announced Operation Winter Shield, a 60‑day FBI campaign asking operators to apply the bureau's top‑10 mitigations; the FBI has posted guidance at fbi.gov/wintershield. Holtquist recommended defenders use AI to look for behavioral anomalies and to automate vulnerability scanning to shorten the window between disclosure and remediation.
What to do now: prioritize hardened authentication, protect critical assets rather than attempting universal fixes, train and empower call centers to escalate suspicious requests, and incorporate automated tooling to shrink vulnerability windows. The conversation concluded with a call for continued public‑private partnership to share warnings and disrupt adversary operations.
Holtquist stressed that many intrusions still use "low‑hanging fruit" such as stolen credentials and phishing rather than novel zero‑day exploits. "That's the majority of our business," he said, noting that adversaries look for one‑to‑many points of injection to maximize downstream impact.
He identified social engineering and call‑center compromise as a major vector exploited by groups such as Scattered Spider, which has moved sector to sector. "The very first thing is where is your call center, and do they need to know that they need to be ready to say no," Holtquist said, urging supervisors and processes that allow help‑desk staff to escalate suspicious requests.
On technical mitigations, both guests advised prioritizing phish‑resistant multifactor authentication and reducing reliance on SMS‑based second factors. "The security that we thought we'd had in this SMS 2 factor . . . it's just not the case anymore," Holtquist said, warning of SIM‑swap and push‑notification fatigue attacks.
They also discussed nation‑state campaigns such as Volt/Veil Typhoon and Salt Typhoon: Leatherman described Salt Typhoon as "probably the most consequential espionage campaign we've seen" against telecommunications providers, and both speakers urged defenders to focus on resilience and plans to restore services rapidly if disrupted.
Brett announced Operation Winter Shield, a 60‑day FBI campaign asking operators to apply the bureau's top‑10 mitigations; the FBI has posted guidance at fbi.gov/wintershield. Holtquist recommended defenders use AI to look for behavioral anomalies and to automate vulnerability scanning to shorten the window between disclosure and remediation.
What to do now: prioritize hardened authentication, protect critical assets rather than attempting universal fixes, train and empower call centers to escalate suspicious requests, and incorporate automated tooling to shrink vulnerability windows. The conversation concluded with a call for continued public‑private partnership to share warnings and disrupt adversary operations.
View the Full Meeting & All Its Details
This article offers just a summary. Unlock complete video, transcripts, and insights as a Founder Member.
✓
Watch full, unedited meeting videos
✓
Search every word spoken in unlimited transcripts
✓
AI summaries & real-time alerts (all government levels)
✓
Permanent access to expanding government content
30-day money-back guarantee
