Digital Forensics, Crypto Codes, and Ransomware Attacks: A conversation on cybersecurity with Ondrej Krehel

In this episode of CHATTINN CYBER, Marc Schein interviews Ondrej Krehel, He is a former lecturer at FBI Training Academy and Chief Information Security Officer of IDT911, the nation’s premier identity theft recovery and data breach management service. Ondrej is also the Founder and CEO of LIFARS LLC,  a digital forensics and cybersecurity intelligence firm. He authors articles, conducts training, and is a frequent speaker at industry events, such as FBI Academy, RSA, HTCIA, ECTF USSS, and QuBit Prague.

In this episode, Ondrej shares history, explaining how he went from a mathematical physics student to a cybersecurity expert. His career started in crypto, working with code, and eventually oversaw nuclear power plants and Industrial Control Systems.

We chat about  Eastern European Ransomware gangs and the trends noticed in their attack measure. Ondre discusses the  Kaseya attack of  in which the hackers used chain exploit – meaning, it was all in one code. Here’s how it happened – The authentication bypass got them in the file upload and let them upload the files they needed. They got the right to deploy, did a command and code injection, and completely interacted with the system. Ondrej describes this to be a true military type of tactic on a system. The group that led this attack was formidable and had a clear understanding of the legal system in the U.S. 

Quotes:

“I actually exercise a lot and do a lot of specialized training. But I decided that cutting that social life for me, but moving to that career that was very unique, can only shape who I am today.”

“I think that’s what the industrial control system people are saying, that look, the code is so primitive, that it’s easy to do quality assurance. Once you start introducing complexity in integrations, we are not going to be able to control it.”

“These threat actors do diligence very well, they played a card of third party liability. They understand probably also insurance policy of that company not insist they read the policy, but they understand what the premium is, also what the limit of that is, and probably who owns it, and how likely they’re going to get paid.”

“These trackers right now do understand the insurance market completely, they understand how the insurance operates. I was important to this game, they understand the third party liability. And they try companies with a third party liability.”

“What the issue is when it comes to the rebel group is that the rebel group first gets maybe some intelligence. All these exploits, all the tools that we do believe in and debat are somehow connected to intelligence agencies in Russia. And at that level, basically, they truly use a cyber military type of skill set against the commercial enterprises.”

“The challenging piece for that crypto is it has some cell stacks attached to it. There are some fees attached to it, how you’re going to put that on your balance sheet at the end of the day. And also some legal aspects of dealing with the office of the asset controlling involve attorneys. ”

Time-Stamps:

[00:51] – Ondrej’s backstory and career in the crypto world

[04:26] – Ondrej shares his experience in the nuclear sector

[08:43] – The debate on whether to upgrade industrial technology or not

Connect with Ondrej:

LinkedIn  https://www.linkedin.com/in/ondrejkrehel/

How the Center for Internet Security Helps Businesses Against Cyber-Threats with Curtis Dukes

In this episode of Chattinn Cyber, host Mark Schein talks with Curtis Dukes, the former director of the National Security Agency (NSA) and the current Executive Vice President of the Center for Internet Security (CIS),  a non-profit organization that aims to make the connected world a safer place.

Their conversation begins with a discussion on Curtis’ background, specifically on his experience in the NSA. After spending more than three decades in service to the agency, he learned the following:

  • Computer systems must provide their users with a pleasing experience to ensure that they won’t switch to an alternative way.
  • Technology is so ingrained into who we are as a society that we no longer notice it, even though we’re online all the time.
  • Business owners must allocate sufficient resources for the regular upkeep of their hardware and software programs, so that these won’t be exploited by malicious adversaries.

Curtis also talks about the CIS, giving an in-depth explanation of its goals and current efforts. In addition to providing cyber-threat intelligence and analysis to State, Local, Tribal, and Territorial government entities (SLTTs), the organization has also introduced controls and benchmarks that allow businesses to develop effective strategies against cyber-threats. He further recommends that business owners show the efforts they’ve put into building their defenses when trying to obtain a cyber-insurance policy.

Regarding future trends, Curtis explains that the next few years will see ransomware playing an increasingly crucial role in cyberspace. To address this issue, the CIS has developed a community defense model that is based on genuine attack techniques. Published last August 2020 to much acclaim, this program will help businesses mitigate the risk of cyber-threats, enabling them to protect themselves from malicious agents.

Key Takeaways:

  • Technology has become so powerful and ubiquitous that our reliance on it has become invisible to us.
  • Small and medium-sized enterprises (SMEs) need to have sufficient resources to limit their cybersecurity vulnerabilities.
  • Business owners must thoroughly understand the impact of cyber-threats.
  • The cyber-insurance industry still lacks standardization.
  • Ransomware is evolving, with malicious agents often changing the way they operate.

Key Quotes:

  • “But you can quickly see that computers were going to be a disruption, not only within national security systems, which I was responsible for providing security for, but as an economic enabler for society.” – Curtis (05:07)
  • “Technology is ingrained in the fabric of who we are, and how we communicate as a society.” – Curtis (07:14)
  • “It went from ‘let me just lock up your data, and you need to pay the ransom, or you have to recover your data through some other means’ to they started modifying their operations. Not only did they lock up your data, but they also exfiltrated the data. If you didn’t pay the ransom then they threatened to expose the data, some of which could be harmful to the company or personally problematic, as well.” – Curtis (16:23)
  • “By mapping attack techniques to mitigation, I think that’s one way to raise cybersecurity across the board.” – Curtis (20:16)

 

Cyber Security Threats and Strategies – with Hon. Michael A.L. Balboni

In this episode of CHATTINN CYBER, Marc Schein interviews Michael A.L. Balboni, CEO of Redland Strategies Inc. Prior to Redland Strategies, Mike worked as a New York State Senator and chairman of Homeland Security and Law Enforcement committee.

Born in Burns Town New York, Mike studied law and had a unique experience of serving in the New York State Senate for 10 years. Afterward, he went to Albany where he was appointed the first chairman of the Senate homeland security committee. As a chairman of the 9/11 homeland security committee, he learned all aspects of homeland security including cybersecurity. By acknowledging the risks of chemical plants he created regulations for the infrastructure protection – by passing legislation and supervising the implementation process – by the department of homeland security and emergency services within New York City.

His firm, Redland Strategies, assists companies and government agencies to develop and implement security strategies to improve business performance and maximize growth. For example, in the cybersecurity space, he helps companies to develop strategies for data management, data processing, storage, cyber breach issues, threats from an energy perspective (mainly due to sensors that are used for energy digitization which are itself Internet Of Things (IoT) components), etc.

Additionally he talks about the threats of malicious-payloads taking over a physical operating system (cross over from IT to OT) – for example manipulation of a nuclear power plant via cyber-attack. This type of threat was faced by the Ukraine in 2017 when their 2 nuclear power plants were disrupted as a result of internet manipulation.

Mike also talks about the importance of home network security. He says that it is now more important than ever to secure home networks because our society is moving toward a home-based virtual-workforce and cyber threats are growing continuously. According to the FBI home routers are vulnerable, so it should be everyone’s focus to invest in a cyber-infrastructure and cybersecurity. Having said that, everyone should understand that cybersecurity is not a destination, it is a journey; you must continue to evolve because threats are evolving.

Lastly, he shares his thoughts about the impact of Covid-19 on large organizations and the accessibility of the Covid-19 vaccine. He talks about sports organizations, they are employing the best strategies to keep their players, coaches, and staff safe. However, sports organizations right now are facing a huge challenge in bringing indoors. Everyone is waiting for the Covid-19 vaccine, but the distribution of a safe vaccine to enough people to bring us back to some sense of normalcy is not going to happen overnight.

Topics Discussed in the Podcast

  1. The journey of Michael A.L. Balboni’s professional life.
  2. Balboni’s experience of serving at New York State Senate and Senate Homeland Security Committee.
  3. Cyber threats from energy perspective and the role of digitization in that.
  4. Cyber attacks to take over a physical operating system (cross over from IT to OT).
  5. Recent presidential elections’ security.
  6. Importance of securing home-networks and investing in cyber-infrastructure and cybersecurity.
  7. Some fundamental cybersecurity strategies.
  8. Perks of working with the best and brightest people.
  9. Thoughts about the accessibility of the Covid-19 vaccine.

 

Cybersecurity and the Role of the Board, an interview with Judith H. Germano

In this episode of CHATTINN CYBER, Marc Schein interviews Judith H. Germano, a nationally recognized thought leader on cybersecurity governance and privacy issues. She is a Senior Fellow at the NYU Center for Cybersecurity (CCS) and the Reiss Center on Law and Security and an Adjunct Professor of Law at NYU School of Law.

Judith was a federal prosecutor for 11 years, from 2002 to 2013. Today, she shares that her last role was as the Chief of economic crimes, which oversaw cybersecurity, securities fraud, and other complex fraud. She handled tremendous cases of international significance, some that were reported in the news and some that were not.

From an experience that spans over a decade, Judith learned the growing importance of cybersecurity for businesses. She realized that there were many questions regarding handling cybersecurity risks- when and whether to work with the government and protect yourself proactively from incidents. And though she loved her government job then, she wanted to help by advising companies proactively.

Judith currently leads the CCS cybersecurity task force and roundtable series of corporate executives and senior government officials addressing critical cybersecurity concerns. She is also the founder of GermanoLaw LLC, advising public and privately-held companies on cybersecurity and privacy matters and representing companies and individuals on securities fraud and other complex white-collar criminal and regulatory compliance issues. Judi counsels senior executives and corporations on cybersecurity, risk management, and strategy. Her publications include: “Cybersecurity Partnerships: A New Era of Collaboration” and “After the Breach: Cybersecurity Liability Risk.”

In today’s episode, she shares the role of boards in handling cybersecurity issues, the changes and advancements made in the industry today, and what challenges remain in the industry for cybersecurity experts to face. We also learn why boards need to proactively ensure that companies are compliant with security policies and address and document their cybersecurity effectively.

Highlights:

“Cyber security is a top priority for organizations and governments. And it is critically important that the board is well versed in cybersecurity.”

“We’ve also seen some cases outside of the cybersecurity context that show that boards have an obligation and fiduciary duty not just to ensure that policies are in place of the organization, but that they’re followed, and a responsibility to document in the minutes what the board is doing to address issues of key importance of the organization.”

“You want to make sure that the board is asking questions that have to do with basic cyber security hygiene.”

“There are some boards that have a specific risk management committee and cyber security and privacy risk may be housed there.”

“As smart as we get defending, the attackers get smart and new ways of attacks.”

“Over the years, many organizations, unfortunately, are still catching up on basic things like encryption and logging and updates and other best practices.”

Time-Stamps:

[02:58] – The role of a board in terms of cybersecurity or cyber maturity
[04:06] – What recent legal decisions helped face the developments of current board liability
[05:21] – How in depth should boards be getting within cybersecurity or cyber risk?
[07:48] – Some of the cybersecurity trends that boards are currently seeing
[10:32] – Engineering in the law school and the concerns of future leaders within cybersecurity

Connect with Judith:

LinkedIn: https://www.linkedin.com/in/judith-germano-b7a63310
Twitter: https://twitter.com/judigermano?lang=en
Website: https://germanolaw.com/

An interview with Darren Blatt CEO of Affiliate Ball

In this episode of Chattinn Cyber, Marc Schein interviews Darren Blatt, a pioneer of Professional Internet marketing and the CEO of Affiliate Ball.

Darren begins the conversation with a reference to how it all started for him and how he transitioned seamlessly into the industry that had the Internet at its center. He then reflects upon the definition of an Affiliate, pertaining to the Affiliate industry before getting into the technicalities of the contemporary world’s most prominent field — Digital Marketing.

Darren shares his comprehensive insight into how the huge trade shows across major cities such as New York, Vegas, San Francisco, etc., allows him to justify the marketing and branding efforts. To that end, he points out that throwing affiliate balls require utmost interaction, especially when the marketing methods have taken a massive and unprecedented turn during the pandemic. He goes on to describe how the pandemic has pushed him to tweak his approach to trade shows and how he has leveraged virtual connectivity to keep the flow intact.

Subsequently, Darren addresses working with celebrities and their impact on the marketing endeavors. Finally revisiting some of the best practices for effective marketing.

Key Takeaways:

  1. Heading to trade shows regardless of the industry or the industry segment is essential for learning.
  2. Targeting trade shows concentrated around the niche is even better and further attracts a great learning experience.
  3. Success in the digital world is guided by various underlying facets, with “asking questions” being integral.

Key Quotes:

  • “An affiliate is someone who gets paid on production” – Darren (3:43)
  • “Throwing Big Events are really some of the best branding and marketing you can do.” – Darren (5:40)
  • “But by the time we all get back in person, I think you’re going to see these events explode because people are dying to go back to listen to them” – Darren (13:30)
  • “There is 80 20 rule in marketing where 20 percent is what you know, and 80 percent is who you know.” – Darren (18:00)

Compliance and Cyber Risk – An Interview with Matthew Pachman

In this episode of CHATTINN CYBER, host Marc Schein is joined by Matthew Pachman, the Vice President, Chief Risk and Compliance Officer at FTI Consulting. Matthew has an extensive background in Compliance and Risk Management.

Originally hailing from New Jersey, Matthew Pachman has a degree in Law from the University of Virginia. He has been awarded Compliance Week’s Top Minds Award. He was named “Top Ethics and Compliance Officer” by the Ethisphere Institute for three consecutive years. He is a recognized and decorated professional speaker in the corporate compliance space.

Welcome Matthew Pachman! Matthew  kicks it off with an explanation of the differences between Compliance and Risk Management as they relate to cyber liability. Cyber risk is top priority. It is what every board member, executive and regulator worry about on a day-to-day basis. From the compliance side of cyber security, Matthew stresses that one can implement rules and systems to control these dangerous factors.

We then move into a discussion about the importance of cyber protection within a company and the approaches we can take to make sure the company has a culture of compliance and awareness. What role does Human Resources play in this? Matthew shares his take on cyber protection and employee awareness which rely on HR communication tactics. Anywhere we talk about communication and culture, HR is involved!

Next, we shift gears to the subject of cyber insurance. Matthew shares the qualities and tools he looks for in an insurance program as well as a corporate program. If you are in the risk business, you cannot underestimate the importance of cyber insurance! This especially applies to today’s work environment which is primarily remote due to Covid-19 and thus a higher need for cyber security.

Wrapping up our interview, Matthew leaves us with some of the pros and cons for those looking to start a career in cyber risk. He says “You have to like playing defense. You are trying to protect your goal.”

 

What You Will Learn

  1. Compliance or Risk Management; which one is more difficult to approach?
  2. What is required for better risk management?
  3. What is HR’s role in cyber risk management?
  4. What makes a good cyber program for controlling cyber risks?
  5. Importance of having cyber insurance.
  6. What are the pros and cons of taking cyber risk management as a career path?

 

 

 

Embracing the “New” Frontier of Cyber – with Jeff Cohen

In this episode of CHATTINN CYBER, Marc Schein interviews Jeff Cohen, Senior Vice President of Zywave and former President of Advisen. In November 2020, Zywave acquired Advisen, the leading provider of data, media, and technology solutions for casualty insurance markets. Jeff led Advisen’s strategies for Global Business Development and for the company’s Data and Media businesses and resources.

As a sales and marketing executive, Jeff Cohen has over thirty years of experience in data management, data analytics, media, and news business aimed towards insurance and financial sectors. Jeff joined Advisen in 2003 after spending over 15 years at Bloomberg in North American Sales.

Jeff currently serves as a board member for the Spencer Educational Foundation which funds scholarships, internships, and grants for undergraduate and graduate students who will be tomorrow’s risk management and insurance leaders. Additionally, he serves as a board member of the Center for Hearing and Communication, a non-profit agency that serves all people with hearing loss.

Most recently, Advisen was acquired by Zywave, an insurance agency software company used by over15,000 insurance agencies. Zywave offers Advisen a level of scale with coinciding talent, media capabilities, and supportive infrastructure benefiting the company and the service providers, brokers, and clients that Advisen serves. Jeff and many others believe that cyber is constantly moving at the speed of light making it a space that is always adapting and needing change.

Advisen’s Annual Cyber Risk Insights Conference is one of the major cyber conference series.  Advisen’s Cyber Risk Awards event has also become one of the most prestigious awards in the cyber risk community.

Time-Stamped Segments  

  • Meet the Guest – Jeff Cohen [00:31]
  • How did Advisen grow to become one of the leading organizations in the world? [01:02]
  • What led to partnering Advisen with Zywave? [05:04]
  • What is Advisen’s role within cyber? [06:57]
  • Where Jeff Cohen feels that future of cyber will be? [06:57]
  • How is cyber different from other lines of business? [10:34]
  • How has Advisen’s Annual Advising Conference has become a major cyber event globally? [14:11]
  • Is there anything I should Have Asked you Today That I Didn’t? [23:02]
  • Closing Thoughts [25:37]

 

 

 

 

Getting Smart Against Ransomware with Sherri Davidoff and Michael A. Kleinman – part 2

In part two of our Chattinn Cyber with with host Marc Schein, our guests, Sherri and Michael, continue talking about ransomware. They start with the question of whether or not you should actually pay the ransom. Sherri recommends making sure you have backups. Have a plan to resecure your data even if you have to engage with the hackers. From the legal side, Michael recommends contacting law enforcement—but not the local police. These days, the FBI works really hard to help. It also helps to have built a relationship with federal police ahead of time. Sherri suggests looking into community partnership programs that have sprung up recently.

Regarding police takedown, Sherri explains that some leading ransomware gangs have recently been taken down, including Emotet. Emotet was one of the leading technological threat distributors. With Emotet on your computer, all your information could be stolen within 15 minutes. And then they could simply nuke it all with the Ryuk ransomware. Members of that very gang have been arrested. Emotet will uninstall itself by April of this year.

A lot of repair software may actually be working as malware itself. It’s absolutely vital to have expert help at every step of the way.

Sherri finishes the episode by giving a few key things to watch out for to protect yourself from ransomware:

  1. Exposed remote login credentials.
  2. Email phishing.
  3. Software vulnerabilities.

She recommends using two-factor authentication and a VPN. Be sure to train users to think before they click. Michael urges to do your due diligence assuming there is risk. Get ahead of the proliferation of ransomware attacks.

Key Takeaways:

  • Ask for proof of life if you’re going to pay the ransom on your data.
  • Knowing who to contact is important.
  • An advisory can help to organize your response to hackers.
  • There are downsides to getting your ransomware payments insured.
  • You must treat any threat as a potential data breach.

Key Quotes:

  • “There’s nothing new here from a legal perspective.” – Michael (13:00)
  • “We actually have seen takedowns of ransomware-as-a-service gangs.” – Sherri (22:00)
  • “You have to assume that there may have been data stolen.” – Sherri (24:50)
  • “You cannot figure out what the breach is without the technology side.” – Michael (26:00)
  • “The second you start a letter-writing campaign, you have to be mindful of the fact that you’re creating a record for court.” – Michael (33:10)

Getting Smart Against Ransomware with Sherri Davidoff and Michael A. Kleinman – part 1

In this episode of Chattinn Cyber Marc Schein interviews guests; Sherri Davidoff, CEO of LMG Security and author of the recently released book, “Data Breaches.” And Michael A. Kleinman, Special Counsel, Fried Frank. Sherri started working in cyber security before that was even a term.  And Michael, on the other hand, comes from the legal world. A litigator, Michael started to see more and more clients needing counsel with regard to cyber and use privacy issues.

They begin their conversation digging into the issue of ransomware. Sherri explains what ransomware is and moves into how ransomware continues to evolve. She shares a story of a ransomware case that infiltrated a trucking company. This stranded the trucks and affected the retail industry at large.

They also discuss what kind of legal room the victims of a cyber attack actually have. It’s a complicated issue when business is disrupted—especially when they are contractually obligated to deliver. Sherri explains that businesses need to demand security reviews in their contracts, and the community as a whole needs to understand that transparency around security benefits everyone.

Michael talks briefly about notification laws and how they affect private data in contractual agreements. Sherri says that 75% of ransomware breaches take personal data. What you really need to do is figure out what they actually have before taking the next step of paying the ransomware.

Key Takeaways:

  • There is now ransomware as a service.
  • The hacker economy is demanding more and more specialized roles.
  • A cyber attack can actually cause a breach of contract.
  • 92% of breaches come from third parties.
  • There really aren’t standards for suppliers notifying when there’s a hack.
  • Think about which suppliers have important access to your data.

Key Quotes:

  • “The operational impact of a ransomware case, sometimes by design, often has this huge ripple effect—especially when who’s targeted is a key supplier.” – Sherri (6:00)
  • “Once you start getting into a ransomware case, you start to realize how dependent even little things are.” – Sherri (9:35)
  • “This issue of incidents arising out of third parties is not new.” – Michael (15:30)
  • “You need to understand what the contracts actually say.” – Michael (18:20)
  • “If your data is up there, YOU need to do an investigation.” – Sherri (20:36)
  • “Reduce your access, and you reduce your risk.” – Sherri (21:30)
  • “Today, ransomware is typically the tip of the iceberg. It’s the last thing you see after a long-range attack.” – Sherri (22:25)

How Individuals and Small Businesses Can Protect Themselves From Cyber Threats – with Kristin Judge.

In this episode of CHATTINN CYBER, Marc Schein interviews Kristin Judge, a Leading Voice for Cybercrime Victims. Kristin educates small businesses, elected officials, and nontechnical individuals to use best practices to avoid cyber risks.

Small businesses and individuals are facing a huge risk with the rapid growth of cybercrime, people are losing their livelihood, homes, and mental health. Businesses, as well as communities, are suffering globally.

Kristin discusses the top 3 cyber risks that are impacting individuals and small businesses.

  • Romance Scams on the internet
  • Cyberbullying
  • Ransomware attacks

Kristin started Securing our Community, a program that will help tackle the risk of cybercrimes. In this program, her team will train children and college students to assist less tech-savvy people in their environment. She says, trainees will be able to help individuals, businesses, and communities. Such as adding a malware program to individual’s systems, changing their privacy settings, etc.

Recently, Cyberspace Solarium Commission took a great step to protect individuals and small businesses from cybercrimes. Cyberspace Solarium Commission shared a transition document with the Biden administration that talks about leading a national call center for individuals and small businesses. They also call-out the need for victim services grants. Due to all these efforts of the Cyberspace Solarium and congressional leadership, we are finally seeing that the cyber victims are being served and their voice is being heard.

Topics Discussed in the Podcast

  1. How Kristin Judge started her career in cybersecurity and was appointed to train government officials?
  2. How cyber attacks are impacting small businesses and individuals?
  3. What are the trends of cyber risks and what are the top 3 cyber risks?
  4. What individuals and small businesses can do to protect themselves from cyber risks?
  5. How Kristin’s ‘Securing our Community’ and ‘Cyber Secure My Business’ programs are helping individuals and businesses?
  6. What services are available  for small businesses and individuals?
  7. How an individual can report any cyber issue and can reinforce the security of his/her system?
  8. Where individuals can get constant updates of new information on cybersecurity and cyber risks?
  9. What Cybercrime Support Network (CSN) is doing for small businesses?
  10. What are the benefits of engaging cybersecurity companies with small businesses?
  11. What is the significance of cyber insurance in protecting small businesses?
  12. What’s the importance of securing home networks?
  13. What Cyberspace Solarium Commission recently did to protect individuals and small businesses from cybercrimes?