Digital Forensics, Crypto Codes, and Ransomware Attacks: A conversation on cybersecurity with Ondrej Krehel

In this episode of CHATTINN CYBER, Marc Schein interviews Ondrej Krehel, He is a former lecturer at FBI Training Academy and Chief Information Security Officer of IDT911, the nation’s premier identity theft recovery and data breach management service. Ondrej is also the Founder and CEO of LIFARS LLC,  a digital forensics and cybersecurity intelligence firm. He authors articles, conducts training, and is a frequent speaker at industry events, such as FBI Academy, RSA, HTCIA, ECTF USSS, and QuBit Prague.

In this episode, Ondrej shares history, explaining how he went from a mathematical physics student to a cybersecurity expert. His career started in crypto, working with code, and eventually oversaw nuclear power plants and Industrial Control Systems.

We chat about  Eastern European Ransomware gangs and the trends noticed in their attack measure. Ondre discusses the  Kaseya attack of  in which the hackers used chain exploit – meaning, it was all in one code. Here’s how it happened – The authentication bypass got them in the file upload and let them upload the files they needed. They got the right to deploy, did a command and code injection, and completely interacted with the system. Ondrej describes this to be a true military type of tactic on a system. The group that led this attack was formidable and had a clear understanding of the legal system in the U.S. 

Quotes:

“I actually exercise a lot and do a lot of specialized training. But I decided that cutting that social life for me, but moving to that career that was very unique, can only shape who I am today.”

“I think that’s what the industrial control system people are saying, that look, the code is so primitive, that it’s easy to do quality assurance. Once you start introducing complexity in integrations, we are not going to be able to control it.”

“These threat actors do diligence very well, they played a card of third party liability. They understand probably also insurance policy of that company not insist they read the policy, but they understand what the premium is, also what the limit of that is, and probably who owns it, and how likely they’re going to get paid.”

“These trackers right now do understand the insurance market completely, they understand how the insurance operates. I was important to this game, they understand the third party liability. And they try companies with a third party liability.”

“What the issue is when it comes to the rebel group is that the rebel group first gets maybe some intelligence. All these exploits, all the tools that we do believe in and debat are somehow connected to intelligence agencies in Russia. And at that level, basically, they truly use a cyber military type of skill set against the commercial enterprises.”

“The challenging piece for that crypto is it has some cell stacks attached to it. There are some fees attached to it, how you’re going to put that on your balance sheet at the end of the day. And also some legal aspects of dealing with the office of the asset controlling involve attorneys. ”

Time-Stamps:

[00:51] – Ondrej’s backstory and career in the crypto world

[04:26] – Ondrej shares his experience in the nuclear sector

[08:43] – The debate on whether to upgrade industrial technology or not

Connect with Ondrej:

LinkedIn  https://www.linkedin.com/in/ondrejkrehel/

How the Center for Internet Security Helps Businesses Against Cyber-Threats with Curtis Dukes

In this episode of Chattinn Cyber, host Mark Schein talks with Curtis Dukes, the former director of the National Security Agency (NSA) and the current Executive Vice President of the Center for Internet Security (CIS),  a non-profit organization that aims to make the connected world a safer place.

Their conversation begins with a discussion on Curtis’ background, specifically on his experience in the NSA. After spending more than three decades in service to the agency, he learned the following:

  • Computer systems must provide their users with a pleasing experience to ensure that they won’t switch to an alternative way.
  • Technology is so ingrained into who we are as a society that we no longer notice it, even though we’re online all the time.
  • Business owners must allocate sufficient resources for the regular upkeep of their hardware and software programs, so that these won’t be exploited by malicious adversaries.

Curtis also talks about the CIS, giving an in-depth explanation of its goals and current efforts. In addition to providing cyber-threat intelligence and analysis to State, Local, Tribal, and Territorial government entities (SLTTs), the organization has also introduced controls and benchmarks that allow businesses to develop effective strategies against cyber-threats. He further recommends that business owners show the efforts they’ve put into building their defenses when trying to obtain a cyber-insurance policy.

Regarding future trends, Curtis explains that the next few years will see ransomware playing an increasingly crucial role in cyberspace. To address this issue, the CIS has developed a community defense model that is based on genuine attack techniques. Published last August 2020 to much acclaim, this program will help businesses mitigate the risk of cyber-threats, enabling them to protect themselves from malicious agents.

Key Takeaways:

  • Technology has become so powerful and ubiquitous that our reliance on it has become invisible to us.
  • Small and medium-sized enterprises (SMEs) need to have sufficient resources to limit their cybersecurity vulnerabilities.
  • Business owners must thoroughly understand the impact of cyber-threats.
  • The cyber-insurance industry still lacks standardization.
  • Ransomware is evolving, with malicious agents often changing the way they operate.

Key Quotes:

  • “But you can quickly see that computers were going to be a disruption, not only within national security systems, which I was responsible for providing security for, but as an economic enabler for society.” – Curtis (05:07)
  • “Technology is ingrained in the fabric of who we are, and how we communicate as a society.” – Curtis (07:14)
  • “It went from ‘let me just lock up your data, and you need to pay the ransom, or you have to recover your data through some other means’ to they started modifying their operations. Not only did they lock up your data, but they also exfiltrated the data. If you didn’t pay the ransom then they threatened to expose the data, some of which could be harmful to the company or personally problematic, as well.” – Curtis (16:23)
  • “By mapping attack techniques to mitigation, I think that’s one way to raise cybersecurity across the board.” – Curtis (20:16)