The Russian-Ukrainian War Is A Lesson On Information Security and Leverage With Greg Radabaugh

In this episode of CHATTIN CYBER, Marc Schein interviews Gregory Radabaugh about his wide range of experience in the military and information security, what the Russian-Ukrainian war illuminates about information security, and the essential practices civilians and security forces must equally adopt to strengthen cybersecurity.

Retired Air Force veteran of 30 years, Greg comes with a repertoire of wealth that ranges beyond overseas reconnaissance missions. He has experience as a DOD civilian, a Defence Intelligence Agency analyst, senior Information Operations planner for the Air Force ISR agency (Intelligence Surveillance Reconnaissance), Director of the Joint Information Operations Warfare Centre, and many high-importance controlled defence and intelligence roles. But after finally retiring from the Department of Defense after 44 years, Greg has founded his own consulting company, Greg Bear Consulting.

With the ongoing Russian-Ukrainian war always keeping world tensions high, Greg suggests you give “Unrestricted Warfare by Colonel Qiao Liang and Colonel Wang Xiangsui” a read for learning in depth about permanent warfare and the absence of a difference between civilian and military targets in the Ukraine-Russia war. Noting from the war updates, Greg shares that although Russia seems to be focussing on justifying their actions to their internal audience, making them see that all is being done to protect them, Ukraine is focussing on the external audience, primarily the West, trying to gain support from the US, NATO, and others providing material, financial, and medical support. He also discusses how both the countries are gathering and making use of commercially available data for warfare – from tracking locations, to cellphone ranges, and a whole lot more. Everything happening in the war is striking from an information perspective.

The civilian sector, he adds, must prepare for war at this point as they could be used to incite or escalate conflict. There could be Denial Of Service attacks, deception, and other planned operations to impact the military by attacking people relevant to its personnel. Families of military personnel are especially targeted by these attacks. This is a side most people aren’t prepared for.

In conclusion, Greg shares that the civilian private sector needs to start thinking about security the same way the military does – for operational security. Using mobile phones and cameras in essential meeting places, not considering the secondary and tertiary access points in places, are a couple of the many things that go unnoticed. For more about it, tune in to this episode with Greg!

Highlights:

page1image12665408 page1image12665984

“The Western concepts of the law of armed conflict relying on Westphalian concepts of chivalry, interior, and territorial integrity, and what constitutes an armed attack don’t apply to our adversaries and potential adversaries in the information environment.”

“Think about how to provide operational security to your business. And then think about how do you shut down our second and tertiary information leakages and then decide, how do I mitigate this threat by doing things, for example, having an offline backup of my network, or having a secondary network that’s offline that can go online immediately, if your primary one goes down?”

“A greater awareness of these operations in the information environment is crucial to private sector success of industrial control systems, security is going to be absolutely critical to maintaining our first world environment that we live in and enjoy today.”

Time-Stamps:

[00:40] – Greg’s early life and founding Greg Bear Consulting [05:29] – Where to connect with Greg
[06:26] – What’s happening with the Russian-Ukrainian war?
[15:19] – Should the civilian sector prepare for a conflict at this point?         [20:42] – What can you do to protect yourself from cyber attacks?

Connect with Greg:

Website:

https://www.af.mil/About-Us/Biographies/Display/Article/108843/gregory-c-rada baugh/

Understanding Ransomware Double, Triple, and Quadruple Extortion With Brad LaPorte

In this episode of CHATTIN CYBER, Marc Schein interviews Brad LaPorte, former top-rated Gartner Analyst for cybersecurity, veteran US Cyber Intelligence, and product leader at Dell, IBM, and several startups. He is currently the Advisor at Lionfish Tech Advisors and Partner at High Tide Advisors, apart from being the Board Advisor at 4 early-stage startups – NetRise, rThreat, RunSafe Security, and TBD. He is also the author of the recently released cybersecurity book, The Rise Of Cybercrime. Today, he discusses the reasons for the increasing number of ransomware attacks worldwide and the measures to avoid or mitigate the risks from the same.

Explaining the increasing number of ransomware attacks, Brad shares that these days, all that is required to extort money from organizations is access to a keyboard on the internet. The barrier of entry to systems has been reduced. Additionally, over 98% of ransomware is paid out in Bitcoin, which is difficult to track. Starting November 2019, double, triple, and quadruple extortion tactics have started to be used, which has also added to this.

Double, triple, and quadruple extortion tactics can be explained hence:

  1. Double extortion is the exfiltration of sensitive data. So, companies are forced to pay the attackers despite having the encryption key or backup data.
  2. Triple extortion is when attackers disrupt the critical operations of organizations involved in, say, manufacturing, healthcare, or education. The criticality of the attack makes organizations highly likely to pay the attackers.
  3. Quadruple extortion is when attackers directly attack your customers or key stakeholders also. Also called supply chain attacks, they are like a force multiplier and cause an exponential increase in the damages.

Answering the question of whether or not to pay when ransomware attackers demand you to, Brad explains that one must try their best not to unless they’re left with no other choice. He also touches on the best cybersecurity practices to follow to mitigate the risks due to the attack, like the 12 key controls given by Marc around cyber resilience. He adds that even though the actual amount paid to ransomware attackers is coming down over time, the number of threat actors is increasing with the decrease in their barriers of entry.

One of the most overlooked reasons for cyberattacks is that over half of the organizations worldwide don’t know about the assets they have in their environment, the third-party vendors and other organizations associated with them, and over 75% manage everything through an Excel spreadsheet as their asset inventory database.

page1image62169536 page1image62163584

Care must be taken to ensure organizations are well aware of their assets, as these could be one of the easiest ways for attacks to happen.

For more, tune in to today’s episode!

Highlights:

“In trying to extort money from organizations, ultimately, all you need is access to a keyboard on the internet. So if you look at some of them (attackers), the people that can actually wreak havoc on organizations are quite vast.”

“Even though the actual numbers of payments are going down and declining… The amount of groups are increasing because of that low barrier of entry and actually increasing it over time. ”

“Over half of (the) organizations don’t know what assets they have in their environment, and over 75% actually manage everything out of an Excel spreadsheet as their asset inventory database.”

Time-Stamps:

[02:33] – Why are ransomware attacks increasing?
[07:15] – Should you or should you not pay when ransomware attacks require you to? [09:45] – The biggest things around cybersecurity being ignored right now
[12:49] – Get in touch with Cory

Connect with Brad:

Website: https://www.linkedin.com/in/brad-laporte/