Category: Crypto

Posted on

Navigating Ransomware and Cybersecurity: Insights from Cryptocurrency Expert John Morrissey

Podcast: Play in new window | Download (Duration: 8:53 — 12.2MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Mark Schein chats with John Morrissey, Cryptocurrency Operating Compliance Director for Arete, focusing on various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John explains how he ended up in his current role, combining his cybersecurity background with his passion for trading and investing. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC when it comes to making ransom payments. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats.

John shares his journey of how he becomes the Cryptocurrency Operating Compliance Director for Arete. He mentions that he met Joe Mann, the founder of Arete, while working in the Virginia DC area. John became Arete’s first client when he ran a DFIR (Digital Forensics and Incident Response) services organization. With his background in cybersecurity and his passion for trading and investing, John found a perfect fit in his current role, where he manages crypto relationships and helps clients navigate the complexities of the market.

The conversation then shifts to the concept of crypto puzzles and the volatility of the cryptocurrency market. John explains that crypto is the most volatile asset in the world, and its value can fluctuate significantly in response to market conditions. He gives an example of how Bitcoin’s value dropped from $69,000 to $16,000 during a market crash. John highlights the challenges of working with a new industry that lacks regulation and dealing with assets that are highly volatile. He emphasizes the need to understand how all these factors fit together.

The discussion then turns to ransomware attacks and the changing demands of adversaries. John mentions that during previous market crashes, ransom demands were often made in Bitcoin. However, after the crash, there has been a shift towards demanding cash instead of Bitcoin. He notes that the ransoms are increasing year over year, with some groups demanding even higher amounts. John also mentions the increasing scrutiny and compliance requirements imposed by organizations like OFAC (Office of Foreign Assets Control) when it comes to making ransom payments. He explains the steps Arete takes to ensure compliance, including analyzing threat actor wallets, conducting blockchain analysis, and verifying the absence of sanctions.

Mark asks John how Arete can help in situations involving ransomware attacks. John explains that Arete is a full-service organization specializing in digital forensics and incident response (DFIR). They offer assistance from the moment a hack is discovered, providing a 24/7 phone number and email for immediate response. Arete’s team helps clients through the entire process, from triage to recovery, and even offers guidance on planning and prevention. If necessary, Arete can also assist with the process of making ransom payments.

In conclusion, the conversation between Mark Schein and John covers various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John shares his background and how he ended up in his current role. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. Arete’s role in assisting clients with ransomware attacks is also discussed, highlighting their full-service approach and expertise in digital forensics and incident response.

Key Takeaways

  • Cryptocurrency prices and demand for ransom payments in crypto vs fiat currency fluctuate a lot based on market conditions. When crypto prices crashed, ransom demands shifted to be mostly in cash rather than bitcoin.
  • Ransom amounts continue to rise steadily, with increases of 20-30% year-over-year being common.
  • OFAC regulations and government scrutiny are making ransom payments more difficult with requirements to verify the ransomware group is not sanctioned.
  • Arete offers comprehensive incident response services including forensics, monitoring, planning, and facilitating ransom payments if needed. They have a 24/7 hotline to call for immediate assistance.
  • It’s important for organizations to take cybersecurity seriously and invest in good tools and processes to avoid becoming victims of ransomware. Arete recommends deploying technology like SentinelOne for prevention and detection.

Key Quotes

  • 1:25 – “So it’s great taking some cybersecurity background and melding it with my market background. I became the crypto operations and compliance director at Arete.”
  • 4:03 – “But after it crashed, we actually saw very few pure bitcoin ransoms, and most of them in cash. So whether it’s the psychology of it or just they wanted some consistency outside of the volatility, but today, 95 or more percent of the ransoms are all in pure cash versus bitcoin.”
  • 5:32 – “So we actually take it upon ourselves to look at really every cyber indicator compromise. You always take a threat actor wallet and throw it on the effect sanction list … But we do a lot of analysis on the blockchain of prior transactions that the threat actor might have done.”
  • 6:47 – “We have an Arete 911 phone number. You can just do a Google search of ‘Arete 911’ and find us. So we have a phone number that’s 24/7, we have an email that’s 24/7. Once we receive your email or call, we will be on the phone with you within half an hour to help script that.”
  • 8:33 – “But there’s a lot of great. Yeah, a lot. But there’s a lot of great process and a lot of great technology out there to help you. But I think just take cyber seriously and, or if not, you know, you’ll find yourself in trouble one day.”

ABOUT OUR GUEST:

John Morrissey is a seasoned Technology Sales and Services leader with a strong focus on Customer Success. With extensive experience in assisting National Defense, Civilian Agencies, and Commercial Enterprises, John specializes in successfully implementing cutting-edge technologies such as Analytics, Big Data, Machine Learning, Cyber Security, Fraud, Risk, eDiscovery, and Investigative technology. Throughout his career, John has demonstrated a remarkable ability to build and grow organizations, delivering high-end consulting and enterprise solutions. He is a results-oriented leader with a proven track record of overcoming complex business challenges and making critical decisions with experience, good judgment, a strong work ethic, and unwavering integrity. With a keen vision, determination, and exceptional skills, John is adept at driving increased revenue and profitability for organizations. 

FOLLOW OUR GUEST:

LINKEDIN

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

Posted on

Unleashing the Power of Blockchain: Transforming Transactions and Process Engineering

Podcast: Play in new window | Download (Duration: 12:30 — 17.2MB)

Subscribe: RSS

Summary

In this episode of Chattinn Cyber, Marc Schein sits down to chat with Paul Dowding, co-founder and head of design at L4S Corporation, focusing on blockchain technology and its real-world applications. Paul, an authority on digital assets, begins by demystifying blockchain for novices, describing it as a distributed ledger system that eliminates reliance on central authorities for transaction validation. He explains the intricate process of trust-building within blockchain through mathematical hashing, emphasizing its potential to revolutionize peer-to-peer transactions and reduce errors.

The dialogue delves into Paul’s journey into blockchain, revealing his unique background in operational infrastructure and encryption. He recounts how his expertise in engineering and global banking operations converged, leading him to explore blockchain’s capabilities and limitations. Paul’s insights shed light on the challenges faced by early blockchain solutions and the development of Tapestry X, a distributed ledger designed to meet scalability, interoperability, and real-time processing needs.

Marc and Paul explore the intersection of blockchain with AI, highlighting opportunities for algorithmic inference and auditable record-keeping within blockchain networks. They envision a future where blockchain simplifies transactions to the extent of communication protocols, ushering in an era of seamless peer-to-peer interactions. Paul underscores the potential of blockchain in diverse sectors like capital markets, supply chain management, healthcare, and identity verification, showcasing the versatility and adaptability of L4S Corporation’s offerings.

The conversation concludes with Paul extending an invitation for further engagement through LinkedIn and TapestryX.com, emphasizing the accessibility of blockchain technology for businesses and individuals alike. His closing remarks underscore the transformative nature of blockchain as a process engineering and operational control innovation, urging listeners to perceive it beyond mere technological novelty. The dialogue encapsulates the profound impact of blockchain on transactional efficiency, trust-building, and future digital economies, setting the stage for continued exploration and innovation in this dynamic field.

Key Takeaways

  • Blockchain is a distributed ledger technology that allows peer-to-peer transactions without a central authority. It uses cryptographic hashing to ensure data integrity.
  • Blockchain has the potential to simplify transactions, reduce errors, and enable near real-time settlement. It could be as transformative as the internet protocol.
  • Paul got involved with blockchain in 2014-2015 when enterprises were starting to explore it. He saw limitations in early solutions which led to developing Tapestry.
  • There are opportunities to use blockchain to track what data AI bots have absorbed, creating an auditable record. AI could also potentially help drive what gets recorded on a blockchain.
  • Tapestry is a configurable, scalable blockchain solution focused on accounting to enable real-time transactions. It is industry-agnostic and can be used for supply chain, healthcare, voting, and more.

Key Quotes

  • [00:03:10] “So there’s a mathematical way to give your own ledger so that you can trust other people based on what you see, not what they present to you. And then there’s a method of agreeing it across the ledger. And so this allows, rather than you transacting through central authorities, what bitcoin really showed the world was you could transact peer-to-peer, or b-to-b, without that central authority, which then means you can settle in hours, minutes, or not seconds.”
  • [00:06:15] “The […] origination of what became Tapestry X was going back to the basics and saying, okay, let’s take the blockchain concepts, but design a distributed ledger that meets the requirements, configurability, scalability, high capacity, real time with accounting and interoperability.”
  • [00:08:04] “The Internet protocol made the Internet. No one could imagine Netflix streaming, Amazon, Airbnb, Uber before the Internet existed […] once it’s really implemented at scale and universally, [blockchain is] going to open up ideas and services that we can’t even imagine today.”
  • [00:11:31] “Blockchain is not technological innovation. It’s a process engineering and operational control innovation. And that’s how people need to think about it.”

ABOUT OUR GUEST:

Throughout his career, Paul Dowding’s goals have been to develop and improve the global financial services industry commercially and operationally while making it intuitively accessible. Combining an engineering background with practical global operational industry experience and academic research, he has been able to affect innovative change collaboratively. Paul focuses on reducing risks and costs while improving the revenue opportunities, quality, accessibility and speed of innovation within the transactional industries via a differentiating approach to Distributed Ledger Technology (DLT), which he devised and helped design. He created TapestryX from an understanding of process engineering and control, encryption techniques and lay-interest in meta-mathematics.

 

FOLLOW OUR GUEST:

WEBSITE | LINKEDIN

ABOUT OUR HOST:

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

FOLLOW OUR HOST:

WEBSITE | LINKEDIN

Posted on

Driving Innovation Using Simple Secret Management With Brian Vallelunga

Podcast: Play in new window | Download (Duration: 24:16 — 33.3MB)

Subscribe: RSS

In this episode of CHATTINN CYBER, Marc Schein interviews Brian Vallelunga, CEO of Doppler, a San Francisco-based company that provides secrets management software for developers. Brian has been featured in the Forbes 30 under 30 for enterprise technology experts for his outstanding achievements with Doppler. In addition, he has attracted the likes of Sequoia, Google Ventures, Kleiner Perkins, and Peter Thiel to invest in his startup.
Brian worked at Uber which gave him the needed experience and stability to help launch his own business. He founded Doppler to make secrets management easy for developers, which would increase a company’s security further.
A significant challenge Brian and his team faced with their company was fundraising — almost all the investors they came across were a bad fit for their company. It led them to join Y Combinator, a startup accelerator that has helped launch over 3000 companies to date.
Posted on

From Insurance to Crypto – Understanding The Trends in Law with Stephen Palley

Podcast: Play in new window | Download (Duration: 16:24 — 22.5MB)

Subscribe: RSS

In this episode of CHATTINNCYBER, our host Marc Schein interviews Stephen Palley, partner at Anderson Kill. He chairs the Technology, Media and Distributed Systems group of the organization. Stephen is also a regular speaker and prolific writer on insurance, construction, and technology. He is the lead editor and contributing author to the ABA Forum on the Construction Industry’s best-selling treatise on construction insurance.

When in law school, Stephen had planned on becoming a technology lawyer. In a few years, Stephen had learned programming, found a new method for settling cases, and turned it into a software program! He then came across Bitcoin and Ethereum – two branches of crypto assets, and started working for crypto clients both on the front end regulatory compliance and handling disputes. Hence, interestingly, Stephen had set his career as a successful crypto lawyer at a firm best known for representing policy holders.

Stephen speaks on regulatory crackdowns within crypto in the U.S. and China. The crackdown in China has impacted Bitcoin miners, and a lot of that impact has moved to the U.S. But Stephen firmly believes that a similar crackdown cannot happen in the U.S. Stephen also comments on recent guidance from the OFAC around Bitcoin and the facilitation of ransomware payments. He says the guidance puts victims in between a rock and a hard place.

Stephen also gives guidance for millennials and Gen Z’ers who are fascinated by cryptocurrency. He says no matter what new thing is brought up, you need to remember that regulators and law enforcement judges will have access to it. Also, this is never quick money without effort – risks exist.

Quotes

“We already have a fairly well-developed regulatory framework and a way of understanding crypto. I think it is too deeply embedded in our business at this point for it to disappear.”

“What we do tell people is that when faced with a conundrum, we definitely want you to be in touch with law enforcement.”

“If you are expressing a favorable opinion publicly about a security and you have a stake or position, and if you are being paid to promote it, under federal law, you have to disclose that.”

“Just because you gave something a new name doesn’t mean that regulators and law enforcement judges won’t be able to deal with it and address it.”

“One of the reasons for the fascination with space is pure and simple: the promise of hope for quick profits with not much work. I’m sorry, but it comes from somewhere, there’s always a risk, and somebody always pays.”

“What people don’t know is what’s happening behind the scenes. Most regulatory enforcement actions are confidential. You have no idea what the competitor is dealing with.”

Time-Stamps:

[01:03] – Stephen reveals his story of getting into insurance law and crypto.

[04:21] – Stephen comments on the regulatory crackdown in crypto in the U.S. and China.

[08:30] – Guidance from OFAC on Bitcoins and facilitation of ransomware payment.

[12:47] – Advice for the millennials and Gen Z who have a fascination with cryptocurrency.

[14:33] – Risk management and insurance policies.

Connect with Stephen:

Email spalley@andersonkill.com

LinkedIn  https://www.linkedin.com/in/stephendpalley