#fiercecybersecurity

When a kingpin gets hacked, we and our partners talk LOUDLY about it in order to share what we learned, coordinate our endeavors, and batten down the hatches. That is the leadership tact FireEye CEO Kevin Mandia took when last week’s attack was launched against the firm by cybercriminals accessing the same “Red Team” tools used by FireEye (with customers’ permission) to test their cyber-resilience using “white hat” attacks.  Mandia explains “the attackers used a novel combination of techniques not witnessed by us or our partners in the past. The techniques thwarted counter-security tools and forensic examination and allowed the cyber attackers to operate without detection. There’s no evidence that customer information was compromised, but if any emerges the customers involved will be contacted directly.”

You see, just because experts know where to look and what to look for doesn’t mean they won’t be attacked. It simply means they won’t experience a breach that compromises them to an extent that they are unable to mitigate the damage to themselves and those they protect. FireEye walked the talk. Within hours, Mandia was forthcoming, problem on the table, made public knowledge, and mitigating damage.  And I don’t doubt he called industry heads to sit together on this one, virtually and physically (masked or not), burning Tuesday night’s oil in order to throw back a counter play that muzzled the attacker and unraveled their devious plan.

Think Match 6 in world class chess when, in 41 moves, Bobby Fischer dethrones the defending champion Boris Spassky. From move 36:

S: Queen back to E8

F: Rook back to F3

S: Queen to D8

F: Bishop to C4

S: Queen back to E8

F: Rook to F8

CHECKMATE!

Fischer memorized then leveraged the errors Spassky made in former matches with other Chess greats -- errors that Spassky had not memorized or had failed to remember how he salvaged those or how he paid for those errors.

So it was last week with long-standing, well respected, cybercrime fight partner FireEye: their breach got all our attention, as we watched them release the indicators of compromise to those needing to know. Now, companies have the wherewithal to detect whether Red Team tools are being used against them!  FireEye won by recapturing from the criminals any power to negatively spin those useful Red Team tools. As this unfolds, Mandia's positivity of full disclosure is in view for all to behold. Good job.

Make no mistake: We cybersecurity firms (MSSPs) are vying for your cybersecurity business, but we stand shoulder to shoulder in our fight against cybercrime and our common enemy – the Deep Web’s tosses and turns in every corner of the globe! And as Fischer did, we memorize and leverage errors those bad actors make when bludgeoning their way into our networks to try and compromise yours.  

The good news: We win more matches than we lose, and ‘losing’ in our book doesn’t typically mean the bad actors get any further in the game than a few pawn moves due to Artificial Intelligence (AI) tools detecting ‘bad behavior’ we can mitigate in good time.

Is it becoming clearer why your IT folks need a cybersecurity partner? Without our A.I. tools, those who would seize your information assets are only one to five moves away from crying “Checkmate”! So when a powerhouse like FireEye can get jolted head on, what do you think cybercriminals will do to your firm’s well meaning, hard working handful of IT guys and gals who stand bravely yet helplessly outnumbered and without power tools?

Let the cybersecurity experts fight the galactic battles they’re used to winning, so you and your team can sleep easy and awake refreshed to win the economic war you navigate in these turbulent times!

Pamla Davitt, VP Business Development, Data-Guard 365

Data-Guard 365 is a MSSP firm headquartered in Indianapolis, Indiana, with offices in Chicago, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide armored cybersecurity for a price point that pays for itself. 

Outrage is the word that best describes business owners’ reaction to a Federal alert on October 1st, 2020 with this joyful news:

“The US Department of Treasury’s Office of Foreign Assets Control (OFAC)… Issued an advisory alert on October 1, 2020, that serves as a warning to entities who have been or will be the victim of a ransomware attack.” The five-page advisory states that “any company that pays a ransom to a criminal threat actor or any entities that facilitate the payment, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, may be in violation of OFAC regulations and subject to fines.”

OFAC’s explanatory advisory made it clear that acceding to ransomware demands in any situation has negative economic consequences over and beyond the ransom itself. Since the government has no intention of wrassling (*To wrassle – a verb; Wrassling – the national sport of Slamdovia) with cybercriminals nor putting them behind bars, virtual or otherwise, it appears the government thinking is, “Let’s fine the good folks trying to retrieve their seized businesses, and hope they deny criminals a ransom. That’ll stop ’em!”

Obviously, no one in business, in their right mind, wants to engage tech-savvy criminals who pose a threat to U.S. national security interests. But when they come knocking on your network door and threaten your valued relationships’ proprietary information, your business operations, and your livelihood – it’s no wonder you are quick to protect those information assets and s-l-o-w to research whether or not the hackers are on a sanction list! You can be sure that Rat-Team of criminals will keep showing up to the cyber-dance whether YOU pay their ransom or not.

The government’s reasoning for why you should not pay a sanctioned criminal?:  You are emboldening the cybercriminal to commit further crimes.

Guess what? Since this is what they do for a living, your response to cyber criminals’ ransom demands will only result in one of two outcomes:

1)     If you pay the ransom, some of your data is restored.

2)     If you do not pay the ransom, none of your data is restored.

There is no third outcome – the one the government suggests would result if cybercriminals go ‘unpaid’ – that they stop stealing data and stop shutting down companies’ operations. Regardless of which way you play it, bad actors’ enthusiasm and work tempo is not diffused one iota! Why? Because their payload, hack for hack, is so large they won’t even flinch if you don’t pay the ransom…they’ll just sit on or sell your data, then execute the next heist!

Note that OFAC Sanction list accommodations for extenuating circumstances provides some wiggle room for hard-pressed businesses, since the Federal alert states “may be in violation of OFAC regulations and subject to fines” – with “may” reflecting two caveats:

1)     Risk of violating OFAC regulations specific to dealing with threat actors that have been sanctioned; and

2)     OFAC’s understanding of the “complex dilemma” faced by victims.

On a case by case basis OFAC may, due to mitigating circumstances, license payments to be made … with applications considered “on a presumption of a denial”.

The threat by our own government that they, too, may (as in “might”) and again may (as in “permitted by law”) demand a penalty or fine, is one too many sets of sticky fingers in their business as Owners see it. Add to this the fact that the government admits to hiring its own White Hat Hackers – the good guys hired to chase the Black Hat Hackers’ tricks and tactics, and it begins to get blurry when we talk of fines to whom, by whom, for what?!

Take away? Start a dialog if you haven’t already with Data-Guard 365 who, together with your IT team, will document every jot and tittle that your constituents, your insurance vendor, and the government insists on seeing as proof you’re penetration hardened against cybercrime!

Discover Data Guard 365

Discover how Data Guard 365 can protect your organization from malware.  Start by taking the 5-point Value Assessment where you’ll learn how DG365 can enhance your organization’s security position in record time.

Pamla Davitt, VP Business Development, Data-Guard 365

Data-Guard 365 is a MSSP firm headquartered in Indianapolis, Indiana, with offices in Chicago, Atlanta, and other strategic locations across the globe. The company is a one-of-a-kind business partner whose people, processes, and technology provide invincible cyber security for a price point that pays for itself.