B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 2 years ago

Cybercrime: Protecting Yourself Now & In The Future


As technology continues to advance, the world is able to progress forward. 

Unfortunately, not all agents use the development of technology for good. 

Anthony Giandomenico, Senior Security Strategist/Researcher for Fortinet, fills us in on the precautions organizations should be taking to remain secure in a volatile environment. 

He covers:  

  • The current landscape of malware. 
  • Ransomware’s progress. 
  • Cybercrime trends. 
  • The future of B2B technology and security.  

Access the Q2 2019 Threat Landscape Report here. 

Follow Anthony Giandomenico on LinkedIn. 

If you want to know where theattacktrends are follow the technology trends, because as new technology newthings start to kind of crop up on the Internet, you can be sure there's goingto be additional attack. bectors there you're listening to be to be tectogedwith ingr micro, the place to learn about new technology and technologicaladvances before they become mainstream. This Pied Gast is sponsored by dealingtechnology, make your home, smarter, safer and truly seamless, let's getinto it, welcome to be to be tecoff with anger,micro, I'your, host Kerry Roberts and our guests today is Anthony Giodemenico,the senior security strategist researcher and Cyber ThreatIntelligence lead at forn. Anet. Welcome, Tony so thrilled to have youhere today, thanks for happing in me man, it'sawesome, Bosson the beater. Yes, so we're going to be talking about CIBERsecurity and trends today and Cibersecurity, you know, malwar isgetting bigger and faster and stronger. What are you doing to keep track of?All of this was something interesting that th? U H, we do here, an Ford in itand my team is kind of heavily involed in this is a we're. Really. Everyquarter were focussed on identifying the actual trends, and we do thatthrough our quarterly threat landscape report, what we're doing as we'relooking at the different types of Trand, specific to application, exploits molarbotnets and we're trying to find little kind of trens or nugget that we canpull out and then then we can pass that information on to the securitypractitioner and then they can start the focus, ther's security efforts. Onthose specific you know, trends and whatnot. I tell you we found a. We found a lotof different sort of trends. We've been doing this for quite a few years now,and you know this year, you know we're always you know continued to findinteresting things. One of the things I wanted to talk a little bit about is umthe evasion techniques. I mean think this is important for organizationsunderstand that the evasion techniques are getting a lot more advancs a lotmore of them out there I say: There's probably sixty you know, plus differenttechniques. An advissary can use to be alle a circumvent, some of yoursecurity defenses and also a lot of open source too you', be surprised howmany open source tools are available out. There say on Gidhub that you canlaverage and use to be Ale. The mask of the malicious intent of your malware.One specific one evasion technique that we see sort of trending a bit is theability for the malware to be able to go through once it's on your machine,go through a list of processes and see what a v software, maybe on your system,find that one and turn it off 'cause. If they can turn it off, then they cando whatever malicious activity they want and you're never going to getalerted on it. So with that said, it's important to make sure that securitycontrols that you have on your machine make sure you can identify when theyare being turned on and turned off, because there m a that may beindicative that something may be happening, anomalous on your machineand I don' care. I do see this a lot sometimes as kind of alarms me. The Nuser seems to have enough access to turn on and off the security controls.That should never happen. You shouldn't allow the employees to be able to dothat, because if that does happen, obviously they can shut the shieldsdown, but also you're not going to be Ol a baseline and be able to determine.If you know someone does shut something down as in the farest or not so itcould be a false positive. So that's one of the e acual things that we'relooking at h. You know from an evasion side, but I bet Yo. I bet Y you'regoing to ask me a question about what's going on with ransonwere. Aren't you?Yes? Yes, let's hear more about that,...

...because you know you do these quarterlytrends every few months, it's constantly changing. So yes tell usmore about that yeah! You know it's teransomware seems to be near and dearto everybody's heart these days and it's you know it's it's not going away.It's been around for quite some time, it's not going away, but the tacticsthat the adversaries are using to get that malicious paload down on theenvironments into those actual networks is kindo. Changing a little bit what'shappening. Is You know, t well traditionally what you would do as anadvessary? It was more of a spray and prey you would just strew this milerout there see if it sticks on the wall. Whatever sticks. Okay, that's what I do.It's like you throw out the biggest ned, see who clicks that link and then OuKnowyo hope for the best. Well that worked out in the beginning. But now Ithink adversaries are finding that if they were a little more targeted wherewe c they can do a little bit more research and identify whichorganizations have a little bit of a security posture. That's not as robustas it needs to be. Te'll have a better chance of successfully getting theirpayload in there and that's exactly what they're doing they're being moretargeted and right in the middle of those cross hairs as local andstategovernments, different H, cities and municipalities, the city of Baltimorethey got hit. The city of Atlanta last year got hit with the Sam Samransomwhere. The latest one here in Texas, a Texas Department ofInformation Resources also got hit so they're having a lot of success if theyspend a little bit more time doing a research, the sea which organizationsmight not have the robust security postere needed to defend against thesethings. I'd also say because they're being more targeted, the initial, notall the time but often times instead of using an email, you know to be able todo some type of fishing attack to get that initial entry point into thenetwork, they're looking at remote, desktop services that might be exposedout there, remote desktop services. If you have that out there, anorganization would use that to allow someone from the outside to be able toconnect imto the network. Now, there's a lot of other, more secure ways that Iactually do that, but an easy way to do. That is just a throw an already peaceserver out there. What's happening is theses already. Pece servers aren't asseture as they need to be, and the passwords, maybe Anas strong. So theadvisaries are compromising these ardy p servers and processes, and that'stheir initial entry point into the network. So I would say make sure thatif you do have ldy pout there sure you cannot make sure that it's more seture,if you can find a better solution for like maybe a VPN that might be a betteroption and internally in your security posture, if you're not quite up to you,know to the level you need to be to Bild identify when Aransomwhere, maybein your network, make sure you have the proper procedures to be able to restoreyour backups fairly quickly and restore all that data that had been entriptedfrom ransomwhere. So ths are some of the things that are going on with ransomewhere. If we move in the sumthing else gosh. I love Kindo talking aboutthis because it just continues to get uh. You know, I guess worse and worseis Um. This swarm, like a activity that we continue to see what happens is, andyou know I ask this question 'cause. You know people will say Hey Tony, youknow what are the attack trends? Well, I always say I follow ut. Well, if youwant to know where the attack trends are follow the technology trends,because as new technology new things...

...start to kind of crop up on theInternet, you can be sure there's going to be additional attack bectors there,and in this case earlier on in the year one of the the actual technology trendsis rigt. I mean it's, it's social media, it's getting this valuable content outto the public, so they can read that and everybody wants to make sure thattheir content is superinteresting. It's refreshed, and it's always out there.It's Ollye always available content management systems. Allow you toeffectively get that updated information out there, contentmanagement systems like word, press Jumela, Drupole, all those areavailable out there. Few and terthey're awesome to be able to get thatcontinout there, however, they're always wriggled with additionalvulnerabilities Jumla alone had about six new vulneabilities. They announcedthis year. Adversaries definitely know this and they're taking advantage of it.In two one of this year, they were looking at different vulneabilitiesthat they successfully exploited and were able to then distribute theire,ransomewhere or host different types of fishing sites. So that's another thingwhere the there once they identify that technology trend and they see someonewho successfully exploited that vulnability on that particulartechnology. That starts the trend, everybody else swarms in on it and theymake sure that they have that exploit for that vulnerability within they're,overall sort of wepartoir there, no malware or n adversary or exploit as a service. Soit's interesting stuff that we're kind of seeing out there now I can go on andOnn Carr with all this stuff um, but h I'll, probably just end it with thisone here, which I thought was fairly interesting. You know the bad guys umthey have in the sabracrome ecosystem. It's a very competitive market.Everybody is vying or your services in the affiliate program in theCYBECRIMICO system, these ransomwares as a service as Malwer as a servicethere's so many different options out there. As a you know, consumer who's,looking to rent or by one of these actual ou know tools. They have to beabl to market these things they have to be able to differentiate themselves.One thing that's very important as it needs to be stable. They need an actualstable on a system or infrastructure for you to be able to leverage theirparticular products now, because of that, we've actually starting to seethis tremwe dis some analysis and some research. We found out that a lot ofthe botnthat infrastructure and what have you where they deliver. You knowthe milware and they were able to kind of you know, communicate with them.owwhere they're, sharing the same infrastructure right they'l, look foryou, knowsome of these in hosting site. These bullet proof hosting sites thatare save they're secure. They know they're not going to be taken down,we'll see multiple milwares, multiple thread actors or NRANSONWER. As theservicees they're. Using this infrastructure, we saw almost up thesixty percent of some of the milware that we've actually seen we're usingthis same infrastructure, hey everyone. We hope you're, enjoying this episodeof Bto B Tec Talk With Ingram migro. We wanted to let you know about one of theindustry's most important events: Inger Migros, one o thousand and nineteenevent on Novemer Eighteenth through November twenty first at the Gay LordRocky's convention. Siner one is your chance to experience. What's new andexciting insecurity, iote cloud and more also you'll be able to networkwith other businesses, industry experts, Kingra, miproassociates and orvendorporkrs contact your Ingra micro...

...representative for details on how toregister today all right, let's get back to the show, I like how you're saying you know. Asyou know, it's it's getting worse because there's new technology, that'sforming, can you share any insider data or thoughts on now, using smart homesand businesses, and what kind of that might be bringing to the future? Youknow it's. We definitely want to continue the innovation of the latestand greatest technology. No Y 'cause. It just makes your life better, makesmy life better to make our future an a families. Much better. You know it'simproving our overall life and- and this is Grea, the problem is IV. Youmentioned before so many different new attack actors get implemented in hereand I think the smart homes, the you know, selfdriving, Ou know vehicles all that are going to be additional tact fectors andwhat you don't realize sometimes is all this stuff ends up being interconnected.One of the things that actually Kindo you know connects it all is going toend up being your phone 'cause you're, going to have apps on your phone.That's going to be communicating with your vehicles going to be communicatingwith all of your smart home debises. It may be even communicating with maybesome of the business management, so the systems that you may be working at sothere's going to be. You might not think that it's interconnected, butit's all going to be like sort of intertwined together. So I think it'sgoing to be important to actually make sure that, especially if you're aremote worker, let's take for an example, the smart home you're, aremote worker- you got your laptop here, Youe kind of cooked into your network,Youre Nwifa, cut, polocally and then you're reaching back home or back outto your organizations network. Many Times your on the same network as allthese other smart devices. So I think, as a business, making sure that, aspart of your user awareness training program, you make sure that theemployees are familiar and they understand that hey you have all thesesmart devices out there make sure that you're, updating and you're patchingall these particular sort of home smart systems and also making sure as anorganization. You probably want to separate your network that you connectinto to your business as opposed to that Wyfind network that you haveavailable for all of your home and your smart devices. A lot of the theIOTEDEVICES, the home routers have the ability to separate those actualnetworks. It might make sense to actually do this and one more thing I Ikind o want to allude to this Um. Maybe this is a you know, an ending sort ofquestion, but all this stuff I talked about what happens when five g comesout. That is just going Ta just totallychange the game, because any device that connects to the Internet is goingto have the same speeds as you have in your home, Wifi, well, you're beingable to download something with seven hundred megabites per second. So it'sgoing to be really interesting in the coming ears to see how that actuallyshakes out when we have speeds that any actual device that has an ipadess isgoing to be Allo like leverage. Now Your company does so much with thesereports and you have new CIBER security playbooks. Why are you putting all ofthis together yeah? You know these thrats are playbooks ensurprising,they're, really taking off and to be able to answer that question about theactual playbooks themselves. I got to back up a little bit and talk a littlebit about what was being done outside of Foreignternet, to really lay thegroundwork for us to be able to put these playboaks out there and there'san organization called Miter and Mitres. It's not for profit organization thatoperates Om,...

...multiple federally, no funded sort ofresearch and development centers. So they come up with these differentprojects that really are supposed to help the overall community this onethat they put together. He last few years called the miner attack framework,a modern technologe base. What they did was they looked out there at all theopen source avenues and they grabbed all the security reports from bendersfrom security, researchers and what they did is they compiled all of the known tactics, thetechniques and the procedures, an advirsary would use to complete theircibrermission. They documented it all. This is amazing, and this is reallygreat. You know for me, because most organizations they buy, you know bendtheir software, they put it in place and they think that he they're m. Youknow fairly secure, but they don't really know how effective or ineffective theirsecurity posture is to these specific types of attacks, because unless you're,really in it every single day as a threat, researcher Yo, don'tnecessarily know all these things, but now having this stuff freely available,it's out there on the Internet. You can look at a specific technique and it'llgive you an overview. What it is it'll talk about, what operating systems maybe affected? It'll talk about ways that you can be able to detect or protectagainst it. What logs you need to be able to collect, maybe what high leveltechnology can help you be able to protect against this stuff? So it'sreally amazing. It gives us a common language now that we can usethat, then can be measured. So you take that common frameor and those of thetactics and techniques we are using, then to be able to crate or threatactor playbooks, and this is exactly what we're doing you know. My my teamand others at Fortenet are creating were identifying different threadactors that may be trending different types of campaigns and were researching various different campaigns thatthey've done over the last few years and were mapping out all of theirdifferent tactics and corresponding techniques back to the MITER attackframework. So that really gives a good baseline now for an organization to seehow effectivr ineffective their security posture is to some of thoseattacks. Now there is so much information that you all provide, and Iknow it can seem overwhelming for some businesses. So how do they maximize thebenefits of this concentrated research? What can they use to help theirbusiness thrive? Maybe the first few steps they can take yeah, I know N.first and foremost, I would go back to and I'll go back to the conversationaround the MITER attack framework. I think organizations need to startlooking at. How can they operationalize this might ar attack framework Rightso,also going in and just getting themselves familiar with what theadversary's actually doing to complete their cibermission get familiar withthat? It can also be your Leberages are used as a training tool right for folkswhor just getting into the industry, and they want to understand it a littlebit more ye once you understand it, you can start to what I refer to asoperational lising. These particular tactics and corresponding techniques.You'll were seeing a trend here on the organization side, where they'relooking at these types of tactics and techniques and they're making sure that their security posture canproperly defend it against them. Now this is an ongoing process. It's goingto continue to go. Noy N never ends right. I meansecurities, a process a's a continuous life cycle, but if you get started,you'd get a better idea of what your security posture looks like and whereyour gaps are, where your strengs and where your weaknesses you have that nowyou've started looking at our playbooks...

...and you can say: Oh Hey. How well do I shore up against thisparticular threat actor? It looks like they're, you know targeting me and myspecific industry. How well will I farewell? You can look at our playbokviewer and you can see the tactics that they're using and then you can go backto your map and say, okay. Well, how do I deal with that? Doh? I have a gapthere, or am I actuall pretty strong here, so you can quickly identify whereyour strengths and weaknesses are and I'll say. All of that ends up beingable to answer that. One question that always seems to be so difficult for for the folks that are who ereresponsible for securing that their own infrastructure- and that is whenmanagement kindo comes into Hay. Ie just read in the newspaper thisparticular threat actor is doing xwuise the attack. How well do we far upagainst that without having this foundational information, it's veryhard to get back to your management and give hem an Actul, I guess an effectiveand an actual true statement. 'CAUSE IT'S DIFFICULT! If you don't have thatparticular visibility. Now what I will say: Forusebileo crate these thread:Acor playbooks. It takes time. So one of the things that we're m working onas being able to automate this a little bit more in You kN one of the thing Yo.We have a couple of projects that are going on, but one we're working with hecyber thread alliance to build a build these newer. You know, systems thathelp us automate the actual process of determining one of the these kind oftactics and corresponding techniques. Now it's never going to be totallyautomated. We're always going to have to probably have some human interaction,but I think it will reduce the amount of time that we do these things. I'llalso mention- and it's important for this. A lot of the vendor technologiesare also starting to implement this mightar attack knowledge base intotheir products with our overall security fabric, we're in a very uniqueposition for US 'cause. All of our security controls are able to addressalmost every single attack. bector a t adversary has to be able to come intothe environment with that said, we're starting to look at, and we start outwith our sandbox technology. First, where we're starting to implement thesetactics and corresponding techniques that are tomiter to give the end user a little bit moreinformation and make it easier them for them to identify exactly what'shappening in their environment. So if people want to learn more about whatyou discuss today, Tony, where is the best place for them to find thatinformation sure sure yeah? We have a lot of different outlets that you canprobably get this information from, but what I would do is go to fortigard dcomFord. Last playbook and you'll see our playbook yeuer there. You can select onthe different nowthread actors and see some of the tack, Thats andcorresponding techniques. You can also you know, check the show notes. Thereshould be other detailed information in there as well great. The last questionI have for you. I know you talked about five G, but where do you see technologygoing within the next year? That's mean, I think, that's the big one, it's kindof f. When five g comes out, I think you're you're seeing little pockets ofit in certain cities and they're kind of experimenting with it. Now you know,but I think by Thosan and twenty, maybe you know twent and twenty one. It's going to be out there andeverybody's going to have access kind, a tuit you're going to be walkingaround m anywhere. you go having the same speeds like I mentioned as ifyou're in your you home, and I think that is going to really be a gamechange. It's almost like when we went from dial up to actuallyjust having these. You know these cable modems. You know these diocel modems,so many other new services are going to be made available. I don't even knowwhat they all are, but if you think the...

...the volume of threats is bad now andthe attack vactors are bad. Now it's only going to get worse. I only saythat, because now every single device- these iotita vices- U are going to havethe same speeds that everyony else was going to be able to have- and I think,if I remember Gartner said I think around twenty twenty there's going tobe twenty one billion of these io t devices out there. So that's a lot ofdifferent attack, vectors, a tack surface that the advesary is going tobe able to use to capitalize on whatever sibemission they're trying toactually be able to complete. Well. This has been so incightful. Thank youso much Tony for your time. No no problem wall was great. Being her.If you like this episode or of a question, join a discussion on twitterat Ingram Texsol with the Hash Tag Beta be tectok. Thank you for tuning in andsubscribing to be to be TEC. Tak with ingrham micro, you've been listening to B, to betectalked with Inger micro posted by Kerry Roberts and sponsored by dealingtechnology. PTOBETETAK is a joint production by sweetfish media and Angemigro Inger mygro production handled by Laura Burton and Christine Fam to notmiss an episode subscribe today in your Favorite Pot cast platform.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (331)