Story image

EXCLUSIVE: Rick McElroy shares how he’d breach an enterprise

16 Jun 2018

Recently we were given the opportunity to sit down with Carbon Black security strategist Rick McElroy on the current issues and emerging trends in cybercrime.

In terms of emerging trends, McElroy says 2017 was the year of ransomware, but this year is all about cryptojacking.

“At the end of 2017 it really became more about cryptojacking with attackers moving from extorting a company, to taking over their endpoint and printing money by trading cryptocurrencies on it,” says McElroy.

“What we saw from an evolutionary perspective with ransomware, I believe we will continue to see with other ways to monetise endpoints. Cryptojacking-as-a-Service will rise to prominence, and probably some of the same dark web service providers are then going to just use that infrastructure for other purposes. Essentially, for around $10 I can go and buy an attack that goes after someone's cryptowallet. Too easy.”

And there are no signs of cybercrime slowing, as McElroy believes there are a few caged lions due to be released.

“Some of the things that we haven't seen yet will emerge. The NSA had a set of tools that were released into the wild last year, two of those tools ended up in WannaCry, NotPetya and Bad Rabbit. There's about ten other ones that we haven't seen yet in the wild,” McElroy says.

“The CIA also had a tool leak and I haven't seen any of those being used in the wild so we’ll almost definitely continue to see nation's states develop zero days, lose those zero days, and then everybody will have to deal with them.”

McElroy believes the cyberwar between nations has already begun.

“From a nation state perspective, we're in the middle of cyberwarfare but I don't think anyone is ever going to officially call it that,” McElroy says.

“What we're witnessing is a cyber arms race in both the defensive side and offensive and that is not going to stop anytime soon because whoever has the upper hand and can gather the most intel is positioned well from a national security perspective.”

Make no qualms about it, McElroy maintains the digital world is a dangerous place but at the end of the day, it’s not about systems but rather humans vs humans – and that’s how he would breach an enterprise.

“I'm a big fan of the path of less resistance. If you talk about ransomware, a lot of times it's not these big cartels behind it, it's literally like two people in an apartment in Romania with a server. People are effectively paying their bills with ransomware proceeds,” says McElroy.

“For me I would 100 percent go after the human. The human remains the weakest link as I don't have to turn on a vulnerability scanner or use an expensive piece of software to launch an attack. I can simply buy what I need on the Dark Web, weaponise a PDF, send it to a company and I'll see how many people will click on it. Again, the path of least resistance.”

In terms of how companies can prevent this ‘targeting of the humans’, McElroy says the key lies in agility.

“You need a playbook but you also have to be willing to throw those out in a heartbeat and go off-script because if you don't, cybercriminals are going to be interacting with your system faster than you are,” says McElroy.

“Attack chains are becoming more complex as cybercriminals seek bigger pay days. Most teams don't have that visibility into what we call the 'cyber kill chain'. Our philosophy is the further up that kill chain you can drive your visibility, the better chance you have of interrupting the attacker. Most companies focus on the tail end, so the execution of the malware attack. We focus upstream of that which gives us an advantage in early detection.”

McElroy says at the end of the day, Carbon Black operates on a fundamental premise that other vendors don’t, and that is unfiltered data recorded from the endpoint and centralised empowers teams to get the bad guys faster.

“Think of it very simply as CCTV cameras. If I'm going into a 7/11 they're always recording. When an attack happens, law enforcement comes in, they push a button to roll the tape back to determine all the things they need to know, and then they determine who it was and arrest the person,” says McElroy.

“The premise of unfiltered data, recorded and centralised, enables you to apply threat intel and data analytics. Previous to Carbon Black that type of technology didn’t exist for endpoints.”

Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.