sb-nz logo
Story image

EXCLUSIVE: Rick McElroy shares how he’d breach an enterprise

16 Jun 2018

Recently we were given the opportunity to sit down with Carbon Black security strategist Rick McElroy on the current issues and emerging trends in cybercrime.

In terms of emerging trends, McElroy says 2017 was the year of ransomware, but this year is all about cryptojacking.

“At the end of 2017 it really became more about cryptojacking with attackers moving from extorting a company, to taking over their endpoint and printing money by trading cryptocurrencies on it,” says McElroy.

“What we saw from an evolutionary perspective with ransomware, I believe we will continue to see with other ways to monetise endpoints. Cryptojacking-as-a-Service will rise to prominence, and probably some of the same dark web service providers are then going to just use that infrastructure for other purposes. Essentially, for around $10 I can go and buy an attack that goes after someone's cryptowallet. Too easy.”

And there are no signs of cybercrime slowing, as McElroy believes there are a few caged lions due to be released.

“Some of the things that we haven't seen yet will emerge. The NSA had a set of tools that were released into the wild last year, two of those tools ended up in WannaCry, NotPetya and Bad Rabbit. There's about ten other ones that we haven't seen yet in the wild,” McElroy says.

“The CIA also had a tool leak and I haven't seen any of those being used in the wild so we’ll almost definitely continue to see nation's states develop zero days, lose those zero days, and then everybody will have to deal with them.”

McElroy believes the cyberwar between nations has already begun.

“From a nation state perspective, we're in the middle of cyberwarfare but I don't think anyone is ever going to officially call it that,” McElroy says.

“What we're witnessing is a cyber arms race in both the defensive side and offensive and that is not going to stop anytime soon because whoever has the upper hand and can gather the most intel is positioned well from a national security perspective.”

Make no qualms about it, McElroy maintains the digital world is a dangerous place but at the end of the day, it’s not about systems but rather humans vs humans – and that’s how he would breach an enterprise.

“I'm a big fan of the path of less resistance. If you talk about ransomware, a lot of times it's not these big cartels behind it, it's literally like two people in an apartment in Romania with a server. People are effectively paying their bills with ransomware proceeds,” says McElroy.

“For me I would 100 percent go after the human. The human remains the weakest link as I don't have to turn on a vulnerability scanner or use an expensive piece of software to launch an attack. I can simply buy what I need on the Dark Web, weaponise a PDF, send it to a company and I'll see how many people will click on it. Again, the path of least resistance.”

In terms of how companies can prevent this ‘targeting of the humans’, McElroy says the key lies in agility.

“You need a playbook but you also have to be willing to throw those out in a heartbeat and go off-script because if you don't, cybercriminals are going to be interacting with your system faster than you are,” says McElroy.

“Attack chains are becoming more complex as cybercriminals seek bigger pay days. Most teams don't have that visibility into what we call the 'cyber kill chain'. Our philosophy is the further up that kill chain you can drive your visibility, the better chance you have of interrupting the attacker. Most companies focus on the tail end, so the execution of the malware attack. We focus upstream of that which gives us an advantage in early detection.”

McElroy says at the end of the day, Carbon Black operates on a fundamental premise that other vendors don’t, and that is unfiltered data recorded from the endpoint and centralised empowers teams to get the bad guys faster.

“Think of it very simply as CCTV cameras. If I'm going into a 7/11 they're always recording. When an attack happens, law enforcement comes in, they push a button to roll the tape back to determine all the things they need to know, and then they determine who it was and arrest the person,” says McElroy.

“The premise of unfiltered data, recorded and centralised, enables you to apply threat intel and data analytics. Previous to Carbon Black that type of technology didn’t exist for endpoints.”

Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Got crypto? Pay tax – A quick look at IR's new crypto-asset guidance
Inland Revenue's new guidance aims to provide more certainty for New Zealand taxpayers who hold crypto-assets, and to help people ‘get things right from the start’.More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More