Cybersecurity is evolving at lightning speed, as more data and is communicated and stored electronically, and cyber criminals have grown in both their sophistication and numbers.
What can businesses do to keep their networks – and the valuable information stored on them – secure?
At today’s NJBIA Cybersecurity Summit titled, “Cybersecurity Practices for a Business Like Yours,” experts from state and federal law enforcement and industry revealed cyber concerns for businesses, and offered advice on how to address them.
Michele N. Siekerka, NJBIA’s president and CEO, told the audience, “Today we are excited, because you will be hearing from some tremendous experts from: IT, federal and state law enforcement, attorneys, financial investigators and corporate leaders. They’ll be discussing the pressing issues in cybersecurity, including: digital privacy, data theft, cyber crimes, and an overview of recent state and federal legislation aimed at protecting you as business owners, as well as your employees and your clients.”
One of the event’s keynote speakers was Timothy Ryan, managing director at Kroll Cyber Security and Investigations, who had a distinguished career as a supervisory agent with the FBI, where he oversaw the largest cyber squad in the United States.
He told the audience, “For the trends, we are going to talk about file-less malware. … Basically, all the tools that you have been sold, and you have purchased, are going to be fairly ineffective in preventing these kinds of attacks from taking place.”
Ryan detailed how PowerShell – an operating system component – can be used by attackers. He said, “PowerShell is being used to create malware on-the-fly. The conventional way of doing forensics is you would get a hard drive, you would take an image of it, and then you would analyze it, saying, ‘OK. What are the weird files, here? What is the attacker tool on this hard drive?’ That’s not what’s happening, here. What we see is there are no pieces of malware on the hard drive. What we see is the malware actually existing as code in a certain part of the file system called registry. Registry is like a diary inside an operating system, and this code exists there just as code; it is not yet combined to create [malware].
“Think about it as a peanut-butter-and-jelly sandwich: You have two slices of bread, peanut butter, jelly – it is not a sandwich, yet; it is a bunch of ingredients. What PowerShell does is combine all of that. The problem is that most of the tools you have are looking for the sandwich. They are going to by-pass all the ingredients. These ingredients sit in the registry, and PowerShell (via a hacker) creates it on the fly.”
Ryan added, “The way you mitigate this attack is by mainly detecting the use of PowerShell in an illegitimate way, or disabling Powershell all together, [the latter] which is untenable. … PowerShell normally has limits on how it is used. What [a hacker] is doing is reducing or eliminating those limits on PowerShell. We ‘trigger’ on this. Your antivirus, almost every type of tool, is not going to trigger on this.”
Meanwhile, e-mail compromise is a massive problem for businesses: this is when e-mail passwords and usernames are stolen. Ryan said, “I tell you, this is the bane of existence for many, many companies.”
Spoofing and phishing e-mail messages, asking people for their passwords, are used by hackers.
Ryan explained, “In some cases, what we see the attacker doing is – as he is reading people’s e-mails – he is waiting for that time where he has the ability to send [bank] wire instructions. ‘Hey, Joe, don’t send the money to A, send it to B.’ That’s how we frequently see this play out. That is more of a targeted attack. We also see the shotgun approach, where they just send out a ton of these messages, out, into the environment, and they pretend to be somebody’s CEO.”
Ryan detailed the myriad ways companies must work to combat e-mail compromise, and these will be featured in an upcoming edition of NEW JERSEY BUSINESS magazine, including – but not limited to – how to use so-called “out-of-band” communications, for added security.
Among a host of other cyber concerns, ransomware was fully discussed at today’s Cybersecurity Summit. In these cases, a hacker enters a business’ computer network and encrypts data; users must then pay a “ransom” via Bitcoin to recover their information.
An upcoming issue of NEW JERSEY BUSINESS magazine will explore ransomware in more detail, and also provide complete coverage of today’s event.
Of note, 11 additional event speakers offered advice from the various perspectives of their wide-ranging expertise.Related Articles: