In this episode of The Gate 15 Interview, Andy Jabbour talks with Jeremy Kennelly, a manager and principal analyst on FireEye’s Mandiant Intelligence team focused on the analysis of financially-motivated cyber threat activity. In the discussion we address:
- The history of ransomware;
- Ransomware’s evolution from WannaCry to present;
- The current threat environment and best practices;
- Where ransomware could be going into the future and the idea of blended threats.
Jeremy Kennelly. Jeremy is a manager and principal analyst on FireEye’s Mandiant Intelligence team focused on the analysis of financially-motivated cyber threat activity. Prior to his time at FireEye Jeremy worked as a security architect, incident responder, and in a number of other operational security roles at a multiple major multinational corporations. Find Jeremy on Twitter: @thinkpoison.
In the discussion Jeremy and Andy discussed some ransomware security best practices. Jeremy shared some technical ideas and listeners are encouraged to review the Cybersecurity and Infrastructure Security Agency’s Ransomware Resources, including CISA’s Ransomware page. Some of the best practices listed there include:
- Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
Additionally, see the Ransomware Security Publication, technical guidance on How to Protect Your Networks from Ransomware, and CISA’s Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak for more information.
After the recording, Jeremy and Andy discussed some additional ideas on the challenges around cryptocurrency and some actions that may be needed to help frustrate ransomware attacks. That might have to be the topic of a future discussion!
“Part of the reason lies in ransomware actors becoming more sophisticated. Whereas previously they would use an opportunistic or shotgun approach that involved sending myriad lures to non-specific targets, today we are seeing them perform lengthy reconnaissance.” – FireEye, Ransomware Recon — Before the Breach, 17 Sep 2020.
See below for more links to references mentioned in this podcast.
This Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues. Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Anchor, Apple, Spotify, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:
- The Risk Roundtable, is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
- The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
- The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
Additional references mentioned in the podcast include:
- Emsisoft’s Ransomware statistics for 2020: Q2 report
- Rapid7’s 2020: Q2 Threat Report
- Bitdefender: The rise and fall (and rise again) of ransomware
- Gate 15 on Blended Threats, “a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.” And see more from our blog and these recent posts:
About FireEye. FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 9,300 customers across 103 countries, including more than 50 percent of the Forbes Global 2000. A couple recent FireEye ransomware posts:
- Ransomware and Observations from Recent IR Investigations, 18 Sep 2020.
- Ransomware Recon — Before the Breach, 17 Sep 2020.
- A recent Press Release: “Texas Teams Up with FireEye to Tackle Ransomware; FireEye and Mandiant to support the State of Texas in it’s efforts to combat evolving cyber threats.”