onShore Security

Because Security Gives Us Freedom.

Greater Security Enforcement is Leading to New SEC Fines

By

SEC Seal

Greater Security Enforcement is Leading to New SEC Fines –
What You Need to Know Now…
– Stel Valavanis, CEO of onShore Security

 

Notable Ransomware Attacks are Prompting Increased Accountability

Announcements this past summer have made it clear that the US Government, and particularly the executive branch, is taking ransomware seriously. This move is unsurprising, as attacks such as SolarWinds and the Colonial Pipeline attack demonstrated the risk that hackers pose to our national security and infrastructure. Supply chain attacks proved that high profile targets mean high levels of risk and greater amounts of collateral damage upon attack. Executive orders issued by President Biden and announcements by the SEC should be inspiring corporate cybersecurity stakeholders to make real changes and additions to their security operation, especially as the SEC is expected to make important proposals in Q4, creating legal precedent for disclosure issues that are already proving to be a legal vulnerability to companies and their leaders. 

Disclosure Rules

The disclosure issues that companies are currently having are, most notably, ill-advised intentional non-disclosure. In August of 2021, the SEC announced 8 brokerage firms and business entities that would be subject to large fines for failure to disclose breaches. Specifically, the SEC found that the firms violated “ Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which is designed to protect confidential customer information.” Two of the firms were also found to be in violation of Rule 206(4)-7, a rule relating to notifying clients about a breach. Essentially, they were fined for doing what many companies have gotten away with in the past: failing to stop a breach and then trying to hide that fact from their clients (and investors). The firms were censured, ordered to pay fines, and warned to cease and desist from future violations. These enforcement measures will likely be only the opening salvo of enforcement action by the SEC and other new precedents will be set as violations are announced and prosecuted.

Corporate Leaders Being Held Responsible

Not only does this new enforcement put companies and their ability to do business at risk (of being noncompliant and facing enforcement), but also puts at personal risk the cybersecurity leaders responsible for making security decisions at the highest level. In the case I’ve referred to, fines are being levied specifically for failure to follow the companies’ own cybersecurity policies surrounding multi-factor authentication. Public record and information for investors included this policy, requiring MFA whenever possible, but it was found that MFA was not in place before or after the undisclosed breaches. As the information regarding cybersecurity policies in place at the firms are part of the information investors use to make their choices regarding the company, it frames the coverup and further inaction as either negligent or intentional fraud. 

CISOs Beware

As a company faces actual enforcement, it will be in its interest to prove that the company itself is not at fault and to use its CISO as a scapegoat, whether or not they actually were negligent in the operation. CIOs and CISOs will have to protect themselves from their own organizations as well as from potential civil cases to be brought against them personally. 

It will become clearer in Q4 and the future what the SEC will do to enforce transparency for public companies and accountability for the leaders of those companies. A distinction will be made between security that actually protects information and customers and security operations that merely give the impression of effort.

Hoodies Vs. Suits – MSP 1337 Podcast

By

onShore Security CEO Stel Valavanis was a recent guest on the MSP 1337 Podcast, hosted by Chris Johnson. 

“A few weeks back, I attended Blue Team Con in Chicago. Based on one of the sessions that discussed the culture challenges and shortages of qualified candidates, I asked the founders of Blue Team Con to join me to discuss the challenges of finding talent and what to look for. Why are hacker (hoodies) conferences always filled by young people? Why are other events that focus more on the blue team security defense side attended by those in business attire (suits) and seem to be an older age group? Thanks to Frank McGovern and Stel Valavanis, founders of Blue Team Con, for a great conversation.”

 

Listen to the full podcast below.

The Ransomware Economy is in the Spotlight and Hackers are Feeling the Heat

By

The Ransomware Economy is in the Spotlight and Hackers are Feeling the Heat
– Stel Valavanis, CEO of onShore Security

Ransomware is hot. In 2020, it grew by 336%, with more than 370 million dollars in cryptocurrency paid to hackers and the “vendors” that support them. Ransomware is driving the cybercrime economy and helping it to grow, but it might also be its biggest problem.

From Solitary Attackers to Enterprise Operations

Ransomware has historically had the benefit of a reputation as a cottage industry, with the image of an attacker still being that of a lone black hat in a dark basement, but in reality, cybercriminals have the capability of  large, legal businesses, with access to a whole ecosystem of supporting vendors, franchise opportunity, and services specialized to allow what is being referred to as “ransomware as a service”. This empowers the criminals to target bigger organizations for bigger payouts and, while individuals may feel safer these days, it is actually even more likely to be hit by ransomware, and more likely to be affected when others get hit. The collateral damage, such as gas shortages, increases with the size (and importance) of the targets.

As ransomware gangs set their sights higher, attacking large organizations instead of individuals, their targets have begun to include assets that are under government protection and oversight. Government agencies have a vested interest in investigating and prosecuting such attacks. Ransomware is hot but, in fact, may be too hot. 

Enormous Capacity to Wreck Havoc and Gain Unwanted Attention

The recent attack on the Colonial Pipeline by the group known as DarkSide, for example, had a major impact on US infrastructure, specifically our energy and oil supply, and opened many eyes to the real danger that ransomware attacks pose. The scale of the attack made it reasonable to categorize the attack as terrorist activity and attract the additional scrutiny and interest that the terrorism label carries. Criminal hackers, who assumed the safety of obscurity, feared the level of attention and response an attack such as this might bring on the entire cybercrime ecosystem. This event itself precipitated calls for “moderation” amongst cyberattacks and a quick ban on discussion of ransomware on the forums where cybercriminals meet, discuss tactics and targets, and trade illegal tools and stolen information, in an attempt to avoid the attention that ransomware attacks have started to garner.

Because suppliers represent exposure, many criminal gangs are moving to end their outsourcing and do everything privately, “in-house”. The current “affiliate” model, by which criminals franchise their operation, offering their tools for a cut of the profit, may soon go away as it poses too much risk as legal and governmental agencies develop their understanding of the ecosystem and adopt more direct tactics to shut the many different parts of the ransomware machine down.

Evolving Ever More Dangerously Underground

Cybercriminals survive by being willing to adapt and it’s policy they’re responding to. The ransomware industry has grown quickly because it has had the room to do so, making moves that would typically be too risky for a criminal enterprise. Ransomware has become big business, with many of the same organizational risks that legitimate businesses face as they grow their operation. As ransomware operations change, we must not presume their death. Even DarkSide survived their moment in the spotlight, turning to a classic public relations maneuver for a company faced with scandal: they rebranded. The new “brand”, Black Matter, is following the new rules of engagement that President Biden tried to set at recent meetings with Russian leader Vladimir Putin. Black Matter is reported to be avoiding targets that are part of the U.S. infrastructure, and so it seems some of Biden’s cyberdiplomacy is working. 

A scarier shift is that some of these entities are testing out new technology as they change their focus. While criminal hacking gangs have historically been relatively unsophisticated in their technique, using lightweight, off-the-shelf (literally purchased) programs, the Hafnium attack and others display a potential for much greater attack capability, elevating the threat of many of these groups beyond petty cybercrime to cyberwarfare and cyberterrorism.

Putting Pressure on Nation State Support

Up to now, the majority of criminal hackers attacking the United States have done so from the safety of our adversaries, within Russia, China, and other countries, often unobscured, sometimes working in official capacities as government agents or members of the military, other times with less explicit support. The operations of these cybercriminal cells is covered up enough to offer their host country plausible deniability for anything that comes of out of the shop, and the hackers have historically been left alone or even protected by their home government, as long as they follow two simple rules: Don’t attack at home (often leaving the US as the main target) and don’t make too much noise. 

As the US starts to do some of the more basic footwork to stop ransomware (as seen in the effort to recover the ransom from the Colonial Pipeline attack), there will either have to be a greater effort on host countries to police the cybercrime in their jurisdiction, or they will have to do a better job of covering up their connections to the criminals. The cybercriminal world leaves much of their work visible to the public, relying on the lack of scrutiny to operate in the open. As the US government turns its sights on cybercrime, the preparation and effort put into tracking threats, stopping attacks, and improving our security posture puts pressure on cybercriminal gangs, and the state actors behind them, to stop attacks on the US government and people. We shall see if what doesn’t kill them makes them stronger.

Photo credit: KELA

Cybersecurity Solutions Still Alienate the SMB

By

MSP1337 Podcast – Cybersecurity Solutions Still Alienate the SMB

onShore Security CEO Stel Valavanis was a recent guest on the MSP1337 Podcast, hosted by Chris Johnson. To watch the interview, or listen to the audio podcast, please use the embedded players below.

MSP1337In this week’s episode, I sit down with Stel Valavanis of onShore Security to discuss Cybersecurity tools and solutions from the perspective of a Managed Service Provider. Stel brings a lot of insight as his company has been an MSP who focused on the SMB and now is a Managed Security Service Provider, focused on the Mid-market and enterprise. We take a look at the challenges and potential opportunities in the SMB space, we find that there is still hope, as it is not all doom and gloom.

While we don’t have all the answers to bring the SMB into the fold we do find some areas that an MSP can put some energy into and see results.

312-850-5200

216 W. Jackson Blvd.
Chicago, IL 60606

info@onShore.com