{"id":41842,"date":"2020-10-01T13:36:58","date_gmt":"2020-10-01T20:36:58","guid":{"rendered":"https:\/\/www.enxmag.com\/twii\/?p=41842"},"modified":"2020-10-01T13:37:00","modified_gmt":"2020-10-01T20:37:00","slug":"future-of-security-dealers-wary-as-bad-actors-evolve-infiltration-tactics","status":"publish","type":"post","link":"https:\/\/www.enxmag.com\/twii\/feature-articles\/2020\/10\/future-of-security-dealers-wary-as-bad-actors-evolve-infiltration-tactics\/","title":{"rendered":"Future of Security: Dealers Wary as Bad Actors Evolve Infiltration Tactics"},"content":{"rendered":"\n
\"\"<\/figure><\/div>\n\n\n\n

There may be no honor among thieves. And for those who deign\nto make it a career occupation, so to speak, changing the \u201crules\u201d of the game\nis vital in order to remain two steps ahead of the white hat crowd hot on their\ntrail.<\/p>\n\n\n\n

Certainly, netting big fish raises the visibility and the \u2018net cred of hackers, as evidenced by this summer\u2019s coordinated social engineering attack, a Twitter bitcoin scam that hacked the accounts of no less than Barack Obama and Elon Musk, among others. The ability to infiltrate such a high-end platform indicates that no system is 100% safe.<\/p>\n\n\n\n

We\u2019ll stray a bit into the new month with some final thoughts as to the X-factors that could bear watching in the future. Our State of the Industry report may end here, but for providers of security solutions, the story will be continued.<\/p>\n\n\n\n

Extortion Game<\/strong><\/p>\n\n\n\n

\"\"
Mike Burgard, Marco<\/figcaption><\/figure><\/div>\n\n\n\n

Mike Burgard, CISO for St. Cloud, Minnesota-based Marco,\nnotes that 2020 saw the evolution of another older attack vector. Ransomware is\nevolving to the point where it doesn\u2019t matter if an organization has an\neffective backup and restoration technology in place. The extortion then\nbecomes revealing to clients, partners and other interested parties that a\ncompany\u2019s system has been infiltrated and compromised.<\/p>\n\n\n\n

\u201cIt really forces you to pay the ransom,\u201d Burgard said. \u201cIf\nyou don\u2019t pay, the hackers will take the data and it will be known that you had\na breach. Or they\u2019ll take your financial statements as part of it, and they\u2019ll\nknow if you can afford to pay the ransom. They\u2019ll see the bank statement and\nadjust the ransom accordingly. Nobody wants to be in that spot.\u201d<\/p>\n\n\n\n

\"\"
Patrick Layton, Impact Networking<\/figcaption><\/figure><\/div>\n\n\n\n

From an MSP standpoint, the ongoing evolution translates\ninto continued opportunities as threats become more sophisticated. Patrick Layton,\nvice president of managed IT for Impact Networking of Lake Forest, Illinois,\nbelieves solving the root cause is impossible when the machinations of the\nprocess to recover from an attack are geared toward restoration at any cost.<\/p>\n\n\n\n

\u201cWhen the ransomware can attack a network, the insurance\ncompany\u2019s first thought is to get the employees up and running as fast as\npossible,\u201d Layton notes. \u201cThat\u2019s the fastest way to pay the least amount of\nmoney as an insurance claim, so their first impulse is to pay the ransom. That\nfuels the criminals to create stronger, more ridiculous tools, and they know\nthat they\u2019re going to get paid.\u201d<\/p>\n\n\n\n

Without solving that root problem, Layton adds, the \u201ccat and\nmouse game\u201d continues without an end in sight. When a slot machine continues to\npay, the gamer won\u2019t be leaving anytime soon.<\/p>\n\n\n\n

\u201cCrime pays, unfortunately,\u201d he said. \u201cThe good guys, like the white hat hackers we employ, if they didn\u2019t have morals and didn\u2019t want to work for a living, they could probably make a lot more money being a criminal. To me, that\u2019s the root of the problem.\u201d<\/p>\n\n\n\n

Evolved Hackers<\/strong><\/p>\n\n\n\n

\"\"
Jeff Leder, Impact Networking<\/figcaption><\/figure><\/div>\n\n\n\n

The hacker world is certainly emboldened and is more sophisticated and organized, contrary to the popular image of hoodie-wearing social outcasts operating within the dark confines of their parents\u2019 basements. The scourge has reached such proportions that governments are making efforts to help private organizations boost their security defenses, according to Jeff Leder, director of managed IT security services for Impact.<\/p>\n\n\n\n

\u201cIt seems like a never-ending and uphill battle, to the\npoint that cybercriminals\u2014these ransomware groups out there\u2014they have HR\ndepartments and helpdesks,\u201d he said. <\/p>\n","protected":false},"excerpt":{"rendered":"

There may be no honor among thieves. And for those who deign to make it a career occupation, so to speak, changing the \u201crules\u201d of the game is vital in order to remain two steps ahead of the white hat crowd hot on their trail. Certainly, netting big fish raises the visibility and the \u2018net cred of hackers, as evidenced by this summer\u2019s coordinated social engineering attack, a Twitter bitcoin scam that hacked the accounts of no less than Barack Obama and Elon Musk, among others. The ability to infiltrate such a high-end platform indicates that no system is 100% safe. We\u2019ll stray a bit into the new month with some final thoughts as to the X-factors that could bear watching in the future. Our State of the Industry report may end here, but for providers of security solutions, the story will be continued. Extortion Game Mike Burgard, CISO for St. Cloud, Minnesota-based Marco, notes that 2020 saw the evolution of another older attack vector. Ransomware is evolving to the point where it doesn\u2019t matter if an organization has an effective backup and restoration technology in place. The extortion then becomes revealing to clients, partners and other interested parties that a company\u2019s system has been infiltrated and compromised. \u201cIt really forces you to pay the ransom,\u201d Burgard said. \u201cIf you don\u2019t pay, the hackers will take the data and it will be known that you had a breach. Or they\u2019ll take your financial statements as part of it, and they\u2019ll know if you can afford to pay the ransom. They\u2019ll see the bank statement and adjust the ransom accordingly. Nobody wants to be in that spot.\u201d From an MSP standpoint, the ongoing evolution translates into continued opportunities as threats become more sophisticated. Patrick Layton, vice president of managed IT for Impact Networking of Lake Forest, Illinois, believes solving the root cause is impossible when the machinations of the process to recover from an attack are geared toward restoration at any cost. \u201cWhen the ransomware can attack a network, the insurance company\u2019s first thought is to get the employees up and running as fast as possible,\u201d Layton notes. \u201cThat\u2019s the fastest way to pay the least amount of money as an insurance claim, so their first impulse is to pay the ransom. That fuels the criminals to create stronger, more ridiculous tools, and they know that they\u2019re going to get paid.\u201d Without solving that root problem, Layton adds, the \u201ccat and mouse game\u201d continues without an end in sight. When a slot machine continues to pay, the gamer won\u2019t be leaving anytime soon. \u201cCrime pays, unfortunately,\u201d he said. \u201cThe good guys, like the white hat hackers we employ, if they didn\u2019t have morals and didn\u2019t want to work for a living, they could probably make a lot more money being a criminal. To me, that\u2019s the root of the problem.\u201d Evolved Hackers The hacker world is certainly emboldened and is more sophisticated and organized, contrary to the popular image of hoodie-wearing social outcasts operating within the dark confines of their parents\u2019 basements. The scourge has reached such proportions that governments are making efforts to help private organizations boost their security defenses, according to Jeff Leder, director of managed IT security services for Impact. \u201cIt seems like a never-ending and uphill battle, to the point that cybercriminals\u2014these ransomware groups out there\u2014they have HR departments and helpdesks,\u201d he said.<\/p>\n","protected":false},"author":166,"featured_media":41843,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1650,82,87,88,1638],"tags":[764,545],"_links":{"self":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/41842"}],"collection":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/comments?post=41842"}],"version-history":[{"count":1,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/41842\/revisions"}],"predecessor-version":[{"id":41844,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/posts\/41842\/revisions\/41844"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media\/41843"}],"wp:attachment":[{"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/media?parent=41842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/categories?post=41842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enxmag.com\/twii\/wp-json\/wp\/v2\/tags?post=41842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}