Chattinn Cyber

Chattinn Cyber


Digital Forensics, Crypto Codes, and Ransomware Attacks: A conversation on cybersecurity with Ondrej Krehel

July 20, 2021

In this episode of CHATTINN CYBER, Marc Schein interviews Ondrej Krehel, He is a former lecturer at FBI Training Academy and Chief Information Security Officer of IDT911, the nation’s premier identity theft recovery and data breach management service. Ondrej is also the Founder and CEO of LIFARS LLC,  a digital forensics and cybersecurity intelligence firm. He authors articles, conducts training, and is a frequent speaker at industry events, such as FBI Academy, RSA, HTCIA, ECTF USSS, and QuBit Prague.

In this episode, Ondrej shares history, explaining how he went from a mathematical physics student to a cybersecurity expert. His career started in crypto, working with code, and eventually oversaw nuclear power plants and Industrial Control Systems.

We chat about  Eastern European Ransomware gangs and the trends noticed in their attack measure. Ondre discusses the  Kaseya attack of  in which the hackers used chain exploit - meaning, it was all in one code. Here's how it happened - The authentication bypass got them in the file upload and let them upload the files they needed. They got the right to deploy, did a command and code injection, and completely interacted with the system. Ondrej describes this to be a true military type of tactic on a system. The group that led this attack was formidable and had a clear understanding of the legal system in the U.S. 

Quotes:

“I actually exercise a lot and do a lot of specialized training. But I decided that cutting that social life for me, but moving to that career that was very unique, can only shape who I am today.”

“I think that's what the industrial control system people are saying, that look, the code is so primitive, that it's easy to do quality assurance. Once you start introducing complexity in integrations, we are not going to be able to control it.”

“These threat actors do diligence very well, they played a card of third party liability. They understand probably also insurance policy of that company not insist they read the policy, but they understand what the premium is, also what the limit of that is, and probably who owns it, and how likely they're going to get paid.”

“These trackers right now do understand the insurance market completely, they understand how the insurance operates. I was important to this game, they understand the third party liability. And they try companies with a third party liability.”

“What the issue is when it comes to the rebel group is that the rebel group first gets maybe some intelligence. All these exploits, all the tools that we do believe in and debat are somehow connected to intelligence agencies in Russia. And at that level, basically, they truly use a cyber military type of skill set against the commercial enterprises.”

“The challenging piece for that crypto is it has some cell stacks attached to it. There are some fees attached to it, how you're going to put that on your balance sheet at the end of the day. And also some legal aspects of dealing with the office of the asset controlling involve attorneys. ”

Time-Stamps:

[00:51] - Ondrej’s backstory and career in the crypto world

[04:26] - Ondrej shares his experience in the nuclear sector

[08:43] - The debate on whether to upgrade industrial technology or not

Connect with Ondrej:

LinkedIn  https://www.linkedin.com/in/ondrejkrehel/