Chattinn Cyber
How Ransomware gangs lead Cyber Attacks : Understanding Cybersecurity with Thomas Brittain
In this episode of CHATTINN CYBER, Marc Schein interviews Thomas Brittain. He is the Associate Managing Director with the Cyber Risk practice of Kroll, a division of Duff & Phelps, based in St. Louis. He has over 14 years of information security experience advising organizations on secure configurations, risk reduction, incident response, and tackling tough security challenges. Thomas' expertise ranges from incident response and security assessments to building and leading security programs. He is a Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), and a GIAC Certified Incident Handler.
Thomas shares his story of going from a military professional to chairing the Associate Managing Director role in one of the most prestigious IR firms in New York City. The foundation and training in the military certainly influenced Thomas' drive. In the military, you don't have an option to fail. You are to find a path forward, no matter what. Thomas shares carrying this perspective in his career and life.
To those looking forward to joining cybersecurity, Thomas gives away a few tips -
● Get a home lab setup - If you want to get into cybersecurity, you will have to experiment with different apps and software.
● Learn - Several sites give free education about these topics. INE and TryHackMe are examples. It would be best if you learned the basics first. There are YouTube videos you can learn from, which include videos of Professor Messer.
● Make sure you really want to work in this field. You'll need to challenge yourself, think outside the box sometimes, and be ready to adapt to changes.Thomas then shares his views on an executive order passed by President Joe Biden on implementing new policies to improve national cybersecurity. The biggest concern in the order remains to be funding.
We also learn about ransomware gangs, where they're generally located, how they're funded, and what their ransom demands are most often. Most of these gangs are located in the eastern European region and are funded by the ransom payments they have received. In 2020, their ransom demands went up to 60 million dollars even. Ransomware gangs today have started becoming more strategic.
Thomas also talks about the possible recruitment strategies for ransom gangs. He elaborates on the ransomware gang REvil, the one behind the Kaseya attack of 2021, and their attacking strategy. One of the most extensive techniques or tactics with this threat actor group is exploiting internet-connected vulnerable systems and managed security provider platforms like RMM tools (similar to Kaseya). Thomas further details the Kaseya attack, explaining why 1500 globally were put at risk - all simultaneously.
Towards the close of the conversation, Thomas explains the process of procurement of cryptocurrency by organizations - you have first to establish an account and then transfer funds to the wallet. After that, you procure your cryptocurrency, like Bitcoin.
Thomas has led an extensive discussion on ransomware gangs, cyber-attacks, and bitcoins today. There's a lot you would take away from this episode!
Quotes:
“I think in this career field of cyber security, everybody has to be the CEO of their own career. Nobody's going to give it to you on a silver platter.”
“This is not just a career field in which you're going to come in, you're going to get a great salary, and you're going to do the job. If you don't thoroughly enjoy it, if you don't have the ability to think outside the box and really try to take on new challenges, this may not be the right career field for you.”
“Learn the basics first; how does a computer work? How does networking work?