Hoodies Vs. Suits – MSP 1337 Podcast

October 6, 2021 By Josh Eklow

onShore Security CEO Stel Valavanis was a recent guest on the MSP 1337 Podcast, hosted by Chris Johnson.

“A few weeks back, I attended Blue Team Con in Chicago. Based on one of the sessions that discussed the culture challenges and shortages of qualified candidates, I asked the founders of Blue Team Con to join me to discuss the challenges of finding talent and what to look for. Why are hacker (hoodies) conferences always filled by young people? Why are other events that focus more on the blue team security defense side attended by those in business attire (suits) and seem to be an older age group? Thanks to Frank McGovern and Stel Valavanis, founders of Blue Team Con, for a great conversation.”

Listen to the full podcast below.

The Ransomware Economy is in the Spotlight and Hackers are Feeling the Heat

September 30, 2021 By Josh Eklow

The Ransomware Economy is in the Spotlight and Hackers are Feeling the Heat
– Stel Valavanis, CEO of onShore Security

Ransomware is hot. In 2020, it grew by 336%, with more than 370 million dollars in cryptocurrency paid to hackers and the “vendors” that support them. Ransomware is driving the cybercrime economy and helping it to grow, but it might also be its biggest problem.

From Solitary Attackers to Enterprise Operations

Ransomware has historically had the benefit of a reputation as a cottage industry, with the image of an attacker still being that of a lone black hat in a dark basement, but in reality, cybercriminals have the capability of large, legal businesses, with access to a whole ecosystem of supporting vendors, franchise opportunity, and services specialized to allow what is being referred to as “ransomware as a service”. This empowers the criminals to target bigger organizations for bigger payouts and, while individuals may feel safer these days, it is actually even more likely to be hit by ransomware, and more likely to be affected when others get hit. The collateral damage, such as gas shortages, increases with the size (and importance) of the targets.

As ransomware gangs set their sights higher, attacking large organizations instead of individuals, their targets have begun to include assets that are under government protection and oversight. Government agencies have a vested interest in investigating and prosecuting such attacks. Ransomware is hot but, in fact, may be too hot.

Enormous Capacity to Wreck Havoc and Gain Unwanted Attention

The recent attack on the Colonial Pipeline by the group known as DarkSide, for example, had a major impact on US infrastructure, specifically our energy and oil supply, and opened many eyes to the real danger that ransomware attacks pose. The scale of the attack made it reasonable to categorize the attack as terrorist activity and attract the additional scrutiny and interest that the terrorism label carries. Criminal hackers, who assumed the safety of obscurity, feared the level of attention and response an attack such as this might bring on the entire cybercrime ecosystem. This event itself precipitated calls for “moderation” amongst cyberattacks and a quick ban on discussion of ransomware on the forums where cybercriminals meet, discuss tactics and targets, and trade illegal tools and stolen information, in an attempt to avoid the attention that ransomware attacks have started to garner.

Because suppliers represent exposure, many criminal gangs are moving to end their outsourcing and do everything privately, “in-house”. The current “affiliate” model, by which criminals franchise their operation, offering their tools for a cut of the profit, may soon go away as it poses too much risk as legal and governmental agencies develop their understanding of the ecosystem and adopt more direct tactics to shut the many different parts of the ransomware machine down.

Evolving Ever More Dangerously Underground

Cybercriminals survive by being willing to adapt and it’s policy they’re responding to. The ransomware industry has grown quickly because it has had the room to do so, making moves that would typically be too risky for a criminal enterprise. Ransomware has become big business, with many of the same organizational risks that legitimate businesses face as they grow their operation. As ransomware operations change, we must not presume their death. Even DarkSide survived their moment in the spotlight, turning to a classic public relations maneuver for a company faced with scandal: they rebranded. The new “brand”, Black Matter, is following the new rules of engagement that President Biden tried to set at recent meetings with Russian leader Vladimir Putin. Black Matter is reported to be avoiding targets that are part of the U.S. infrastructure, and so it seems some of Biden’s cyberdiplomacy is working.

A scarier shift is that some of these entities are testing out new technology as they change their focus. While criminal hacking gangs have historically been relatively unsophisticated in their technique, using lightweight, off-the-shelf (literally purchased) programs, the Hafnium attack and others display a potential for much greater attack capability, elevating the threat of many of these groups beyond petty cybercrime to cyberwarfare and cyberterrorism.

Putting Pressure on Nation State Support

Up to now, the majority of criminal hackers attacking the United States have done so from the safety of our adversaries, within Russia, China, and other countries, often unobscured, sometimes working in official capacities as government agents or members of the military, other times with less explicit support. The operations of these cybercriminal cells is covered up enough to offer their host country plausible deniability for anything that comes of out of the shop, and the hackers have historically been left alone or even protected by their home government, as long as they follow two simple rules: Don’t attack at home (often leaving the US as the main target) and don’t make too much noise.

As the US starts to do some of the more basic footwork to stop ransomware (as seen in the effort to recover the ransom from the Colonial Pipeline attack), there will either have to be a greater effort on host countries to police the cybercrime in their jurisdiction, or they will have to do a better job of covering up their connections to the criminals. The cybercriminal world leaves much of their work visible to the public, relying on the lack of scrutiny to operate in the open. As the US government turns its sights on cybercrime, the preparation and effort put into tracking threats, stopping attacks, and improving our security posture puts pressure on cybercriminal gangs, and the state actors behind them, to stop attacks on the US government and people. We shall see if what doesn’t kill them makes them stronger.

Photo credit: KELA

Threat Intelligence Pioneer Joins Cybersecurity Leader onShore Security

July 29, 2021 By Josh Eklow

Threat Intelligence Pioneer Joins Cybersecurity Leader onShore Security

Craig Brozefsky returns to onShore Security

PRESS RELEASE UPDATED: JUL 29, 2021 11:28 CDT

CHICAGO, July 29, 2021 (Newswire.com) – onShore Security, one of the nation’s top Managed Detection and Response (MDR) providers today proudly announced the addition of threat intelligence powerhouse Craig Brozefsky to its growing roster of top talent leading the way in today’s increasingly complex and high-stakes cybersecurity landscape. Brozefsky joins onShore Security’s team as Senior Engineer and brings experience from his previous work on THREATBrain, a malware behavioral analysis engine. This industry-leading work led Brozefsky to a position as Director of Engineering at ThreatGRID and the company’s subsequent acquisition by Cisco. At Cisco, Brozefsky was the principal engineer, working to integrate THREATGRID’s threat intelligence capabilities across the company’s portfolio. He then went on to build and lead the team that developed the Cisco Threat Intelligence Model as an intelligence and security platform for enterprises.

Brozefsky worked for onShore Security in the ’90s, and his return is part of a larger project for the company. Last month, onShore Security announced its expanding utilization of Elastic technology, which is being further integrated into the company’s operation. In his new role. Brozefsky will be aiding onShore in updating and refining its Elastic store and improving automation and event correlation.

Steven Kent, Chief Technology Officer of onShore Security notes, “We are excited to bring Craig back to onShore; his experience & acute awareness of the security landscape will help us continue to extend industry-leading security offerings for our clients and create an even stronger development environment for our security features. Craig shares our goals of ensuring the most secure data handling experience for our customers, and we are looking forward to growing together.”

Brozefsky explains his background and future with onShore saying, “I started my career in security at onShore; as one of the first internet security and networking service companies in the region, it was a pioneer then, and it continues to be today. My professional path took me into software engineering, and I’ve spent the last two decades building software and teams, with a focus on security products, such as ThreatGRID and Cisco SecureX and Cisco Threat Response. I’m excited to bring that experience back to onShore and pair it with the intense technical focus and personal responsibility that has been part of the company culture since the ’90s.”

He added, “It’s a cliche to say we are facing increasing cyber-security threats, and while true, we cannot deny that the field of security operations itself has grown extremely complex as the company network dissolves into multiple cloud services, small office networks, remote and traveling workers, and a constantly churning set of mobile and IoT devices. These are not problems that can be solved with a product, or a purchase, but have to be addressed by developing security operations teams and having a flexible, open SecOps architecture.”

onShore Security CEO Stel Valavanis looks forward to working with Craig again. “Craig was a key member of our ground-breaking and seminal software development team which laid the foundations for onShore Security’s Panoptic Cyberdefense® platform”, said Stel. “We grew up in a world where open source and open APIs were just emerging as the way forward just like open standards had in networking. Nowhere is this more relevant today than in cybersecurity. Systems and processes must be able to handle the immense fragmentation and the dynamic nature of the wide range of telemetry we deal with. We’re excited for Craig to re-join our development efforts and keep our company in the lead in the face of our industry’s ever-growing challenges.”

About onShore Security

Founded in 1991, onShore Security is a leading Managed Detection and Response (MDR) provider, one of only a handful of managed cybersecurity firms nationwide that performs 24/7 real-time monitoring, correlation, and analysis of organization-wide network data. The core of this defense is onShore’s team of expert analysts equipped with innovative proprietary security tools and processes. Leading organizations in heavily regulated and compliance-driven sectors ranging across Banking/Financial Services, Construction, Education, Government Services, and Healthcare depend on onShore Security to keep their assets safe, and to maintain a security posture ahead of the marketplace and cyber criminals.

onShore Security Expands Innovative Use of Elastic Stack in Developing Next-Generation Cybersecurity Offerings

June 15, 2021 By Josh Eklow

PRESS RELEASE UPDATED: JUN 9, 2021

CHICAGO, June 9, 2021 (Newswire.com) – In an industry-leading advancement, onShore Security, one of the nation’s top Managed Detection and Response (MDR) providers, is leveraging its long-standing partnership with Elastic, creators of Elasticsearch and its related suite of solutions in the Elastic Stack, to create a next-level cybersecurity service. The move positions onShore Security’s customers across Banking and Financial Services, Construction, Education, and Healthcare ahead of the competition in terms of threat detection and protection.

“With the new Elastic functionality, we have greatly enhanced our ability to perform threat modeling across client telemetry while maintaining full client data segmentation and role-based controls,” said Steven Kent, CTO onShore Security. “We also gain access to additional machine learning algorithms which improves our ability to baseline security alert and event data such that more of the data becomes a useful signal. At the end of the day, this greater holistic view of network behavior is about earlier detection and greater demonstration of compliance and performance.”

In addition to today’s announced heightened security offerings, onShore Security’s analysts also utilize Elastic’s tools, including Elasticsearch and Kibana, as part of the company’s ongoing best-in-business Managed Detection and Response. The company’s proprietary platform Panoptic Cyberdefense®, built on Elastic technology, performs threat hunting, endpoint security, SIEM, monitoring, and other additional complex functions.

“Never has it been more critical for organizations to move beyond the status quo in terms of security posture,” said Stel Valavanis, CEO and founder of onShore Security. “The dangers posed by state-sponsored cybercriminals are quickly outpacing the capabilities merely off-the-shelf and stagnant strategies provide. onShore Security’s commitment to innovation incorporating the highest, most proprietary level of Elastic technology empowers our team with the latest tools and functions necessary to keep today’s increasingly sophisticated rogue forces at bay.”

About onShore Security

Founded in 1991, onShore Security is a leading Managed Detection and Response (MDR) provider, one of only a handful of managed cybersecurity firms nationwide that performs 24/7 real-time monitoring, correlation, and analysis of organization-wide, full telemetry network data. The core of this defense is onShore’s U.S.-based live monitoring team of expert analysts equipped with the industry’s most innovative proprietary security tools and processes. Leading organizations in heavily regulated and compliance-driven sectors ranging across Banking and Financial Services, Construction, Education, Government Services, and Healthcare depend on onShore Security to keep their assets safe and to maintain a security posture that remains ahead of the marketplace and cyber criminals. Learn more at onShore.com.

Stel Valavanis on “Pipeline Panic: Hackers Takeover Colonial Pipeline”

May 12, 2021 By Josh Eklow

onShore Security CEO Stel Valavanis spoke with Fox 32’s Tia Ewing to discuss the ransomware attack on the Colonial Pipeline, the motivation behind the attack, and what we can and must do in in the future to protect our energy infrastructure.

See the full interview with Stel below.