Twin Cities Business: Blocking Cybercriminals from Accessing Company Data

On October 4, 2021, NetSPI COO Charles Horton was featured in an article in Twin Cities Business:

In the digital age, a ransomware family can be as destructive as an old school Mafia family. In June, meat processor JBS paid an $11 million ransom to cybercriminals after its plants, including one in Worthington, were shut down by a cyberattack.

It followed a May episode in which Colonial Pipeline Co. paid a $4.4 million ransom to hackers so it could resume the flow of fuel on the East Coast.

“Ransomware is evolving and it’s becoming more sophisticated,” said Charles Horton, COO of NetSPI. “You don’t have just singular threat actors looking for weaknesses.”

Minneapolis-based NetSPI started marketing a new cybersecurity service in June just as businesses large and small were rattled by the scale and brazen nature of those attacks.

October has been Cybersecurity Awareness Month since it was launched in 2004 by the U.S. Department of Homeland Security and the National Cyber Security Alliance. In recent years, cyberattacks have been elevated as a top concern of business executives, because of the damage being done by cyberthieves and the need to constantly identify and combat new threats.

President Joe Biden issued a statement on Friday addressing the topic. “I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security,” Biden said.

Often a web of people works together to attack a business, a nonprofit, or a public agency. First come the malware creators, Horton said. Then other bad actors “go out and find the vulnerabilities, which could be different than the groups that actually execute the ransomware.” He noted these players are “chained together” in an operating model.

Horton said some businesses have a false sense of security about what level of protection their current cybersecurity systems provide.

‘Ransomware attack simulation’

“The gap that we found is with event monitoring tools,” he said. “They only identify a very low percentage of the most common attacks.” NetSPI now offers a “ransomware attack simulation” service.

NetSPI’s product mimics the “tactics, techniques and procedures” used by ransomware attackers, so more threats can be detected, Horton said. “When they do [find them], alerts just start firing off and a customer or a business can execute their response plan.”

“Breach and attack simulation” is a new market segment in cybersecurity, in which companies can test their ability to block ransomware attacks, according to a 2021 report from global advisory firm Gartner.

NetSPI sells its new technology-enabled service directly to customers. NetSPI provides cybersecurity offerings to nine of the 10 top banks in the United States, Horton said. What it will charge for the simulation service depends on the depth and breadth of the attack simulation assessment.

“We are up to more than 200 different attack plays that we can run on a daily basis in a business environment,” Horton said, which are designed to prevent attackers from installing malware, accessing data, and then demanding a hefty ransom.

Read the rest of the Twin Cities Business article here:

NetSPI's Karl Fosaaen discovered and disclosed a critical misconfiguration in Microsoft Azure.
Learn more about CVE-2021-42306: CredManifest, its impact, and remediation.