Interview with Adam Meyers, VP, Intelligence at CrowdStrike
Adam Meyers is a recognized expert in the security and intelligence communities. With more than 15 years of experience in the security space, Adam has extensive experience building and leading intelligence practices in both the public and private sector. A sought-after thought-leader, Adam conducts speaking engagements and training classes around the world on the topics of threat intelligence, reverse engineering, and data breach investigations.
CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent.
Tell us a bit about yourself. What made you get into the business of cyber protection?
I started off playing games on PC when I was a kid. Back then, you had to really tweak the operating system to make the game run. I found that by the time I actually got the game running, I was more interested in what it took to get the game going than I was in playing it. That led to a lot of experimenting with how things worked and ultimately testing security controls. After college, I started working with the Defense Industrial Base conducting penetration testing, and ultimately reverse engineering malware.
Which industries see a higher tendency to be victims of e-crime? What are the factors that contribute to being a target?
eCrime in the last few years has moved from largely opportunistic untargeted schemes to focused and targeted operations.
There are multiple industries that tend to be targeted by eCriminals; in 2017 an uptick in retail and hospitality was observed. Point of Sales (POS) terminals in those businesses are an attractive target to criminals looking to steal credit card information. Data theft and extortion are also increasingly being used by criminal actors who steal information from victim organizations in order to threaten the public release of the information. In 2017, the Healthcare industry was heavily targeted but there were also notable cases such as Netflix, and HBO. Healthcare remains a frequent target for data extortion and ransomware; this is likely influenced by widespread media coverage surrounding payments from that vertical and the sensitivity and availability requirements of medical data.
Cryptojacking or mineware has been another prevalent criminal activity that has seen tremendous interest from attackers as cryptocurrencies have seen mostly positive volatility in 2017.
Are AI-companies more at risk? If so, how?
AI companies in particular tend to have access to lots of sensitive data, and many of them are in hyper growth mode in terms of talent acquisition and funding. This can lead to a lack of focus on security, as other issues are prioritized in the business and corporate culture.
Adversaries will take advantage of this, nation states – particularly China have made huge investments and focus on AI and have been known to conduct industrial espionage in the past, and criminal actors will target the money through BEC and potentially ransomware.
Another area of focus in the later part of 2017 was cryptocurrency mining where cloud infrastructure and some of the high powered computing associated with AI are attractive targets for adversaries focused on cryptomining.
Finally, AI has some sociological impact on people concerned about the use of their data in AI or even those concerned about AI building ‘skynet’ a la terminator, this could potentially be a driver for ideological based hacktivists to target AI companies with web defacement, data theft, or disruptive DDoS attacks.
How do enterprises protect themselves currently? How effective are these measures?
We are seeing a decisive shift away from legacy AV technologies that are ineffective in combating modern day threats. Instead, customers are looking for effective next-generation threat prevention, endpoint security and response capability to remediate threats before they turn into breaches, and augmenting their SOCs with proactive hunters.
Tell us about three of the latest trends in cyberthreats, and help us understand them.
Software supply chain attacks are becoming the latest vector for many adversaries. Recent events have demonstrated that the software supply chain is becoming an attractive way for nation-state threat actors to target organizations en-masse – take for example the CCleaner attack in September. Compromising the update channel of a popular software package can immediately give access to thousands of victims in one fell swoop.
CrowdStrike is also seeing a rise in destructive attacks being masked as ransomware. Notably NotPetya, BadRabbit, and XDATA are examples. These attacks were notable in that they primarily impacted Ukraine who is a continuous target of Russian adversaries given the tensions surround Crimea and Eastern Ukraine. These attacks look like ransomware. However in the case of NotPetya for example, the crypto keys were discarded meaning the attacker had no interest in decrypting impacted systems, which erodes their ability to make money.
Business Email Compromise (BEC) remains a critical issue for both the small and medium size businesses (SMB) as well as larger organizations. This is an email driven scam where the adversary spends a fair amount of time conducting reconnaissance against the target learning who the key players are, and what the organizational lexicon is before spoofing an email eliciting a wire transfer. This results in hundreds of millions of dollars of loss each year, and it’s on the rise.
How do traditional cybersecurity measures hold up against increasingly sophisticated e-Criminals?
Today’s stealthy attackers will be able to bypass traditional security technologies to get into corporate networks, and legacy antivirus solutions are no longer effective in proper protection of data and other critical information. Organizations that rely on legacy solutions ultimately will be the most vulnerable to adversaries, eCrime or otherwise.
If breached, IT networks that are unprotected can lead to massive data loss and other damaging issues such as bad PR, halting of operations, sales, etc.
Next-generation antivirus and other technologies, including behavioral analytics and machine learning are capable of detecting both known and unknown threats to pinpoint the attacker faster and eject the adversary quickly off your network.
How effective has law enforcement been at containing the threat of cyber attacks? 2017 saw a higher number of prosecutions for cybercrimes, but does that mean attacks will lull?
Over the past several years, law enforcement has developed new tools to enable the disruption of criminal operations. GameOverZeus and the Kelihos botnets are two achievements that the international law enforcement community has been able to point to as successful counter-criminal operations.
In the case of Kelihos, the operation resulted in the arrest of a criminal operator and the disruption of this botnet. In some cases disruption or cessation of one operation (for example the Angler exploit kit) resulted in other exploit kits attempting to step-up to fill in the void. In 2016, several exploit kits disappeared, perhaps due to some legal action, while CrowdStrike observed a resurgence in SPAM as a preferred distribution mechanism as these exploit kits disappeared.
What is the potential of the threat with the escalation of Malware-as-a-Service agents?
Malware-as-a-Service is a delivery mechanism used by actors in the eCrime ecosystem, who rent out their malware to other criminals who use it to conduct their schemes. This is commonly used for deploying other malware through SPAM or ‘loaders’.
How does Falcon OverWatch work to foresee and prevent cyberattacks?
Falcon OverWatch uses a combination of technology and human resources to proactively hunt for threats that might be lurking on your network. CrowdStrike has a team of real-world threat hunters who proactively scan your IT ecosystem for malicious activity to pinpoint the most urgent threats for faster remediation.
OverWatch also integrates next-generation technology including AI/machine learning to leverage both file-based and behavioral models and as such, completely protects customers from the various threats they face within their network. CrowdStrike’s behavioral-based machine learning prevention in the cloud offers complete and effective protection for all endpoints. With effectively trained algorithms and large amounts of rich, big data at scale, detection of threats occurs much faster than human cognition.
Thank you Adam! That was fun and hope to see you back on AiThority soon.