Ondrej Krehel, CEO & Founder of LIFARS is recognized world-wide for his Digital Forensic expertise and Ethical Hacking. He actively participates in many high-profile engagements around the world whereby his proprietary methodology is leveraged to achieve the most rapid root-cause analysis and remediation. This Interview With Ondrej Krehel is the fourth and last part in this series. If you missed previous parts, you can read Part 1, Part 2, and Part 3 here.
Note: Originally published in NEXTECH magazine and republished with the kind permission of Mr. Martin Drobny.
NXT: What were the most interesting incidents you have dealt with?
Ondrej Krehel: LIFARS has been solving a tremendous amount of cases ranging from standard ransomware, through data theft and intrusions into financial institutions, to compromising of top world companies and state-sponsored espionage against companies in North America, Europe, and the Middle East.
We cannot mention most of our interesting cases because NDA restrictions apply to every case and the strictest are applied to the most interesting ones. We have been dealing with an attack consisting of several stages that occurred in one of the top financial institutions in the world. Firstly, attackers gained access to sensitive data and then they compromised a major part of the infrastructure so severely that the IT staff did not have control over the majority of machines all while not even realizing it. After the attackers gained all the interesting data, they tried to sweep their traces under the carpet by running a ransomware.
Another case was exciting because of different reasons. The attackers targeted a worldwide organization and tried to get some interesting data while the other group of attackers (using the same operational network, thus the same compromised servers) tried to blackmail the company using ransomware. It is fascinating how espionage is intertwined with criminal networks in some cases.
NXT: Which significant institutions belong to the list of your customers?
Ondrej Krehel: We cannot point to specific organizations, but we have organizations from Fortune 500 among our clients. We also work for financial institutions, research and healthcare organizations, audit firms, etc.
NXT: What countries have the most skilled hackers and what factors influence it?
Ondrej Krehel: We have highly skilled ethical hackers in Slovakia. For instance, our analysts were members of the winning team of the Locked Shields exercise organized by NATO CCD COE in 2016. It was a sensational achievement that they managed to beat countries like Finland, Estonia, Netherlands, and even NATO team.
But in general, the most advanced blackhat hackers come from countries where these hackers are state sponsored. We cannot claim with certainty which hacker groups are supported by which states, but those are primarily such states that do not have a traditional democratic regime. One of the most widely recognized groups is APT28 known also as Fancy Bear, which is said to be sponsored by Russia and allegedly managed to influence the presidential election in the USA.
North Korea allegedly supports the Lazarus Group which is known for the Sony Pictures attack during which Sony lost a great amount of sensitive data that was disclosed afterward. The group also demanded that the long-prepared comedy movie about an assassination of Kim Jong-Un will not be released. The group undertakes financially motivated attacks that probably fund their sanctions-burdened country.
Another well-known group is Black Energy, allegedly sponsored by Russia. The group has on their conscience the blackout of the electricity network in Ukraine in December 2015. At that time, they targeted the SCADA system of an energy distributor and remotely turned the current off for more than 200 thousand people. China has several groups and directly deploys a cyber army. Every group is specific. The one thing they have in common is that they are all very well-funded and therefore can target significant objectives.
Currently, we are observing heavy volumes of Ryuk ransomware infections, mainly in the healtcare sector. You can say, that the number of infections have reached the state of a cyber pandemic. Also, attacks from the Evil Corp hacking group are also spiking.