PacketWatch keeps an eye on some of the world’s largest firms
By Christina Fuoco-Karasinski
Cybersecurity expert and former FBI agent Michael McAndrews has three loves in his life—malware, motorcycles and music.
Malware is key to PacketWatch, a 3-year-old Scottsdale-based company for which he serves as vice president, network security services.
PacketWatch is the name of the business and the proprietary network monitoring, analysis and investigation platform designed to help cybersecurity threat hunters quickly and efficiently accomplish their daily tasks. He calls PacketWatch one of the “coolest tools out there.”
“Our company provides cybersecurity for corporations and individuals,” he says. “We meet our customers in a couple ways. Obviously, we love referrals. That’s great.
“Sometimes we perform what’s called ‘managed detection response,’ which is, essentially, watching your network for you, making sure nothing bad gets in. If something does happen, we identify it very quickly and reduce ‘dwell time’—how long the bad folks are in there—and then we keep your network safe.”
The COVID-19 pandemic has caused an uptick in incident responses, McAndrews says. The opportunities are greater for hackers to access remote gateways to networks because folks are rushing to set up workstations at home.
“They’ve expedited getting laptops and things into people’s hands,” he says. “Companies are creating more remote access accounts—and they don’t always put security first.
“Now there are more opportunities for these folks who have been out there scanning for these things to find them. We’re seeing a lot more breaches.”
Many times, affected companies become long-term, managed detection clients.
Use complex passwords
McAndrews has been in the field for 25 years and has spoken at many events.
“Sometimes in my talks, I tell people I have found that a large percentage of the population in America has at least three passwords,” he says.
“You have one password that you think is just for small sites that you don’t care about, you have one that you think is a little bit more secure, and you have one you might use for your banking. Most people seem to fall into that category.”
For example, if the “medium” password is on a website that is breached, the hackers will download the database of usernames and passwords. They then put it into a password spray.
“They can blast your email address with that password across the top 1 million websites in a matter of minutes,” he says.
“So, just imagine that if I get that one password you’ve used on a few dozen sites and I blast it to the top 1 million sites in the world, how many am I going to get into? What if I do get into that website? Am I going to have your credit card information, your home address, your shipping information, etc.?”
McAndrews doesn’t use the same password twice, and he suggests others do the same. Password managers like LastPass come in handy for this.
“I couldn’t even tell you my passwords because my password manager changes them,” McAndrews says. “They’re very complex and they’re long. If I need to do a password reset because I don’t have my password manager, I can still do that. But for right now, my passwords are secure.”
On the commercial side, McAndrews recommends using multifactor authentication, an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.
“When you sign in, they send you a text or they need to type in a code that protects it,” McAndrews says. “Even if your company’s passwords or emails fall into the wrong hands, if they don’t have the second factor, if they don’t have the text message or the code, they can’t get in, right?”
Patch management is important as well. McAndrews and his colleagues are seeing an increase in unauthorized access coming through network devices.
Virtual private network gateways and firewalls are vulnerable. If companies haven’t fixed that vulnerability, hackers exploit them. Once hackers sneak into a company network, they start looking around. That’s when McAndrews and his clients see an increase in ransomware.
One of McAndrews’ intelligence analysts said in Q3 2019, the average ransom was $42,000. The same time in 2020, it’s over $233,000.
“On average, some companies estimate the actual cost is over a million for the average ransomware incident,” he says.
“As for the ransoms, they are reaching almost a quarter million dollars on average and companies are being asked to pay to get their data back.”
McAndrews says ransomware is a huge moneymaker for organized crime based in Eastern Bloc countries. Recently, he adds, U.S. Department of the Treasury officials said those who make payments to sanctioned groups can face sanctions.
He suggests establishing segregated backup routines so they’re not in the same domain. Many ransomware groups immediately look for backups and delete them, which adds more pressure to pay the ransom.
Hackers also threaten to publish data on the dark web and, eventually, the internet.
“I have numerous clients right now where I found their information on the dark web,” he says. “Unfortunately, it’s already out there. So, they’re having to deal with that as we move forward and clean up the network to keep them out.”
McAndrews has always been interested in cybercrimes and knew, one day, he’d work for the FBI. After working in sales, McAndrews became an agent and taught at the FBI Training Academy at Quantico and the International Law Enforcement Academy in Budapest.
As an agent, he worked in cyber matters and was on a special team called the Cyber Action Team that was deployed for the highest-profile intrusions.
He also fought crimes against children, which he calls some of his best work, as he knew he was saving kids.
“I never had a case that I didn’t feel completely 100% about,” he says. “I got confessions out of pretty much all my subjects. Unfortunately, it’s an illness, I believe. We need to protect people, especially children. You get one chance at childhood, and for someone to mess that up for their own benefit is unforgiveable to me.”
The FBI was primarily forensic work. Now that he’s returned to the private sector, he feels he can do more to help people.
“In the private sector, I can help businesses and individuals prepare,” he says. “It’s a good feeling to say I put a lot of people in jail who needed to be there, but now I can help companies really secure their networks.”
McAndrews puts his motivation simply. Most of his friends are musicians, and he admires their creativity. To many of them, their career comes easily. Music isn’t so easy to McAndrews.
“I work in networking, and that’s my music. That’s what I do,” he says. “It comes easy to me, and I know that I can help. I inspire others—so I hear—when I’m helping teach.”
McAndrews helped found PacketWatch with CEO Chuck Matthews.
“I met Chuck through the FBI Citizens Academy,” McAndrews says. “He was formerly one of the folks who helped manage that for the country.
“Chuck and I became acquainted, and we spoke quite a bit. We were at an FBI charity golf tournament when we first talked, and we kept in touch. Eventually, he convinced me that I could make a difference, so when I joined them, we fulfilled our vision.”
The two have worked with the government, the media, manufacturing and individuals. The biggest compliment he receives is clients love working with him because he has “a personality.”
“One of our customers even wrote a review for us one day,” McAndrews says. “She said watching us work was like being in a Jason Bourne movie. She said when she sees us on the phone and computer, it just came to life. We’re not a large shop that just runs you through the mill. We’re honest with you. We want to do what’s right. We’re not going to run up the clock on you.”
Back to the three M’s, quite a few of McAndrews’ colleagues are musicians, ranging from Eric Clapton tributes to heavy metal.
“We have a rock ’ n’ roll flair, and we love it,” he says. “If you get to know me, I’m all about malware, music and motorcycles. Let’s just do it and have fun.”
Leave a Comment
You must be logged in to post a comment.