PacketWatch Cybersecurity Expertise used in Colonial Pipeline Ransomware Story

PacketWatch Cybersecurity Expertise used in Colonial Pipeline Ransomware Story

Blog | News

PacketWatch Cybersecurity Expertise used in Colonial Pipeline Ransomware Story

Investigative journalist Rich McHugh included PacketWatch’s cybersecurity expertise in his latest NewsNation Now story on the Colonial Pipeline ransomware attack.

In the video, Michael McAndrews, PacketWatch CTO, discusses:

  • The impact of malware and ransomware on organizations
  • How we never encourage paying a ransom
  • How planning will help you get ahead of the game
  • The importance of an Incident Response Plan

The Colonial Pipeline cyberattack has disrupted the gas and diesel supply throughout the southeast, creating a frenzy at the pumps and potentially raising the prices of goods and services reliant on fuel for transportation.

You can view the entire 3-minute story “Top US pipeline operator shuts major fuel line after cyber attack“ with contributions from Stephanie Kelly and Christopher Bing on the NewsNation website.

“Ransomware and malware, in general, is a huge problem for companies right now. It puts jobs at risk. It puts livelihoods at risk. It costs companies millions of dollars.”

Michael McAndrews Chief Technology Officer PacketWatch

PacketWatch Discusses Unemployment Payment Fraud and Password Scams on Pix11 News

PacketWatch Discusses Unemployment Payment Fraud and Password Scams on Pix11 News

Blog | News

PacketWatch Discusses Unemployment Payment Fraud and Password Scams on Pix11 News

Emmy-Award-winning reporter Mary Murphy spoke with Michael McAndrews, PacketWatch CTO, about identity theft, passwords, and stolen unemployment payments during a story on Pix11 News (NYC).

Michael explained how the volume of unemployment claims during the pandemic has created an environment for cybercriminals to take advantage of the states and the payment recipients. Using a password manager and unique, strong passwords are the best ways to protect yourself from this type of attack. Cybercriminals are constantly trolling the Internet looking for exposed passwords. There has been a tremendous increase in unemployment check fraud, it’s just a matter of time before the criminals find password that allows them to steal an identity.

You can view the entire story “Brooklyn mom victim of unemployment identity hacker“ as told by Mary on the Pix11 News website.

“Since so many state agencies have been overwhelmed by unemployment claims, they haven’t been able to audit them. So, many times, the claims are simply being paid, and therefore, the money is being sent to the criminals.”

Michael McAndrews
Chief Technology Officer
PacketWatch

PacketWatch Featured in an Investigative Story on Ransomware Now Streaming on NewsNation

PacketWatch Featured in an Investigative Story on Ransomware Now Streaming on NewsNation

Blog | News

PacketWatch Featured in an Investigative Story on Ransomware Now Streaming on NewsNation

Emmy-Award-winning investigative journalist Rich McHugh sat down with PacketWatch CTO Michael McAndrews to better understand how and why cyber criminals target their victims.

They discussed the impact of malware and ransomware on companies and how to prepare for a cyberattack. Michael demonstrated how PacketWatch cybersecurity analysts use our proprietary tools to identify anomalous network activities and respond to a cyber incident.

Rich also spoke with a PacketWatch client about her experience with ransomware attacks and how organizations can protect themselves.

You can view the entire 6-minute story “Cyberattack Forces Arizona City Offline for Weeks, Experts Warn of Growing Trend“ hosted by Rob Nelson and Marni Hughes on the NewsNation website.

“Sometimes, the criminals don’t even know who they’ve attacked. They’re simply casting a wide net and opportunity knocked when somebody clicked on a link or went to a bad website and got swept up in ransomware.”

Michael McAndrews Chief Technology Officer PacketWatch

Investigating Cybersecurity Incidents using Full Packet Capture

Investigating Cybersecurity Incidents using Full Packet Capture

Blog | Presentation

Investigating Cybersecurity Incidents using Full Packet Capture

Cybersecurity Incident Response requires technical expertise, the right tools, and a trained investigative eye. On Monday, January 6th, Michael McAndrews, our Vice President of Network Security Services and former FBI Special Agent, walked the audience at the Southwest CyberSec Forum through the process we used to investigate and resolve a recent international cybersecurity incident.

The PacketWatch incident response team used a combination of full packet capture, forensic collection tools, and CrowdStrike Falcon EDR technologies to identify abnormal host activity and malicious network traffic. Analyzing packet-level data over time helps uncover anomalous activity that is often missed by traditional toolsets. This PacketWatch case study described the plan we executed, highlighting the need for advanced incident response tools to mitigate and eradicate the malicious activity.

There was a strong turnout for the CrowdStrike-sponsored event held at the University of Advanced Technology (UAT) theater in Tempe. One of the attendees shared his thoughts after seeing Michael’s presentation:

“Michael’s story was fascinating. It really hits home when you see shades of your own organization in security incidents like the one he described. Most IT departments would have to deploy an assortment of tools to gather the kind of granular information collected by PacketWatch. This case study showed how having access to both historical and active network data in a single platform enabled responders to achieve successful mitigation quickly. Without the visual analysis of network patterns provided by PacketWatch, doing this level of investigation would be daunting.”

You can watch Michael’s presentation “The Need for Advanced Incident Response Tools and Capabilities” on the Southwest CyberSec Forum YouTube page (43 min).

Michael regularly educates cybersecurity professionals at events, forums, and national conferences. If you would like him to talk with your audience or need help investigating an incident, please Contact Us.

“Michael’s story was fascinating. It really hits home when you see shades of your own organization in security incidents like the one he described.”

Southwest CyberSec Forum | January 2020

Southwest CyberSec Forum | January 2020

Blog | News

Southwest CyberSec Forum | January 2020

We are excited to kick-off the new year with a presentation from Michael McAndrews to the members of the Southwest CyberSec Forum on Monday, January 6, 2020.  Michael’s presentation “The Need for Advanced Incident Response Tools and Capabilities” will use actual scenarios from a WGM/Crowdstrike international incident response engagement.

He will discuss incident response and how full network packet capture and endpoint detection and response technologies can be leveraged together as a powerful combination to improve the investigative and remediation process.

The event is sponsored by Crowdstrike who will present on the current e-crime landscape and procedures used by APT actors. Their presentation will cover the tactics, techniques, and procedures used by Wizard Spider and their TrickBot, Ryuk, and AnchorDNS malware families.

Southwest CyberSec Forum
University of Advancing Technology Theater
2625 W Baseline Rd, Tempe, AZ 85283
Meeting: 6:00pm–9:00pm

Pizza and drinks will be provided from 6:00-6:30pm
Free Admission – No RSVP Necessary
Open to the public and UAT students

Expected Attendance:
70-100 people from private and public sector organizations

Event Details | Join SWCSF Mailing List