Cybersecurity expert and former FBI agent Michael McAndrews has three loves in his life – malware, motorcycles and music.
Malware is key to PacketWatch, a 3-year-old Scottsdale-based company for which he serves as vice president, network security services.
PacketWatch is the name of the business and the proprietary network monitoring, analysis and investigation platform designed to help cybersecurity threat hunters quickly and efficiently accomplish their daily tasks. He calls PacketWatch one of the “coolest tools out there.”
“Our company provides cybersecurity for corporations and individuals,” he said. “We meet our customers in a couple ways. Obviously, we love referrals. That’s great.
“Sometimes we perform what’s called ‘managed detection response,’ which is, essentially, watching your network for you, making sure nothing bad gets in. If something does happen, we identify it very quickly and reduce ‘dwell time’ – how long the bad folks are in there – and then we keep your network safe.”
The COVID-19 pandemic has caused an uptick in incident responses, McAndrews said. The opportunities are greater for hackers to access remote gateways to networks because folks are rushing to set up workstations at home. “We’re seeing a lot more breaches,” he said.
Many times, affected companies become long-term, managed detection clients.
McAndrews has been in the field for 25 years and has spoken at a myriad of events.
“Sometimes in my talks, I tell people I have found that a large percentage of the population in America has at least three passwords,” he said.
“You have one password that you think is just for small sites that you don’t care about. You have one that you think is a little bit more secure, and you have one you might use for your banking. Most people seem to fall into that category.”
For example, if the “medium” password is on a website that is breached, the hackers will download the database of usernames and passwords. They then put it into a password spray.
“They can blast your email address with that password across the top 1 million websites in a matter of minutes,” he said.
McAndrews doesn’t use the same password twice and he suggests others do the same. Password managers like LastPass come in handy for this.
“I couldn’t even tell you my passwords because my password manager changes them,” McAndrews said. “They’re very complex and they’re long. If I need to do a password reset because I don’t have my password manager, I can still do that. But for right now, my passwords are secure.”
On the commercial side, McAndrews recommends using multifactor authentication, in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism.
“When you sign in, they send you a text or they need to type in a code that protects it,” McAndrews said. “Even if your company’s passwords or emails fall into the wrong hands, if they don’t have the second factor. If they don’t have the text message or the code, they can’t get in, right?”
Patch management is important as well. McAndrews and his colleagues are seeing an increase in unauthorized access coming through network devices.
Virtual private network gateways and firewalls are vulnerable. If companies haven’t fixed that vulnerability, hackers exploit them. Once hackers sneak into a company network, they start looking around. That’s when McAndrews and his clients see an increase in ransomware.
One of McAndrews’ intelligence analysts said in Q3 2019, the average ransom was $42,000. The same time in 2020, it’s over $233,000.
McAndrews said ransomware is a huge moneymaker for organized crime based in Eastern Bloc countries. He suggests establishing segregated backup routines so they’re not in the same domain. Many ransomware groups immediately look for backups and delete them, which adds more pressure to pay the ransom.
McAndrews has always been interested in cybercrimes and knew, one day he’d work for the FBI. After working in sales, McAndrews became an agent and taught at the FBI Training Academy at Quantico and the International Law Enforcement Academy in Budapest.
As an agent, he worked in cyber matters and was on a special team called the Cyber Action Team that was deployed for the highest-profile intrusions.
He also fought crimes against children, which he calls some of his best work as he knew he was saving kids.
The FBI was primarily forensic work. Now that he’s returned to the private sector, he feels he can do more to help people.
“In the private sector, I can help businesses and individuals prepare,” he said. “It’s a good feeling to say I put a lot of people in jail who needed to be there, but now I can help companies really secure their networks.”
McAndrews puts his motivation simply. Most of his friends are musicians and he admires their creativity. To many of them, their career comes easily. Music isn’t so easy to McAndrews.
McAndrews helped found PacketWatch with CEO Chuck Matthews.
The two have worked with the government, the media, manufacturing and individuals.
"We’re honest with you. We want to do what’s right. We’re not going to run up the clock on you.”