With thanks to John Hammond, Senior Security Researcher at Huntress, Aviva Zacks of Safety Detectives learned a lot about the company’s security platform.
Safety Detectives: Can you tell me about your journey to cybersecurity and to Huntress?
John Hammond: I grew up wanting to make videogames. I wanted to do some of the cool, high-flying-and-flashy, on-the-keyboard cyber stuff. I knew that if I wanted to learn how to hack or make videogames, I had to learn how to program, how to develop software, and how to do software engineering.
For a lot of my childhood, I was interested in creating and building. In the U.S. Coast Guard, where I served, they are most concerned about whether what you are making is secure. That changed my mindset to not only “make things, but also, break things,” which led me to roles in government contracting with the United States Department of Defense. A few years later, I fell in with Huntress, and I absolutely love working with them. It’s incredible to be in the spotlight for education and raising the community up in cybersecurity—all the while still providing one solid security platform to stop the bad guys and halt hackers in their tracks.
SD: Could you tell me about Huntress’ technology?
JH: Huntress was founded on this idea—and it’s interesting because our founders also have a military background, some of whom were ex-three-letter agency operators. But five or six years ago, they were doing a government training exercise, and they were operating on the blue team—the defensive team—and they were pitted against the red team—or the offensive ones—that was trying to break in and attack them.
The idea was to monitor and look for the red team’s access. They tried to see where the hackers were by looking for specific autoruns, services, scheduled tasks, or start-up keys—things where the attackers might try to leave their persistence, their own backdoor, or their implants so they could maintain their access. They had written some software that could look through all those corners and crevices and see if they could find the hacker’s backdoor and footprints. That became the mainstage event for what Huntress came to be—hunting for the hacker’s backdoor, implants, and persistence mechanisms.
It has now grown and evolved into a proper security platform. Hunting for “Persistent Footholds” is still the mainstage event, but we also are rolling out “Ransomware Canaries”—like tripwire or a trigger to detect if there is the presence of ransomware on a machine. We have “External Reconnaissance” where we’ll do external port scanning, checking what businesses actually have out in the open on the internet, whether they have their websites open and accessible, but also accidentally have the remote desktop protocol or some file shares that don’t need to be public.
SD: Can you tell me what verticals use your technology?
JH: Huntress specifically focuses on the managed service providers (MSP) community. I think that is a strategic move because those MSPs are the whole help desk, the whole technology, and security arm for a plethora of small or medium businesses. So we certainly do work with the regular mom-and-pop shop, but MSPs give us a bit more coverage and visibility.
SD: What do you think are the worst cyberthreats today?
JH: When we talk about external reconnaissance, you don’t want to have remote access open to your computer on the public internet. You should be changing your password often and enabling two-factor authentication, patching, and hardening, all the usual cybersecurity “best practices” you hear all the time. Those basics make for a solid defense, but those advanced and sophisticated hackers might slip by.
The cybercriminals that break through that fishnet, as you close in and tighten up the barriers that you set, are still going to attack human vulnerability. Phishing emails, scams, lies, and deceit are still going to come in to play, especially now with the COVID-19 pandemic. Hackers are always going to take advantage of chaos and uncertainty.
SD: Because we’re living through this pandemic, things have changed in cybersecurity. What do you think?
JH: We are seeing that everyone needed to shift to remote work. That opens the door for those hectic, knee-jerk reactions that since companies need to maintain business and keep operations going, they just open up remote desktop protocol, which is a bad solution. We cannot use that band-aid solution anymore.
The other things that are in the mix are scams and deceptions. One thing that we’ve been talking about recently is how we’re supposed to be delivering the COVID-19 vaccine. One thing that we like to do with Huntress is to offer a little dark web ride-along which sounds spooky and scary but it showcases and offers some of the real conversations, real forum posts, and topics. The hackers that are talking and potentially selling services on the internet or even just requesting and asking for services are looking for a hacker-for-hire. Threat actors try to sell fake counterfeit COVID-19 vaccines out there, which is one element, but they could very well also be phishing and sending out scams as if they were disguised as the providers—Moderna and Pfizer—and they’re deploying ransomware. They’re disrupting operations. They’re making it more of a mess than we really need it to be. Ultimately, we all have to be vigilant. While the tried-and-tested security posture of patching and hardening makes for a formidable defense, as an industry we still need to monitor threats and work smarter than the bad guys.