Lesley Carhart

Last updated
Lesley Carhart
Lesley Carhart - What Can We Learn About Cybersecurity Trashfires (cropped).jpg
Carhart in 2023
Other nameshacks4pancakes

Lesley Carhart aka hacks4pancakes is the principal incident responder and threat analyst at industrial cyber security company Dragos. [1]

They were described as one of the top 10 influencers in cybersecurity in 2019 [2] through to 2020 [3] by GlobalData research.

They are involved with and comment on a broad range of cybersecurity topics including industrial control systems, [4] [5] the Solar Winds hack, [6] ransomware attacks, [7] [8] smart device insecurity, [9] remote working, [10] multi-factor authentication, [11] and the 2021 Microsoft Exchange Server data breach. [12]

They are active in the information security community, offering career advice [13] and involved in conferences, including organizing PancakesCon. [14]

Lesley served 15 years [15] in the Air Force Reserve, in the 434th Communications Squadron (A subdivision of the 434th Air Refueling Wing's Mission Support Group), attaining the rank of Master Sergeant. [16] [17]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

Ransomware is a type of malware that permanently blocks access to the victim's personal data unless a "ransom" is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

<span class="mw-page-title-main">Petya (malware family)</span> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing security analytics powered by artificial intelligence (AI).

Jack Cable is an American computer security researcher and software developer who currently serves as a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. Cable began working for the Pentagon's Defense Digital Service in the summer of 2018.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups, most likely Russian or Ukrainian, who target organizations rather than individual consumers.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

<span class="mw-page-title-main">Health Service Executive ransomware attack</span> 2021 cyber attack on the Health Service Executive in Ireland

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

In mid-May 2021 hospital computer systems and phone lines run by the Waikato District Health Board (DHB) in New Zealand were affected by a ransomware attack. On 25 May, an unidentified group claimed responsibility for the hack and issued an ultimatum to the Waikato DHB, having obtained sensitive data about patients, staff and finances. The Waikato DHB and New Zealand Government ruled out paying the ransom.

Kyle Hanslovan is an American engineer and information technology security analyst who served as a US Air Force Cyber Technical Sergeant.

References

  1. O'Donnell, Lindsey (12 November 2020). "From Triton to Stuxnet: Preparing for OT Incident Response" . Retrieved 10 July 2021.
  2. Globaldata (11 February 2020). "Biggest influencers in cybersecurity in Q4 2019: The top companies and individuals to follow" . Retrieved 10 July 2021.
  3. GlobalData (30 October 2020). "Biggest influencers in cybersecurity in Q3 2020: The top individuals to follow" . Retrieved 10 July 2021.
  4. BAJAK, FRANK (9 February 2021). "Hack exposes vulnerability of cash-strapped US water plants" . Retrieved 10 July 2021.
  5. Barrett, Brian (4 February 2021). "The Threat to the Water Supply Is Real—and Only Getting Worse" . Retrieved 10 July 2021.
  6. Collier, Kevin (22 January 2021). "Biden inherited one of the worst hacks in history. How will his administration respond?" . Retrieved 10 July 2021.
  7. Vaas, Lisa (7 May 2021). "Ryuk Ransomware Attack Sprung by Frugal Student" . Retrieved 10 July 2021.
  8. Larson, Selena (27 June 2017). "Why ransomware attacks keep happening" . Retrieved 10 July 2021.
  9. Whittaker, Zack (2 July 2019). "Security flaws in a popular smart home hub let hackers unlock front doors" . Retrieved 10 July 2021.
  10. Mehrotra, Kartikay. "Employers Beware: Working from Home Creates New Cyber Risks" . Retrieved 10 July 2021.
  11. O'Flaherty, Kate (21 January 2020). "This Is The Surprising Truth About SMS Security" . Retrieved 10 July 2021.
  12. Kirk, Jeremy (10 March 2021). "List of Hacked Exchange Servers May Boost Recovery Efforts" . Retrieved 10 July 2021.
  13. Whittaker, Zack (21 August 2017). "Landing that infosec job: These experts share their best career advice" . Retrieved 10 July 2021.
  14. Brumfield, Cynthia (23 March 2020). "Virtual security conferences fill void left by canceled face-to-face events" . Retrieved 10 July 2021.
  15. "Veterans bring high-value, real-life experience as potential cybersecurity employees". CSO Online. Retrieved 2024-08-15.
  16. "Induction ceremony embraces a rare event". Grissom Air Reserve Base. 2019-10-16. Retrieved 2024-08-15.
  17. "Grissom announces award winners for the 2nd quarter". Grissom Air Reserve Base. 2021-07-27. Retrieved 2024-08-15.