The Gately Report: Trellix Threat Intelligence Leader Expects Cybercriminals to Pounce in Hurricane Ian Aftermath
Russia is planning massive cyberattacks on Ukraine and its allies.
Trellix threat intelligence leader John Fokker expects cybercriminals to take advantage of Hurricane Ian‘s devastation in Florida and other states much the same way they did during the COVID-19 pandemic.
Fokker, Trellix’s head of threat intelligence and principal engineer, spoke during this week’s Trellix Xpand Live 2022 conference. He and Doug McKee, principal engineer and director of vulnerability research, detailed how the company helped law enforcement take down the notorious REvil ransomware gang. REvil was responsible for last year’s attack on Kaseya.
“We help catch bad people,” he said. “That’s what gets me going every day.”
During his career, Fokker has supervised numerous large-scale cybercrime investigations and takedowns. In addition, he’s one of the co-founders of the NoMoreRansom Project. The No More Ransom website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee. It helps victims of ransomware retrieve their encrypted data without having to pay the criminals.
Trellix Threat Intelligence Leads to Better Protection
We spoke with Fokker during Trellix Xpand Live to find out how threat intelligence is helping to protect organizations from cybercrime.
Channel Futures: Tell me about your work with Trellix’s Threat Intelligence Group and how does it lead to better cybersecurity for partners and customers?
John Fokker: I have the privilege to run a team with different types of analysts where we have commercial papers, and we have analysts that go out and hunt, collect and do research on threats out there in the world. So they use our telemetry, they use our products, but they also look at scanning the internet or disseminating third-party product blogs. We also have other vendors that come out with phenomenal research. We’ll look at it and we’ll validate it, and we’ll send it out to our customers. So that’s integrated in our work stream and that goes immediately to all the products. And we like to say we collect stuff that will really help the customer tackle the threat.
Now, there’s these threat actors. They move through a network. There’s multiple ways of doing so, and they use multiple tools. So our team identifies how the threat actor operates and we’ll try to find out ways of how they do it. This is what we can give. We can connect with the respective product teams and they’re like OK, can we build protection for this? And at the same time, we give intelligence to our customers. And this is product innovation. It was tied into the product. And at the same time, we also have an option where we have commercial opportunities. So if we have a customer that really wants to go in depth on threat intelligence or the other way around, they want threat intelligence, but they don’t have a whole team, we can help them out. We can support them with their assets.
Scroll through our slideshow for more from Fokker and more cybersecurity news.