Understanding the Evolve Bank Hack and Federal Reserve Hoax
Welcome back to “The Other Side of the Firewall,” where we bring you the latest and greatest in cybersecurity news, highlighting movers and shakers who break the glass ceiling in our industry. Today, Ryan Williams Sr., @Shannon Tynes, Chris Abacon, and Daniel Acevedo are dissecting the recent Lockbit attack, which targeted Evolve Bank instead of the rumored Federal Reserve. Let’s dive into the details and the broader implications for our field.
The Incident
In a sensationalized report, it was initially claimed that the Federal Reserve had been hacked, with 33 terabytes of sensitive information at risk. This claim, which caused a stir in the cybersecurity community, turned out to be a hoax. The real victim was Evolve Bank, a financial institution in Arkansas.
Our team quickly uncovered the truth behind these claims. “It was just so fantastical that it had happened. Like, wait, did that really happen?” said Shannon. Upon closer inspection, it was revealed that Lockbit, the notorious ransomware group, had hacked Evolve Bank. The misdirection was perhaps a ploy to inflate their threat level.
Evolve Bank’s Predicament
Evolve Bank was already under scrutiny for its lax information safeguarding practices. The hack added fuel to the fire, casting a shadow over its cybersecurity protocols. Lockbit’s demand of $50,000, a surprisingly low ransom for such a massive data breach, was met with skepticism. The Federal Reserve called their bluff, leading to no further ransom demands.
Shannon Tynes recounted, “What was funny about the previous reporting of this is that when they were hacked, it was Lockbit, right? They were negotiating with some type of representative from the Federal Reserve, and they only offered them $50,000, which came off kind of funny. I was like, $50,000 for all that information?”
Implications for Cybersecurity
This incident underscores the importance of robust cybersecurity measures, especially for smaller financial institutions. As Daniel noted, “If you’re in Arkansas and you have Evolve Bank, now is your time to switch banks. You got to pull your money out like yesterday.”
The case also highlights the need for vigilance in the face of ransomware threats. As professionals, we must ensure that we don’t take initial claims at face value. Verification and thorough investigation are key. “You really need to go into the negotiations of, hey, show me what you need to prove to me what data you actually have,” said Daniel.
Shannon added, “It just goes to show as a security practitioner, if you deal with a lot of ransomwares, kind of like not biting the bait on first details of, hey, you’ve been ransomwared, even if you have, that comes across your screen or you’re in charge of the servers or that department that has to deal with this kind of stuff.”
Federal Reserve Myths Debunked
Amidst the chaos, it’s essential to clarify some common misconceptions about the Federal Reserve:
- The Federal Reserve is audited extensively.
- It is not owned by any single entity but is a blend of public and private elements.
- It comprises 12 regional banks working together.
“There are so many myths about the Fed. For example, the Fed is not owned by anyone. It’s a blend of both private and public elements, and it’s composed of 12 regional banks,” I explained.
The Bigger Picture
The Evolve Bank hack serves as a critical lesson for cybersecurity practitioners. It emphasizes the need for stringent security measures, especially in smaller institutions, and the importance of skepticism and verification in the face of ransomware threats. As Chris aptly put it, “A financial institution that does not take cybersecurity seriously is the biggest red flag.”
Chris also highlighted the importance of identity and access management controls: “Many of the big corporations, bigger banks, they’ve got stringent identity and access management controls in place, specifically on the user end. Now, I haven’t banked with a small bank, right? I don’t know what their practices are. I don’t know how local credit unions even do things, but I imagine they have to follow stringent guidelines regarding cybersecurity.”
Looking Ahead
The incident with Evolve Bank and the misinformation surrounding the Federal Reserve highlights a significant issue in our field — the rapid spread of false information and the need for quick, accurate verification. It also sheds light on the importance of preparedness and strong cybersecurity protocols. As Daniel pointed out, “It’s almost too crazy that the Federal Reserve is getting hacked. And I’ve only seen articles state the 48-hour timeframe and nothing else had come out.”
Moreover, the discussion about the Federal Reserve’s response to the ransom demand is intriguing. Shannon speculated, “Do you think the Federal Reserve went and checked and was like, okay, all these 12 banks, they went and said, no, we’re all secure? And then they came back and was like, okay, let’s get them then. The negotiators probably on the phone with a smirk on us. It’s like, yeah, 50,000. Yeah, you can take it or not.”
This scenario underscores the strategic and psychological aspects of ransomware negotiations. It also raises questions about the training and background of ransomware negotiators. As I mused, “Who trains them? Where do they get their credentials from? I’d be more interested in that coming out of this article. That’s kind of a mystery in itself, too. How do I become a ransomware negotiator?”
Conclusion
The Evolve Bank hack serves as a critical lesson for cybersecurity practitioners. It emphasizes the need for stringent security measures, especially in smaller institutions, and the importance of skepticism and verification in the face of ransomware threats. We’re so close to hitting our goal of 500 subscribers by the end of the month, and we can’t do it without your support. Let’s make it happen!
Thank you for reading and stay tuned for more episodes of The Other Side of the Firewall podcast on Monday, Tuesday, Wednesday, and Fridays, as well as, the Ask A CISSP podcast every Thursday. Please like, share, and, subscribe.
Stay safe, stay secure!
Ryan is a retired Air Force veteran who brings over 20 years of experience in network infrastructure, project management, and cybersecurity consulting to his current role at BuddoBot. Buddobot’s mission is to support national security by transforming, empowering, and educating organizations to shift from reactive, diluted, automated, and high-cost IT and security practices to proactive, effective solutions that fortify their security.
Shannon, also a retired Air Force veteran, has more than two decades of expertise in network security and vulnerability management. He now serves as an Information System Security Officer (ISSO) for the U.S. Space Force, where he continues to enhance national security protocols.
Chris, a Navy veteran with over ten years in IT, information assurance, and risk management, currently works at CompliancePoint. His roles include vCISO, RMF assessor, and consultant, focusing on enhancing data security and privacy for various organizations.
Daniel is an Air Force veteran with over 15 years of combined experience in IT, cybersecurity, information assurance, and government risk compliance. He has held various roles, including IT administrator, cybersecurity engineer, senior information system security manager, and currently serves as a senior security consultant for Booz Allen Hamilton. In this latest role, Daniel leverages his expertise to address unique and complex challenges in the cyber and IT domains, enhancing his customers’ capabilities.