Lyra Recovery execs: Threat actors pursuing more targeted, sophisticated attacks

By James Thaler

Feb 14 - Threat actors are ramping up their focus on more targeted cyberattacks which, despite growing sophistication, have made the breach restoration process easier, according to senior Lyra Recovery executives.

Lyra Recovery’s leadership includes Shawn Melito as CEO, COO Brent Riley, and VP of operations Luke Green. The trio spoke to The Insurer TV at this week’s NetDiligence Cyber Risk Summit in Miami Beach.

Riley said Lyra has seen a continued push among threat actors to pursue more targeted attacks.

“We're seeing a continuation of them being more sophisticated and targeted in their attacks,” he explained.

“Very different from the days of Ryuk, where bad guys would come in and smash and grab leveraging something like Emotet or TrickBot to gain control of the whole network and then push out ransomware broadly and just create chaos,” he commented.

Riley said Lyra has been observing an increasing number of threat actors tapping into targets that operate virtualized infrastructure, which they then encrypt, and take steps such as resetting administrative passwords and corrupt backups.

“We're seeing a lot of prevalence of that. And if workstations are impacted, it almost seems these days that it's incidentally through shared drives and things like that, versus the threat actors spending time specifically encrypting workstations,” he explained.

Green also said Lyra is seeing certain specific industries being targeted in waves, giving an example of one month where a wide number of HVAC companies were impacted across the US.

“Some of it will be when a bad actor gets into an email system, and then it spreads through phishing and whatnot. It's like, 'Oh, who's on their Rolodex',” he explained.

'TANGIBLE BENEFIT TO PREPARATION'

With cyber risk awareness increasing in recent years and major improvements to cyber hygiene and risk management practices, Riley said that firms better prepared for a breach are generally “minimally impacted”.

“There's definitely a tangible benefit of that prior preparation when there is a cyber incident,” he commented.

Riley said threat actors are still gaining network access through exploited credentials, using as an example certain senior members of management teams who might think they are a “special case” and not adopt MFA, or falsely thinking having an MDR solution in place would be sufficient.

“I'd say, a trend that's continued, and work that still needs to be done in the industry, is to figure out how to address this and get greater compliance and standardization,” he explained.

'LYRA "VERY MUCH IN GROWTH MODE"'

Melito said Lyra is “very much in growth mode” and spent its time at the NetDiligence conference working on growing its relationships with digital forensics and incident response (DFIR) firms.

Riley also said that Lyra is leaning into its use of artificial intelligence, machine learning, and other forms of automation to interact with clients more effectively and provide the insurance industry with valuable intel.

“Because we have a very unique perspective, we're not just working for one digital forensics firm, and we're not just working in one industry or vertical, we're touching on a lot of it,” he explained.

“We've got 4,500 people around the world. We have really, really good scope, a lot of specialties,” he said, noting that Lyra generally has staff within a two to three hour drive from most clients.

“Because our big win is landing the client, potentially as a permanent MSP client, we're able to come in at a price point that most people can't beat,” he explained.

Melito said all three executives were drawn to launching Lyra’s recovery business by that mission.

“We all pitched ourselves after hearing what Lyra was planning on doing, and we really believe in what it is, and in the mission. And if we're not handling the majority of recovery cases within two or three years, I'll eat my hair,” he quipped.