Tech+ Blog: Bay Area IT Security & Consulting News

Ransomware Mac 'N Cheese - a Bay Area Cybersecurity Snack

Jun 21, 2019

When I went to Defcon last year I attended a few very interesting Skytalks from IT Security Professionals in the healthcare space. Skytalks - in case you don't know are deep dive off the record talks where security experts share 'what really happened'. There is no recording allowed, no photographs, no bullsh*t, and often you learn some really great insights. 

One of my takeaways from last year was when you are facing a cyber attack or ransomware situation don't forget to make sure your team gets their meals. Often during a critical cybersecurity incident IT staff and working 12-18 hour days around the clock trying to restore services and it becomes easy to skip meals and suddenly realize you haven't eaten in hours. This happened to us last January when one of our Oakland Law Firms got hit with ransomware. So with that inspiration I thought I would share my favorite Mac 'N Cheese Recipe. Warning: it contains a LOT of onions! 

Cybersecurity Meal Prep Checklist:

  • Quality aged cheddar, swiss, or gruyere. My favorite thing is to go into Berkeley Bowl and see what they have on sample and buy something local. Get an $8-12 block of cheese; something that will make 1-2 cups grated. Don't buy the pre-packaged pre-grated stuff. It sucks.
  • 1 cup of half and half cream, I prefer Straus or Clover
  • 1/2 cup butter
  • 1/4 cup white flour
  • 1 pack No Yolks brand extra broad egg noodles
  • 4 large sweet onions 
  • 1-3 pinches of sugar or 1-2oz of cola (not sugar free)
  • Black pepper, salt
  • Multi-factor authentication; always a necessity!


The Secret to the Best Ever Mac 'N Cheese - LOTS OF ONIONS! Like IT Security it's all about the layers!

A good read: The 7 Cybersecurity Layers Every Entrepreneur Needs to Understand

This recipe I should warn you is my own creation. I made it up one evening after meeting the German exchange student boyfriend of one of my IT engineer's sisters at a party at his parents house in Walnut Creek. It was 3am and we got talking about the best late night food and he described making Kraft Dinner but adding grilled onions, and I got playing around one morning trying out my new chef knife I got from a client - Alameda Natural Grocery and got a little carried away with the onions and accidentally made what I think is the best Mac 'N Cheese ever. Okay on with the cooking! Also along the way I'm going to talk IT Security cause I'm a geek!

1. Cut 4 onions in halves, remove skin, enforce safe password policies

IT Security Onions

Look at all those onions!!! While thinking of onions let's quickly talk passwords. Making sure you enforce a safe password policy for all employees is a must. Every year I do a Cybersecurity presentation for Oakland Small Business Week I have a slide with the top 20 password of that year. I always get gasps from the audience and 1:1 questions after about changing certain passwords.


2. Cut onions like this, asset tag all your IT equipment

prevent malware by chopping onions

Cut onions into pieces like this; not too big, not too small. If your knife is sharp your eyes shouldn't water.

While cutting those onions let me ask how is your asset management? Does every internet connected device have an asset tag and are devices inventoried to ensure their firmware is updated and there are no vulnerabilities? Now back to chopping!


3. Put 1/4 cup of butter in a pan or wok with all the onions, caramelize them for 30-35 min and check your firewall logs while the onions start to brown

siem solution cooking onions

Notice how many onions there are compared to the noodles! That's what makes this so good. Set the burner to a medium heat and let the butter melt stirring the onions covering everything with melted butter, keep stirring every few minutes. While the onions cook you can multitask on the rest of the recipe, as well take a few minutes to check your firewall security logs. Your IT folks should be doing this daily.

After about 20 minutes, you should have your logs checked and be smelling some onions a caramelizing. 


4. Grate the cheese, educate your employees on phishing scams and cybersecurity best practises 

cybersecurity bay area cheese

I used a 2013 aged Tillamook Cheddar I got at costco, About 1/2 - 2/3 of this block is a good amount of cheese. This cheese is 3 years older than KnowBe4 one of the largest IT Security Training Companies.

Cybersecurity is only as good as your weakest link. We suggest using a platform such as KnowBe4 to test employees with spoofed emails monthly, as well as manage eLearning for Cybersecurity Training. Essentially our IT team tries to trick people into clicking on fake emails and when they do the users are shown a video explaining how they could have spotted that email was a fake and how to do better next time. This dramatically improves overall security awareness and lowers your risk of getting compromised. Phishing scams are how many systems are breached by cyber criminals.


5. Cook Egg Noodles for 8 minutes, set oven to 400F, make sure mobile devices are enrolled in an MDM to protect sensitive data on the go 

honey pot cooking noodles

Bring some water to a boil, don't forget to add salt (unless your Olive Garden) then dump in the noodles letting them cook for about 8 min so they are al dente. Also set the oven to 400F as we will bake the dish at the end.

While the noodles cook now is a good time to think about mobile device management: MDM. It is a critical piece of your IT Security Plan just like the noodles in this Mac 'N Cheese. Your company's workforce is mobile and you want to ensure sensitive information especially all your emails are protected and encrypted. MDM allows IT Admins to separate work applications and have them live in a secure container. Updates can be pushed down, access restricted or granted, and phones remotely wiped if they are lost or stolen. We love using MaaS360 at Tech+ another great one is Airwatch.


6. Melt some butter, make a roux, optionally add some sugar to the onions or cola and use multifactor authentication! 

anti-virus endpoint security cheese sauce

We are going to start by making a roux. Melt some butter in a pan (also look at those onions now!!! If you want them more brown now is the time to add a pinch of sugar or an oz or two of cola into them and stir) then add an equal amount of flour and stir the roux rapidly. I used 1/4 cup of each butter and flour. 

ai powered platform cheese sauce

Just like a roux is the base of just about every cheese sauce multifactor authentication should be part of the basics in how you access online services. 

A password can easily be compromised, but that's where multifactor authentication saves the day. In addition to your password other factors are required to login. This could be a trusted device, a trusted IP address (such as your office's network), an SMS text message with a one time code, an application like Duo, or an U2F Security Key. In order to login users need these multiple authentications which makes it far harder for hackers to compromise your logins.

We particularly like Yubikey's at Tech+ case in point read about Google's two year study on them. Escentially Google makes one of the best and free MFA Apps "Google Authenticator" yet chooses Yubikeys for all its 50,000 employees as it dramatically reduces the time to login and lowers help desk support cases. I remember first learning about this at their presentation at B-sides San Francisco in 2016. I've personally had a Yubikey for over 12 years and love them; it's been in the washing machine, dropped numerous times and yet it still works fine. 


7. Add Grated Cheese, Half and Half Cream and make a cheese sauce, regularly backup your data and test your backups!

splunk cheese goes in sauce

Slowly fold in the grated cheese adding some half and half cream to thin it out a bit. Stir a ton! I personally like my Mac N Cheese not to be runny; so I make my sauce extra thick, using only maybe 1/2 cup of cream. 

Backing up your data, and testing your backups are as important as the cheese sauce to this recipe. It pretty much goes without saying at this point; everyone of our clients know just how important backups are to IT Security. You always want a way to recover in the event of a disaster, human error, or ransomware outbreak. 

One thing that scares us when we do IT Assessment with new leads is we often find out backups haven't really been tested. Many assume their backups are working fine, then discover the backup is actually corrupt or missing files, or the time to pull that backup and fully restore it isn't acceptable. We suggest taking a deep dive into your backups and making sure:

a) You have multiple layers of redundancy so: online encrypted backups, on-site backups i.e. to a NAS, and backups to media that is not connected to the internet i.e. USB external hard drives kept in a fireproof safe and swapped monthly.

b) You know how to perform a restore in a disaster and exactly how long it will take, and a plan in place to prioritize which applications take priority (i.e. payroll software)

c) All the correct files are being backed up and there is proper version control.


8. Drain the Noodles, use the policy of least privilege 

user training noodles

After 8 min of cooking it is time to drain the noodles. 

Just like you need to beware of not burning yourself with hot scalding water having too many privileged users accessing your data is extremely dangerous. Granting new employees all privileges by default allows them to access sensitive data even if they don't really need to, and makes it easier for hackers to gain access to sensitive data should they breach a user account. 

A much better solution is to use the policy of least privilege; in other words only grant employees access to what they need to do their jobs. Your IT team can help with this, managing shares and granting permission, as well as auditing user accounts to see what access they have and if it is required. 


9. Combine cooked noodles, cheese, and onions as well as ensure your VPN is being used company wide.

risk anlysis cybersecurity mixing cheese and noodels

Pour in the noodles and cheese sauce into the pan/wok with the onions, or use a bowl to combine all ingredients. Stir well mixing everything together.

Public Wi-Fi can be a huge security risk. For as little as $50 hackers can build a pineapple -  little devices often battery powered fitting into backpacks that spoof legitimate wi-fi while capturing information of anyone that connects. I've seen these in airports, convention centers, and other areas more often one would think. In the Bay Area often there are "xfinity" wifi SSIDs from Comcast that are completely open and often spoofed. If you have ever used an xfinity hotspot your device will often automatically connect to any network good or bad with the same name. 

A VPN however stops people from being able to capture your private info. It is a secure encrypted tunnel across the internet from your device to a server on the other end (this feature is built into all Meraki Firewalls and is free to use) keeping you protected. It is a good idea to educate employees of the importance of using their VPN while travelling, and ideally to avoid free wi-fi and stick with cellular data or other more trusted connections.


10. Put mixture in a baking tray, top with cheese, bake for about 15 min or till cheese is melted and brown. Review IT security policies and documentation.

zero day bake the mac n cheese

Stick the mixture in a brownie tray (is that what you call those pans?) or really any other pan or skillet or casserole dish or thing you want to use, top with more cheese, and stick it in the oven at 400F for about 15 min, or until it looks melted and ready to eat! If you wanted to *really* impress someone I'd buy one of the Portland made Finex cast iron pans and bake it in that. So pretty, but kinda pricey.

While the Mac 'N Cheese cooks let's review your IT Security Plan and Documentation. You should have several documents in place for your company:

  • A risk management program policy
  • A 3rd party vendor policy
  • Information security policy
  • Access control policy
  • Data protection and privacy policy
  • Security awareness and training policy
  • Incident response policy
  • MDM Policy
  • Video surveillance policy
  • A formal BC/DR policy
  • A USB/portable storage media use policy
  • a password policy

If you don't have these in place talk to your IT folks. It is good to know what your risks are, and how they are being mitigated. Documentation is critical for successful IT Security - now let's check on that Mac 'N Cheese:

ransomeware mac n cheese

Yup.... time to pull it out of the oven!!!

root cause anlysis mac n cheese

Now let's enjoy some

IT Security Mac 'N Cheese!

Article written by: Chris Stovel, President of Tech Plus Consulting and lover of  onions. This dish is like 1/3 onion! Mmmm....

Feel free to share the article or comment. After spending 3 hours typing this up I'm ready for some lunch. I think I might just make this dish again right now!

On a personal note I've never been fond of bread crumbs on mac 'n cheese, you could do it, but I've never understood the whole bread crumb thing....