Cybersecurity Leadership

By reorienting systems defense around resilience, “we become more like attackers, we become nimble, empirical, curious,” Kelly Shortridge said at Black Hat USA 2023.

The economic turmoil and its uncertainties will no doubt have knock-on effects, not only across legitimate markets, but in the cybercriminal underworld as well: a general rise in criminal activity, unlikely actors turning to cybercrime, and cybercriminals turning the tables on their peers.

Known cryptocurrency payments to ransomware hackers “totaled a mere $16 million, compared to nearly $74 million USD in 2021,” blockchain intelligence firm Crystal Blockchain says.

Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021.

This is a big moment of turbulence and change for the hacking business. But the demand is here to stay.

The Kremlin-backed hacking outfit's toolbox seems to grow by the month.

It’s not just individual behavioral inertia that makes it easy for bad actors. Organizational inertia is equally a problem, and it’s often the largest organizations that are most stuck in their ways.

Hackers increasingly target infrastructure – from hospitals and water supplies to banks and transit – in ways that could injure or kill.

Attackers are increasingly attuned to the power and potential of remote management software.

Five months before DarkSide attacked the Colonial pipeline, two researchers discovered a way to rescue its ransomware victims. Then an antivirus company’s announcement alerted the hackers.

Financial criminals are becoming more daring and sophisticated. Global finance must pursue advanced strategies such as AI-based encryption and anomaly detection to stay ahead of the hackers

Security is not just about technology, but governance, policies, processes and people.

Is it illegal to pay hackers in a ransomware attack? U.S. Treasury Department issues a new advisory warning those involved in the ransom payment process.

MIT researchers created a generic framework that enables an engineer or scientist to evaluate the effectiveness of defense schemes that seek to limit a hacker’s ability to learn secret information by observing the behavior of a victim computer program.

Taken together, these findings offer insight into the development of proactive cybersecurity solutions.

Putting on a red hat and trying to understand the motivations, expectations, behaviors, and goals of bad actors can be a key part of a solid cybersecurity plan.

If a traditional approach doesn't provide your ideal edge against hackers, the next reasonable step is to effectively disrupt the hacker's kill chain.

A surge in identity theft during the pandemic underscores how easy it has become to obtain people’s private data. As hackers are all too happy to explain, many of them are cashing in on it.

As a former top civil servant has pointed out, private firms seem happy to let governments pick up the pieces when hackers strike

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.

Why don’t enough business leaders take cybersecurity seriously — especially in this age of remote work, when it’s more crucial than ever?

A case stemming from an attack last year shows how companies paid millions in Bitcoin to resume normal operations. It also shows the evolving tactics of law enforcement.

Threat hunters weigh in on how the business of ransomware, the complex relationships between cybercriminals, and how they work together and hawk their wares on the Dark Web.

The sweeping cyber espionage campaign shows how sophisticated adversaries can bypass even well-defended targets.

After promises of a truce, cyberattacks against hospitals suggest that there is no such thing as ethics among hackers. Really?