I'm a cybersecurity marketer with expertise writing about endpoint, cloud, zero trust, ASM, red teaming, threat intel, and third party risk management.
What Are Event Logs and Why Do They Matter?
Logs are everywhere. Which is good because they’re a critical piece of operations work in computing, whether you work in DevOps, security operations, or IT operations. Analyzing logs helps with many different aspects of the technical support of devices, users, applications, and more. They can determine where authentication is happening, how applications work, whether a system crashed because of malicious actions or some other malfunction.
To understand the value in an event log, first let’s t...
How Endpoint Isolation Locks Down Cyber Attacks
When threat actors gain a foothold on an endpoint, security teams need to act fast to resolve the problem. One of the most efficient methods of threat defense is endpoint isolation, a practice where all traffic to and from an infected endpoint is halted. This approach is very effective for threat defense, especially because it prevents the infection from spreading throughout the corporate network.
What Is Endpoint Isolation?
Endpoint isolation is, in simple terms, the act of cutting off all t...
The Professionalization of Ransomware: How Gangs Are Becoming Like Businesses
This report was created in concert with LookingGlass Cyber's intelligence and analysis team to take a deep-dive into ransomware actor activity in H1 2022. As part of joint analysis, we discovered that the biggest provable trend is the sheer professionalization of the average ransomware gang.
I drove strategic direction on the copy and the design of the report, as well as the email copy and landing page copy.
Professionalizing Ransomware: Threat Actors Adopting Legitimate Business Practices
Ransomware has long been among the most significant threats to the modern enterprise. First with encrypting data and extorting a fee for the key – where the term “ransomware” comes from – to now double and triple extortions becoming increasingly common. These changes have driven the rise in ransom demands to an average of over $800,000 according to Sophos data and contributed to the more than 1,100 attacks that LookingGlass tracked in the first half of 2022.
Most concerning in this current en...
Balancing Technical Threat Intel Analysis (“Nerdspeak”) with Strategic Insights for Executives
The demand for threat intelligence and knowledge about active threats facing your systems continues to grow. In fact, the threat intelligence software and services market is expected to be valued at $26.15 billion by 2028. After all, if you know who’s targeting your organization and with what sort of attack, you can better defend critical business systems.
Despite these market signals, it can be challenging to gain alignment from senior executives on the value of threat intelligence or – in s...
Attack Surface Management: How 2022 Will Be the Year of ASM
Having a clear view of which assets are exposed and the risk they pose has long been recognized as foundational to an effective security program (CIS 1, 2, and 7). However, investigations into recent data breaches have shown that despite increased investment, enterprises continue to struggle with effective attack surface management. Without proper visibility, security teams cannot accurately measure their security risk, making it difficult to reduce risk on their attack surface.
The fact is, ...
Log4J in Focus
On December 9, 2021, the Log4j vulnerability, tracked as CVE-2021-44228, was publicly revealed via the project’s GitHub. More than 2.5 billion devices running Java, coupled with the fact this vulnerability is extremely easy to exploit, means the impact is likely very far reaching.
This eBook covered everything Randori knew about log4j in December 2021. This is a highly dynamic situation, and guidance that was valid and correct at one point can very quickly become outdated.
DECAF Ransomware: A New Golang Threat Makes Its Appearance
Morphisec Labs has tracked a new Golang-based (1.17) ransomware variant that appeared starting in late September and continued development through October
Morphisec recommends organizations update their breach prevention strategies to include the risk of Golang-based ransomware
Introduction
Ransomware written in the Go language is quickly becoming more popular among threat actors. These include Babuk, Hive, and HelloKitty, as well as many other threats written in Golang. “Go” is a statically ...
Explosive New MirrorBlast Campaign Targets Financial Companies
Morphisec Labs tracked a new MirrorBlast campaign targeting financial services organizations
MirrorBlast is delivered via a phishing email that contains malicious links which download a weaponized Excel document
MirrorBlast has low detections on VirusTotal due to the extremely lightweight macro embedded in its Excel files, making it particularly dangerous for organizations that depend on detection-based security and sandboxing
Introduction
Financial organizations are historically among the mo...
New Jupyter Evasive Delivery through MSI Installer
In 2020, Morphisec introduced the Jupyter infostealer, a .NET attack that primarily targets Chromium, Firefox, and Chrome browser data while also maintaining the additional capabilities of a backdoor.
Since that time, Jupyter has remained active and highly evasive. It has continued to receive very low to zero detections in the VirusTotal database, maintaining the ability to bypass detection solutions.
Then, on 8 September 2021, we identified a new delivery chain within Jupyter that passes und...
It’s Time to Re-Evaluate Your Ransomware Prevention Strategy
Increasing numbers of headline-grabbing ransomware attacks are a concerning trend. They also point to a strong possibility that many organizations are falling behind threat actors in the cybersecurity arms race. As they fail to reassess their approaches to cybersecurity, organizations open themselves up to attacks that can be devastating and, in some cases, life-threatening.
On the 17th of September, a patient in Dusseldorf, Germany, died after a ransomware attack crippled the hospital she ha...
THE RANSOMWARE PREVENTION GUIDEBOOK
The Ransomware Prevention Guidebook is a report drafted in early 2021 discussing how organizations can best improve their ransomware protection.
Cyber Wars: The Offensive Security Saga
"Cyber Wars: The Offensive Security Saga" was conceived by me at Randori as a Star Wars-themed video series to detail the results of the State of Offensive Security report.
Are Enterprises Ready For Offensive Security? Survey Says… Yes!
In our latest report, The State of Offensive Security 2022, we provide insight into what we discovered about how well organizations have adopted the offensive approach to security. We surveyed 400 decision makers in IT and security last year, and found:
Security hygiene is harder than it should be
Attack surfaces are growing, leading to more frustrations
Asset inventories are incomplete, creating breach risk
Vulnerability management processes can’t scale
Security testing needs to be continuou...
Morphisec Guard Lets Wilson County Schools Worry About Educating Students
Wilson County Schools is the county district in Wilson County, North Carolina, about 45 minutes east of the state capital in Raleigh. Headquartered in Wilson, NC, the school district’s 1,746 teachers and staff serve 10,980 students in grades K-12 at 14 elementary schools, six middle schools, three traditional high schools, two early colleges, and one alternative school.