Background Almost a year ago as of this writing, the Russian state initiated a new and astoundingly brutal campaign against Ukraine. While Russia had effectively been at war with Ukraine since not long after the Revolution of Dignity, late February 2022 initiated a far wider, nastier, and inhumane phase of Read more…
“Zero days” are popular items in cyber security discussions. They grab headlines, they often feature in high-profile conference presentations, they can even apparently spawn television shows. Yet for all the attention and frequent discussion in non-technical audiences, the term itself seems a bit slippery. Terms like “zero day attack” are Read more…
Questions concerning responsibility for the current epidemic of ransomware events are common, and seek to identify some concrete party to hold accountable for incidents. Yet the immediate perpetrators – largely (but not exclusively) criminal gangs operating in Eastern Europe and Russia – either represent too remote an entity for blame, Read more…
Following the ransomware incident impacting Colonial Pipeline operations in May 2021, many parties asked how such a disruption, impacting one of the main arteries delivering refined petroleum products to the Eastern and Southeastern United States, could occur. Based on information available, the intrusion did not directly impact Industrial Control Systems Read more…
In April 2021 the Babuk ransomware gang, already a concerning entity, gained additional notoriety for compromising the Washington, DC police department. As part of this incident, the criminals threatened to release confidential files relating to police operations to spur payment. The group in question earlier gained attention for the combination Read more…
TrickBot was in the news quite a bit in early October 2020. Starting with reports of TrickBot disruption in late September 2020 subsequently linked to United States Cyber Command (USCC), events ramped up with an independent coordinated infrastructure take-down organized by Microsoft coming shortly thereafter. There are many avenues of Read more…
Media, social feeds, and other sources of news are awash with stories of the “first death linked to ransomware” following an incident in Düsseldorf on 09 September 2020. Since the event, authorities in Nordrhein Westphalen have launched an investigation treating the death as “negligent homicide”. At the time of this Read more…
I recently made a joke online relative to a major – and very respected, if geopolitically controversial – security company advertising its revised “Cyberthreat Real-Time Map”. As many members of the security community are aware, “threat maps” – referred to derisively as “pewpew” maps – are heavy on eye-candy but Read more…
Two recent articles appeared concerning possible implications of or prompts for the 01 May 2020 Executive Order on the US electric system. Notably, the Executive Order was quickly followed by a US Department of Commerce investigation into the supply of electrical transformers. While the latter would appear related to typical Read more…
A new Twitter account appeared on 27 May 2020 for “NSA Cyber”, claiming the following: “Welcome to the intersection of threat intel, vulnerability analysis, and technical expertise! All to better equip you against malicious #cyber activity.” This was a very interesting development, and a separate effort from the US National Read more…