Anthony M. Freed

Halcyon published a new study detailing the significant impact on businesses from ransomware and data extortion attacks over the past 24 months. According to the Ransomware and Data Extortion Business Risk Report, one-in-five (18%) suffered a ransomware infection 10 or more times in a 24-month period, one-in-five (18%) were infected 5-9 times, and 30% were infected 2-4 times. Data exfiltration occurs in nearly every major ransomware attack today, and nearly two-thirds (60%) of respondents said… Show more

Halcyon published a new study detailing the significant impact on businesses from ransomware and data extortion attacks over the past 24 months. According to the Ransomware and Data Extortion Business Risk Report, one-in-five (18%) suffered a ransomware infection 10 or more times in a 24-month period, one-in-five (18%) were infected 5-9 times, and 30% were infected 2-4 times. Data exfiltration occurs in nearly every major ransomware attack today, and nearly two-thirds (60%) of respondents said that sensitive or regulated data was exfiltrated from their organization, with more than half (55%) reporting the attackers issued an additional ransom demand to protect the exfiltrated data. As well, 58% of victims reported that the loss of sensitive data put their organizations at additional risk of regulatory action and lawsuits. “The disconnect between perceived and actual risk is not helping organizations be more resilient to ransomware attacks,” said Anthony M. Freed, Halcyon Director of Research and Communications. “While most respondents feel confident their current security deployments are adequate for both prevention and recovery, the data shows that the majority of attacks are nonetheless successful and victim organizations are struggling to get operations back up and running, which is what is driving up these post-attack recovery costs.” Show less

Ransomware is no longer considered a boutique threat, but rather one of the most significant threats to any organization. The vast majority (75%) of organizations reported being targeted by at least one ransomware attack in 2023, with 26% reporting they were targeted with ransomware four or more times. By fostering a culture of security, CXOs can create an environment where employees understand the importance of protecting the organization's digital assets and are actively engaged in preventing… Show more

Ransomware is no longer considered a boutique threat, but rather one of the most significant threats to any organization. The vast majority (75%) of organizations reported being targeted by at least one ransomware attack in 2023, with 26% reporting they were targeted with ransomware four or more times. By fostering a culture of security, CXOs can create an environment where employees understand the importance of protecting the organization's digital assets and are actively engaged in preventing ransomware attacks. In this reference guide, we explore what each C-level executive should know about ransomware in order to ensure a strong security posture and protect their organization... Show less

Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars. And things change fast in this space – RaaS groups rise and fall with law enforcement takedowns, or disband and reorganize under different brands, so it can all be a little confusing. Each quarter, the Halcyon team of ransomware experts put together a RaaS power rankings guide for the ransomware threat landscape.

In this report, Halcyon demonstrates a unique method for identifying C2P entities that can potentially be used to forecast the precursors of ransomware campaigns and other attacks significantly “left of boom.” Halcyon also identifies two new, previously undisclosed ransomware affiliates we track as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively. We also describe how we used the same method to link the two ransomware affiliates to the same Internet Service… Show more

In this report, Halcyon demonstrates a unique method for identifying C2P entities that can potentially be used to forecast the precursors of ransomware campaigns and other attacks significantly “left of boom.” Halcyon also identifies two new, previously undisclosed ransomware affiliates we track as Ghost Clown and Space Kook that currently deploy BlackBasta and Royal, respectively. We also describe how we used the same method to link the two ransomware affiliates to the same Internet Service Provider, Cloudzy, which accepts cryptocurrencies in exchange for anonymous use of its Remote Desktop Protocol (RDP) Virtual Private Server (VPS) services. It is well known that ransomware syndicates rely on a broad ecosystem of initial access brokers, malware and exploit developers, and criminal affiliates to run their illicit enterprises. But few realize that they also rely on a global system of legitimate service providers, like Cloudzy, who appear to act as Command-and-Control Providers (C2P). Show less

AI now emerges as a game-changer, pushing boundaries beyond imagination. What was once limited to mere weather forecasts or random music playlists, AI has evolved into a dynamic entity, shaping education, businesses, and even governmental policies. We sat to chat with curious students, seasoned CISOs, and various people in roles in between to find out what they think of AI in cybersecurity and to consider what may lie ahead.

Ransomware is fundamentally different from other forms of malware as it is purposely disruptive to an organization. General Remote Access Trojans (RATs) provide ingress into networks, and info stealers exfiltrate sensitive data, but neither grind business operations to a halt. Ransomware is no longer considered just a technical threat, but rather the largest single risk to any organization. According to research from 2022, 85% of companies are the victim of at least one ransomware attack per… Show more

Ransomware is fundamentally different from other forms of malware as it is purposely disruptive to an organization. General Remote Access Trojans (RATs) provide ingress into networks, and info stealers exfiltrate sensitive data, but neither grind business operations to a halt. Ransomware is no longer considered just a technical threat, but rather the largest single risk to any organization. According to research from 2022, 85% of companies are the victim of at least one ransomware attack per year, and 74% have experienced multiple attacks. Current endpoint protection solutions available on the market, while robust and effective for many threats, do not fully protect against ransomware attacks because they were designed to find and block commodity malware. This paper provides guidance n defending your organization from advanced ransomware operations. Show less

An Operation-Centric approach can deliver detection and response automation at scale by leveraging Indicators of Behavior (IOBs), the more subtle signs of an attack that can surface the entire malicious operation at its earliest stages, allowing for earlier detections that inform a predictive response capability for comprehensive remediation that our current reliance on retrospective Indicators of Compromise can never deliver.

This paper details the Operation-Centric approach and how it… Show more

An Operation-Centric approach can deliver detection and response automation at scale by leveraging Indicators of Behavior (IOBs), the more subtle signs of an attack that can surface the entire malicious operation at its earliest stages, allowing for earlier detections that inform a predictive response capability for comprehensive remediation that our current reliance on retrospective Indicators of Compromise can never deliver.

This paper details the Operation-Centric approach and how it can foster earlier detections based on Indicators of Behavior that empowers security operations to dynamically adapt and predictively respond more swiftly than attackers can modify their tactics to circumvent defenses, which is key to finally reversing the adversary advantage and returning the high ground to the Defenders. Show less

Ransomware began as little more than a new type of malware exploit with a different payload—generating revenue by extorting payment from victims—but it has evolved into a complex business model. The malware payload is just one element of the much larger ransomware operation, or RansomOp, that make today’s attacks far more sophisticated and insidious. The study also once again finds that ‘it doesn’t pay-to-pay’ a ransom demand, as 80% of organizations that paid were hit by ransomware a second… Show more

Ransomware began as little more than a new type of malware exploit with a different payload—generating revenue by extorting payment from victims—but it has evolved into a complex business model. The malware payload is just one element of the much larger ransomware operation, or RansomOp, that make today’s attacks far more sophisticated and insidious. The study also once again finds that ‘it doesn’t pay-to-pay’ a ransom demand, as 80% of organizations that paid were hit by ransomware a second time, with 68% saying the second attack came less than a month later and threat actors demanded a higher ransom amount... Show less

Ransomware purveyors are moving away from high-volume attacks with low ransom demands in favor of more focused, custom attacks aimed at individual organizations selected for the ability to pay multi-million dollar ransom demands. These more complex ransomware operations, or RansomOps, involve highly targeted, complex attack sequences by sophisticated threat actors. The burgeoning Ransomware-as-a-Service (RaaS) industry has also lowered the technical bar for many would-be attackers by making… Show more

Ransomware purveyors are moving away from high-volume attacks with low ransom demands in favor of more focused, custom attacks aimed at individual organizations selected for the ability to pay multi-million dollar ransom demands. These more complex ransomware operations, or RansomOps, involve highly targeted, complex attack sequences by sophisticated threat actors. The burgeoning Ransomware-as-a-Service (RaaS) industry has also lowered the technical bar for many would-be attackers by making complex attack infrastructure available to low-skilled threat actors. This white paper examines the growing threat from complex RansomOps, as well as the larger Ransomware Economy, and provides prescriptive guidance for organizations determined to remain undefeated by ransomware attacks. Show less

When you look back over the last 10+ years of what has happened in the world of Cybersecurity, something that is incredibly important is how the stories are portrayed. That’s a key word: story. We get news all day every day to the point that it becomes white noise, even to those affected by it. What cannot be denied is that when cybersecurity events unfold, the information has to get out to the public in a way that they understand, can digest it, then act and react accordingly. Anthony Freed is… Show more

When you look back over the last 10+ years of what has happened in the world of Cybersecurity, something that is incredibly important is how the stories are portrayed. That’s a key word: story. We get news all day every day to the point that it becomes white noise, even to those affected by it. What cannot be denied is that when cybersecurity events unfold, the information has to get out to the public in a way that they understand, can digest it, then act and react accordingly. Anthony Freed is a pioneer in getting that graduate level calculus into a format that all of us can understand in order to take the appropriate actions to ensure that we are protected... Show less

Anthony M. Freed is a Global Communications executive and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

Anthony M. Freed is a Global Communications executive and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

The lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organizations, with 60% of respondents saying they resulted in longer periods to assess the scope of an attack, 50% saying they required more time to mount an effective response, and 33% indicating they required a longer period to fully recover from the attack. On the human side of the equation, 86% of respondents indicated they have missed a holiday or weekend activity because of a… Show more

The lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organizations, with 60% of respondents saying they resulted in longer periods to assess the scope of an attack, 50% saying they required more time to mount an effective response, and 33% indicating they required a longer period to fully recover from the attack. On the human side of the equation, 86% of respondents indicated they have missed a holiday or weekend activity because of a ransomware attack, a situation that can factor into employee job satisfaction and potential burnout. One surprising finding in the study included 70% of respondents confessing that they have been intoxicated while responding to a ransomware attack during a weekend or holiday, a risk factor that many organizations may not have accounted for in their incident response planning... Show less

Despite all of the tremendous progress the security industry has made over the last 30-plus years, solving for one critical problem seems to remain as elusive as ever: how do we detect and stop advanced attacks before they escalate to full-scale security events? This article makes an argument for the development of an extensible language to both detect and describe the most subtle chains of malicious activity that will result in better detections earlier in the attack kill chain by leveraging… Show more

Despite all of the tremendous progress the security industry has made over the last 30-plus years, solving for one critical problem seems to remain as elusive as ever: how do we detect and stop advanced attacks before they escalate to full-scale security events? This article makes an argument for the development of an extensible language to both detect and describe the most subtle chains of malicious activity that will result in better detections earlier in the attack kill chain by leveraging Indicators of Behavior (IoBs)... Show less

The Jester is a patriotic, pro-American Hacktivist that since 2010 has waged a personal cyberwar against an array of targets he considers to be “the bad guys.” But detractors have insinuated that some of the Jester's operations were little more than internet sleight-of-hand. So, who is The Jester and what can we make of his reported exploits? Security journalist Anthony M. Freed, the first to do a series of interviews with The Jester, joins podcast to lend his perspective...

The global research report Ransomware: The True Cost to Business, reveals that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and even closure of the business altogether. Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the… Show more

The global research report Ransomware: The True Cost to Business, reveals that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and even closure of the business altogether. Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business. Show less

Phi explores the math and science that powers artificial intelligence (AI)...

A panel of experts lead by Contributing Editor Dan Raywood discusses the prevelence of FUD in the security industry and its repercussions live at the Infosecurity Europe Conference.

JLCW Volume 6, Winter 2018, Issue 2: "The Ransomware Assault on the Healthcare Sector"

The Rocky Mountain Information Security Conference (RMISC) recently held its tenth annual conference on May 11th - 12th, 2016 at the Colorado Convention Center in Denver,
CO.

RMISC serves as a powerful knowledge builder and networking opportunity for industry insiders as well for others who would like a glimpse into the fast-moving developments within the field.

This year’s event drew a record number of attendees because of its lineup of renowned panel of experts, including… Show more

The Rocky Mountain Information Security Conference (RMISC) recently held its tenth annual conference on May 11th - 12th, 2016 at the Colorado Convention Center in Denver,
CO.

RMISC serves as a powerful knowledge builder and networking opportunity for industry insiders as well for others who would like a glimpse into the fast-moving developments within the field.

This year’s event drew a record number of attendees because of its lineup of renowned panel of experts, including the high-profile keynote speaker John McAfee, who is currently running as the Libertarian Party candidate for president.

McAfee pioneered commercial antivirus when he founded McAfee Anti Virus in 1987; he is considered one of the greatest, most controversial and outspoken minds when it comes to Information Security and privacy. Prior to McAfee Associates, John has held positions at NASA, Univac, Xerox, CSC & Lockheed.

McAfee surprised those in attendance at the opening plenary by crashing the opening Ambassador's Keynote Panel, and we were lucky to have captured the event... Show less

Discussion about business skills that make Cyber Security professionals successful. Cyber Security is usually thought of as mainly a technical domain, yet it has a reach far outside just technical aspects. Hear from a panel of experts about what business skills are needed to overcome challenges often faced by security professionals. The discussion will benefit all security professionals.

This 3rd annual Cyber Data Risk Managers 2014 report, released on Data Privacy Day January 28, 2014, shows our commitment to data privacy and our continued support to help empower businesses and organizations to make the protection of privacy and data a great priority in their environments. Included in this report, are many invaluable insights and recommendations offered by Data Privacy and Information Security industry experts that will prove useful for businesses and organizations… Show more

This 3rd annual Cyber Data Risk Managers 2014 report, released on Data Privacy Day January 28, 2014, shows our commitment to data privacy and our continued support to help empower businesses and organizations to make the protection of privacy and data a great priority in their environments. Included in this report, are many invaluable insights and recommendations offered by Data Privacy and Information Security industry experts that will prove useful for businesses and organizations, regardless of industry or sector... Show less

Anthony M. Freed is a Global Communications executive and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

Anthony M. Freed is a Global Communications executive and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

Cyber insurance, aka “privacy and security” insurance continues to evolve as many more
businesses, organizations and risk managers are realizing that it can be used as a way to
respond to a data breach and/or security incident and as a key component of an incident
response plan.

The Metropolitan Washington Airport Authority (MWAA) earlier this year published a document to its website containing sensitive security information that terrorists could potentially have used to launch cyber and physical attacks against Reagan National and Dulles International airports in Washington, D.C. The document included a detailed map of Ronald Reagan Washington National Airport, a diagram of the entire electronic security system - including connection and protocol details for key… Show more

The Metropolitan Washington Airport Authority (MWAA) earlier this year published a document to its website containing sensitive security information that terrorists could potentially have used to launch cyber and physical attacks against Reagan National and Dulles International airports in Washington, D.C. The document included a detailed map of Ronald Reagan Washington National Airport, a diagram of the entire electronic security system - including connection and protocol details for key components - and an outline of which COTS hardware/software are used, down to the router brands and types... Show less

The Indian hacker group that released Symantec anti-virus source code earlier this month now says it has more proof that Indian intelligence agencies are spying on the U.S. government. Infosec Island's Anthony M. Freed posted an article saying one of the Indian hackers, who calls himself "YamaTough," gave him 68 sets of usernames and passwords for U.S. government network accounts. YamaTough told Freed the account data is just a sample of the information the hacker group, the "Lords of… Show more

The Indian hacker group that released Symantec anti-virus source code earlier this month now says it has more proof that Indian intelligence agencies are spying on the U.S. government. Infosec Island's Anthony M. Freed posted an article saying one of the Indian hackers, who calls himself "YamaTough," gave him 68 sets of usernames and passwords for U.S. government network accounts. YamaTough told Freed the account data is just a sample of the information the hacker group, the "Lords of Dharmaraja," copied from Indian government servers... Show less

Anthony M. Freed is a Global Communications executive and was formerly a security journalist who authored feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.