In cybersecurity circles, there’s a threat that’s sufficiently feared in which examples of it have on occasion acquired the status of professional legends—the possibility of a lone, rogue administrator running amok against their employer. For years, stories of rogue admins concerned internal incidents known only within an individual organization. Then the Internet arrived. This not […]

An odd characteristic of cybercrime is that it’s almost always disembodied. Crimes are perpetrated by someone out there but precisely who is only rarely made clear. This mystery can confuse victims. The history of crime is a long one but until recently it was a much more human-to-human affair, conducted in person. This didn’t make […]

Many organizations pay ransomware criminals, while anecdotal evidence suggests an increasing number don’t. But until recently, the consensus was that the decision to pay or not pay should be left to the victim. Now it looks as if this choice might soon be taken away with the news that the Biden administration is considering banning […]

What’s the worst thing a ransomware attack can do to an organization? For a long time, the answer to that question was to encrypt large numbers of files so that the victim would have to choose between spending weeks reinstating data or paying the ransom as a shortcut. Around four years ago, attackers turned to […]

Among software vulnerabilities, none is more feared than so-called “zero days,” which are known only to the attackers (that is, defenders have “zero days” to patch). These have traditionally been used sparingly in targeted attacks carried out by nation-states. Recently, however, this has started to change, and zero day exploits have started turning up more […]