By: Josh Campbell, Cyborg Security

If you’ve been paying attention to the media for the last few months, you’ve probably noticed that cybersecurity has re-emerged as a topic of interest. What has changed, however, is that the discussion being had isn’t happening in technical discussion forums or industry publications. Nor is it happening in security operations centers or in CISOs’ offices. Instead, this discussion is being carried out in the headlines and chyrons of major news outlets and publications, and hallowed halls of government, often in response to major ransomware attacks like Kaseya and the Colonial Pipeline Company. Alongside this…

By Josh Campbell at Cyborg Security

“Cyber security is complex” is a tautology, but it doesn’t make it less necessary a statement to make these days. Anyone who has spent time in the trenches knows that lots of teams suffer from big challenges, and that those challenges are rarely solved by yet another appliance or agent. But the paradox in cyber security is that despite this truth we keep applying that very strategy: “with just one more solution, our problems will be solved!” …

By Josh Campbell at Cyborg Security

On 08 May 2021 yet another company announced that they had fallen victim to a ransomware attack. The victim — the Colonial Pipeline Company — manages the 5500mi long pipeline of the same name. It’s responsible for moving 3 million barrels of fuel between Texas and New York, every day. That is half of all the gas and diesel used on the east coast.

The company announced that, in order to contain the threat, they had to shut down many of its systems. This has resulted in gas shortages making their way up the…

By Brandon Denker at Cyborg Security

Ransomware continues to be a hot button issue for organizations around the world. APT actors, commodity malware operators and even attackers who had never used ransomware before started picking up the trend over the last several years. In years past, attackers turned to ransomware to exploit an organization’s lack of a good backup plan, disaster recovery plan, or coax the victim into paying a ransom to maintain their operations and reduce downtime. However, an unfortunate fact of ransomware infections is how rare full recovery is, after payment occurs.

By Josh Campbell at Cyborg Security

Cyber security can often seem Sisyphean. For those of you without a misspent youth, Sisyphus was a character from Greek myth that cheated death twice. The gods punished him by having him roll a heavy boulder up a hill only to have it roll down again. This condemnation was to last an eternity. In fact, he is likely still doing it to this day, and I am sure threat hunting teams can sympathize. Especially, when it comes time for security budgeting.

Every year threat hunting teams face a similar battle when it comes time…

By Josh Campbell at Cyborg Security

The healthcare industry is facing a pandemic on two fronts, COVID-19 on one, and ransomware on the other.

The healthcare industry is worth more than $8.45 trillion in the global economy. The services it provides are the difference between life and death for many. It should come as no surprise then that these organizations are a prime target. This is true especially for cyber criminals using ransomware to carry out their malicious ends.

These attacks, carried out by advanced adversaries, cripple healthcare institutions and facilities. They render networks unusable. The attacks prevent access to…

By Josh Campbell at Cyborg Security

“Threat content, and queries, and use cases… oh my!”
~Dorothy (If she visited a SOC instead of Oz)

Security operations centers (SOC) are marvellous and complex machines. They often remind me of antique clocks in their complexity. They are awash with advanced technology full of (digital) moving parts, (virtual) spinning cogs, and a dizzying number of people. These elements are all working in tandem to secure their parent organizations from attacks of all sizes. …

By Josh Campbell at Cyborg Security

One of the questions I get asked almost every week is some variation of “… but how do I threat hunt?” By this, what they often mean is, there are tons of articles on threat hunting strategies, but there aren’t as many resources aimed at analysts on how to threat hunt. Now, this isn’t to say that the community hasn’t produced howtos and other documents. They have, and these are great.

But these tomes are often aimed at a specific technique or hunt. There are, unfortunately, fewer resources on more general ideas that analysts…