By Dave Amsler, Founder and CEO of Cyborg Security

The scene is a compound in the remote hills of Pakistan, cut off from phones and Internet, carefully designed to conceal its inhabitants not just from prying eyes, but drones and spy satellites as well. The walls of the compound not only ensure privacy for the occupants, but also self-sufficiency as well with orchards, vegetable gardens, and even some livestock. And the occupants practiced operational security — or opsec — like one would practice a religion, devoutly.

By Lee Archinal at Cyborg Security

I have a story to tell you: it is set in a backyard BBQ on the fourth of July, or a family gathering, or the break room at the office. Regardless of the setting, the characters are all (mostly) the same: an enthusiastic cyber security professional (let’s called them “CSP” for short) and literally anyone else (we’ll call them “John”). The story unfolds when that other person inevitably asks the cyber security professional, “so, what do you do for a living?”

It is at this point that the story can diverge. The first story…

By Josh Campbell at Cyborg Security

Well, it seems like it is that time of the week, again. Sigh…

Yet another ransomware group has (re)commenced operations. Their modus operandi is unchanged from every other group: steal whatever data they can get their hands on, encrypt it, and leave organizations holding the bill. Fail to pay that bill, and the actors will leak the data on their dedicated leak site (DLS). In the cyber security industry, this might as well be called a “tale as old as time.”

By Josh Campbell at Cyborg Security

One of the most common questions we hear in the industry asking is “how do I become a threat hunter?” This is because, unlike most other fields, there are few courses, certifications, or classes to teach true threat hunting. Instead, threat hunting is practice that often requires individuals to put aside the growing “cert culture” in cyber and get back to basics, teaching themselves. But just because you have to teach yourself doesn’t mean there aren’t excellent resources out there to help you along the way!

By: Josh Campbell, Cyborg Security

If you’ve been paying attention to the media for the last few months, you’ve probably noticed that cybersecurity has re-emerged as a topic of interest. What has changed, however, is that the discussion being had isn’t happening in technical discussion forums or industry publications. Nor is it happening in security operations centers or in CISOs’ offices. Instead, this discussion is being carried out in the headlines and chyrons of major news outlets and publications, and hallowed halls of government, often in response to major ransomware attacks like Kaseya and the Colonial Pipeline Company. Alongside this…

By Josh Campbell at Cyborg Security

“Cyber security is complex” is a tautology, but it doesn’t make it less necessary a statement to make these days. Anyone who has spent time in the trenches knows that lots of teams suffer from big challenges, and that those challenges are rarely solved by yet another appliance or agent. But the paradox in cyber security is that despite this truth we keep applying that very strategy: “with just one more solution, our problems will be solved!” …

By Josh Campbell at Cyborg Security

On 08 May 2021 yet another company announced that they had fallen victim to a ransomware attack. The victim — the Colonial Pipeline Company — manages the 5500mi long pipeline of the same name. It’s responsible for moving 3 million barrels of fuel between Texas and New York, every day. That is half of all the gas and diesel used on the east coast.

The company announced that, in order to contain the threat, they had to shut down many of its systems. This has resulted in gas shortages making their way up the…

By Brandon Denker at Cyborg Security

Ransomware continues to be a hot button issue for organizations around the world. APT actors, commodity malware operators and even attackers who had never used ransomware before started picking up the trend over the last several years. In years past, attackers turned to ransomware to exploit an organization’s lack of a good backup plan, disaster recovery plan, or coax the victim into paying a ransom to maintain their operations and reduce downtime. However, an unfortunate fact of ransomware infections is how rare full recovery is, after payment occurs.