Posts

Showing posts from October, 2018

Don’t Get Comfortable Yet - The Declining Fear of Ransomware

Image
Don’t Get Comfortable Yet - The Declining Fear of Ransomware With the news that ransomware attacks are  on the decline, in favor of crypto-mining  (aka “crypto-jacking”), it is tempting to now reshuffle your enterprise’s defensive priorities based on the adversary trends. But before you retask your Blue Team to focus on researching cryptocurrency miners, let’s take a moment and remember a few key fundamental facts about ransomware, and how it is still different, and more dangerous, from its money-mining “successor”. It might be easy to forget, but unlike the new  “crypto-mining” darling  of the adversarial space, ransomware actually holds your  company and staff at ransom . Even though the state of ransomware “authors” seems to be at an all time low, as some seem to have even  given up on actually encrypting files before asking for ransom , the  estimated cost to an organization can still be over $100,000 . Remember, regardless of how popular ransomware is (or is not) to attackers,

What is SCYTHE's origin story?

Image
What is SCYTHE's origin story? When I started  GRIMM , I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry and the greater business and government communities. Two and a half years ago, one of those challenges was brought to the company because of our reputation. A Fortune 50 company had been breached and suffered significant damages. As a result, the IT Security team was given a significantly increased budget which they used to hire incredible talent and have their choice of any assessment/penetration testing software available. Which they did. Extensively. They found they eventually exhausted what these tools could accomplish since they were built to do what they did well, but not for scale or extensibility. So, they called us. The initial requirement was to build another one of these tools, effectively a custom implant with C2 that would be new and thus evade signature. Recognizing they had done thorough product market research (and