Complex Cybersecurity Topics Made Not-So-Complicated.

Outside of my role at Human Security, I spend my free time writing articles on complex cybersecurity issues. It's something I love to do. My work includes data and trends analysis, technical pieces on reverse engineering and TTPs, and discussions on the business of the cybercriminal underground. Several examples of my work can be found below.

Articles Written

Augmenting Threat Hunting Using Threat Intelligence

MilCyber.org - April 18, 2023

Almost any organization can benefit from threat hunting - whether as part of a full-fledged adversary emulation exercise to determine how implemented security controls hold up against actor-specific TTPs or simply in order to ensure organizational systems are configured as expected. This becomes even more critical for entities that are frequently targeted by both ransomware and state-sponsored threat actors including government organizations, public utilities, hospitals, and schools. As seen in Figure 1, ransomware attacks against these entities may be slowing somewhat, but are very likely to continue. Threat hunting does not require a large team of experts to be effective,...

‘Sophisticated’ Vs. ‘Unsophisticated’ Ransomware

Ransomware.org - August 15, 2022

The most notable ransomware-as-a-service (RaaS) groups are well-known for the widely publicized attacks they conduct, even outside of the cybersecurity community. However, there also exist smaller, very short-lived groups that use ransomware derived from existing variants. They’re often considered 'unsophisticated' threat groups, and may be taken less seriously than that by a higher-level organization. How you deal with each type is important.

‘Internet of Things’ Devices and Ransomware

Ransomware.org - July 13, 2022

When discussing the ever-changing ransomware threat landscape, we often talk about what devices threat actors will target next. In addition to mobile devices, the other technology I get asked about the most is 'Internet of Things' (IoT), and whether we should expect threat actors to begin going after the 'smart' products in our homes or businesses.

Ransomware vs. Malware: What’s the Difference?

Ransomware.org - June 16, 2022

With the Russian invasion of Ukraine came the deployment of several destructive malware families, known as 'wipers', against entities in Ukraine, with nine distinct variants observed to date. The first two, WhisperGate and HermeticWiper/PartyTicket, masqueraded as ransomware, but they were actually destructive tools rather than legitimate ransomware. This raises an important question: What’s the difference between true ransomware and these destructive tools?

Initial Access Vectors for Ransomware

Ransomware.org - May 13, 2022

Initial access vectors are the methods threat actors use to first gain access to an organization’s systems. They can include exploitation of vulnerabilities, stolen credentials, phishing, or brute-forcing services like RDP or SSH. Many of these accesses can be purchased from threat actors who specialize in obtaining initial access, known as Initial Access Brokers.

'Living Off the Land' Ransomware

Ransomware.org - April 6, 2022

This month, our focus is on living-off-the-land techniques, and why they help ransomware threat actors execute attacks more stealthily. The concept of living-off-the-land (LotL) was first introduced by researchers to the broader security community in 2013, and has remained popular with threat actors ever since.

5 Tips for Building a Cybersecurity Career as a Woman

Ransomware.org - March 8, 2022

I’m Lindsay, a malware analyst and reverse engineer, with a special enthusiasm for obfuscation and anti-reverse engineering techniques used in malware! I am also a woman in the field of cybersecurity. I am often asked 'How did you get into cybersecurity?' or 'What advice would you give young women interested in cybersecurity?'

Mobile Phone Ransomware: a Primer

Ransomware.org - February 3, 2022

Mobile phones are certainly ubiquitous—85% of Americans currently own a smartphone, and in 2020, 3.5 billion people owned a smartphone worldwide. With so many devices out there, it seems like mobile would be an excellent target for ransomware threat actors. However, we don’t hear a lot about devastating ransomware attacks targeting smartphone operating systems, like iOS or Android. Let’s explore why.

Ransomware Increasingly Targets Linux and ESXi

Ransomware.org - January 12, 2022

Ransomware attacks have continued to plague organizations over the past few years, especially with the move to big game hunting at the end of 2019, and the debut of 'double extortion' in 2020. Initially, threat actors primarily targeted Windows-based environments, but have more recently expanded capabilities to include Linux-based systems. In 2021, well-known groups including REvil, Conti, RansomExx, and BlackMatter released ransomware specifically designed to target Linux and ESXi, and we expect this trend will continue.

2022 Ransomware Survey Results

Ransomware.org - January 1, 2022

We talk a lot about ransomware attacks within our own organizations—how to prepare for them, what to do when they happen, and the best way to stop the overall threat. While an ever-popular question is 'should we pay the ransom?'' (which most said they are unlikely to), there are so many other highly impactful aspects to ransomware preparedness and response. We surveyed more than 500 IT and security professionals to look at the impact of ransomware in 2021 and 2022 to begin to answer that question.

Articles Featured In

Free VPN apps on Google Play turned Android phones into proxies

Bleeping Computer - March 26, 2024

Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots.

Hackers are using these Android apps on the Play store to stage attacks — delete them all right now

Tom's Guide - March 26, 2024

These apps are turning Android smartphones into proxies in the background.

Thousands of phones and routers swept into proxy service, unbeknownst to users

Ars Technica - March 26, 2024

Two new reports show criminals may be using your device to cover their online tracks.

Apps secretly turning devices into proxy network nodes removed from Google Play

Help Net Security - March 26, 2024

Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it.

'MichaelKors' Showcases Ransomware's Fashionable VMware ESXi Hypervisor Trend

Dark Reading - May 16, 2023

Wide use and lack of support for malware detection technologies has made VMware's virtualization technology a prime target for cyberattackers.

VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns

CyberSecurityDive - May 16, 2023

Ransomware groups continue to target VMware because they know the virtualization infrastructure is vulnerable and lacks security tools, threat researchers said.

VMware ransomware was on the rise leading up to ESXiArgs spree, research finds

CyberSecurityDive - February 13, 2023

Recorded Future analysis underscores a growing ransomware threat confronting organizations using VMware ESXi.

Russia Media Day

Politico Pro - October 19, 2022

This article is available to Politico Pro subscribers.

Cyberattaques : qu’est-ce qu’un accès initial?

LeMag IT - June 30, 2022

Le monde de la cybersécurité est marqué par un jargon qui lui est bien propre. Certains termes peuvent manquer de clarté pour le non-initié. Lindsay Kaye, de Recorded Future, nous aide à décoder le concept d’accès initial.

Cyberattaques : en quoi consiste le déplacement latéral?

LeMag IT - June 21, 2022

Egregor ransomware group explained: And how to defend against it

CSO - February 21, 2021

Egregor is one of the most rapidly growing ransomware families. Its name comes from the occult world and is defined as “the collective energy of a group of people, especially when aligned with a common goal,” according to Recorded Future’s Insikt Group. Although descriptions of the malware vary from security firm to security firm, the consensus is that Egregor is a variant of the Sekhmet ransomware family.

3 Ways Hacks Exploiting the COVID-19 Crisis Have Evolved

The Record - January 22, 2021

Over the last year, the COVID-19 pandemic has been punctuated by a series of crises and developments: In February, the U.S. declared a public health emergency; In March, the economy contracted and unemployment skyrocketed; Relief packages were both passed and stalled in Congress throughout the year; And by December, vaccines were given emergency approval.

A COVID-19 shot for $150? Online scams surge as slow vaccine rollout frustrates

Reuters - January 5, 2021

As millions of people await their turn to get a COVID-19 vaccine that could be months away, scammers online, in emails and on messaging apps are luring victims with claims they can deliver shots within days for as little as $150.

Opportunistic Egregor ransomware is an emerging and active threat

ComputerWeekly - December 4, 2020

Researchers at Recorded Future’s Insikt Group highlight links between the emerging Egregor ransomware and other strains, and offer guidance on defending against it

From pranks to APTs: How remote access Trojans became a major security threat

CSO - November 9, 2020

RATs were first created to prank friends. Today, they’re cheaply available and used by everyone from cybercriminals to espionage groups.

Why the extortion of Vastaamo matters far beyond Finland — and how cyber pros are responding

CyberScoop - October 29, 2020

At issue are the obligations of health care organizations to defend their data, and victims’ ability to hold them accountable for failing to do so.

New Ransomware Uses Sophisticated Evasion Techniques

CoinTelegraph - June 11, 2020

Recorded Future says that Thanos deploys a particular encryption technique in its attack and offers a revenue-sharing scheme for external hackers.

Thanos Ransomware First to Weaponize RIPlace Tactic

ThreatPost - June 10, 2020

Thanos is the first ransomware family to feature the weaponized RIPlace tactic, enabling it to bypass ransomware protections.

Why COVID-19 is big business for bad actors

DanPatterson - May 29, 2020

Threat researcher Lindsay Kaye of Recorded Future explains how scammers profit from coronavirus.

COVID-19 outbreak gives rise to opportunistic scammers

ITWeb - March 19, 2020

The South African Banking Risk Information Centre (Sabric) is warning bank consumers of cyber criminals exploiting the coronavirus (COVID-19) outbreak to spread an array of online scams.

Hospitals under threat as hackers exploit coronavirus to carry out cyber attacks

The Telegraph - March 17, 2020

Security experts warn that global concern over coronavirus risks creating a fertile hunting ground for cybercriminals

Hackers are exploiting the coronavirus crisis by posing as World Health Organisation officials in order to steal bank details and target government infrastructure

Business Insider - March 16, 2020

Hackers are exploiting growing anxiety over the coronavirus crisis by posing as officials from the World Health Organisation and government officials in order to steal the personal details of people online.

Espías aprovechan la paranoia sobre coronavirus para robar datos por correo electrónico

Forbes Mexico - March 16, 2020

Cibercriminales envían archivos referentes al coronavirus por email, que ocultan un spyware para robar los datos personales de usuarios y empresas.

Intelligence agencies use coronavirus information to target enemies, analysts say

NBC News - March 13, 2020

Intelligence agencies around the world are sending out fake coronavirus information to hack and spy on their targets, cybersecurity researchers say.

Coronavirus Scam Alert: Watch Out For These Risky COVID-19 Websites And Emails

Forbes - March 12, 2020

Cybercriminals and nation state-sponsored spies didn't take long to catch onto the coronavirus panic. Research released Thursday shows crooks and snoops have been rapidly registering vast numbers of potentially-malicious websites and sending out masses of scam emails as they try to make money from the pandemic.