Skip to content
Menu
menu

'Pen-Tested' by a Hacker: What to Believe

When actors from the Babuk ransomware gang announced the start of their operations on underground forums in 2021, they advertised their services as special software to “show the security issues inside corporate networks.”

As the ransomware-as-a-service (RAAS) landscape has exploded during the past three years, more and more groups have taken a similar position to the Babuk gang, framing themselves as “penetration testers” and promising victims a comprehensive security report if they pay the ransom demand. Failing to pay the ransom, though, would result in public disclosure of the vulnerabilities—effectively leaving the company wide open to attack.

Read the Article

Related: Verizon 2022 DBIR Reveals Rise in Ransomware Attacks and Organized Crime Activity

Recommended: What to Expect When You're Infected with Ransomware

Featured Articles

Illustration of a man striding through a door in the shape of a 0 along a red wall of binary code. What you need to know about Log4Shell.

Key Learnings from Log4Shell

The Log4Shell vulnerability is “endemic.” But there are steps companies can take to secure the open-source software supply chain and shore up the security of the Internet.

Top Articles

Your Cyber Response Plan Needs These 6 Components
Information security

Cyber Insurance Hard Market Turns Brittle
Information security

‘Pen-Tested’ by a Hacker: What to Believe
Information security

Security-as-a-Service Applications Create a Growing Attack Surface
Information security

2022 GSX Daily

What to Expect When You’re Infected with Ransomware

Ransomware continues to develop and threat actors continue to deploy new tools and tactics to initiate an attack and get targets to pay costly ransoms to recover their data—and they’re not subtle about it.

Ransomware is the “biggest, noisiest threat we’ve seen in the world from a cybersecurity perspective,” said Jon Clay, vice president of threat intelligence at Trend Micro. “Once you’re infected, you know it.”

Latest Articles
Your Wednesday GSX Guide GSX 2022 Product Showcase Salvatto: Small Acts Create Big Impacts Large-Scale Evacuations: Lessons Learned from Afghanistan and Ukraine Rotterdam at the Ready for ASIS Europe 2023 Ask an ASIS Champion: Insights from Jeroen van der Vaart The SM Editors' Reading Guide for GSX 2022
How to Initiate a Digital Transformation to Manage your Data Scenario Planning: Going Beyond the Tabletop How to Build and Maintain a Personal Brand Young Professionals Rebranding to NextGen, New Certificate Courses, and More Updates from ASIS International ASIS Middle East 2022: Strengthening Regional Resilience Orange County Convention Center Security Division SOARs Above Expectations ASIS Bookstore: Add to Cart at GSX 2022

Trending News

Staffing Security While Restocking the Talent Pool

Keep Ahead of Crises by Planning for Complex Scenarios

Protests in Iran Spread as the Internet Goes Down and Deaths Go Up

Facial Recognition in the US: Privacy Concerns and Legal Developments
Close up photo of a typewriting with the phrase "Are you Ready" typed on a piece of paper. There is an light blue overlay with circuit imagery over the image. How to recover after a cybersecurity hack.

Security Technology: Strengthening Your Cybersecurity Posture

In 2021, there were several high-profile incidents of security technology being compromised due to poor cybersecurity hygiene, increasingly aggressive nation-state actors, and a growing attack surface with the adoption of IoT and OT. These trends have only continued in 2022, suggesting a new normal for the threat landscape. The October issue of Security Technology will look at how the security industry is incorporating cybersecurity risk into the technology and systems it relies on.

Leadership & Management

Staffing Security While Restocking the Talent Pool
Managing organizations

How to Initiate a Digital Transformation to Manage your Data
Global Security Exchange (GSX)

Amid Remote Work, Romance and Risk Persist
Law and Ethics

ASIS News: Honoring Member Achievements

Membership

Security Management Podcast

GSX Daily: Using Empathetic Service to De-Escalate Scenarios

What role do empathy and “service from the heart” play in effective security missions?  These approaches enable Alex Jadrich, manager of public safety, security, and emergency management at the Denver Zoo, to connect more successfully with his team, his customers, and his guests and drive a more positive interaction with the organization. In this episode of the GSX Daily podcast, Jadrich and host Chuck Harold discuss management approaches, de-escalation, and influence.

Want to learn more? Join Jadrich at GSX 2022 for his session, Why Security Organizational Administrators Need to Lead with Service from the Heart, on Wednesday, 14 September.

Latest Legal News

Protests in Iran Spread as the Internet Goes Down and Deaths Go Up
Law and Ethics

Legal Roundup: New Anti-Hate Initiative, General Arrested in Mexican Missing Student Case, Hospital Bomb Threats, and More
Crime

Visa to Categorize Gun Sales, Climate Change Tipping Points, and More Security-Related News
Law and Ethics

EU Poised to Introduce Cybersecurity Rules for IoT Devices
Law and Ethics

ASIS Calendar of Webinars & Events

As the preeminent organization for security management professionals, ASIS International offers a dynamic calendar of events to advance your professional development. From executive education to global exchanges, our events work together to help you reach new heights in your career.

Book Review: The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms

The CISO’s Next Frontier: AI, Post-Quantum Cryptography

Featured in the September/October Issue

When it comes to computer security, the times are constantly changing. That is one of the most challenging aspects of security—by the time you finally secure something, numerous new threats have arrived.

Cybersecurity

Your Cyber Response Plan Needs These 6 Components
Information security

Cyber Insurance Hard Market Turns Brittle
Information security

‘Pen-Tested’ by a Hacker: What to Believe
Information security

Security-as-a-Service Applications Create a Growing Attack Surface
Information security

Derreck Kayongo

GSX Keynote speaker

“If you’re not morally responsible for each other on this security team—or whatever team you’re on—it’s not going to work.”

Read the Article

Wendy Bashnan

CSO for Nielsen Company

“The biggest challenge for my team is to encourage them to pull back and take time off, because they feel obligated to support whatever team it is that they’re working with. And that feeling that if they did take personal time, they’re letting down their teammates—that’s the message we need to tweak moving forward.”

Read the Article

Mateo Salvatto

CEO of Asteroid Technologies and creator of Háblalo

“It made me kind of angry that we have the technology to put a rover on Mars, but a deaf person can't report a crime.”

Read the Article

Jeroen van der Vaart

Director, Group Security & Resilience, Booking.com

“Keeping connected throughout the security industry and staying up to date with domain knowledge will contribute to implementing effective security resolutions.”

Read the Article

Anthony Hurley, CPP, PCI, PSP

Partner and consultant with Critical Preparedness, LLC

“Ideology-driven violent extremists are committed to disrupting and crippling critical infrastructure for their cause, and a major event often sparks concern that threat actors will attack during the confusion.”

Read the Article

Andrew Shikiar

Executive Director, FIDO Alliance

“Passwords lead to data breaches. They lead to account takeovers. They lead to fraud.”

Read the Article

Don Aviv, CPP, PCI, PSP

President of investigations firm Interfor

“The bottom line is that by working for an agent of a foreign government, an investigator or security professional assumes enormous risk.”

Read the Article

Brad Spicer

National director of safety preparedness and emergency management, Navigate360

“Watching people is critical, but not enough. Situational awareness requires understanding your environment.”

Read the Article

Christian Beckner

Vice president of retail technology and cybersecurity, National Retail Federation

“We’ve seen in the past when that [felony theft] threshold goes higher, some of the organized criminal activity that’s related to shoplifting knows what that line is. When they send people into stores, there’s sort of an effort to stay below that.”

Read the Article

Physical Security

Hurricane Update: South Carolina Braces for Ian Landfall as Florida, Cuba, and Puerto Rico Recoveries Continue
Physical and operational security

Danish, Swedish Officials Claim Sabotage After Detecting Fourth Nord Stream Pipeline Leak 
National security

Staffing Security While Restocking the Talent Pool
Managing organizations

Protests in Iran Spread as the Internet Goes Down and Deaths Go Up
Law and Ethics

Catch Up With SM on Social Media

Be the first to hear about new SM articles, issues, videos, and more on Twitter.
Share the latest SM articles, infographics, and stories with your friends and colleagues.
Get more award-winning security content in your search results by following us on Google News.

Crime News

Stolen Bake Stands, Bourbon Insiders, and Cow Protests: It’s Been a Strange Month
Crime

Legal Roundup: New Anti-Hate Initiative, General Arrested in Mexican Missing Student Case, Hospital Bomb Threats, and More
Crime

How Do Pandemics End? Plus Iranian Cyberattack Responses, Insurance Pressures, and Militarized Security in Mexico
Crime

Security News Roundup: Former Twitter Security Official Testifies, Monarchy Protestors, Progress Fighting Violent Crime, and Other News
Crime

Security-Snapshots-Logo.jpg

The guarding industry faced a perfect storm of personnel challenges during the COVID-19 pandemic, and it’s still recovering from the labor shortfall, says Leon Beresford, CPP, PCI, PSP, from the ASIS Security Services Community. So, how can guarding firms and in-house security teams stay competitive and attractive to qualified candidates? It’s time to expand your employee satisfaction and recruitment toolkit.

ASIS members can continue the conversation by joining the Security Services Community here.

National Security

Danish, Swedish Officials Claim Sabotage After Detecting Fourth Nord Stream Pipeline Leak 
National security

Russia Escalates War Effort, Initiating Sham Elections and Conscripting 300,000 Additional Troops
National security

Protests in Iran Spread as the Internet Goes Down and Deaths Go Up
Law and Ethics

How Do Pandemics End? Plus Iranian Cyberattack Responses, Insurance Pressures, and Militarized Security in Mexico
Crime

Security Management News Feeds

;
record_voice_over

Podcasts

Hear what Security Management editors and guest speakers have to say about this month’s magazine.

cast_for_education

Webinars

View all of our past and upcoming educational webinars.

cloud_download

Download

ASIS Members: Download all the latest editions of Security Managment for your PC, tablet, or mobile device.

arrow_upward