Skip to content

'Pen-Tested' by a Hacker: What to Believe

When actors from the Babuk ransomware gang announced the start of their operations on underground forums in 2021, they advertised their services as special software to “show the security issues inside corporate networks.”

As the ransomware-as-a-service (RAAS) landscape has exploded during the past three years, more and more groups have taken a similar position to the Babuk gang, framing themselves as “penetration testers” and promising victims a comprehensive security report if they pay the ransom demand. Failing to pay the ransom, though, would result in public disclosure of the vulnerabilities—effectively leaving the company wide open to attack.

Read the Article

Related: Verizon 2022 DBIR Reveals Rise in Ransomware Attacks and Organized Crime Activity

Recommended: What to Expect When You're Infected with Ransomware

Featured Articles

Illustration of a man striding through a door in the shape of a 0 along a red wall of binary code. What you need to know about Log4Shell.

Key Learnings from Log4Shell

The Log4Shell vulnerability is “endemic.” But there are steps companies can take to secure the open-source software supply chain and shore up the security of the Internet.

Close up photo of a typewriting with the phrase "Are you Ready" typed on a piece of paper. There is an light blue overlay with circuit imagery over the image. How to recover after a cybersecurity hack.

Security Technology: Strengthening Your Cybersecurity Posture

In 2021, there were several high-profile incidents of security technology being compromised due to poor cybersecurity hygiene, increasingly aggressive nation-state actors, and a growing attack surface with the adoption of IoT and OT. These trends have only continued in 2022, suggesting a new normal for the threat landscape. The October issue of Security Technology will look at how the security industry is incorporating cybersecurity risk into the technology and systems it relies on.

Security Management Podcast

GSX Daily: Using Empathetic Service to De-Escalate Scenarios

What role do empathy and “service from the heart” play in effective security missions?  These approaches enable Alex Jadrich, manager of public safety, security, and emergency management at the Denver Zoo, to connect more successfully with his team, his customers, and his guests and drive a more positive interaction with the organization. In this episode of the GSX Daily podcast, Jadrich and host Chuck Harold discuss management approaches, de-escalation, and influence.

Want to learn more? Join Jadrich at GSX 2022 for his session, Why Security Organizational Administrators Need to Lead with Service from the Heart, on Wednesday, 14 September.

ASIS Calendar of Webinars & Events

As the preeminent organization for security management professionals, ASIS International offers a dynamic calendar of events to advance your professional development. From executive education to global exchanges, our events work together to help you reach new heights in your career.

Book Review: The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms

The CISO’s Next Frontier: AI, Post-Quantum Cryptography

Featured in the September/October Issue

When it comes to computer security, the times are constantly changing. That is one of the most challenging aspects of security—by the time you finally secure something, numerous new threats have arrived.

Catch Up With SM on Social Media

Be the first to hear about new SM articles, issues, videos, and more on Twitter.
Share the latest SM articles, infographics, and stories with your friends and colleagues.
Get more award-winning security content in your search results by following us on Google News.


The guarding industry faced a perfect storm of personnel challenges during the COVID-19 pandemic, and it’s still recovering from the labor shortfall, says Leon Beresford, CPP, PCI, PSP, from the ASIS Security Services Community. So, how can guarding firms and in-house security teams stay competitive and attractive to qualified candidates? It’s time to expand your employee satisfaction and recruitment toolkit.

ASIS members can continue the conversation by joining the Security Services Community here.

Security Management News Feeds



Hear what Security Management editors and guest speakers have to say about this month’s magazine.



View all of our past and upcoming educational webinars.



ASIS Members: Download all the latest editions of Security Managment for your PC, tablet, or mobile device.