New by me: the hard truth about ransomware.

We aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact.…
I think cybersecurity vendors should recognise ransomware as not a business enabler/profit center, but as a competitor. Image
IT is really hard, companies are really struggling, and they need support. We can't get out of this cycle by just telling people to patch. Image
Why yes, I did add this perfectly timed tweet to the blog.
If anybody is wondering - this ransomware post is one of the least read blog posts I’ve ever written.

It has less than 2k reads. As an example, my post about a task scheduler ‘zero day’ (never used in wild) got 10 times more reads in same time frame.

Good luck out there. Image

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Kevin Beaumont

Kevin Beaumont Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @GossiTheDog

10 Jun
Anybody use Blink cameras by Amazon? All mine have gone offline, think it may be a service outage.
Sigh. Yep, it’s this - just did a network dump, Blink in the U.K. is calling out to an AWS datacenter that is on fire.

Also, please don’t rob me.
In other news one of the AWS data centres in EU is on fire.
Read 6 tweets
10 Jun
They paid to “ensure no data was exfiltrated”.

I think they mean posted.
Break the ransomware cycle.
Say with something like Colonial, what happens is 100gb or so of data gets taken, you hire an IR firm through legal council (so it’s legally privileged = nobody can talk), then pay the ransom via firms they hire so data doesn’t leak.

Break the cycle. It is propagating victims.
Read 4 tweets
9 Jun
True story, if you fingerprint SharePoint version numbers (it's possible, e.g. some configs put full build numbers in certain HTTP requests) the average internet facing SharePoint server hasn't had any patches for over 4 years.
There will be an entire press cycle and monthly infosec cycle dedicated to the latest SharePoint vulns... but the reality is a vast majority of orgs aren't actually patching (and infosec depts probably don't even know they have internet facing SharePoint).
Patching SharePoint is ridiculously hard. I think MS needs to built telemetry pipelines for SharePoint, ADFS etc etc so they're making informed decisions about mitigations, severity, messaging etc. Upfront, before the incident they end up in front of congress for.
Read 4 tweets
9 Jun
Gonna play Chivary 2 now it's released, and throw things at people as stress relief. Image
gonna yeet some roses in the war Image
will u be my war date Image
Read 8 tweets
9 Jun
I'm all ready for the European Cybersecurity Blogger Awards 2021, and this year I've actually written some blogs so probably won't win anything. 🤣 Image
*fact checks self* okay I wrote one blog post
Oh no, I need a personality. Image
Read 4 tweets
8 Jun
Fastly WAF is down, which will bring down loads of websites.
If you didn’t know, about four companies proxy almost every website 😂
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!