Articles on Malware

Below are my perspectives on Malware, drawn from my work as a security leader and practitioner.

• Authentication Cybersecurity Advice for Political Campaigns
  Short-lived political campaigns rarely build formal security programs and often assume they're too small to attract serious attackers, but campaigns across the United States have been targeted by...
• Malware The Language and Nature of Fileless Attacks Over Time
  The term "fileless" originated in 2001 to describe malware that existed solely in memory, but has expanded to encompass malicious documents, scripts, living-off-the-land techniques, and memory...
• Malware Making Sense of Microsoft's Endpoint Security Strategy
  Microsoft is pursuing three endpoint security objectives: protecting the OS through baseline measures, motivating other vendors to innovate beyond commodity controls, and expanding enterprise revenue...
• Malware Retired Malware Samples: Everything Old is New Again
  Legacy malware samples—like IRC-based backdoors with hidden backdoors, nuisance web pages that spawn endless windows, and Flash ads that hijack clipboards—demonstrate techniques that persist in...
• Social Engineering Scammers Use Breached Personal Details to Persuade Victims
  Scammers include personal details from data breaches—such as passwords or phone numbers—in fraudulent messages to "prove" they have compromising information about their victims. These mass-mailed...
• Malware Disambiguate "Zero-Day" Before Considering Countermeasures
  The term "zero-day" can refer to vulnerabilities for which no patch exists, or to malware with no known detection pattern—two distinct threats requiring different countermeasures. Using "zero-day" as...