Articles on Malware

Below are my perspectives on malware, drawn from my work as a security leader and practitioner.

• Communication How You Can Write Better Threat Reports
  Writing about cybersecurity threats requires deciding what details to include, demonstrating sound analysis, and addressing multiple audiences. A rating sheet checklist can help ensure threat reports...
• Authentication Cybersecurity Advice for Political Campaigns
  Political campaigns face attacks from cybercriminals and nation-state actors who steal credentials, intercept communications, and exploit weak IT configurations. Countermeasures include enabling...
• Malware The Language and Nature of Fileless Attacks Over Time
  The term "fileless" originated in 2001 to describe malware that existed solely in memory, but has expanded to encompass malicious documents, scripts, living-off-the-land techniques, and memory...
• Malware Making Sense of Microsoft's Endpoint Security Strategy
  Microsoft is pursuing three endpoint security objectives: protecting the OS through baseline measures, motivating other vendors to innovate beyond commodity controls, and expanding enterprise revenue...
• Malware Retired Malware Samples: Everything Old is New Again
  Legacy malware samples—like IRC-based backdoors with hidden backdoors, nuisance web pages that spawn endless windows, and Flash ads that hijack clipboards—demonstrate techniques that persist in...
• Social Engineering Scammers Use Breached Personal Details to Persuade Victims
  Scammers include personal details from data breaches—such as passwords or phone numbers—in fraudulent messages to "prove" they have compromising information about their victims. These mass-mailed...