June 21, 2021
Ransomware attacks are on a different scale this year, with major attacks not just dismantling the business and management of Colonial Pipeline in the US, the Health Service Executive in Ireland, and the meatpacker JBS in Australia, but also disrupting people's access to gasoline, healthcare, COVID-19 vaccinations, and more.
So, what is it going to take to stop these attacks? Brian Honan, CEO of BH Consulting, said that the process will be long and complex, but the end goal in sight should be simple: Put the cybercriminals responsible for these attacks behind bars.
Tune in to learn about how ransomware can dismantle a business, what governments are doing to fight back, and why we need better cooperation within private industry, on the latest episode of Lock and Code, with host David Ruiz.
June 7, 2021
In 2016, a mid-20s man began an intense, prolonged harassment campaign against his new roommate. He emailed her from spoofed email accounts. He texted her and referenced sensitive information that was only stored in a private, online journal. He created new Instagram accounts, he repeatedly made friend requests through Facebook to her friends and family, he even started making bomb threats. And though he tried to sometimes mask his online activity, two of the VPNs he used while registering a fake account eventually gave his information to the FBI.
This record-keeping practice, known as VPN logging, is frowned upon in the industry. And yet, it helped lead to the capture of a dangerous criminal.
Can two VPN "wrongs" make a right? Find out today on Lock and Code, with host David Ruiz.
May 24, 2021
This week on Lock and Code, we speak to cybersecurity advocate and author Carey Parker about "dark patterns," which are subtle tricks online to get you to make choices that might actually harm you. Maybe you'll be bilked out a couple dollars, maybe you'll find it nearly impossible to unsubscribe out of that newsletter, or maybe you'll see yourself signing away some of your data privacy controls just so a company can keep making more money off you.
Tune in to learn about dark patterns—how to spot them, what any future fixes might look like, and what one company is doing to support you—on the latest episode of Lock and Code, with host David Ruiz.
May 10, 2021
This week on Lock and Code, we speak to cybersecurity and privacy attorney Jake Bernstein about ransomware attacks that don't just derail a company's reputation and productivity, but also throw them into potential legal peril.
These are "double extortion" attacks, in which ransomware operators can hit the same target two times over—encrypting a victim's files and also threatening to publish sensitive data that was stolen in the attack. And in the US, whenever data is stolen and released, there are about 50 state laws that might dictate what a victim does next, and how quickly they do it.
Tune in to learn about these ransomware attacks, what state laws get triggered, how new privacy laws affect legal compliance, and why Bernstein does not expect any federal legislation to standardize this process, on the latest episode of Lock and Code, with host David Ruiz.
April 26, 2021
This week on Lock and Code, we speak to Malwarebytes Chief Information Security Officer John Donovan about the flaws in using VirusTotal as the one source of truth when evaluating whether or not a cybersecurity tool actually works. It's a practice that is surprisingly common among small- to medium-sized businesses (SMBs).
Tune in to learn about the smartest ways to test and implement endpoint protection into your SMB, and how to finally break free from the VirusTotal silo, on the latest episode of Lock and Code, with host David Ruiz.
March 29, 2021
This week on Lock and Code, we speak to Malwarebytes senior security researcher JP Taggart about the importance of trusting your VPN.
You've likely heard the benefits of using a VPN: You can watch TV shows restricted to certain countries, you can encrypt your web traffic on public WiFi networks, and, importantly, you can obscure your Internet activity from your Internet Service Provider, which may use that activity for advertising.
But obscuring your Internet activity—including the websites you visit, the searches you make, the files you download—doesn’t mean that a VPN magically disappears those things. It just means that the VPN itself gets to see that information instead.
Tune in to hear about what your VPN can see, why it is important for that information to be secured, and how you can safely transfer your trust to a VPN, on the latest episode of Lock and Code, with host David Ruiz.
March 15, 2021
This week on Lock and Code, we tune in to a special presentation from Adam Kujawa about the 2021 State of Malware report, which analyzed the top cybercrime goals of 2020 amidst the global pandemic.
If you just pay attention to the numbers from last year, you might get the wrong idea. After all, malware detections for both consumers and businesses decreased in 2020 compared to 2019. That sounds like good news, but it wasn't. Behind those lowered numbers were more skillful, more precise attacks that derailed major corporations, hospitals, and schools with record-setting ransom demands.
You can read the full 2021 State of Malware report here, and you can follow along with everyday cybersecurity coverage from Malwarebytes Labs here.
March 1, 2021
Every few years, after the public learns about an ugly, online harassment campaign, a familiar response shoots forth: Change the way we talk to one another online, either by changing the law, or changing the rules for how we identify ourselves online.
But these "solutions" could actually bring more problems, particularly for vulnerable communities.
Today, we speak to Electronic Frontier Foundation's Director of Cybersecurity Eva Galperin about how removing online anonymity could harm the safety of domestic abuse survivors, and why one decades-old law protects everyone online, and not just Big Tech.
February 15, 2021
On today's show, we discuss cybersecurity's public enemy number one: Emotet. This piece of malware started in 2014 as a simple banking Trojan, but it later evolved into a fully functional malware business, as its operators sold access to other threat actors and helped load separate malware for a price.
The danger was real, but on January 27, Europol announced they'd taken Emotet down. Today, we talk to Malwarebytes security evangelist Adam Kujawa about Emotet's past, its takedown, and the power vacuum it leaves behind.