Cyber-Threats

HACK THE CAPITOL

Hack the capitol 2023

GRIMM is a founding sponsor of ICS Village and we’re working on a ton of cool stuff for Hack the Capitol 6.0! This is the sixth installment of our free, two-day-long, multi-track event designed to educate congressional staffers, scholars, and the press on some of the most significant cybersecurity challenges facing our nation today, particularly […]

Hack the capitol 2023 Read More »

cybersecurity culture

Embracing a Culture of Cybersecurity

Authors: GRIMM CEO Jennifer Tisdale and Senior Principal Researcher Matt Carpenter Cyber adversaries are becoming more skilled — and more ruthless. Cybersecurity Ventures projects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025. Given the scope and scale of what’s at stake, companies

Embracing a Culture of Cybersecurity Read More »

6 Cybersecurity predictions for 2023

The world is rapidly changing, and with it, so is how we approach and protect ourselves from cybersecurity threats. With the increasing sophistication of threat actors, and the ever-growing number of connected devices, the need for advanced security measures is more significant than ever. As you optimize your cybersecurity resilience priorities for the year ahead,

6 Cybersecurity predictions for 2023 Read More »

threat actors cybersecurity

Professional evil: a glimpse into the tactics and motivations of malicious threat actors

There are plenty of articles detailing the uses of patience, creativity, and above all, learning from your failures. Those are all requirements for excelling in any technical field. Instead of rehashing that baseline, let’s take a look at how a threat actor might stage attacks to create the most extensive damage, regardless of the target.  

Professional evil: a glimpse into the tactics and motivations of malicious threat actors Read More »

Why You Should Care About Infrastructure Security Month

November is Critical Infrastructure Security & Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to keep our nation’s critical infrastructure secure and resilient. This year’s theme is Infrastructure Security is National Security: Together We Can Drive Down Risk, Build Resilience, which covers the spectrum of infrastructure security.  So, why should you

Why You Should Care About Infrastructure Security Month Read More »

public-private partnership

The power of public-private partnerships

By: Jennifer Tisdale Public-Private Partnerships (P3) are often thought of in terms of large-scale, long-term relationships between a government agency and a private business, in which the private business provides a service or an asset to the government while also carrying the burden of financial risk. This commonly occurs in terms of real estate when

The power of public-private partnerships Read More »

ransomware

Ask me anything: what is ransomware?

What is “ransomware”? This came up a couple of times for me this morning, so I thought there might be folks who would benefit from an answer. Specifically, an answer unrelated to selling a ransomware product or service. The term “ransomware” describes the tools, tactics, techniques, and procedures (TTPs) utilized maliciously to either cryptologically prevent

Ask me anything: what is ransomware? Read More »

Cyber-physical ranges built by GRIMM experts are used to demonstrate attacks on critical infrastructure in real-time.

Connecting the Dots for Connected Security

By: Naki Carter It is undeniable that organizations, government agencies, and critical infrastructure providers face evolving cyber threats with increased volume and complexity. Securing your organization’s information and assets requires the right amount of effort focused on appropriate areas. Cyber-Physical Systems Security According to the National Institute for Standards and Technology (NIST), “Cyber-Physical Systems (CPS)

Connecting the Dots for Connected Security Read More »

Pulse Secure April Attack

Pulse Connect Secure vulnerability CVE-2021-22893 and other old vulnerabilities are being actively exploited. While GRIMM engineers were not able to obtain a device or the firmware for a full analysis, the device in question looks like a Linux-based rack-mounted server that sits inside the firewall and mediates all kinds of access for clients accessing it via a

Pulse Secure April Attack Read More »