It was fun sharing a few thoughts with CREST on why I enjoy Incident Response #DFIR. A very rewarding career full of surprises!

1/ Human-operated ransomware attacks are a significant threat to organisations, and one of the most serious problems the cybersecurity industry needs to help solve. Gabriel Currie and I just spoke at SANS DFIR on the threat and how to defend against these attacks. THREAD👇

Ransomware operators are getting organised - and UK organisations need to take action to defend themselves against this growing threat. Download our new whitepaper to find out why this should be a board-level priority: pwc.to/34RAMeG #CyberSecMonth #CyberAware

Looking forward to seeing you all this Friday at the 6th EU MITRE ATT&CK Community workshops. I'll be talking about DLL Hijacking, covering the different types, research, and why detection is hard! attack-community.org/event/

New blog on defending against human-operated ransomware attacks 👇willoram.medium.com/how-to-defend-…

In a time when it will be hard to come together to commemorate, PwC UK’s London office is lit up to honour those who have died in the line of duty #LestWeForget

We’ve just launched new PwC UK research looking at #CyberSecurity as a strategic priority. We cover challenges, priorities and why organisations must make #CyberRisk an intrinsic part of every business decision: pwc.to/3ncpXeR

This visualisation is amazing! Thank you so much Ashton Rodenhiser for making this, I love it!

Bye-bye botnets👋 Huge global operation brings down the world's most dangerous malware. Investigators have taken control of the Emotet botnet, the most resilient malware in the wild. Get the full story: europol.europa.eu/newsroom/news/…

Law enforcement cybercrime divisions today

#Emotet 01/27/2021 0 DOC/EXE 0 C2 0 Ports 0 Keys 0 Template IOC's politie.nl/nieuws/2021/ja… europol.europa.eu/newsroom/news/… ⛧ɉªɳ ҎʘΰⱠᶊᶓא⛧🇺🇦 lc4m ExecuteMalware James Joe Roosen neonprimetime hazmalware Cryptolaemus James Quinn (Effie) Erik Fichtner bom $./bash

Some practical how-to on handling a #BEC from start to finish. This is handy for all #DFIR, #ThreatIntelligence and #infosec professionals. github.com/PwC-IR/Busines…

Just mapped #dridex affiliates to their loader C2s. Take what inferences you want from it. Red lines are C2s with more than 2 affiliates overlapping, orange is 2 and black is unique to the affiliate. Thanks Hatching for the data 🙏

Really proud of the PwC UK #Threatintel team that produced the Cyber Threats 2020: Year in Retrospect report. You can check out the key cyber threats here: pwc.to/2ZPx7fo

Our latest PwC UK #ThreatIntel article looks at 5 cyber threat trends you need to be aware of this year. We cover ransomware, supply chain attacks, social engineering and more, and suggest how you can respond: pwc.to/3qRVrJn

To my cybersecurity colleagues - especially in infrastructure security - get some rest. No one knows what’s going to happen but nothing you’re doing over the weekend will help for next week if something were to happen. No one benefits from you being tired in a crisis.

Since 2017, PwC's #threatintel team has produced an annual 'Year in Retrospect' consolidation of the most impactful threat activity and trends observed over the past year across our incident response, Managed Cyber Defence, and threat research services around the world.

Well done The Banshee Queen👑 for getting this year's monster Year in Retrospect report over the finish line. And what a year it has been. I'm especially proud to be a member of the awesome team that helped produce this.

What a great synopsis of our Technical Annex to this year's Year in Retrospect report. Nicely done The Banshee Queen👑

1. We (myself and my peers) have observed a change in the attack chain for SocGholish web deployment for S O M E of the stage_1 injected sites. To be clear, not all. Now seeing <script async src="https://BLAH[.]foo/jquery.js"> Where BLAH[.]foo would be stage_1.5