Archive

RansomSnub: RansomHub’s Affiliate Confusion

April 8, 2025 Executive Summary Since RansomHub’s emergence in early 2024, the group has become the most prolific Ransomware-as-a-Service group operating today.

This Caller Does Not Exist: Using AI to Conduct Vishing Attacks

April 8, 2025 As technology advances, attackers are quick to adapt, using cutting-edge innovations to craft social engineering attacks that exploit the one vulnerability no system can fully guard agai…

Identities and IAM Trends: Q&A With a Saviynt Identity Expert

April 3, 2025 Guest Author: Ehud Amiri, SVP Product Management, Savyint How will the threat to identities change over the coming year? AI will be the most disruptive force, driving changes in both thr…

Supporting Continuous Learning in AI Governance and Security

April 1, 2025 I’d like to begin this post with a heartfelt thank you to everyone who joined our recent Brick House webinar on AI governance.

Aligning Cybersecurity and Third-Party Risk Management with Business Goals

March 25, 2025 In the cybersecurity risk world, we often encounter the issue of not speaking the same language as the business.

Rethinking Risk: ICS & OT Security with Purdue 2.0 and GRC

March 18, 2025 The rise of the extended Internet of Things (XIoT) across industrial (IIoT), healthcare (IoMT), commercial (OT, BMS/EMS/ACS/iBAS/FMS), and other sectors has brought remarkable efficienc…

Fortifying OT/ICS: Building Resilience and Business Continuity in a Cyber Threat Era

March 11, 2025 Without solid governance, organizations cannot effectively manage compliance or mitigate risks.

Breaking Basta: Insights from Black Basta’s Leaked Ransomware Chats

March 6, 2025 Key Takeaways During the period covered by the Black Basta leaked chat logs (18 September 2023 – 28 September 2024), we observed the following We observed at least 47 cryptocurrency wa…

Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear

March 4, 2025 In early March 2025, GRIT received reports from multiple organizations regarding suspicious physical letters delivered by mail from US addresses to members of their executive team.

Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates

March 4, 2025 NOTE:  This article discusses proposed changes to existing regulations.

Untangling AWS Networks with Cloud WAN

February 25, 2025 As organizations grow so does their infrastructure, often without a well-designed underlying infrastructure to support this growth.

GRIT’s 2025 Report: Ransomware Group Dynamics and Case Studies

February 18, 2025 Ransomware threats continue evolving, with the most successful groups refining their tactics to maximize impact over the last year.