Author: Andrew Costis

Andrew Costis (“AC”) is the Engineering Manager of the Adversary Research Team at AttackIQ, with more than 24 years of tech and cybersecurity experience. Previously, he conducted security research and threat analysis with VMware Carbon Black’s Threat Analysis Unit (TAU) and LogRhythm Labs, specializing in malware reverse engineering, threat tracking, and the discovery of emerging campaigns. Andrew has presented at industry events including DEF CON Adversary Village, Black Hat, BSides, CyberRisk Alliance, Security Weekly, ITPro, BrightTALK, and SC Media, among others.
    Threat Advisories

    Response to CISA Advisory (AA25-212A): CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization

    August 1, 2025
    In response to the recently published CISA Advisory (AA25-212A), AttackIQ has provided actionable recommendations to help organizations emulate such attacks. These recommendations enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors.
    Read More
    Threat Advisories

    Response to CISA Advisory (AA23-349A): Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

    December 22, 2023
    In response to the recently published CISA Advisory (AA23-349A) that disseminates Tactics, Techniques and Procedures (TTPs), mitigation and detection methods associated with a Risk and Vulnerability Assessment (RVA) carried out by CISA as requested by a Healthcare and Public Health (HPH) sector organization, AttackIQ recommends that customers take the following testing actions in alignment with the RVA.
    Read More
    Ransomware: Revealed
    Threat Research

    Ransomware and Targeted Attacks in the Healthcare Sector

    September 23, 2021
    Although ransomware can have devastating effects regardless of which industry vertical an organisation is part of, the healthcare industry has particularly paid a heavy price in recent times.
    Read More
    Ransomware: Revealed
    Threat Research

    Azure Security Stack Mappings: The Top Native Security Controls for Ransomware

    August 23, 2021
    For the first time, organisations can visually see what Azure security controls can offer in terms of protection, detection and response. With 45 native Azure security control mappings, defenders can start focusing on not only TTPs in the context of Azure threats, but also how each native Azure security control might shield them from related TTPs in Azure.
    Read More
    Threat Research

    The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided

    July 13, 2021
    On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed defense strategy to prepare yourself for similar threat actor behavior.
    Read More
    Threat Research

    Put MITRE ATT&CK® to work through Workbench

    June 22, 2021
    For years, users struggled to put MITRE ATT&CK into practice. With the release of ATT&CK Workbench today, defenders can far better ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base. See how and why.
    Read More