Andrew Costis

Author
Andrew Costis is a Senior Cyber Threat Consultant, EMEA at AttackIQ. He has over 20 years of industry experience, and recent roles include threat research and reverse engineering malware, tracking ransomware campaigns, as well as incident response and malware hunting. Andrew has given various talks at Black Hat, B-Sides, CyberRisk Alliance, SecurityWeekly, ITPro, BrightTalk and others.
Andrew Costis

See other articles by Andrew Costis

Response to CISA Advisory (AA23-144A): China State-Sponsored Actor Volt Typhoon Living off the Land to Evade Detection
Adversary Emulation

Response to CISA Advisory (AA23-144A): China State-Sponsored Actor Volt Typhoon Living off the Land to Evade Detection

AttackIQ has released two new assessments that emulate the techniques associated with a People’s Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. Volt Typhoon makes extensive use of living off the land tools to remaining undetected for as long as possible while complete their espionage goals.
Read More
Response to US-CERT Alert (AA22-174A): Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems 
Adversary Emulation

Response to US-CERT Alert (AA22-174A): Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems 

In response to US-CERT Alert AA22-174A, AttackIQ has released new malware transfer scenarios to the platform and recommends validating security controls using previously released scenarios addressing Log4Shell and the VMware CVE-2022-22954 vulnerability.  
Read More
Ransomware and Targeted Attacks in the Healthcare Sector
Ransomware

Ransomware and Targeted Attacks in the Healthcare Sector

Although ransomware can have devastating effects regardless of which industry vertical an organisation is part of, the healthcare industry has particularly paid a heavy price in recent times.
Read More
Azure Security Stack Mappings: The Top Native Security Controls for Ransomware
Ransomware

Azure Security Stack Mappings: The Top Native Security Controls for Ransomware

For the first time, organisations can visually see what Azure security controls can offer in terms of protection, detection and response. With 45 native Azure security control mappings, defenders can start focusing on not only TTPs in the context of Azure threats, but also how each native Azure security control might shield them from related TTPs in Azure.
Read More
The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided
Ransomware

The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided

On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed defense strategy to prepare yourself for similar threat actor behavior.
Read More
Put MITRE ATT&CK® to work through Workbench
Adversary Emulation

Put MITRE ATT&CK® to work through Workbench

For years, users struggled to put MITRE ATT&CK into practice. With the release of ATT&CK Workbench today, defenders can far better ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base. See how and why.
Read More