The latest in Dark Rhino Security news

The Rundown on Ransomware

The Rundown on Ransomware


Tyler Smith, a senior security engineer, was on his way to Kentucky when he received an urgent phone call – one of his clients suffered from a ransomware attack. The backup files. The network storage files. Everything was encrypted. The client was backed into a corner and had to pay the ransom.

Less than two weeks later, the same client was hit again. The attackers humorously offered them a discount because it was their second attack. Luckily, Smith and his team were able to find the key in the code to decrypt all the files. His client would not have to pay the ransom fee again. It took such a horrific set of incidents to get the client to finally take cybersecurity much more seriously.

This occurred in the early 2010s. Since then, ransomware attacks have only become more sophisticated.

Essentially, a ransomware attack happens when a team member clicks on a bad link and their machine becomes compromised. The virus jumps from machine to machine and encrypts the team’s files. Typically, a sum of money is demanded in exchange for the return of the files.

“Paying the ransom is never recommended,” Tyler says. It does not guarantee that it will solve your problem. For example, there could be bugs in the malware, causing the data to be unrecoverable. 

However, there are certain scenarios in which there is no choice but to pay the ransom. For example, companies working in areas such as health care cannot afford to have the patient data lost or compromised. When vital information or millions of dollars are at stake, paying the ransom feels as if it is the only way out.

The best defense is to train the end-users in an organization. 

“Human beings are notorious for overcoming all security efforts because they don’t understand the why behind the security measures,” Tyler says.

You can also detect these attacks by ensuring that next-generation end-point detections and response software is deployed on all the endpoints of users in your cyber environment; You should segment the networks and limit the connects between the segments in a way that makes sense for your business.

With ransomware it does not matter what line of business you are in. Ransomware is not going away. Rather it is advancing quite rapidly. Companies are even built upon customizing attacks for clients.

The Danger Of Cybersecurity Burnout

The Danger Of Cybersecurity Burnout

Burnout from working too much is something every working person needs to worry about. But in some fields, the danger is magnified. Doctors, lawyers, and executives are common victims of the negative health effects of overworking.

And now, cybersecurity professionals have bene added to the mix.

Thanks to stressors like advanced malware and zero-day vulnerabilities, cybersecurity professionals are joining the ranks of the most burnt out professionals in the workforce. On top of regular on-the-job stressors, a shortage of cybersecurity professionals in the marketplace means in many cases, lone employees are doing what should rightly be the work of two or three people.

This kind of burnout has real world consequences; mental health concerns like depression and anxiety are on the rise for cybersecurity professionals, affecting their life at home as well as at work.

What should I do to keep myself from getting burnt out?

Keeping yourself from becoming burnt out in cybersecurity is the same as keeping yourself from becoming burnt out in any other profession.

Get a hobby

Allowing your whole day to become consumed by cybersecurity is a quick path to burnout. To prevent this, include other activities in your life. Start learning a skill you've always wanted to learn, practicing a new language, or playing a new sport.

Take regular breaks from work

Make sure to take regular breaks from work to do nothing in particular. If there's nothing pressing that needs to be done, leave work on time (and don't work from home). Take a day off when your schedule allows. Plan regular vacations -- and shift your work to team members, so you aren't working while you're on your vacation.

Spend time with friends and family

Humans are social animals. The best way for us to refuel and feel good about life is to spend time with other humans we love and care about. Remember to spend time with your friends, family, and loved ones.

Remember to put your phone and computer away while you take this quality time -- time spent split between another person and a screen is not quality time.

Keep work in perspective

Ultimately, work is just work. It's just a way to get money so you are able to live the kind of life you want. Work concerns should be kept in perspective, not made into the center of your world.

What should I do to keep my employees from getting burnt out?

There's only so much employees can do to keep themselves from getting burnt out. As an employer, you bear a special resopnsibility toward your employees to create an environment for them that is conducive to their health, not destructive. Some ways you can create that environment are:

Add more team members

Cybersecurity is an industry known for it's lack of qualified professionals. Often, cybersecurity employees are doing the work of two or three men. People who are working double or triple rarely put in quality work. Hire more team members so your current ones can share the load.

Create a restful space

Our environment affects our performance. If your workplace is a dark, chaotic, stressful environment, employee performance will suffer. Create an employee workspace which is calm, peaceful, and welcoming so that employees can relax into work.

Encourage team members to take breaks

Nobody can work continuously. Encourage employees to take regular breaks when necessary so that when they are working, they are giving their best work.

Give employees autonomy

The person who knows how to make your employees perform best are the employees themselvs. Give them freedom to do what will make them the most effective employees. Instead of trying to get results by controlling their every move, allow them the freedom professional adults deserve.

Cyber Criminals Using New Browser 'Linken Sphere'

Cyber Criminals Using New Browser 'Linken Sphere'

Every day, e-commerce and financial organizations around the world are targeted by cybercriminals. These criminals are often looking for customer information to use to steal the identities of customers, or looking for information they can use to blackmail companies. Companies typically combat these cyber criminals using a technology called digital fingerprinting, a process designed to identify each unique device and browser that visits their websites. This enables them to verify the identity of any visitors and block malicious actors.

Historically, cyber criminals get around digital fingerprinting using technology like virtual machines, proxies, and VPN servers. However, anti-fraud systems are becoming sophisticated enough to identify suspicious IP addresses even if they are using these tactics.

As a result, cyber criminals have started using the Linken Sphere browser for criminal activity. Linken Sphere changes web browser configurations dynamically, generating an unlimited number. This enables them to imitate the activity of legitimate users.

According to Tenebris, the creators of Linken Sphere, it was created for legal, legitimate purposes such as:

  • penetration testing
  • social media market research
  • keyword research
  • bonus hunters (online gambling and other purposes)
  • privacy-minded users
  • people operating multiple accounts simultaneously for work

However, it was announced to the world via underground forums such as Exploit, Verified, Korovka, and Maza, places known for enabling cyber criminals. The user who announced Linken Sphere on these forums is a verified member of the Tenebris team, the creators of Linken Sphere.

About Linken Sphere

According to Tenebris, here are the general features of Linken Sphere:

  • Linken Sphere is based on the Chromium web browser: its developers used its source code and removed all tracking functions enabled by Google
  • Operates in the “Off-the-Record Messaging” mode
  • Does not use any hidden Google services
  • Encrypts all saved data using the AES 256 algorithm
  • Connects to the internet via various protocols, including HTTP, SOCKS, SSH, TOR, TOR + SSH, and DYNAMIC SOCKS
  • Each session creates a new configuration and users do not need multiple virtual machines
  • Allows working with different types of connections in multi-thread mode at the same time
  • Includes built-in professional anti-detection with regular updates of configurations of the user’s agents, extensions, languages, geolocation, and many other parameters, which are able to change in real time
  • Saves fingerprints and cookie files after every session, allowing the use of a saved session by multiple users without needing to switch between virtual machines
  • Does not require specific settings to start working proactively, anonymously, and securely
  • Contains a built-in license with a location database GeoIP2 MaxMind, allowing users to configure time and geolocation immediately
  • WebEmulator, called “Прогреватор” in Russian, is an option created to “warm up” websites in an automated mode. This function allows collecting needed cookie files automatically between websites before working with a new account. WebEmulator operates in the background with multi-thread mode allowing the set up of parameters for visiting websites such as the number of visited pages, time spent on each page, pauses, and delays between visits. WebEmulator enables alerts after task completion. 
Why Video Games Are The New Golf

Why Video Games Are The New Golf

Millennials grew up during the stock market crash of 2008. While we were young, our parents were focused on cutting costs and trying to scrape together money for retirement. Nobody’s parents had money to take them out to the golf course, let alone get lessons. It was far cheaper — and easier on our parents — for us to play video games.

As a result, we grew up in a video game culture. Most millennials who are adults today grew up playing video games like Halo, Call of Duty, and Battlefield. Video games are so common in our age cohort that they are the kind of thing you can strike up a conversation with a stranger over, much like football or the weather.

We didn’t leave our love of video games in the past, either. Platforms like Twitch and YouTube allow us not only to play video game, but to watch the pros show us how it’s done. Video games are not just a hobby, but an entire sports industry.

As millennials get older, more and more of us are holding influential roles inside companies. According to the Pew Research Center, the oldest millennials were born in 1981, making the oldest millennials 38 years old. In our youth-obsessed culture, that’s more than old enough to hold powerful executive positions. There are millennials in Congress and on the boards of directors.

And almost every one of those millennials grew up playing video games.

The Advantages of Video Games

It’s easier to play video games. You don’t have to get dressed up, pack a bunch of large golf clubs into the car, and drive to a physical location — all you have to do is turn on your console and sign on. This makes it easier to arrange short-notice or impromptu sessions.

Video games are more relaxed. Most people take golf pretty seriously, whereas they consider video games relaxed and lighthearted. Instead of focusing on competing, people laugh and have fun. That relaxed atmosphere makes people — customers, partners, and vendors — feel more comfortable talking about their needs without politicking.

Video games can be played together remotely. To play golf, you and your contact need to be in the same place at the same time. On the other hand, all video games require is an internet connection. This allows you to maintain hot connections with people all over the world.

It’s not that video games are “better” than golf. At the end of the day, both are simply different ways of getting in touch with business contacts. But as more and more millennials take positions of power, video games are likely to take center stage as a way of connecting with clients. In fact, this is already starting to happen, says millennial sales engineer Mitch:

“I was consulting at a client site and one of the things that we brought up during our lunch break was how great the new modern warfare game is to play. We talked about some of our favorite game modes and then decided to add each other once the engagement ended. Ever since, we’ve been playing together fairly frequently and discussing just some of the other problems that he’s facing internally.

Another time, myself and a partner bonded over our shared love of Fortnite. We added each other on that game as well, and have discussed everything from how to go after certain accounts together strategically to what has and hasn’t worked with his technology during his sales cycles.”

And it isn’t just milennials playing video games. As video games become more popular, familiarity with them is becoming more common. Even Gen X-ers and Baby Boomers know about video games — even if your contact is older, odds are they have children of their own, children who are growing up playing video games today.

As the business landscape changes, don’t be afraid to strike up conversations about video games. You never know which impromptu gaming sessions may lead to business breakthroughs.

Your Company Needs A Risk-Aware Culture

Your Company Needs A Risk-Aware Culture

Cybersecurity can look dauntingly technical at first. You need a SIEM solution, an IAM solution, a DLP solution, so and so forth — but the most important part of cybersecurity strategy isn’t technical. In fact, it doesn’t even involve a computer. The most important part of a cybersecurity strategy is having a risk-aware culture.

If a company has a risk-aware culture, every employee — from the CEO to the store associates — is aware of basic principles of cybersecurity like never sharing your password, never authenticating for other people, and never sending files over email (especially to external addresses). Companies with risk-aware cultures consider cybersecurity to be the responsibility of the entire organization, not just the responsibility of some cyber guys shoved in the corner.

Most companies, however, don’t have risk aware cultures. Their employees sign in for each other and even share passwords. They conduct business by passing files back and forth over email. When IT imposes new cybersecurity rules, employees conspire to find shortcuts around them. And when management says it’s time for the annual cybersecurity training, everyone groans.

What A Risk-Aware Culture Looks Like

Building a risk aware culture is a matter of educating your employees about the following kinds of threats:


One of the most common kind of cybersecurity threats are phishing emails. Phishing emails are attempts by hackers to trick people into submitting their credentials into fake websites created by the hacker, so the hacker can use these credentials on the real company website to steal information or inject malicious code.

The best defense against phishing is simply to educate employees as to what phishing attempts look like. It is much easier for a human to identify a phishing attempt than for a computer to identify one, so a great deal of money and effort is saved by educating employees as to what they look like.

Using Proper Authentication

An organization with good cybersecurity uses an Identity Access Management (IAM) solution that utilizes Single Sign-On (SSO). What this means is that employees are able to access every software platform they need to do their job with one login.

However, sometimes employees don’t use their IAM. Sometimes they make logins from their work email on websites on their own, or they use third-party login systems to access software. These openings create security vulnerabilities for the whole organization.

The best defense against this vulnerability is to educate employees about the importance of using the company IAM.

Physical Security

In a world obsessed with the cloud, it’s easy to forget about physical infrastructure — but physical infrastructure is critical to cybersecurity.

Thieves often take advantage of people’s oversight. For instance, to gain access to a system, some hackers pretend to be employees who have forgotten their ID card. They ask real employees to “please let them in so they don’t have to drive home and get their card.” If the real employees haven’t been educated to decline requests like these, the infiltrator’s gambit may work.

Another important aspect of physical security is device management. Laptops, tablets and phones used for company business can be stolen and used as an access point through which malicious code can be injected. Because of this, employees must keep careful track of their devices, and alert IT staff as soon as anything is missing or stolen.

The best defense against physical vulnerability is — again — employee education. If every company employee knows not to let people in without their scan cards and to always report missing equipment, many cybersecurity threats can be neutralized before they cause any damage.

How To Build A Risk-Aware Culture

There is a wide variety of different kinds of cybersecurity training available. If you have a cybersecurity partner, either an MSSP or a vendor, they likely have their own training available for your company’s employees. If you do cybersecurity in-house, your cybersecurity personnel likely know of training they feel comfortable recommending to the rest of your organization.

The Difference Between a Blue & Red Ocean Company

The Difference Between a Blue & Red Ocean Company

When it comes to competition, not every company has the same amount. Some companies compete in what are called red ocean spaces — so called because the oceans are red with blood. Competitors attack each other in order to feed on a limited number of customers.

On the other hand, there are companies who compete in blue ocean spaces. A company that operates in a blue ocean space is a company that has plenty of customers to sell to and little competition which they must beat to do so.

Obviously, everyone wants to compete in a blue ocean space. The reason most companies don’t do so, however, is because moving to a blue ocean requires a whole new way of thinking about your business. Most businesses think in term of incremental value addition — shaving a few bucks off the price here, adding a feature there, redesigning their product every few years. This kind of thinking keeps businesses in red oceans. Blue oceans require a whole new way of thinking about your product; they require a business to think outside the box, creating products to fill needs customers are not aware they even have.

“Value innovation is the cornerstone of blue ocean strategy. We call it value innovation because instead of focusing on beating the competition, you focus on making the competition irrelevant by creating a leap in value for buyers and your company, thereby opening up new and uncontested market space.”
―W. Chan Kim, Blue Ocean Strategy, Expanded Edition: How to Create Uncontested Market Space and Make the Competition Irrelevant

When talking about blue ocean strategy, it’s best not to think in terms of companies, but in terms of products. And the best example of a blue ocean product is Apple’s iPhone.

At the time, most of Apple’s products were red ocean products. They sold desktops, laptops and computer accessories that competed with major companies like HP, Dell, and Lenovo. While they were doing well in these markets, they were fighting viciously for each percentage point of dominance in the market.

The iPhone, however, was blue ocean. When the iPhone was released, it had no competitors. Anyone who wanted one of the new “smartphones” had to buy an iPhone. The newly created “smartphone” market exploded to a billion-dollar-plus market within just a few years, with the iPhone capturing the lion’s share of it.

Another great example of a blue ocean product is the Cirque du Soleil, highlighted in the book Blue Ocean Strategy.

Cirque du Soleil took the world by storm. It created a blue ocean of new market space. Its blue ocean strategic move challenged the conventions of the circus industry. Cirque’s productions have been seen by more than 150 million spectators in more than 300 cities around the world. In less than twenty years since its creation, Cirque du Soleil achieved a level of revenues that took Ringling Bros. and Barnum & Bailey — the once global champion of the circus industry — more than one hundred years to attain.

What makes this rapid growth all the more remarkable is that it was not achieved in a declining industry in which traditional strategic analysis pointed to limited potential for growth. Supplier power on the part of star performers was strong. So was buyer power. Alternative forms of entertainment — ranging from various kinds of urban live entertainment to sporting events to home entertainment — cast an increasingly long shadow. Children cried out for video games rather than a visit to the travelling circus. Partially as a result, the industry was suffering from steadily decreasing audiences and, in turn, declining revenue and profits. There was also increasing sentiment against the use of animals in circuses by animal rights groups. Ringling Bros. and Barnum & Bailey set the standard, and competing smaller circuses essentially followed with scaled-down versions. From the perspective of competition-based strategy, the circus industry appeared unattractive.

Another compelling aspect of Cirque du Soleil’s success is that it did not win by taking customers from the already shrinking circus industry, which historically catered to children. Instead it created uncontested market space that made the competition irrelevant. It appealed to a whole new group of customers: adults and corporate clients prepared to pay a price several times as great as traditional circuses for an unprecedented entertainment experience. Significantly, one of the first Cirque productions was titled “We Reinvent the Circus.”

Cirque du Soleil succeeded because it realized that to win in the future, companies must stop competing in red oceans. Instead they should create blue oceans of uncontested market space and make the competition irrelevant.

— Blue Ocean Strategy Cirque du Soleil Case Study

If you run a company that is struggling and want to leap forward in your performance, research what it would take to pivot your products to a blue ocean strategy.

From the book Blue Ocean Strategy by W. Chan Kim and Renée Mauborgne


Subscribe to Our Newsletter


Address (United States)

5695 Avery Road
Dublin, OH 43016

Address (United Kingdom)

31 Sapphire Rd
Bishop's Cleeve
Glos GL52 7YT

Talk to us

+1 (614)-401-3025