The Anatomy of Cloud Ransomware with Matt Castriotta
N2K logo
8 hours ago
The Anatomy of Cloud Ransomware with Matt Castriotta
Are your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host ⁠Caleb Tolin⁠, ⁠Matt Castriotta⁠, Field CTO for Cloud at ⁠Rubrik⁠, breaks down the tactical gaps exposed when organizations blindly replicate data center mindsets in public cloud networks. Castriotta charts the history of high-profile incidents from the Colonial Pipeline timeline up through modern adversaries like Scattered Spider and Storm-0501. He highlights how today's attackers move laterally by exploiting over-privileged, non-human identities to trigger malwareless mass deletion rather than relying on on-prem style encryption loops. The discussion pivots into an actionable critique of popular resilience assumptions. Castriotta details why relying on built-in features like S3 versioning and cross-region replication handles business continuity but leaves organizations entirely defenseless against automated cyber assaults. He delivers a precise operational roadmap for defining a "minimum viable business," establishing secure isolated recovery environments, and breaking the 80% ransomware reinfection cycle. This episode serves as an essential strategic guide for any enterprise trying to align the cloud shared responsibility model with predictable, audited return-to-service timelines.
Data Security Decoded
The Anatomy of Cloud Ransomware with Matt Castriotta
N2K logo
8 hours ago
The Anatomy of Cloud Ransomware with Matt Castriotta
Are your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host ⁠Caleb Tolin⁠, ⁠Matt Castriotta⁠, Field CTO for Cloud at ⁠Rubrik⁠, breaks down the tactical gaps exposed when organizations blindly replicate data center mindsets in public cloud networks. Castriotta charts the history of high-profile incidents from the Colonial Pipeline timeline up through modern adversaries like Scattered Spider and Storm-0501. He highlights how today's attackers move laterally by exploiting over-privileged, non-human identities to trigger malwareless mass deletion rather than relying on on-prem style encryption loops. The discussion pivots into an actionable critique of popular resilience assumptions. Castriotta details why relying on built-in features like S3 versioning and cross-region replication handles business continuity but leaves organizations entirely defenseless against automated cyber assaults. He delivers a precise operational roadmap for defining a "minimum viable business," establishing secure isolated recovery environments, and breaking the 80% ransomware reinfection cycle. This episode serves as an essential strategic guide for any enterprise trying to align the cloud shared responsibility model with predictable, audited return-to-service timelines.
Data Security Decoded

Cybersecurity News

Inside the Media Minds
N2K logo
2 hours ago
Inside the Media Mind of Joel Witts: Expert Insights
In this episode of #IMM, Christine and Madison sit down with Joel Witts, Director of Content and Co-Founder at Expert Insights.
SpyCast
N2K logo
4 hours ago
The Flip That Broke the Cali Cartel
Now that drug cartels can be labeled foreign terrorist organizations, how do you dismantle one? As part of his 26 years at the Drug Enforcement Administration, retired Special Agent Chris Feistl was on a team that brought the demise of the Cali Cartel in Colombia. One of the world’s biggest crime syndicates, the cartel earned billions each year. From selling marijuana in the 1970s, to harder drugs in the decades that followed, the so-called “Godfathers of Cali” bribed judges, lawmakers, police commanders, and military officers. They used Boeing 727s to haul drugs outside of Colombia, and they even funneled millions to a candidate who won the 1994 presidential election, effectively buying the race. The details are told in Chris’ book After Escobar and Season 3 of Netflix’s Narcos.
CyberWire Daily
N2K logo
18 hours ago
Meta’s recovery plan needed recovery.
Meta exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active attacks on SolarWinds Serv-U. WordPress sites face takeover through a widely used plugin. A new Gafgyt variant broadens its reach. Pink extortionists steal cloud data with vishing and legitimate tools. Plus, allegations against IBM and AT&T, a dark web drug dealer gets 26 years, and the Monday business brief. Tim Starks from CyberScoop discusses the ongoing debate over staffing and budget cuts at CISA. NATO lets Ukraine play the bad guy.
Daily Briefing
N2K logo
23 hours ago
Threat actors compromised more than 20,000 Instagram accounts via Meta's AI support tool.
Meta files contempt order against NSO Group. Nemisis Market dealer sentenced to 26 years in prison.
T-Minus
N2K logo
Jun 7, 2026
Spoofing ships, jamming drones: how GPS manipulation confuses and compromises.
GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning. As reliance on these systems have grown, so too have efforts by threat actors to disrupt them through techniques such as jamming and spoofing. As these attacks have become more effective, they are becoming increasingly common, especially in conflict zones where disruption and confusion can prove exceedingly valuable.
Signals and Space
N2K logo
Jun 7, 2026
Inside modern GPS attacks.
This week on T-Minus: Space-Cyber Briefing: we dive into two of the most common ways actors target GPS signals. Whether it be through jamming or spoofing attacks, actors are increasingly utilizing these vectors to disrupt communications, sow confusion, and engage more effectively in war operations.
Research Saturday
N2K logo
Jun 6, 2026
You've been muted...permanently.
⁠Ismael Valenzuela⁠, ⁠Arctic Wolf⁠’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data. The attackers built a self-reinforcing operation that captures victims’ webcam footage and Telegram sessions, then repurposes those assets alongside AI-generated images to create increasingly convincing fake meeting participants for future attacks. Researchers identified more than 100 victims across 20 countries, with the campaign primarily targeting CEOs, founders, investors, and senior leaders in the cryptocurrency, blockchain, and financial sectors as part of a long-running effort to steal digital assets and gain access to high-value networks.
Week that Was
N2K logo
Jun 6, 2026
President Trump signs an executive order on AI oversight.
Anthropic is reportedly helping the NSA deploy Mythos. Acer warns of two maximum-severity zero-days.
Story
N2K logo
Jun 5, 2026
The Real Measure of SOC Maturity with Ashu Savani from TryHackMe
Ashu Savani, Co-Founder of TryHackMe, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss what separates high-performing security teams from the rest. Ashu explores why true SOC maturity is measured by performance under pressure rather than training metrics alone, how AI can either accelerate success or amplify risk depending on its implementation, and why sustained team development and strong leadership are critical to building resilient security operations.
CyberWire Daily
N2K logo
Jun 5, 2026
The NSA gets an AI upgrade.
Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A browser supply-chain compromise and a university breach with unexpected victims. Our guest is Ashu Savani, Co-Founder at TryHackMe, discussing building high performing SOC & IR teams. The web becomes machine majority.
Daily Briefing
N2K logo
Jun 5, 2026
Anthropic is reportedly helping the NSA deploy Mythos.
Malware-as-a-service operation targets Minecraft players. DentaQuest breach affects 2.6 million accounts.
Story
N2K logo
Jun 4, 2026
Navigating AI Vulnerabilities and Machine-Speed Threats with Jason Kikta from Automox
Jason Kikta, CTO at Automox, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss why speed has become the defining challenge in modern cybersecurity. Jason explores how organizations can balance AI-driven innovation with practical risk management, why governance must evolve at the pace of technology, and how automation, strong fundamentals, and faster decision-making can help defenders keep up with increasingly compressed attack timelines.
Load More
Gain instant access to our exclusive podcast and briefing content, the Pro Academy, live events and more by subscribing to N2K Pro.
Subscribe Now