In Brief If you can't join them, then you may as well try to beat them - at least if you're a talented security engineer looking for a job and you happen to be a woman. 

As we've noted before, the infosec world moves at a glacial pace toward gender equity. It appears that's not the case in the cyber criminal underground, according to Trend Micro, which recently published a study in which it claims at least 30 percent - if not more - of cyber criminal forum users are women.

For its study, Trend Micro looked at five English-language cyber crime forums: Sinister, Cracked, Breached, Hackforums and (now defunct) Raidforum. And it inspected five Russian-language sites: XSS, Exploit, Vavilon, BHF and WWH-Club. 

To be fair, Trend Micro's methodology is a bit iffy - and the report itself admits as much. Users on these forums are are largely anonymous, necessitating use of tools like Semrush and uClassify's Gender Analyzer V5 to make what amounts to guesses - at best. 

Nonetheless, Trend Micro said it analyzed posts and traffic on the ten forums and found that, for English language sites, some 40 percent of users appear to be women, and 42.6 percent of Russian cyber crime forum users were women, or at least write like them.

"When compared to Stack Overflow, a developer and programming forum, only 12 percent of visitors were female," Trend Micro said of its use of Semrush. 

Gender Analyzer V5 is trained on 5,500 blog posts written by women, and the same number by men, in order to analyze language for signs of gendered usage, which Trend Micro used to analyze a subset of profiles on English site Hackforums and Russian XSS. According to the report, 36 percent of users at Hackforums were likely women based on their use of language, and 30 percent of XSS forum users were reportedly women based on the same analysis. 

So, what does that all mean? According to Trend Micro, it indicates that the cyber criminal underground is more meritocratic than the white hat world. 

"Developers are valued for their skills and experience, and not necessarily for their gender when it comes to conducting business in the underground," Trend Micro said. As such, they say that investigators should avoid defaulting to "he" when discussing cyber criminals. But there's a more obvious lesson to be learned here.

If you overlook qualified security professionals on the basis of gender, don't be surprised if they end up on your radar again. Though perhaps in the form of a researcher bearing a friendly breach notice, and not someone out for criminal profit.

Royal ransomware: Not just a healthcare problem anymore

The FBI and Cybersecurity and Infrastructure Security Agency released an advisory this week warning that the Royal ransomware variant isn't just targeting the healthcare sector anymore. It's expanded its reach to numerous critical infrastructure sectors.

As the US Department of Health and Human Services warned the medical world in December, the FBI and CISA said that Royal and the folks behind it have made ransom demands as high as £9.1 million ($11 million) since coming onto the scene last September. 

Along with healthcare, the FBI and CISA said that Royal's controllers have deployed it against manufacturing, communications and education organizations, though the pool of affected sectors isn't limited to those. 

Royal ransomware uses a partial encryption technique that helps it evade detection, and typically break into systems compromised via phishing attacks. The FBI and CISA did say the group behind Royal has also leveraged compromised RDP connections and exploited public-facing applications to gain a foothold,. Brokers have also been used, the agencies said. 

Ransomware attacks were reportedly down as of late 2022 - though with the caveat that, even at "lower" levels reported late last year, the total number of ransomware incidents was still higher than previous years. 

To avoid a Royal pain in the rear, CISA and the FBI recommend following the standard list of mitigations for such threats - like requiring multifactor authentication, keeping software up-to-date and the like. ®

https://www.theregister.com//2023/03/06/in_brief_security/