Verdict lists five of the most popular tweets on cybersecurity in Q2 2022 based on data from GlobalData’s Technology Influencer Platform.

The top tweets are based on total engagements (likes and retweets) received on tweets from more than 808 cybersecurity experts tracked by GlobalData’s Technology Influencer platform during the second quarter (Q2) of 2022.

1. Florian Roth’s tweet on the QuickBuck ransomware simulator

Florian Roth, head of research at the software development company Nextron Systems, tweeted on the company publishing the ransomware simulator called QuickBuck. The goal of the repository is to offer a simple and harmless way to check antivirus (AV) protection on ransomware. The tool thereby conducts different actions to simulate activity observed by a ransomware on endpoints, the article detailed. The company plans to use it in demos to showcase Sigma matching with Aurora.

The tool simulates typical ransomware behaviours, such as staging from a Word document macro, encrypting documents, deleting volume shadow copies, and dropping ransomware note to the user’s desktop, the article further noted.

Username: Florian Roth

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Twitter handle: @cyb3rops

Likes: 783

Retweets: 234

2. Brian Krebs’s tweet on the US DEA investigating an agency portal breach

Brian Krebs, an investigative correspondent, shared an article on the US Drug Enforcement Administration (DEA) stating that it is investigating reports on hackers gaining access to an agency portal that tapped into 16 distinct federal law enforcement databases. The intruder that they had logged into DEA with just a username and password, and no two-factor authentication (2FA). Reports suggest that the hack is related to a cybercrime and an online harassment community that constantly imitates the police and government officials to get personal information from their targets, the article highlighted.

The hackers tipped off the cybersecurity blog KrebsOnSecurity about the breach by using just a username and password for an unauthorised user of, which is the Law Enforcement Inquiry and Alerts (LEIA) system managed by the DEA. The Obama administration had published a document in May 2016 stating that the DEA’s El Paso Intelligence Center (EPIC) systems in Texas were available for use by the federal, state, local and tribal law enforcement, and the Department of Defense and intelligence community, the article noted.

EPIC and LEIA also have access to the DEA’s National Seizure System (NSS), which the DEA used to track property assumed to have been bought with the proceeds of criminal activity. The article detailed that the screenshots shared showed that the hackers could have used EPIC to look at several records related to motor vehicles, firearms, boats, drones, and aircraft.

Username: briankrebs

Twitter handle: @briankrebs

Likes: 690

Retweets: 395

3. Kim Zetter’s tweet on the availability of military-made cyberweapons on the darknet in a few years

Kim Zetter, a cybersecurity journalist, tweeted on military-made weapons and cybercrime malware being different only in terms of sophistication sometimes, or just the intent or how it is used. Zetter further shared an article detailing how military-made cyberweapons are likely to become available on the darknet, a hidden area of the internet that cannot be accessed by search engines, in a few years, according to concerns raised by Jurgen Stock, Interpol’s Secretary General. Cyberwar was always a topic of concern for governments worldwide, but it has got renewed attention after the Russia-Ukraine conflict, the article detailed. According to the World Economic Forum’s Global Cybersecurity Outlook report, the number of cyberattacks more than doubled across the world in 2021.

A top Interpol official further warned that digital tools used by the military to carry out cyberwarfare could ultimately end up in the hands of cybercriminals. Stock believes this could be dangerous for the physical world, as weapons used in the military would now be used by organised crime groups, and the same applies for digital weapons used by the military, the article noted. Cyberweapons come in several forms, with ransomware being a key one, where a ransom payment is involved to restore control of computer systems by hackers. Moscow has been accused of several cyberattacks that took place before and during its invasion of Ukraine.

Username: Kim Zetter

Twitter handle: @KimZetter

Likes: 200

Retweets: 38

4. Mark Russinovich’s tweet on Russia’s ongoing cyberattacks on Ukraine

Mark Russinovich, chief technology officer (CTO) of Microsoft Azure, the cloud computing platform operated by the technology Microsoft, shared an article on a company’s report that highlighted Russia’s continued cyberattack activity in Ukraine. For example, a day prior to the military invasion, operators linked to the Glavnoye Razvedyvatelnoye Upravlenie (GRU), Russia’s military intelligence service, unveiled destructive wiper attacks on hundreds of systems across the Ukrainian government, energy, IT, and financial organisations, the article highlighted. Since then, Russian cyberattack activities included efforts to destroy, upset, or enter the networks of government agencies, and other critical infrastructure organisations, which Russian military forces also targeted with missile strikes and ground attacks.

Microsoft’s security teams worked closely with cybersecurity officials at government organisations and with the government to detect and remediate threat activities against Ukrainian networks, the article further noted. For example, in January, the Microsoft Threat Intelligence Center (MSTIC) exposed the wiper malware in more than a dozen networks in Ukraine. Other malware families leveraged for damaging consequences included WhisperGate / WhisperKill, FoxBlade, aka Hermetic Wiper, SonicVote, aka HermeticRansom, CaddyWiper, DesertBlade, Industroyer2, Lasainraw, aka IssacWiper, and FiberLake, aka DoubleZero.    

Username: Mark Russinovich

Twitter handle: @markrussinovich

Likes: 176

Retweets: 79

5. Zack Whittaker’s tweet on Block’s data breach of its Cash App

Zack Whittaker, a security editor, shared an article on the software development company Block (previously Square) confirming a data breach involving its Cash App, which notified almost 8.5 million of its customers. The breach went undetected for four months, and eventually pointed to a former employee with insider access to customer data. The company stated in a filing with the Securities and Exchange Commission (SEC) on 4 April 2022 that the former employee had downloaded reports from the Cash App that included US customer information on 10 December 2021, the article detailed.

The accessed information included users’ full names and brokerage account numbers, and for some customers the data included brokerage portfolio value, brokerage portfolio holdings, as well as stock trading movement for one trading day, the article further noted. The company confirmed that no other personal information were accessed except for names, and it had contacted about 8.2 million customers present and past about the breach.

Username: Zack Whittaker

Twitter handle: @zackwhittaker

Likes: 162

Retweets: 108