Created with Sketch.
The CyberWire Daily
25 minutes | 9 hours ago
2021 may look a lot like 2020 in cyberspace, only moreso. Cold chain cyberespionage. Cybercriminals are also interested in COVID-19 vaccines. And beware of online dog fraud.
Predictions for 2021 focus on ransomware: it’ll be better, more aggressive, bigger, and a greater problem in every way. Cyberespionage and the cold chain. Cybercriminal interest in COVID-19 vaccines extends to both theft and fraud. Johannes Ullrich on the .well-known Directory. Our guest is Michael Magrath from OneSpan on what the financial sector needs to consider now that we’re post-election season. And what’s one effect of the pandemic? Dog fraud. Ask the Better Business Bureau.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/233
24 minutes | a day ago
Cyberespionage and influence operations against prospective members of the incoming US Administration. Cold chain attacks. TrickBoot. Vasya, what do you do for a living?
Chinese intelligence services are prospecting think tanks and prospective members of the next US Administration. Spearphishing the vaccine cold chain. Expect vaccine-themed phishing. After a temporary, pre-US election suppression, TrickBot’s back. Holiday shopping season is bot-season. Consumers are thought likely to get upset about smart device privacy in 2021. Awais Rashid from Bristol University on privacy at scale. Our guest is JP Perez-Etchegoyen from Onapsis on the risk associated with interconnected cloud and SaaS apps. And suppose you’re a cybercriminal...we know, but suppose. What do you tell your sweetie you do for a living?For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/232
26 minutes | 2 days ago
The Shadow Academy schools anglophone universities. Turla’s Crutch. Cryptojacking as misdirection. Cyberespionage against think tanks. DPRK tries to steal COVID-19 treatment data.
The Shadow Academy prospects universities in a domain shadowing campaign. Notes on Turla’s Crutch, an information-stealing backdoor. Bismuth was using crytpojacking as misdirection. CISA and the FBI warn think tanks that cyberspies are after them. North Korean cyberespionage is interested in COVID-19 treatments. Our guest is Carey O’Connor Kolaja from AU10TIX on combating fraud in the financial services and payment industry. David Dufour from Webroot has 2021 predictions. And a member of the Apophis Group gets eight years in prison.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/231
21 minutes | 4 days ago
Cryptojacking cyberspies sighted. Crooks mix banking Trojans and ransomware. Conti ransomware hits industrial IoT company. SCOTUS reviews CFAA. And predictions.
Cryptojacking from Hanoi. Dormant networks rise again, for no easily discernible reason (but it doesn’t look good). A gang is hitting German victims with the Gootkit banking Trojan, and sometimes mixing it up with a REvil ransomware payload. Conti ransomware hits IoT chipmaker. SCOTUS reviews the Computer Fraud and Abuse Act. A few predictions for 2021. Ben Yelin on Congress passing an IoT security bill. Our guest is Stephen Harvey from BitSight, who’s tracking the correlation between companies with strong cybersecurity and financial success. And it may be back to school tomorrow in Baltimore County.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/230
24 minutes | 5 days ago
Phishing for COVID-19 vaccine data. Bandook is back, and mercenaries have it. School’s out for ransomware. Skepticism about foreign election manipulation. The forever sales.
North Korean operators phish a major pharma company. The Bandook backdoor is back, and probably being distributed by mercenaries. A school district cancels classes after a ransomware attack. Man U continues to work on recovering its systems. Former CISA Director says there are no signs of foreign manipulation of US elections. Rick Howard wonders what exactly all those CISOs do. Betsy Carmelite from Booz Allen with insights from their 2021 Cyber Threat Trends Report. And Cyber shopping and the forever sales.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/229
7 minutes | 6 days ago
Camille Stewart: Technology becomes more of an equalizer. [Legal] [Career Notes]
Cybersecurity attorney Camille Stewart shares how her childhood affinity for making contracts pointed to her eventual career as an attorney. Having a computer scientist father contributed to Camille's technical acumen and desire to include technology in her life's work. Camille has worked various facets of cybersecurity law from the private sector, federal government, on the Hill and in the Executive Branch, and now as part of Big Tech as Head of Security Policy and Election Integrity for Google Play and Android where she creates policy geared towards making sure users are safe on their platform and equipped to make informed decisions.. We thank Camille for sharing her story with us.
20 minutes | 7 days ago
Encore: Using global events as lures for malicious activity.
The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them.This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today's protections, which can be costly, or pivot to enticing a user to help you. In today's threat landscape, adversaries are always trying to develop and implement the most effective lures to try and draw users into their infection path. They've tried a multitude of different tactics in this space, but one always stands out — current events.Joining us on this week's Research Saturday from Craig Williams from Cisco's Talos Outreach team to walk us through how current events are used as lures.The research and blog post can be found here: Adversarial use of current events as lures
24 minutes | 12 days ago
Ups and downs in the cyber underworld. Enduring effects of COVID-19 in cyberspace. Safer online shopping. “Take me home, United Road, to the place I belong, to Old Trafford, to see United…”
Qbot is dropping Egregor ransomware, and RagnarLocker continues its recent rampage. Cryptocurrency platforms troubled by social engineering at a third party. TrickBot reaches version 100. Stuffed credentials exposed in the cloud. COVID-19 practices may endure beyond the pandemic. Advice for safer online shopping over the course of the week. Malek Ben Salem from Accenture Labs has methods for preserving privacy when using machine learning. Rick Howard digs deeper into SOAR. And someone’s hacking a Premier League side.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/226
6 minutes | 13 days ago
James Hadley: Spend time on what interests you. [CEO] [Career Notes]
Founder and CEO of Immersive Labs James Hadley takes us through his career path from university to cybersecurity startup. James tells us about his first computer and how he liked to push it to its limits and then some. He joined GCHQ after college and consulted across government departments. Teaching in GCHQ's cyber summer school was where James felt a shift in his career. As a company founder, he shares that he is very driven, very fast and also very caring. James offers advice to those looking to get into the industry recommending they chase what interests them rather than certifications. We thank James for sharing his story with us.
18 minutes | 14 days ago
Misconfigured identity and access management (IAM) is much more widespread. [Research Saturday]
Identity and access are intrinsically connected when providing security to cloud platforms. But security is only effective when environments are properly configured and maintained. In the 2H 2020 edition of the biannual Unit 42 Cloud Threat Report, researchers conducted Red Team exercises, scanned public cloud data and pulled proprietary Palo Alto Networks data to explore the threat landscape of identity and access management (IAM) and identify where organizations can improve their IAM configurations.During a Red Team exercise, Unit 42 researchers were able to discover and leverage IAM misconfigurations to obtain admin access to a customer’s entire Amazon Web Services (AWS) cloud environment – a potentially multi-million dollar data breach in the real-world. These examples highlight just how serious the failure to secure IAM can be for an organization.Joining us in this week's Research Saturday to discuss the report for Palo Alto Networks' Unit 42 is CSO of Public Cloud, Matt Chiodi.The research can be found here:Highlights from the Unit 42 Cloud Threat Report, 2H 2020
26 minutes | 15 days ago
Prime Minister Johnson tells Parliament about the National Cyber Force. Vietnam squeezes Facebook. Chinese cyberespionage. SEO poisoning. Printing ransom notes. CISA leadership.
Her Majesty’s Government discloses the existence of a National Cyber Force. Hanoi tells Facebook to crack down on posts critical of Vietnam’s government. Chinese cyberespionage campaign targets Japanese companies. Egregor ransomware prints its extortion notes in hard copy. SEO poisoning with bad reviews. Mike Benjamin from Lumen on credential stuffing and password spraying. Our guest is Mark Forman from SAIC with a look at government agencies' COVID-19 response. And CISA may have a permanent director inbound.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/225
24 minutes | 16 days ago
Haunted virtual meetings. AWS APIs share vulnerabilities. US Intelligence Community conducts a post mortem on 2020 foreign election interference. Meet the future (a lot like the present, only moreso).
Ghosts in the virtual machines. Cloudbursts in the forecast. The US Intelligence Community is preparing a report on foreign election interference. CISA has a new interim director. A view of the threat landscape from Canada. Caleb Barlow from Cynergistek on reclassifying the internet as critical infrastructure. Our guests are Shai Cohen and Brooke Snelling from TransUnion on building trust in a digital consumer landscape. And a look into the near future.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/224
23 minutes | 17 days ago
Dream a FunnyDream of me. US CISA Director dismissed. Facebook, Twitter CEOs virtually visit the US Senate. Huawei CFO extradition update. Bad passwords.
FunnyDream? No, it’s real: a cyberespionage crew operating against Southeast Asian governments. President Trump fires US CISA Director Krebs. Twitter and Facebook CEOs testify before the Senate as legislators consider Section 230. The extradition hearing for Huawei’s CFO continues in Vancouver. Joe Carrigan looks at fleeceware on the Google Play store. Rick Howard speaks with Tenable’s Steve Vintz on communication between C-Suites and security teams. And the most common passwords in 2020 are now out, and “password” only comes in at Number 4. We’re not sure that really represents progress, because wait ‘til you hear Number 1.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/223
24 minutes | 19 days ago
Cyberespionage and international norms of conduct in cyberspace. DarkSide establishes storage options for its affiliates. TroubleGrabber in Discord. Unapplied patches.
Nation-states continue to probe COVID-19 vaccine researchers. The Global Commission on the Stability of Cyberspace proposes international norms for promoting stability in cyberspace. DarkSide ransomware-as-a-service operators sweeten their offer with storage options. TroubleGrabber is stealing credentials via Discord. SAD DNS code pulled from GitHub. Betsy Carmelite from Booz Allen with a forward-looking view of 5G. Rick Howard takes a look at SOAR. Many patches remain unapplied, and CMMS wants US Defense contractors to move toward positive security. For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/221
6 minutes | 20 days ago
Malek Ben Salem: Taking those challenges. [R&D] [Career Notes]
Americas Security R&D Lead for Accenture Malek Ben Salem shares how she pivoted from her love of math and background in electrical engineering to a career in cybersecurity R&D. Malek talks about her interest in astrophysics as a young girl, and how her affinity for math and taking on challenges lead her to a degree in electrical engineering. She grew her career using math for data mining and forecasting eventually pursuing a masters and PhD in computer science where she shifted her focus to cybersecurity. Malek now develops and applies new AI techniques to solve security problems at Accenture. We thank Malek for sharing her story with us.
25 minutes | 21 days ago
That first CVE was a fun find, for sure. [Research Saturday]
In the late 90s, hackers who discovered vulnerabilities would sometimes send an email to Bugtraq with details. Bugtraq was a notification system used by people with an interest in network security. It was also a place that might have been monitored by employees of software companies looking for reports of vulnerabilities pertaining to their software. The problem was - there wasn't an easy way to track specific vulnerabilities in specific products. It was May 1999. Larry Cashdollar was working as a system administrator for Bath Iron Works under contract by Computer Sciences Corporation. Specifically, he was a UNIX Systems Administrator, level one. His team managed over 3,000 UNIX systems across BIW's campuses. Most of these were CAD systems used for designing AEGIS class destroyers. This position gave me access to over 3,000 various flavors of UNIX ranging from Sun Solaris to IBM AIX.Joining us in this week's Research Saturday to discuss his journey from finding that first CVE through the next 20 years and hundreds of CVEs is Akamai Senior Response Engineer Larry Cashdollar.The research can be found here: MUSIC TO HACK TO: MY FIRST CVE AND 20 YEARS OF VULNERABILITY RESEARCH
25 minutes | 22 days ago
CISA offers its assessment (high) of US election security. An alleged GRU front media group is fingered. Notes on cybercrime, and one cheap proof-of-concept.
CISA says US elections were secure, that recounts are to be expected in tight races. (But election-themed malspam continues, of course.) A news platform is flagged as a GRU front. A new ransomware strain takes payment through an Iranian Bitcoin exchange. The Jupyter information-stealer is out and active. David Dufour on detecting deepfakes and misinformation. Dr. Jessica Barker on her new book Confident Cyber Security - How to Get Started in Cyber Security and Futureproof Your Career. And PlunderVolt is a $30 proof-of-concept.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/220
23 minutes | 23 days ago
An overview of threat actors, two proofs of concept, and an IoT botnet bothers the cloud. Patch Tuesday notes. And control yourself, sir.
BlackBerry tracks a mercenary group providing cyberespionage services. A rundown from Dragos on threat actors engaging with industrial targets. An Iot botnet is active in the cloud. A research team offers a new proof-of-concept for DNS cache poisoning, and another group of researchers demonstrates a novel power side-channel attack. Patch Tuesday notes. Joe Carrigan wonders if you’re likely to get your money’s worth when paying baddies. Our guest is Michael Daniel from the CTA on the merging fields of cybersecurity and information operations. And a pro-tip: you do know that they can usually see you on Zoom, right?For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/9/219
4 minutes | 24 days ago
shadow IT (noun) [Word Notes]
As we are not publishing in observance of Veterans Day, we thought you might like to check out a couple of episodes of our weekly Word Notes short form podcast that comes out on Tuesdays. Check it out and subscribe today! Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow IT as completely negative. Those unauthorized systems were nothing more than a hindrance that created more technical debt in organizations that were already swimming in it with the known and authorized systems.
4 minutes | 24 days ago
remote access Trojan or RAT (noun) [Word Notes]
As we are not publishing in observance of Veterans Day, we thought you might like to check out a couple of episodes of our weekly Word Notes short form podcast that comes out on Tuesdays. Check it out and subscribe today! From the intrusion kill chain model, a program that provides command and control services for an attack campaign. While the first ever deployed RAT is unknown, one early example is Back Orifice made famous by the notorious hacktivist group called “The Cult of the Dead Cow,” or cDc, Back Orifice was written by the hacker, Sir Dystic AKA Josh Bookbinder and released to the public at DEFCON in 1998.
Terms of Service
© Stitcher 2020