Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integ...
Jun 13, 2021•5 min•Season 2Ep. 53
Guest Adam Tagert is a Science of Security (SoS) Researcher in the National Security Agency Research Directorate. The National Security Agency (NSA) sponsors the Science of Security (SoS) Initiative for the promotion of a foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyberdefense. Adam works in all aspects of SoS particularly in the promotion of collaboration and use of foundational cybersecurity research. He promotes rigorou...
Jun 12, 2021•24 min•Season 3Ep. 187
Diplomatic Backdoor afflicts Africa, Europe, and Southwest Asia. Electronic Arts source code stolen. “Fancy Lazarus” is back: despite the name, it’s an extortion gang, not an espionage service. An international law enforcement action takes down a credential market. Making good data available for AI research. There’s a growing appetite for cyber regulation in Washington. Thomas Etheridge from CrowdStrike looks at protecting cloud data, and Matt Chiodi of Palo Alto Networks' Unit 42 has highlights...
Jun 11, 2021•27 min•Season 5Ep. 1352
JBS discloses that it paid REvil roughly eleven-million dollars in ransom. REvil not only had a good haul, but the gang made a few points about its brand, too. Colonial Pipeline explains, and defends, its decision to pay ransom. The US Congress has a third-party problem that constituents may or may not notice. Dan Prince from Lancaster University on the science of cybersecurity. Our guest is Kris McConkey from PwC on their Cyber Threats 2020 - Report on the Global Threat Landscape. The FBI’s rec...
Jun 10, 2021•25 min•Season 5Ep. 1351
SentinelOne attributes the cyberespionage campaign against Russia’s FSB to Chinese services. President Biden replaces his predecessor’s bans on TikTok and WeChat with a process of engagement, security reviews, and data protection. More on the FBI-led Operation Trojan Shield. Privateering, again. NATO’s Article 5 in cyberspace. Joe Carrigan weighs in on recent high profile cyber incidents. Our guest is Shashi Kiran from Aryaka on their 2021 State of the WAN report. And notes on Patch Tuesday. For...
Jun 09, 2021•23 min•Season 5Ep. 1350
The FBI seized a large portion of the funds DarkSide obtained from its extortion of Colonial Pipeline. An international sweep stings more than eight-hundred suspected criminals who were caught while using an encrypted chat app law enforcement was listening in on. CISA advises users to update their VMware instances. A new phishing campaign distributes Agent Tesla. Ben Yelin examines renewed controversy surrounding Clearview AI. Our guest is Aimee George Leery from Booz Allen on the challenging in...
Jun 08, 2021•27 min•Season 5Ep. 1349
Dark Side seems to have attacked Colonial Pipeline through an old VPN account. Washington and Moscow prepare for this month’s summit, with cyber on the agenda. DDoS affects German banks. Anonymous may be back, and out to bring to book those who would troll Bitcoiners. Rick Howard looks at process management in security. David Dufour from Webroot on lessons learned from Exchange Server vulnerabilities. And one of Trickbot’s alleged authors has been arrested and arraigned on multiple charges in a ...
Jun 07, 2021•24 min•Season 5Ep. 1348
VP of Information Security at Barracuda Dave Farrow shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the ...
Jun 06, 2021•7 min•Season 2Ep. 52
Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research describes an interesting phishing campaign SpiderLabs encountered recently. In this campaign, the email subject pertains to a price revision, followed by some numbers. There is no email body, but there is an attachment about an ”investment.” The attachment’s convoluted filename contains characters the file-naming convention doesn’t allow, notably th...
Jun 05, 2021•19 min•Season 3Ep. 186
JBS recovers from its REvil ransomware attack, and this and other apparent instances of privateering will figure among the agenda at the upcoming US-Russia summit. (The US is said to be mulling retaliation.) The White House issues general advice on preparing for ransomware attacks. The Tokyo Olympic committee suffers a data breach. Ransomware may have interrupted some media livestreaming yesterday. Attribution in the MTA attack. Dinah Davis from arctic wolf helps prevent your SOC from becoming i...
Jun 04, 2021•25 min•Season 5Ep. 1347
Evil, your name is REvil, except when it’s Sodinokibi. That’s what the Bureau says about the JBS ransomware attack, anyway. The US is expected to make strong objections to Russian cyber privateering at the upcoming summit. Other ransomware incidents are disclosed by regional transportation operators. A possible Mustang Panda sighting. Andrea Little Limbago from Interos on cyber related executive orders. Our guest is Terry Halvorsen from IBM on the need for investment, research and collaboration ...
Jun 03, 2021•25 min•Season 5Ep. 1346
Food processing is also vulnerable to ransomware: the case of multi-national meat-provider JBS. The US and Russia are in communication about the possibility that the criminals responsible for the JBS incident might be harbored in Russia. Domains used in the USAID impersonation campaign have been seized by the US Justice Department. Our guest is Melissa Gaddis from TransUnion with results from their Global Consumer Pulse study. Joe Carrigan looks at criminals abusing online search ads. Siemens ad...
Jun 02, 2021•24 min•Season 5Ep. 1345
Iran’s wiper attacks may have been posing as criminal gang capers. CISA issues an alert on the USAID Constant Contact credential compromise. European governments express concern over reports of US surveillance (enabled, allegedly, by Danish organizations). Epsilon Red ransomware is out and active. Ben Yelin looks at Florida Governor DeSantis’ bill aimed at Social Media companies. Our guest is Giovanni Vigna from VMware with highlights from their 2020 Threat Landscape Report. And police come look...
Jun 01, 2021•25 min•Season 5Ep. 1344
Guest Lenny Zeltser, CISO of Axonius, sits down with the CyberWire's CSO and Chief Analyst Rick Howard to discuss one of Rick's favorite topics, zero trust. Lenny shares his views on this cybersecurity first principle, taking into account changes in mindsets during the COVID-19 pandemic that have necessitated many to move toward zero trust. Learn more about your ad choices. Visit megaphone.fm/adchoices
May 31, 2021•19 min•Season 6Ep. 41
Managing Director at Cerberus Sentinel, Chief Compliance Officer and the President of TalaTek, Baan Alsinawi shares her cybersecurity journey from a teenager who wanted to understand computers and held several positions in IT from help desk to systems engineering and cybersecurity. Founding her own business focusing on compliance, Baan says she spends maybe only 20% of her day on technical tasks and that there is always so more to do. Finding the right people for her team is a marker of success ...
May 30, 2021•6 min•Season 1Ep. 51
Guest Brandon Hoffman of Intel 471 joins Dave Bittner to share his team's research "How China’s cybercrime underground is making money off big data". Through Intel 471’s observation and analysis of open source information and behavior on multiple closed forums, they found actors adopting the use of legitimate big data technology for cybercrime and monetizing the data they obtain on the Chinese-language underground. The behavior Intel 471 analyzed points to a cycle that involves several different...
May 29, 2021•20 min•Season 3Ep. 185
A phishing campaign this week appears to be the work of Russia’s SVR. Chinese government threat actors continue to exploit unpatched Pulse Secure instances. FBI renews warnings about unpatched Fortinet appliances. Healthcare organizations still work to recover from ransomware. Rick Howard speaks with author Andy Greenberg on his book Sandworm. Ben Yelin weighs in on questions Senator Wyden has for the Pentagon. And a look at the criminal ransomware market, including the consultants who serve the...
May 28, 2021•27 min•Season 5Ep. 1343
Chinese-speaking operators are reported to be phishing to compromise devices belonging to Uyghurs. The US Department of Homeland Security issues pipeline cybersecurity regulations. Security companies take various approaches to offering decryptors against ransomware. Huawei would like to chat with President Biden. Rick Howard speaks with authors Peter Singer and Emerson Brooking on their book "LikeWar - The Weaponization of Social Media". Our guest is Darren Shou of NortonLifeLock on the findings...
May 27, 2021•23 min•Season 5Ep. 1342
Hafnium visits Belgium. “Low-sophistication” attacks on operational technology. Updates on healthcare sector ransomware attacks in New Zealand and Ireland. Wipers masquerading as ransomware. “Privateers” are defined as a new category of threat actor. TSA’s new standards for pipeline security. The World Economic Forum has advice for Boards in the oil and gas sector. Rick Howard interviews Liza Mundy on her book "Code Girls - The Untold Story of the American Women Code Breakers Who Helped Win Worl...
May 26, 2021•26 min•Season 5Ep. 1341
The CryptoCore campaign that looted cryptocurrency exchanges is said to have been the work of North Korea’s Lazarus Group. Insurers are taking a hard look at ransomware and the cyber insurance policies that might cover it. Managing ransomware risk, and a role for standards bodies. Can there be such a thing as responsible disclosure of decryptors and other remediation tools? Ransomware gangs regroup. Perry Carpenter previews the new 8th Layer Insights podcast. Rick Howard speaks with authors Doug...
May 25, 2021•25 min•Season 5Ep. 1340
Ransomware warnings in the US, Ireland, New Zealand, and Germany--healthcare organizations are said to be at particular risk. Belgium adopts a new cybersecurity strategy. China isn’t happy with freelance cryptominers. Air India sustains a third-party breach of passenger personal data. An FBI analyst is indicted for mishandling classified material. Rick Howard previews this week’s CSO Perspective podcast and kicks off cybersecurity canon week with author Perry Carpenter. And happy birthday, US Cy...
May 24, 2021•23 min•Season 5Ep. 1339
Senior Security Officer at Centers for Medicare and Medicaid Services Michael Bishop Jr. shares his journey from Army infantryman deployed to Iraq to working in cybersecurity. After 12 years in the U.S. Army, Mike found himself in a rough spot. Looking for work and having some personal challenges, Mike's mentor, an Army officer he met while enlisted, recognized Mike's struggles and helped to nudge him toward cybersecurity. Mike credits his mentor with helping him transition to where he is today....
May 23, 2021•6 min•Season 1Ep. 50
Guest Joe Slowik joins us from DomainTools to discuss his team's research "COVID-19 Phishing With a Side of Cobalt Strike." Multiple adversaries, from criminal groups to state-directed entities, engaged in malicious cyber activity using COVID-19 pandemic themes since March 2020. Adversaries continue to leverage the pandemic, arguably the most significant issue globally as of this writing, in various ways. Yet the most persistent avenue remains using COVID-19 themes for building malicious documen...
May 22, 2021•25 min•Season 3Ep. 184
The US remains officially mum on whether it took down DarkSide, but it still looks as if the ransomware gang absconded on its own. Colonial Pipeline now faces legal fallout from its ransomware incident. Speculation about how states might handle cyber privateering. Conti’s attack on HSE is described as “catastrophic.” Russia says it was hit by foreign cyber mercenaries last year. Craig Williams from Cisco Talos explains Discord abuses. Our guest is Jon Ford from Mandiant on their M-Trends 2021 re...
May 21, 2021•28 min•Season 5Ep. 1338
Did DarkSide really see the light and shut down, with a sincere promise of reform and restitution, or is the gang just rebranding? Researchers look at DarkSide ransomware and find complexity and sophistication. Israel says airstrikes in Gaza were intended to take out Hamas cyber ops facilities. Poor practices seem to have exposed data of millions of Android app users. Phishing from call centers and cloud services. David Dufour from Webroot looks at hacker psychology. Our guest is Rob Price from ...
May 20, 2021•23 min•Season 5Ep. 1337
Colonial Pipeline corrected yesterday’s IT glitch, and its CEO explains the decision to pay the ransom. A rundown of recent ransomware activity. A watering hole for water utilities? Credential harvesting and cryptojacking in the cloud. A banking Trojan spreads from Brazil to Europe. Joe Carrigan looks at keyboard biometrics. Our guest Dotan Nahum from Spectral on shifting left in security development. And the metaphysics of attribution. For links to all of today's stories check out our CyberWire...
May 19, 2021•26 min•Season 5Ep. 1336
A new RIG campaign is distributing WastedLocker. The US Congress considers two bills informed by the Colonial Pipeline incident, and Congressional committees are looking at the company’s response to the attack. More ransomware gangs go offline, but Conti is still trying to collect from the Irish government. Double encryption appears to be an emerging trend in ransomware. Ben Yelin looks at insurance companies clamping down on ransomware payments. Our guest is Nick Gregory of Capsule8 with though...
May 18, 2021•25 min•Season 5Ep. 1335
Japan calls out China for cyberespionage. Colonial Pipeline restores service, as organizations look to their own vulnerability to ransomware. The DarkSide gang may have said it’s going out of business, but it’s at least as likely, probably likelier, that they’re either rebranding or absconding. Two other gangs are in business: Conti is hitting Irish health organizations, and Avaddon says it compromised insurer AXA. (AXE-uh) Rick Howard looks at new responsibilities for CISOs. Our guest is Samant...
May 17, 2021•23 min•Season 5Ep. 1334
The Zero Trust security model asserts that organizations should not trust anything within its perimeters and instead must inspect every traffic and verify anything connecting to its systems before granting access. While Zero Trust is generating a lot of buzz in the cyber world, it’s often hard to determine the implications of this security model. In this episode of CyberWire-X, guests will discuss the origins of the model, cut through the hype, and discuss what you really need to know to design,...
May 16, 2021•33 min•Season 1Ep. 14
Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity. Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situation...
May 16, 2021•6 min•Season 1Ep. 49
