Iran hasn’t finished investigating its gas station cyber sabotage, but Tehran is pretty sure the Great and Lesser Satans are behind it. NSO Group says it’s going in a new, nicer direction. The Conti gang hits a luxury jewelry dealer, and another, unknown group hits an upscale art dealership. The Chaos gang is after Minecraft players (players who cheat). Caleb Barlow on pre-breach pre-approvals. Rick Howard introduces sand tables in cyber space. And sugar daddies come to the world of advance fee ...
Nov 01, 2021•23 min•Season 5Ep. 1450
Jadee Hanson, CIO and CISO at Code 42, started her technology journey thanks to the help of a teacher in high school. She began college studying computer science and ended with a degree in computer information systems as it had more of the business side. Working in the private sector for companies such as Deloitte, Target and Code 42, Jadee gained experience and specialized in insider risk. She notes "utopia for me and my team is to get to a spot where the team is just firing on all cylinders an...
Oct 31, 2021•8 min•Season 2Ep. 73
Dr. Tudor Dumitras from University of Maryland and joins Dave Bittner to share a research study conducted in collaboration with industry partners from Facebook, NortonLifeLock Research Group and EURECOM. The project is called: "When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World." In the study, the team analyzed how malware samples change their behavior when executed on different hosts or at different times. Such “split personalities” may confound th...
Oct 30, 2021•27 min•Season 3Ep. 207
Tensions between Iran and Israel rise as sources in Tehran blame Israel for hacking gas stations, and as apparent Iranian hacktivists dox Israeli defense personnel. A new ransomware strain is discovered. A criminal group is spoofing emails from Philippine agencies. Europol and partners sweep up a cyber gang. Betsy Carmelite from BAH on convergence of 5G and healthcare. Our guest is Justin Wray from CoreBTS with a look at the security issues facing online gaming and casinos. And the company forme...
Oct 29, 2021•28 min•Season 5Ep. 1449
Learn more about your ad choices. Visit megaphone.fm/adchoices
Oct 29, 2021•3 min
Iran continues its recovery from a cyberattack that disrupted subsidized fuel distribution. Wanted in Stuttgart (but living it up in Russia): ransomware kingpin Nikolay K. The Conti ransomware gang gets poor customer service notices. Food distribution is on the cybercriminals’ target lists. SolarMarker’s use of SEO poisoning. The US publishes a statement of strategic intent for its cybersecurity czar’s office. David Dufour from Webroot wonders if there’s any hope at slowing down malware. Our own...
Oct 28, 2021•26 min•Season 5Ep. 1448
Sudan is under a blackout as a military junta consolidates control over the government. Iran says a cyberattack--unattributed so far--was responsible for disrupting fuel distribution in that country. A novel loader is discovered. Operation Dark HunTor takes down a darkweb contraband market. The US FTC is looking into Facebook’s privacy settlement. The LockBit gang talks, and it’s insufferable. Andrea Little Limbago from Interos on government internet interventions. Carole Theriault weighs in on ...
Oct 27, 2021•26 min•Season 5Ep. 1447
Notes on ransomware and privateering: Conti’s barking at its victims, someone’s exploiting billing software, and BlackMatter repeated some coding errors its DarkSide predecessor committed. GCHQ suggests that the UK will undertake a more assertive imposition of costs on cyber gangs. The US State Department will reestablish its cyber bureau. Software supply chain cyberespionage, and what can be done about it. Ben Yelin on school laptop privacy concerns. Our guest is David White of Axio to discuss ...
Oct 26, 2021•28 min•Season 5Ep. 1446
SolarMarket infestations are up, and circulating through WordPress sites. More indications that REvil was taken down by a US-led but thoroughly international public-private partnership, and the other Russian privateers have their noses seriously out of joint. Russia’s SVR is getting busy in software supply chains. Criminals take advantage of the popularity of Squid Games. Dinah Davis from Arctic Wolf on how even hackers have internal politics. Rick Howard checks in with the Hash Table on complia...
Oct 25, 2021•24 min•Season 5Ep. 1445
Distinguished Cloud Strategist at Lacework, Mark Nunnikhoven, has gone from taking technology to its limits for his own understanding to providing clarity about security for others. Mark fell in love with his Commodore 128 and once he realized he could bend the machine to his will, it set him on the path to technology. While he had some bumps in the road, dropping out of high school and not following the traditional path in college, Mark did complete his masters in information security. His prof...
Oct 24, 2021•7 min•Season 2Ep. 72
Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42’s commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently a...
Oct 23, 2021•20 min•Season 3Ep. 206
REvil’s troubles appear to be the work of an international law enforcement operation. Other gangs have noticed, and they’re looking a little spooked, even as they evolve their tactics in a maturing criminal-to-criminal market. Questions are raised about the efficacy of surveillance tool export controls. Caleb Barlow has cyber security considerations for CEOs and boards. Our guest is Mickey Boodeai of Transmit Security on the movement to do away with passwords. And if you liked Y2K, you’re going ...
Oct 22, 2021•28 min•Season 5Ep. 1444
Evil Corp is identified as the operator behind the ransomware that hit the Sinclair Broadcast Group and Olympus. The US Defense Department complains of Russian toleration for ransomware gangs. The Fin7 gang has set up a front company to recruit talent. Betsy Carmelite from Booz Allen Hamilton on building mission-driven 5G security with zero trust. Our guest is Robert Carolina on ethics. And sentences are handed down in a bulletproof hosting case. For links to all of today's stories check out our...
Oct 21, 2021•28 min•Season 5Ep. 1443
The LightBasin “activity cluster” has been active indeed against telecom infrastructure in what looks like an espionage campaign. The Magnitude exploit kit adds capabilities for hitting Chromium browsers. An exploit broker is interested in cloud-based VPNs. Victims continue to pay in ransomware attacks. A hacker gets seven years for conspiracy to defraud and identity theft. David Dufour from Webroot looks at the coming threat landscape. Our guest is Paul Shread from eSecurity Planet on backup to...
Oct 20, 2021•25 min•Season 5Ep. 1442
A look at TA505, familiar yet adaptable. A US joint cybersecurity advisory outlines the BlackMatter threat to critical infrastructure. CISA asks industry for technical information on endpoint detection and response capabilities. Is REvil trying to run on reputation? The Sinclair Broadcasting ransomware incident seems to provide a case study in rapid disclosure. Carole Theriault considers the fight for online anonymity. Joe Carrigan shares steps to protect the C-Suite. And there’s a decryptor out...
Oct 19, 2021•22 min•Season 5Ep. 1441
The Sinclair Broadcast Group discloses that it sustained a ransomware attack over the weekend. Twitter kicks out two North Korean catphish deployed in a cyberespionage campaign. REvil goes offline, again, perhaps this time for good. Hacking back, at least insofar as you let the hoods know you can see them. Rick Howard previews the newest season of CSO Perspectives. Johannes Ullrich from SANS on Expired Domain Dumpster Diving. And an update on the Missouri disclosure and proposed hacking prosecut...
Oct 18, 2021•24 min•Season 5Ep. 1440
Linux and Security Advocate at Intezer Ell Marquez shares her journey from the family ranch to security. Needing a life change due to a bunch of circumstances that had occurred that left her almost homeless, Ell found out about a six week Linux boot camp that took her down the path toward technology. She fell in love security at at BSides Conference and hasn't looked back. Ell says she recently started a campaign called "it's okay to be new" noting that no matter how long you've been in the indu...
Oct 17, 2021•8 min•Season 2Ep. 71
Guest Michael DeBolt, Chief Intelligence Officer from Intel471, joins Dave Bittner to discuss their work on "How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates." McAfee Enterprise ATR believes, with high confidence, that the Groove gang is associated with the Babuk gang, either as a former affiliate or subgroup. These cybercriminals are happy to put aside previous Ransomware-as-a-Service hierarchies to focus on the ill-gotten gains to be made from controlling ...
Oct 16, 2021•21 min•Season 3Ep. 205
A CISA-issued Joint Advisory warns of threats and vulnerabilities at water and wastewater treatment facilities. CISA issues twenty-two other industrial control system advisories. Andrea Little Limbago from Interos on trends in the human element of security. Our guest is Gidi Cohen from Skybox with Vulnerability and Threat Trends. And the Governor of Missouri intends to prosecute the Saint Louis Post-Dispatch to the fullest extent of whatever the law turns out to be. For links to all of today's s...
Oct 15, 2021•23 min•Season 5Ep. 1439
Data breach extortion seems to be an emerging criminal trend. Notes on a darknet market’s retirement. Verizon advises Visible users to look to their credentials. Windows users’ attention is drawn to seven potentially serious vulnerabilities (all patchable). The Necro botnet is installing Monero cryptojackers. Organizing an international response to ransomware. Carole Theriault shares thoughts on social engineering. Dinah Davis from Arctic Wolf on the supply chain attack framework. And a quick lo...
Oct 14, 2021•26 min•Season 5Ep. 1438
A Chinese-speaking APT is distributing the MysterySnail RAT in what appears to be a cyberespionage campaign. Some users still haven’t patched vulnerable SolarWinds instances. Notes on yesterday’s Patch Tuesday. The US-convened international ransomware conference kicked off today, and Russia wasn’t invited. Former users of a criminal booter service get a stern warning letter from the Dutch police. Caleb Barlow reacts to a recent ransomware tragedy. Our guest is Rob Gurzeev of CyCognito on the sec...
Oct 13, 2021•30 min•Season 5Ep. 1437
Teheran is running password spraying attacks (especially on Thursdays and Sundays). More on the renewed popularity of DDoS attacks. NCSC warns British businesses against ransomware. Two journalists win the Nobel Peace Prize. Joe Carrigan shares his thoughts on GriftHorse. Our guest is Bindu Sundaresan from AT&T Cybersecurity football season and cyber risks. And watch out for small data cards in your peanut butter sandwiches, kids. For links to all of today's stories check out our CyberWire daily...
Oct 12, 2021•30 min•Season 5Ep. 1436
Our guest is author and journalist Steven Levy. He’s editor-at-large at Wired and his most recent book is "Facebook: The Inside Story. Steven offers his insights on Facebook’s internal research teams, Ben shares a newly-decided court case on whether Big Tech companies can be sued under the Anti-Terrorism statute, and Dave's got the story of some warrantless surveillance being declared unconstitutional in Colorado. While this show covers legal topics, and Ben is a lawyer, the views expressed do n...
Oct 11, 2021•44 min•Season 2Ep. 96
Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, Brandon Karpf, knew he wanted to join the military at a young age. He achieved that through the US Naval Academy where he was a member of the men's heavyweight rowing team. Commissioning into the cryptologic field as a naval cryptologic warfare officer, Brandon was sent to MIT for a graduate degree where he experienced the exact opposite end of the spectrum from USNA's structured life. Brandon's work with both NSA and US Cyber Co...
Oct 10, 2021•10 min•Season 2Ep. 70
Matt Stafford, Senior Threat Intelligence Researcher, from Prevailion joins Dave to talk about their work on "Diving Deep into UNC1151’s Infrastructure: Ghostwriter and beyond." Prevailion’s Adversarial Counterintelligence Team (PACT) used advanced infrastructure hunting techniques and Prevailion’s visibility into threat actor infrastructure creation to uncover previously unknown domains associated with UNC1151 and the “Ghostwriter” influence campaign. UNC1151 is likely a state-backed threat act...
Oct 09, 2021•17 min•Season 3Ep. 204
Google warns fourteen-thousand Gmail users that Fancy Bear has probably been after their passwords. FIN12, a fast-running ransomware group, is after hospitals’ and healthcare providers’ money. BlackMatter remains active against the agriculture sector. REvil is back and talking on the RAMP forum, but so far it’s getting a chilly reception. Twitch traces its vulnerability to a server misconfiguration. David Dufour from webroot wonders about cracking down on crypto. Our guest is Jeff Dileo of NCC o...
Oct 08, 2021•25 min•Season 5Ep. 1435
Cyberespionage seems undeterred by stern warnings. DDoS hits the Philippine Senate. The US Department of Homeland Security intends to issue cybersecurity regulations for passenger rail and airlines. The US Department of Justice intends to use the False Claims Act to bring civil actions against government contractors who fail to follow “recognized cybersecurity standards.” An update on the Twitch breach. Josh Ray from Accenture looks at what’s going on with Fancy Lazarus. Our guest is Sam Ingalls...
Oct 07, 2021•26 min•Season 5Ep. 1434
Twitch is breached. A newly discovered Iranian threat group is described. A Chinese cyberespionage campaign in India proceeds by phishing. SafeMoon alt-coin is trendy phishbait in criminal circles. As the US prepares to convene an anti-ransomware conference, Russian gangs show no signs of slacking off. Betsy Carmelite from BAH on AI/ ML in cyber defensive operations. Our guest is Adam Flatley of Redacted with recommendations from the Ransomware Task Force. And observations on what counts as comp...
Oct 06, 2021•31 min•Season 5Ep. 1433
Facebook restores service after dealing with an accidental BGP configuration issue. There’s now a data auction site for AvosLocker ransomware. Atom Silo ransomware is quiet, patient, and stealthy. The state of investigation into those two guys collared on a ransomware beef in Kyiv last week. Ben Yelin is skeptical of data privacy poll results. Our guest is Microsoft’s Ann Johnson, host of the newest show to join the CyberWire network, Afternoon Cyber Tea. And what would they have thought of the ...
Oct 05, 2021•29 min•Season 5Ep. 1432
The Pandora Papers leak erstwhile private financial transactions by the rich and well-connected (and it’s 150 mainstream news organizations who cooperated in bringing them to light). Flubot is using itself to scare victims into installing Flubot. Coinbase thieves exploited account recovery systems to obtain 2FA credentials. The US plans to convene an international conference on fighting cybercrime. Conti warns its victims not to talk to reporters. Andrea Little Limbago from Interos on modeling c...
Oct 04, 2021•26 min•Season 5Ep. 1431
