Russia escalates its hybrid war against Ukraine, with cyber implications for the rest of the world. Xenomorph banking Trojan hits European Android users. APT10’s months-long espionage campaign against Taiwan’s banks. Hive ransomware’s flawed encryption is good news. Trickbot’s place in the C2C market. Joe Carrigan shares the latest evolution of business email compromise. John Pescatore’s Mr. Security Answer Person returns. And there’s a right way and a wrong way to keep your teen offline. For li...
Feb 22, 2022•29 min•Season 6Ep. 1520
As we break to observe Washington's birthday, our team thought you might like to try a sample of a CyberWire Pro podcast called Interview Selects. These podcasts are a series of extended interviews, exclusives, and a curated selection of our most engaging and informative interviews over the years, featuring cyber security professionals, journalists, authors and industry insiders. In this extended interview, Dave Bittner speaks with Kenneth Geers from NATO's CCD COE on "Cyber War in Perspective: ...
Feb 21, 2022•24 min
Afternoon Cyber Tea with Ann Johnson is a CyberWire Network podcast created by Microsoft Security. It's a bi-weekly show that comes out every other Tuesday. We thought you would enjoy this episode in particular and hope you consider subscribing in your favorite podcast app. Diana Kelly, the co-founder, and CTO of SecurityCurve, a cybersecurity consulting firm, joins Ann Johnson on this episode of Afternoon Cyber Tea. Diana is a globally known security expert who donates much of her time voluntee...
Feb 21, 2022•30 min
Senior security engineer with the Johns Hopkins University Information Security Institute and the Institute for Assured Autonomy, Joe Carrigan, shares what he calls his life mistake and what spurred him to finally choose a career in technology. Throughout his life, Joe had interest in technology, he even worked at the computer lab in college, but never set his sights on that for a career. A conversation with a stranger guided him in that direction and he's been there ever since. As co-host of th...
Feb 20, 2022•9 min•Season 2Ep. 88
If 2021 taught us anything, it’s that our supply chain–especially our technical supply chain–hangs in the balance of a very fragile system. The year came to a close with the announcement of the Log4j zero day. Talk about saving the best for last. On this episode of CyberWire-X, the CyberWire's Rick Howard speaks with Tom Quinn CISO at T. Rowe Price, about the topic. Show Sponsor ExtraHop’s Head of Product, Ted Driggs, joins the CyberWire's Dave Bittner to examine what Log4Shell tells us about th...
Feb 20, 2022•32 min•Season 1Ep. 25
Guest Marcelle Lee, Senior Security Researcher and Emerging Threats Lead, from SecureWorks joins Dave to share her team's work on "Ransoms Demanded for Hijacked Instagram Accounts." An extensive phishing campaign has targeted corporate Instagram accounts since approximately August 2021. The threat actors demand ransoms from the victims to restore access. Organizations typically focus on traditional enterprise cybersecurity threats. However, some threats are more subtle, targeting organizations o...
Feb 19, 2022•22 min•Season 5Ep. 220
False flags and disinformation in Ukraine, as Western governments warn of the risk of both Russian escalation and the prospects of cyberattacks spreading beyond Ukraine’s borders. Log4j “Day-1” vulnerabilities exploited in the wild. Threat actors deployed a wiper in the course of hijacking Iranian television. The Kraken botnet is evolving, picking up an information-stealing capability. Our guest is Brittany Allen of Sift to discuss the DOJ seizing 3.6B worth of stolen crypto. Chris Novak from Ve...
Feb 18, 2022•28 min•Season 6Ep. 1519
Provocation may have begun in Ukraine, and no one but Russia can see any signs of a Russian withdrawal of troops to garrison. Recent DDoS attacks in Ukraine are seen as an influence operation. The compromise of International Red Cross data has been tentatively attributed to an unnamed state actor. Johannes Ullirch from SANs shares a fancy phish. Our guests are Mike Theis and Stacy Hadeka from Hogan Lovells to discuss the cyber aspects of the False Claims Act. And Microsoft describes ice phishing...
Feb 17, 2022•28 min•Season 6Ep. 1518
US agencies warn of Russian cyberespionage against cleared defense contractors. Updates on the Russian pressure against Ukraine. ShadowPad as China’s RAT of choice. BlackCat claims to have leaked data stolen in a double-extortion ransomware attack. Follow the bouncing QR code. Dinah Davis from Arctic Wolf on Canada’s government ransomware playbook. Rick Howard chats with Bill Mann from Styra on DevSecOps. And if you’re addicted to cryptocurrency speculation, the first step in recovery is admitti...
Feb 16, 2022•30 min•Season 6Ep. 1517
Reports of cyberattacks against Ukrainian targets as the parties to the crisis resume negotiations. The US has been forthcoming with intelligence on Russia’s ambitions in the region; those revelations form part of an influence strategy. An apparent criminal group is targeting aviation and related sectors. BlackCat ransomware victims are having difficulty recovering. Why conditions favor romance scams. Ben Yelin looks at pending cyber breach notification laws. Our guest Padraic O'Reilly from Cybe...
Feb 15, 2022•26 min•Season 6Ep. 1516
The US and the UK warn of the possibility of false-flag provocations as Russia keeps the pressure on Ukraine. NATO members and others issue warnings of the threat of Russian cyber operations spilling over the Ukrainian border. Two US Senators want an accounting from the CIA over an alleged bulk collection operation. No charges filed in the case of a reporter who viewed a website source. Hacktivism and vigilantism. 49ers hacked. Daniel Prince from Lancaster University on improving security in agi...
Feb 14, 2022•24 min•Season 6Ep. 1515
CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and t...
Feb 13, 2022•7 min•Season 2Ep. 87
Guests Avigayil Mechtinger and Ryan Robinson from Intezer discuss SysJoker malware, a backdoor that targets Windows, Linux and MacOS, Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. In December 2021, the team at Intezer discovered a new multi-platform backdoor that targets Windows, Mac, and Linux. The Linux and Mac versions are fully undetected...
Feb 12, 2022•14 min•Season 5Ep. 219
Update on Russia’s hybrid threat to Ukraine, with observations on possible international spillover. Vodafone Portugal continues its recovery. The FritzFrog peer-to-peer botnet is back, and has resumed operations against government, healthcare, and education targets. Caleb Barlow warns of attacks coming from inside your network. Our guest is Tom Boltman of Kovrr on the shift in the cyber insurance market due to ransomware. And there’s a new wrinkle in the old familiar Nigerian prince scam–did you...
Feb 11, 2022•28 min•Season 6Ep. 1514
Ukraine takes down two botfarms pushing panic. Thoughts on hybrid warfare. Russia and China explain how we ought to see the political and online worlds. Digital frameups are reported in India. Lazarus phishes with bogus job offers. Espionage services looking for journalists’ sources. David Dufour from Webroot ponders the Metaverse. Our guest is Amanda Fennell, host of the Security Sandbox podcast. And public and private-sector warnings about ransomware. Learn more about your ad choices. Visit me...
Feb 10, 2022•28 min•Season 6Ep. 1513
Britain’s Foreign Office sustained a cyberattack last month (the details are secret). Poland stands up a Cyber Defense Force as Europe and North America raise their level of cyber readiness. Negotiations over the Russian pressure on Ukraine are likely to be protracted. Threats to multi-cloud environments. Patch Tuesday notes. Dinah Davis from Arctic Wolf on keeping kids safe online. Carole Theriault examines Mozilla’s Privacy Not Included campaign. And Razzlekhan rocks the mic with her mad skill...
Feb 09, 2022•26 min•Season 6Ep. 1512
Diplomacy continues over the Russian threat to Ukraine. In the meantime, hacktivists and others are said to be receiving crowdfunding through alt-coin remittances. The Molerats are back, and they have some new tools. Right-to-left override is being seen again in the wild. Vodafone Portugal is taken offline by a cyberattack. Joe Carrigan on Meta’s ten billion dollar privacy hit. Our guest is Greg Otto from Intel 471 to discuss shifts in ransomware strains. And two arrests are made in a money-laun...
Feb 08, 2022•27 min•Season 6Ep. 1511
The FSB is active against Ukrainian targets as NATO continues to work out the cybersecurity assistance it will provide Kyiv. BlackCat is found to be connected to the DarkSide gang, either as a superseding affiliate or as a simple rebranding of the same old crew. The FBI issues an alert about LockBit. Kevin Magee from Microsoft on their final report on Nobellium and the Solar Winds attack. Rick Howard steers the hash table toward supply chains. And the US has indicted six call centers in India on...
Feb 07, 2022•26 min•Season 6Ep. 1510
Guest Danny Adamitis from Black Lotus Labs joins Dave to discuss their team's new research "New Konni Campaign Kicks the New Year Off by Targeting Russian Ministry of Foreign Affairs." Black Lotus Labs, the threat research team of Lumen Technologies, uncovered a series of targeted actions against the Russian Federation’s Ministry of Foreign Affairs (MID). Based upon the totality of information available and the close correlation with prior reporting, we assess with moderate confidence these acti...
Feb 05, 2022•19 min•Season 5Ep. 218
Primitive Bear is snuffling around Ukraine, and Russia may be preparing deepfake video to lend legitimacy to its claims with respect to its neighbor. European ports and other logistical installations are under attack by ransomware, apparently uncoordinated criminal activity. Daniel Prince from Lancaster University on safeguarding IoT in Healthcare. Our guest is Chris Wysopal of Veracode with research on increases in automation and componentization in software development. And a Chinese APT is sa...
Feb 04, 2022•27 min•Season 6Ep. 1509
Ukraine and NATO increase their cyber readiness. Chinese cyberespionage has been looking closely at financial services in Taiwan. Hacktivists hit Iranian state television. Arid Viper is phishing for targets in the Palestinian Territories, and apparently doesn’t care who knows it. BlackCat ransomware implicated in attacks on German fuel distribution firms. Verizon’s Chris Novak shares his thoughts on the cyber talent pool. Our guest is Torin Sandall from Styra on Open Policy Agent. And, Bro, trea...
Feb 03, 2022•29 min•Season 6Ep. 1508
Tensions between Russia and Ukraine, and between Russia and NATO, remain high as diplomacy is at a temporary impasse: both sides have stated their incompatible positions and are consulting with their allies. NATO prepares to render cyber assistance to Ukraine. An unspecified cyberattack affects gasoline distribution in Germany. The White Tur threat group borrows heavily from several APTs, but itself remains mysterious. Charming Kitten gets some new claws. Caleb Barlow on Harvard’s analysis of Eq...
Feb 02, 2022•26 min•Season 6Ep. 1507
No progress so far in talks over the Ukraine crisis, as Moscow’s diplomacy and influence operations merge in a narrative of a Russia beset by armed Nazis, goaded on by a greedy America that doesn’t want Russia competing in world markets. Ransomware and cyberthreats to OT systems. Ramnit is still up and at em in the banking Trojan world. Bots are following big brands in NFT markets, with predictable effects. Ben Yelin has an update on NSO Groups’s marketing attempts to the FBI. An introduction to...
Feb 01, 2022•31 min•Season 6Ep. 1506
The US takes Russia to the UN Security Council over its threat to Ukraine, and, while Russian forces remain in assembly areas, a campaign of cyberattack and influence operations continues. Western powers, notably the UK and the US, are preparing sanctions against Russia. Elsewhere, ongoing ransomware and social engineering. Dinah Davis from Arctic Wolf on Linux malware via IoT devices. Rick Howard shares his favorite sources for keeping up to date. And there’s a pair of decisions in a long-runni...
Jan 31, 2022•28 min•Season 6Ep. 1505
Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small non...
Jan 30, 2022•9 min•Season 2Ep. 85
Applying Zero Trust principles to access rights can be tricky given the volume and dynamic nature of services in the cloud. Serverless computer services, like AWS Lambda, multiply the volume of identities to manage. These cloud services often have excessive permissions to access sensitive data and can become a potential entry point for an attacker to exploit. The CyberWire's Rick Howard speaks with Scott Farber, Principal Cyber Architect & Zero Trust Technical Lead at MITRE about the topic. Show...
Jan 30, 2022•34 min•Season 1Ep. 24
Guest Sylvester Segura from the Symantec Threat Hunter Team joins Dave to discuss their team's work on "Espionage Campaign Targets Telecoms Organizations across Middle East and Asia." Attackers most likely linked to Iran have attacked a string of telecoms operators in the Middle East and Asia over the past six months, in addition to a number of IT services organizations and a utility company. Organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and...
Jan 29, 2022•15 min•Season 5Ep. 217
Diplomatic channels remain open even as NATO and the US reject Russian demands over Ukraine. More warnings over Russian cyber operations in the hybrid conflict (Voodoo Bear is mentioned in dispatches). Social media as a source of tactical intelligence. The FBI tells industry to be alert for Iranian hacking. Ransomware continues to circulate. Josh Ray from Accenture digs into the Bassterlord Networking Manual. Carole Theriault examines a university data backup snafu. And a happy Data Privacy Day ...
Jan 28, 2022•28 min•Season 6Ep. 1504
Cyber risk continues over Ukraine as the US and NATO reject Russian demands. Emissary Panda’s industrial espionage against German industry. Fancy Bear is spotted in Western Asia. The C2C market’s initial access broker Prophet Spider is selling access to unpatched VMware Horizon instances. Social engineering adapts to its marks. Thomas Etheridge from CrowdStrike on the power of Identity/Zero Trust in stopping ransomware attacks. Our guest is Gary Guseinov of Real Defense to discuss M&A activity. ...
Jan 27, 2022•24 min•Season 6Ep. 1502
Tensions between Russia and Ukraine remain high as NATO offers Ukraine cyber, diplomatic, and other support. North Korea gets DDoSed. DazzleSpy hits Hong Kong dissidents drawn to a watering hole. TrickBot ups its game. A quick look at ransomware trends. Microsoft’s Kevin Magee unpacks a recent World Economic Forum report. Our own Rick Howard speaks with Chriss Knisley from MITRE ATT&CK Defender on certifications. And Dame Fortune teaches Michiganders to throw caution to the winds. For links to a...
Jan 26, 2022•28 min•Season 6Ep. 1502
