The Importance of Log Volume in SOC Analysis

CosmicEnergy is OT and ICS malware from Russia, maybe for red teaming, maybe for attack. Updates on Volt Typhoon, China’s battlespace preparation in Guam and elsewhere. In the criminal underworld, Legion malware has been upgraded for the cloud. Johannes Ullrich from SANS examines time gaps in logging. Our guest is Kevin Kirkwood from LogRhythm with a look at extortion attempts and ransomware. And Atlantic hurricane season officially opens next week: time to batten down those digital hatches. 

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/102

Selected reading.

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant)

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Advisory)

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) 

China hits back at 'the empire of hacking' over Five Eyes US cyber attack claims (ABC)

Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker (Cado)

Legion Malware Upgraded to Target SSH Servers and AWS Credentials (Hacker News)

CISA Warns of Hurricane/Typhoon-Related Scams (Cybersecurity and Infrastructure Security Agency CISA)

Learn more about your ad choices. Visit megaphone.fm/adchoices