CyberWire Daily

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships.We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House.Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 US GAO Snapshot: Cybersecurity: Launching and Implementing the National Cybersecurity Strategy Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from June 16th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Will Markow, VP of Applied Research from Lightcast, to discuss how to use data to make strategic workforce decisions.You can also view the video of the full interview here: Simone Petrella and Will Markow discuss workforce management. Learn more about your ad choices. Visit megaphone.fm/adchoices

Liji Samuel from NSA sits down to share her exciting career path through the years until she found a job working for as Chief of Standards and Certification at NSA's Cyber Collaboration Center. She starts by sharing that she had always wanted to work in the STEM field, explaining that growing up she was surrounded with older cousins who were choosing STEM careers and it became an interesting topic for her. She accounts working for a number of companies that helped her grow into the role she is in now. Cybersecurity became a big buzzword for her, causing her to step out of the agency into US cyber command to help take up a management position for the architecture and engineering division. From there, she continued her cybersecurity journey first as the exploration director before moving into where she is now. Liji shares that there were barriers along the way that she had to endure and hop over to get to the right path. She says "So there are challenges and barriers that come across constantly with our work. Um, one just has to pause and reflect on how we can work with it, around it, or influence like our stakeholders and jointly create a vision around it." We thank Liji for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Daniel dos Santos, Forescout's Head of Security Research is sharing insights from a recent exercise his team conducted on AI-assisted attacks for OT and unmanaged devices. Using ChatGPT, Forescout’s research team converted an existing OT exploit developed in Python to run on Windows to demonstrate how easy it is to create an AI-assisted attack that converts the original exploit into alternative programming languages.The research states "our goal was to convert an existing OT exploit developed in Python to run on Windows to the Go language using ChatGPT." This would then allow it to run faster on Windows and run easily on a variety of embedded devices.The research can be found here:AI-Assisted Attacks Are Coming to OT and Unmanaged Devices – the Time to Prepare Is Now Learn more about your ad choices. Visit megaphone.fm/adchoices

US Federal Government working to secure management interfaces. NoName057(16)’s DDoSia campaign grows, and targets Wagner, post-insurrection. Update: Unidentified hackers attack Russian satellite communications company, claiming to be Wagner. The role of OSINT in tracking Russia's war. Manoj Sharma of Symantec discusses trends he's hearing about generative AI. Becky Weiss from AWS talks with Rick Howard about the math behind their security. Cyber awareness over a holiday.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/125Selected reading.CISA Wants Exposed Government Devices Remediated In 14 Days (Dark Reading)50 US Agencies Using Unsecured Devices, Violating Policy (Bank Info Security)CISA working with agencies to pull exposed network tools from public internet (Record)Following NoName057(16) DDoSia Project’s Targets (Sekoia.io Blog)Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (BleepingComputer)Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group (CyberScoop)Hackers claim to take down Russian satellite communications provider (Record)Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism (Flashpoint) Preparing for cyber threats over the Fourth of July. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

8base ransomware is overlooked and spiking. GuLoader targets law firms. Akira ransomware for Linux systems targets VMs. Kaspersky tracks the Lazarus group: typos and mistakes indicating an active human operator. Charming Kitten goes spearphishing. Securing continuous integration/continuous delivery operations. No emojis for the SEC, please.Unconfirmed reports say the Wagner Group hacked a Russian satellite communications provider. Our guest is Hanan Hibshi from Carnegie Mellon's picoCTF team. Chris Novak from Verizon discusses their 2023 Data Breach Investigations Report (DBIR). And Anonymous Sudan wants you to know that they’re not just a bunch of deniable Russian crooks–where’s the love, man?For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/124Selected reading.8Base Ransomware: A Heavy Hitting Player (VMware Security Blog) GuLoader Campaign Targets Law Firms in the US (Morphisec) Akira Ransomware Extends Reach to Linux Platform (Cyble) Andariel’s Mistakes Uncover New Malware in Lazarus Group Campaign (Infosecurity Magazine)Charming Kitten Updates POWERSTAR with an InterPlanetary Twist (Volexity)CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA)NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments (National Security Agency/Central Security Service)Wall Street Regulators’ New Target: Emojis (Wall Street Journal) Russian satellite telecom Dozor allegedly hit by hackers (Cybernews)Hacking Group Says It Attacked Microsoft for Sudan. Experts Say Russia’s Behind It (Bloomberg) ‘Hactivists’ who targeted Microsoft claim they’re working for Sudan (Fortune) Learn more about your ad choices. Visit megaphone.fm/adchoices

JokerSpy afflicts Macs. ThirdEye (not so blind). Mockingjay process injection as proof-of-concept. Switzerland expects Russia to increase cyberespionage as agent networks are disrupted. The fracturing of Conti, and the rise of its successors. The Washington Post’s Tim Starks explains the security of undersea cables. Our guest is ​​Brian Johnson of Armorblox to discuss Social Security Administration impersonation scams. And the "UserSec Collective" says it's recruiting hacktivists for the Russian cause. For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/123Selected reading.JokerSpy macOS malware used to attack Japanese crypto exchange (AppleInsider) Prominent cryptocurrency exchange infected with previously unseen Mac malware (Ars Technica)New Fast-Developing ThirdEye Infostealer Pries Open System Information (Fortinet Blog)Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution (Security Joes)New Mockingjay Process Injection Technique Could Let Malware Evade Detection (The Hacker News)New Mockingjay process injection technique evades EDR detection (BleepingComputer)Ukraine war made Switzerland hub for Chinese, Russian spies: Swiss intelligence (South China Morning Post) Swiss intelligence warns of fallout in cyberspace as West clamps down on spies (Record) The rise and fall of the Conti ransomware group (Global Initiative) The Trickbot/Conti Crypters: Where Are They Now? (Security Intelligence)                                                                                                                       Ukraine at D+489: An influence contest, post-mutiny. (CyberWire)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Anatsa Trojan reveals new capabilities. Airlines report employee data stolen in a third-party breach. Canadian energy company SUNCOR reports a cyberattack. What of the Internet Research Agency? Microsoft warns of a rising threat to infrastructure. Joe Carrigan describes an ill-advised phishing simulation. Mr. Security Answer Person John Pescatore takes on zero days. And DDoS grows more sophisticated.For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/122Selected reading.Anatsa banking Trojan hits UK, US and DACH with new campaign (TreatFabric) Anatsa Android trojan now steals banking info from users in US, UK (BleepingComputer) Thousands of American Airlines and Southwest pilots impacted by third-party data breach (Bitdefender)American Airlines, Southwest Airlines disclose data breaches affecting pilots (BleepingComputer) American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider (SecurityWeek)Recruitment portal exposes data of US pilot candidates (Register) Suncor Energy says it experienced a cybersecurity incident (Reuters)Suncor Energy cyberattack impacts Petro-Canada gas stations (BleepingComputer) Canadian oil giant Suncor confirms cyberattack after countrywide outages (Record) Wagner and the troll factories (POLITICO)Cyber risks to critical infrastructure are on the rise (CEE Multi-Country News Center)The lowly DDoS attack is showing signs of being anything but (Washington Post) Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian ISPs blocked Google News as tension with the Wagner Group mounted Friday. Ukrainian hacktivist auxiliaries break into Russian radio broadcasts. New EU sanctions are directed against Russian IT firms. Transparent Tribe resurfaces against Indian military and academic targets. Unauthorized access is the leading cause of data breaches for the fifth year in a row. Trojanized Super Mario Brothers game spreads SupremeBot malware. Today, guests discuss the cybersecurity skills gap. Paul Rebasti of Lockheed Martin shares what they are doing to fill cybersecurity skills gap. Jenny Brinkley joins us from AWS Re:Inforce discusses opportunities from the cybersecurity skills gap. And law enforcement agencies seize BreachForums' web domain. For links to all of today's stories check out our CyberWire daily news briefing:https://thecyberwire.com/newsletters/daily-briefing/12/121Selected reading.Ukraine at D+487: After the march on Moscow. (CyberWire)Ukraine at D+486: The march on Moscow is over. (CyberWire)Ukraine at D+485: “We are dying for the Russian people.” (CyberWire)U.S. spies learned in mid-June Prigozhin was planning armed action in Russia (Washington Post) Google News Blocked in Russia as Feud With Mercenary Leader Intensifies (New York Times)Air War: Pro-Ukraine Hackers Increasingly Breaking Into Russian Broadcasts With Anti-Kremlin Messages (RadioFreeEurope/RadioLiberty)Fresh EU sanctions hit Russian IT firms (Computing)Pakistan based hackers target Indian Army, education sector in new cyber attack (Telangana Today)Pakistan-based hackers target Indian Army, education sector in new cyber attack (PGURUS)‘Transparent Tribe’ comes out of hiding (Pune Times Mirror) 2023 ForgeRock Identity Breach Report (ForgeRock)Trojanized Super Mario Game Installer Spreads SupremeBot Malware (Cyble)Trojanized Super Mario game used to install Windows malware (BleepingComputer)FBI seizes BreachForums after arresting its owner Pompompurin in March (BleepingComputer) Learn more about your ad choices. Visit megaphone.fm/adchoices

Slavik Markovich, CEO of Descope joins Dave to discuss his career as a serial entrepreneur. Before Descope, he co-founded and was the CEO of Demisto, a leader in the SOAR industry, which was acquired by Palo Alto Networks in 2019 for $560M, where he then served as SVP of Products. Before co-founding Demisto, Slavik was VP & CTO of database technologies at McAfee. He joined McAfee via the acquisition of Sentrigo, a database security startup he co-founded and served as CTO for. He goes into depth of his career changes throughout the years and how that has helped lead him to where he is now in his career. He shares that as a CEO and found of multiple companies he values time and hard workers. He says " I think we really stress the importance of, uh, of responsibility. So if, if you kinda take something, you, you make sure to finish it and on time, if you promise to do something, you do that. And so that's really important for us." We thank Slavik for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices